Tid Bits of stack

What is stack? And what it is used for?

Stack is really a way to handle modularity of software. In the long past stack was designed and crafted by hands when most softwares were built using Assembly language. First the idea is to breakdown large code to manageable functions, and being called by yet other functions. So there had to be a way to pass arguments at call time, and revert back to the state where it was among other things. The result is stack machine, in the sense that the underlying architecture have enough support to create standard template code for stack paradigm.

After that stack became a software pattern that is one of the Abstract Data Type. Queue, list, doubly ended queue are some of the others.

 Now a days, whenever one function calls another function there is stack management work going on.

At the start of a function ( in most systems) the following is a standard prologue -

push %rbp

move %rsp %rbp

rbp is the frame pointer, and rsp is the stack pointer. So system pushes frame pointer on the stack. Now the stack pointer is free to be messed up by the callee. And at the end it can be retrieved from %rbp ( frame pointer).

How ???  When we define local variables to be used by a function, system reserve space to hold those local variables value. Followng code just do that ---

sub 0x48 %rsp; 

You can see that %rsp now changed and pointing to lower addressed memory. Stack grows downward.

In this case the local variables taking 0x48 bytes to hold the local variables current values.

Now after the computation within this function, it has to put back the frame pointer, as well clean up the current stack built, using following ---

mov %rbp %rsp ;  // rsp was untouched ( never used for anything ), so it gets back the stack pointer.

pop %rbp

%rbp being the frame pointer, and never suppose to be used as a target of any operation except the prologue and the epilog ( previous two lines is called epilog), where ever a local variable is used in the computation, it uses %rbp like a reference point. Like

mov -0x8(%rbp) %rbx.

add  $0x1 %rbx

More ...

Posted on Monday, May 22, 2017 at 09:32PM by Registered CommenterProkash Sinha | CommentsPost a Comment

Stack walk and why I'm here ?

Lot of OS provides ready APIs for stack walk programmatically, that can give us a trace like stack snap-shot when something go wrong and your application crashes. Most popular OS provides debugger and trouble shooting features that can help determine where and why something went wrong.

But it is not a piece of cake when you think you have to craft something right into kernel, and watch how things are happening. This is deep probe in my belief. So here are some background work that needs to be considered first --

-- why do we need to do. In other words, why am I here ?

-- What are the known and unknows? It could be a wide range of knowledge in general computer science.

-- How can I get some control of the kernel ?

-- How best I can craft a stack walk ?

-- What to look after I know that stack walk is working somewhat to my satisfaction ?

I've been able to finish this project/investigation and can see the result first hand.


Posted on Friday, December 30, 2016 at 06:43PM by Registered CommenterProkash Sinha | CommentsPost a Comment | References1 Reference

Looking forward to 2017 and beyond!

Time flies, and we are just about to enter another year. Time and again I bumped into this thing we call stack back trace. For last 10 or so years I always thought that it would be nice to get good grasp of this lethal weapon, compareable to a sharp knife and sharper brain of a surgeon. If one can understand this then lot of todays technology and their underlying thoughts and implementation becomes clear.

One can use it for lots of different things. Debugger uses it all the time, so it is not a new ground breaking technology. But its use is unbelievably wide in range. In this continuing series of notesf, I will try to emphasize one such implementation, that perhaps some of us could call "Beautiful code", and some of its use. It will cover an wide range of topics like: assembler, symbol constructions, application binary interfaces and standards, register sets and its purpose with respect to activation records.Finally its incarnation into the kernel.


More coming ...

Posted on Wednesday, December 7, 2016 at 07:25PM by Registered CommenterProkash Sinha | CommentsPost a Comment | References1 Reference

2016 year end reflection - Beautiful code

We are nearing the end of 2016, and holiday season is around us. I've appreciated code that by looking at it, I can tell it is well written. Then are some of them in the category of Beautiful code !

When I read a small article or a short stories about anything, if it can hold me engaged and I understand the flow and theme without much effort, I call it beautifully written. I've always thought about my writing that I could call beautiful code even merginally!

I recently wrote something to tackle some xnu virtual file system code that can alter program behavior depending how nice or rogue that program. So there was a deep dive into the xnu kernel code. The idea is to take early control of program execution, and see if it make sense to let a foreign program to play on your backyard.

As it turned out that depending on core kernel changes, there could be few things that needs to be checked even if I can not decide if it is going to harm or not.

So the idea, that it will make sure it keep a tab on those undecidable situations and learn of them on the fly. It will learn some traits that will drive the decision to take control.

I call this beautiful code, since it is a passive observer of the traits of foreign programs without even knowing by anyone its presence. Since it is in the kernel, it must be fault proof.

Posted on Saturday, November 5, 2016 at 09:09AM by Registered CommenterProkash Sinha | CommentsPost a Comment | References1 Reference

Linux - quick

lsb_release -a     // ubutu version 

From anywhere in the desktop - Cntl + Alt +T to get a terminal.

lspci    //pci devices


lshw -short






# display information about the processor/cpu
$ sudo dmidecode -t processor

# memory/ram information
$ sudo dmidecode -t memory

# bios details
$ sudo dmidecode -t bios



sudo fdisk -l



free -m

# cpu information
$ cat /proc/cpuinfo

# memory information
$ cat /proc/meminfo
cat /proc/version
$ cat /proc/partitions 
major minor  #blocks  name

   8        0  488386584 sda
   8        1   73400953 sda1
   8        2          1 sda2
   8        5  102406311 sda5
   8        6  102406311 sda6
   8        7    1998848 sda7
   8        8  208171008 sda8
  11        0    1048575 sr0
$ sudo hdparm -i /dev/sda
ps commands --
ps aux
ps -ef

Use the "u" option or "-f" option to display detailed information about the processes

ps aux
ps -ef -f

To filter the processes by the owning user use the "-u" option followed by the username.
 Multiple usernames can be provided separated by a comma.
$ ps -f -u www-data
To search the processes by their name or command use the "-C" option followed by the search term.
ps -C apache2
To display processes by process id, use the "-p" option and provides the process ids separated by comma.
$ ps -f  -p 3150,7298,6544

Sort process by cpu or memory usage

$ ps aux --sort=-pcpu,+pmem
Display the top 5 processes consuming most of the cpu.
$ ps aux --sort=-pcpu | head -5

Display process hierarchy in a tree style

$ ps -f --forest -C apache2

Display child processes of a parent process

$ ps -o pid,uname,comm -C apache2

Display threads of a process

$ ps -p 3150 -L
Change the columns to display
ps -e -o pid,uname,pcpu,pmem,comm
$ ps -e -o pid,uname=USERNAME,pcpu=CPU_USAGE,pmem,comm

Display elapsed time of processes

$ ps -e -o pid,comm,etime

Turn ps into an realtime process viewer

watch -n 1 'ps -e -o pid,uname,cmd,pmem,pcpu --sort=-pmem,-pcpu | head -15'
Posted on Friday, April 1, 2016 at 10:40AM by Registered CommenterProkash Sinha | Comments Off
Page | 1 | 2 | 3 | 4 | 5 | Next 5 Entries