index2.html

<!DOCTYPE html>
<html lang="en">
<head>
    <meta charset="utf-8">
    <title>fritzm.github.io</title>
    <meta name="description" content="">
    <meta name="author" content="Fritz Mueller">
    <meta name="viewport" content="width=device-width, initial-scale=1.0">

    <!-- Le HTML5 shim, for IE6-8 support of HTML elements -->
    <!--[if lt IE 9]>
    <script src="https://fritzm.github.io/theme/html5.js"></script>
    <![endif]-->

    <!-- Le styles -->
    <link href="https://fritzm.github.io/theme/bootstrap.min.css" rel="stylesheet">
    <link href="https://fritzm.github.io/theme/bootstrap.min.responsive.css" rel="stylesheet">
    <link href="https://fritzm.github.io/theme/local.css" rel="stylesheet">
    <link href="https://fritzm.github.io/theme/pygments.css" rel="stylesheet">

    <!-- Photoswipe -->
    <link rel="stylesheet" href="https://fritzm.github.io/theme/photoswipe.css">
    <link rel="stylesheet" href="https://fritzm.github.io/theme/default-skin/default-skin.css">
    <script src="https://fritzm.github.io/theme/photoswipe.min.js"></script>
    <script src="https://fritzm.github.io/theme/photoswipe-ui-default.min.js"></script>
    <script src="https://fritzm.github.io/galleries.js"></script>
    <script type="text/javascript">
        var pswipe = function(gname, index) {
            var pswpElement = document.querySelectorAll('.pswp')[0];
            var items = galleries[gname];
            var options = { index: index };
            var gallery = new PhotoSwipe(pswpElement, PhotoSwipeUI_Default, items, options);
            gallery.init();
        };
    </script>

    <!-- So Firefox can bookmark->"abo this site" -->
        <link href="https://fritzm.github.io/feeds/all.rss.xml" rel="alternate" title="fritzm.github.io" type="application/rss+xml">

</head>

<body>

<div class="navbar">
    <div class="navbar-inner">
    <div class="container">

         <a class="btn btn-navbar" data-toggle="collapse" data-target=".nav-collapse">
             <span class="icon-bar"></span>
             <span class="icon-bar"></span>
             <span class="icon-bar"></span>
         </a>

        <a class="brand" href="https://fritzm.github.io">fritzm.github.io</a>

        <div class="nav-collapse">
        <ul class="nav">
            
        </ul>
        </div>
        
    </div>
    </div>
</div>

<div class="container">
    <div class="content">
    <div class="row">

        <div class="span9">
        

        

<div class='article'>
    <div class="content-title">
        <a href="https://fritzm.github.io/dl11-bodge.html"><h1>PDP-11/45: Reversing a vintage DL11 hack</h1></a>
Fri 27 November 2020

by <a class="url fn" href="https://fritzm.github.io/author/fritz-mueller.html">Fritz Mueller</a>
 


 
    </div>
    
    <div><p>I recently had need to assess and repair several DL11 serial interfaces in my stock of spares. One of these
had had some sort of end-user hack applied; in the course of putting the board back to factory condition, I
did some analysis of the hack and its intended purpose, documented here.</p>
<p><img src='/images/pdp11/dl11-user-hack_thumbnail_tall.jpg' title='DL11 with end-user hack' onclick='pswipe("pdp11",85);'/>
<img src='/images/pdp11/dl11-hack-front_thumbnail_tall.png' title='DL11 user hack front' onclick='pswipe("pdp11",86);'/>
<img src='/images/pdp11/dl11-hack-back_thumbnail_tall.png' title='DL11 user hack back' onclick='pswipe("pdp11",87);'/></p>
<p>Easy enough to beep this out and reverse to a schematic:</p>
<p><img style="display:block; margin-left:auto; margin-right:auto" src="/images/pdp11/dl11-hack-schem.png" 
title="Schematic of DL11 hack"/></p>
<p>So, the hack appears to dynamically alter the CSR address and interrupt vector of the card, choosing between
two hard-wired presets, based on whether P1A/P1B are connected together or not.</p>
<p>The CSR jumpers on a stock DL11 operate with pull-ups upstream of the address decode logic, so these can be
directly driven by the hack so long as the jumpers for the bits-to-be-hacked are left open on the board.  The
vector address bits, however, must be driven by the DL11 onto to the Unibus contingent on an appropriate
global enable. On a stock DL11, drivers for <em>all</em> configurable vector bits are activated by a single global
enable, and jumpers downstream of the drivers control which of these activated bits will be admitted to bus.
So, for the vector address part of the hack to function, hack control must be asserted instead of the global
enable for each of the to-be-driven bits, and the corresponding jumpers for these bits must be left in.  And
indeed, upon inspection of the DL11 there are trace cuts that have been done (marked here with "X") to lift
the global enable and allow individual hack control of each of the affected bits:</p>
<p><img style="display:block; margin-left:auto; margin-right:auto" src="/images/pdp11/dl11-hack-cuts.png" 
title="Trace cuts for DL11 hack"/></p>
<p></br></p>
<p>Last, we can look at the board jumpering and the wiring of the hack to determine the specific CSR and
vector addresses at play:</p>
<style>
.bitlist { border-collapse: collapse; margin-left: auto; margin-right: auto; margin-bottom: 2ex; }
.bitlist caption { font-weight: bold; }
.bitlist .hacked { font-weight: bold; }
.bitlist tr:nth-child(even) :not(th) { background-color: #f2f2f2; }
.bitlist td:nth-child(3n+2) { border-left-color: #000000; }
.bitlist td:nth-child(3n+1) { border-right-color: #000000; }
.bitlist th, .bitlist td { padding: 5px; }
.bitlist td { border: 1px solid lightgray; font-family: Menlo,Consolas,monospace; }
.bitlist tr:first-child td { border-top-color: #000000; }
.bitlist tr:last-child td { border-bottom-color: #000000; }
</style>

<table class="bitlist">
<thead><tr>
    <th></th>
    <th>A11</th><th>A10</th><th>A9</th>
    <th>A8</th><th>A7</th><th>A6</th>
    <th>A5</th><th>A4</th><th>A3</th>
    <th>A2</th><th>A1</th><th>A0</th>
    <th></th>
</tr></thead>
<tbody><tr>
    <th>P1 Open</th>
    <td>1</td>
    <td>1</td>
    <td class="hacked">0</td>
    <td>1</td>
    <td>0</td>
    <td>1</td>
    <td class="hacked">0</td>
    <td class="hacked">0</td>
    <td class="hacked">1</td>
    <td>0</td>
    <td>0</td>
    <td>0</td>
    <th>776510</th>
</tr><tr>
    <th>P1 Closed</th>
    <td>1</td>
    <td>1</td>
    <td class="hacked">1</td>
    <td>1</td>
    <td>0</td>
    <td>1</td>
    <td class="hacked">1</td>
    <td class="hacked">1</td>
    <td class="hacked">0</td>
    <td>0</td>
    <td>0</td>
    <td>0</td>
    <th>777560</th>
</tr></tbody>
</table>

<table class="bitlist">
<thead><tr>
    <th></th>
    <th>V8</th><th>V7</th><th>V6</th>
    <th>V5</th><th>V4</th><th>V3</th>
    <th>V2</th><th>V1</th><th>V0</th>
    <th></th>
</tr></thead>
<tbody><tr>
    <th>P1 Open</th>
    <td>0</td>
    <td class="hacked">1</td>
    <td class="hacked">1</td>
    <td class="hacked">0</td>
    <td class="hacked">0</td>
    <td class="hacked">1</td>
    <td>0</td>
    <td>0</td>
    <td>0</td>
    <th>310</th>
</tr><tr>
    <th>P1 Closed</th>
    <td>0</td>
    <td class="hacked">0</td>
    <td class="hacked">0</td>
    <td class="hacked">1</td>
    <td class="hacked">1</td>
    <td class="hacked">0</td>
    <td>0</td>
    <td>0</td>
    <td>0</td>
    <th>060</th>
</tr></tbody>
</table>

<p><br/></p>
<p>We see from these specific addresses that closing the contacts of P1 would dynamically re-jumper the board
from assignment as the 2nd non-console interface to assignment as the console interface.  So perhaps this was
once used (in conjunction with another similarly hacked interface?) to swap console terminals with the flip of
a single switch.</p></div>
    <hr />
</div>
    

        

<div class='article'>
    <div class="content-title">
        <a href="https://fritzm.github.io/fp11-again.html"><h1>PDP-11/45: Some more floating point trouble</h1></a>
Sat 21 November 2020

by <a class="url fn" href="https://fritzm.github.io/author/fritz-mueller.html">Fritz Mueller</a>
 


 
    </div>
    
    <div><p><em>[A catch-up article, documenting events of April/May 2020]</em></p>
<p>In late April, I offered to give a video demonstration of the '11/45 to some interested work colleagues. Since
I hadn't had it on in a while, I fired it up to make sure everything was still in working order. The machine
behaved well from the front panel and was able to boot both V6 Unix and RSTS V06C. Great! Typed a very simple
demo program in to RSTS (print a multiplication table) and that ran, but produced some very strange results.
Uh oh... </p>
<p>Asked RSTS to <code>PRINT PI</code>, and it spat out a value somewhere around 3.7... :-)</p>
<p>So, time to try the floating point MAINDECS...  Sure enough, failures all over the place, starting with the
very first diagnostic in the floating point suite, CFPAB0. This diagnostic covers utility operations like
LDFPS/STFPS, SETI/SETL, SETF/SETD, etc.</p>
<p>I do not have listings for the diagnostics in this suite, but it is usually simple enough to reproduce
failures with short toggle-in programs given the names and descriptions of the failing diagnostics. In this
case, the following simple code to exercise an LDFPS/STFPS sequence from the front panel switches and lights
showed that bits 10 and 11 of the floating point status/control word would come back erroneously toggled:</p>
<table class="highlighttable"><tr><td class="linenos"><div class="linenodiv"><pre>1
2
3
4
5</pre></div></td><td class="code"><div class="highlight"><pre><span></span><span class="nt">001000</span>  <span class="nt">170137</span>  <span class="nt">START</span><span class="o">:</span>  <span class="nt">LDFPS</span>   <span class="o">@</span><span class="p">#</span><span class="nn">177570</span>        <span class="o">;</span><span class="nt">LOAD</span> <span class="nt">FPS</span> <span class="nt">FROM</span> <span class="nt">SWITCH</span> <span class="nt">REGISTER</span>
        <span class="nt">177570</span>
<span class="nt">001004</span>  <span class="nt">170237</span>          <span class="nt">STFPS</span>   <span class="o">@</span><span class="p">#</span><span class="nn">177570</span>        <span class="o">;</span><span class="nt">AND</span> <span class="nt">STORE</span> <span class="nt">BACK</span> <span class="nt">TO</span> <span class="nt">DISPLAY</span> <span class="nt">REGISTER</span>
        <span class="nt">177570</span>
<span class="nt">001010</span>  <span class="nt">000773</span>          <span class="nt">BR</span>      <span class="nt">START</span>           <span class="o">;</span><span class="nt">REPEAT</span>
</pre></div>
</td></tr></table>

<p>First things first, check power to the FPU and its clock; these look fine.  Next, plug the KM11 into the
floating point slot and check the FPU microcode sequences while executing LDFPS and STFPS instructions.
These also look fine:</p>
<ul>
<li>
<p>For <code>LDFPS @#177570</code> I see <code>RDY.00</code>, <code>RDY.10</code>, <code>RDY.20</code>, <code>RDY.30</code>, <code>RDY.70</code>, <code>LD.50</code></p>
</li>
<li>
<p>For <code>STFPS @#177570</code> I see <code>RDY.00</code>, <code>RDY.10</code>, <code>RDY.20</code>, <code>RDY.30</code>, <code>RDY.80</code>, <code>STR.30</code>, <code>STR.08</code></p>
</li>
</ul>
<p>Most of the data paths of interest regarding the FPS register are on the fraction low (FRL) board, so this
goes out on extenders so the microcode can be stepped and gate-level logic inspected with a logic probe.</p>
<p>Here is the block diagram of data paths in the FPU, for reference in discussion below:</p>
<p><img style="display:block; margin-left:auto; margin-right:auto" src="/images/pdp11/fp11-data-paths.png" 
title="FP11-B data paths"/>
<p style="text-align: center;"><em>FP11-B data paths</em></p></p>
<p>So, one thing to note with regard to the FPS register is that it is gated through the ACMX multiplexer and
written into scratch pad register AC7[0] during microcode state <code>RDY.00</code> which is the first state in the
common prolog of every FPU instruction:</p>
<p><img style="display:block; margin-left:auto; margin-right:auto" src="/images/pdp11/fp11-ucode-prolog.png" 
title="FP11-B microcode prolog" width="200px"/>
<p style="text-align: center;"><em>FP11-B microcode prolog</em></p></p>
<p>Stopping in state <code>RDY.00</code> and examining the ACMX inputs, selects, and outputs for bits 10 and 11 immediately
reveals a problem.  These bits of ACMX are implemented by a 74153 dual 4-input mux, E71 on sheet FRLB of the
FP11-B engineering drawings:</p>
<p><img style="display:block; margin-left:auto; margin-right:auto" src="/images/pdp11/fp11-acmx-e71.png" 
title="FP11-B ACMX &gt;11:10&lt;" width="400px"/>
<p style="text-align: center;"><em>FP11-B ACMX &lt;11:10&gt;</em></p></p>
<p>Inputs from the FPS register on pins 6 and 10 appear correct, as do the selector signals on pins 14 and 2.
But outputs on pins 7 and 9 appear to be inverted.  So E71 appears bad.  Pulled this, socketed, and replaced.
After this fix, LDFPS/STFPS function correctly in the toggle-in test program, and MAINDEC CFPAB0 passes.</p>
<p>Not out of the woods yet, though...  Progressing down the sequence of MAINDECS, diagnostic CFPDC0
(add/subtract) now fails :-(  For this, we bring back the simple "add two floats" diagnostic used during
previous FP11 debug:</p>
<table class="highlighttable"><tr><td class="linenos"><div class="linenodiv"><pre> 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17</pre></div></td><td class="code"><div class="highlight"><pre><span></span>        <span class="nt">000000</span>                          <span class="nt">AC0</span><span class="o">=%</span><span class="nt">0</span>
        <span class="nt">000001</span>                          <span class="nt">AC1</span><span class="o">=%</span><span class="nt">1</span>
<span class="nt">000000</span>                                  <span class="p">.</span><span class="nc">ASECT</span>
        <span class="nt">001000</span>                          <span class="o">.=</span><span class="nt">1000</span>
<span class="nt">001000</span>  <span class="nt">170011</span>                  <span class="nt">START</span><span class="o">:</span>  <span class="nt">SETD</span>                <span class="o">;</span><span class="nt">SET</span> <span class="nt">DOUBLE</span> <span class="nt">PRECISION</span> <span class="nt">MODE</span>
<span class="nt">001002</span>  <span class="nt">172467</span>  <span class="nt">000014</span>                  <span class="nt">LDD</span>     <span class="nt">D1</span><span class="o">,</span><span class="nt">AC0</span>      <span class="o">;</span><span class="nt">FETCH</span> <span class="nt">FIRST</span> <span class="nt">ADDEND</span> <span class="nt">FROM</span> <span class="nt">D1</span>
<span class="nt">001006</span>  <span class="nt">172567</span>  <span class="nt">000020</span>                  <span class="nt">LDD</span>     <span class="nt">D2</span><span class="o">,</span><span class="nt">AC1</span>      <span class="o">;</span><span class="nt">FETCH</span> <span class="nt">SECOND</span> <span class="nt">ADDEND</span> <span class="nt">FROM</span> <span class="nt">D2</span>
<span class="nt">001012</span>  <span class="nt">172100</span>                          <span class="nt">ADDD</span>    <span class="nt">AC0</span><span class="o">,</span><span class="nt">AC1</span>     <span class="o">;</span><span class="nt">ADD</span> <span class="nt">THEM</span> <span class="o">(</span><span class="nt">RESULT</span> <span class="nt">IN</span> <span class="nt">AC1</span><span class="o">)</span>
<span class="nt">001014</span>  <span class="nt">174167</span>  <span class="nt">000022</span>                  <span class="nt">STD</span>     <span class="nt">AC1</span><span class="o">,</span><span class="nt">D3</span>      <span class="o">;</span><span class="nt">STORE</span> <span class="nt">RESULT</span> <span class="nt">TO</span> <span class="nt">D3</span>
<span class="nt">001020</span>  <span class="nt">000000</span>                          <span class="nt">HALT</span>
<span class="nt">001022</span>  <span class="nt">040200</span>  <span class="nt">000000</span>  <span class="nt">000000</span>  <span class="nt">D1</span><span class="o">:</span>     <span class="p">.</span><span class="nc">WORD</span>   <span class="nt">040000</span><span class="o">,</span><span class="nt">000000</span><span class="o">,</span><span class="nt">000000</span><span class="o">,</span><span class="nt">000000</span> <span class="o">;</span><span class="nt">0</span><span class="p">.</span><span class="nc">5</span>
<span class="nt">001030</span>  <span class="nt">000000</span>
<span class="nt">001032</span>  <span class="nt">040200</span>  <span class="nt">000000</span>  <span class="nt">000000</span>  <span class="nt">D2</span><span class="o">:</span>     <span class="p">.</span><span class="nc">WORD</span>   <span class="nt">040000</span><span class="o">,</span><span class="nt">000000</span><span class="o">,</span><span class="nt">000000</span><span class="o">,</span><span class="nt">000000</span> <span class="o">;</span><span class="nt">0</span><span class="p">.</span><span class="nc">5</span>
<span class="nt">001040</span>  <span class="nt">000000</span>
<span class="nt">001042</span>  <span class="nt">000000</span>  <span class="nt">000000</span>  <span class="nt">000000</span>  <span class="nt">D3</span><span class="o">:</span>     <span class="p">.</span><span class="nc">WORD</span>   <span class="nt">000000</span><span class="o">,</span><span class="nt">000000</span><span class="o">,</span><span class="nt">000000</span><span class="o">,</span><span class="nt">000000</span>
<span class="nt">001050</span>  <span class="nt">000000</span>
        <span class="nt">001000</span>                          <span class="p">.</span><span class="nc">END</span>    <span class="nt">START</span>
</pre></div>
</td></tr></table>

<p>Sure enough, this is producing incorrect results.  The microcode flows for add/subtract/compare are a bit more
involved than the simple load/store sequences above.  The sequence starts with common prolog <code>RDY.00</code>,
<code>RDY.10</code>, <code>RDY.20</code>, <code>RDY.30</code>, same as above.  The first fork after <code>RDY.30</code> goes to <code>RDY.60</code>, since
add/subtract/compare are "no memory class" instructions (FP accumulator register operands only).  The second
fork after <code>RDY.60</code> takes us to <code>ADD.00</code> on sheet FP11 FLOWS 8.</p>
<p>The left side if FLOWS 8 is a decision tree for zero operands and/or whether or not we are executing a compare
instruction.  Traversal of these states sets up fraction and exponent operands and, if necessary, a comparison
of operand exponents in the EALU.  In our case (addition of two double-precision non-zero operands), the
sequence is: <code>ADD.00</code>, <code>ADD.04</code>, <code>ADD.06</code>, <code>ADD.02</code>, <code>ADD.08</code>, <code>ADD.12</code>.</p>
<p>We then end up at state <code>ADD.22</code> at the top of the right side of FLOWS 8.  The previously set up exponent
difference is used to index into a 256x4 "range ROM"; output bits from this ROM inform the subsequent
microcode fork which determines which operand shift, if any, to apply before the upcoming fraction ALU
operation.</p>
<p><img style="display:block; margin-left:auto; margin-right:auto" src="/images/pdp11/fp11-exp-compare.png" 
title="FP11-B Exponent Comparison Flow"/></p>
<p>Here a problem is evident.  We should fork to <code>ADD.24</code>, for equal exponents, but instead we end up add
<code>ADD.30</code>, for destination exponent less than source exponent.  Putting the FXP board out on the extender and
pausing in this state, the operands and operation codes on the EALU bit-slices appear to be correct, but
signal FRMH ALU CIN L is erroneously asserted at E34 pin 7 (sheet FXPA).  This extra carry (borrow, really,
since the operation is a subtract) into the least significant bit-slice causes the EALU output to be -1
instead of 0.</p>
<p>Moving back to the source of this signal on the FRM board, it turns out that FRM E20, a 74H40 dual quad-input
NAND, is outputting an invalid logic level at pin 8.  Pulled this, socketed, replaced, and the problem appears
to be fixed.</p>
<p><img style="display:block; margin-left:auto; margin-right:auto" src="/images/pdp11/FRM-E20.png" 
title="FP11-B FRMH ALU CIN L"/></p>
<p>After this second repair, the full suite of FP11-B diagnostics is passing again.  And RSTS/E has a much less
fanciful interpretation of <code>PI</code>...</p></div>
    <hr />
</div>
    

        

<div class='article'>
    <div class="content-title">
        <a href="https://fritzm.github.io/unix-v6-trouble-2.html"><h1>PDP-11/45: V6 Unix Troubleshooting, Part II</h1></a>
Sun 25 October 2020

by <a class="url fn" href="https://fritzm.github.io/author/fritz-mueller.html">Fritz Mueller</a>
 


