docu and comment updates [skip ci]

2026-03-06 03:29:14 +00:00 · 2023-01-04 08:46:30 +01:00
parent 6831d1cda5
commit 146dc4d56a
13 changed files with 184 additions and 46 deletions
--- a/doc/simh_diff_jsr_sp.md
+++ b/doc/simh_diff_jsr_sp.md
@@ -0,0 +1,55 @@
+## Known differences between SimH, 11/70, and w11a
+
+### SimH: `JSR SP` pushes modified `SP` value
+
+In the logic of the `JSR` instruction is the given register the
+_linkage register_, meant to be used for parameter passing.
+`JSR` pushes the _linkage register_ to the stack, and the matching `RTS`
+will restore it. That works fine for `R0` to `R5` and for `PC`.
+But in a `JSR SP` that interferes with the implicit use of `SP`
+as the stack pointer, `SP` is saved on the stack which is defined by `SP`.
+The question is whether the original `SP` value is saved, or the `SP`
+value after it has been decremented to hold the address for the write
+to stack. The specification simply says
+```
+  down(sp) := sp
+```
+and the question is whether the side effect of the left side happens before
+the right side is evaluated.
+
+The 11/70 implementation saves the value of the linkage register value in
+an internal register in `JSR.00` before the `SP` is decremented in `JSR.20`
+and write the saved valued to stack in `JSR.30`. See flow 11:
+```
+  JSR.00:   PCA := DR               ; save dst addr in PCA
+            SR  := GS[SF] if -SF7   ; get modified source field reg to SR
+            SR  := PCB    if  SF7   ; get modified source field reg to SR
+  JSR.10:   DR  := GS[6]            ; get SP
+            BR  := SR               ; get modified source field reg to BR
+  JSR.20    DR,GR[6] := DR-2        ; step SP back for push
+  JSR.30    write BR to DR          ; write old source field to stack
+  JSR.40    GR[SF] := PCB           ; old PC goes to src field reg
+            PCB := PCA              ; dst addr goes tp PC
+```
+
+Therefore, the 11/70 writes the original `SP` value.
+SimH writes the modified `SP`
+```c
+  srcspec = srcspec & 07;
+  dst = GeteaW (dstspec);
+  SP = (SP - 2) & 0177777;
+  WriteW (R[srcspec], SP | dsenable);
+  R[srcspec] = PC;
+  JMP_PC (dst & 0177777);
+```
+
+`JSR SP` is never used due to its bizarre behavior. The matching `RTS SP`
+results in a useless `SP` too. Given that, this is considered an
+acceptable deviation from 11/70 behavior.
+
+The w11 correctly implements the 11/70 behavior.
+This is verified in a [tcode](../tools/tcode/README.md), the test is
+modified when executed on SimH
+(see [cpu_details](../tools/tcode/cpu_basics.mac) tests A4.4).
+
+Tested with SimH V3.12-3.
--- a/doc/simh_diff_mmu_no_maint.md
+++ b/doc/simh_diff_mmu_no_maint.md
@@ -0,0 +1,12 @@
+## Known differences between SimH, 11/70, and w11a
+
+### SimH: MMU maintenance mode not implemented
+
+The 11/70 has an MMU maintenance mode, actived with `MMR0` bit 8.
+When activated, only destination mode references will be relocated.
+
+The SimH does not implement this feature.
+
+The xxdp program `ekbee1` uses this feature in test 046.
+This test is modified when executed on w11
+(see [patch](../tools/xxdp/ekbee1_patch_1170.scmd)).
--- a/doc/simh_diff_ser_forced_fetch.md
+++ b/doc/simh_diff_ser_forced_fetch.md
@@ -0,0 +1,18 @@
+## Known differences between SimH, 11/70, and w11a
+
+### SimH: No unconditional instruction fetch after stack error abort
+
+The 11/70 suppresses the recognition of _break requests_ at the end of
+a vector flow of a stack error abort. The processor manual states
+
+> 6.2.2.3 Timing of Stack Error Aborts  
+> BRQ STROBE is thus inhibited, not only during ZAP.00, but also during  
+> SVC.90, thus guaranteeing the execution of the first instruction of the  
+> error subroutine before any other error can be processed.
+
+The rationale behind was apparently to ensure that the handler, which
+is called with `SP=0` pointing to an emergency stack, can set up a new
+stack before any other condition interferes.
+
+SimH does not implement this behavior, nor does w11.
