11DDT - PDP-11 debugger.

build/misc.tcl

@@ -910,3 +910,24 @@ expect ":KILL"
 # KL10 front end debugger.
 respond "*" ":palx dsk0:.;_syseng; klrug\r"
 expect ":KILL"
+
+# PDP-11 debugger.
+respond "*" ":palx dsk0:.;11ddt 16k_kldcp; 11ddt\r"
+respond "PDP11=" "45\r"
+respond "FPPSW=" "1\r"
+respond "MAPSW=" "1\r"
+respond "HCOR=" "40000\r"
+respond "TT10SW=" "0\r"
+respond "VT05SW=" "0\r"
+respond "DEBSW=" "0\r"
+expect ":KILL"
+
+respond "*" ":palx dsk0:.;11ddt 14k_kldcp; 11ddt\r"
+respond "PDP11=" "45\r"
+respond "FPPSW=" "1\r"
+respond "MAPSW=" "1\r"
+respond "HCOR=" "34000\r"
+respond "TT10SW=" "0\r"
+respond "VT05SW=" "0\r"
+respond "DEBSW=" "0\r"
+expect ":KILL"

doc/kldcp/11ddt.order

@@ -0,0 +1,474 @@
+STANFORD ARTIFICIAL INTELLIGENCE LABORATORY
+Rr
+
+DDT FOR THE PDP-11
+
+Jeff Rubin
+(with additions by Bo Eross)
+
+
+DDT is a symbolic debugger written for the PDP-11.  Its command
+structure is quite similar to that of PDP-10 DDT except where
+machine differences dictated otherwise.  The current version of DDT
+runs on a PDP-11/45 with a floating point processor (FPP) but with
+no memory management unit.  It is expected that DDT will be revised
+when the page map is installed on the 11/45 and also for the 11/40
+which will come with the KL-10.  All numbers in this manual are assumed
+to be in decimal unless otherwise indicated.  The letter  will be used
+indicate alt-mode unless the text specifies differently.  The
+character ^ will be used directly in front of an uppercase letter to
+indicate that that letter should be typed with the control key
+held down.  { and } are used as meta parentheses and are not meant to
+be typed in or typed out.
+
+1  Examining and Altering Locations
+
+1.1  Expressions
+
+DDT parses arithmetic expressions in either integer or floating
+point.  Mixed mode is not allowed.  Expressions may be fully parenthesized
+and are interpreted using a strict precedence scheme.  The operators are:
+
+Precedence	Operator		Operation
+
+   0		   ,,		high byte,,low byte
+   2		+ or space	binary addition
+   2		   -		binary subtraction
+   3		   *		binary multiplication
+   3		   !		binary division
+   4		   -		unary minus
+
++ used as a unary operator is ignored.  Operations associate to the left
+where the precedence is the same for
+both operations.  Operands may be integer, floating point or text constants,
+symbol names or special symbols.
+
+1.1.1  Integers
+
+Integers are assumed to be in octal unless they are immediately followed
+by a decimal point.  Integers must fit into a 16 bit field.
+
+1.1.2  Floating Point Numbers
+
+DDT accumulates floating point numbers in double precision.  Floating
+point is indicated either by having digits both before and after a
+decimal point or by using the standard E notation.  In E notation, there
+must first be an integer optionally followed by a decimal point and another
+integer followed immediately by an E and an (optionally signed) integer
+power of 10 to scale the number by.  All the integers in a floating point
+number are assumed to be decimal.  The following are all valid floating
+point numbers:
+
+	0.12   105.0   3.14E-6   0.21718E1   105.69E+4
+
+1.1.3  Text Constants
+
+There are three types of text constants: single character ascii, double
+character ascii and radix 50.  '{char} has the value of the ascii character
+char. "{char1}{char2} has the ascii value of char1 in the low
+byte and the ascii value of char2 in the high byte.  &{char1}{char2}{char3}
+has the value of the radix 50 equivalent of the symbol {char1}{char2}{char3}.
+If it is desired to not have all three characters in the value then fewer
+characters
+may be given as long as they are followed by some non radix 50 character.  In this
+case the resulting radix 50 value will be left justified within a word.  The
+following table lists the correspondence between ascii and radix 50:
+
+		ASCII		RADIX 50 (in octal)
+
+		A - Z		1 - 32
+		$ (dollar)	33
+		.		34
+		%		35
+		0 - 9		36 - 47
+
+1.1.4  Symbols and Register Values
+
+Symbols may be constructed with from 1 to 6 radix 50 characters.  The
+first character of a symbol may not be an integer and it may not be . if
+all the remaining characters are integers.  DDT maintains a symbol table
+and the symbol typed by the user is looked up in this table.  If it is found,
+then the corresponding value from the table is used in the expression evaluation.