 
    </div>
    
    <div><p><em>[A catch-up article, documenting discoveries of Feb 2019]</em></p>
<p>In early 2019, I made a V6 Unix pack from the Ken Wellsch tape image, as mentioned in <a href="https://fritzm.github.io/unix-and-ms11.html">this blog
entry</a>.  It booted on my machine, but dumped core on the first <code>ls</code> in single-user
mode, or as soon as I did any heavy lifting in multi-user mode.</p>
<p>The following is the conclusion of a chronology of the troubleshooting campaign that took place over the next
month and a half, culminating in a hardware fix and successful operation of V6 Unix on the machine (part I is
<a href="https://fritzm.github.io/unix-v6-trouble-1.html">here</a>.)  This was largely a collaborative effort between Noel Chiappa an
myself via direct email correspondence, though some help was received from others via the cctalk mailing list
as well.</p>
<p>By this point, the nature of the <code>ls</code> problem had been fairly well characterized: part of the <code>ls</code> process
address space ended up holding an incorrect portion of its program text; subsequently, when execution jumped
to some of these unexpected bits, an out-of-bounds memory access would occur triggering a memory management
trap.  Efforts now focus on understanding how and why the bad bits got there...</p>
<h3>February 7</h3>
<p>[Here and below, block-quoted content is excerpted from email correspondence.]</p>
<p>Fritz:</p>
<blockquote>
<p>Noel, is it possible for you deduce where Unix <em>should</em> be placing these  "bad" bits (from file offset octal
4220)? Maybe a comparison of addresses where the bits should be, with addresses where the "bad" copy ends
up, could point us at some particular failure modes to check in the KT11, CPU, or RK11...</p>
</blockquote>
<p>Noel:</p>
<blockquote>
<p>Yes, it's quite simple: just add the virtual address in the code to the physical address of the bottom of
the text segment (given in UISA0). The VA is actually 04200, though: the 04220 includes 020 to hold the
a.out header at the start of the command file.</p>
<p>So, with UISA0 containing 01614, that gives us PA:161400 + 04200 = PA:165600, I think. And it wound up at
PA:171600 - off by 04000 (higher) - which is obviously an interesting number.</p>
</blockquote>
<hr>
<blockquote>
<p>Here's where it gets 'interesting'.</p>
<p>Executing a command with pure text on V6 is a very complicated process. The shells fork()s a copy of itself,
and does an exec() system call to overlay the entire memory in the new process with a copy of the command
(which sounds fairly simple, at a high level) - but the code path to do the exec() with a pure text is
incredibly hairy, in detail. In particular, for a variety of reasons, the memory of the process can get
swapped in and out several times during that. I apparently used to understand how this all worked, see this
message:</p>
<p><a href="https://minnie.tuhs.org/pipermail/tuhs/2018-February/014299.html">https://minnie.tuhs.org/pipermail/tuhs/2018-February/014299.html</a></p>
<p>but it's so complicated it's going to take a while to really comprehend it again. (The little grey cells are
aging too, sigh...)</p>
<p>The interesting point is that when V6 first copies the text in from the file holding the command (using
readi(), Lions 6221 for anyone who's masochistic enough to try and actually follow this :-), it reads it in
starting from the bottom, one disk block at a time (since in V6, files are not stored contiguously).</p>
<p>So, if it starts from the bottom, and copies the wrong thing from low in the file <em>up</em> to VA:010200, when it
later gets to VA:010200 in the file contents, that <em>should</em> over-write the stuff that got put there in the
wrong place <em>earlier</em>. Unless there's <em>another</em> problem which causes that later write to <em>also</em> go somewhere
wrong...</p>
<p>So, I'm not sure when this trashage is happening, but because of the above, my <em>guess</em> is that it's in one
of the two swap operations on the text (out, and then back in). (Although it might be interesting to look at
PA:165600 and see what's actually <em>there</em>.) Unix does swapping of pure texts in a single, multi-block
transfer (although not always as an integral number of blocks, as we found out the hard way with the QSIC
:-).</p>
<p>So my suspicions have now switched back to the RK11... One way to proceed would be to stop the system after
the pure text is first read in (say around Lions 4465), and look to see what the text looks like in main
memory at <em>that</em> point. (This will require looking at KT11 registers to see where it's holding the text
segment, first.)</p>
<p>If that all looks good, we'll have to figure out how to stop the system after the pure text is read back in
(which does not happen in exec(), it's done by the normal system operation to swap in the text and data of a
process which is ready to run).</p>
<p>We could also stop the system after the text is swapped out, and key in a short (~ a dozen words) program to
read the text back in from the swap device, and examine it - although we'd have to grub around in the system
a bit to figure out where it got written to. (It might be just easier to stop it at, say, Lions 5196 and
look at the arguments on the kernel stack.)</p>
</blockquote>
<p>Fritz:</p>
<blockquote>
<blockquote>
<p>...it might be interesting to look at PA:165600 and see what's actually <em>there</em></p>
</blockquote>
<p>A sea of zeros, as it turns out.</p>
</blockquote>
<hr>
<blockquote>
<blockquote>
<p>The most valuable thing ... would be to look at the text segment, after it's read in and before it's
swapped out. I can work out where to put a halt, if you want to try that.</p>
</blockquote>
<p>Yes, this sounds like a good plan to me!  Is this as simple as dropping a HALT at VA:0 in the text? </p>
</blockquote>
<p>Noel:</p>
<blockquote>
<p>No; actually, probably easier! :-) Probably easiest is to, just before you type 'ls', put a HALT in the OS
just after 4467 in Lions. Halt the machine momentarily, patch the kernel, and CONT. (Basically the same as
your patch to the trap vector, just a different address.) That'll be at 021320 (should contain 062706),
physical or virtual. :-)</p>
<p>When the system halts, you'll need to look at the text in memory. Two ways to find the location: look on the
kernel stack, the address should be the second thing down:</p>
<div class="highlight"><pre><span></span>mov 16(r3),-(sp)
add $20,(sp)
mov (r4),-(sp)
jsr pc,*$_swap
</pre></div>


<p>(i.e. the thing that 020 got added to). Probably easier, though, is just to look in UISA0 (which at this
point is pointing to the block of memory that's been allocated to read the text into, Lions 4459-60).</p>
<p>That number in UISA0, T, will be the click address of the text. So PA:T00 should be the start of the text
(170011 010600, etc). So then PA:(T00+010200) should be the trashed chunk of text: 110024 010400 000167
000016 010500 etc (right) or 016162 004767 000224 000414 016700 (wrong).</p>
</blockquote>
<h3>February 8</h3>
<p>Noel:</p>
<blockquote>
<p>In addition to the info I already sent about how to [set the breakpoint], if you could note down the top 3
words on the kernel stack, and the contents of the RK registers, those would be really useful; the first
will allow us to work out what <em>should</em> be in the RK registers after the swap I/O operation completes - I
don't think the RK11 will be asked to do anything after that finishes and before the system hits that halt
in xalloc().</p>
<p>To find the kernel stack.... read out KISA6, S. This value will point to the 'user' area of that process,
plus the kernel stack. The kernel SP should be something like 01417xx; subtract 140000 (the segment number),
and add what's left to S00.  Alternatively, you can probably use the rotating switch on the front panel to
just look up VA:1417xx (whatever's in R6) directly.</p>
<p>Oh, if you need some bed-time reading to put you to sleep, check out the bottom section ("exec() and
pure-text images") in:</p>
<p><a href="http://gunkies.org/wiki/Unix_V6_internals">http://gunkies.org/wiki/Unix_V6_internals</a></p>
<p>which will explain what's going on here with the swapping in and out, which is sorta complicated.</p>
</blockquote>
<h3>February 9</h3>
<p>Noel:</p>
<blockquote>
<blockquote>
<p>just halt the machine after the text is swapped in</p>
</blockquote>
<p>The code we need is at Lions 2034, where the pure text of a process is swapped in (and this should only be
traversed once; I don't think the system will need to swap in the text of the shell); just put a HALT in (in
the usual manner, just before trying 'ls') at 015406, which should contain a 062706 (again).</p>
<p>At that point, since the text size is 010400, and the location of the text in physical memory is 0161400,
the BAR <em>should</em> contain 0172000. If not, and it's 0232000 (note that the 0200000 bit will be in the CSR,
the lower XM bit) instead, Bazinga!, it's nailed (unless the system somehow snuck another RK operation in
there, but I don't see anything that could do that).</p>
</blockquote>
<p>I finally get some time back in front of the machine, after a few days in bed with a cold:</p>
<blockquote>
<blockquote>
<p>...put a HALT in the OS just after 4467 in Lions. Halt the machine momentarily, patch the kernel, and CONT.
(Basically the same as your patch to the trap vector, just a different address.) That'll be at 021320
(should contain 062706)...</p>
</blockquote>
<p>But alas, it does not.  [PA:021320] = 010246.  Furthermore, [PA:015406] = 016504.</p>
</blockquote>
<hr>
<blockquote>
<p>I just tried under SIMH, also, and got consistent results:</p>
<div class="highlight"><pre><span></span>[PA:015406] = 016504
[PA:021320] = 010246
</pre></div>


<p>...so, one would think, my rkunix and yours are different?</p>
</blockquote>
<p>Noel:</p>
<blockquote>
<p>That must be it. I thought we were both working from the V6 distribution? Oh, yours prints out that Western
Electric copyright notice, I don't think mine has that...</p>
</blockquote>
<h3>February 10</h3>
<p>The first part of the day is spent sorting out and comparing the "Wellsch" V6 distribution that I have been
using, and the "Ritchie" version that Noel has been using.  Noel comes to the conclusion that the only
differences in the kernel sources are in fact the four <code>printfs</code> for the copyright notice, but this is enough
to perturb the locations of various symbols of interest between the two kernels.  He also finds the binaries
<code>ls</code>, <code>cc</code>, <code>as</code>, <code>as2</code>, <code>ld</code> <code>c0</code>, <code>c1</code>, and <code>c2</code> all match; as do liba.a, libc.a and crt0.o.</p>
<p>Getting back on the trail of the bug:</p>
<blockquote>
<p>So the first place I'd like to try HALTing is just after the call to swap, Lions 4467; at that point, the
text should be in main memory, and also just written to disk. Should be at 021320 (old contents should be
062706).</p>
<p>Fun things to do here: look at the text in main memory (0161400 and up), see if it's correct at this point.
Also: pull the arguments off the top of the stack, and write a small program to read it back in...</p>
</blockquote>
<p>This turns out to be one last typo ("rkunix" vs. "rrkunix" on Noel's part) resulting in incorrect symbol
addresses for my kernel, but I'm hip to Noel's curveballs now so:</p>
<blockquote>
<p>Okay, using today's newly acquired 'db' skillz :-), in my rkunix, that spot is at PA:21420.  Firing up the
machine again and trying that now...</p>
</blockquote>
<p>It works; I end up stopped at the breakpoint and start extracting data:</p>
<blockquote>
<p>Hmmm:</p>
<div class="highlight"><pre><span></span><span class="n">PA</span><span class="o">:</span><span class="mi">161400</span><span class="o">:</span> <span class="mi">141644</span> <span class="mi">141660</span> <span class="mi">000000</span> <span class="mi">000000</span> <span class="mi">000000</span> <span class="mi">000000</span> <span class="mi">000000</span> <span class="mi">000000</span>
<span class="n">PA</span><span class="o">:</span><span class="mi">161420</span><span class="o">:</span> <span class="mi">000000</span> <span class="mi">000000</span> <span class="mi">000000</span> <span class="mi">000000</span> <span class="mi">000000</span> <span class="mi">000000</span> <span class="mi">000000</span> <span class="mi">000000</span>
</pre></div>


</blockquote>
<p>Noel:</p>
<blockquote>
<p>The text is probably at a different location in PA at this point. Read out UISA0 for its base.</p>
</blockquote>
<p>Fritz:</p>
<blockquote>
<div class="highlight"><pre><span></span><span class="n">UISA0</span><span class="o">:</span> <span class="mi">001654</span>

<span class="n">PA</span><span class="o">:</span><span class="mi">165400</span><span class="o">:</span> <span class="mi">170011</span> <span class="mi">010600</span> <span class="mi">011046</span> <span class="mi">005720</span> <span class="mi">010066</span> <span class="mi">000002</span> <span class="mi">004767</span> <span class="mi">000010</span>

<span class="n">KSP</span><span class="o">:</span> <span class="mi">141656</span> <span class="o">-&gt;</span> <span class="n">PA</span><span class="o">:</span><span class="mi">165256</span>

<span class="n">PA</span><span class="o">:</span><span class="mi">165256</span><span class="o">:</span> <span class="mi">007656</span> <span class="mi">001654</span> <span class="mi">000104</span> <span class="mi">000000</span> <span class="mi">101602</span> <span class="mi">066312</span> <span class="mi">000000</span> <span class="mi">141726</span>
<span class="n">PA</span><span class="o">:</span><span class="mi">175600</span><span class="o">:</span> <span class="mi">110024</span> <span class="mi">010400</span> <span class="mi">000167</span> <span class="mi">000016</span> <span class="mi">010500</span> <span class="mi">010605</span> <span class="mi">101446</span> <span class="mi">010346</span>
</pre></div>


<p>So far so good -- both beginning and eventually-bogus sections of text check out at this point!</p>
</blockquote>
<p>Noel:</p>
<blockquote>
<p>Woo-Hoo!!!! YEAH!!!!</p>
<p>So that part of the text <em>is</em> right at this point.</p>
<p>Needless to say, this is <em>very</em>, very important data.</p>
<p>So chances are very strong, at this point, that it's the RK11.</p>
<p>What did you want to do next? You could start with the RK11 registers. Also, use PDP11GUI to read the copy
off the swap device, once I decipher the stack?</p>
</blockquote>
<hr>
<blockquote>
<div class="highlight"><pre><span></span><span class="n">PA</span><span class="o">:</span><span class="mi">165256</span><span class="o">:</span> <span class="mi">007656</span> <span class="mi">001654</span> <span class="mi">000104</span> <span class="mi">000000</span> <span class="mi">101602</span> <span class="mi">066312</span> <span class="mi">000000</span> <span class="mi">141726</span>
</pre></div>


<p>OK, so the 01654 is the start address in PA (in clicks) for the area to swap out, and that matches UISA0.
0104 is the text length (also in clicks), and that also matches. The 0 is a flag which says it's a write
(read is 01). And the 07656 is the block number (4014.).</p>
</blockquote>
<p>Fritz:</p>
<blockquote>
<p>I should have a valid swap on the disk from before I shut down... Going to fire up PDP11GUI and grab it now
to have a look. We want blocks 4014-4022, then? (9 x 512-byte blocks = 0110 clicks if I got that right?)</p>
</blockquote>
<p>Noel:</p>
<blockquote>
<p>4014.-4023., I think...</p>
<blockquote>
<p>(9 x 512-byte blocks = 0110 clicks if I got that right?)</p>
</blockquote>
<p>I think 8-1/2 or so; text is 010400 bytes (a little less, actually, but that's what the system is using),
01000 bytes/block, = 010.4 blocks.</p>
</blockquote>
<p>Fritz:</p>
<p>Hmm, the beginning looks good, but it seems to cut off to soon:</p>
<blockquote>
<div class="highlight"><pre><span></span>0000000    000000  000000  000000  000000  000000  000000  000000  000000
*
7656000    170011  010600  011046  005720  010066  000002  004767  000010
7656020    010016  004737  006374  104401  004567  010154  162706  000044
7656040    012716  000001  004737  004652  010067  022314  010516  062716
7656060    177762  004737  006346  016500  177762  062700  177413  010067
   |
7660320    000137  002346  016516  000004  012746  020452  004737  003562
7660340    005726  000137  002542  005067  017552  012704  022336  005003
7660360    012716  021050  004737  005042  110024  005203  022703  000020
7660400    000000  000000  000000  000000  000000  000000  000000  000000
*
11410000
</pre></div>


</blockquote>
<p>Noel:</p>
<blockquote>
<blockquote>
<div class="highlight"><pre><span></span>7656000    170011  010600  011046  005720  010066  000002  004767  000010
</pre></div>


</blockquote>
<p>Yup, good start; SETD, etc.</p>
<blockquote>
<div class="highlight"><pre><span></span>7660360    012716  021050  004737  005042  110024  005203  022703  000020
7660400    000000  000000  000000  000000  000000  000000  000000  000000
</pre></div>


</blockquote>
<p>Hunh; not good. (Might be worth looking at that location in main memory, see if it's zeros or not.)</p>
<p>That's so odd that it's all zeros - I wonder where they came from? Maybe they were already on the disk, and
the write stopped way early? (At 01000 bytes per block, it stopped after 2-1/2 blocks; 056000s, 057000s,
stopped half-way through the 060000's.)</p>
<p>Would be useful to have the RK register contents after the swap() call returns...</p>
</blockquote>
<p>Fritz:</p>
<blockquote>
<p>Okay, the write should be from PA:165400 - PA:175777, to sectors 07656 - 07667.  Block 7667 encodes to an
RKDA value of 012363.</p>
<p>After the halt, I find:</p>
<div class="highlight"><pre><span></span><span class="n">RKDS</span><span class="o">:</span> <span class="mi">004707</span> <span class="o">(</span><span class="n">OK</span><span class="o">)</span>
<span class="n">RKER</span><span class="o">:</span> <span class="mi">000000</span> <span class="o">(</span><span class="n">OK</span><span class="o">)</span>
<span class="n">RKCS</span><span class="o">:</span> <span class="mi">000322</span> <span class="o">(</span><span class="n">BOGUS</span><span class="o">!</span> <span class="n">EX</span><span class="o">.</span><span class="na">MEM</span> <span class="o">=</span> <span class="mi">01</span><span class="o">)</span>
<span class="n">RKWC</span><span class="o">:</span> <span class="mi">000000</span> <span class="o">(</span><span class="n">OK</span><span class="o">)</span>
<span class="n">RKBA</span><span class="o">:</span> <span class="mi">176000</span> <span class="o">(</span><span class="n">OK</span><span class="o">)</span>
<span class="n">RKDA</span><span class="o">:</span> <span class="mi">012363</span> <span class="o">(</span><span class="n">OK</span><span class="o">)</span>
</pre></div>


<p>So, EX.MEM are the smoking bits here!  I will review the associated designs and come up with things the
try/check.</p>
</blockquote>
<hr>
<blockquote>
<p>Okay, taking a look:</p>
<p>RKBA is implemented in the M795 module in slots AB07, as detailed on sheet RK11-C-15.  The M795 is a generic
WC/BA Unibus interfacing module.  The BA part only covers 16 bits, but generates an overflow out "D15
RKBA=ALL 1 L".</p>
<p>EX MEM 01 and EX MEM 02 are maintained on the M239 module in slot A17, as detailed on sheet RK11-C-03.  The
M239 is a 3x 4-bit counter/register module, so this also implements counting up these bits, when triggered
by "D15 RKBA = ALL 1 L".</p>
<p>Based on where we see the data on disk fall off (offset 2400) and the start PA (165400), I'm guessing we get
a false trigger on this "ALL 1" at RKBA 167777.  So that looks like a false "1" detect on RKBA bit 12.</p>
<p>So I think the thing to do is to put the M795 out on an extender, load RKBA with 167777, and have a check at
E28 pin 5, and E34 pin 8!</p>
<p>And we leave the cliffhanger there, for now, at least until tomorrow evening.  Because due to the way the
RK11-C is mounted, in order to do the above I'm going to have to spin the whole machine around (its a dual
H960), extend the RK05's so there is room to physically climb in the back, rig a work light, and get on in
there...</p>
</blockquote>
<h3>February 11</h3>
<blockquote>
<p>SUCCESS!!</p>
<p>Put the M795 out on an extender, loaded 167777 in RKBAR, and had a look around with a logic probe.  Narrowed
it down to E34 (a 7430 8-input NAND).  Pulled, socketed, replaced, and off she goes!</p>
<p>I can now successfully boot and run both V6 Unix and RSTS/E V06C from disk.</p>
<p><em>THAT</em> was a really fun and rewarding hunt :-)  First message in the thread was back on Dec 30, 2018.  Lots
of debugging and DRAM repairs, then the final long assault to this single, failed gate...</p>
<p>Thanks to all here for the help and resources, and particular shout-outs for Noel and Paul who gave
generously of their time and attention working through the densest bits, both on and off the list.</p>
<p>I predict a long happy weekend and a big power bill at the end of the month :-)</p>
</blockquote>
<p><img style="display:block; margin-left:auto; margin-right:auto" src="/images/pdp11/M795.png" 
title="M795 WC/BAModule"/>
<p style="text-align: center;"><em>M795 module and the single failed gate</em></p></p></div>
    <hr />
</div>
    

        

<div class='article'>
    <div class="content-title">
        <a href="https://fritzm.github.io/unix-v6-trouble-1.html"><h1>PDP-11/45: V6 Unix Troubleshooting</h1></a>
Sat 24 October 2020

by <a class="url fn" href="https://fritzm.github.io/author/fritz-mueller.html">Fritz Mueller</a>
 


 
    </div>
    
    <div><p><em>[A catch-up article, documenting discoveries of Jan/Feb 2019]</em></p>
<p>In early 2019, I made a V6 Unix pack from the Ken Wellsch tape image, as mentioned in <a href="https://fritzm.github.io/unix-and-ms11.html">this blog
entry</a>.  It booted on my machine, but dumped core on the first <code>ls</code> in single-user
mode, or as soon as I did any heavy lifting in multi-user mode.</p>
<p>The following is the first part of a chronology of the troubleshooting campaign that took place over the next
month and a half, culminating in a smoking gun hardware fix and successful operation of V6 Unix on the
machine.  This was largely a collaborative effort between Noel Chiappa an myself via direct email
correspondence, though help was received from others via the cctalk mailing list as well.</p>
<h3>January 8-9</h3>
<p>Initial experiments.  Described the <code>ls</code> crashes to Noel.  He theorizes that <code>ls</code> works in one case and
crashes in another is because it lands in a different spot in memory in each case.</p>
<p>Luckily, a subsequent <code>od</code> on the core file does not crash, and a core file is successfully extracted:</p>
<div class="highlight"><pre><span></span>140004 000000 141710 141724 
$DK
@rkunix
mem = 1035
RESTRICTED RIGHTS

