Page 1 of 1
Pushing to stack when SP is 0
Posted: Fri Apr 27, 2012 5:21 am
by JuEeHa
What happens if you do it in real mode? Is interrupt generated? I couldn't find any info with google.
Re: Pushing to stack when SP is 0
Posted: Fri Apr 27, 2012 5:25 am
by bluemoon
In true real mode, it's pushed on FFFE. You could do an experiment on it.
It may be different on unreal or v86 mode.
Re: Pushing to stack when SP is 0
Posted: Fri Apr 27, 2012 5:45 am
by Solar
bluemoon wrote:You could do an experiment on it.
A shudder runs down my spine. Verily, evil words should not be spoken in jest...
Ash nazg durbatulûk, ash nazg gimbatul, ash nazg thrakatulûk agh burzum-ishi krimpatul...
Re: Pushing to stack when SP is 0
Posted: Fri Apr 27, 2012 6:30 am
by xenos
Solar wrote:Ash nazg durbatulûk, ash nazg gimbatul, ash nazg thrakatulûk agh burzum-ishi krimpatul...
In the context of a wrapping stack pointer, this probably translates as "One ring buffer to rule them all..."
Re: Pushing to stack when SP is 0
Posted: Fri Apr 27, 2012 6:43 am
by Solar
I was more thinking along the lines of "let's try this, see what it does, and then extrapolate from there. Gee, it makes me invisible, that's a good thing to have".
(I.e., speechless and somewhat perversely curious smiling at the concept of figuring out stuff like this by trial & error. If you had seen the things I have seen under comment lines like "I tried this and it seems to work"...)
Re: Pushing to stack when SP is 0
Posted: Fri Apr 27, 2012 7:29 am
by gerryg400
It does wrap around from $0 to $fffe on a 16 bit push, but the same does not apply for $1. If %sp is $1 then a push will cause a shutdown.
Re: Pushing to stack when SP is 0
Posted: Fri Apr 27, 2012 8:00 am
by Rudster816
gerryg400 wrote:It does wrap around from $0 to $fffe on a 16 bit push, but the same does not apply for $1. If %sp is $1 then a push will cause a shutdown.
No, it just wraps to 0xFFFF. There is zero alignment checking in real mode.
Executing that snippet in Qemu moves the word 0xDEAD to 0xFFFF, and sets SP to 0xFFFF. Memory looks like this:
0x0FFFF: 0xAD
0x10000: 0xDE
Re: Pushing to stack when SP is 0
Posted: Fri Apr 27, 2012 8:36 am
by gerryg400
Qemu is an emulator. Real machines shut down. Or at least they are supposed to.
Re: Pushing to stack when SP is 0
Posted: Fri Apr 27, 2012 9:20 am
by iansjack
According to the Intel manual:
If the ESP or SP register is 1 when the PUSH instruction is executed in real-address mode, a stack-fault exception (#SS) is generated (because the limit of the stack segment is violated). Its delivery encounters a second stack-fault exception (for the same reason), causing generation of a double-fault exception (#DF). Delivery of the double-fault exception encounters a third stack-fault exception, and the logical processor enters shutdown mode. See the discussion of the double-fault exception in Chapter 6 of the Intel® 64 and IA-32 Architectures Software Developer’s Manual, Volume 3A.
Re: Pushing to stack when SP is 0
Posted: Sat Apr 28, 2012 1:33 am
by rdos
The fault in protected mode is probably also related to limit violations, and not to "wrap around". IOW, if you have a flat stack selector, and wrap it around, there will be no faults.
Re: Pushing to stack when SP is 0
Posted: Sat Apr 28, 2012 1:37 am
by rdos
Rudster816 wrote:Executing that snippet in Qemu moves the word 0xDEAD to 0xFFFF, and sets SP to 0xFFFF. Memory looks like this:
0x0FFFF: 0xAD
0x10000: 0xDE
Send a bug-report to them. This is clearly wrong. One might wonder if they do proper limit-checking in other cases as well.
Re: Pushing to stack when SP is 0
Posted: Sat Apr 28, 2012 2:12 am
by gerryg400
rdos wrote:The fault in protected mode is probably also related to limit violations, and not to "wrap around". IOW, if you have a flat stack selector, and wrap it around, there will be no faults.
That's true. However my recollection is that if for example you set ESP to $2 and push 32 bits then ESP will end up being $fffffffe but half of the pushed value will be lost. I should warn that my recollections are not always 100%.