CAC 2015-08-20

tss

Trying to gdb through tss entry.

(gdb) list writeOperands
46    // CANFAULT 
47    static void writeOperands (void)
48    {
49        DCDstruct * i = & currentInstruction;
50    
51        sim_debug (DBG_ADDRMOD, & cpu_dev,
52                   "writeOperands(%s):mne=%s flags=%x\n",
53                   disAssemble (cu . IWB), i -> info -> mne, i -> info -> flags);
54    
55        if (characterOperandFlag)
(gdb) list 4258
4253                }
4254                return CONT_TRA;
4255    
4256            case 0715:  ///< tss
4257    sim_printf ("tss!\n");
4258    //cpu_dev . dctrl |= DBG_TRACE;
4259    //cpu_dev . dctrl |= DBG_FAULT;
4260                if (TPR.CA >= ((word18) BAR.BOUND) << 9)
4261                {
4262                    doFault (FAULT_ACV, ACV15, "TSS boundary violation");
(gdb) b 4257
Breakpoint 1 at 0x42aeb8: file dps8_ins.c, line 4257.
(gdb) c
Continuing.
Breakpoint 1, DoBasicInstruction () at dps8_ins.c:4257
4257    sim_printf ("tss!\n");
(gdb) n
4260                if (TPR.CA >= ((word18) BAR.BOUND) << 9)
(gdb) p/o BAR
$1 = {BASE = 0, BOUND = 0400}
(gdb) p/o TPR.CA
$2 = 032
(gdb) n
4267                PPR.IC = TPR.CA /* + (BAR.BASE << 9) */; // getBARaddress does the adding
(gdb) n
4268                PPR.PSR = TPR.TSR;
(gdb) n
4273                  set_addr_mode (BAR_mode);
(gdb) p/o PPR.PSR
$3 = 0334
(gdb) n
5848    }
(gdb) n
executeInstruction () at dps8_ins.c:1249
1249        if (switches . append_after)
(gdb) n
1251            if (info->ndes == 0 && a && (info->flags & TRANSFER_INS))
(gdb) n
1253                if (get_addr_mode () == BAR_mode)
(gdb) n
1256                  set_addr_mode(APPEND_mode);
(gdb) n
1264        if (WRITEOP (ci))
(gdb) p get_addr_mode ()
$4 = APPEND_BAR_mode

753        Read(addr, & cu . IWB, INSTRUCTION_FETCH, 0);
(gdb) n
Read (address=26, result=0x1930b28 <cu+48>, cyctyp=INSTRUCTION_FETCH, 
    b29=false) at dps8_iefp.c:21
21    {
(gdb) n
23        iefpFinalAddress = address;
(gdb) n
26        if (b29 || get_went_appending ())
(gdb) n
33        switch (get_addr_mode())
(gdb) n
68                word18 barAddress = getBARaddress (address);
(gdb) p/o address
$5 = 032
(gdb) n
69                iefpFinalAddress = doAppendCycle(barAddress, cyctyp);
(gdb) p/o barAddress
$6 = 032
(gdb) p/o TPR.TSR
$7 = 0334

70                core_read(iefpFinalAddress, result, __func__);
(gdb) p /o iefpFinalAddress
$9 = 057764032
(gdb) n
76    }
(gdb) p/o result
$10 = <optimized out>
(gdb) p/o M[iefpFinalAddress]
$11 = 022001000
(gdb) p/o M[iefpFinalAddress+1]
$12 = 030505442147
(gdb) p/o M[iefpFinalAddress+2]
$13 = 0

4939                doFault(FAULT_MME, 0, "Master Mode Entry (mme)");

I have the emulator set up to trace APPEND_BAR mode code..

DBG(334783204)> CPU DBG: 00334:000000|000032 4 000022001000 (MME 000022) 000022 001(0) 0 0 0 00^M

DBG(334783209)> CPU DBG: 00034:000000|000300 bound_interceptors:fim+0300^M
    000300                         347  signal_entry:^M
    000300  0a   001246 2542 20    348            spri      sig_prs,*                     save prs^M
DBG(334783209)> CPU DBG: 00034:000000|000300 0 001246254220 (SPRI 001246,N*) 001246 254(0) 0 1 1 00^M

That's wrong; the FIM shouldn't be running in APPEND_BAR mode, something amiss in temporary absolute mode?

So the missing instructions should have been SCU, TRA, with the TRA setting went_appending. The BAR mode bit is not getting cleared.

AL39: [NBAR] is set ON (taking the processor out of BAR node) by the execution of any transfer instruction other than tss during a fault or interrupt trap.