Use, duplication or disclosure is subject to
restrictions stated in Contract with Western
Electric Company, Inc.
# LS
MEMORY FAULT -- CORE DUMPED
# OD CORE
0000000 141552 141562 000000 000000 000000 000000 000000 000000
0000020 000000
0000060 000000 000000 000000 000001 000000 000000 063260 140076
0000100 001700 000000 000104 066112 067543 062562 000000 000000
0000120 000000 000000 000000 060221 000567 067543 062562 000000
0000140 000000 000000 000000 000000 066112 000000 000020 000000
0000160 000000 000000 000000 000000 177701 000000 000020 000000
0000200 000000 000000 000000 000000 177701 041402 016006 000000
0000220 000000 000000 000000 000000 066016 041402 016006 000000
0000240 000000 000000 000000 000000 066016 075120 075120 075120
0000260 000000
0000300 000000 000000 000000 000000 000013 010400 001050 002366
0000320 000000 000104 000035 000024 000000 141732 141742 141664
0000340 141674 000000 000000 000000 000000 000000 000000 000000
0000360 000000
0000400 000000 000000 000000 000000 000000 000000 000012 000000
0000420 000000 000000 000000 141772 000000 000000 000000 000000
0000440 000000
0001500 000000 025334 003602 001236 025334 003602 002454 003602
0001520 063260 177716 000000 141542 016070 001176 000000 003602
0001540 063260 177716 000000 141562 016070 001176 066352 030300
0001560 063260 025334 003602 077572 000013 107564 141626 000512
0001600 000000 141604 141616 000300 074616 025334 003602 000217
0001620 000203 107404 020276 000512 000000 141634 141640 003602
0001640 000007 000135 107454 141662 014314 003602 066352 005674
0001660 000000 141712 013640 074616 000000 001000 000000 000000
0001700 001000 074616 063260 066352 000013 141726 023730 066352
0001720 063260 000000 000013 141742 023502 003602 000000 177760
0001740 000013 141756 022050 000013 000000 000000 000000 000034
0001760 000444 000031 177760 000000 030351 177770 010210 170010
0002000 000001 177777 177777 023436 023436 020264 000162 000262
0002020 000262 000202 000262 000256 000210 000262 000250 000262
0002040 000262 000216 000262 000262 000262 000262 000262 000224
0002060 000170 000234 000242 000003 100000 000144 040000 000142
0002100 020000 000143 000055 000001 000400 000162 000055 000001
0002120 000200 000167 000055 000002 004000 000163 000100 000170
0002140 000055 000001 000040 000162 000055 000001 000020 000167
0002160 000055 000002 002000 000163 000010 000170 000055 000001
0002200 000004 000162 000055 000001 000002 000167 000055 000001
0002220 000001 000170 000055 000001 010000 000164 000040 020066
0002240 020106 020116 020126 020142 020152 020162 020176 020206
0002260 020216 020226 000056 062457 061564 070057 071541 073563
0002300 000144 062457 061564 063457 067562 070165 005000 071445
0002320 005072 072000 072157 066141 022440 005144 022400 062065
0002340 000040 031045 020144 022400 033055 033056 000163 026445
0002360 062066 022400 062063 022454 062063 022400 071467 020000
0002400 026445 027067 071467 022440 032055 032056 020163 020000
0002420 026445 031061 030456 071462 000040 032045 020144 022400
0002440 005163 022400 030456 071464 000012 071445 072440 071156
0002460 060545 060544 066142 005145 022400 020163 067556 020164
0002500 067546 067165 005144 000000 003750 000144 004076 000157
0002520 004070 000170 004172 000146 004210 000145 004026 000143
0002540 004044 000163 003764 000154 004226 000162 000000 000000
0002560 177774 177760 177775 177770 104404 022376 000000 104405
0002600 000000 000000 104403 000000 001000 104405 000000 000000
0002620 104421 000000 023436 104423 000000 000000 104422 000000
0002640 000000 000037 000034 000037 000036 000037 000036 000037
0002660 000037 000036 000037 000036 000037 043120 020712 020716
0002700 000001 000005 000515 000072 000457 051505 000124 042105
0002720 000124 060504 020171 067515 020156 030060 030040 035060
0002740 030060 030072 020060 034461 030060 000012 072523 046556
0002760 067157 072524 053545 062145 064124 043165 064562 060523
0003000 000164 060512 043156 061145 060515 040562 071160 060515
0003020 045171 067165 072512 040554 063565 062523 047560 072143
0003040 067516 042166 061545 000000 000000 000000 000000 000000
0003060 000000
0010060 000000 000020 000001 177770 177774 177777 071554 000000
0010100 
#
</pre></div>


<p>Noel prepares to analyze the core file (block quotes here and further below taken from email correspondence):</p>
<blockquote>
<p>I just checked, and the binary for the 'ls' command is what's called 'pure code'; i.e. the instructions are
in a separate (potentially shared) block of memory from the process' data (un-shared).</p>
</blockquote>
<hr>
<blockquote>
<p>On another front, that error message ("Memory error") is produced when a process gets a 'memory management
trap' (trap to 0250). This could be caused by any number of things (it's a pity we don't know the contents
of SR0 when the trap happened, that would tell us exactly what the cause was).</p>
</blockquote>
<hr>
<blockquote>
<p>[Memory management registers in the core dump] are 'prototypes', later modified for actual use by adding in
the actual address in main memory. Still trying to understand how that works - the code (in sureg() in
main.c) is kind of obscure.</p>
</blockquote>
<h3>January 10-24</h3>
<p>Further communication with Noel and the cctalk list raises some suspicion about the memory in my machine.
Though I had done spot checks and repairs on this in the past, which had been sufficient to pass most MAINDEC
diagnostics and to boot and run RT11, in fact the memory had not yet been exhaustively tested.</p>
<p>Over the course of some days, memory test codes are developed and run, and several additional failed DRAMs in
the MS11 memory system are isolated and repaired.  These efforts have previously been reported in detail in
<a href="https://fritzm.github.io/unix-and-ms11.html">this blog entry</a>.</p>
<p>After these repairs, the MAINDEC MS11 memory diagnostics and KT11-C MMU diagnostics, both of which are beastly
and exhaustive, are found to pass robustly with one caveat: memory parity tests.  A deep-dive into the design
and implementation of memory parity on the PDP-11/45 follows.  At the end it is concluded that the machine, a
very early serial no. in its line, is in fact functioning per-design. These efforts are documented in <a href="https://fritzm.github.io/parity-handling.html">this
blog entry</a>.</p>
<p>Even though the memory system looks solid after this, the V6 Unix crash behavior remains exactly the same...</p>
<h3>January 27-29</h3>
<p>With the KT11 and memory now verified, Noel takes up the core dump again:</p>
<blockquote>
<p>The problem is that Unix does not save enough info in the core dump for me to thoroughly diagnose the MM
fault; e.g. 'ls' is a 'pure text' program/command, and the code's not included in the core dump (in normal
operation, there's no need/use for it), so I don't have the code that was running at the time, just the data
and swappable per-process kernel data - which is not all the per-process data, e.g. it doesn't include the
location of the process's code and data segments in main memory.</p>
<p>Also, I'll look at the V6 code that sets up the KT11 registers to make sure I understand what it's doing.
(The dump contains the 'prototype' for those contents, but the values are modified, by adding the actual
memory location, before being stored in the KT11.)</p>
</blockquote>
<hr>
<blockquote>
<p>I did find out that the PC at the time of the segmentation fault was 010210, which I thought looked awfully
big (so I was wondering if somehow it went crazy), but in fact the text size is 010400, so it's just inside
the pure text.</p>
</blockquote>
<p>We agree to use
<a href="https://en.wikipedia.org/wiki/Lions%27_Commentary_on_UNIX_6th_Edition,_with_Source_Code"><em>Lions</em></a> as a common
reference point for detailed discussion of the loading and running of "ls" and what may be seen in the core
dump.</p>
<h3>January 30</h3>
<p>Noel:</p>
<blockquote>
<p>So, a bit more from my examination of the swappable per-process kernel data (the 'user' structure - not sure
how much of a Unix internals person you are).</p>
<p>It gives the following for the text, data and stack sizes:</p>
<div class="highlight"><pre><span></span>tsize 000104
dsize 000035
ssize 000024
</pre></div>


<p>which seems reasonable/correct, because looking at the header for 'ls' we see:</p>
<div class="highlight"><pre><span></span>000410 010400 001050 002366 000000 000000 000000 000001
</pre></div>


<p>'0410' says it's pure text, non-split; the 010400 is the text size, which matches (those sizes above are in
'clicks', i.e. the 0100 byte quantum used in the PDP-11 memory management).</p>
<p>The data size also appears to be correct:</p>
<div class="highlight"><pre><span></span>001050 (initialized)
002366 (BSS)
------
003436
</pre></div>


<p>which again matches (round up and divide by 0100).</p>
<p>I have yet to dig around through the system sources and see what the initial stack allocation is, to see if
that's reasonable (of course, it may have been extended during execution).</p>
<p>And here are the 'prototype' segmentation register contents:</p>
<div class="highlight"><pre><span></span>UISA 000000 000020 000000 000000 000000 000000 000000 177701
UDSA 000000 000020 000000 000000 000000 000000 000000 177701
UISD 041402 016006 000000 000000 000000 000000 000000 066016
UDSD 041402 016006 000000 000000 000000 000000 000000 066016
</pre></div>


<p>Since it's not split, the D-space ones are clones of the I-space (which is what the code does - I don't
think it turns user D off and on, depending on what the process has: I'd have made context switching faster
by not having to set up the D-space registers for non-split processes, but I guess the extra overhead is
pretty minimal).</p>
<p>I have yet to check all the contents to make sure they look good, but the U?SA registers look OK; the '020'
is for the data, and that's kept contiguous with the 'user' area, so the '020' is to offset past that.</p>
<p>The PC at fault time of 010210 seems to point to the following code (assuming what was in main memory was
actually the same as the binary on the disk):</p>
<div class="highlight"><pre><span></span>        mov r4,r0
        jmp 10226
210:    mov r5,r0 
        mov sp,r5
</pre></div>


<p>We don't have SSR2, which points to the failing instruction, and I forget whether the saved PC on an MMU
fault points to the failing instruction, or the next one; I'm going to assume the latter.</p>
<p>But either way, this is very puzzling, because I don't see an instruction there that could have gotten an
MMU fault! The jump is to a location within the text segment (albeit at the end), and everything else it
just register-register moves!</p>
<p>And how could the fault depend on the location in main memory?!?!</p>
<p>If you want to poke around in the core dump yourself, to verify that I haven't made a mistake, see this
page:</p>
<p><a href="http://gunkies.org/wiki/Unix_V6_dump_analysis">http://gunkies.org/wiki/Unix_V6_dump_analysis</a></p>
<p>which gives useful offsets. (The ones in the user table I verified by writing a short program which did
things like 'printf("%o", &amp;0-&gt;u_uisa)', and the data at those locations looks like what should be there, so
I'm pretty sure that table is good. For the other one, core(5) (in the V6 man pages) gives the register
offsets (albeit in a different form), so you can check that I worked them out correctly.</p>
<p>Two things you could try to get rid of potential pattern sensitivities: before doing the 'ls', say 'sleep
360 &amp;' first; that running in the background <em>should</em> cause the 'ls' to be loaded and run from a different
address in main memory. The other thing you could try is 'cp /bin/ls xls' and then 'xls', to load the
command from a different disk location. (Both of these assume that you don't get another fault, of course!)</p>
</blockquote>
<hr>
<blockquote>
<p>[Initial stack size] is 20. clicks, which is what it still is (024 clicks) in the process core dump, so
the stack has <em>not</em> been extended. So any MM fault you see after starting 'ls' will <em>probably</em> be the one
that's causing the process to blow out.</p>
</blockquote>
<hr>
<blockquote>
<p>I tried to re-create that exact version of the 'ls' binary, because the one in the distro is stripped, and I
wanted one with symbols to look at. I failed, because a library routine (for dates) has changed on my
machine, see here:</p>
<p><a href="http://www.chiappa.net/~jnc/tech/V6Unix.html#Issues">http://www.chiappa.net/~jnc/tech/V6Unix.html#Issues</a></p>
<p>However, I did verify that the binary for ls.o is identical to what I can produce (using the -O flag). It's
just that library routine which is different. I don't think it's worth backing out my library; I did manage
to hand-produce a stub of the symbol table for where the error is happening in the old 'ls' binary:</p>
<div class="highlight"><pre><span></span>010210T csv
010226T cret
010244T cerror
010262T _ldiv
010304T _lrem
010324T _dpadd
</pre></div>


<p>The fault does indeed seem to be happening at either the last instruction in the previous routine (ct_year,
in ctime.c), or the first of csv.</p>
<p>(I should explain that PDP-11 C uses two small chunks of code, CSV and CRET, to construct and take down
stack frames on procedure entry and exit. So on exit from <em>any</em> C procedure, the last instruction is always
an PC-relative jump to CRET.)</p>
<p>It looks like that's what's blowing up - but it apparently works with the command at a different location in
main memory! So it pretty much has to be a pattern sensitivity.</p>
<p>However, I think the KT11 does the bounds checking <em>before</em> it does the relocation - the bounds checking is
done on virtual, un-relocated addresses. So <em>that</em> part of it <em>should</em> be the same for both locations! So
here's my analysis:</p>
<p>Is it actually an indexed jump that's blowing up? I've been looking at the command binary, but that might
not be what's in main memory. Or the CPU might be looking somewhere else (because of a KT error). (If we
don't find the problem soon, we might want to put in that breakpoint so we can look in main memory and see
what inst is actually at the location where SSR2 says the failing inst was; that can rule out a whole bunch
of potential causes in one go - e.g. RK11 errors.)</p>
<p>If it is actually that jump that's failing - how? The PC hasn't been updated yet, so it can't be the fetch
of the next instruction that's failing. Is the fetch of the index word producing the MM fault?</p>
</blockquote>
<p>Fritz:</p>
<blockquote>
<p>It occurs to me that we don't even <em>really</em> know if the fault occurs from the same address every time, since
we have a core sample size of 1; I should duplicate the fail and extract another core file to compare.</p>
</blockquote>
<hr>
<blockquote>
<p>Another thing I thought I might try tonight: deposit a trap catcher in the memory mgmt trap location from
the front panel, just before issuing the 'ls' command.  I can then check the PSW, PC, SP, and KT11 regs
right at the time of fault.</p>
</blockquote>
<p>Experiments begin from the front panel, and continue on into the early hours, producing:</p>
<p>Core #2:</p>
<div class="highlight"><pre><span></span>140004 000000 141710 141724
$DK
@rkunix
mem = 1035
RESTRICTED RIGHTS

Use, duplication or disclosure is subject to
restrictions stated in Contract with Western
Electric Company, Inc.
# RM CORE
# LS
MEMORY FAULT -- CORE DUMPED
# OD CORE
0000000 141552 141562 000000 000000 000000 000000 000000 000000
0000020 000000
0000060 000000 000000 000000 000001 000000 000000 063260 140076
0000100 001700 000000 000104 066112 067543 062562 000000 000000
0000120 000000 000000 000000 060221 000571 067543 062562 000000
0000140 000000 000000 000000 000000 066112 000000 000020 000000
0000160 000000 000000 000000 000000 177701 000000 000020 000000
0000200 000000 000000 000000 000000 177701 041402 016006 000000
0000220 000000 000000 000000 000000 066016 041402 016006 000000
0000240 000000 000000 000000 000000 066016 075120 075120 075120
0000260 000000
0000300 000000 000000 000000 000000 000013 010400 001050 002366
0000320 000000 000104 000035 000024 000000 141732 141742 141664
0000340 141674 000000 000000 000000 000000 000000 000000 000000
0000360 000000
0000400 000000 000000 000000 000000 000000 000000 000011 000000
0000420 000000 000000 000000 141772 000000 000000 000000 000000
0000440 000000
0001500 000000 000000 000000 000000 000000 000000 000000 003602
0001520 063260 177716 000000 141542 016070 001176 000000 003602
0001540 063260 177716 000000 141562 016070 001176 066352 030300
0001560 063260 141576 000005 003602 066352 001612 074376 044516
0001600 003602 025334 003602 000000 000443 107144 141646 000512
0001620 000000 141624 141640 000300 020276 020356 030000 003602
0001640 000007 000135 107454 141662 014314 003602 066352 004404
0001660 000000 141712 013640 074616 000000 001000 000000 000000
0001700 001000 074616 063260 066352 000013 141726 023730 066352
0001720 063260 000000 000013 141742 023502 003602 000000 177760
0001740 000013 141756 022050 000013 000000 000000 000000 000034
0001760 000444 000031 177760 000000 030351 177770 010210 170010
0002000 000001 177777 177777 023436 023436 020264 000162 000262
0002020 000262 000202 000262 000256 000210 000262 000250 000262
0002040 000262 000216 000262 000262 000262 000262 000262 000224
0002060 000170 000234 000242 000003 100000 000144 040000 000142
0002100 020000 000143 000055 000001 000400 000162 000055 000001
0002120 000200 000167 000055 000002 004000 000163 000100 000170
0002140 000055 000001 000040 000162 000055 000001 000020 000167
0002160 000055 000002 002000 000163 000010 000170 000055 000001
0002200 000004 000162 000055 000001 000002 000167 000055 000001
0002220 000001 000170 000055 000001 010000 000164 000040 020066
0002240 020106 020116 020126 020142 020152 020162 020176 020206
0002260 020216 020226 000056 062457 061564 070057 071541 073563
0002300 000144 062457 061564 063457 067562 070165 005000 071445
0002320 005072 072000 072157 066141 022440 005144 022400 062065
0002340 000040 031045 020144 022400 033055 033056 000163 026445
0002360 062066 022400 062063 022454 062063 022400 071467 020000
0002400 026445 027067 071467 022440 032055 032056 020163 020000
0002420 026445 031061 030456 071462 000040 032045 020144 022400
0002440 005163 022400 030456 071464 000012 071445 072440 071156
0002460 060545 060544 066142 005145 022400 020163 067556 020164
0002500 067546 067165 005144 000000 003750 000144 004076 000157
0002520 004070 000170 004172 000146 004210 000145 004026 000143
0002540 004044 000163 003764 000154 004226 000162 000000 000000
0002560 177774 177760 177775 177770 104404 022376 000000 104405
0002600 000000 000000 104403 000000 001000 104405 000000 000000
0002620 104421 000000 023436 104423 000000 000000 104422 000000
0002640 000000 000037 000034 000037 000036 000037 000036 000037
0002660 000037 000036 000037 000036 000037 043120 020712 020716
0002700 000001 000005 000515 000072 000457 051505 000124 042105
0002720 000124 060504 020171 067515 020156 030060 030040 035060
0002740 030060 030072 020060 034461 030060 000012 072523 046556
0002760 067157 072524 053545 062145 064124 043165 064562 060523
0003000 000164 060512 043156 061145 060515 040562 071160 060515
0003020 045171 067165 072512 040554 063565 062523 047560 072143
0003040 067516 042166 061545 000000 000000 000000 000000 000000
0003060 000000
0010060 000000 000020 000001 177770 177774 177777 071554 000000
0010100
#
</pre></div>


<p>and also:</p>
<blockquote>
<p>'db' works<br>
'cp' works<br>
'rm' works  </p>
<p>'sleep 360 &amp;' followed by 'ls' works, and then when the 'sleep' ends no longer works!  So confirmation about
memory location dependence.</p>
<p>'cp /bin/ls xls' followed by 'xls' does not work (dumps core); works with 'sleep' as with 'ls' above.</p>
</blockquote>
<hr>
<blockquote>
<p>Okay, last experiment, booting up, then depositing trap catcher from the front panel into vector 250:</p>
<div class="highlight"><pre><span></span><span class="mi">000250</span><span class="o">:</span> <span class="mi">000252</span>
<span class="mi">000252</span><span class="o">:</span> <span class="mi">000000</span>
</pre></div>


<p>...then issuing the 'ls' seems to catch it.  I can then examine registers and memory etc. from the front
panel.  This is a quick and easy repro.  I went ahead and dumped a few of the KT11 registers (but its late,
so I can't guarantee I didn't slip up -- should try this again when I'm fresh):</p>
<div class="highlight"><pre><span></span><span class="n">SR0</span><span class="o">:</span> <span class="mi">040143</span> <span class="o">(</span><span class="n">ah</span><span class="o">!</span> <span class="n">page</span> <span class="n">length</span> <span class="n">fault</span><span class="o">,</span> <span class="n">user</span> <span class="n">I</span><span class="o">-</span><span class="n">space</span><span class="o">,</span> <span class="n">page</span> <span class="mi">1</span><span class="o">)</span>
<span class="n">SR1</span><span class="o">:</span> <span class="mi">000000</span> <span class="o">(</span><span class="n">no</span> <span class="n">auto</span> <span class="n">inc</span><span class="o">/</span><span class="n">dec</span> <span class="n">to</span> <span class="n">clean</span> <span class="n">up</span><span class="o">)</span>
<span class="n">SR2</span><span class="o">:</span> <span class="mi">010210</span> <span class="o">(</span><span class="n">virtual</span> <span class="n">PC</span><span class="o">,</span> <span class="n">agrees</span> <span class="k">with</span> <span class="n">your</span> <span class="n">deduction</span> <span class="n">from</span> <span class="n">core</span> <span class="n">dump</span><span class="o">)</span>
<span class="n">SR3</span><span class="o">:</span> <span class="mi">000000</span> <span class="o">(</span><span class="n">that</span><span class="s1">&#39;s odd -- shouldn&#39;</span><span class="n">t</span> <span class="n">split</span> <span class="n">I</span><span class="o">/</span><span class="n">D</span> <span class="n">be</span> <span class="n">enabled</span><span class="o">?)</span>

