CAC 2016-07-04

Debugging 'wdc invoke' fault_tag_1

program test(input,output);
var i : integer;
for i:= 1 to 10 do

pascal test
stty -ttp vt102
wdc invoke


Error:  fault_tag_1 by >user_dir_dir>SysAdmin>Repair>test|40 (line 8)
(while in operator return_zero)
referencing stack_4|0 (in process dir)
Ascii data where pointer expected.

F1: 00314:002350

lrn 314

   314 >system_library_unbundled>bound_pascal_runtime_

Analysis of the fault shows it occurs when the program is calling the Pascal run time library routine 'return_zero' which, from context, appears to the "normal procedure exit" code.

return_zero does a 

     LDA PR1|0,QU*

PR1 is pointing to segment 234, the ring 4 stack,

If wdc is invoked, the value 000000440040 retrieved as the operand value at PR1|0,QU; the tag is 40, which is both the F1 tag and an ASCII space.

If wdc is not running, the value is 000000440000, which appears to be the correct value.

My current hypothesis is that something in the wdc code is writing ACSII data to the wrong memory location due to a bug somewhere in the emulator EIS address arithmetic code.; this is causing random stack damage and may be behind any number of odd wdc behaviors.

Watching memory for 000000440040

core_write hit 00276:001773 600307255100 61305147

lrn 276

   276 >system_library_1>bound_multics_bce_

pbm >system_library_1>bound_multics_bce_
command_processor_                   0  20102      0      0    100    232

In BCE command_processor??

                                                            STATEMENT 1 ON LINE 528
               arg_list.has_command_name = "1"b;

001772  aa   400000 2350 07   lda       131072,dl
001773  aa  6 00307 2551 00   orsa      pr6|199             arg_list.has_command_name

      407 /* Simple command processor:  processes command lines which do not contain quoted strings, iteration, or active strings.
      408*   Argument lists are constructed and commands invoked until either the entire command line is processed or a command
      409*   invocation if found with more than 32 arguments in which case the full command processor must be used */
      411 simple_command_processor:
      412      procedure (p_line_ptr, p_line_lth, p_start, p_complex_line) /* options (quick) */;

core_write hit 00276:001773 600307255100 60425207
    Entry ptr   00276:001773

    Frame 1 00234:002700
    Previous FP 00234:002400
    Return ptr  00276:000000
    guessing X7 has a return address....
    Entry ptr   00276:000412

That is command_processor_

    Arg ptr     00234:002564
    arg_count   3
    call_type Inter-segment
    desc_count  0
    arg0 value   00234:002564 [60424500] 000234400043 (41025571)

arg0 points to 000234400043 002640000000

    arg1 value   00234:002564 [60424575] 000000000005 (5)

    arg2 value   00234:002564 [60424515] 000000000000 (0)

    End of frame 1

    Frame 2 00234:002400
    Previous FP 00234:002000
    Return ptr  00270:034523
    Entry ptr   00270:034016
    Arg ptr     00234:002242
    arg_count   1
    call_type Enviroment pointer
    desc_count  1
    arg0 value   00234:002242 [60424125] 145170145143 (13587499619)

    End of frame 2

    Frame 3 00234:002000
    Previous FP 77777:000001
    Return ptr  00243:000705
    Entry ptr   00243:000232
    Arg ptr     00234:000000
    arg_count   0
    call_type Inter-segment
    desc_count  0
    End of frame 3

My analysis is wrong. The 40 bit is already set. 

This makes no sense; the memory location is used as an incoming argument by command_processor_ and as a pointer by by the pascal run time system. I think the pascal runtime system is confused.

GD's test_float

DBG(499161354)> CPU0 TRACE: 00257:050760 4 140020024540 (MVNE PR1|40020,F1) 140020 024(1) 0 0 0 00^M
DBG(499161354)> CPU0 APPENDING: Read (Actual) Read: iefpFinalAddress=77422761 readData=500014010013^M
DBG(499161354)> CPU0 APPENDING: Read (Actual) Read: iefpFinalAddress=77422762 readData=051041000014^M
DBG(499161354)> CPU0 APPENDING: Read (Actual) Read: iefpFinalAddress=77422763 readData=200000000012^M
DBG(499161354)> CPU0 APPENDING: Read (Actual) Read: iefpFinalAddress=77423041 readData=051043000010^M
DBG(499161354)> CPU0 APPENDING: Read (Actual) Read: iefpFinalAddress=61237060 readData=055063065060^M
DBG(499161354)> CPU0 APPENDING: Read (Actual) Read: iefpFinalAddress=61237061 readData=060060060060^M
DBG(499161354)> CPU0 APPENDING: Read (Actual) Read: iefpFinalAddress=61237062 readData=060060001060^M
DBG(499161354)> CPU0 APPENDING: Read (Actual) Read: iefpFinalAddress=77423043 readData=403040141207^M
DBG(499161354)> CPU0 APPENDING: Read (Actual) Read: iefpFinalAddress=77423044 readData=320320320320^M
DBG(499161354)> CPU0 FAULT: Fault 10(012), sub 4294967296(040000000000), dfc N, 'mopExecutor'^M
DBG(499161354)> CPU0 FAULT: 00257:050760 4 140020024540 (MVNE PR1|40020,F1) 140020 024(1) 0 0 0 00^M

Unless otherwise stated, the content of this page is licensed under Creative Commons Attribution-ShareAlike 3.0 License