DBG(319368638)> CPU DBG: 00334:000000|000032 4 000022001000 (MME 000022) 000022 001(0) 0 0 0 00
DBG(319818819)> CPU DBG: 00334:000000|002431 4 400000275007 (ORA 400000,DL) 400000 275(0) 0 0 0 07
DBG(319818821)> CPU DBG: 00334:000000|002432 4 000027755000 (STA 000027) 000027 755(0) 0 0 0 00
DBG(319818823)> CPU DBG: 00334:000000|002433 4 003054236007 (LDQ 003054,DL) 003054 236(0) 0 0 0 07
DBG(319818825)> CPU DBG: 00334:000000|002434 4 000000636000 (EAQ 000000) 000000 636(0) 0 0 0 00
DBG(319818827)> CPU DBG: 00334:000000|002435 4 000014001000 (MME 000014) 000014 001(0) 0 0 0 00
DBG(319825672)> CPU DBG: 00334:000000|002437 4 002445600000 (TZE 002445) 002445 600(0) 0 0 0 00
DBG(319825674)> CPU DBG: 00334:000000|002445 4 000022001000 (MME 000022) 000022 001(0) 0 0 0 00
DBG(319856831)> CPU DBG: 00334:000000|002452 4 000022001000 (MME 000022) 000022 001(0) 0 0 0 00
DBG(320159046)> CPU DBG: 00334:000000|002457 4 003054236007 (LDQ 003054,DL) 003054 236(0) 0 0 0 07
DBG(320159048)> CPU DBG: 00334:000000|002460 4 000022001000 (MME 000022) 000022 001(0) 0 0 0 00
DBG(320186823)> CPU DBG: 00334:000000|002465 4 000022001000 (MME 000022) 000022 001(0) 0 0 0 00
DBG(320394834)> CPU DBG: 00334:000000|002472 4 021760701000 (TSX1 021760) 021760 701(0) 0 0 0 00
DBG(320394836)> CPU DBG: 00334:000000|021760 4 021762741000 (STX1 021762) 021762 741(0) 0 0 0 00
DBG(320394838)> CPU DBG: 00334:000000|021761 4 027700710000 (TRA 027700) 027700 710(0) 0 0 0 00
DBG(320394840)> CPU DBG: 00334:000000|027700 4 024744701000 (TSX1 024744) 024744 701(0) 0 0 0 00
DBG(320394842)> CPU DBG: 00334:000000|024744 4 011654234000 (SZN 011654) 011654 234(0) 0 0 0 00
DBG(320394844)> CPU DBG: 00334:000000|024745 4 024750600000 (TZE 024750) 024750 600(0) 0 0 0 00
DBG(320394846)> CPU DBG: 00334:000000|024750 4 025105741000 (STX1 025105) 025105 741(0) 0 0 0 00
DBG(320394848)> CPU DBG: 00334:000000|024751 4 014747701000 (TSX1 014747) 014747 701(0) 0 0 0 00
DBG(320394850)> CPU DBG: 00334:000000|014747 4 014756710000 (TRA 014756) 014756 710(0) 0 0 0 00
DBG(320394852)> CPU DBG: 00334:000000|014756 4 015727754000 (STI 015727) 015727 754(0) 0 0 0 00
DBG(320394854)> CPU DBG: 00334:000000|014757 4 015727741000 (STX1 015727) 015727 741(0) 0 0 0 00
DBG(320394856)> CPU DBG: 00334:000000|014760 4 014750742000 (STX2 014750) 014750 742(0) 0 0 0 00
DBG(320394858)> CPU DBG: 00334:000000|014761 4 014751743000 (STX3 014751) 014751 743(0) 0 0 0 00
DBG(320394860)> CPU DBG: 00334:000000|014762 4 014752744000 (STX4 014752) 014752 744(0) 0 0 0 00
DBG(320394862)> CPU DBG: 00334:000000|014763 4 014753745000 (STX5 014753) 014753 745(0) 0 0 0 00
DBG(320394864)> CPU DBG: 00334:000000|014764 4 014754747000 (STX7 014754) 014754 747(0) 0 0 0 00
DBG(320394866)> CPU DBG: 00334:000000|014765 4 014746234000 (SZN 014746) 014746 234(0) 0 0 0 00
DBG(320394868)> CPU DBG: 00334:000000|014766 4 014772601000 (TNZ 014772) 014772 601(0) 0 0 0 00
DBG(320394870)> CPU DBG: 00334:000000|014767 4 014746054000 (AOS 014746) 014746 054(0) 0 0 0 00
DBG(320394872)> CPU DBG: 00334:000000|014770 4 000000227003 (LDX7 000000,DU) 000000 227(0) 0 0 0 03
DBG(320394874)> CPU DBG: 00334:000000|014771 4 014174705000 (TSX5 014174) 014174 705(0) 0 0 0 00
DBG(320394876)> CPU DBG: 00334:000000|014174 4 000000710015 (TRA 000000,5) 000000 710(0) 0 0 0 15