<span class="n">UIPDR</span><span class="o">:</span> <span class="mi">041402</span> <span class="mi">016006</span> <span class="mi">000000</span> <span class="mi">000000</span> <span class="mi">000000</span> <span class="mi">000000</span> <span class="mi">000000</span> <span class="mi">066116</span>
<span class="n">UIPAR</span><span class="o">:</span> <span class="mi">001614</span> <span class="mi">001760</span> <span class="mi">001614</span> <span class="mi">001614</span> <span class="mi">001614</span> <span class="mi">001614</span> <span class="mi">001614</span> <span class="mi">001614</span>

<span class="n">UDPDR</span><span class="o">:</span> <span class="mi">010501</span> <span class="mi">057517</span> <span class="mi">077717</span> <span class="mi">077717</span> <span class="mi">037611</span> <span class="mi">067616</span> <span class="mi">076300</span> <span class="mi">064317</span>
<span class="n">UDPAR</span><span class="o">:</span> <span class="mi">002417</span> <span class="mi">002564</span> <span class="mi">007777</span> <span class="mi">007766</span> <span class="mi">005635</span> <span class="mi">005656</span> <span class="mi">007777</span>  <span class="n">oops</span>
</pre></div>


<p>...where "oops" means I thought I was done scribbling all these down, and turned off the machine.  Did I
mention it's late? :-)</p>
</blockquote>
<p>[Note: It <em>was</em> late, and there is an error with UIPAR7 in this transcription.  This will be the source of
some uncertainty until corrected on February 2.]</p>
<h3>January 31</h3>
<p>Noel:</p>
<blockquote>
<blockquote>
<p>'sleep 360 &amp;' followed by 'ls' works, and then when the 'sleep' ends no longer works! So confirmation about
memory location dependence.</p>
</blockquote>
<p>Yeah, that's a really important data-point. The fact that it is physical location dependent really does tend
to implicate the KT11; I think the KB11 mostly only knows/has virtual addresses? (So I probably shouldn't
bang my head trying to think of failure modes in the KB11?) If you have the source for its diag, you might
try looking through it, looking for things it doesn't try...</p>
<p>Although I suppose it could be a location-dependent issue with the RK11. I should explain how to find, and
examine the pure-text for the 'ls' command; if you halt the CPU on the trap again, look at UISA0, and that
should give you the 'click' where the text starts; at that point I'd probably examine every 256th (block
size) word and we can compare them to the original to make sure the in-core copy is OK.</p>
</blockquote>
<hr>
<blockquote>
<blockquote>
<div class="highlight"><pre><span></span><span class="n">SR0</span><span class="o">:</span> <span class="mi">040143</span> <span class="o">(</span><span class="n">ah</span><span class="o">!</span> <span class="n">page</span> <span class="n">length</span> <span class="n">fault</span><span class="o">,</span> <span class="n">user</span> <span class="n">I</span><span class="o">-</span><span class="n">space</span><span class="o">,</span> <span class="n">page</span> <span class="mi">1</span><span class="o">)</span>
<span class="n">SR2</span><span class="o">:</span> <span class="mi">010210</span> <span class="o">(</span><span class="n">virtual</span> <span class="n">PC</span><span class="o">,</span> <span class="n">agrees</span> <span class="k">with</span> <span class="n">your</span> <span class="n">deduction</span> <span class="n">from</span> <span class="n">core</span> <span class="n">dump</span>
</pre></div>


</blockquote>
<p>If it's really 010210, I wonder how it could be a fault on page 1; each page (segment, really) of virtual
address space is 020000 long, so that address is well inside page 0?</p>
<p>Unless it has fetched some other instruction, due to some other error, one which does try and do something
on page 1... Might want to try looking at a few instructions around 010210 when you try this again, see
what's actually there. Let's see, code starts at 0161400 in real memory (per UIPAR0 below), so 010210 is at
0171610... Maybe dump a few words from 171600 on?</p>
<blockquote>
<div class="highlight"><pre><span></span><span class="n">SR3</span><span class="o">:</span> <span class="mi">000000</span> <span class="o">(</span><span class="n">that</span><span class="s1">&#39;s odd -- shouldn&#39;</span><span class="n">t</span> <span class="n">split</span> <span class="n">I</span><span class="o">/</span><span class="n">D</span> <span class="n">be</span> <span class="n">enabled</span><span class="o">?)</span>
</pre></div>


</blockquote>
<p>No; you're running binary for a /40 system, so no split I/D. So also, all the UDPARs and UDPDRs will contain
junk.</p>
<blockquote>
<div class="highlight"><pre><span></span><span class="n">UIPAR</span><span class="o">:</span> <span class="mi">001614</span> <span class="mi">001760</span> <span class="mi">001614</span> <span class="mi">001614</span> <span class="mi">001614</span> <span class="mi">001614</span> <span class="mi">001614</span> <span class="mi">001614</span>
</pre></div>


</blockquote>
<p>?? UIPAR7 looks wrong; if the data is really at 01760, I think the stack should be above that in real memory
- but I might be wrong, I will check.</p>
<p>If it is wrong, did something cause the wrong value to be stored there (e.g. an error in the execution of
lines 1750/1751 in Lions); or was the prototype calculated wrong (around line 1704) - but I think the
prototypes looked correct in the process' core dump, but I will check them; or did the hardware flake out,
and e.g. copy a later store (the code fills them from the top down) up to UISA7?</p>
<p>To check out the latter, maybe a bespoke tiny program, toggled in, to try storing the 'correct' data in the
UISPARs, in the exact way that the Unix code does it, and then look and see what's in there?</p>
<p>This might also correlate to the strange stuff I saw in the process' user-mode stack, in the dump - I will
go back and look at that now.</p>
<p>If you do this again, please add KISA6 and KISD6 to the registers to dump (you can skip UDS*), so we can see
what it thinks is going on with the per-process swappable data, which should be just below the process'
user-mode data, in terms of real memory.</p>
</blockquote>
<hr>
<blockquote>
<p>Yes, the stack is directly above the user data, which is directly above the swappable per-process data (user
struct, and kernel stack). But the address math for stack segments in the KT11 is weird (see below).</p>
<p>I <em>think</em> the prototypes:</p>
<div class="highlight"><pre><span></span>UISA 000000 000020 000000 000000 000000 000000 000000 177701
UISD 041402 016006 000000 000000 000000 000000 000000 066016
</pre></div>


<p>are right, but the negative direction of the stack is making my head hurt (and the UISA7 you recorded from
the hardware might be right after all - but then the UISA0 might be wrong - it's suspicious, but not
impossible, that they are the same value).</p>
<p>If the SPPD is at physical xxx, the user data will be at xxx+20 (in clicks, as above) through xxx+20+34
(below), and then the stack above that. Per the SPPD:</p>
<div class="highlight"><pre><span></span>tsize 000104
dsize 000035
ssize 000024
</pre></div>


<p>the stack should then run from xxx+20+35 to xxx+20+35+23. The way the MM hardware works for stack segment,
the 'base' is where the first click would be if the segment were a full 0200 clicks. (Per the example in the
/45 proc handbook; for a 3-click stack running from physical 0331500 to 0331776, the PAR would contain
03120, i.e. segment base at 0312000.)</p>
<p>So let me do the math (please check to see if I'm confused :-); base of user data is at 0176000 (per UISA1
contents), runs to 0201476 (i.e. plus 03500); the stack would run from 0201500 to 0204076 (i.e. plus 02400).
So the stack segment 'base' would be 020000 below the next word, or 0164100.</p>
<p>(My head hurts too much to work out if the 177701 of the prototype is right; basically, the location of the
SPPD in clicks would be 01740 (I <em>think</em> - 01760 - 020), and that plus 177701 should give us 01641.)</p>
<p>But, anyway, I'm fairly sure that 01614 is <em>not</em> right for UISA7 (unless it really was 1641 and you inverted
the digits because it looked so close).</p>
<p>Having KISA6 would help since it would give us a cross-check on the value of UISA1.....</p>
</blockquote>
<hr>
<blockquote>
<p>So, according to the process core dump, these are the register contents at the time of the fault:</p>
<div class="highlight"><pre><span></span>R0 177770
R1 0
R2 0
R3 0
R4 34
R5 444
SP 177760
PC 010210
PS 170010
</pre></div>


<p>Now, PDP-11 uses R5 for a frame pointer, set up thus:</p>
<div class="highlight"><pre><span></span>        jsr     r5,csv        (first instruction in every C routine)

csv:
        mov     r5,r0
        mov     sp,r5
        mov     r4,-(sp)
        mov     r3,-(sp)
        mov     r2,-(sp)
        tst     -(sp)
        jmp     (r0)
</pre></div>


<p>on subroutine entry (the 'jsr r5, csv' pushes the old R5 contents, and temporarily saves the return PC - to
just after the call to CSV, not to the sunroutine which called this one, that's further down - in R5). So,
except for the first two instructions of CSV, R5 <em>always</em> contains an old SP.</p>
<p>Now look at the R5 from the crash. That's not an old SP. Something has already gone seriously wrong by this
point - actually, likely the process has just started to run the newly-loaded command code (see below), and
hasn't even set up its first stack frame yet.</p>
<p>Now look at the top of the stack, as recorded in the process' core dump:</p>
<div class="highlight"><pre><span></span><span class="mi">0010060</span><span class="o">:</span> <span class="mi">000000</span> <span class="mi">000020</span> <span class="mi">000001</span> <span class="mi">177770</span> <span class="mi">177774</span> <span class="mi">177777</span> <span class="mi">071554</span> <span class="mi">000000</span>
</pre></div>


<p>And that's <em>it</em>; the rest if all 0's! (The base address does seem to correspond; with:</p>
<div class="highlight"><pre><span></span>dsize 000035
ssize 000024
</pre></div>


<p>and the SPPD being 020 clicks, that puts the top of the stack at 0101 clicks, or 010100, and the last
location there is 010076.</p>
<p>The core dump routine, core() writes the user data out in two transfers (Lions 4113-4124), one for the SPPD,
one for the user's data+stack. So we probably got the SPPD OK, but the rest - who knows?</p>
<p>It does call estabur(), which sets up the prototype MM register contents, and then writes them into the
actual registers, so the prototypes in the process' core dump that I was looking at before have already been
overwritten. :-(But estabur() then called sureg (Lions 1724) so hopefully the MM regs wound up pointing to
the actual memory being used for the stack - but who knows?</p>
<p>Anyway, looking at the contents, the top of the stack does look vaguely like what it should be when the
command <em>starts</em> executing, after the exec() call; the SP is even reasonable; it points to that 0 at offset
010060.</p>
<p>The 020 is the return point for the call to _main (see below; that 'jsr pc,_main' ends at 016); the '1' is
probably 'nargs' (see Exec(II) in the V6 Manual), the '0177770' is argv, '177774' is argv[0], 177777 is
argv[1] (end of list marker), and '071554' is 'ls' (the command name, by convention the first argument).</p>
<p>R0 contains what looks like an old SP, although I suppose that could have been
left over from the assembler startup:</p>
<div class="highlight"><pre><span></span><span class="n">start</span><span class="o">:</span>
          <span class="n">setd</span>
          <span class="n">mov</span>     <span class="n">sp</span><span class="o">,</span><span class="n">r0</span>
          <span class="n">mov</span>     <span class="o">(</span><span class="n">r0</span><span class="o">),-(</span><span class="n">sp</span><span class="o">)</span>
          <span class="n">tst</span>     <span class="o">(</span><span class="n">r0</span><span class="o">)+</span>
          <span class="n">mov</span>     <span class="n">r0</span><span class="o">,</span><span class="mi">2</span><span class="o">(</span><span class="n">sp</span><span class="o">)</span>
          <span class="n">jsr</span>     <span class="n">pc</span><span class="o">,</span><span class="n">_main</span>
</pre></div>


<p>but clearly the attempt to execute the first instruction in CSV blew up. And where did the '444' in R5 come
from? The call to CSV is at 030?</p>
</blockquote>
<h3>February 1</h3>
<p>Noel, regarding the second core file:</p>
<blockquote>
<p>I took a quick look, and everything 'important' seems to be identical: the registers, PC, etc at the time of
the trap (including that mysterious '444' in R5); the prototype MM registers; the user's stack (looking
again like the command just started.</p>
</blockquote>
<hr>
<blockquote>
<blockquote>
<p>I went ahead and dumped a few of the KT11 registers</p>
<div class="highlight"><pre><span></span><span class="n">UIPDR</span><span class="o">:</span> <span class="mi">041402</span> <span class="mi">016006</span> <span class="mi">000000</span> <span class="mi">000000</span> <span class="mi">000000</span> <span class="mi">000000</span> <span class="mi">000000</span> <span class="mi">066116</span>
</pre></div>


</blockquote>
<p>Oh, BTW, I checked, and these match the prototype values in the user struct.</p>
</blockquote>
<h3>February 2-3</h3>
<p>A tip from Noel:</p>
<blockquote>
<p>Something stirred this in my memory: the best quick overview of the internals of the Bell PDP-11 Unixes is
K. Thompson, "UNIX Implementation", available here:</p>
<p><a href="https://users.soe.ucsc.edu/~sbrandt/221/Papers/History/thompson-bstj78.pdf">https://users.soe.ucsc.edu/~sbrandt/221/Papers/History/thompson-bstj78.pdf</a></p>
<p>if you want to know more about what the insides are like.</p>
</blockquote>
<p>Fritz:</p>
<blockquote>
<p>Okay, here's the latest, done with some care:</p>
<div class="highlight"><pre><span></span><span class="n">UISD</span><span class="o">:</span> <span class="mi">041402</span> <span class="mi">016006</span> <span class="mi">000000</span> <span class="mi">000000</span> <span class="mi">000000</span> <span class="mi">000000</span> <span class="mi">000000</span> <span class="mi">066116</span>
<span class="n">UISA</span><span class="o">:</span> <span class="mi">001614</span> <span class="mi">001760</span> <span class="mi">001614</span> <span class="mi">001614</span> <span class="mi">001614</span> <span class="mi">001614</span> <span class="mi">001614</span> <span class="mi">001641</span>

<span class="n">KISD</span><span class="o">:</span> <span class="mi">077406</span> <span class="mi">077406</span> <span class="mi">077406</span> <span class="mi">077506</span> <span class="mi">077506</span> <span class="mi">077406</span> <span class="mi">007506</span> <span class="mi">077506</span>
<span class="n">KISA</span><span class="o">:</span> <span class="mi">000000</span> <span class="mi">000200</span> <span class="mi">000400</span> <span class="mi">000600</span> <span class="mi">001000</span> <span class="mi">001200</span> <span class="mi">001740</span> <span class="mi">007600</span>

<span class="n">SRs</span><span class="o">:</span> <span class="mi">040143</span> <span class="mi">000000</span> <span class="mi">010210</span> <span class="mi">000000</span>

<span class="mi">171600</span><span class="o">:</span> <span class="mi">016162</span> <span class="mi">004767</span> <span class="mi">000224</span> <span class="mi">000414</span> <span class="mi">006700</span> <span class="mi">006152</span> <span class="mi">006702</span> <span class="mi">006144</span>
</pre></div>


</blockquote>
<p>[Note: this fixes the previous late-night transcription error with UISA7...]</p>
<p>Noel:</p>
<blockquote>
<blockquote>
<div class="highlight"><pre><span></span><span class="n">UISD</span><span class="o">:</span> <span class="mi">041402</span> <span class="mi">016006</span> <span class="mi">000000</span> <span class="mi">000000</span> <span class="mi">000000</span> <span class="mi">000000</span> <span class="mi">000000</span> <span class="mi">066116</span>
<span class="n">UISA</span><span class="o">:</span> <span class="mi">001614</span> <span class="mi">001760</span> <span class="mi">001614</span> <span class="mi">001614</span> <span class="mi">001614</span> <span class="mi">001614</span> <span class="mi">001614</span> <span class="mi">001641</span>
</pre></div>


</blockquote>
<p>So, 'good news' is these are the same except for UISA7, for which as I suspected, it looks like the digits
were transposed. But the new value is exactly the one I calculated.</p>
<p>'Bad news' is that takes out what I was thinking might be a potential cause, which was UPAR's getting
trashed by hardware failure. So more hard work ahead (see below).</p>
<blockquote>
<div class="highlight"><pre><span></span><span class="n">KISD</span><span class="o">:</span> <span class="mi">077406</span> <span class="mi">077406</span> <span class="mi">077406</span> <span class="mi">077506</span> <span class="mi">077506</span> <span class="mi">077406</span> <span class="mi">007506</span> <span class="mi">077506</span>
<span class="n">KISA</span><span class="o">:</span> <span class="mi">000000</span> <span class="mi">000200</span> <span class="mi">000400</span> <span class="mi">000600</span> <span class="mi">001000</span> <span class="mi">001200</span> <span class="mi">001740</span> <span class="mi">007600</span>
</pre></div>


</blockquote>
<p>Those all look OK: KISD6 show the segment length as 020 (017 being the last valid click), which is right,
and KISA6 is 01740, so with the user area and kernel stack being 20 clicks, that makes the start of the user
data 01760, which is what UISA1 contains.</p>
<blockquote>
<div class="highlight"><pre><span></span><span class="n">SRs</span><span class="o">:</span> <span class="mi">040143</span> <span class="mi">000000</span> <span class="mi">010210</span> <span class="mi">000000</span>
</pre></div>


</blockquote>
<p>OK, same failing location as before (010210); SSR0 shows:</p>
<div class="highlight"><pre><span></span>Abort - page length error
User mode
Page 1
</pre></div>


<p>which is the same as last time.</p>
<div class="highlight"><pre><span></span><span class="mi">171600</span><span class="o">:</span> <span class="mi">016162</span> <span class="mi">004767</span> <span class="mi">000224</span> <span class="mi">000414</span> <span class="mi">006700</span> <span class="mi">006152</span> <span class="mi">006702</span> <span class="mi">006144</span>
</pre></div>


<p>Let me just re-check the math here: text base is 0161400, plus a PC of 010210, gives us 0171610, which is
right in the middle there - thanks!</p>
<p>That does not, alas, look anything <em>at all</em> like what's <em>supposed</em> to be there, which is:</p>
<div class="highlight"><pre><span></span><span class="mi">010200</span><span class="o">:</span> <span class="mi">110024</span>
        <span class="mi">010400</span>  <span class="n">mov</span> <span class="n">r4</span><span class="o">,</span><span class="n">r0</span>
        <span class="mi">000167</span>  <span class="n">jmp</span> <span class="mi">10226</span> <span class="o">(</span><span class="n">cret</span><span class="o">)</span>
        <span class="mi">000016</span>
        <span class="mi">010500</span>  <span class="n">mov</span> <span class="n">r5</span><span class="o">,</span><span class="n">r0</span> <span class="o">(</span><span class="n">start</span> <span class="n">of</span> <span class="n">CSV</span><span class="o">)</span>
        <span class="mi">010605</span>  <span class="n">mov</span> <span class="n">sp</span><span class="o">,</span><span class="n">r5</span>
        <span class="mi">010446</span>  <span class="n">mov</span> <span class="n">r4</span><span class="o">,-(</span><span class="n">sp</span><span class="o">)</span>
        <span class="mi">010346</span>  <span class="n">mov</span> <span class="n">r3</span><span class="o">,-(</span><span class="n">sp</span><span class="o">)</span>
</pre></div>


<p>So maybe the RK11 went berserk? But maybe not...</p>
<p>The 4767 is a 'jsr pc, xxx' which is typical C compiler emission, but the rest looks like rubbish - 6700 is
a SXT R0, for instance.</p>
<p>What's actually there at 010210 (virtual) still doesn't explain the MM trap we got; 'SXT R0' should have
executed OK, no matter what? Confoozled...</p>
<p>What's also odd is how it got here; it's almost like the first few instructions:</p>
<div class="highlight"><pre><span></span><span class="n">start</span><span class="o">:</span>
          <span class="n">setd</span>
          <span class="n">mov</span>     <span class="n">sp</span><span class="o">,</span><span class="n">r0</span>
          <span class="n">mov</span>     <span class="o">(</span><span class="n">r0</span><span class="o">),-(</span><span class="n">sp</span><span class="o">)</span>
          <span class="n">tst</span>     <span class="o">(</span><span class="n">r0</span><span class="o">)+</span>
          <span class="n">mov</span>     <span class="n">r0</span><span class="o">,</span><span class="mi">2</span><span class="o">(</span><span class="n">sp</span><span class="o">)</span>
          <span class="n">jsr</span>     <span class="n">pc</span><span class="o">,</span><span class="n">_main</span>

<span class="n">_main</span><span class="o">:</span>
          <span class="n">jsr</span>     <span class="n">r5</span><span class="o">,</span><span class="n">csv</span>
</pre></div>


