Shulou(Shulou.com)06/03 Report--

This article mainly introduces "how to create a new process using split fork and metamorphosis exec". In daily operation, I believe many people have doubts about how to use split fork and metamorphosis exec to create a new process. Xiaobian consulted all kinds of materials and sorted out simple and useful methods of operation. I hope it will be helpful to answer the questions of "how to create a new process using split fork and metamorphosis exec". Next, please follow the editor to study!

1. Split technique fork

To be exact, it should be the shadow split, the difference between the ordinary split and the shadow split in the fire shadow, you know, those who are interested can go to see the fire shadow, we will not explain it, otherwise it will become the official account of the fire shadow.

However, we still have to come to the encyclopedia, the official explanation is: the use of chakra to create a physical avatar, with a sense of independence from the Noumenon and a certain anti-attack ability, can be applied to all kinds of ninjitsu, after the normal release of the memory and experience will return to the Noumenon.

Our new process, on the other hand, uses a certain physical space to create its own PCB, page table and other structures. It is a process independent of the parent process, which can be scheduled to CPU, run various new programs, exit and then be reclaimed by the parent process. This process fits perfectly with the art of image separation, and it is doubtful whether Kishimoto has another part-time computer.

1. Secret Book of fork disabled Volume

Next, let's take a specific look at the secret book of Shadow fork, but, uh, everyone should be very familiar with fork, so we will no longer make too many groundwork introductions. To put it simply, it is to clone an almost identical child process according to the parent process. Instead of citing fork's classic but old example of if-else judging pid here, let's talk about something different.

First of all, let's take a look at the secret book of the simplified version of the shadow split (which is inefficient for computers).

The above fork is only an incomplete volume, mainly to illustrate an implementation process of fork. Although this approach is classified as level B in ninja, in the computer world, it is very inefficient to copy all the resources of the parent process. Later, we will talk about another efficient way: copy while writing. Now let's take a look at the following general questions:

two。 FAQ is called once and returned twice

These are the original words in CSAPP. I think it is ambiguous to say such a concluding sentence alone, and it may be very confusing for friends who come into contact with fork for the first time. A function can only return once, but it is impossible to return twice. Even though we may use multiple return statements when writing programs, we are sure to return from only one return in the end. What about the fork function?

After fork, a process becomes two processes, two processes, two fork and two returns, instead of saying that a fork function returns twice.

The number returned by the parent-child process is different?

The fork function has three return values:

The pid of the child process is returned in the parent process

0 is returned in the child process

Return-1 if there is an error

The child process is cloned, why the return value is not the same? As mentioned above, cloning almost exactly the same child process from the parent process shows that it is not exactly the same.

What about the return value? In Linux, the system call is implemented with an interrupt gate, so the call to fork will trigger the interrupt, and the interrupt will save the context, including the value of the eax register.

According to the calling convention, the return value is stored in the eax register, so as you can see from the residual volume above, fork will change the eax in the child process interrupt context to 0. In this way, fork in the parent process and fork in the child process will return different values.

When-1 is returned, in most cases the number of processes reaches the limit or there is not enough memory, in which case there is no new process created at all, let alone two returns and different values.

After fork, the code behind fork runs.

This may seem like nonsense, but why? I read this answer from a blog on CSDN, which probably means that the fork function simply copies the code to be executed later into the new process, and the blog has received a lot of likes. But I think this statement is not true, at least in some of the system fork source code I see is not so implemented.

So why is it that after fork, the parent process is followed by the code behind fork? In fact, it is very simple, that is, the interrupt context is saved in recovery. As mentioned earlier, fork system calls are implemented through interrupts. When interrupted, the parent process saves the value of the current execution flow, that is, cs:eip, and then the fork function copies a copy to the child process, so the parent process child process will continue to execute the code after the fork when the interrupt returns.

Therefore, before fork, a process is executing, and after fork, two processes are executing the same code (if exec is not called).

Finally, let's take a look at the inefficient version of the fork dynamic diagram, which actually copies the resources of the parent process.

(sorry I can't put the moving picture, but go to my official account to check)

Second, metamorphosis exec1. Exec function

Our previous split fork function can only clone a child process that is almost the same as the parent process, they execute the same program, but often what we need is a brand new process that can run other programs. This requires transformation, using the exec function. There are a total of 6 exec functions, of which execve is the kernel system call, and the other five execl, execv, execle, execlp, and execvp are implemented on execve.

The prototype of the execve function is as follows:

Const char* filename, the full path to the executable file

Char* const argv [], the address of the string pointer array that ends with NULL, each string representing a command line argument

Char* const envp [], a string ending with NULL points to the address of an array, each string representing an environment variable in the form of NAME=value, usually passing the parameter NULL directly.

2. ELF file

The file we want to load is called the executable object file. The format of the executable object file in Linux is ELF, while in Windows is PE. Note that it is not exe,exe but a suffix.

Introduction to ELF format

ELF refers to Executable and Linkable Format, an executable linkable format. You can also see from the naming that it has two views: execute and link.

The above picture should be familiar to all of you, the latter two kinds of object files, relocatable object files and executable object files correspond to the linked view and execution view of the ELF format file respectively.

ELF file format

If you take a closer look at the ELF file, there are still a lot of contents. Let's pick up the key points here. Exec can say:

Let's take a look at the structure of the two views as a whole:

The linked view is in sections and the execution view is in segments. The meaning of the segment here is different from what we call the segment of memory, and it should be distinguished.

There are many sections and sections in the actual ELF file. Here are only some of the important ones that need to be understood. Here is a brief explanation:

.text: code section

.rodata: read-only data, such as format strings in printf, jump tables in switch-case

.data: initialized global variable

.bss: uninitialized global variables, local static variables

.symtab: symbol table, symbol table, global variable names and function names in the program all belong to symbols, and the symbol information is saved to the symbol table.

.rel.text, .rel.data: information related to relocatability

.debug, the symbol table used for debugging

.init, which contains executable instructions, part of the process initialization code that is executed before the main function is executed

ELF Header

Most of the meaning expressed by each element has been explained, according to the naming should still be good to remember the meaning represented by each element, the following key points:

The first 4 bits of e_ident are fixed magic numbers, e_ident [0] = 0x7f recorder estrangident [1] = 'eBay, e_ident [2] =' Lemma, e_ident [3] = 'Fables, indicating that this is an ELF file.

E_ident [5] is used to specify large-end or small-end byte order, 1 table small end, 2 table large end, 0 table illegal coding format

Target file type ELF, such as relocatable, executable, dynamic sharing object file

E_entry, the entry address of the executable file, where exec starts to run after loading the program

Program Header

Ditto, briefly explain a few points:

There are many types of program segments, we only need to understand loadable segments, as the name implies, need to be loaded into memory segments, such as code segments, data segments.

Here involves a variety of segments, program segment types, data segments, code segments and other segments, as well as memory segments, do not be confused.

Generally speaking, p_filesz

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.