From 146dc4d56af26b129a7b024bc940ab4bf5416f5a Mon Sep 17 00:00:00 2001 From: wfjm Date: Wed, 4 Jan 2023 08:46:30 +0100 Subject: [PATCH] docu and comment updates [skip ci] --- doc/simh_diff_jsr_sp.md | 55 ++++++++++++++++++++++++++++ doc/simh_diff_mmu_no_maint.md | 12 ++++++ doc/simh_diff_ser_forced_fetch.md | 18 +++++++++ doc/simh_diff_summary.md | 5 +++ doc/simh_diff_unibus_mapping.md | 20 ++++++++++ doc/w11a_diff_70_fetch_abort.md | 25 +++++++++++++ doc/w11a_diff_70_jsr_sp.md | 34 ----------------- doc/w11a_diff_70_mmu_no_maint.md | 12 ++++++ doc/w11a_diff_70_ser_forced_fetch.md | 18 +++++++++ doc/w11a_diff_70_unibus_mapping.md | 12 ++++-- doc/w11a_known_differences.md | 8 +++- tools/tcode/cpu_basics.mac | 5 +-- tools/tcode/cpu_mmu.mac | 6 +-- 13 files changed, 184 insertions(+), 46 deletions(-) create mode 100644 doc/simh_diff_jsr_sp.md create mode 100644 doc/simh_diff_mmu_no_maint.md create mode 100644 doc/simh_diff_ser_forced_fetch.md create mode 100644 doc/simh_diff_unibus_mapping.md create mode 100644 doc/w11a_diff_70_fetch_abort.md delete mode 100644 doc/w11a_diff_70_jsr_sp.md create mode 100644 doc/w11a_diff_70_mmu_no_maint.md create mode 100644 doc/w11a_diff_70_ser_forced_fetch.md diff --git a/doc/simh_diff_jsr_sp.md b/doc/simh_diff_jsr_sp.md new file mode 100644 index 00000000..8e8019ad --- /dev/null +++ b/doc/simh_diff_jsr_sp.md @@ -0,0 +1,55 @@ +## Known differences between SimH, 11/70, and w11a + +### SimH: `JSR SP` pushes modified `SP` value + +In the logic of the `JSR` instruction is the given register the +_linkage register_, meant to be used for parameter passing. +`JSR` pushes the _linkage register_ to the stack, and the matching `RTS` +will restore it. That works fine for `R0` to `R5` and for `PC`. +But in a `JSR SP` that interferes with the implicit use of `SP` +as the stack pointer, `SP` is saved on the stack which is defined by `SP`. +The question is whether the original `SP` value is saved, or the `SP` +value after it has been decremented to hold the address for the write +to stack. The specification simply says +``` + down(sp) := sp +``` +and the question is whether the side effect of the left side happens before +the right side is evaluated. + +The 11/70 implementation saves the value of the linkage register value in +an internal register in `JSR.00` before the `SP` is decremented in `JSR.20` +and write the saved valued to stack in `JSR.30`. See flow 11: +``` + JSR.00: PCA := DR ; save dst addr in PCA + SR := GS[SF] if -SF7 ; get modified source field reg to SR + SR := PCB if SF7 ; get modified source field reg to SR + JSR.10: DR := GS[6] ; get SP + BR := SR ; get modified source field reg to BR + JSR.20 DR,GR[6] := DR-2 ; step SP back for push + JSR.30 write BR to DR ; write old source field to stack + JSR.40 GR[SF] := PCB ; old PC goes to src field reg + PCB := PCA ; dst addr goes tp PC +``` + +Therefore, the 11/70 writes the original `SP` value. +SimH writes the modified `SP` +```c + srcspec = srcspec & 07; + dst = GeteaW (dstspec); + SP = (SP - 2) & 0177777; + WriteW (R[srcspec], SP | dsenable); + R[srcspec] = PC; + JMP_PC (dst & 0177777); +``` + +`JSR SP` is never used due to its bizarre behavior. The matching `RTS SP` +results in a useless `SP` too. Given that, this is considered an +acceptable deviation from 11/70 behavior. + +The w11 correctly implements the 11/70 behavior. +This is verified in a [tcode](../tools/tcode/README.md), the test is +modified when executed on SimH +(see [cpu_details](../tools/tcode/cpu_basics.mac) tests