From cb152cdd33dbbf4c9fb38675001f8af8a8b27143 Mon Sep 17 00:00:00 2001 From: wfjm Date: Fri, 26 Aug 2022 08:22:46 +0200 Subject: [PATCH] re-organize w11a_known_differences [skip ci] --- doc/w11a_diff_70_div_after_v1.md | 31 ++++++++ doc/w11a_diff_70_instruction_complete.md | 24 +++++++ doc/w11a_diff_70_red_stack_abort.md | 13 ++++ doc/w11a_diff_70_spl_bug.md | 22 ++++++ doc/w11a_diff_70_sysid_usage.md | 24 +++++++ doc/w11a_diff_70_unibus_mapping.md | 11 +++ doc/w11a_known_differences.md | 91 ++++-------------------- 7 files changed, 138 insertions(+), 78 deletions(-) create mode 100644 doc/w11a_diff_70_div_after_v1.md create mode 100644 doc/w11a_diff_70_instruction_complete.md create mode 100644 doc/w11a_diff_70_red_stack_abort.md create mode 100644 doc/w11a_diff_70_spl_bug.md create mode 100644 doc/w11a_diff_70_sysid_usage.md create mode 100644 doc/w11a_diff_70_unibus_mapping.md diff --git a/doc/w11a_diff_70_div_after_v1.md b/doc/w11a_diff_70_div_after_v1.md new file mode 100644 index 00000000..9f57b55c --- /dev/null +++ b/doc/w11a_diff_70_div_after_v1.md @@ -0,0 +1,31 @@ +## Differences in unspecified behavior between w11a and KB11-C (11/70) + +### State of N and Z and registers after a `DIV` abort with `V=1` + +The state of the N and Z condition codes is specified as unspecified for +the `DIV` instruction when V=1 is set after a zero divide or an overflow +condition. +See [1979 processor handbook](http://www.bitsavers.org/pdf/dec/pdp11/handbooks/PDP11_Handbook1979.pdf) on page 75. + +After a `DIV` overflow, the w11 returns Z=0 and N based on the sign of the +full 32-bit result, as can be easily determined by xor'ing of the sign +bits of dividend and divisor. +This is also the most natural result, an overflow is certainly +not zero, and the sign is unambiguously determined by the inputs. + +The SimH simulator also behaves like this. A real J11 and a real 11/70 +can have N=0 even when dividend and divisor have opposite signs. And a +real 11/70 can have Z=1. Bottom line is, that the w11 differs from the +behavior of both the real 11/70 and the real J11 behavior. + +The state of the result registers is also unspecified after a DIV with V=1. +SimH and a real J11 never modify a register when V=1 is set. A real 11/70 +and the w11 do, but under different conditions, and leave different values +in the registers. + +For gory details consult the [divtst](../tools/tests/divtst/README.md) code +and the log files for different systems in the +[data](../tools/tests/divtst/data/README.md) directory. + +No software should depend on the unspecified behavior of the CPU, therefore +this is considered as the acceptable implementation difference. diff --git a/doc/w11a_diff_70_instruction_complete.md b/doc/w11a_diff_70_instruction_complete.md new file mode 100644 index 00000000..d8423f0a --- /dev/null +++ b/doc/w11a_diff_70_instruction_complete.md @@ -0,0 +1,24 @@ +## Known differences between w11a and KB11-C (11/70) + +### The 'instruction completed flag' in `MMR0` is not implemented + +All PDP-11 processors with a fully functional MMU (11/45, 11/70, 11/44, and J11) +support the re-execution of an instruction after an MMU abort. +`MMR2` holds the virtual address of aborted instruction and `MMR1` holds +information about register changes. This can be used by a handler to roll back +the register changes and restart the instruction. This can be used to +implement demand paging or dynamic extension of stack segments. + +The 11/70 and 11/45 are the only PDP-11 processors that also support the +recovery of an MMU abort of a stack push during trap or interrupt processing. +To distinguish between an instruction and a trap processing abort the +`MMR1` has a bit called `instruction completed`. It is will be set to 0 +whenever an instruction is aborted and is 1 after a trap service flow is +aborted. The `MMR2` contains the vector address in the latter case. + +Only the 11/70 and the 11/45 support this. No OS uses this. +And it's very difficult to construct a practical use case. + +The w11a doesn't support the 'instruction completed' bit in `MMR1`. It is +always 0. And `MMR2` holds always the virtual address of the last instruction. + diff --git a/doc/w11a_diff_70_red_stack_abort.md b/doc/w11a_diff_70_red_stack_abort.md new file mode 100644 index 00000000..ec8724a1 --- /dev/null +++ b/doc/w11a_diff_70_red_stack_abort.md @@ -0,0 +1,13 @@ +## Known differences between w11a and KB11-C (11/70) + +### A 'red stack violation' loses PSW, a 0 is pushed onto the stack + +The 11/70, together with the 11/45, has the most elaborate stack protection +system of all PDP-11 models. A stack push via kernel stack is aborted when the +stack pointer is in the 'red