Pushing to stack when SP is 0

[JuEeHa]

What happens if you do it in real mode? Is interrupt generated? I couldn't find any info with google.

[bluemoon]

In true real mode, it's pushed on FFFE. You could do an experiment on it.
It may be different on unreal or v86 mode.

[Solar]

You could do an experiment on it.

A shudder runs down my spine. Verily, evil words should not be spoken in jest...

Ash nazg durbatulûk, ash nazg gimbatul, ash nazg thrakatulûk agh burzum-ishi krimpatul...

[xenos]

Ash nazg durbatulûk, ash nazg gimbatul, ash nazg thrakatulûk agh burzum-ishi krimpatul...

In the context of a wrapping stack pointer, this probably translates as "One ring buffer to rule them all..."

[Solar]

I was more thinking along the lines of "let's try this, see what it does, and then extrapolate from there. Gee, it makes me invisible, that's a good thing to have".

(I.e., speechless and somewhat perversely curious smiling at the concept of figuring out stuff like this by trial & error. If you had seen the things I have seen under comment lines like "I tried this and it seems to work"...)

[gerryg400]

It does wrap around from $0 to $fffe on a 16 bit push, but the same does not apply for $1. If %sp is $1 then a push will cause a shutdown.

[Rudster816]

It does wrap around from $0 to $fffe on a 16 bit push, but the same does not apply for $1. If %sp is $1 then a push will cause a shutdown.

No, it just wraps to 0xFFFF. There is zero alignment checking in real mode.

Code: Select all

mov esp, 1
push 0xDEAD

Executing that snippet in Qemu moves the word 0xDEAD to 0xFFFF, and sets SP to 0xFFFF. Memory looks like this:
0x0FFFF: 0xAD
0x10000: 0xDE

[gerryg400]

Qemu is an emulator. Real machines shut down. Or at least they are supposed to.

[iansjack]

According to the Intel manual:

If the ESP or SP register is 1 when the PUSH instruction is executed in real-address mode, a stack-fault exception (#SS) is generated (because the limit of the stack segment is violated). Its delivery encounters a second stack-fault exception (for the same reason), causing generation of a double-fault exception (#DF). Delivery of the double-fault exception encounters a third stack-fault exception, and the logical processor enters shutdown mode. See the discussion of the double-fault exception in Chapter 6 of the Intel® 64 and IA-32 Architectures Software Developer’s Manual, Volume 3A.

[rdos]

The fault in protected mode is probably also related to limit violations, and not to "wrap around". IOW, if you have a flat stack selector, and wrap it around, there will be no faults.

[rdos]

Executing that snippet in Qemu moves the word 0xDEAD to 0xFFFF, and sets SP to 0xFFFF. Memory looks like this:
0x0FFFF: 0xAD
0x10000: 0xDE

Send a bug-report to them. This is clearly wrong. One might wonder if they do proper limit-checking in other cases as well.

[gerryg400]

The fault in protected mode is probably also related to limit violations, and not to "wrap around". IOW, if you have a flat stack selector, and wrap it around, there will be no faults.

That's true. However my recollection is that if for example you set ESP to $2 and push 32 bits then ESP will end up being $fffffffe but half of the pushed value will be lost. I should warn that my recollections are not always 100%.