<p>executed OK, and then it tried to go off to csv, only there's trash there? And what's with the 0444 in R5?
That should be 034, the return from that last JSR.</p>
<p>I'm going to go ponder all this. One more thing you could try is do this all again, and write down the first
couple of instructions at the start of the text segment (UISA0 = 01614, so 0161400 on for a few words), so
we can see if <em>that</em> looks OK.</p>
<p>If so, it will look like the command got read in off the disk wrong - since it's not coming from swap (it's
just starting), it's coming out of the file system wrong. Why will be a good question.</p>
<p>And I still don't understand the 'segment 1' fault, and the R5 contents - so many things going wrong all at
once, for reasons that make no sense... I wonder if there's a noise glitch hitting several things all at the
same time?</p>
</blockquote>
<p>Fritz:</p>
<blockquote>
<p>I read a bit through the KT11 maintenance manual you sent yesterday, to refresh myself on it a bit (thanks
for that!).  I realized I almost always use my console in "PROG PHY" or "CONS PHY" mode; but using "USER I"
and "KERNEL I" I may be able to verify quickly that the KT11 is thinking VA:010210 -&gt; PA:171610.</p>
<p>When I set this up to try later, I'll examine that start of the text segment at 161400 as well, per your
recommend.</p>
</blockquote>
<h3>February 4</h3>
<p>Noel sends up a flare on cctalk in the the early AM, summarizing the problem and experiments to date.
Suggestions start to flow in.  Some have already been tried or can be ruled out.  Some others:</p>
<ul>
<li>
<p>Bob Smith: "I keep wondering about the psu...".  This gets some agreement from the list, and a few
  interesting/relevant anecdotes are relayed.  Paul Koning:</p>
<blockquote>
<p>In RSTS development we once ran into DMC-11s not working reliably.  The field service tech knew exactly
what to look for, and started checking all the supply voltages.  The spec says allowed tolerances are
+/- 5%.  He knew the reality for correct operation was -0%, +5%, so he tweaked all the supplies to read
a hair above nominal.</p>
</blockquote>
<p>Warner Losh:</p>
<blockquote>
<p>I recall our PDP-11 tech tweaking +5V from 5.05V to 4.95V and back again to demonstrate that tiny
differences matter a lot on one of the cranky 11/23+''s we had after I made a particularly unhelpful
teenage smart ass remark... The 11/23+ wouldn't boot at the slightly lower than full voltage.</p>
</blockquote>
<p>It is worth noting that in both of these cases, a slight undervoltage proved problematic...</p>
</li>
<li>
<p>Paul Koning suggests a potential KT11 failure mode:</p>
<blockquote>
<p>Another possibility occurs to me: bad bits in the MMU (UISAR0 register if I remember correctly).  Bad
memory is likely to show up with a few bits wrong; if UISAR0 has a stuck bit so the "plain" case maps
incorrectly you'd expect to come up with execution that looks nothing at all like what was intended.</p>
</blockquote>
<p>Noel provides a short diagnostic (apparently, straight from his mind to machine code; props! :-) to check
read-after-write on UISA* so we can rule this out:</p>
<div class="highlight"><pre><span></span><span class="mi">1000</span><span class="o">:</span>   <span class="mi">12706</span>       <span class="o">/</span> <span class="n">Put</span> <span class="n">stack</span> <span class="n">at</span> <span class="mi">0700</span>
        <span class="mi">700</span>
        <span class="mi">12701</span>       <span class="o">/</span> <span class="n">Load</span> <span class="n">UISA0</span> <span class="n">address</span> <span class="k">in</span> <span class="n">R1</span>
        <span class="mi">177640</span>
        <span class="mi">5000</span>        <span class="o">/</span> <span class="n">Start</span> <span class="n">testing</span> <span class="n">at</span> <span class="mi">0</span>
        <span class="mi">10011</span>       <span class="o">/</span> <span class="n">Store</span> <span class="n">it</span>
        <span class="mi">20011</span>       <span class="o">/</span> <span class="n">Check</span> <span class="n">it</span>
        <span class="mi">1401</span>        <span class="o">/</span> <span class="n">Skip</span> <span class="k">if</span> <span class="n">match</span>
        <span class="mi">0</span>           <span class="o">/</span> <span class="n">Halt</span> <span class="n">here</span> <span class="n">on</span> <span class="n">error</span>
        <span class="mi">5200</span>        <span class="o">/</span> <span class="n">Next</span> <span class="n">value</span>
        <span class="mi">20027</span>       <span class="o">/</span> <span class="mi">07777</span> <span class="n">or</span> <span class="n">less</span><span class="o">?</span>
        <span class="mi">7777</span>
        <span class="mi">101770</span>      <span class="o">/</span> <span class="n">Go</span> <span class="n">around</span>
        <span class="mi">5721</span>        <span class="o">/</span> <span class="n">Next</span> <span class="n">register</span>
        <span class="mi">20127</span>       <span class="o">/</span> <span class="n">Done</span> <span class="n">them</span> <span class="n">all</span><span class="o">?</span>
        <span class="mi">177660</span>
        <span class="mi">101401</span>      <span class="o">/</span> <span class="n">Skip</span> <span class="k">if</span> <span class="n">not</span>
        <span class="mi">0</span>           <span class="o">/</span> <span class="n">Halt</span> <span class="n">here</span> <span class="n">when</span> <span class="n">done</span>
        <span class="mi">137</span>         <span class="o">/</span> <span class="n">Go</span> <span class="n">back</span>
        <span class="mi">1010</span>
</pre></div>


<p>This is toggled in and passes on the machine.</p>
</li>
<li>
<p>Mattis Lind:</p>
<blockquote>
<p>Would it be any difference if you run the machine at full speed or lower speed or even single step past
this instruction? ... The TIG module has a separate non crystal controlled oscillator which one could
tune for marginal checking.</p>
</blockquote>
<p>Ah, yes, the margining clock!  Always worth a check, and very easy to use with if you have a KM11 handy.
A variety of clock speeds are tried, but the behavior remains the same.</p>
</li>
<li>
<p>Brent Hilpert:</p>
<blockquote>
<p>For consideration, what about the refresh circuitry of the memory board?</p>
<p>Mem diagnostics, unless they explicitly account for it, may not show up problems with memory refresh if
the loop times are short enough to effectively substitute as refresh cycles, while they could show up
later in real-world use with arbitrary time between accesses.</p>
<p>Refresh on some early boards/systems was asynchronously timed by monostables or onboard oscillators
which can drift or fail on the margin/slope. (I don't know what DEC's design policy was for DRAM
refresh). It might also explain why a number of 4116s were (apparently) failing earlier in the efforts
(if I recall the discussion correctly), replacing them might have just replaced them with 'slightly
better' chips, i.e. with a slightly longer refresh tolerance.</p>
</blockquote>
<p>This one also gets some follow-up.  The schematics are consulted, and the MS11-L refresh is seen, indeed,
to be driven by a simple free-running 555.  Further from Brent:</p>
<blockquote>
<p>4116 datasheet specs 2mS, my calcs give a refresh period of 1.5mS, the 14.5uS from the manual would give
1.86 mS, 7% shy of 2. The schematic specs 1% resistors, and the parts list does appear to spec a
high-tolerance "1%200PPM" cap.</p>
<p>Although there are the internal voltage divider Rs in the 555 which are also critical for the timing and
everything is 40+ years old...</p>
</blockquote>
<p>The actual MS11 in use measures out on my 'scope at 15.2us.  From Brent:</p>
<blockquote>
<p>15.2uS gives a 1.95mS refresh, so it's awfully close to the 2mS spec, but still within.  The datasheet I
was looking at doesn't seem to give any spec for tolerance on the refresh so one would guess there's a
safety margin built into the 2mS spec.</p>
</blockquote>
</li>
</ul>
<p>Fritz:</p>
<blockquote>
<blockquote>
<div class="highlight"><pre><span></span>R0 177770
R1 0
R2 0
R3 0
R4 34
R5 444
SP 177760
PC 010210

060: 000000 000020 000001 177770 177774 177777 071554 000000
</pre></div>


</blockquote>
<p>Okay, I've had a bit of time in front of the machine to repro this and take a look.  What I actually see is:</p>
<div class="highlight"><pre><span></span>R0 177770
R1 0
R2 0
R3 0
R4 0
R5 34
R6 141774
PC 000254
</pre></div>


<p>(remember, for the last, this will have been after taking a trap to 250, where I have the usual "BR .+2;
HALT" catcher installed)</p>
<p>Also, memory at 060 (PA:164060) is all zeros as far as the eye can see...</p>
</blockquote>
<p>Then, a big discovery from Noel:</p>
<blockquote>
<p>Argh. (Very red face!)</p>
<p>I worked out the trap stack layout by looking at m40.s and trap.c, and totally forgot about the return PC
(that's the 0444) from the call to trap():</p>
<div class="highlight"><pre><span></span>0001740 000013 141756 022050 000013 000000 000000 000000 000034
0001760 000444 000031 177760 000000 030351 177770 010210 170010
</pre></div>


<p>I clearly should have looked at core(V) in the V6 manual!</p>
<p>The R6 you have recorded is correct for just after the trap; that's the kernel mode SP, which points to the
top of the kernel stack, in segment 6 (in the swappable per-process kernel area, which runs from
140000-1776).</p>
<p>So there is no R5 mystery, I was just confused. Back to the other two!</p>
</blockquote>
<p>But meanwhile, back in front of the actual machine:</p>
<blockquote>
<p>Seeing some quite strange stuff now, after the crash, flipping between "CONS PHY" and "PROG PHY"...</p>
<p>Bits 6-12 are not acting as I would expect, almost as if the KT11 ALU is doing an incorrect operation
(subtraction rather than add!)  </p>
<p>I see these are 74S181 bit slice ALUs, and function code should be hardwired to "A+B"... So that brings us
back around to really checking those supply voltages...</p>
</blockquote>
<p>It turns out the +5V supplies were, in fact, slightly low (about 4.9 or so).  Trimmed these up, and the the
observed problems with bits 6-12 receded, though the "ls" crash remained exactly the same.  It would appear,
though, consistent with remarks above, that the machine has very little undervoltage tolerance on +5V --
certainly less than the documented -5%.</p>
<p>How long had the machine been in this condition, and what else might have been affected?  It could not have
been for very long, since the previously run KT11 diagnostics would certainly have failed.  But the situation
was spooky, and instilled some uncertainty about other data that had recently been retrieved via the front
panel...</p>
<h3>February 5</h3>
<p>Noel clears away one additional address calculation error:</p>
<blockquote>
<p>So I had to grub a bit to find this, but here's what I said:</p>
<blockquote>
<p>With KISA7 at 001641, 0164100 should be the first location after the stack, so 0164060 and up would be
good. They <em>should</em> be:</p>
<div class="highlight"><pre><span></span><span class="mi">060</span><span class="o">:</span> <span class="mi">000000</span> <span class="mi">000020</span> <span class="mi">000001</span> <span class="mi">177770</span> <span class="mi">177774</span> <span class="mi">177777</span> <span class="mi">071554</span> <span class="mi">000000</span>
</pre></div>


</blockquote>
<p>and I have no idea how I screwed the address there up that that badly. The data I'm showing there is the top
(address-wise; i.e. bottom, push-pop-wise) of the user stack, and I think it's correct. However, it's UISA7
which contains 01641, and that's the 'bottom' of that segment. I had previously done the math correctly:</p>
<blockquote>
<p>base of user data is at 0176000 (per UISA1 contents), runs to 0201476 (i.e. plus 03500); the stack would
run from 0201500 to 0204076 (i.e. plus 02400). So the stack segment 'base' would be 020000 below the next
word, or 0164100.</p>
</blockquote>
<p>So physical 0164060 is just in the middle of nowhere; it's somewhere in the middle of the text (which starts
at physical 0161400).</p>
<p>If you could try this again, and check the top of the <em>actual</em> user stack (which will be at physical
0204060-0204076), I'd really appreciate it. I do expect it to be correct: the process core dump has it
correct (as shown by the analysis of argc, argv, etc).</p>
</blockquote>
<p>And I am able to get some consistent, correct, data after the power-supply tune-up:</p>
<blockquote>
<p>Okay, latest numbers for you!</p>
<p>Stack, confirmed:</p>
<div class="highlight"><pre><span></span><span class="n">PA</span><span class="o">:</span><span class="mi">204060</span><span class="o">:</span> <span class="mi">000000</span> <span class="mi">000020</span> <span class="mi">000001</span> <span class="mi">177770</span> <span class="mi">177774</span> <span class="mi">777777</span> <span class="mi">071554</span> <span class="mi">000000</span>
</pre></div>


<p>Text; as I had feared, a few dropped bits there!  Went ahead and grabbed you eight extra words while I was
there:</p>
<div class="highlight"><pre><span></span><span class="n">PA</span><span class="o">:</span><span class="mi">171600</span><span class="o">:</span> <span class="mi">016162</span> <span class="mi">004767</span> <span class="mi">000224</span> <span class="mi">000414</span> <span class="mi">016700</span> <span class="mi">016152</span> <span class="mi">016702</span> <span class="mi">016144</span>
<span class="n">PA</span><span class="o">:</span><span class="mi">171620</span><span class="o">:</span> <span class="mi">004767</span> <span class="mi">000206</span> <span class="mi">000405</span> <span class="mi">012404</span> <span class="mi">012467</span> <span class="mi">016124</span> <span class="mi">000167</span> <span class="mi">177346</span>
</pre></div>


<p>In disassembly from 171602, this yields:</p>
<div class="highlight"><pre><span></span><span class="mi">171602</span><span class="o">:</span>   <span class="n">JSR</span>     <span class="n">PC</span><span class="o">,</span><span class="mi">172032</span>
<span class="mi">171606</span><span class="o">:</span>   <span class="n">BR</span>      <span class="mi">171640</span>
<span class="mi">171610</span><span class="o">:</span>   <span class="n">MOV</span>     <span class="mi">7766</span><span class="o">,</span><span class="n">R0</span>
<span class="mi">171614</span><span class="o">:</span>   <span class="n">MOV</span>     <span class="mi">7764</span><span class="o">,</span><span class="n">R2</span>
<span class="mi">171620</span><span class="o">:</span>   <span class="n">JSR</span>     <span class="n">PC</span><span class="o">,</span><span class="mi">172032</span>
<span class="mi">171624</span><span class="o">:</span>   <span class="n">BR</span>      <span class="mi">171640</span>
<span class="mi">171626</span><span class="o">:</span>   <span class="n">MOV</span>     <span class="o">(</span><span class="n">R4</span><span class="o">)+,</span><span class="n">R4</span>
<span class="mi">171630</span><span class="o">:</span>   <span class="n">MOV</span>     <span class="o">(</span><span class="n">R4</span><span class="o">)+,</span><span class="mi">7760</span>
<span class="mi">171634</span><span class="o">:</span>   <span class="n">JMP</span>     <span class="mi">171206</span>
</pre></div>


<p>...which looks at least like feasible code, if not the code we are expecting?</p>
</blockquote>
<p>Last, a note on procedure for using the front panel to verify KT11 address mappings:</p>
<blockquote>
<p>The way this works is you select the mapping set you want (in our case, USER I) with the top knob on the
console, then toggle in a <em>virtual</em> address, hit "LOAD ADRS", and then when you hit "EXAM" it maps your
provided address through the selected set.  Under these circumstances, I'll also see the "KERNEL" light go
out and the "USER" light light up on the front panel indicating the active mapping set.  You can then flip
to "PROG PHY" to see the mapped-to physical address.  This is not explained very clearly in the handbooks;
it took me a little experimentation to figure out how to do it.</p>
<p>Anyway, in our case, I toggle in "10210", and can read out "171610".</p>
</blockquote>
<h3>February 6</h3>
<p>Noel:</p>
<blockquote>
<blockquote>
<p>In disassembly from 171602, this yields: ...which looks at least like feasible code</p>
</blockquote>
<p>The first 4 words, yes, but not the rest. (Oh, and your disassembly is wrong; you used PA addresses, not
VA.)</p>
<p>But excitingly, that <em>could</em> explain the MM trap, since 16700/16152 at VA: 010210 gives us:</p>
<div class="highlight"><pre><span></span>MOV 26364, R0
</pre></div>


<p>and that address is in segment 1, which is only 03500 long...</p>
</blockquote>
<p>Fritz:</p>
<blockquote>
<p>Also, that exact sequence does occur in the ls binary!</p>
<p>From last night:</p>
<div class="highlight"><pre><span></span><span class="n">PA</span><span class="o">:</span><span class="mi">171600</span><span class="o">:</span> <span class="mi">016162</span> <span class="mi">004767</span> <span class="mi">000224</span> <span class="mi">000414</span> <span class="mi">016700</span> <span class="mi">016152</span> <span class="mi">016702</span> <span class="mi">016144</span>
<span class="n">PA</span><span class="o">:</span><span class="mi">171620</span><span class="o">:</span> <span class="mi">004767</span> <span class="mi">000206</span> <span class="mi">000405</span> <span class="mi">012404</span> <span class="mi">012467</span> <span class="mi">016124</span> <span class="mi">000167</span> <span class="mi">177346</span>
</pre></div>


<p>And from an od on bin/ls:</p>
<div class="highlight"><pre><span></span>0004220 016162 004767 000224 000414 016700 016152 016702 016144
0004240 004767 000206 000405 012404 012467 016124 000167 177346
</pre></div>


</blockquote>
<p>All together, this brings us to a significant juncture in the debug effort: the power supply issue has been
addressed, and various red herring have been cleared away.  Pre-conditions which exactly match the observed
fault are apparent.  We are left with a single, consistent, and reproducible issue: part of the process
address space ends up holding the wrong part of the program text.  But how, and why?</p></div>
    <hr />
</div>
    

        

<div class='article'>
    <div class="content-title">
        <a href="https://fritzm.github.io/ecos.html"><h1>PDP-11/45: ECOs</h1></a>
Sun 07 June 2020

by <a class="url fn" href="https://fritzm.github.io/author/fritz-mueller.html">Fritz Mueller</a>
 


 
    </div>
    
    <div><p><em>[A catch-up article, documenting discoveries of Jan/Feb 2019 and some additional research while writing
up.]</em></p>
<p>Okay, per last article, specifics of parity-handling on my CPU indicate that it is missing several significant
ECOs.  I spent some time seeing if I could dig up and/or puzzle out more details on ECOs issued for the CPU,
MMU, FPU, chassis, power supplies, and peripherals.  What I could find I will summarize here.</p>
<h3>ECO Designations</h3>
<p>This material is excerpted from
<a href="http://bitsavers.org/pdf/dec/pdp8/pdp8e/PDP-8E_ECO_LOG_Dec74.pdf">PDP-8E_ECO_LOG_Dec74.pdf</a> on bitsavers. Of
particular note is the distinction between "ECOs", implemented at the factory, and "FCOs", designed to be
implemented in the field.  The latter are distinguishable by the presence of an additional letter inserted in
their identifier:</p>
<blockquote>
<p><strong>ECO IDENTIFIER</strong></p>
<p>Every ECO that is issued for a product is entered in the DEC-O-LOG with an identification number that
includes the equipment type or option number, followed by a unique sequential number. For example, the ECO
identifier “LA30-00053" is assigned to the 53rd ECO issued for the LA30 DECwriter.</p>
<p><strong>FIELD DISTRIBUTION</strong></p>
<p>Depending upon the nature of the engineering change, ECOs are categorized in one of five groups, which are
assigned letter codes <em>F, D, DF, P, and M.</em> The appropriate field distribution code for the ECO appears on
the first line of the DEC-O-LOG entry. </p>
<p><ul>
<em>F Code:</em> When the ECO has been engineered for field retrofit, it is coded “F”. <em>A Field Change Order</em> (FCO)
is prepared by Field Service. The FCO provides a complete description of the engineering change and includes
instructions for making the change to existing equipment installations.</p>
<p>When an F-coded ECO is issued, a letter code is inserted as the first character of the sequential ECO
identifier number. The letter code indicates the level of urgency or importance of the ECO as follows:</p>
<p><ul><pre style="border: none; background-color: inherit">
A   Mandatory change - highest priority      D   Low Priority change
B   Mandatory change                         E   Optional change for product improvement
C   Mandatory change if specified
    trouble symptoms are observed
</pre></ul></p>
<p><ul><ul><ul>
<div style="text-align:center"><strong>NOTE</strong></div></p>
<p><strong>All ECOs issued for a product are entered into the DEC-O-LOG. Usually, the publication process that
produces updated DEC-O-LOG pages is triggered by an F-coded ECO. At that time, any D, DF, P, or M-coded ECOs
that precede the latest FCO are also published to provide a complete history of all ECO activity for the
product.</strong>
</ul></ul></ul></p>
<p><em>D Code:</em> An ECO that changes the design of an equipment in production is coded “D”. This category includes
changes to: </p>
<p><ul>
Production models, as a normal step in the design phase of a new product.</p>
<p>All future production units of a specific equipment type or option, and the ECO is not to be retrofitted. </p>
<p>Production units that include special features ordered by a specific customer. 
</ul></p>
<p>ECOs that are coded “D” are not retrofitted into existing units installed in the field. They are entered in
the DEC-O-LOG for information purposes, and customers can purchase them from DEC.</p>
<p><em>DF Code:</em> The “DF" field distribution code is assigned to ECOs that change the design of products that have
been released to the field in limited quantity, when the retrofit is essentially a part of the design
process.</p>
<p><em>P Code:</em> When an ECO is issued solely for the purpose of changing engineering drawings or other engineering
documentation, it is coded P (for Prints).</p>
<p><em>M Code:</em> When an ECO is issued to change mechanical parts, structural components, or other items that do
not affect existing units in the field, it is coded "M". M-coded ECOs cannot be purchased for retrofit.
</ul></p>
<p><strong>ML, DD, and WL REVISIONS</strong></p>
<p>A <em>Master Drawing List</em> (ML) or a <em>Drawing Directory</em> (DD) lists all engineering drawings included in the
engineering drawing set for a specific product or option. If an ECO causes any drawing in that set to be
revised, the ML or DD is revised to indicate the latest revisions of all drawings in the set. The revision
code for the ML or DD that reflects the ECO is included in the first line of that ECO entry in the
DEC-O-LOG.</p>
<p>A <em>Wire List</em> (WL) is used to indicate all wired connections for an equipment or option System Unit. If an
ECO calls for changes in this wiring, the WL is appropriately revised. The revision code for the WL that
reflects the ECO is included in the first line of that ECO entry in the DEC-O-LOG.</p>
</blockquote>
<h3>DEC-O-LOGs on Bitsavers</h3>
<p>Unfortunately, at time of writing the selection of DEC-O-LOGs archived at bitsavers
(<a href="http://bitsavers.trailing-edge.com/pdf/dec/fieldService/dec-o-log/">here</a>) is pretty sparse with respect to
the '11/45.  There is a 1974 log for the M8105 TMC CPU board, a 1973 log for the M8108 SSR MMU
board, and that's pretty much it for the '11/45 :-(</p>
<p>Here's an entry from the M8105 log that <em>is</em> found there, relating to the subject of the previous article:</p>
<p><img style="display:block; margin-left:auto; margin-right:auto" src="/images/pdp11/M8105-D0005.jpg" title="FCO
M8105-D0005"/></p>
<p>Unfortunately, no cut/jump list here (some log entries do contain these).  There is a bunch of useful info to
be gleaned, though:</p>
<ul>
<li>
<p>The complete trap parity to 114 mod involved all of the M8100 (DAP), M8103 (RAC), M8105 (TMC), M8106 (UBC)
  boards, plus mods to the processor wire-wrap backplane.</p>
</li>
<li>
<p>All of these FCOs are given prefix "D", meaning DEC viewed fixing these in the field as "low priority".</p>
</li>
<li>
<p>A <em>reason</em> for the change is given: "Parity errors are time consuming to detect..."  I suppose what they
  mean is that adding code to sniff for possible parity errors, in order to distinguish these from other
  possible sources of trap 4, was getting in the way of handling the other trap 4 sources promptly.  I can't
  see that there would be any difference in processor overhead per se in dispatching between vector 4 and
  vector 114?</p>
</li>
<li>
<p>Machines which would trap parity to 114 as-delivered were phased into production starting in March 1973.
  This is consistent with the low serial number and component date codes in my machine, confirming its
  manufacture somewhere in 1972.</p>
</li>
<li>
<p>The note about the MS11-B/C (M8110 SMC) is also interesting, in conjunction with fact that the re-work
  is called out for "all core-parity PDP-11/45's".</p>
</li>
</ul>
<h3>PDP-11/45 11/50 MOS Memory Troubleshooting Guide</h3>
<p>As it turns out, <a href="http://www.bitsavers.org/www.computer.museum.uq.edu.au/pdf/DEC-11-HMSTS-A-D%20PDP-11-45,%2011-50%20MOS%20Memory%20Troubleshooting%20Guide.pdf">this
document</a>
is a bit of a gold mine, containing a complete list of ECO's for the '11/45 CPU/MMU/FPU modules, console, and
backplane, as of 1974. There are brief notes, dates, and revision codes for each.</p>
<p>In the case of the M8105, we can compare this with the DEC-O-LOG we do have on bitsavers.  This shows that the
"Notes" in the troubleshooting guide in some cases give information not included in the corresponding
DEC-O-LOG entries.  For example, the DEC-O-LOG entry for M8105-00002 says only:</p>
<ul><blockquote>
Change disable gate in priority arbitration.
</blockquote></ul>