A4.4). + +Tested with SimH V3.12-3. diff --git a/doc/simh_diff_mmu_no_maint.md b/doc/simh_diff_mmu_no_maint.md new file mode 100644 index 00000000..9d168604 --- /dev/null +++ b/doc/simh_diff_mmu_no_maint.md @@ -0,0 +1,12 @@ +## Known differences between SimH, 11/70, and w11a + +### SimH: MMU maintenance mode not implemented + +The 11/70 has an MMU maintenance mode, actived with `MMR0` bit 8. +When activated, only destination mode references will be relocated. + +The SimH does not implement this feature. + +The xxdp program `ekbee1` uses this feature in test 046. +This test is modified when executed on w11 +(see [patch](../tools/xxdp/ekbee1_patch_1170.scmd)). diff --git a/doc/simh_diff_ser_forced_fetch.md b/doc/simh_diff_ser_forced_fetch.md new file mode 100644 index 00000000..90f0a1d2 --- /dev/null +++ b/doc/simh_diff_ser_forced_fetch.md @@ -0,0 +1,18 @@ +## Known differences between SimH, 11/70, and w11a + +### SimH: No unconditional instruction fetch after stack error abort + +The 11/70 suppresses the recognition of _break requests_ at the end of +a vector flow of a stack error abort. The processor manual states + +> 6.2.2.3 Timing of Stack Error Aborts +> BRQ STROBE is thus inhibited, not only during ZAP.00, but also during +> SVC.90, thus guaranteeing the execution of the first instruction of the +> error subroutine before any other error can be processed. + +The rationale behind was apparently to ensure that the handler, which +is called with `SP=0` pointing to an emergency stack, can set up a new +stack before any other condition interferes. + +SimH does not implement this behavior, nor does w11. +Beyond that, it would be very difficult to verify this extreme corner case. diff --git a/doc/simh_diff_summary.md b/doc/simh_diff_summary.md index 024a6553..f99311ad 100644 --- a/doc/simh_diff_summary.md +++ b/doc/simh_diff_summary.md @@ -13,10 +13,12 @@ ones are listed here: - instruction behavior - [SimH: `SPL` doesn't have 11/70 behavior](simh_diff_spl.md) - [SimH: State of N and Z and registers after a `DIV` abort with `V=1`](simh_diff_div_after_v1.md) + - [SimH: `JSR SP` pushes modified `SP` value](simh_diff_jsr_sp.md) - stack limit and stack error behavior - [SimH: stack limit check and addressing modes](simh_diff_stklim_amode.md) - [SimH: stack limit check and vector push aborts](simh_diff_stklim_vpush.md) - [SimH: Red stack zone PSW protection](simh_diff_red_psw.md) + - [SimH: No unconditional instruction fetch after stack error abort](simh_diff_ser_forced_fetch.md) - instruction abort handling - [SimH: condition codes are not always unchanged after an abort](simh_diff_cc_and_aborts.md) - service order and trap handling @@ -29,3 +31,6 @@ ones are listed here: - [SimH: MMU traps not suppressed when MMU register accessed](simh_diff_mmu_trap_suppression.md) - [SimH: The 'instruction completed flag' in `MMR0` is not implemented](simh_diff_instruction_complete.md) - [SimH: MMU aborts have priority over NXM aborts](simh_diff_mmu_nxm_prio.md) +- not implemented 11/70 features + - [SimH: 18-bit UNIBUS address space not mapped](simh_diff_unibus_mapping.md) + - [SimH: MMU maintenance mode not implemented](simh_diff_mmu_no_maint.md) diff --git a/doc/simh_diff_unibus_mapping.md b/doc/simh_diff_unibus_mapping.md new file mode 100644 index 00000000..74f982e2 --- /dev/null +++ b/doc/simh_diff_unibus_mapping.md @@ -0,0 +1,20 @@ +## Known differences between SimH, 11/70, and w11a + +### 18-bit UNIBUS address space not mapped into 22-bit