zone' 16 words below the stack limit. +An emergency stack is set up, `SP` is set to 4, and PSW and PC are stored. + +The w11a loses the PSW, a 0 is pushed. + +'red stack aborts' are never recovered, all OS treat them as fatal errors. +This difference is therefore considered an acceptable implementation difference. diff --git a/doc/w11a_diff_70_spl_bug.md b/doc/w11a_diff_70_spl_bug.md new file mode 100644 index 00000000..24533555 --- /dev/null +++ b/doc/w11a_diff_70_spl_bug.md @@ -0,0 +1,22 @@ +## Known differences between w11a and KB11-C (11/70) + +### Instruction fetch after `SPL` + +The `SPL` instruction in the 11/70 always fetched the next instruction +regardless of current mode, pending device, or even console interrupts. +This is known as the infamous _SPL bug_, see + - https://minnie.tuhs.org/pipermail/tuhs/2006-September/002692.html + - https://minnie.tuhs.org/pipermail/tuhs/2006-October/002693.html + - https://minnie.tuhs.org/pipermail/tuhs/2006-October/002694.html + - https://minnie.tuhs.org/pipermail/tuhs/2006-October/002695.html + - https://minnie.tuhs.org/pipermail/tuhs/2006-October/002701.html + - https://minnie.tuhs.org/pipermail/tuhs/2006-October/002695.html + - https://minnie.tuhs.org/pipermail/tuhs/2006-October/002702.html + +In the w11a, the `SPL` has 11/70 semantics in kernel mode, thus no +traps or interrupts, the instruction after the `SPL` is unconditionally +executed. +But in supervisor and user mode `SPL` really acts as `NOOP`, so traps and +interrupts are taken as for all other instructions. + +**--> The w11a isn't bug compatible with the 11/70.** diff --git a/doc/w11a_diff_70_sysid_usage.md b/doc/w11a_diff_70_sysid_usage.md new file mode 100644 index 00000000..3baf0097 --- /dev/null +++ b/doc/w11a_diff_70_sysid_usage.md @@ -0,0 +1,24 @@ +## Other differences between w11a and KB11-C (11/70) + +### Usage of 11/70 `SYSID` register + +In real 11/70's, the `SYSID` register contained an individual serial number. +The content of this register may be printed in some reports, but it certainly +has no effect on the logic of the code running on the system. + +The w11 project uses the `SYSID` to encode the execution environment. +This allows distinguishing between operation on a real w11 and operation +in a software emulation under SimH or e11. +It can be used on test and verification codes to reconcile implementation +differences. + + Usage of the w11 `SYSID` register +- the SYSID is divided into fields + - bit 15: emulator flag (0=w11,1=emulator) + - bit 14:12: type, encodes w11 or emulator type + - bit 11:09: cpu number on 11/74 systems + - bit 8:0: serial number +- current assignments are + - w11a: 010123 + - SimH: 110234 + - e11: 120345 diff --git a/doc/w11a_diff_70_unibus_mapping.md b/doc/w11a_diff_70_unibus_mapping.md new file mode 100644 index 00000000..0c0bdfc7 --- /dev/null +++ b/doc/w11a_diff_70_unibus_mapping.md @@ -0,0 +1,11 @@ +## Known differences between w11a and KB11-C (11/70) + +### 18-bit UNIBUS address space not mapped into 22-bit address space + +The 11/70 maps the 18 bit UNIBUS address space into the upper part of +the 22-bit extended mode address space. With UNIBUS mapping enabled, this +allows to access via 17000000:17757777 the memory exactly as a UNIBUS +device would see it. + +The w11a doesn't implement this remapping, an access in the range +17000000:17757777 causes an NXM fault. diff --git a/doc/w11a_known_differences.md b/doc/w11a_known_differences.md index 33bf19b6..ebaa1e5f 100644 --- a/doc/w11a_known_differences.md +++ b/doc/w11a_known_differences.md @@ -1,75 +1,27 @@ # Summary of known differences and limitations for w11a CPU and systems -This file describes the differences and limitations of the w11 CPU and systems. +This file lists the differences and limitations of the w11 CPU and systems. The issues of the w11 CPU and systems are listed in a separate document [README_known_issues.md](README_known_issues.md). -### Table of content +### Known differences between w11a and KB11-C (11/70) +- [Instruction fetch after `SPL`](w11a_diff_70_spl_bug.md) +- ['red stack violation' loses PSW](w11a_diff_70_red_stack_abort.md) +- ['instruction completed flag' in `MMR0` is not implemented](w11a_diff_70_instruction_complete.md) +- [18-bit UNIBUS address space not mapped](w11a_diff_70_unibus_mapping.md) -- [Known differences between w11a and KB11-C (11/70)](#user-content-diff) -- [Differences in unspecified behavior cases between w11a and - KB11-C (11/70)](#user-content-unspec) -- [Known limitations](#user-content-lim) -- [Other differences](#user-content-other) - -### Known differences between w11a and KB11-C (11/70) - -- the `SPL` instruction in the 11/70 always fetched the next