From 6ff9c8e57caf55c80c645c9d101ec5c63fd0f9ad Mon Sep 17 00:00:00 2001 From: wfjm Date: Tue, 18 Oct 2022 09:01:17 +0200 Subject: [PATCH] tcode: add CPUERR tests; minor changes - cpu_details.mac: add section A2.* (cpuerr tests) - tcode_exec.scmd: use 3M config; set STOP_SPA to 0 --- doc/README_known_issues.md | 25 +++ rtl/w11a/tb/tb_pdp11core_stim.dat | 22 ++- tools/bin/tmuconv | 4 +- tools/tcode/cpu_details.mac | 259 +++++++++++++++++++++++++++++- tools/tcode/cpu_mmu.mac | 10 +- tools/tcode/tcode_exec.scmd | 7 +- 6 files changed, 314 insertions(+), 13 deletions(-) diff --git a/doc/README_known_issues.md b/doc/README_known_issues.md index 2c536088..b1157b0e 100644 --- a/doc/README_known_issues.md +++ b/doc/README_known_issues.md @@ -3,6 +3,31 @@ Notes - resolved issues are summarized in [resolved issues](README_resolved_issues.md) - the case id indicates the release when the issue was first recognized. +### V0.791-5 {[issue #37](https://github.com/wfjm/w11/issues/37)} -- PSW changed after MMU aborts in dstw flows + +The dstw flow updates the condition codes before the the last possible +MMU abort. Example is the ccwe = 1 in s_dstw_def. +The condition codes are therefore changed when an MMU abort happens. + +Detected in a code rewiew. +Not practical consequences because only CLR, SXT, and MOV are affected. +Only SXT depends on a condition code (N), but doesn't change this cc. +Therefore, an instruction re-execution will always give the correct result. +But clearly a BUG, the condition codes must not change in case of MMU aborts. + +### V0.791-4 {[issue #36](https://github.com/wfjm/w11/issues/36)} -- MMU trap delayed when prefetch in s_idecode + +The s_idecode prefetch logic checks only for tflag and int_pending, but not +for pending MMU traps. + +If the instruction read of a RR instruction, like ROR R0 or ADD R0,R1 causes +an MMU trap, this trap will not executed. In fact, it's not even queued, +it's lost. + +Detected in a code review. +No practical consequences, MMU traps are not used by any OS. +But clearly a BUG, such cases should trigger an MMU trap. + ### V0.50-2 {[issue #28](https://github.com/wfjm/w11/issues/28)} -- RK11: write protect action too slow Some simple RK11 drivers, especially in test codes, don't poll for completion diff --git a/rtl/w11a/tb/tb_pdp11core_stim.dat b/rtl/w11a/tb/tb_pdp11core_stim.dat index 44745d39..7561bb7f 100644 --- a/rtl/w11a/tb/tb_pdp11core_stim.dat +++ b/rtl/w11a/tb/tb_pdp11core_stim.dat @@ -1,4 +1,4 @@ -# $Id: tb_pdp11core_stim.dat 1289 2022-08-29 12:31:04Z mueller $ +# $Id: tb_pdp11core_stim.dat 1303 2022-10-17 17:55:51Z mueller $ # SPDX-License-Identifier: GPL-3.0-or-later # Copyright 2007-2022 by Walter F.J. Mueller # @@ -1314,7 +1314,6 @@ bwm 2 000000 -- PS:0 #----------------------------------------------------------------------------- C Setup code 20 [base 4700] (check CPUERR and error handling) -# !! test_w11a_cpuerr.tcl --> only partial implementation !! #[[off]] wal 004700 -- code (to be single stepped...) bwm 11 @@ -1340,6 +1339,8 @@ bwm 4 #---------- C Exec code 20 (check CPUERR and error handling) C Exec test 20.1 (odd address abort) +# now tested with cpu_details.mac:A2.2; test_w11a_cpuerr.tcl +# cres -- console reset wps 000000 -- psw: clear wal 001374 -- clean stack @@ -1365,6 +1366,8 @@ wm 000000 -- any write access will clear CPUERR rm d=000000 -- ! CPUERR: 0 #---------- C Exec test 20.2 (non-existent memory abort) +# now tested with cpu_details.mac:A2.3; test_w11a_cpuerr.tcl +# wal 172354 -- kernel I space AR(6) wm 177400 -- (map to 8 k below I/O page, never available in w11a) wal 177572 -- MMR0 @@ -1389,6 +1392,8 @@ wal 172354 -- kernel I space AR(6) wm 001400 -- 1400 140000 base (default 1-to-1 map) #---------- C Exec test 20.3 (I/O bus timeout abort) +# now tested with cpu_details.mac:A2.4; test_w11a_cpuerr.tcl +# wr5 160000 -- r5=160000 wsp 001400 -- sp=1400 wpc 004704 -- pc=4704 @@ -1420,6 +1425,8 @@ rm d=000000 -- ! CPUERR: none wm 000000 -- clear CPUERR #---------- C Exec test 20.6 (halt in user mode) +# now tested with cpu_details.mac:A2.1; test_w11a_cpuerr.tcl +# wsp 001400 -- sp=1400 (kernel) wpc 004712 -- pc=4712 wps 170000 -- psw: cmode=pmode=11 (user) @@ -1571,6 +1578,8 @@ wmi 000000 -- disable # now test stack limit logic # C Exec test 20.12 (red stack abort when pushing data to stack) +# now tested with cpu_details.mac:A2.6; test_w11a_cpuerr.tcl +# wr0 123456 -- r0=123456 wsp 000340 -- sp=340 wpc 004722 -- pc=4722 @@ -1607,6 +1616,8 @@ C Exec test 20.13 (red stack abort on 2nd word of interrupt/trap push) #wm 000000 -- clear CPUERR #---------- C Exec test 20.14 (yellow stack trap when pushing data to stack; sp=400) +# now tested with cpu_details.mac:A2.5; test_w11a_cpuerr.tcl +# wps 000017 -- psw: set all cc flags wr0 123456 -- r0=123456 wsp 000400 -- sp=400 @@ -1643,6 +1654,8 @@ wm 000000 -- clear CPUERR # now test red stack escalation # C Exec test 20.16 (red stack escalation: abort kernel stack odd; sp=1001) +# now tested with cpu_details.mac:A2.7 +# wr0 123456 -- r0=123456 wsp 001001 -- sp=1001 wpc 004722 -- pc=4722 @@ -1658,6 +1671,8 @@ rm d=000104 -- ! CPUERR: (rsv=1,adderr=1) wm 000000 -- clear CPUERR #---------- C Exec test 20.17 (red stack escalation: abort kernel stack in non-mem) +# now tested with cpu_details.mac:A2.8 +# wal 172354 -- kernel I space AR(6) wm 177400 -- (map to 8 k below I/O page, never available in w11a) wal 177572 -- MMR0 @@ -1685,6 +1700,8 @@ wal 172354 -- kernel I space AR(6) wm 001400 -- 1400 140000 base (default 1-to-1 map) #---------- C Exec test 20.18 (red stack escalation: abort kernel stack iob-to;sp=160004) +# now tested with cpu_details.mac:A2.9 +# wr0 123456 -- r0=123456 wsp 160004 -- sp=160004 wpc 004722 -- pc=4722 @@ -1700,6 +1717,7 @@ rm d=000024 -- ! CPUERR: (rsv=1,iobto=1) wm 000000 -- clear CPUERR #---------- C Exec test 20.19 (red stack escalation: abort kernel stack mmu abort;sp=020004) +# now tested with cpu_details.mac:A2.10 # wal 177572 -- MMR0 wmi 000001 -- enable diff --git a/tools/bin/tmuconv b/tools/bin/tmuconv index 2a08bd91..436090ac 100755 --- a/tools/bin/tmuconv +++ b/tools/bin/tmuconv @@ -1,5 +1,5 @@ #!