address space + +The 11/70 maps the 18 bit UNIBUS address space into the upper part of +the 22-bit extended mode address space. With UNIBUS mapping enabled, this +allows to access via 17000000:17757777 the memory exactly as a UNIBUS +device would see it. +On an 11/70, an access to non-existing memory via the UNIBUS map will result +in a UNIBUS timeout and set the `ITO` bit `CPUERR`. + +SimH doesn't implement the UNIBUS window, in a 4 MB memory configuration +the address range 17000000:17757777 will be normal memory. + +Notes: +- The w11a doesn't implement this remapping, an access in the range + 17000000:17757777 causes an `NXM` fault and will set the `NXM` bit in `CPUERR`. +- E11 implements the UNIBUS window and from V7.4 on access to main memory + via the UNIBUS map. This can be disabled via `set cpu nouwin`. When used + with `set memory 3840` an E11 system will be behave like the w11. diff --git a/doc/w11a_diff_70_fetch_abort.md b/doc/w11a_diff_70_fetch_abort.md new file mode 100644 index 00000000..89e5ae2c --- /dev/null +++ b/doc/w11a_diff_70_fetch_abort.md @@ -0,0 +1,25 @@ +## Known differences between w11a and KB11-C (11/70) + +### `PC` is incremented before an instruction fetch abort + +The 11/70 starts an instruction fetch in `FET.00` and increments the `PC` +in `FET.10` when the fetch succeeded. The `PC` is therefore unchanged in +case of a fetch abort and points to the location of the failed opcode +fetch. + +The w11 increments the `PC` in the states that start an instruction fetch. +The `PC` is therefore incremented in case of a fetch abort and points to +the location _after_ the failed opcode fetch. + +This is not relevant to normal operation and is therefore considered an +acceptable implementation difference. An instruction re-execution after +an MMU abort relies always on `MMR2`. Only error messages that give a _"PC at +abort"_ might differ. + +SimH implements the 11/70 behavior, the `PC` is incremented after the +successful load of the instruction register. + +However, test and verification codes might be sensitive to this behavior. +A [tcode](../tools/tcode/README.md) verifies this saved `PS` and +distinguished between w11 and SimH +(see [cpu_mmu](../tools/tcode/cpu_mmu.mac) tests B4.1). diff --git a/doc/w11a_diff_70_jsr_sp.md b/doc/w11a_diff_70_jsr_sp.md deleted file mode 100644 index b314d5f7..00000000 --- a/doc/w11a_diff_70_jsr_sp.md +++ /dev/null @@ -1,34 +0,0 @@ -## Known differences between w11a and KB11-C (11/70) - -### `jsr sp` pushes original `sp` value - -In the logic of the `jsr` instruction is the given register the -_linkage register_, meant to be used for parameter passing. -`jsr` pushes the _linkage register_ to the stack, and the matching `rts` -will restore it. That works fine for `r0` to `r5` and for `pc`. -But in a `jsr sp` that interferes with the implicit use of `sp` -as the stack pointer, `sp` is saved on the stack which is defined by `sp`. -The question is whether the original `sp` value is saved, or the `sp` -value after it has been decremented to hold the address for the write -to stack. The specification simply says -``` - down(sp) := sp -``` -and the question is whether the side effect of the left side happens before -the right side is evaluated. - -The 11/70 implementation of `jsr` first decrements the `sp` in -microstate `jsr.20` and then starts a write of `sp` in `jsr.30`. -So the modified `sp` is stored. - -The w11 implement ion first reads `sp` into a register, then decrements -`sp` and writes. So