instruction - regardless of pending device or even console interrupts. This is known - as the infamous _spl bug_, see - - https://minnie.tuhs.org/pipermail/tuhs/2006-September/002692.html - - https://minnie.tuhs.org/pipermail/tuhs/2006-October/002693.html - - https://minnie.tuhs.org/pipermail/tuhs/2006-October/002694.html - - https://minnie.tuhs.org/pipermail/tuhs/2006-October/002695.html - - https://minnie.tuhs.org/pipermail/tuhs/2006-October/002701.html - - https://minnie.tuhs.org/pipermail/tuhs/2006-October/002695.html - - https://minnie.tuhs.org/pipermail/tuhs/2006-October/002702.html - - In the w11a the `SPL` has 11/70 semantics in kernel mode, thus no - traps or interrupts, but in supervisor and user mode `SPL` really acts as - `NOOP`, so traps and interrupts are taken as for all other instructions. - **--> The w11a isn't bug compatible with the 11/70.** -- A 'red stack violation' loses PSW, a 0 is pushed onto the stack. -- The 'instruction complete flag' in `MMR0` is not implemented, it is - permanently '0', `MMR2` will not record vector addresses in case of a - vector fetch fault. Recovery of vector fetch faults is therefore not - possible, but only 11/45 and 11/70 supported this, no OS used that, and - it's even unclear whether it can be practically used. -- the 11/70 maps the 18 bit UNIBUS address space into the upper part of - the 22bit extended mode address space. With UNIBUS mapping enabled, this - allowed to access via 17000000:17757777 the memory exactly as a UNIBUS - device would see it. The w11a doesn't implement this remapping, an access - in the range 17000000:17757777 causes an NXM fault. - -All four points relate to very 11/70 specific behavior, no operating system +All points relate to very 11/70 specific behavior, no operating system depends on them, therefore they are considered acceptable implementation differences. -### Differences in unspecified behavior cases between w11a and KB11-C (11/70) +### Differences in unspecified behavior between w11a and KB11-C (11/70) +- [State of N and Z and registers after a `DIV` abort with `V=1`](w11a_diff_70_div_after_v1.md) -- The state of the N and Z condition codes is different after a DIV overflow. - The [1979 processor handbook](http://www.bitsavers.org/pdf/dec/pdp11/handbooks/PDP11_Handbook1979.pdf) - states on page 75 that the state of the N and Z condition codes is unspecified - when V=1 is set after a zero divide or an overflow condition. - After a DIV overflow, the w11 returns Z=0 and N based on the sign of the - full 32-bit result, as can be easily determined by xor'ing of the sign - bits of dividend and divisor. - This is also the most natural result, an overflow is certainly - not zero, and the sign is unambiguously determined by the inputs. - The SimH simulator also behaves like this. A real J11 and a real 11/70 - can have N=0 even when dividend and divisor have opposite signs. And a - real 11/70 can have Z=1. Bottom line is, that the w11 differs from the - behavior of both the real 11/70 and the real J11 behavior. -- the state of the result registers is also unspecified after a DIV with V=1. - SimH and a real J11 never modify a register when V=1 is set. A real 11/70 - and the w11 do, but under different conditions, and leave different values - in the registers. -- for gory details consult the [divtst](../tools/tests/divtst/README.md) code - and the log files for different systems in the - [data](../tools/tests/divtst/data/README.md) directory. +No software should depend on the unspecified behavior of the CPU, therefore +this is considered as an acceptable implementation difference. -No software should depend on unspecified behavior of the CPU, therefore -this is considered as acceptable implementation difference. +### Other differences between w11a and KB11-C (11/70) +- [Usage of 11/70 `SYSID` register](w11a_diff_70_sysid_usage.md) ### Known limitations @@ -83,20 +35,3 @@ this is considered as acceptable implementation difference. to a timeout, again mostly in test programs. **--> a 'watch dog' mechanism will be added in a future version which suspends the CPU when the server doesn't respond fast enough.** - - -### Other differences - -- usage of 11/70 SYSID register - - in real 11/70's sysid held the individual serial number - - in the w11 project sysid encodes the execution environment - - this allows to distinguish between real w11 and emulation under SimH or e11 - - the SYSID is divided in fields - - bit 15: emulator flag (0=w11,1=emulator) - - bit 14:12: type, encodes w11 or emulator type - - bit 11:09: cpu number on 11/74 systems - - bit 8:0: serial number - - current assignments are - - w11a: 010123 - - SimH: 110234 - - e11: 120345