CAC 2015-10-01

alm phase error

I wrote a script to try to better characterize the phase error; it came up with a new error…

cwd
r 10:14 0.044 5

dd -fc almtest
r 10:14 0.391 0

cd almtest
r 10:14 0.028 1

cd almtest>1
r 10:14 0.015 1

cd almtest>12
r 10:14 0.014 1

cd almtest>123
r 10:14 0.013 1

cd almtest>1234
r 10:14 0.013 1

cp >ldd>sl1>s>bootload_tape_label.alm almtest>==
r 10:14 0.089 6

cp >ldd>sl1>s>bootload_tape_label.alm almtest>1>==
r 10:14 0.053 5

cp >ldd>sl1>s>bootload_tape_label.alm almtest>12>==
r 10:14 0.053 5

cp >ldd>sl1>s>bootload_tape_label.alm almtest>123>==
r 10:14 0.052 5

cp >ldd>sl1>s>bootload_tape_label.alm almtest>1234>==
r 10:14 0.052 5

alm -list almtest>bootload_tape_label
ALM 8.14
r 10:14 3.217 69

alm -list almtest>1>bootload_tape_label
ALM 8.14
r 10:14 3.056 61

alm -list almtest>12>bootload_tape_label
ALM 8.14
r 10:14 3.056 61

alm -list almtest>123>bootload_tape_label
ALM 8.14
r 10:14 3.057 61

alm -list almtest>1234>bootload_tape_label
ALM 8.14

Error:  out_of_bounds at glpl_|6
(>system_library_standard>bound_alm_)
referencing 12344|277
There was an attempt to use an invalid segment number.
          name      glpl_               GE-list-processing-language.
"         an adaptation of flpl and mlpl to the ge-645 to be used
"         with the fortran compiler, especially for the eplbsa
"         assembler.          j.w.poduska, november 1965.
                        000005      41            entry     clh
    000005                          42  clh:
    000005  aa  0 00002 2361 20     43            ldq       ap|2,*
    000006  4a  4 00010 2361 20     44            ldq       <eb_data_>|[lavptr],*ql
    000007  aa   000022 7720 00     45            qrl       18
    000010  aa  0 00004 7561 20     46            stq       ap|4,*
    000011  aa  7 00044 7101 20     47            short_return
probe
Condition out_of_bounds raised at putblk|63127 (level 9).
sk
 14          command_processor_
 13          release_stack
 12          unclaimed_signal
 11          wall
 10          any_other.2
  9          putblk                                        out_of_bounds
  8          alm_source_map_$put_out_map
  7          emit
  6          postp2_
  5          alm_
  4          alm
  3          command_processor_
  2          listen_
  1          initialize_process_
[wd]>alm_table_tool >ldd>include>DECOR_TABLE.incl.pl1 >ldd>include>defops.incl.alm
myalm>bound_alm_$alm -list almtest>1234>bootload_tape_label
ALM 8.14

Error:  out_of_bounds at glpl_|6
(>user_dir_dir>SysAdmin>Anthony>myalm>bound_alm_)
referencing 12331|277
There was an attempt to use an invalid segment number.
r 11:56 2.972 55 level 2

probe
Condition out_of_bounds raised at line 97 of putout_ (level 9).
sk
 14          command_processor_
 13          release_stack
 12          unclaimed_signal
 11          wall
 10          any_other.2
  9          putout_ (line 97)                             out_of_bounds
  8          alm_source_map_ (line 121)
  7          alm_symtab_ (line 205)
  6          postp2_ (line 639)
  5          alm_ (line 283)
  4          alm (line 200)
  3          command_processor_
  2          listen_
  1          initialize_process_

alm:200
          call alm_(addr(global_info), addr(alm_arguments), alm_severity_, ec);
alm_:283
          call postp2_$postp2_;
postp2_:639
               call alm_symtab_$emit (ispc);

/* calculate length of explicit definitions */
...
/* Put out terminal information in the text segment. */
/* output order is transfer vector, error call, and literals. */
/* In addition if (tmvdef), all definitions are preassigned. */

....

/*  For new object segment format, put out text-section entry sequences.
   These merely call an operator, because the full entry sequence is fairly long.  */

...

/* punch out literals in order of definition. */

...

/* assign locations to definitions, if required. */

...

/* force the linkage to begin on an even word boundary */

...

/* Put out links, entries, and call - outs. */
/* comment, initialize, and generate the eight word header. */

...

/* nxt blk ptr and pre blk ptr are 0 since only one */
 /* linkage block is currently produced by eplbsa. */

...