+If not then the message ?U? is typed and the current expression evaluation is
+aborted.  Symbol values may be either integer or register values.  A register
+value, when used in an integer expression, causes a flag to be set so that
+the resulting expression value is considered a register value.  Register values
+must be between 0 and 7 inclusive.  Register values can only be typed in as
+a result of typing a symbol which has a register value.  See section 1.1.5 on 
+special symbols for
+a description of predefined symbols which have register values.  Symbols may
+be defined in two ways.  First, typing FOO: defines FOO to have the
+value of . (see section 1.1.5 on special symbols).  If . is a register value then
+FOO will be defined as a register symbol.  The second way is to type
+val<FOO: which defines FOO to have the value val.  Again, if
+val is a register value then FOO will also be a register value.
+DDT uses symbols for typing out values whenever possible (see section 1.2.2 on
+typeout modes).  Sometimes it is undesirable for certain symbols to be used
+on typeout.  It is possible to half-kill these symbols, which leaves
+their values alone but marks them so that DDT will never use them for typeout
+purposes.  FOOK half-kills FOO.
+
+1.1.5  Special Symbols
+
+Certain symbols have been predefined in DDT.  They are:
+
+	.		current location counter (see section
+			1.2 on opening locations)
+	Q		last value typed in or out
+	0Q		low byte of Q if it was an integer
+	1Q		same as 0Q but the high byte
+	M		address within DDT where the search mask is stored
+			(see section on searches)
+	%0 through %7	register values 0 through 7
+
+1.1.6  Instruction Typein
+
+An instruction may be typed in instead of an expression.  Instructions are
+typed in the same way as in PALX with the exception of the condition code
+instructions.  Any address or constant in an instruction may be a normal
+expression.  The condition code instructions are input by typing CL
+or SE followed by a space followed by the condition code letters to
+be set or cleared (C, Z, N or V).
+
+1.2  Opening Locations
+
+The commands that open locations are / \ [ linefeed and tab.  Each
+command sets the value of the symbol . to the location being opened, which
+may be a register.  The last two, linefeed and tab, have the ability to
+alter locations and if a value is typed in front of them that value is stored
+in the currently open location, if any.
+
+1.2.1  /  and [
+
+Three commands for examining core locations are addr0/
+addr[ and addr\.  These commands all open location addr
+and type out the contents of the byte or word at addr in some mode.
+There are two modes in which a location can be open: word mode and
+byte mode.  Any command that opens a location in byte mode will type
+the contents of the open byte as an unsigned integer.  Any address
+(odd or even) can be opened in byte mode.  The \ command always opens locations
+in byte mode.  The [ command opens the location in word mode and types out
+the contents of the word as an unsigned integer.  If the location was at
+an odd address then the command acts as if it were addr\.  The / command
+also opens the location in word mode, but it types out the contents of the
+word in the current typeout mode (see section 1.2.2 on typeout modes).  It also
+acts like \ if the location is odd.  Once a location is opened it is enabled
+for having things stored into it.  The location stays open until a command
+is executed which specifically closes the location (see section 1.2.4 on altering
+locations).
+
+These three commands may also be executed without a preceding
+argument, in which case the location that is opened is the value that
+was last typed out as the result of opening some location.  If that open location
+was typed as an instruction, then the new location to be opened is the last
+address referenced by that instruction.
+
+There are several other commands which open locations, but these will be
+discussed in section 1.2.4 on altering locations.
+
+1.2.2  Typeout Modes
+
+The form in which an even addressed location is typed by the / command
+depends upon the typeout mode.  The typeout modes are:
+
+  Mode				Description
+
+constants		signed 16 bit number
+symbolic		(non half-killed) symbol plus numeric offset (like FOO+12)
+byte			unsigned 8 bit number
+halfword		high byte,,low byte  both as unsigned 8 bit numbers
+floating		this and the next location (or the next three) are typed
+			as a single (or double) precision floating point number
+text			ascii and radix 50 characters
+instruction		this location and those following that make up the instruction
+			are typed out as an instruction (floating point instructions
+			optional)
+
+Within these modes there are the following submodes:
+
+octal/decimal		the numeric parts of all integer typeouts (except in
+			a floating point number) are controlled by this submode
+absolute/relative	in absolute mode no symbols are typed out
+floating double		in this submode, floating point typeout types four words in
+			double precision; this submode also controls how many words
+			are stored in a location when a floating point number is
+			stored (see section 1.2.4 on altering locations)
+floating instruction	in this submode of instruction mode floating
+			point instructions are typed rather than negative numbers
+
+For each of the above modes except for the floating point submodes
+there is a temporary mode and a permanent mode.  The floating point submodes
+are permanent only.