DBG(320394878)> CPU DBG: 00334:000000|014772 4 015725235000 (LDA 015725) 015725 235(0) 0 0 0 00
DBG(320394880)> CPU DBG: 00334:000000|014773 4 777777375007 (ANA 777777,DL) 777777 375(0) 0 0 0 07
DBG(320394882)> CPU DBG: 00334:000000|014774 4 015005601000 (TNZ 015005) 015005 601(0) 0 0 0 00
DBG(320394884)> CPU DBG: 00334:000000|014775 4 000045001000 (MME 000045) 000045 001(0) 0 0 0 00
DBG(320406785)> CPU DBG: 00334:000000|015001 4 015003601000 (TNZ 015003) 015003 601(0) 0 0 0 00
DBG(320406787)> CPU DBG: 00334:000000|015002 4 000067235003 (LDA 000067,DU) 000067 235(0) 0 0 0 03
DBG(320406789)> CPU DBG: 00334:000000|015003 4 000022771000 (ARL 000022) 000022 771(0) 0 0 0 00
DBG(320406791)> CPU DBG: 00334:000000|015004 4 015725755000 (STA 015725) 015725 755(0) 0 0 0 00
DBG(320406793)> CPU DBG: 00334:000000|015005 4 000017235000 (LDA 000017) 000017 235(0) 0 0 0 00
DBG(320406795)> CPU DBG: 00334:000000|015006 4 015210751070 (STCA 015210,*0) 015210 751(0) 0 0 3 10
DBG(320406797)> CPU DBG: 00334:000000|015007 4 015211751007 (STCA 015211,DL) 015211 751(0) 0 0 0 07
DBG(320406799)> CPU DBG: 00334:000000|015010 4 015077741000 (STX1 015077) 015077 741(0) 0 0 0 00
DBG(320406801)> CPU DBG: 00334:000000|015011 4 777777224003 (LDX4 777777,DU) 777777 224(0) 0 0 0 03
DBG(320406803)> CPU DBG: 00334:000000|015012 4 000001222003 (LDX2 000001,DU) 000001 222(0) 0 0 0 03
DBG(320406805)> CPU DBG: 00334:000000|015013 4 000002223011 (LDX3 000002,1) 000002 223(0) 0 0 0 11
DBG(320406807)> CPU DBG: 00334:000000|015014 4 000000235013 (LDA 000000,3) 000000 235(0) 0 0 0 13
DBG(320406809)> CPU DBG: 00334:000000|015015 4 000000220013 (LDX0 000000,3) 000000 220(0) 0 0 0 13
DBG(320406811)> CPU DBG: 00334:000000|015016 4 015607600000 (TZE 015607) 015607 600(0) 0 0 0 00
DBG(320406813)> CPU DBG: 00334:000000|015017 4 777777220001 (LDX0 777777,AU) 777777 220(0) 0 0 0 01
DBG(320406815)> CPU DBG: 00334:000000|015020 4 015026600000 (TZE 015026) 015026 600(0) 0 0 0 00
DBG(320406817)> CPU DBG: 00334:000000|015026 4 777773236001 (LDQ 777773,AU) 777773 236(0) 0 0 0 01
DBG(320406819)> CPU DBG: 00334:000000|015027 4 100000376007 (ANQ 100000,DL) 100000 376(0) 0 0 0 07
DBG(320406821)> CPU DBG: 00334:000000|015030 4 015600601000 (TNZ 015600) 015600 601(0) 0 0 0 00
DBG(320406823)> CPU DBG: 00334:000000|015031 4 015206751070 (STCA 015206,*0) 015206 751(0) 0 0 3 10
DBG(320406825)> CPU DBG: 00334:000000|015032 4 015207751070 (STCA 015207,*0) 015207 751(0) 0 0 3 10
DBG(320406827)> CPU DBG: 00334:000000|015033 4 015211054000 (AOS 015211) 015211 054(0) 0 0 0 00
DBG(320406829)> CPU DBG: 00334:000000|015034 4 000003102011 (CMPX2 000003,1) 000003 102(0) 0 0 0 11
DBG(320406831)> CPU DBG: 00334:000000|015035 4 015060600000 (TZE 015060) 015060 600(0) 0 0 0 00
DBG(320406833)> CPU DBG: 00334:000000|015060 4 015206236000 (LDQ 015206) 015206 236(0) 0 0 0 00
DBG(320406835)> CPU DBG: 00334:000000|015061 4 000012001000 (MME 000012) 000012 001(0) 0 0 0 00
DBG(320413834)> CPU DBG: 00334:000000|015063 4 015070601000 (TNZ 015070) 015070 601(0) 0 0 0 00
DBG(320413836)> CPU DBG: 00334:000000|015070 4 015210220074 (LDX0 015210,*4) 015210 220(0) 0 0 3 14
tss!
DBG(321303901)> CPU DBG: 00334:000000|000100 4 000000000000 (??? 000000) 000000 000(0) 0 0 0 00