/usr/bin/perl -w -# $Id: tmuconv 1283 2022-08-22 10:07:58Z mueller $ +# $Id: tmuconv 1303 2022-10-17 17:55:51Z mueller $ # SPDX-License-Identifier: GPL-3.0-or-later # Copyright 2008-2022 by Walter F.J. Mueller # @@ -1002,7 +1002,7 @@ sub print_help { print " --t_id trace instruction decodes\n"; print " --t_ru trace register updates\n"; print " --t_em trace em transactions\n"; - print " --t_vf trace onfy vector fetch em transactions\n"; + print " --t_vf trace only vector fetch em transactions\n"; print " --t_ib trace ib transactions\n"; print " --t_all trace id,ru,em, and ib transactions\n"; } diff --git a/tools/tcode/cpu_details.mac b/tools/tcode/cpu_details.mac index 62f99aae..ecf2ec44 100644 --- a/tools/tcode/cpu_details.mac +++ b/tools/tcode/cpu_details.mac @@ -1,4 +1,4 @@ -; $Id: cpu_details.mac 1264 2022-07-30 07:42:17Z mueller $ +; $Id: cpu_details.mac 1303 2022-10-17 17:55:51Z mueller $ ; SPDX-License-Identifier: GPL-3.0-or-later ; Copyright 2022- by Walter F.J. Mueller ; @@ -13,6 +13,35 @@ ; Section C: 11/70 specifics ; .include |lib/tcode_std_base.mac| + .include |lib/defs_mmu.mac| +; +; Preface: set up MMU for kernel mode (for some tests) ======================= +; + mov #kipdr,r0 + mov #<127.*md.plf>!md.arw,r1 ; plf=127; ed=0(up); acf=6(w/r) + mov r1,(r0)+ ; kipdr0 + mov r1,(r0)+ ; kipdr1 + mov r1,(r0)+ ; kipdr2 + mov r1,(r0)+ ; kipdr3 + mov r1,(r0)+ ; kipdr4 + mov r1,(r0)+ ; kipdr5 + mov r1,(r0)+ ; kipdr6 + mov r1,(r0)+ ; kipdr7 + mov #kipar,r0 + mov #000000,(r0)+ ; kipar0 000000 base + mov #000200,(r0)+ ; kipar1 020000 base + mov #000400,(r0)+ ; kipar2 040000 base + mov #000600,(r0)+ ; kipar3 060000 base + mov #001000,(r0)+ ; kipar4 100000 base + mov #001200,(r0)+ ; kipar5 120000 base + mov #001400,(r0)+ ; kipar6 140000 base + mov #177600,(r0)+ ; kipar7 (map I/O page) +; +; some useful definitions + kipdr5 = kipdr+12 + kipdr6 = kipdr+14 + kipar6 = kipar+14 + p6base = <6*20000> ; page 6 ; ; Section A: CPU registers =================================================== ; @@ -114,6 +143,218 @@ ta0101: mov #1000$,v..pir ; setup handler ; 9999$: iot ; end of test A1.1 ; +; Test A2: CPUERR +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ +; This sub-section verifies operation of CPUERR register +; +; setup for all A2.* tests + mov #cp.err,r0 ; ptr tp CPUERR + mov #vhugen,v..iit ; set iit handler + clr v..iit+2 ; pr0 kernel +; +; Test A2.1 -- CPUERR cp.hlt +++++++++++++++++++++++++++++++++++++++++ +; Test cp.hlt: halt in non-kernel mode +; +ta0201: mov #177777,(r0) ; clear CPUERR (any write should) + hcmpeq (r0),#0 ; ensure that CPUERR is zero +; + mov #4000$,r2 ; mode list (user,supervisor) + mov #2,r3 ; number of modes +; +1000$: clr r1 ; clear tracer + mov #3000$,vhustp ; continuation address + push (r2)+ ; frame: psw + push #2000$ ; frame: address + rti ; start user mode code + halt +; +2000$: inc r1 ; proof of execution + halt ; that will abort + inc r1 + tst @#001 ; that must abort +; +3000$: