From 95e535008beb5bb650027337b4a76f95a9ad3c67 Mon Sep 17 00:00:00 2001 From: Mark Pizzolato Date: Sat, 24 Mar 2012 12:54:46 -0700 Subject: [PATCH] Updated HP2100 from Dave Bryan --- HP2100/hp2100_bugfixes.txt | 44 ++++++++++++++++++++++++++- HP2100/hp2100_cpu5.c | 13 ++++++-- sim_rev.h | 62 +++++++++++++++++++++++++++++++++----- 3 files changed, 108 insertions(+), 11 deletions(-) diff --git a/HP2100/hp2100_bugfixes.txt b/HP2100/hp2100_bugfixes.txt index 57ef7392..90c3bd0f 100644 --- a/HP2100/hp2100_bugfixes.txt +++ b/HP2100/hp2100_bugfixes.txt @@ -1,6 +1,6 @@ HP 2100 SIMULATOR BUG FIX WRITEUPS ================================== - Last update: 2012-03-20 + Last update: 2012-03-23 1. PROBLEM: Booting from magnetic tape reports "HALT instruction, P: 77756 @@ -6215,3 +6215,45 @@ service only when a parameter word has been received with an ioIOO signal. STATUS: Fixed in version 3.9-0. + + + +245. PROBLEM: The EMA diagnostic sometimes aborts with a DM error. + + VERSION: 3.8-1 + + OBSERVATION: Running the RTE-IV EMA diagnostic "#EMA" may abort with a DMS + violation: + + DM VIOL = 160377 + DM INST = 105257 + ABE 177750 15 1 + XYO 116123 72137 0 + DM #EMA 16521 + #EMA ABORTED + + The abort occurs in test 8, which executes the .EMAP instruction and passes + a negative number of dimensions. + + CAUSE: The test supplies a dimension count of -32768. The offset of the + specified array element is calculated by the "cpu_ema_resolve" routine by + iterating through the array subscripts. The 16-bit word containing the + dimension count is loaded into a 32-bit signed integer variable as an + unsigned value. Therefore, +32678 dimensions are assumed. However, only + one subscript value is supplied in the call, so subsequent instructions + after the call are interpreted as subscript addresses, yielding random + values from memory. Also, the array descriptor only defines one subscript, + so subsequent memory values are interpreted as subscript bounds and element + counts. + + If one of subscript offsets evaluates to a negative value, the routine + returns FALSE, and the instruction fails. The diagnostic interprets the + cause of the failure as the negative dimension count and passes test 8. + + However, if a subscript address points at a protected page of memory, the + instruction causes a DM violation when the value is retrieved. + + RESOLUTION: Modify "cpu_ema_resolve" (hp2100_cpu5.c) to sign-extend the + 16-bit dimension count. + + STATUS: Fixed in version 3.9-0. diff --git a/HP2100/hp2100_cpu5.c b/HP2100/hp2100_cpu5.c index a680f864..9865f47a 100644 --- a/HP2100/hp2100_cpu5.c +++ b/HP2100/hp2100_cpu5.c @@ -26,7 +26,7 @@ CPU5 RTE-6/VM and RTE-IV firmware option instructions - 20-Mar-12 JDB Added sign extension for dim count in "cpu_ema_resolve" + 23-Mar-12 JDB Added sign extension for dim count in "cpu_ema_resolve" 28-Dec-11 JDB Eliminated unused variable in "cpu_ema_vset" 11-Sep-08 JDB Moved microcode function prototypes to hp2100_cpu1.h 05-Sep-08 JDB Removed option-present tests (now in UIG dispatchers) @@ -798,6 +798,12 @@ return reason; 1. RTE-IV EMA and RTE-6 VMA instructions share the same address space, so a given machine can run one or the other, but not both. + 2. The EMA diagnostic (92067-16013) reports bogus MMAP failures if it is + not loaded at the start of its partition (e.g., because of a LOADR "LO" + command). The "ICMPS" map comparison check in the diagnostic assumes + that the starting page of the program's partition contains the first + instruction of the program and prints "MMAP ERROR" if it does not. + Additional references: - RTE-IVB Programmer's Reference Manual (92068-90004, Dec-1983). - RTE-IVB Technical Specifications (92068-90013, Jan-1980). @@ -813,10 +819,11 @@ static const OP_PAT op_ema[16] = { /* calculate the 32 bit EMA subscript for an array */ static t_bool cpu_ema_resolve(uint32 dtbl,uint32 atbl,uint32* sum) { -int32 sub, act, low, sz; +int32 sub, act, low, sz, ndim; uint32 MA, base; -int32 ndim = SEXT(ReadW(dtbl++)); /* # dimensions */ +ndim = ReadW(dtbl++); /* # dimensions */ +ndim = SEXT(ndim); /* sign extend */ if (ndim < 0) return FALSE; /* invalid? */ *sum = 0; /* accu for index calc */ diff --git a/sim_rev.h b/sim_rev.h index e82247d9..35abe360 100644 --- a/sim_rev.h +++ b/sim_rev.h @@ -1,6 +1,6 @@ /* sim_rev.h: simulator revisions and current rev level - Copyright (c) 1993-2011, Robert M Supnik + Copyright (c) 1993-2012, Robert M Supnik Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), @@ -38,6 +38,7 @@ patch date module(s) and fix(es) 0 xx-yyy-1 