<p>...while the troubleshooting guide offers a bit more explanation:</p>
<ul><blockquote>
Corrects FP TRAPS to location 4 where BRs below 7 occur at the same time.
</ul>

</blockquote>

<p>The troubleshooting guide also calls out several "clusters" of interdependent ECOs:</p>
<ul>
<li>
<p><strong>Parity</strong>, as remarked above: M8100-00003, M8103-00005, M8105-00005, M8106-00007/00008/00012/00012A,
  KB11-A-00015, and M8110-00018.</p>
<p>Separately, M8106-00003, from August 1972, is annotated "Adds disable jumper for UNIBUS PARITY", as
observed missing in my hardware in the previous article.</p>
</li>
<li>
<p><strong>CMP.B, BIT.B</strong>: M8100-00002A, KB11-A-00006.  These are dated June, 1972.  Hmm, I should check these
  instructions on my machine...</p>
</li>
<li>
<p><strong>Speed-up</strong>: M8104-00002, M8106-00005A, KB11-A-00012A/00013.  Not sure what is "sped up" here, but perhaps
  Unibus signaling; the M8106 change is annotated "Clear MSYN with T1".</p>
</li>
</ul>
<p>Also of note are a few items that seem to relate directly to previously observed behaviors of my machine:</p>
<ul>
<li>
<p><strong>KM11 uPB</strong>: M8109-00015 "CPU fails to halt on selected ROM state when micro program break mode is set on
  maintenance card. Detected when running a test sequence not containing a pause, i.e., 150ns cycle time."  Ah
  ha!  I had run across this (mis)behavior previously, noted <a href="https://fritzm.github.io/diagnostics-5.html">here</a>.</p>
</li>
<li>
<p><strong>Slots 26-28</strong>: KB11-A-0008 "Signal missing in small peripheral controller slots in KB11-A (slots 26-28)."
  Another ah ha...  This seems likely related to issues noted <a href="https://fritzm.github.io/serial-console.html">here</a>.</p>
</li>
<li>
<p><strong>Burnt +5V Trace</strong>: KB11-00001: "Reworks backpanels with 24 AWG wire in parallel with +5 V etch."  This may
  explain the burnt trace and "extra red wire" as noted <a href="https://fritzm.github.io/initial-power-on.html">here</a>. </p>
</li>
</ul>
<h3>Jay Jaeger DEC-O-LOG Microfiche Transcriptions</h3>
<p>After an ask on the cctalk mailing list, Jay Jaeger commented that he has some complete sets of DEC-O-LOGs on
microfiche!  Though he has no equipment with which to scan fiche, he very kindly took the time to manually
transcribe those that seemed like they might be of most interest to me (thanks, Jay!) Jay has made his
transcriptions publicly available <a href="https://drive.google.com/open?id=0B2v4WRwISEQRWWFFdVpCZWFTZEU">here</a>, under
pdf/dec/fieldService/dec-o-log.</p>
<p>There is a lot there, and it's worth a read.  Here are some excerpts I found relevant to discussions and
investigations here:</p>
<ul>
<li>
<p>On the parity rework:</p>
<blockquote>
<p>M8100-C0003  CODE: F  CS C  Etch C  JAN-73 [FCO]</p>
<p>Problem: Parity errors require the generation of trap vector 114<br>
Correction: Modify trap vector logic<br>
Required on all 11/45 systems with parity</p>
</blockquote>
<p>

<blockquote>
<p>M8103-C0005  CODE: F CS F  MAR-73  [FCO]</p>
<p>Problem: Parity errors need special abort logic to assert ZAP signal<br>
Correction:  Modify ZAP gate on RACA</p>
</blockquote>
<p>

<blockquote>
<p>M8105-D0005  CODE: F   CS F  MAR-73  [FCO]</p>
<p>Parity errors are time consuming to detect through vector 4.  Core parity requires these changes:
M8100-D0003, M8103-D0005, M8105-D0005, M8106-D0007, KB11A-D0015 and M8106-D0008</p>
<p>FCO's may be installed separately - each FCO relies upon the others only to fully implement parity.</p>
<p>NOTE: MS11-B/C semiconductor parity memories with etch revision B M8110s will NOT function properly
with these FCOs. A new M8110 is being designed to function with these FCOs.</p>
</blockquote>
<p>

<blockquote>
<p>M8106-D0007  CODE: F   CS:  J  [FCO]</p>
<p>Problem: Parity errors are time consuming to detect through vector 4<br>
Correction Allow processor to trap to 114 for parity errors.</p>
</blockquote>
<p>

<blockquote>
<p>M8106-D0008  CODE: F  CS:  K  MAR-73  [FCO]</p>
<p>Problem: UNIBUS parity errors cause machine to halt<br>
Correction: Disable UBCB UNI PERF [ 1 ] L from generating UBCB PARITY ERR SET L.</p>
</blockquote>
<p>

<blockquote>
<p>M8106-C0012  CODE: F  CS:  M  JUN-73  [FCO]</p>
<p>Problem: MOS Parity memory is too tight<br>
Correction:  Strobe parity errors sooner<br>
NOTE: See M8106-C0012A</p>
<p>Rework in parity systems with M7259 or etch revision C M8110s, rework all systems with parity and all
PDP11-45s at next PM.</p>
<p>M8106-C0012A  CODE: F  JUN-73  [FCO]</p>
<p>The rework procedure in M8106-C0012 in steps #25 and #26 incorrectly references an R22.  Should be R20.</p>
</blockquote>
<p>

<blockquote>
<p>KB11A-D0015 CODE: F  DD:M  WL:L  [FCO]  MAR-73</p>
<p>Problem: Detection of parity errors through vector 4 is slow.<br>
Correction:  Detect parity errors through vector 114.</p>
<p>Wire Adds: D11D2 to A06P1, E12A1 to F11F1, C09K1 to E12A1</p>
<p>NOTE: This FCO must be installed in conjunction with the following FCOs to implement core parity:
M8100-D0003, M8103-D0005, M8106-D0007 and M8106-D0008. Each of these related FCOs may be installed
separately.</p>
<p>Note that MS11-B/C semiconductor parity memories with etch revision B M8110s will NOT function properly
when above FCOs are installed. A new M8110 is being designed to function with these FCOs.</p>
</blockquote>
<p>Okay, much of this confirms deductions worked out in the previous article.  The big additional clue here
is that we actually have the backplane wire adds this time!</p>
<ul>
<li>
<p>D11D2 to A06P1: This forwards UBCB PARITY ERR L, already at the TMC card, on to DAPE E7.  This provides
  parity condition input to the extended trap vector generation logic explored in the previous article.</p>
</li>
<li>
<p>E12A1 to F11F1 and C09K1 to E12A1: These relate to enhanced abort processing -- they distribute UBCB PE
  ABORT L to TMCC E87, TMCE E38, and RACA E52, which I have not previously inspected.</p>
</li>
</ul>
<p>Looking at the RAC changes first, we have this:</p>
<p><img style="display:block; margin-left:auto; margin-right:auto" src="/images/pdp11/RACA-ZAP.jpeg"
title="RACA ZAP"/></p>
<p>...which, per expectation, is not implemented on the RAC board I am running; no connection from CK1 to
E52, and no connection from E52 to E101.  The ZAP signal is used to force the microcode counter to 200 on
a trap or on power up, kicking off the exception handling microcode flow on sheet FLOWS 12.  I'm not sure
why parity required special plumbing here; by my read a parity error should end up setting TMCC ABORT H
which should also result in a ZAP?.  My guess would be the special plumbing allows the trap to be taken at
an earlier clock phase?</p>
<p>On the TMC we have these:</p>
<p><img style="display:block; margin-left:auto; margin-right:auto" src="/images/pdp11/TMCC-E87.jpeg"
title="TMCC E87"/>
<p>
<img style="display:block; margin-left:auto; margin-right:auto" src="/images/pdp11/TMCE-E38.jpeg"
title="TMCE E38"/></p>
<p>Also related to abort signaling, and also not implemented on my machine (no connection from FF1 to E87 or
E38, pins 12 and 10 common on E38).  So perhaps the reason to move parity to its own trap vector wasn't to
avoid extra discrimintation logic in the trap 4 handler, but rather to enable an accelerated abort path
without affecting extablished behavior of the other machine exceptions on vector 4?  Curious...</p>
</li>
<li>
<p>On CMP.B, BIT.B:</p>
<blockquote>
<p>M8100-A002A  CODE:  DF  JUN-72  [FCO]</p>
<p>Problem:  Disposition code on M8100-A0002 is 02: phase-in<br>
Correction:  Change to code 03: rework immediately.<br>
Problem:  CMP.B and BIT.B instructions with SM0 and DM0 and DF7 will destroy the PC<br>
Correction:  Inhibit PCB clock under those conditions</p>
</blockquote>
<p>The troubleshooting guide mentions that that this change also needs KB11-A-00006, but that is not included
in Jay's transcript (bummer).</p>
<p>In any case, the description here tells us a lot more about the exact nature of the bug.  <code>SM0</code>, <code>DM0</code>,
<code>DF7</code> here are microcode conditions; collectively this description implicates a CMP or BIT instruction,
either byte or word length, with two registers as arguments, and the second argument being the PC (R7).</p>
<p>CMP or BIT should <em>not</em> modify their second argument, but inspection of the the microcode flows shows that
under this particular set of conditions the flow (<code>FET.00</code>, <code>FET.10</code>, <code>IRD.00</code>, <code>EXC.90</code>) is shared with
many other E/class instructions which <em>should</em> do. So an update inhibit derived from existing microcode
outputs to distinguish this particular set of conditions is needed, and thus this FCO.</p>
<p>Here again the schematics hold some clues.  The relevant bit is the net for CLKPCB H on drawing DAPJ:</p>
<p><img style="display:block; margin-left:auto; margin-right:auto" src="/images/pdp11/DAP-CLKPCB.jpeg"
title="DAPJ CLKPCB H"/></p>
<p>The AND terms of E42 serve as inhibits for the update signal, which otherwise sources from TIGC T1 H via
E43.  The top three terms in the diagram inhibit on cases of <code>UPCB=2 * ~SF7</code>, <code>UPCB=0</code>, or <code>UPCB=3 *
~DF7</code> (with some term elimination on the first case).  This would be the vanilla implementation of the
UPCB microcode signals.</p>
<p>The bottom-most AND term seems to be the one involved in the FCO.  This adds an additional inhibit,
<code>UPCB=3 * ICLASS * UPWE</code>, which would be active in the situation described in the FCO description.  Some
minor additional clues here are that the handwriting for the signal names here doesn't quite match the
rest of the drawing and that the backplane pin assignment for bringing in UPWE00 is not contiguous with
the others in this net; together these suggest revision.  From this we could also guess that the missing
corresponding KB11-A-00006 probably involves bringing signal RACB UPWE00 H to pin E06V2.</p>
<p>Inspection of my DAP modules shows the predicted changes implemented around E42 with green-wires, so it
looks like my machine <em>did</em> get this FCO, either in the factory or the field:  </p>
<p><img src='/images/pdp11/DAP-E42_thumbnail_tall.jpeg' title='Evidence of FCO M8100-A00002A around E42 on DAP board' onclick='pswipe("pdp11",84);'/></p>
<p>Next time I have the machine fired up I'll experiment with some BIT instructions from the front panel and
make sure.</p>
</li>
<li>
<p>On the "speedup" fixes:</p>
<blockquote>
<p>M8106-A0005  CODE: F  CS:  F  DEC-72  [FCO]</p>
<p>Problem: Present board not meeting cycle time specifications for UNIBUS.<br>
Correction: Add logic changes.<br>
NOTE: This FCO must be installed in conjunction with FCO KB11A-A0012</p>
</blockquote>
<p>

<blockquote>
<p>M8106-A005A  CODE: F  JAN-73  [FCO]</p>
<p>Problem 1: Rework procedure in M8106-A0005 is incorrect.<br>
Correction 1:<br>
&nbsp;&nbsp;In step #2 changed E83-11 to E83-13<br>
&nbsp;&nbsp;In step #4 change R23 to R22<br>
Problem 2: The assembly hole drawing does not specify which side of the board etch cut #13 is on<br>
Correction 2:  Side 2</p>
</blockquote>
<p>

<blockquote>
<p>KB11A-A0012  CODE: F  DD: J  WL: J  DEC-72 [FCO]</p>
<p>Problem: 11/45 processor does not meet UNIBUS cycle time specification.<br>
Correction: Correct KB11-A back panel attached ADD/DELETE sheet and install FCO M8106-A0005 to UBC
module.</p>
</blockquote>
<p>

<blockquote>
<p>KB11A-A012A  CODE: F  DEC-72 [FCO]</p>
<p>Problem: Not all the add/deletes listed on sheet 2 of KB11A-A0012 are necessary for this retrofit.<br>
Correction: use the ADD/DELETE sheet included in this supplement for FCO KB11A-A0012.</p>
</blockquote>
<p>

<blockquote>
<p>KB11A-E0013 CODE: F  DD: K  WL: K  JAN-73 [FCO]</p>
<p>Problem: Improve performance of PDP-11/45 processor as UNIBUS master.<br>
Correction: Revise KB11-A Wire List as defined the ADD/DELETE sheet and install etch revision C M8104
module</p>
<p>NOTE: This FCO completes the total FCO package necessary for improving the speed performance of the
PDP-11/45 with core memory.  Note prerequisite FCOs are KB11A-A0012, KB11A-A012A and M8106-A0005.</p>
</blockquote>
<p>Well, definitely Unibus timing related then.  There is not very much info to start from here, and logs for
the M8104 module are also missing from Jay's transcripts (perhaps not issued since no F-coded ECOs for 
this board?)</p>
<p>We <em>do</em> see from above, though:</p>
<ul>
<li>Involvement of M8106 E83 (sheet UBCB, driving CLR DESKEW L). Handwriting and "white out" artifacts
  around this gate on the engineering drawings also suggest rework.</li>
<li>Involvement of M8106 R22 (also sheet UBCB, pull up on fastbus parity error handling)</li>
<li>The troubleshooting guide annotates M8106 00005 "CLR MSYN with T1". Handwriting mismatch on the clock
  input of the MSYN flip-flop (sheet UBCB, E79) may be related.</li>
<li>At least 13 etch cuts existed in the FCO (!)</li>
</ul>
<p>Looking through the drawings a bit more here after this, I noticed for the first time (doh!) that there is
an updated set of Unibus timing diagrams <em>explicitly</em> to be used with M8104 rev C and post- KB11-A-E00013.
The differences seem to be around the bus long pause cycle.  This prompted another look through the 1972
and 1976 KB11-A maintenance manual, and sure enough, in section 8.7.2 of the 1976 version we find:</p>
<blockquote>
<p>ECO KBl l-A No. 13 ("Speed-up ECO"), in conjunction with Revision C or higher of the PDR Module (M8104),
has changed the data transfer operations. Explanations of both versions are presented in this paragraph.
(In general, ECO KB11-A No. 13 eliminated the bus long pause cycle.)</p>
</blockquote>
<p>...followed by much description of the signalling differences between pre- and post- KB11-A-E00013
machines. This can definitely be mined for further clues.</p>
<p>I did verify that at least some of this rework is <em>not</em> implemented on my M8106 boards (specifically,
configuration of E83 on my boards does not match either of the apparent revisions in the drawings).
Definitely a lot more work to do puzzling this one out.  Even though I'll continue to investigate the
details of this change, it probably ends up being too much to undertake without complete documentation.</p>
</li>
<li>
<p>On KM11 uPB Break:</p>
<blockquote>
<p>M8019-C0015  CODE: F  CS: R  CS: M3  APR-74 [FCO]</p>
<p>Problem:  CPU fails to halt on selected ROM state when Micro Program break mode is set on maintenance
card.  The problem is detected when running a test sequence not containing a pause 150 nsec cycle time.
Correction:  Delete U/L: CTRL latch flipflop and add latch at input gating.  Test by running a branch
dot with ROM match at 343.</p>
<p>FOR ETCH REVISION C:</p>
<p>Cuts:<br>
&nbsp;&nbsp;Side 2 at E12 pin 9<br>
&nbsp;&nbsp;Side 2 E32 pin 9 to E31 pin 13<br>
&nbsp;&nbsp;Side 2 E32 pin 9 to E32 pin 10<br>
&nbsp;&nbsp;Side 2 at E42 pin 13<br>
&nbsp;&nbsp;Remove jumper E22 pin 14 to E35 pin 7</p>
<p>Jumpers:<br>
&nbsp;&nbsp;E12 pin 9 to E22 pin 11<br>
&nbsp;&nbsp;E42 pin 13 to E35 pin 7<br>
&nbsp;&nbsp;E42 pin 8 to E32 pin 9<br>
&nbsp;&nbsp;E32 pin 10 to E31 pin 13</p>
<p><em>(etch revision F instructions ellided; in Jay's transcript linked above)</em></p>
<p>NOTE: Etch revision F boards are reworked from CS revision P to R.  Etch revision C boards are reworked
from CS revision M2 to M3.</p>
</blockquote>
<p>My M8109 timing generator is etch C.  There are a lot of ECOs on this board, culminating in CS level M2
ahead of this FCO.  In principle, many/most of these are verifiable by inspection, based on information
contained in Jay's transcripts.</p>
<p>This one is a bit deep, and I haven't really covered much about the M8109 yet.  I'll probably take up
analysis of this problem, the associated FCO fix, and inspection/determination of the revision level of
my board as its own topic in a future article.  I'd like to implement this fix if it proves not
overly complicated.</p>
</li>
<li>
<p>On slots 26-28:</p>
<blockquote>
<p>KB11A-B0008  CODE: DF  DD: E  WL: E  SEP-72  [FCO]  </p>
<p>Problem:  Small peripheral controller slots in KB11-A panel, slots 26 thru 28, are not wired to accept
some quad module controllers: NPG, PA, PB, LTC, ACLO, DCLO and +15V are missing. Correction:  Revise
wiring to include signals listed above.</p>
</blockquote>
<p>Wow, lots missing from these slots besides the +15V and NPG I had noticed.  In other correspondence, Jay
mentions that the DL11 (with which I was having trouble in these slots) is explicitly mentioned elsewhere
in this FCO.</p>
</li>
<li>
<p>On the burnt-trace / extra wire situation:</p>
<blockquote>
<p>KB11-00001  CODE: D  May-72  [ECO]  </p>
<p>Problem: Etch carrying +5V current from Mate-n-Lock pins to backpanel pins is not heavy enough to carry
required current. Correction:  Run 24AWG wire in parallel with etch on panels which already have
Mat-n-Lock assembly installed.  Increase thickness of conductor with solder bead if Mate-n-Lock assembly
not installed. PDP-11/45 system serial number 101 and later.</p>
</blockquote>
<p>Sounds about right, though the excerpt does not mention the exact trace or connector.</p>
</li>
</ul>
<p>There are a good handful of others described in the DEC-O-LOG transcriptions as well.  Probably worth making a
chronological (rather than topical) pass through each of the logs and each of my boards.  For another time...</p>
<h3>Things still sought</h3>
<ul>
<li>
<p>Somebody to scan Jay's DEC-O-LOG fiche, so the complete contents can be made available on bitsavers.  Jay
  kindly offered to lend these out to have them scanned.  If you have the equipment for this and would be
  interested in helping out, please drop a line on the cctalk mailing list!</p>
</li>
<li>
<p>Information from FCO "kits", including cut/jump lists, diagrams, and instructions.  I've not yet seen any
  of these, so I'm unsure what form they take, or where we might find them?</p>
</li>
<li>
<p>Alternate versions of the '11/45 engineering drawings.  These can be quite useful for puzzling out the
  contents of ECOs by visually "diffing" them.  So far I have only seen the June 1974 and April 1976 versions,
  which are currently available at bitsavers.</p>
</li>
<li>
<p>PDP-11/45 backplane wirelists.  I have never seen one of these.  The wirelist section in the commonly
  available PDP-11/45 engineering drawing sets actually describes the power harness, and not the backplane.</p>
</li>
</ul></div>
    <hr />
</div>
    