hcmpeq r1,#1 ; check tracer + hcmpeq (r0),#cp.hlt ; check CPUERR + mov #cp.rsv,(r0) ; clear CPUERR (any write should) + hcmpeq (r0),#0 ; check CPUERR +; + sob r3,1000$ ; go for next mode +; + br 9999$ +; +4000$: .word ; user mode + .word ; supervisor mode +; +9999$: iot ; end of test A2.1 +; +; Test A2.2 -- CPUERR cp.aer +++++++++++++++++++++++++++++++++++++++++ +; Test cp.aer: address error abort +; +ta0202: mov #1000$,vhustp ; continuation address + tst @#001 ; odd address access + halt +1000$: hcmpeq (r0),#cp.aer ; check CPUERR + clr (r0) ; clear CPUERR (any write should) + hcmpeq (r0),#0 ; check CPUERR +; +9999$: iot ; end of test A2.2 +; +; Test A2.3 -- CPUERR cp.nxm +++++++++++++++++++++++++++++++++++++++++ +; Test cp.nxm: non-existent memory abort +; Use unibus map address space (248kB) below the I/O page, the w11 +; will return a non-existent memory abort even in a maximum memory +; configuration. +; +ta0203: cmp systyp,#sy.e11 ; e11 V7.3 return wrong CPUERR value + beq 9999$ + push kipar6 ; save kipar6 + mov #177400,kipar6 + mov #m3.e22,mmr3 ; 22-bit mode + mov #m0.ena,mmr0 ; enable mmu ;! MMU 22 +; + mov #1000$,vhustp ; continuation address + tst p6base ; access non-existing memory + halt +1000$: hcmpeq (r0),#cp.nxm ; check CPUERR + com (r0) ; clear CPUERR (any write should) + hcmpeq (r0),#0 ; check CPUERR +; + reset ; disable mmu ;! MMU off + pop kipar6 ; restore kipar6 +9999$: iot ; end of test A2.3 +; +; Test A2.4 -- CPUERR cp.ito +++++++++++++++++++++++++++++++++++++++++ +; Test cp.ito: unibus timeout abort +; Use first address in I/O page (160000), always unused in w11 +; +ta0204: mov #1000$,vhustp ; continuation address + tst @#160000 ; access non-existing unibus device + halt +1000$: hcmpeq (r0),#cp.ito ; check CPUERR + clr (r0) ; clear CPUERR (any write should) + hcmpeq (r0),#0 ; check CPUERR +; +9999$: iot ; end of test A2.4 +; +; Test A2.5 -- CPUERR cp.ysv +++++++++++++++++++++++++++++++++++++++++ +; Test cp.ysv: yellow stack trap +; Since stack is still usable after the trap, the vhugen handler can be used. +; +ta0205: cmp systyp,#sy.e11 ; e11 V7.3 doesnt trap, runs on hold + beq 9999$ + mov #1000$,vhustp ; continuation address + mov #400,sp + clr -(sp) ; should trap (not abort) + halt ; not executed, handler continues at 1000$ +1000$: hcmpeq (r0),#cp.ysv ; check CPUERR + clr (r0) ; clear CPUERR (any write should) + hcmpeq (r0),#0 ; check CPUERR +; + mov #stack,sp +9999$: iot ; end of test A2.5 +; +; Test A2.6 -- CPUERR cp.rsv +++++++++++++++++++++++++++++++++++++++++ +; Test cp.rsv: red stack trap - simple low stack case +; +ta0206: cmp systyp,#sy.e11 ; e11 V7.3 doesnt abort, runs on hold + beq 9999$ + mov #1000$,v..iit ; setup direct iit handler + mov #340,sp + clr -(sp) ; should abort (not trap) + halt +1000$: mov #stack,sp ; direct iit handler + hcmpeq (r0),#cp.rsv ; check CPUERR + clr (r0) ; clear CPUERR (any write should) + hcmpeq (r0),#0 ; check CPUERR +; +9999$: iot ; end of test A2.6 +; +; Test A2.7 -- CPUERR cp.rsv+cp.aer (odd address) ++++++++++++++++++++ +; Test cp.rsv: red stack escalation after odd stack +; +ta0207: cmp systyp,#sy.e11 ; e11 V7.3 pushes to odd stack, abort after halt + beq 9999$ + mov #1000$,v..iit ; setup direct iit handler + mov #stack-1,sp + clr -(sp) ; odd-address abort, escalated to red stack + halt +1000$: mov #stack,sp ; direct iit handler + hcmpeq (r0),# ; check CPUERR + clr (r0) ; clear CPUERR (any write should) + hcmpeq (r0),#0 ; check CPUERR +; +9999$: iot ; end of test A2.7 +; +; Test A2.8 -- CPUERR cp.rsv+cp.nxm ++++++++++++++++++++++++++++++++++ +; Test cp.rsv: red stack escalation after non-existent memory abort +; Setup like in A2.3, put stack at p6base+4 +; +ta0208: cmp systyp,#sy.e11 ; e11 V7.3 pushes to bad stack, abort after halt + beq 9999$ + mov #1000$,v..iit ; setup direct iit handler + mov #177400,kipar6 + mov #m3.e22,mmr3 ; 22-bit mode + mov #m0.ena,mmr0 ; enable mmu ;! MMU 22 +; + mov #p6base+4,sp ; stack in non-existing memory + clr -(sp) ; non-existing memory, escalated to red stack + halt +1000$: mov #stack,sp ; direct iit handler + hcmpeq (r0),# ; check CPUERR + clr (r0) ; clear CPUERR (any write should) + hcmpeq (r0),#0 ; check CPUERR +; + reset ;! MMU off + mov #001400,kipar6 ; restore kipar6 +; +9999$: iot ; end of test A2.8 +; +; Test A2.9 -- CPUERR cp.rsv+cp.ito ++++++++++++++++++++++++++++++++++ +; Test cp.rsv: red stack escalation after unibus timeout +; Setup like in A2.4, put stack at 160004 +; +ta0209: cmp systyp,#sy.e11 ; e11 V7.3 pushes to bad stack, abort after halt + beq 9999$ + mov #1000$,v..iit ; setup direct iit handler + mov #160004,sp ; stack at non-existing unibus device + clr -(sp) ; non-existing memory, escalated to red stack + halt +1000$: mov #stack,sp ; direct iit handler + hcmpeq (r0),# ; check CPUERR + clr (r0) ; clear CPUERR (any write should) + hcmpeq (r0),#0 ; check CPUERR +; +9999$: iot ; end of test A2.9 +; +; Test A2.10 -- CPUERR cp.rsv+cp.aer (mmu abort) +++++++++++++++++++++ +; Test cp.rsv: red stack escalation after mmu timeout +; Set kernel I page 6 to non-resident +; +ta0210: cmp systyp,#sy.sih ; this red stack escalation fails in SimH + beq 9999$ + cmp systyp,#sy.e11 ; e11 V7.3 pushes to bad stack, does MMU 250 + beq 9999$ + mov #1000$,v..iit ; setup direct iit handler + clr kipdr6 ; set non-resident + mov #m3.e22,mmr3 ; 22-bit mode + mov #m0.ena,mmr0 ; enable mmu ;! MMU 22 +; + mov #p6base+4,sp ; stack in non-resident memory + clr -(sp) ; MMU abort, escalated to red stack + halt +1000$: mov #stack,sp ; direct iit handler + hcmpeq (r0),# ; check CPUERR + clr (r0) ; clear CPUERR (any write should) + hcmpeq (r0),#0 ; check CPUERR +; + reset ;! MMU off + mov kipdr5,kipdr6 ; restore kipdr6 (default kipdr are identical) +; +9999$: iot ; end of test A2.10 +; +; ----------------------------------------------- +; end of A2.