我喜欢例子,所以我用c写了一些自修改代码...
#include <stdio.h>
#include <sys/mman.h> // linux
int main(void) {
unsigned char *c = mmap(NULL, 7, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|
MAP_ANONYMOUS, -1, 0); // get executable memory
c[0] = 0b11000111; // mov (x86_64), immediate mode, full-sized (32 bits)
c[1] = 0b11000000; // to register rax (000) which holds the return value
// according to linux x86_64 calling convention
c[6] = 0b11000011; // return
for (c[2] = 0; c[2] < 30; c[2]++) { // incr immediate data after every run
// rest of immediate data (c[3:6]) are already set to 0 by MAP_ANONYMOUS
printf("%d ", ((int (*)(void)) c)()); // cast c to func ptr, call ptr
}
putchar('\n');
return 0;
}
...显然有效:
>>> gcc -Wall -Wextra -std=c11 -D_GNU_SOURCE -o test test.c; ./test
0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29
但老实说,我根本没有期望它会起作用。我希望包含 c[2] = 0 的指令在第一次调用 c 时被缓存,之后所有对 c 的连续调用都会忽略对 c 所做的重复更改(除非我以某种方式明确地使缓存无效)。幸运的是,我的 CPU 似乎比这更聪明。
我猜想每当指令指针进行较大的跳转(就像上面对映射内存的调用一样)时,cpu 会将 RAM(假设 c 甚至驻留在 RAM 中)与指令缓存进行比较,并在不匹配时使缓存无效(全部?),但我希望获得更准确的信息。特别是,我想知道这种行为是否可以被认为是可预测的(除了硬件和操作系统的任何差异),并且可以依赖?
(我可能应该引用英特尔手册,但那东西有数千页那么长,我往往会迷失在其中......)
最佳答案
您所做的通常称为自修改代码。 Intel 的平台(可能还有 AMD 的)会为您完成维护i/d 缓存一致性的工作,正如手册中指出的那样 (Manual 3A, System Programming)
11.6 SELF-MODIFYING CODE
A write to a memory location in a code segment that is currently cached in the processor causes the associated cache line (or lines) to be invalidated.
但是只要相同的线性地址用于修改和获取,这个断言就有效,调试器和二进制加载器不是这种情况,因为它们不t 在相同的地址空间中运行:
Applications that include self-modifying code use the same linear address for modifying and fetching the instruction. Systems software, such as a debugger, that might possibly modify an instruction using a different linear address than that used to fetch the instruction, will execute a serializing operation, such as a CPUID instruction, before the modified instruction is executed, which will automatically resynchronize the instruction cache and prefetch queue.
例如,许多其他体系结构(例如 PowerPC)总是请求序列化操作,必须明确地完成(E500 Core Manual):
3.3.1.2.1 Self-Modifying Code
When a processor modifies any memory location that can contain an instruction, software must ensure that the instruction cache is made consistent with data memory and that the modifications are made visible to the instruction fetching mechanism. This must be done even if the cache is disabled or if the page is marked caching-inhibited.
值得注意的是,即使缓存被禁用,PowerPC 也需要发出上下文同步指令;我怀疑它会强制刷新更深层次的数据处理单元,例如加载/存储缓冲区。
您提出的代码在没有监听 或高级缓存一致性 设施的架构上是不可靠的,因此很可能会失败。
希望这对您有所帮助。
关于c - x86指令缓存是如何同步的?,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/10989403/