the original `sp` is stored. - -EK-KB11C-TM-001_1170procMan.pdf clearly decribes the 11/70 behavior as -> JSR.10: ... and loads the DR with the contents of the general register 6. -> JSR.20: decrements SP by 2, new value is stored inb the SP and the DR for -> use in the external data transfer started on JSR.30 - -`jsr sp` is never used due to its bizarre behavior. The matching `rts sp` -results in a useless `sp` too. Given that, this is considered an -acceptable deviation from 11/70 behavior. diff --git a/doc/w11a_diff_70_mmu_no_maint.md b/doc/w11a_diff_70_mmu_no_maint.md new file mode 100644 index 00000000..80a3453d --- /dev/null +++ b/doc/w11a_diff_70_mmu_no_maint.md @@ -0,0 +1,12 @@ +## Known differences between w11a and KB11-C (11/70) + +### MMU maintenance mode not implemented + +The 11/70 has an MMU maintenance mode, actived with `MMR0` bit 8. +When activated, only destination mode references will be relocated. + +The w11 does not implement this feature. + +The xxdp program `ekbee1` uses this feature in test 046. This test is +modified when executed on w11 +(see [patch](../tools/xxdp/ekbee1_patch_w11a.tcl)). diff --git a/doc/w11a_diff_70_ser_forced_fetch.md b/doc/w11a_diff_70_ser_forced_fetch.md new file mode 100644 index 00000000..66906505 --- /dev/null +++ b/doc/w11a_diff_70_ser_forced_fetch.md @@ -0,0 +1,18 @@ +## Known differences between w11a and KB11-C (11/70) + +### No unconditional instruction fetch after stack error abort + +The 11/70 suppresses the recognition of _break requests_ at the end of +a vector flow of a stack error abort. The processor manual states + +> 6.2.2.3 Timing of Stack Error Aborts +> BRQ STROBE is thus inhibited, not only during ZAP.00, but also during +> SVC.90, thus guaranteeing the execution of the first instruction of the +> error subroutine before any other error can be processed. + +The rationale behind was apparently to ensure that the handler, which +is called with `SP=0` pointing to an emergency stack, can set up a new +stack before any other condition interferes. + +The w11 does not implement this behavior, nor does SimH. +Beyond that, it would be very difficult to verify this extreme corner case. diff --git a/doc/w11a_diff_70_unibus_mapping.md b/doc/w11a_diff_70_unibus_mapping.md index ef716085..6ac1b6f6 100644 --- a/doc/w11a_diff_70_unibus_mapping.md +++ b/doc/w11a_diff_70_unibus_mapping.md @@ -6,14 +6,18 @@ The 11/70 maps the 18 bit UNIBUS address space into the upper part of the 22-bit extended mode address space. With UNIBUS mapping enabled, this allows to access via 17000000:17757777 the memory exactly as a UNIBUS device would see it. +On an 11/70, an access to non-existing memory via the UNIBUS map will result +in a UNIBUS timeout and set the `ITO` bit `CPUERR`. The w11a doesn't implement this remapping, an access in the range -17000000:17757777 causes an NXM fault and will set the NXM bit in CPUERR. +17000000:17757777 causes an `NXM` fault and will set the `NXM` bit in `CPUERR`. + +The xxdp program `ekbee1` is sensitive to this difference in test 050. +This test is modified when executed on w11 +(see [patch](../tools/xxdp/ekbee1_patch_w11a.tcl)). Notes: -- on a 11/70 an access non-existing memory via the UNIBUS map will result - in a UNIBUS timeout and set the ITO bit CPUERR. -- SimH doesn't implement the UNIBUS window, in a 4 MB memory conficuration +- SimH doesn't implement the UNIBUS window, in a 4 MB memory configuration the address range 17000000:17757777 will be normal memory. - E11 