/* put loc of links and block length in 7th word of header and *
/* segment length in 8th word. */

...

/* put out links, entries, and call - outs. */

...

/* First-reference trap array goes at end of links. */

...

/* end of links, decide to put out definitions or pointer. */

...

/* force linkage to be an even length */

...

/* assembler produced header always */
/* begins following joined data of symbol segment. */

...

                                                            /*  *** ASSUMING all absolute relocation for symbol header. *** */

          ilc = curlc;
          curlc = lpst;
          if tnewobject = 0 then call putout_$putblk (ispc, addr (sthedr_$sthedr_), i66, sthedr_$hdrlen, null ());
          else do;
               call putout_$putblk (ispc, addr (new_sthedr_$new_sthedr_), i66, new_sthedr_$hdrlen, addr (new_sthedr_$relocinfo));
               call alm_symtab_$emit (ispc);
          end;

alm_symtab:205

emit:     entry(pc);          /* emits symbol_table info & releases storage */
          if max_source < 0 then call alm_source_map_$put_out_map(pc);
          else call emit_symtab;

alm_source_map_$put_out_map:121

          temp = include_name_list_base;
          do while (temp ^= null ());
                    acc_temp.count = bit (fixed (min (temp -> source_info.source_map_length, 68), 9));
                    acc_temp.string = temp -> source_info.pathname;
                    call prnam_$prnam_ (addr (acc_temp));
                    call putout_$putblk (ispc, addr (temp -> source_info.pathname), i66, divide (temp -> source_info.source_map_length + 3, 4, 26, 0), null ());
                    temp = temp -> source_info.names_list_pointer;
                    end;

putout_$putblk:97

putblk:   entry( xpc, xlary, xhow, xn, xlword ) ;
          n = xn ;
          lary = xlary ;
          rary = xlword ;
label_1000:
          origin = glpl_$clh( curlc + 3 ) ;             <<<<< here
          segmnt = glpl_$crh( curlc + 4 ) ;

Hmmm. I changed the .bind from Global delete to retain and rebound. Now:

myalm>bound_alm_$alm -list almtest>1234>bootload_tape_label
ALM 8.14
r 12:27 3.152 61

It's a hisenbug?

terminate  >udd>SysAdmin>Anthony>myalm>bound_alm_
alm -list almtest>1234>bootload_tape_label
ALM 8.14
r 12:40 3.054 61

No; it just works now…

new_proc
alm -list almtest>1234>bootload_tape_label
ALM 8.14
r 12:42 3.252 70

Okay, that's weird.

Logging out an in, still works…

Logging out, run the test script; fails…

Run the test script, see error; new_proc; run test, no error…

Hmm..

Last login 10/01/93  1256.9 pdt Fri from ASCII terminal "none".
r 12:57 0.598 32

cwd
r 12:57 0.044 5

dd -fc almtest
r 12:57 0.091 0

cd almtest
r 12:57 0.028 1

cd almtest>1234
r 12:57 0.015 1

cp >ldd>sl1>s>bootload_tape_label.alm almtest>1234>==
r 12:57 0.091 6

alm -list almtest>1234>bootload_tape_label
ALM 8.14

Error:  out_of_bounds at glpl_|6
(>system_library_standard>bound_alm_)
referencing 12341|277
There was an attempt to use an invalid segment number.
r 12:57 3.047 61 level 2

rl
r 12:57 0.036 0

alm -list almtest>1234>bootload_tape_label
ALM 8.14

Error:  out_of_bounds at glpl_|6
(>system_library_standard>bound_alm_)
referencing 12341|277
There was an attempt to use an invalid segment number.
r 12:57 2.874 51 level 2

new_proc
r 12:57 0.598 32

alm -list almtest>1234>bootload_tape_label
ALM 8.14
r 12:57 3.239 70

There is something that new_proc fixes…

The crash:

DBG(247200728)> CPU TRACE: 00316:006330 5 401222236166 (LDQ PR4|1222,*QL) 401222 236(0) 1 0 3 06
DBG(247200728)> CPU APPENDING: Read (Actual) Read:  iefpFinalAddress=61206154  readData=012323500043
DBG(247200728)> CPU APPENDING: Read (Actual) Read:  iefpFinalAddress=61206155  readData=000000000000
DBG(247200728)> CPU FAULT: Fault 20(024), sub 1(01), dfc N, 'acvFault: fetchDSPTW out of segment bounds fault'
DBG(247200728)> CPU FAULT: 00316:006330 5 000277236100 (LDQ PR0|277) 000277 236(0) 1 0 0 00