+Beyond that, it would be very difficult to verify this extreme corner case.
--- a/doc/simh_diff_summary.md
+++ b/doc/simh_diff_summary.md
@@ -13,10 +13,12 @@ ones are listed here:
 - instruction behavior
  - [SimH: `SPL` doesn't have 11/70 behavior](simh_diff_spl.md)
  - [SimH: State of N and Z and registers after a `DIV` abort with `V=1`](simh_diff_div_after_v1.md)
+  - [SimH: `JSR SP` pushes modified `SP` value](simh_diff_jsr_sp.md)
 - stack limit and stack error behavior
  - [SimH: stack limit check and addressing modes](simh_diff_stklim_amode.md)
  - [SimH: stack limit check and vector push aborts](simh_diff_stklim_vpush.md)
  - [SimH: Red stack zone PSW protection](simh_diff_red_psw.md)
+  - [SimH: No unconditional instruction fetch after stack error abort](simh_diff_ser_forced_fetch.md)
 - instruction abort handling
  - [SimH: condition codes are not always unchanged after an abort](simh_diff_cc_and_aborts.md)
 - service order and trap handling
@@ -29,3 +31,6 @@ ones are listed here:
  - [SimH: MMU traps not suppressed when MMU register accessed](simh_diff_mmu_trap_suppression.md)
  - [SimH: The 'instruction completed flag' in `MMR0` is not implemented](simh_diff_instruction_complete.md)
  - [SimH: MMU aborts have priority over NXM aborts](simh_diff_mmu_nxm_prio.md)
+- not implemented 11/70 features
+  - [SimH: 18-bit UNIBUS address space not mapped](simh_diff_unibus_mapping.md)
+  - [SimH: MMU maintenance mode not implemented](simh_diff_mmu_no_maint.md)
--- a/doc/simh_diff_unibus_mapping.md
+++ b/doc/simh_diff_unibus_mapping.md
@@ -0,0 +1,20 @@
+## Known differences between SimH, 11/70, and w11a
+
+### 18-bit UNIBUS address space not mapped into 22-bit address space
+
+The 11/70 maps the 18 bit UNIBUS address space into the upper part of
+the 22-bit extended mode address space. With UNIBUS mapping enabled, this
+allows to access via 17000000:17757777 the memory exactly as a UNIBUS
+device would see it.
+On an 11/70, an access to non-existing memory via the UNIBUS map will result
+in a UNIBUS timeout and set the `ITO` bit `CPUERR`.
+
+SimH doesn't implement the UNIBUS window, in a 4 MB memory configuration
+the address range 17000000:17757777 will be normal memory.
+
+Notes:
+- The w11a doesn't implement this remapping, an access in the range
+  17000000:17757777 causes an `NXM` fault and will set the `NXM` bit in `CPUERR`.
+- E11 implements the UNIBUS window and from V7.4 on access to main memory
+  via the UNIBUS map. This can be disabled via `set cpu nouwin`. When used
+  with `set memory 3840` an E11 system will be behave like the w11.
--- a/doc/w11a_diff_70_fetch_abort.md
+++ b/doc/w11a_diff_70_fetch_abort.md
@@ -0,0 +1,25 @@
+## Known differences between w11a and KB11-C (11/70)
+
+### `PC` is incremented before an instruction fetch abort
+
+The 11/70 starts an instruction fetch in `FET.00` and increments the `PC`
+in `FET.10` when the fetch succeeded. The `PC` is therefore unchanged in
+case of a fetch abort and points to the location of the failed opcode
+fetch.
+
+The w11 increments the `PC` in the states that start an instruction fetch.
+The `PC` is therefore incremented in case of a fetch abort and points to
+the location _after_ the failed opcode fetch.
+
+This is not relevant to normal operation and is therefore considered an
+acceptable implementation difference. An instruction re-execution after
+an MMU abort relies always on `MMR2`. Only error messages that give a _"PC at
+abort"_ might differ.
+
+SimH implements the 11/70 behavior, the `PC` is incremented after the
+successful load of the instruction register.
+
+However, test and verification codes might be sensitive to this behavior.
+A [tcode](../tools/tcode/README.md) verifies this saved `PS` and
+distinguished between w11 and SimH
+(see [cpu_mmu](../tools/tcode/cpu_mmu.mac) tests B4.1).