scp.c: - added *nix READLINE support (Mark Pizzolato) + - fixed "SHOW DEVICE" with only one enabled unit (Dave Bryan) - fixed handling of DO with no arguments (Dave Bryan) - clarified some help messages (Mark Pizzolato) - added "SHOW SHOW" and "SHOW SHOW" commands (Mark Pizzolato) @@ -50,7 +51,8 @@ patch date module(s) and fix(es) - major revision (Dave Hittner and Mark Pizzolato) sim_tmxr.c: - - made option negotiation more reliable (Mark Pizzolato) + - made telnet option negotiation more reliable. + VAX works with PuTTY. (Mark Pizzolato) h316_cpu.c: - fixed bugs in MPY, DIV introduced in 3.8-1 (from Theo Engel) @@ -59,8 +61,13 @@ patch date module(s) and fix(es) hp2100 all peripherals (Dave Bryan): - Changed I/O signal handlers for newly revised signal model + - Deprecated DEVNO modifier in favor of SC hp2100_cpu.c (Dave Bryan): + - Minor speedup in "is_mapped" + - Added casts to cpu_mod, dmasio, dmapio, cpu_reset, dma_reset + - Fixed I/O return status bug for DMA cycles + - Failed I/O cycles now stop on failing instruction - Revised DMA for new multi-card paradigm - Consolidated DMA reset routines - DMA channels renamed from 0,1 to 1,2 to match documentation @@ -70,8 +77,6 @@ patch date module(s) and fix(es) - Fixed DMA requests to enable stealing every cycle - Fixed DMA priority for channel 1 over channel 2 - Corrected comments for "cpu_set_idle" - - Fixed I/O return status bug for DMA cycles - - Failed I/O cycles now stop on failing instruction hp2100_cpu.h: - Changed declarations for VMS compiler @@ -79,15 +84,43 @@ patch date module(s) and fix(es) hp2100_cpu0.c (Dave Bryan): - Removed DS note regarding PIF card (is now implemented) + hp2100_cpu4.c (Dave Bryan): + - Added OPSIZE casts to fp_accum calls in .FPWR/.TPWR + + hp2100_cpu5.c (Dave Bryan): + - Added sign extension for dim count in "cpu_ema_resolve" + - Eliminated unused variable in "cpu_ema_vset" + hp2100_cpu6.c (Dave Bryan): - DMA channels renamed from 0,1 to 1,2 to match documentation + hp2100_cpu7.c (Dave Bryan): + - Corrected "opsize" parameter type in vis_abs + hp2100_defs.h (Dave Bryan): + - Added hp_setsc, hp_showsc functions to support SC modifier - DMA channels renamed from 0,1 to 1,2 to match documentation - Revised I/O signal enum values for concurrent signals - Revised I/O macros for new signal handling + - Added DA and DC device select code assignments + + hp2100_di.c (Dave Bryan): + - Implemented 12821A HP-IB Disc Interface + + hp2100_di_da.c (Dave Bryan): + - Implemented 7906H/20H/25H ICD disc drives + + hp2100_dp.c (Dave Bryan): + - Added CNTLR_TYPE cast to dp_settype hp2100_ds.c (Dave Bryan): + - Rewritten to use the MAC/ICD disc controller library + - ioIOO now notifies controller service of parameter output + - Corrected SRQ generation and FIFO under/overrun detection + - Corrected Clear command to conform to the hardware + - Fixed Request Status to return Unit Unavailable if illegal + - Seek and Cold Load Read now Seek Check if seek in progress + - Remodeled command wait for seek completion - Corrected status returns for disabled drive, auto-seek beyond drive limits, Request Sector Address and Wakeup with invalid or offline unit @@ -95,23 +128,38 @@ patch date module(s) and fix(es) Read Without Verify hp2100_fp1.c (Dave Bryan): + - Added missing precision on constant "one" in fp_trun - Completed the comments for divide; no code changes hp2100_ipl.c (Dave Bryan): - - Revised for new multi-card paradigm + - Added CARD_INDEX casts to dib.card_index - A failed STC may now be retried + - Consolidated reporting of consecutive CRS signals + - Revised for new multi-card paradigm hp2100_lps.c (Dave Bryan): - - Corrected 12566B (DIAG mode) jumper settings - Revised detection of CLC at last DMA cycle + - Corrected 12566B (DIAG mode) jumper settings + + hp2100_ms.c (Dave Bryan): + - Added CNTLR_TYPE cast to ms_settype hp2100_mt.c (Dave Bryan): - - Fixed error in command scan in mtcio ioIOO handler + - Fixed command scanning error in mtcio ioIOO handler + + hp2100_stddev.c (Dave Bryan): + - Add TBG as a logical name for the CLK device hp2100_sys.c (Dave Bryan): + - Add TBG as a logical name for the CLK device + - Added hp_setsc, hp_showsc functions to support SC modifier + - Added DA and dummy DC devices - DMA channels renamed from 0,1 to 1,2 to match documentation - Changed DIB access for revised signal model + hp_disclib.c, hp_disclib.h (Dave Bryan) + - Created MAC/ICD disc controller library + i1401_cd.c: - fixed read stacker operation in column binary mode - fixed punch stacker operation (Van Snyder)