+It is the temporary modes that control typeout.  The permanent modes are
+copied into the temporary modes whenever carriage return is typed or
+when DDT is entered from a breakpoint or startup.  Corresponding to each
+of the modes is a letter.  The command {letter} sets the corresponding
+temporary and permanent modes.  The command {letter} sets the
+temporary mode only.  The single  commands may be typed anywhere within an
+expression, while the double  commands terminate and ignore any expression
+that might be in progress.  The letters are as follows:
+
+	letter		   function
+
+	  A		absolute mode
+	  C		constants mode
+	  D		decimal mode
+	  F		floating mode
+	  H		halfword mode
+	  I		instructions mode
+	  L		floating long (double precision) mode
+	  O		octal mode
+	  R		relative mode
+	  S		symbolic mode
+	 nT		text mode, where n=5 for radix 50, n=7 or absent for ascii
+	  V		floating instruction typeout mode
+	  Y		byte mode
+
+1.2.3  _ and @
+
+There are two further commands which open locations.
+_ is intended for opening the source location of the most recently
+typed out binary instruction.  For example if the last thing typed
+out was MOV FOO,BAR then _ will open FOO (whereas / will open
+BAR).
+@ causes the contents of the PC to be the location opened and it sets
+the temporary typeout mode to instruction mode.  It is useful for
+seeing what instruction will be executed next.
+
+1.2.4  Altering Locations: tab, linefeed and carriage return
+
+Once a location is opened it may be altered by depositing a new
+value in that location.  There are three commands used to alter locations, tab,
+linefeed and carriage return.  Each of these commands may be preceded by a
+value which is then deposited in the currently open location if there is one.
+How much is stored depends upon the mode in which the location is open and
+upon what value was typed.  If the location was open in byte mode then floating
+point values and instructions may not be stored.  The value that is stored will
+be deposited only in the byte that is open, even if it is a register open in byte
+mode.  If the open location is a register in word mode then again, floating
+point values and instructions cannot be stored.  If a floating point value is
+being stored in word mode then either two words or four are stored depending
+upon the state of double precision floating point mode (see section 1.2.2
+on typeout modes).  An instruction that is being stored will take up the
+appropriate number of words (from one to three).  After a value is stored (if
+there was a value typed) the open location is then closed.
+
+Carriage return resets the temporary typeout modes from the permanent
+typeout modes (see section 1.2.2 on typeout modes).
+
+Linefeed opens a new location by adding an appropriate increment to the
+value of the symbol . and opening . again in the same mode as it was opened in
+before.  The appropriate value is determined
+by what value is typed before the linefeed and what mode the location was open
+in.  If the location was open in byte mode, then the linefeed increment is
+always one, that is, the next byte will be opened.  If the location was open
+in word mode, then the increment depends upon what value was typed preceding
+the line-feed.  If there is no value,then the increment is two.  If there
+is an instruction, then the increment is such that the location opened is
+the one immediately following the stored instruction.  If the value being
+stored is a floating point number then the increment is four if double
+precision mode is off and eight otherwise.
+
+Tab opens the location whose address is the value stored in the previously
+open location (i.e., the location open just before the tab was typed).
+
+2 Program Execution and Control
+
+2.1  Setting and Clearing Breakpoints
+
+There are seven breakpoints which may be set in a program,
+numbered from 1 to 7.  A breakpoint may be set at a location by typing
+an expression for the address followed by an altmode, an optional expression
+in parentheses, an optional digit from 1 to 7 and the letter B.  For
+example,
+   addr+4B    base+2*index3B    loop+4(%4)5B
+are all legal.
+The address expression specifies where the breakpoint is to be placed.  The
+digit, if supplied, indicates which breakpoint number should be used.
+The expression in parentheses should be an address whose
+contents will be typed out in the current typeout mode when the breakpoint
+is hit.  If no digit is given, then DDT will assign a breakpoint number
+starting from 1, using the first breakpoint number that is not in use.