implements the UNIBUS window and from V7.4 on access to main memory via the UNIBUS map. This can be disabled via `set cpu nouwin`. When used diff --git a/doc/w11a_known_differences.md b/doc/w11a_known_differences.md index 217cf730..b5f056f0 100644 --- a/doc/w11a_known_differences.md +++ b/doc/w11a_known_differences.md @@ -8,17 +8,21 @@ The issues of the w11 CPU and systems are listed in a separate document - instruction behavior - [Instruction fetch after `SPL`](w11a_diff_70_spl_bug.md) - [`CLR` and `SXT` do a write](w11a_diff_70_clr_sxt_write.md) - - [`jsr sp` pushes original `sp` value](w11a_diff_70_jsr_sp.md) - [State of N and Z and registers after a `DIV` abort with `V=1`](w11a_diff_70_div_after_v1.md) - stack limit and stack error behavior - [Stack limit checks done independent of register set](w11a_diff_70_stklim_rset.md) + - [No unconditional instruction fetch after stack error abort](w11a_diff_70_ser_forced_fetch.md) +- instruction abort handling + - [`PC` is incremented before an instruction fetch abort](w11a_diff_70_fetch_abort.md) - memory management behavior - [`MMR0` instruction complete implementation differences](w11a_diff_70_instruction_complete.md) - [MMU traps not suppressed when MMU register accessed](w11a_diff_70_mmu_trap_suppression.md) - [MMU aborts have priority over NXM aborts](w11a_diff_70_mmu_nxm_prio.md) - [`MMR0` abort flags are set when stack limit abort done](w11a_diff_70_mmu_stklim_prio.md) -- other differences +- not implemented 11/70 features - [18-bit UNIBUS address space not mapped](w11a_diff_70_unibus_mapping.md) + - [MMU maintenance mode not implemented](w11a_diff_70_mmu_no_maint.md) +- other differences - [Usage of 11/70 `SYSID` register](w11a_diff_70_sysid_usage.md) All points relate to very 11/70 specific behavior, no operating system diff --git a/tools/tcode/cpu_basics.mac b/tools/tcode/cpu_basics.mac index 717aa3c8..3af49c1b 100644 --- a/tools/tcode/cpu_basics.mac +++ b/tools/tcode/cpu_basics.mac @@ -1,4 +1,4 @@ -; $Id: cpu_basics.mac 1342 2023-01-02 15:18:19Z mueller $ +; $Id: cpu_basics.mac 1344 2023-01-03 15:51:21Z mueller $ ; SPDX-License-Identifier: GPL-3.0-or-later ; Copyright 2015-2023 by Walter F.J. Mueller ; @@ -982,8 +982,7 @@ ta0404: hcmpeq sp,#stack ; check stack is default hcmpeq sp,200$ ; check loaded SP mov #stack-2,sp ; restore stack to where jsr pushed it ; -; w11 saves original sp, 11/70,SimH,e11 save sp after it was decremented -; This is considered a minor deviation (jsr sp never used!) +; w11 saves original sp, like 11/70, SimH,e11 save sp after it was decremented ; mov #stack,r1 tstb systyp ; check environment diff --git a/tools/tcode/cpu_mmu.mac b/tools/tcode/cpu_mmu.mac index 47190f24..cd1f7724 100644 --- a/tools/tcode/cpu_mmu.mac +++ b/tools/tcode/cpu_mmu.mac @@ -1,4 +1,4 @@ -; $Id: cpu_mmu.mac 1339 2022-12-27 12:11:34Z mueller $ +; $Id: cpu_mmu.mac 1344 2023-01-03 15:51:21Z mueller $ ; SPDX-License-Identifier: GPL-3.0-or-later ; Copyright 2022- by Walter F.J. Mueller ; @@ -668,8 +668,8 @@ tb0302: ; Should abort with m0.anr and m0.ale for all adresses ; w11 aborts with m0.anr, but sets m0.ale only when fail above 1st click ; Test an address above the first click to have full 11/70 style response -; Note: w11 increments PC before abort (as 11/70 does) -; SimH increments PC after abort +; Note: w11 increments PC in case of an abort +; SimH does not increment PC in case of an abort (as 11/70 does) ; tb0401: clr mmr3 ; no d dspace, no 22bit mov #m0.ena,mmr0 ; enable mmu ;! MMU 18