> You can see right after the "call fork" that the contents of eax
> (return register) are stored 4 bytes under the base pointer, i.e. on
> the stack. I don't have access to a Minix box right here, but I
> would be highly surprised if ACK does this optimization when GCC does
> not. So, it could be done, but you'd need compiler support for it.

Enable optimization (O2) and you'll find that GCC (3.4.3 on Minix)
output is nearly identical to what I made up:

_run_script:
pushl %ebp
movl %esp, %ebp
subl $8, %esp
call _fork
testl %eax, %eax
movl $-1, %edx
jl L1
je L5
xorl %edx, %edx
L1:
movl %edx, %eax
leave
ret
L5:
pushl %eax
pushl $0
pushl $LC0
pushl $LC1
call _execl
movl $1, (%esp)
call _exit

The guest only performs memory accesses to call execl and exit
(although, as Phillip correctly stated, the implementation of fork
itself is a problem).

ACK (also with O2) does indeed do much worse:

_run_script:
push ebp
mov ebp,esp
sub esp,4
call _fork
mov -4(ebp),eax
test eax,eax
jns I1_1
mov eax,-1
jmp I1_2
I1_1:
cmp -4(ebp),0
jne I1_3
push 0
push __II0
push __II1
call _execl
push 1
call _exit
add esp,16
I1_3:
xor eax,eax
I1_2:
leave
ret

> I still say we go for the paging, if we're going to do anything

Yes, I can't wait

--
With kind regards,
Erik van der Kouwe