+A breakpoint is not in use if the address at which the breakpoint is set
+is zero.  Therefore,  breakpoint n may be cleared by typing 0nB
+which sets the address of breakpoint n to zero. A breakpoint may also be
+cleared by specifiying the address where it resides, as in
+<expr>B, which clears the breakpoint at <expr>, if there is one.
+The command B will clear all the breakpoints.
+If you try to set a breakpoint without specifying a number and all
+seven are in use, then the message
+?TMB? is typed and no action is taken. 
+
+2.2  Starting Programs
+
+The command addrG starts the program at addr.  addr
+may be any expression whose value is a non-register integer.  If the program
+had a starting address (i.e., if there was a label after the end statement
+in the source code) then the command G will start the program at its
+starting address.  Finally, the command addrG will start the program
+at addr and will also set the starting address of the program to
+addr so that future G commands will start the program at this
+same address.
+
+2.3  Proceeding Programs
+
+Once a program has been started it may reenter DDT in three ways.  First
+it may hit a breakpoint.  Second, it may execute a BPT instruction.
+Third, it may transfer to DDT's starting
+address, which at this time is 50000 (octal) although this may change
+when the map "arrives".  The second method is generally preferable to the
+third, for the following reasons: you don't have to know the right starting
+address, and the breakpoint trap procedure saves your program's status
+so that you can tell where in your program the call to DDT was.
+If DDT is entered via a breakpoint, it will type
+the breakpoint number followed by the instruction at that address
+followed by the contents of the location that was in parentheses in the
+breakpoint command.  Entering by a BPT causes a typeout similar
+to that for a breakpoint, identified by the letters BE at the left
+margin.  You can proceed from a breakpoint by using the P command,
+which will resume execution at the interrupted instruction.  There are
+two variations on this command.  First, nP will proceed from this
+breakpoint n times; however, it will break at any other breakpoint
+it may hit before the n times are up.  After breaking the nth time,
+control will stay in DDT as if it had hit that breakpoint normally.
+The second form is P which will proceed all breakpoints indefinitely.
+However, the standard breakpoint information is typed out at each breakpoint
+and the process may be stopped by typing any character at DDT (the character
+itself is ignored).
+There is a second proceed command
+included for convenience.  Typing ^P has the effect of planting
+a breakpoint at . and then proceeding.  The breakpoint will be automatically
+removed when it is hit.  Typing <expr>^P sets the temporary
+breakpoint at the location addressed by <expr> (without changing
+the value of .) and proceeding.  Note: there is only one such temporary
+breakpoint.  When your program runs into it, DDT will identify it as
+breakpoint 8.  Also, if you already had a breakpoint set at the location
+that ^P affects, the original breakpoint is lost, along with the specification
+(if any) of a location to type out.
+If you hit the ^P breakpoint while P is in effect, it will stop
+as if you had typed something.
+^Q does like P, continuing automatically from all breakpoints, but
+it doesn't type out.  Typing anything will cause it to break at the
+next breakpoint.
+
+2.4  Single Stepping
+
+After a program hits a breakpoint, it is often desirable to
+watch what the code does one instruction at a time.
+It would be cumbersome to plant breakpoints at each succeeding instruction,
+proceed and then remove the breakpoints.  To ease this problem, there is
+a single step feature.  Typing ^X will execute the next sequential
+instruction, then type out "SS;" followed by
+the new value of the PC and the next
+instruction to be executed.  The value of . is not changed.
+If there is a breakpoint at the next instruction,
+DDT will type the breakpoint message instead of the one-step message.
+The commands ^N and ^S are exactly
+the same as ^X.  Single stepping is legal after having
+hit a breakpoint or can be begun by typing <expr>^S (or ^X or
+^N), which sets PC_<expr>, then one-steps.
+
+2.5  Debugging interrupt code
+
+DDT attempts to be as flexible as possible in the way it handles
+breakpoints and one-stepping, so things may get pretty confusing at times.
+For example, suppose you just said ^S when your program's priority level
+is low and an interrupt is pending.  What happens is (1) DDT sets the
+Trace Trap bit and does a RTT to get back to your program. (2)
+The 11 is about to fetch your instruction, but it notices the interrupt
+and answers it.  (3) The interrupt procedure starts out by loading a
+new PSW which doesn't have the Trace bit on, so the service routine
+just runs away at full speed.  (4) The interrupt routine ends by doing
+a RTI.  This loads up your PSW again, with the Trace bit on.