        

<div class='article'>
    <div class="content-title">
        <a href="https://fritzm.github.io/parity-handling.html"><h1>PDP-11/45: Parity error handling</h1></a>
Mon 25 May 2020

by <a class="url fn" href="https://fritzm.github.io/author/fritz-mueller.html">Fritz Mueller</a>
 


 
    </div>
    
    <div><p><em>[A catch-up article, documenting events of Jan/Feb 2019.]</em></p>
<p>At the end of the previous article, a bunch of repairs had been made to my MS11-L memory board.  The
associated MAINDEC diagnostic ZQMC was able to run cleanly <em>but only with parity tests disabled</em>.  When parity
tests were enabled, the parity fault LED on the MS11 would light (expected) and the machine would halt with
ADRS ERR lit (unexpected...)</p>
<p>So the first step is to read and research how memory parity handling is implemented on the KB11-A CPU.
Immediately here we run into some trouble:</p>
<ul>
<li>
<p>The 1973 edition of the 11/45 Processor Handbook has a section 2.5.6, "Memory Parity", which states: "Parity
  errors cause the Central Processor to either trap through location 4 or to halt."  There is also an Appendix
  E, "Memory Parity", which details CSRs for parity memory:</p>
<p><img style="display:block; margin-left:auto; margin-right:auto" src="/images/pdp11/memory-csr-73.png" title="1973 Memory CSR"/></p>
<p>It is stated there that there are 16 of these, at addresses 772110-772146, each corrsponding to an 8K word
block of address space.</p>
<p>By the 1976 version of the processor handbook, however, all of this information had been expunged. The new
Appendix A, "UNIBUS Addresses", lists range 772110-772136 simply as "UNIBUS memory parity".  Here, trap 4
is listed as "CPU errors", and trap 114 is listed as "Memory system errors".  All subsequent revisions of
the handbook state unambiguously that parity errors generate a trap 114.</p>
</li>
<li>
<p>What do the KB11-A processor maintenance manuals have to offer?  Paragraph 7.7.7 of the 1972 KB11-A
  maintenance manual states:</p>
<blockquote>
<p>A Parity error on the Unibus A is indicated by BUSA PA L high and BUSA PB L low.  The parity error
causes UNI PERF (Unibus parity error flag) to be set when MSYN is cleared.  UNI PERF (1) L asserts UBCB
PARITY ERR SET L during the pause cycle, which sets the console (CONF) flag and halts the CPU.</p>
<p>The semiconductor memory control EHA and EHB (enable halt) flip-flops may be set under program control
to assert SMCB PE HALT if a parity error is detected.  This input also asserts UBCB PARITY ERR SET L,
which sets the console flag and halts the CPU.  Thus, if either a Unibus A parity error or SMCB PE HALT
L is asserted, the processor will be vectored to trap when the CONT switch is pressed.</p>
</blockquote>
<p>Note that this text addresses how the CPU handles detected parity errors in both Unibus (first paragraph)
and fastbus (second paragraph) memory systems.  Unibus parity errors are stated to set the CONF flag and
halt the CPU, just as I am seeing on my system...  Fastbus parity handling (halt first vs. direct trap)
can further be mediated by EHA and EHB, called out here to drawing SMCB in the MS11-B/C fastbus
semiconductor memory print set.</p>
<p>But here, too, by the time we get to the later revision 1976 KB11-A,D maintenance manual, this information
is revised. The updated description makes no further mention of CONF, halting, or halt control, and seems
to imply that all reported parity conditions trap directly through 114.</p>
</li>
<li>
<p>How about contemporaneous memory systems?  The MS11-B/C solid state memory systems released with the 11/45
  (note: not what I'm running; I have the much later MS11-L) consisted of either MOS or bipolar memory
  matrices with an associated controller card (the M8110).  These supported both Unibus and fastbus interfaces.
  Here, in the 1972 schematics, we see the implementation of the EHA/EHB halt control bits, mentioned above,
  in the upper left of sheet SMCB:</p>
<p><img style="display:block; margin-left:auto; margin-right:auto" src="/images/pdp11/ms11-eha-ehb.png" title="MS11 halt control bits"/><br></p>
<p>We can see the bit assignments here match the CSR layout from the 1973 processor handbook, and the
associated MS11 maintenance manual from 1973 also describes them in its table 3-12:</p>
<p><img style="display:block; margin-left:auto; margin-right:auto" src="/images/pdp11/ms11-table-3-12.png" title="MS11 CSR w/ halt control bits"/></p>
<p>And once again, by the 1974 revision of the same maintenance manual, no surprise: descriptions of the halt
control bits have been expunged from table 3-12.  Okay, we're starting to get a consistent picture here...</p>
<p>I don't know much about the core memory systems that were configured with the early 11/45s?  It would be
interesting to know if anything other than the MS11-B/C ever supported this older CSR layout.</p>
</li>
<li>
<p>Let's have a look at the KB11-A engineering drawings themselves.  The set I've been using during my
  restoration dates from 1974.  The first, most obvious, place to look is trap vector generation; this is
  accomplished on the lower left of drawing DAPE:</p>
<p><img style="display:block; margin-left:auto; margin-right:auto" src="/images/pdp11/trap-vector-decode.png" title="KB11-A trap vector generation, circa 1974"/></p>
<p>This small combinational net feeds trap vector bits to the K1MX constant multiplexer. One non-obvious
wrinkle noted elsewhere on the drawing: vectors generated for reserved instruction (004), EMT (014), and
TRAP (016) are further left-shifted, downstream, by microcode (state RSD.10, drawing FLOWS 12) to result
in 010, 030, and 034 respectively.  That's not strictly relevant to the discussion at hand, but might be
helpful if pondering the logic implemented in the diagram above.</p>
<p>This drawing is definitely from the "post 114" era.  On a parity error, we'll have ~IOT and ~PIRQ and
~SEGT, together driving TV02 high; that's our traditional vector 004. But here we also see UBCB PE TRAP
(1) L, active low, entering from the left. When driven low, we'll get TV03 and TV06 high as well, all
together generating vector 114.</p>
<p>Here we can see some clues, too, of how the change to 114 might have been bodged in: as drawn, TV01, TV02,
TV03, TV04 and TV05*07 proceed nicely in order from bottom to top.  But TV06, needed by the change as the
most-significant "1" in "114", looks like it was just wedged in out of order on the drawing...
Presumably, it makes use of a previously unused section of hex inverter E11.  The change to activate TV03
here as well would have been a cut/jump at the inputs of E7.</p>
<p>And sure enough, here we see differences with my actual hardware!  Here's part of the layout of module
DAP from the '74 engineering drawings, and a snap the same corner of my DAP spare which is same as the
one I'm currently running in the machine:</p>
<p><br/><div style="margin-left:auto; margin-right:auto; width:75%">
<img src='/images/pdp11/dap-layout_thumbnail_tall.png' title='Corner of DAP layout from 1974 drawings' onclick='pswipe("pdp11",80);'/> 
<img src='/images/pdp11/dap-corner_thumbnail_tall.png' title='Corner of one of my DAP boards.  Note missing R17.' onclick='pswipe("pdp11",81);'/>
</div><br/></p>
<p>Note particulary that R17, a pullup for UBCB PE TRAP (1) L, is missing on my board.  A little further work
with the beeper shows that on my boards E7 pin 1 is connected directly to E7 pin 13, and is not connected
to edge connector AP1.  E11 pin 3 appears to be NC.  Furthermore, examination of the backplane shows that
there is no wire wrapped in place at DAP AP1 to deliver signal UBCB PE TRAP (1) from the UBC board.  So, I
think I can conclude we're not looking at a bug or component failure here; <strong>my 11/45 simply pre-dates the
change from vector 4 to vector 114.</strong></p>
</li>
<li>
<p>Okay for the vector, but what about the halt behavior?  Here, the text quoted earlier from the 1972 KB11-A
  maintenance manual has our clue where to look.  The parity derived signal eventually resulting in the halt
  on either Unibus or fastbus parity error is UBCB PARITY ERR SET L (note "SET" in the signal name here, don't
  confuse with UBCB PARITY ERR L...)  The 1974 drawings imply that a fastbus parity err, but <em>not</em> a Unibus
  parity error, will halt the machine, in conflict with this text. But looking here, we see another bodge
  clue: the hookup at E68 pins 4 and 5 as drawn looks a little suspicious...</p>
<p><img style="display:block; margin-left:auto; margin-right:auto" src="/images/pdp11/ubcb-parity-halt.jpeg" title="UBC parity halt logic"/></p>
<p>And indeed, on my hardware, E68 pins 4 and 5 are <em>not</em> connected together; rather, E68 pin 5 is connected
to E79 (Unibus parity error flag) pin 5. <strong>So, Unibus parity errors will also halt this version of the
11/45 hardware, by design.</strong></p>
<p>Some other differences related to parity are also apparent looking at my version of the UBC board.  E57,
seen above generating UBC PE ABORT L, is not populated.  This seems related to some further refinement of
abort sequencing, but the cirumstances surrounding the need for this aren't clear to me at this point.
Also, jumper W1 and associated logic to entirely disable Unibus parity error detection are not present:</p>
<p><br/><div style="margin-left:auto; margin-right:auto; width:75%;">
<img src='/images/pdp11/ubc-layout_thumbnail_tall.png' title='Corner of UBC layout from 1974 drawings' onclick='pswipe("pdp11",82);'/> 
<img src='/images/pdp11/ubc-corner_thumbnail_tall.jpeg' title='Corner of one of my UBC boards.  Note missing W1, R161, and unpopulated E57.' onclick='pswipe("pdp11",83);'/>
</div><br/></p>
</li>
</ul>
<p>So, what does all this mean?  Well, for one thing, there apparently isn't anything actually in need of repair
here -- as far as I can tell, this version of the hardware is functioning per design, such as it is.</p>
<p>And as it turns out, with a now properly repaired MS11-L, actual parity errors are few and far between (I've
yet to see any that weren't intentionally created by diagnostics.)  According to Noel, stock Unix V6 doesn't
do anything whatsoever with parity. RSTS/E V06C boot code seems to be properly probing and identifying the CSR
on my MS11-L.  And good old RT11 has seemed happy enough in the past.  So I just may not <em>need</em> a totally
up-to-date parity implementation on my machine.</p>
<p>There is still the issue of more broadly tracking down and implementing outstanding ECOs for this machine.  I
have so far had limited success in locating these (more on this next time!)  I'm certainly equipped here to
implement field cuts and jumps, but it might get tricky to track down newer versions of boards for any ECOs
that involved total swaps to updated etches.  In any case, in the absence of complete information on the ECOs
I'm hesitant to cherry pick changes such as those identified here unless I am really blocked without
them; better by far not to leave the machine in an undocumented "in-between" state.</p>
<hr>
<p>Footnotes: a lot of the discovery documented here took place in the context of the enthusiast community on
the cctalk mailing list, and also in private communications.  Noel Chiappa and Paul Koning were both
particularly generous with their time (thanks, guys!)  Here are some interesting related bits that didn't 
fit directly in the narrative above, for completeness and for future reference:</p>
<ul>
<li>
<p>On RSTS parity CSR sniffing, from Paul:</p>
<blockquote>
<p>From: Paul Koning<br>
To: cctalk<br>
Subject: Re: PDP-11/45 RSTS/E boot problem  </p>
<blockquote>
<p>Fritz Mueller wrote:</p>
<p>There is a lot of inconsistent and incomplete information in the documentation about memory CSRs. They
appear to come in different flavors depending on memory hardware; some of the earlier ones support
setting a bit to determine whether parity errors will halt or trap the CPU, while some of the later
ones (like my MS11-L) simply have "enable" and don't distinguish between halt and trap. I'm curious
how OS init code sniffs out what memory CSRs there are, determines their specific flavors and, in a
heterogeneous system, determines how much address space is under the auspice of each CSR?  Maybe Paul
and Noel can comment here wrt. RSTS and Unix respectively?</p>
</blockquote>
<p>I quickly skimmed some RSTS INIT code (for V10.1).  Two things observed:</p>
<p>1. At boot, INIT determines the memory layout.  It does this by writing 0 then -2 into each location to
see if it works.  If it gets an NXM trap (trap to 4) or a parity trap (trap to 114) it calls that 1kW
block of memory non-existent.  For the case of a parity error, it tells you that it saw a parity error
and is disabling that block for that reason.</p>
<p>2. In the DEFAULT option (curiously enough) there is a routine that looks for up to 16 parity CSRs
starting at 172100.  This happens on entry to the memory layout option.  You can display what it finds
by using the PARITY command in response to the "Table suboption" prompt.</p>
<p>It checks if the bits 007750 are active in the parity CSR, if so it takes that to be an address/ECC
parity CSR.  It figures out the CSR to memory association by going through memory in 1 kW increments,
writing 3, 5 to the first 2 words, then setting "write wrong parity" in each CSR (007044), then doing
BIC #3,.. BIC #5,... to those two test words, then reading them both back.  This should set bad parity,
and it scans all the CSRs to see which one reports an error (top bit in the CSR).  If no CSR has that
set, it concludes the particular block is no-parity memory.</p>
<p>I probably got some of the details wrong, the above is from a fast skim of the code, but hopefully it
will get you started.</p>
</blockquote>
<p>My machine currently has one MS11-L, which has the newer CSR layout referred to by Paul above (different
than the much older MS11-B/C CSR layout depicted at the top of this article; see MS11-L docs for further
details). RSTS init defaults-&gt;memory-&gt;parity on my system reports (correctly):</p>
<div class="highlight"><pre><span></span> 0K: 00000000 - 00757777 ( 124K) : 00
</pre></div>


<p>Presumeably, RSTS carries out this identification activity with the CSR report enable bits off, and the
CSR error bits still function correctly in these circumstances; otherwise, per above, my machine would
summarily halt during this process!</p>
</li>
<li>
<p>Noel, in some of his research, found Deeper magic from before the dawn of time re. evolution of the Unibus
  parity implementation <em>before</em> the era of the start of this article, bridging back to the KA11 (11/20) CPU.
  Quite interesting!</p>
<blockquote>
<p>From: Noel Chiappa<br>
Subject: Change in UNIBUS parity operation (Was: PDP-11/45 RSTS/E boot problem)<br>
To: cctalk  </p>
<blockquote>
<p>Even better, it claims to be able to control whether the memory uses odd or even parity! (How, for
UNIBUS memory, I don't know - there's no way to do this over the UNIBUS.</p>
</blockquote>
<p>So this really confused me, as the UNIBUS spec says parity is wholly within the slave device, and only
an <em>error</em> signal is transferred over the bus. E.g. from the 'pdp11 peripherals handbook', 1975 edition
(pg. 5-8): "PA and PB are generated by a slave ... [it] negates PA and asserts PB to indicate a parity
error ... both negated indicates no parity error. [other combinations] are conditions reserved for
future use."</p>
<p>The answer is that originally the UNIBUS parity operation was <em>different</em>, and that sometime around the
introduction of the PDP-11/45, they <em>changed</em> it, which is apparently why Appendix E, about parity in
the /45, says what it does!</p>
<p>I found the first clue in the MM11-F Core Memory Manual (DEC-11-HMFA-D - which is not online, in fact no
MM11-F stuff is online, I'll have to scan it all and send it to Al); I was looking in that to see if the
parity version had a CSR or not (to reply to Paul Koning), and on the subject of parity it said this:
"The data bits on the bus are called BUS DPB0 and BUS DPB1." And there is nothing else on how the two
parity bits are <em>used</em> - the clear implication is that the memory just <em>stores</em> them, and hands them to
someone else (the master) over the bus, for actual use.</p>
<p>Looking further, I found proof in the "unibus interface manual" - and moreover, the details differ
between the first (DEC-11-HIAA-D) and second (DEC-11-HIAB-D) editions (both of which differ from the
above)!</p>
<p>In the first, Table 2-1 has these entries for PA and PB: "Parity Available - PA ... Indicates paritied
data" and "Parity Bit - PB ... Transmits parity bit"; at the bottom of page 2-4 we find "PA indicates
that the data being transferred is to use parity, and PB transmits the parity bit. Neither line is used
by the KA11 processor."</p>
<p>(Which explains why, when, after reading about parity in the MM11-F manual, I went looking for parity
stuff in the KA11 which would use it, I couldn't find it!)</p>
<p>In the second, Table 2-1 has these entries for PA and PB: "Parity Bit Low - PA ... Transmits parity bit,
low byte" and "Parity Bit High - PB ... Transmits parity bit, high byte"; at the top of page 2-5 we find
wholly different text from the above, including "These lines are used by the MP11 Parity Option in
conjunction with parity memories such as the MM11-FP."</p>
<p>I looked online for more about the MP11, but could find nothing. I wonder if any were made?</p>
<p>This later version seems to agree with that Appendix E. I tried to find an early -11/45 system manual,
to see if it originally shipped with MM11-F's, but couldn't locate one - does anyone have one? The ones
online (e.g. EK-1145-OP-001) are much later.</p>
<p>It's also interesting to speculate about reasons <em>why</em> these changes were made; I can think of several!
:-)</p>
</blockquote>
</li>
</ul>
<p>All for now!</p></div>
    <hr />
</div>
    

        

<div class='article'>
    <div class="content-title">
        <a href="https://fritzm.github.io/unix-and-ms11.html"><h1>PDP-11/45: V6 Unix attempts & MS11-L repairs</h1></a>
Mon 21 January 2019

by <a class="url fn" href="https://fritzm.github.io/author/fritz-mueller.html">Fritz Mueller</a>
 


 
    </div>
    
    <div><p>Following up on Noel's suggestion, I decided to give V6 Unix a try to see how it fared in comparison to the
problems seen with RSTS/E V06C.  I recently scored an additional RK05 pack from eBay, and decided to try and
use that so I could keep my current RSTS/E pack intact.</p>
<p>Inspected the pack, and it looked in good shape, clean, with no apparent crashes on the media.  Mounted it up
and was able to do only a partial recovery.  What I got looks like pretty generic RT-11/BASIC-11 stuff, so I'm
not too concerned about attempting a complete recovery.  Went ahead and reformatted the pack, after which I
could read/write the entire pack with no bad sectors.  So now I had two clean packs to work with.</p>
<p>Built a V6 Unix pack image from the Ken Wellsch tape under SIMH (using directions <a href="http://gunkies.org/wiki/Installing_Unix_v6_%28PDP-11%29_on_SIMH">here</a>).  Transferred it over using PDP11GUI, and it
did boot in single-user mode.  However, it immediately dumped core on the first <code>ls</code> command...  Tried a
multi-user Unix boot (what's to lose?) and this actually fared a bit better; able to <code>ls</code>, but still dumped
core when trying to run the C compiler or do anything else memory-intensive.</p>
<p>So, all of this taken together made me (and others collaborating on the troubleshooting on cctalk) think that
I might have a memory issue in the machine.  My machine has a 256KB MS11-L; I had previously spot-checked this
from the front panel by manipulating the KT11-C mapping registers and trying some writes/and reads within each
bank.  This was enough to identify and repair a few major problems (see <a href="https://fritzm.github.io/ms11-debug.html">this</a> older
blog post) and to get me this far.  But I had never thoroughly and substantially beat this card up after
things seemed to be working with RT-11.  There was still also nagging concern that none of the heavier-weight
KT11, MS11, KB11 "exerciser" MAINDEC diagnostics had yet been run to completion on the restored machine
either...</p>
<p>The recommended DEC diagnostic for the MS11-L is ZQMC, but it is complicated, takes a long time to download,
and the available sources don't exactly match the binary.  So, probably better to work up my own standalone
diagnostic to catch and fix obvious things...  Thus followed about a week of part-time work working up and
successively refining the following test code, and repairing identified problems (failed DRAMs) on the MS11-L
along the way.  This code maps and tests every memory location on the MS11-L, using KT11 memory management.
It relocates itself so it can test the lowest physical bank as well.  Tests include all-ones, all-zeros,
write address to location, and a "random" data test which just uses program code test sequence:</p>
<table class="highlighttable"><tr><td class="linenos"><div class="linenodiv"><pre>  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249</pre></div></td><td class="code"><div class="highlight"><pre><span></span>        <span class="nt">KIPDR0</span><span class="o">=</span><span class="nt">172300</span>
        <span class="nt">KIPDR1</span><span class="o">=</span><span class="nt">172302</span>
        <span class="nt">KIPDR2</span><span class="o">=</span><span class="nt">172304</span>
        <span class="nt">KIPDR3</span><span class="o">=</span><span class="nt">172306</span>
        <span class="nt">KIPDR4</span><span class="o">=</span><span class="nt">172310</span>
        <span class="nt">KIPDR5</span><span class="o">=</span><span class="nt">172312</span>
        <span class="nt">KIPDR6</span><span class="o">=</span><span class="nt">172314</span>
        <span class="nt">KIPDR7</span><span class="o">=</span><span class="nt">172316</span>