The corruption:

DBG(247200502)> CPU TRACE: 00316:060466 5 012105100400 (MLR 012105) 012105 100(1) 0 0 0 00
DBG(247200502)> CPU APPENDING: Read (Actual) Read:  iefpFinalAddress=61242467  readData=000000000000
DBG(247200502)> CPU APPENDING: Read (Actual) Read:  iefpFinalAddress=61242470  readData=700000200001
DBG(247200502)> CPU APPENDING: Read (Actual) Read:  iefpFinalAddress=61206154  readData=000323500043
DBG(247200502)> CPU APPENDING: Write(Actual) Write: iefpFinalAddress=61206154 writeData=012323500043
00316:060466 

Bindmap for >sss>bound_alm_
Created on 06/09/89  1002.3 pdt Fri, by Hirneisen.SysMaint.a
using Multics Binder, Version 12 of Tuesday, March 26, 1985
>spec>install>1055>bound_alm_.archive

        Object    Text    Defs    Link    Symb  Static
Start        0       0  127714  133152  136560  133162
Length  156300  127714    3236    3406   17504    3202

Component                            Text        Int-Stat       Symbol
                                 Start Length  Start Length  Start Length

alm                                  0   3074      0      0    100    114
alm_                              3074   2212      0      2    214    332
eb_data_                          5306   1000      2   2100    546    120
getid_                            6306     14   2102      0    666    102
glpl_                             6322    136   2102      0    770    102
inputs_                           6460   1314   2102      6   1072    132
object_                           7774    200   2110      0   1224    116
utils_                           10174    230   2110      0   1342    102
sthedr_                          10424      0   2110     40   1444    102
oplook_                          10424   5426   2150     32   1546    116
ascevl_                          16052    520   2202      0   1664    156
decevl_                          16572    740   2202      0   2042    172
expevl_                          17532    752   2202      0   2234    172
getbit_                          20504    142   2202      0   2426    146
litevl_                          20646   1454   2202      0   2574    206
lstman_                          22322   2230   2202      0   3002    174
alm_merge_                       24552    220   2202      0   3176    160
modevl_                          24772    256   2202      0   3356    156
octevl_                          25250    140   2202      0   3534    144
pakbit_                          25410   1040   2202      2   3700    160
pass1_                           26450   7000   2204      0   4060    276
alm_data1                        35450     22   2204      0   4356    124
pass2_                           35472  14630   2204      0   4502    300
alm_data2                        52322      4   2204      0   5002    124
postp1_                          52326   1422   2204      0   5126    144
postp2_                          53750   4212   2204    132   5272    260
prlst_                           60162    250   2336      0   5552    146
prnam_                           60432    120   2336      0   5720    130
prnter_                          60552    506   2336      2   6050    132
prwrd_                           61260   1002   2340      0   6202    206
prwrd_util_                      62262    106   2340      2   6410    120
pudef_                           62370    126   2342      0   6530    116
pulnk_                           62516    144   2342      0   6646    116
pusmb_                           62662    126   2342      0   6764    116
putout_                          63010    414   2342      0   7102    144
putxt_                           63424    126   2342      0   7246    116
setid_                           63552     54   2342      0   7364    116
table_                           63626   1206   2342      0   7502    210
varevl_                          65034   1326   2342      0   7712    204
vfdevl_                          66362    702   2342      0  10116    156
alm_definitions_                 67264   2542   2342     66  10274    232
make_alm_object_map_             72026    164   2430      0  10526    152
alm_source_map_                  72212    410   2430      2  10700    154
alm_symtab_                      72622   7662   2432    432  11054    212
alm_include_file_               102504   1756   3064      2  11266    170
alm_cross_reference_            104462   1022   3066      0  11456    210
new_sthedr_                     105504     66   3066     64  11666    104
alm_eis_parse_                  105572   1334   3152      2  11772    162
mexp_                           107126  11232   3154      2  12154    144
alm_table_tool                  120360   7334   3156     24  12320   4164

00316:060466 

prnam_                           60432    120   2336      0   5720    130

060466-60432 --> 34

prnam_:   proc( link );
/* this procedure puts symbols in the listing for postp2_ by faking a source line */

                                                            STATEMENT 1 ON LINE 38
common:   substr(oulst, count+2, 1) = "
";