--- a/doc/w11a_diff_70_jsr_sp.md
+++ b/doc/w11a_diff_70_jsr_sp.md
@@ -1,34 +0,0 @@
-## Known differences between w11a and KB11-C (11/70)
-
-### `jsr sp` pushes original `sp` value
-
-In the logic of the `jsr` instruction is the given register the
-_linkage register_, meant to be used for parameter passing.
-`jsr` pushes the _linkage register_ to the stack, and the matching `rts`
-will restore it. That works fine for `r0` to `r5` and for `pc`.
-But in a `jsr sp` that interferes with the implicit use of `sp`
-as the stack pointer, `sp` is saved on the stack which is defined by `sp`.
-The question is whether the original `sp` value is saved, or the `sp`
-value after it has been decremented to hold the address for the write
-to stack. The specification simply says
-```
-  down(sp) := sp
-```
-and the question is whether the side effect of the left side happens before
-the right side is evaluated.
-
-The 11/70 implementation of `jsr` first decrements the `sp` in
-microstate `jsr.20` and then starts a write of `sp` in `jsr.30`.
-So the modified `sp` is stored.
-
-The w11 implement ion first reads `sp` into a register, then decrements
-`sp` and writes. So the original `sp` is stored.
-
-EK-KB11C-TM-001_1170procMan.pdf clearly decribes the 11/70 behavior as
->  JSR.10: ... and loads the DR with the contents of the general register 6.  
->  JSR.20: decrements SP by 2, new value is stored inb the SP and the DR for  
->  use in the external data transfer started on JSR.30
-
-`jsr sp` is never used due to its bizarre behavior. The matching `rts sp`
-results in a useless `sp` too. Given that, this is considered an
-acceptable deviation from 11/70 behavior.
--- a/doc/w11a_diff_70_mmu_no_maint.md
+++ b/doc/w11a_diff_70_mmu_no_maint.md
@@ -0,0 +1,12 @@
+## Known differences between w11a and KB11-C (11/70)
+
+### MMU maintenance mode not implemented
+
+The 11/70 has an MMU maintenance mode, actived with `MMR0` bit 8.
+When activated, only destination mode references will be relocated.
+
+The w11 does not implement this feature.
+
+The xxdp program `ekbee1` uses this feature in test 046. This test is
+modified when executed on w11
+(see [patch](../tools/xxdp/ekbee1_patch_w11a.tcl)).
--- a/doc/w11a_diff_70_ser_forced_fetch.md
+++ b/doc/w11a_diff_70_ser_forced_fetch.md
@@ -0,0 +1,18 @@
+## Known differences between w11a and KB11-C (11/70)
+
+### No unconditional instruction fetch after stack error abort
+
+The 11/70 suppresses the recognition of _break requests_ at the end of
+a vector flow of a stack error abort. The processor manual states
+
+> 6.2.2.3 Timing of Stack Error Aborts  
+> BRQ STROBE is thus inhibited, not only during ZAP.00, but also during  
+> SVC.90, thus guaranteeing the execution of the first instruction of the  
+> error subroutine before any other error can be processed.
+
+The rationale behind was apparently to ensure that the handler, which
+is called with `SP=0` pointing to an emergency stack, can set up a new
+stack before any other condition interferes.
+
+The w11 does not implement this behavior, nor does SimH.
+Beyond that, it would be very difficult to verify this extreme corner case.
--- a/doc/w11a_diff_70_unibus_mapping.md
+++ b/doc/w11a_diff_70_unibus_mapping.md
@@ -6,14 +6,18 @@ The 11/70 maps the 18 bit UNIBUS address space into the upper part of
 the 22-bit extended mode address space. With UNIBUS mapping enabled, this
 allows to access via 17000000:17757777 the memory exactly as a UNIBUS
 device would see it.
+On an 11/70, an access to non-existing memory via the UNIBUS map will result
+in a UNIBUS timeout and set the `ITO` bit `CPUERR`.

 The w11a doesn't implement this remapping, an access in the range
-17000000:17757777 causes an NXM fault and will set the NXM bit in CPUERR.
+17000000:17757777 causes an `NXM` fault and will set the `NXM` bit in `CPUERR`.
+
+The xxdp program `ekbee1` is sensitive to this difference  in test 050.
+This test is modified when executed on w11
+(see [patch](../tools/xxdp/ekbee1_patch_w11a.tcl)).

 Notes:
- on a 11/70 an access non-existing memory via the UNIBUS map will result
-  in a UNIBUS timeout and set the ITO bit CPUERR.