The first two instructions:

DBG(319368638)> CPU DBG: 00334:000000|000032 4 000022001000 (MME 000022) 000022 001(0) 0 0 0 00
DBG(319818819)> CPU DBG: 00334:000000|002431 4 400000275007 (ORA 400000,DL) 400000 275(0) 0 0 0 07

Why does the IC jump from 32 to 2431 when the MME returns?

The last lines:

DBG(320413836)> CPU DBG: 00334:000000|015070 4 015210220074 (LDX0 015210,*4) 015210 220(0) 0 0 3 14
tss!
DBG(321303901)> CPU DBG: 00334:000000|000100 4 000000000000 (??? 000000) 000000 000(0) 0 0 0 00

The 'tss!' indicates that the TSS instruction was executed; it is not obvious why…

Let's assume that all was going swimmingly; and the LDX0 page faulted…Instrumenting doFault:

DBG(1040407843)> CPU DBG: 00334:000000|015061 4 000012001000 (MME 000012) 000012 001(0) 0 0 0 00
BAR Fault 2(02), sub 0(00), dfc N, 'Master Mode Entry (mme)'

DBG(1040414842)> CPU DBG: 00334:000000|015063 4 015070601000 (TNZ 015070) 015070 601(0) 0 0 0 00

DBG(1040414844)> CPU DBG: 00334:000000|015070 4 015210220074 (LDX0 015210,*4) 015210 220(0) 0 0 3 14
BAR Fault 1(01), sub 7(07), dfc N, 'BAR store fault; out of bounds'
tss!

DBG(1041305439)> CPU DBG: 00334:000000|000100 4 000000000000 (??? 000000) 000000 000(0) 0 0 0 00
BAR Fault 10(012), sub 1(01), dfc N, 'Illegal instruction'

So is the 2nd tss an artifact of buggy fault handling, or the gcos simulator deliberately calling tss?

To debug the OOB, I need to add the DBGBAR command. sigh.

Should I fold APPEND_BAR_mode into BAR_mode, and verify that the PSR/TSR is zero in absolute mode? AL39 implies that BAR mode is append_mode, but AL39 has been misleading before; also Multics is unlikely to ever need absolute bar mode, so I don't need to worry about it. (Of course, that's what I thought about BAR mode.)

The faulting instruction:

DBG(392364104)> CPU REGDUMPIDX: X[0]=000000 X[1]=024752 X[2]=000001 X[3]=005362^M
DBG(392364104)> CPU REGDUMPIDX: X[4]=777777 X[5]=014772 X[6]=000000 X[7]=000000^M

DBG(392364106)> CPU TRACE: 00334:000000|015070 4 015210220074 (LDX0 015210,*4) 015210 220(0) 0 0 3 14
DBG(392364106)> CPU ADDRMOD: doComputedAddressFormation(Entry): operType:readCY TPR.CA=015210
DBG(392364106)> CPU ADDRMOD: doComputedAddressFormation(startCA): TAG=74(*4) Tm=60 Td=14
DBG(392364106)> CPU ADDRMOD: IR_MOD: CT_HOLD=14 14
DBG(392364106)> CPU ADDRMOD: IR_MOD: fetching indirect word from 015210
DBG(392364106)> CPU APPENDING: doAppendCycle(H:FAP): (00334:015210) finalAddress=57723210
DBG(392364106)> CPU CORE: core_read  57723210 000000000000 (Read)
DBG(392364106)> CPU ADDRMOD: IR_MOD1: indword=000000000000 TPR.CA=000000 Tm=0 Td=00 ()
DBG(392364106)> CPU ADDRMOD: IR_MOD(TM_R): Cr=777777
DBG(392364106)> CPU ADDRMOD: IR_MOD(TM_R): TPR.CA=777777
DBG(392364106)> CPU ADDRMOD: readOperands(LDX0 777777):mne=ldx0 flags=81 dof=0 do=000000000040
DBG(392364106)> CPU ADDRMOD: readOperands a 0 address 00777777
BAR Fault 1(01), sub 7(07), dfc N, 'BAR store fault; out of bounds'

It loads the indirect address, which contains a 0, adds the contents of X4 (0777777), yielding an offset of 0777777. It tries to fetch the memory at that offset, and gets an out-of-bound fault.

Whatever the problem is, is happened earlier, and quietly.

page revision: 4, last edited: 20 Aug 2015 19:16
Edit Tags History Files Print Site tools + Options
Unless otherwise stated, the content of this page is licensed under Creative Commons Attribution-ShareAlike 3.0 License