000031  aa  6 00100 2351 00   lda       pr6|64              count
000032  aa  6 00044 3701 20   epp4      pr6|36,*
000033  la  4 00014 3735 20   epp7      pr4|12,*
000034  aa  012 105 100 400   mlr       (),(pr,al),fill(012)
000035  aa   000000 00 0000   desc9a    0,0
000036  aa  7 00000 20 0001   desc9a    pr7|0(1),1          eb_data_$oulst.oulst

000031  aa  6 00100 2351 00   lda       pr6|64              count

DBG(247200496)> CPU TRACE: 00316:060463 5 600100235100 (LDA PR6|100) 600100 235(0) 1 0 0 00
DBG(247200496)> CPU APPENDING: Read (Actual) Read:  iefpFinalAddress=60420540  readData=000000000103
DBG(247200496)> CPU REGDUMPAQI: A=000000000103 Q=000000000104 IR:~BAR

count is 103 (67)

35  count = fixed(unspec(substr(link->char,1,1)),9,0);
                                                            STATEMENT 1 ON LINE 35
          count = fixed(unspec(substr(link->char,1,1)),9,0);

000013  aa  6 00032 3735 20   epp7      pr6|26,*
000014  aa  7 00002 3715 20   epp5      pr7|2,*             link
000015  aa  5 00000 2351 20   lda       pr5|0,*

DBG(247200476)> CPU TRACE: 00316:060447 5 500000235120 (LDA PR5|0,N*) 500000 235(0) 1 0 1 00
DBG(247200476)> CPU APPENDING: Read (Actual) Read:  iefpFinalAddress=60420402  readData=000235500043
DBG(247200476)> CPU APPENDING: Read (Actual) Read:  iefpFinalAddress=60420403  readData=012265000000
DBG(247200476)> CPU APPENDING: Read (Actual) Read:  iefpFinalAddress=60420265  readData=103076165163
DBG(247200476)> CPU REGDUMPAQI: A=103076165163 Q=000000000000 IR:~BAR

103076165163 103 '>us'

60420265 103076165163 103'>us'
60420266 145162137144  'er_d'
60420267 151162137144 'ir_d'
60420270 151162076123 'ir>S'
60420271 171163101144 'ysAd'
60420272 155151156076 'min>'
60420273 101156164150 'Anth'
60420274 157156171076 'ony>'
60420275 141154155164 'almt'
60420276 145163164076 'est>'
60420277 061062063064 '1234'
60420300 076142157157 '>boo'
60420301 164154157141 'tloa'
60420302 144137164141 'd_ta'
60420303 160145137154 'pe_l'
60420304 141142145154 'abel'
60420305 056141154155 '.alm'  104 chars here; 103 + count.
60420306 040040040040 '    '
60420307 040040040040 '    '
60420310 040040040040 '    '
60420311 040040040040 '    '
60420312 040040040040 '    '
60420313 040040040040 '    '
60420314 040040040040 '    '
60420315 040040040040 '    '
60420316 040040040040 '    '
60420317 040040040040 '    '
...
60420365 040355000000 ' ...'

101 (64) words.

000016  aa   000077 7730 00   lrl       63

DBG(247200478)> CPU TRACE: 00316:060450 5 000077773000 (LRL 000077) 000077 773(0) 0 0 0 00
DBG(247200478)> CPU REGDUMPAQI: A=000000000000 Q=000000000103 IR:~BAR

000017  aa  6 00100 7561 00   stq       pr6|64              count

DBG(247200480)> CPU TRACE: 00316:060451 5 600100756100 (STQ PR6|100) 600100 756(0) 1 0 0 00
DBG(247200480)> CPU APPENDING: Write(Actual) Write: iefpFinalAddress=60420540 writeData=000000000103
DBG(247200480)> CPU REGDUMPAQI: A=000000000000 Q=000000000103 IR:~BAR

The count is correct; therefore

common:   substr(oulst, count+2, 1) = "

would appear to be a buffer overrun....

This is a buffer overrun, plain and simple.

prname_ writes to oulst:

dcl       1 eb_data_$oulst external, 2 oulst char(68) aligned;

prname_ writes the string and appends a newline.

dcl       1 array_overlay     based aligned,
          2 words(count2)     bit(36) aligned;

          count = fixed(unspec(substr(link->char,1,1)),9,0);
          addr(oulst) -> array_overlay = link -> array_overlay;
common:   substr(oulst, count+2, 1) = "
";

count is 67; count + 2 is 69, just beyond the end of the array.
Unless otherwise stated, the content of this page is licensed under Creative Commons Attribution-ShareAlike 3.0 License