- SimH doesn't implement the UNIBUS window, in a 4 MB memory conficuration
+- SimH doesn't implement the UNIBUS window, in a 4 MB memory configuration
  the address range 17000000:17757777 will be normal memory.
 - E11 implements the UNIBUS window and from V7.4 on access to main memory
  via the UNIBUS map. This can be disabled via `set cpu nouwin`. When used
--- a/doc/w11a_known_differences.md
+++ b/doc/w11a_known_differences.md
@@ -8,17 +8,21 @@ The issues of the w11 CPU and systems are listed in a separate document
 - instruction behavior
  - [Instruction fetch after `SPL`](w11a_diff_70_spl_bug.md)
  - [`CLR` and `SXT` do a write](w11a_diff_70_clr_sxt_write.md)
-  - [`jsr sp` pushes original `sp` value](w11a_diff_70_jsr_sp.md)
  - [State of N and Z and registers after a `DIV` abort with `V=1`](w11a_diff_70_div_after_v1.md)
 - stack limit and stack error behavior
  - [Stack limit checks done independent of register set](w11a_diff_70_stklim_rset.md)
+  - [No unconditional instruction fetch after stack error abort](w11a_diff_70_ser_forced_fetch.md)
+- instruction abort handling
+  - [`PC` is incremented before an instruction fetch abort](w11a_diff_70_fetch_abort.md)
 - memory management behavior
  - [`MMR0` instruction complete implementation differences](w11a_diff_70_instruction_complete.md)
  - [MMU traps not suppressed when MMU register accessed](w11a_diff_70_mmu_trap_suppression.md)
  - [MMU aborts have priority over NXM aborts](w11a_diff_70_mmu_nxm_prio.md)
  - [`MMR0` abort flags are set when stack limit abort done](w11a_diff_70_mmu_stklim_prio.md)
- other differences
+- not implemented 11/70 features
  - [18-bit UNIBUS address space not mapped](w11a_diff_70_unibus_mapping.md)
+  - [MMU maintenance mode not implemented](w11a_diff_70_mmu_no_maint.md)
+- other differences
  - [Usage of 11/70 `SYSID` register](w11a_diff_70_sysid_usage.md)

 All points relate to very 11/70 specific behavior, no operating system
--- a/tools/tcode/cpu_basics.mac
+++ b/tools/tcode/cpu_basics.mac
@@ -1,4 +1,4 @@
-; $Id: cpu_basics.mac 1342 2023-01-02 15:18:19Z mueller $
+; $Id: cpu_basics.mac 1344 2023-01-03 15:51:21Z mueller $
 ; SPDX-License-Identifier: GPL-3.0-or-later
 ; Copyright 2015-2023 by Walter F.J. Mueller <W.F.J.Mueller@gsi.de>
 ;
@@ -982,8 +982,7 @@ ta0404: hcmpeq  sp,#stack       ; check stack is default
        hcmpeq  sp,200$         ; check loaded SP
        mov     #stack-2,sp     ; restore stack to where jsr pushed it
 ;
-; w11 saves original sp, 11/70,SimH,e11 save sp after it was decremented
-; This is considered a minor deviation (jsr sp never used!)
+; w11 saves original sp, like 11/70, SimH,e11 save sp after it was decremented
 ;
        mov     #stack,r1
        tstb    systyp          ; check environment
--- a/tools/tcode/cpu_mmu.mac
+++ b/tools/tcode/cpu_mmu.mac
@@ -1,4 +1,4 @@
-; $Id: cpu_mmu.mac 1339 2022-12-27 12:11:34Z mueller $
+; $Id: cpu_mmu.mac 1344 2023-01-03 15:51:21Z mueller $
 ; SPDX-License-Identifier: GPL-3.0-or-later
 ; Copyright 2022- by Walter F.J. Mueller <W.F.J.Mueller@gsi.de>
 ;
@@ -668,8 +668,8 @@ tb0302:
 ;    Should abort with m0.anr and m0.ale for all adresses
 ;    w11 aborts with m0.anr, but sets m0.ale only when fail above 1st click
 ;    Test an address above the first click to have full 11/70 style response
-;    Note: w11 increments PC before abort (as 11/70 does)
-;          SimH increments PC after abort
+;    Note: w11 increments PC in case of an abort
+;          SimH does not increment PC in case of an abort (as 11/70 does)
 ;
 tb0401: clr     mmr3            ; no d dspace, no 22bit
        mov     #m0.ena,mmr0    ; enable mmu                    ;! MMU 18