* tests, restore iit handler + mov v..iit+2,v..iit ; restore iit handler +; ; Section B: Stress tests ==================================================== ; ; Test B1: address mode torture tests +++++++++++++++++++++++++++++++++++++++ @@ -273,8 +514,22 @@ tb0202: mov #2,r5 ; END OF ALL TESTS - loop closure ============================================ ; mov tstno,r0 ; hack, for easy monitoring ... - hcmpeq tstno,#6. ; all tests done ? + hcmpeq tstno,#16. ; all tests done ? ; jmp loop +; +; kernel handlers ============================================================ +; +; vhugen - generic handler for expected traps/abort ++++++++++++++++++++++++++ +; the kernel continution address must be written to vhustp +; execution will reset vhustp to a catcher value +; --> vhustp must be set for each execution +; +vhugen: tst (sp)+ ; discard one word of vector push + mov vhustp,(sp) ; set up kernel return address + mov #vhuhlt,vhustp ; reset stop address by catcher + rts pc ; end return to continuation address +vhustp: .word vhuhlt +vhuhlt: halt ; .end start diff --git a/tools/tcode/cpu_mmu.mac b/tools/tcode/cpu_mmu.mac index 655296af..2cb56fa9 100644 --- a/tools/tcode/cpu_mmu.mac +++ b/tools/tcode/cpu_mmu.mac @@ -1,4 +1,4 @@ -; $Id: cpu_mmu.mac 1301 2022-10-06 08:53:46Z mueller $ +; $Id: cpu_mmu.mac 1303 2022-10-17 17:55:51Z mueller $ ; SPDX-License-Identifier: GPL-3.0-or-later ; Copyright 2022- by Walter F.J. Mueller ; @@ -260,18 +260,18 @@ tb0102: mov #mmr3,r0 ; ptr to mmr3 tb0201: mov #123456,1000$ ; enable mmu in 18bit mode clr mmr3 ; no d dspace, no 22bit - mov #m0.ena,mmr0 ; enable mmu - hbitne #m0.ena,mmr0 ; test bit ;! MMU 18 + mov #m0.ena,mmr0 ; enable mmu ;! MMU 18 + hbitne #m0.ena,mmr0 ; test bit hcmpeq 1000$,#123456 ; check marker ; verify I/O page mapping in 18bit mode (007600 must be OK) mov #kipar7,r0 ; ptr to kipar7 bic #170000,(r0) ; clear to 4 bits in kipar7 - hcmpeq (r0),#007600 ; kipar7 still seen ??? + hcmpeq (r0),#007600 ; kipar7 still seen ? bis #170000,(r0) ; restore kipar7 hcmpeq (r0),#177600 ; enable mmu in 22bit mode; check that mmr3 still seen mov #m3.e22,mmr3 - hcmpeq mmr3,#m3.e22 ; test mmr3 stll seen ??? ;! MMU 22 + hcmpeq mmr3,#m3.e22 ; test mmr3 still seen ? ;! MMU 22 ; test RESET reset ; should clear mmr0 and mmr3 htsteq mmr0 ; check mmr0 cleared ;! MMU off diff --git a/tools/tcode/tcode_exec.scmd b/tools/tcode/tcode_exec.scmd index c844836b..caba448e 100644 --- a/tools/tcode/tcode_exec.scmd +++ b/tools/tcode/tcode_exec.scmd @@ -1,14 +1,16 @@ -; $Id: tcode_exec.scmd 1283 2022-08-22 10:07:58Z mueller $ +; $Id: tcode_exec.scmd 1303 2022-10-17 17:55:51Z mueller $ ; SPDX-License-Identifier: GPL-3.0-or-later ; Copyright 2022- by Walter F.J. Mueller ; ; setup w11 like processor configuration ; like ../simh/setup_w11a_max.scmd ; but only cpu, devices are all default +; and 3M memory to ensure that the is NXM gap below I/O page +; Note: a 4M memory config of a 11/70 gives memory up to I/O page (as on J11) ; set cpu 11/70 set cpu nofpp -set cpu 4m +set cpu 3m set cpu oct set cpu idle ; set sysid, leading '1' indicates simulator, next '1' SimH @@ -17,6 +19,7 @@ dep sysid 110234 ; disable simulator stop conditions, especially "read stack trap" ; dep STOP_TRAPS 0 +dep STOP_SPA 0 ; dep pc 0200 load %1.lda