+The 11 is again about to fetch your instruction, but it sees the
+Trace bit so it takes the trace trap.  (5) And now we're back in DDT,
+and the PC is still pointing at the instruction you wanted to step,
+which was never executed.  You might think, all right, let the interrupt
+routine return using RTT instead of RTI.  That will have
+the right effect if the interrupt was pending when you did the ^S, but
+if it happens after your instruction was fetched the result will be
+that the next one will be stepped, too!  It's a design flaw in the
+hardware... complain to DEC.
+
+However, you can have a breakpoint in an interrupt routine while you're
+one-stepping your main program.  Then when you step and the interrupt
+strikes and hits its breakpoint, DDT will astonish you by typing out
+the breakpoint message instead of the single step you expected.  You
+can step the interrupt routine if you like, or proceed it, and the
+trace trap will happen when it returns and DDT will finish up the
+one-step you started way back there.  One warning, though...  if you
+have a breakpoint at the RTI or RTT that ends the interrupt
+routine, you should either remove it or STEP that instruction.  If you
+proceed it, DDT will forget about the original one-step and wind up
+proceeding your main program.
+
+If you set a breakpoint at a TRAP or EMT instruction, you
+should clear it before you proceed or step.  Otherwise, the trap service
+routine may see a BPT opcode instead of the TRAP or EMT
+that you specified.
+
+By the way, the SPL instruction has the side effect of suppressing
+all interrupts including the trace trap during the next instruction
+fetch.  Because of this effect, DDT checks to see whether the target
+of a ^S is a SPL.  If it is, DDT simulates the SPL by
+changing your priority without returning to your program, and pending
+interrupts can't strike during that process.
+
+3  Special Locations in DDT
+
+Several locations inside DDT are available by way of predefined
+symbols, to give you some control over DDT's workings.
+
+3.1  Program Status Word (%PS)
+
+If you refer to %PS you get your program's status word.
+You may modify
+any part of this cell except bit 4 (the Trace Trap bit, octal 20).
+DDT uses bits 14-15 to decide which of the three stack pointers to give
+you when you ask for %6, and bit 11 to decide which of the two general
+register sets you mean when you talk about %0 through %5.  There is
+no check for whether you set the processor state to a legal value -
+that's up to you.
+
+3.2  DDT's Status Word (%DDTS)
+
+This word is the PSW that DDT uses.  You may change bits 5-7 only,
+determining the priority level that DDT runs at.  This allows you to run
+an interrupt-driven routine in the background while you're talking to DDT.
+WARNING!  The background code that is capable of interrupting DDT
+had better not have any breakpoints or BPT instructions, or a
+re-entrant call to DDT will happen and things will get very confused.
+%DDTS is assigned the absolute location HCOR-12, where
+HCOR is what DDT thinks is the first nonexistent memory location
+(100000 on our 16K system).
+
+3.3  Teletype switch (%TT10)
+
+This word, located at HCOR-6, determines which way DDT's
+input and output will go.  If the contents of %TT10 are zero,
+I/O goes to your console via the 11TTY program; if nonzero, I/O goes
+to the PDP-11's console terminal.  You may change this switch at any
+time, either by command or by program, and DDT will immediately begin
+using the device you specified.  A great convenience if you left 11TTY's
+"V" switch in the wrong state when you loaded your program.
+
+3.4  Floating-point Registers (%AC0 through %AC5 and %FPS)
+
+The symbols %AC0 through %AC5 refer to the locations
+(four words each) where DDT stores the floating-point accumulators.
+Note that these are memory locations and not the registers themselves.
+If you refer to these locations it is up to you to make sure that the
+typeout mode is appropriate to the data.  %FPS gets you the
+location where DDT stored your program's floating-point status register.
+If you change the contents of these locations the right thing will
+happen when you proceed or step your program.
+
+3.5  Maximum symbolic offset (%MXOFF)
+
+This location contains the upper limit on the numeric offset that
+DDT will type out when printing an address.  The default value is 100 -
+that is, if FOO=1000 and there are no other symbols defined between 1000
+and 1100, DDT will type the address 1077 as FOO+77 and 1100 as 1100.
+You can change the limit on these offsets by changing the value in
+%MXOFF.
+

doc/programs.md

@@ -1,3 +1,4 @@
+- 11DDT, PDP-11 debugger.
 - 11SIM, PDP-11 emulator.
 - 11STNK, PDP-11 linker.
 - 20XCVT, convert TOPS-20 CSAVE file to PDUMP.