        <span class="nt">KIPAR0</span><span class="o">=</span><span class="nt">172340</span>
        <span class="nt">KIPAR1</span><span class="o">=</span><span class="nt">172342</span>
        <span class="nt">KIPAR2</span><span class="o">=</span><span class="nt">172344</span>
        <span class="nt">KIPAR3</span><span class="o">=</span><span class="nt">172346</span>
        <span class="nt">KIPAR4</span><span class="o">=</span><span class="nt">172350</span>
        <span class="nt">KIPAR5</span><span class="o">=</span><span class="nt">172352</span>
        <span class="nt">KIPAR6</span><span class="o">=</span><span class="nt">172354</span>
        <span class="nt">KIPAR7</span><span class="o">=</span><span class="nt">172356</span>

        <span class="nt">SR0</span><span class="o">=</span><span class="nt">177572</span>

        <span class="nt">XCSR</span><span class="o">=</span><span class="nt">177564</span>
        <span class="nt">XBUF</span><span class="o">=</span><span class="nt">177566</span>

        <span class="p">.</span><span class="nc">ASECT</span>
        <span class="o">.=</span><span class="nt">1000</span>
<span class="nt">START</span><span class="o">:</span>
        <span class="nt">MOV</span>     <span class="p">#</span><span class="nn">700</span><span class="o">,</span><span class="nt">SP</span>         <span class="o">;</span><span class="nt">INIT</span> <span class="nt">STACK</span> <span class="nt">POINTER</span>

        <span class="o">;</span><span class="nt">-----</span> <span class="nt">INSTALL</span> <span class="nt">TRAP</span> <span class="nt">CATCHERS</span>

<span class="nt">TRPS</span><span class="o">:</span>   <span class="nt">CLR</span>     <span class="nt">R0</span>              <span class="o">;</span><span class="nt">CURRENT</span> <span class="nt">VECTOR</span>
        <span class="nt">MOV</span>     <span class="p">#</span><span class="nn">2</span><span class="o">,</span><span class="nt">R1</span>           <span class="o">;</span><span class="nt">VECTOR</span> <span class="nt">TARGET</span>
        <span class="nt">CLR</span>     <span class="nt">R2</span>              <span class="o">;</span><span class="nt">HALT</span> <span class="nt">INSTR</span>
        <span class="nt">MOV</span>     <span class="p">#</span><span class="nn">100</span><span class="o">,</span><span class="nt">R3</span>         <span class="o">;</span><span class="nt">END</span> <span class="nt">VECTOR</span>
<span class="nt">1</span><span class="o">$:</span>     <span class="nt">MOV</span>     <span class="nt">R1</span><span class="o">,(</span><span class="nt">R0</span><span class="o">)+</span>        <span class="o">;</span><span class="nt">STORE</span> <span class="nt">TARGET</span> <span class="nt">AND</span> <span class="nt">ADVANCE</span>
        <span class="nt">MOV</span>     <span class="nt">R2</span><span class="o">,(</span><span class="nt">R0</span><span class="o">)+</span>        <span class="o">;</span><span class="nt">STORE</span> <span class="nt">HALT</span> <span class="nt">AND</span> <span class="nt">ADVANCE</span>
        <span class="nt">ADD</span>     <span class="p">#</span><span class="nn">4</span><span class="o">,</span><span class="nt">R1</span>           <span class="o">;</span><span class="nt">UPDATE</span> <span class="nt">TARGET</span>
        <span class="nt">SOB</span>     <span class="nt">R3</span><span class="o">,</span><span class="nt">1</span><span class="o">$</span>           <span class="o">;</span><span class="nt">LOOP</span> <span class="nt">OVER</span> <span class="nt">VECTORS</span>

        <span class="o">;</span><span class="nt">-----</span> <span class="nt">INIT</span> <span class="nt">AND</span> <span class="nt">ENABLE</span> <span class="nt">MEMORY</span> <span class="nt">MAPPING</span>

<span class="nt">INITM</span><span class="o">:</span>  <span class="nt">MOV</span>     <span class="p">#</span><span class="nn">IPDRS</span><span class="o">,</span><span class="nt">R0</span>       <span class="o">;</span><span class="nt">SRC</span> <span class="nt">PDR</span> <span class="nt">INIT</span> <span class="nt">TABLE</span>
        <span class="nt">MOV</span>     <span class="p">#</span><span class="nn">KIPDR0</span><span class="o">,</span><span class="nt">R1</span>      <span class="o">;</span><span class="nt">DST</span> <span class="nt">KIPDR0</span>
        <span class="nt">MOV</span>     <span class="p">#</span><span class="nn">10</span><span class="o">,</span><span class="nt">R2</span>          <span class="o">;</span><span class="nt">DO</span> <span class="nt">EIGHT</span> <span class="nt">PDRS</span>
        <span class="nt">MOV</span>     <span class="o">(</span><span class="nt">R0</span><span class="o">)+,(</span><span class="nt">R1</span><span class="o">)+</span>     <span class="o">;</span><span class="nt">COPY</span> <span class="nt">AND</span> <span class="nt">ADVANCE</span>
        <span class="nt">SOB</span>     <span class="nt">R2</span><span class="o">,</span><span class="p">.</span><span class="nc">-2</span>          <span class="o">;</span><span class="nt">LOOP</span> <span class="nt">OVER</span> <span class="nt">PDRS</span>
        <span class="nt">MOV</span>     <span class="p">#</span><span class="nn">IPARS</span><span class="o">,</span><span class="nt">R0</span>       <span class="o">;</span><span class="nt">SRC</span> <span class="nt">PAR</span> <span class="nt">INIT</span> <span class="nt">TABLE</span>
        <span class="nt">MOV</span>     <span class="p">#</span><span class="nn">KIPAR0</span><span class="o">,</span><span class="nt">R1</span>      <span class="o">;</span><span class="nt">DST</span> <span class="nt">KIPAR0</span>
        <span class="nt">MOV</span>     <span class="p">#</span><span class="nn">10</span><span class="o">,</span><span class="nt">R2</span>          <span class="o">;</span><span class="nt">DO</span> <span class="nt">EIGHT</span> <span class="nt">PARS</span>
        <span class="nt">MOV</span>     <span class="o">(</span><span class="nt">R0</span><span class="o">)+,(</span><span class="nt">R1</span><span class="o">)+</span>     <span class="o">;</span><span class="nt">COPY</span> <span class="nt">AND</span> <span class="nt">ADVANCE</span>
        <span class="nt">SOB</span>     <span class="nt">R2</span><span class="o">,</span><span class="p">.</span><span class="nc">-2</span>          <span class="o">;</span><span class="nt">LOOP</span> <span class="nt">OVER</span> <span class="nt">PARS</span>
        <span class="nt">MOV</span>     <span class="p">#</span><span class="nn">1</span><span class="o">,@</span><span class="p">#</span><span class="nn">SR0</span>        <span class="o">;</span><span class="nt">ENABLE</span> <span class="nt">MEMORY</span> <span class="nt">MGMT</span>

        <span class="o">;</span><span class="nt">-----</span> <span class="nt">TEST</span> <span class="nt">32K</span> <span class="nt">MS11</span> <span class="nt">BANKS</span> <span class="nt">AT</span> <span class="nt">PA</span> <span class="nt">100000</span> <span class="nt">THRU</span> <span class="nt">700000</span><span class="o">,</span>
        <span class="o">;</span>      <span class="nt">RELOCATE</span><span class="o">,</span> <span class="nt">THEN</span> <span class="nt">TEST</span> <span class="nt">BANK</span> <span class="nt">AT</span> <span class="nt">PA</span> <span class="nt">000000</span>

<span class="nt">DOPASS</span><span class="o">:</span> <span class="nt">MOV</span>     <span class="p">#</span><span class="nn">1000</span><span class="o">,</span><span class="nt">R0</span>        <span class="o">;</span><span class="nt">PAR</span> <span class="nt">FOR</span> <span class="nt">PA</span> <span class="nt">100000</span>
        <span class="nt">JSR</span>     <span class="nt">PC</span><span class="o">,</span><span class="nt">DOBANK</span>       <span class="o">;</span><span class="nt">TEST</span> <span class="nt">IT</span>
        <span class="nt">MOV</span>     <span class="p">#</span><span class="nn">2000</span><span class="o">,</span><span class="nt">R0</span>        <span class="o">;</span><span class="nt">PAR</span> <span class="nt">FOR</span> <span class="nt">PA</span> <span class="nt">200000</span>
        <span class="nt">JSR</span>     <span class="nt">PC</span><span class="o">,</span><span class="nt">DOBANK</span>       <span class="o">;</span><span class="nt">TEST</span> <span class="nt">IT</span>
        <span class="nt">MOV</span>     <span class="p">#</span><span class="nn">3000</span><span class="o">,</span><span class="nt">R0</span>        <span class="o">;</span><span class="nt">PAR</span> <span class="nt">FOR</span> <span class="nt">PA</span> <span class="nt">300000</span>
        <span class="nt">JSR</span>     <span class="nt">PC</span><span class="o">,</span><span class="nt">DOBANK</span>       <span class="o">;</span><span class="nt">TEST</span> <span class="nt">IT</span>
        <span class="nt">MOV</span>     <span class="p">#</span><span class="nn">4000</span><span class="o">,</span><span class="nt">R0</span>        <span class="o">;</span><span class="nt">PAR</span> <span class="nt">FOR</span> <span class="nt">PA</span> <span class="nt">400000</span>
        <span class="nt">JSR</span>     <span class="nt">PC</span><span class="o">,</span><span class="nt">DOBANK</span>       <span class="o">;</span><span class="nt">TEST</span> <span class="nt">IT</span>
        <span class="nt">MOV</span>     <span class="p">#</span><span class="nn">5000</span><span class="o">,</span><span class="nt">R0</span>        <span class="o">;</span><span class="nt">PAR</span> <span class="nt">FOR</span> <span class="nt">PA</span> <span class="nt">500000</span>
        <span class="nt">JSR</span>     <span class="nt">PC</span><span class="o">,</span><span class="nt">DOBANK</span>       <span class="o">;</span><span class="nt">TEST</span> <span class="nt">IT</span>
        <span class="nt">MOV</span>     <span class="p">#</span><span class="nn">6000</span><span class="o">,</span><span class="nt">R0</span>        <span class="o">;</span><span class="nt">PAR</span> <span class="nt">FOR</span> <span class="nt">PA</span> <span class="nt">600000</span>
        <span class="nt">JSR</span>     <span class="nt">PC</span><span class="o">,</span><span class="nt">DOBANK</span>       <span class="o">;</span><span class="nt">TEST</span> <span class="nt">IT</span>
        <span class="nt">MOV</span>     <span class="p">#</span><span class="nn">7000</span><span class="o">,</span><span class="nt">R0</span>        <span class="o">;</span><span class="nt">PAR</span> <span class="nt">FOR</span> <span class="nt">PA</span> <span class="nt">700000</span>
        <span class="nt">JSR</span>     <span class="nt">PC</span><span class="o">,</span><span class="nt">DOBANK</span>       <span class="o">;</span><span class="nt">TEST</span> <span class="nt">IT</span>
        <span class="nt">MOV</span>     <span class="p">#</span><span class="nn">1000</span><span class="o">,</span><span class="nt">R5</span>        <span class="o">;</span><span class="nt">RELOC</span> <span class="nt">TARGET</span> <span class="nt">PA</span><span class="p">:</span><span class="nd">100000</span>
        <span class="nt">JSR</span>     <span class="nt">PC</span><span class="o">,</span><span class="nt">RELOC</span>        <span class="o">;</span><span class="nt">GO</span> <span class="nt">DO</span> <span class="nt">IT</span>
        <span class="nt">MOV</span>     <span class="p">#</span><span class="nn">0000</span><span class="o">,</span><span class="nt">R0</span>        <span class="o">;</span><span class="nt">PAR</span> <span class="nt">FOR</span> <span class="nt">PA</span> <span class="nt">000000</span>
        <span class="nt">JSR</span>     <span class="nt">PC</span><span class="o">,</span><span class="nt">DOBANK</span>       <span class="o">;</span><span class="nt">TEST</span> <span class="nt">IT</span>

        <span class="o">;</span><span class="nt">-----</span> <span class="nt">ALL</span> <span class="nt">DONE</span> <span class="nt">WITH</span> <span class="nt">PASS</span>

        <span class="nt">MOV</span>     <span class="p">#</span><span class="nn">0000</span><span class="o">,</span><span class="nt">R5</span>        <span class="o">;</span><span class="nt">RELOC</span> <span class="nt">TARGET</span> <span class="nt">PA</span><span class="p">:</span><span class="nd">000000</span>
        <span class="nt">JSR</span>     <span class="nt">PC</span><span class="o">,</span><span class="nt">RELOC</span>        <span class="o">;</span><span class="nt">GO</span> <span class="nt">DO</span> <span class="nt">IT</span>
        <span class="nt">CLR</span>     <span class="o">@</span><span class="p">#</span><span class="nn">SR0</span>           <span class="o">;</span><span class="nt">DISABLE</span> <span class="nt">MEMORY</span> <span class="nt">MGMT</span>
        <span class="nt">MOV</span>     <span class="p">#</span><span class="nn">PCOMPL</span><span class="o">,</span><span class="nt">R5</span>      <span class="o">;</span><span class="nt">GET</span> <span class="nt">PASS</span> <span class="nt">COMPLETE</span> <span class="nt">MSG</span>
        <span class="nt">JSR</span>     <span class="nt">PC</span><span class="o">,</span><span class="nt">PRSTR</span>        <span class="o">;</span><span class="nt">PRINT</span> <span class="nt">IT</span>
        <span class="nt">HALT</span>                    <span class="o">;</span><span class="nt">ALL</span> <span class="nt">DONE</span>

        <span class="o">;</span><span class="nt">-----</span> <span class="nt">MAP</span> <span class="nt">A</span> <span class="nt">SINGLE</span> <span class="nt">32K</span> <span class="nt">BANK</span> <span class="nt">AT</span> <span class="nt">VA</span> <span class="nt">20000</span>

<span class="nt">DOBANK</span><span class="o">:</span> <span class="nt">MOV</span>     <span class="p">#</span><span class="nn">KIPAR1</span><span class="o">,</span><span class="nt">R1</span>      <span class="o">;</span><span class="nt">WILL</span> <span class="nt">MAP</span> <span class="nt">USING</span> <span class="nt">KIPAR1</span> <span class="nt">THRU</span> <span class="nt">KIPAR4</span>
        <span class="nt">MOV</span>     <span class="p">#</span><span class="nn">4</span><span class="o">,</span><span class="nt">R3</span>           <span class="o">;</span><span class="nt">FOUR</span> <span class="nt">KIPARS</span> <span class="nt">TO</span> <span class="nt">SET</span>
        <span class="nt">CMP</span>     <span class="nt">R0</span><span class="o">,</span><span class="p">#</span><span class="nn">7000</span>        <span class="o">;</span><span class="nt">UNLESS</span> <span class="nt">WE</span> <span class="nt">ARE</span> <span class="nt">IN</span> <span class="nt">PA</span> <span class="nt">700000</span> <span class="nt">BANK</span><span class="o">...</span>      
        <span class="nt">BNE</span>     <span class="nt">1</span><span class="o">$</span>              <span class="o">;</span><span class="nt">IF</span> <span class="nt">NOT</span><span class="o">,</span> <span class="nt">SKIP</span> <span class="nt">AHEAD</span>
        <span class="nt">MOV</span>     <span class="p">#</span><span class="nn">3</span><span class="o">,</span><span class="nt">R3</span>           <span class="o">;</span><span class="nt">OTHERWISE</span><span class="o">,</span> <span class="nt">SCALE</span> <span class="nt">BACK</span> <span class="nt">TO</span> <span class="nt">3</span> <span class="nt">KIPARS</span>
<span class="nt">1</span><span class="o">$:</span>     <span class="nt">MOV</span>     <span class="nt">R0</span><span class="o">,(</span><span class="nt">R1</span><span class="o">)+</span>        <span class="o">;</span><span class="nt">SET</span> <span class="nt">A</span> <span class="nt">KIPAR</span> <span class="nt">AND</span> <span class="nt">ADVANCE</span>
        <span class="nt">ADD</span>     <span class="p">#</span><span class="nn">200</span><span class="o">,</span><span class="nt">R0</span>         <span class="o">;</span><span class="nt">INCREMENT</span> <span class="nt">VALUE</span> <span class="nt">FOR</span> <span class="nt">NEXT</span> <span class="nt">KIPAR</span>
        <span class="nt">SOB</span>     <span class="nt">R3</span><span class="o">,</span><span class="nt">1</span><span class="o">$</span>           <span class="o">;</span><span class="nt">LOOP</span> <span class="nt">OVER</span> <span class="nt">KIPARS</span>

        <span class="o">;</span><span class="nt">-----</span> <span class="nt">CALCULATE</span> <span class="nt">END</span> <span class="nt">VA</span>

        <span class="nt">MOV</span>     <span class="p">#</span><span class="nn">120000</span><span class="o">,</span><span class="nt">R1</span>      <span class="o">;</span><span class="nt">MAPPED</span> <span class="nt">BANK</span> <span class="nt">END</span> <span class="nt">IS</span> <span class="nt">VA</span> <span class="nt">120000</span>
        <span class="nt">CMP</span>     <span class="o">@</span><span class="p">#</span><span class="nn">KIPAR1</span><span class="o">,</span><span class="p">#</span><span class="nn">7000</span>  <span class="o">;</span><span class="nt">UNLESS</span> <span class="nt">WE</span> <span class="nt">ARE</span> <span class="nt">IN</span> <span class="nt">PA</span> <span class="nt">700000</span> <span class="nt">BANK</span><span class="o">...</span>
        <span class="nt">BNE</span>     <span class="nt">ZEROS</span>           <span class="o">;</span><span class="nt">IF</span> <span class="nt">NOT</span><span class="o">,</span> <span class="nt">SKIP</span> <span class="nt">AHEAD</span>
        <span class="nt">MOV</span>     <span class="p">#</span><span class="nn">100000</span><span class="o">,</span><span class="nt">R1</span>      <span class="o">;</span><span class="nt">OTHERWISE</span><span class="o">,</span> <span class="nt">END</span> <span class="nt">IS</span> <span class="nt">VA</span> <span class="nt">100000</span>

        <span class="o">;</span><span class="nt">-----</span> <span class="nt">ZEROS</span> <span class="nt">TEST</span>

<span class="nt">ZEROS</span><span class="o">:</span>  <span class="nt">CLR</span>     <span class="nt">R2</span>              <span class="o">;</span><span class="nt">EXPECTED</span> <span class="nt">VALUE</span> <span class="nt">IS</span> <span class="nt">000000</span>
        <span class="nt">MOV</span>     <span class="p">#</span><span class="nn">20000</span><span class="o">,</span><span class="nt">R0</span>       <span class="o">;</span><span class="nt">START</span> <span class="nt">AT</span> <span class="nt">VA</span> <span class="nt">20000</span>
<span class="nt">1</span><span class="o">$:</span>     <span class="nt">MOV</span>     <span class="nt">R2</span><span class="o">,(</span><span class="nt">R0</span><span class="o">)+</span>        <span class="o">;</span><span class="nt">CLEAR</span> <span class="nt">A</span> <span class="nt">WORD</span> <span class="nt">AND</span> <span class="nt">ADVANCE</span>
        <span class="nt">CMP</span>     <span class="nt">R0</span><span class="o">,</span><span class="nt">R1</span>           <span class="o">;</span><span class="nt">AT</span> <span class="nt">END</span><span class="o">?</span>
        <span class="nt">BNE</span>     <span class="nt">1</span><span class="o">$</span>              <span class="o">;</span><span class="nt">IF</span> <span class="nt">NOT</span><span class="o">,</span> <span class="nt">LOOP</span>
        <span class="nt">MOV</span>     <span class="p">#</span><span class="nn">20000</span><span class="o">,</span><span class="nt">R0</span>       <span class="o">;</span><span class="nt">START</span> <span class="nt">AT</span> <span class="nt">VA</span> <span class="nt">20000</span>
<span class="nt">2</span><span class="o">$:</span>     <span class="nt">TST</span>     <span class="o">(</span><span class="nt">R0</span><span class="o">)+</span>           <span class="o">;</span><span class="nt">CHECK</span> <span class="nt">A</span> <span class="nt">WORD</span> <span class="nt">AND</span> <span class="nt">ADVANCE</span>
        <span class="nt">BEQ</span>     <span class="nt">3</span><span class="o">$</span>              <span class="o">;</span><span class="nt">IF</span> <span class="nt">ZERO</span><span class="o">,</span> <span class="nt">SKIP</span> <span class="nt">AHEAD</span>
        <span class="nt">JSR</span>     <span class="nt">PC</span><span class="o">,</span><span class="nt">PRERR</span>        <span class="o">;</span><span class="nt">OTHERWISE</span><span class="o">,</span> <span class="nt">REPORT</span> <span class="nt">ERROR</span>
<span class="nt">3</span><span class="o">$:</span>     <span class="nt">CMP</span>     <span class="nt">R0</span><span class="o">,</span><span class="nt">R1</span>           <span class="o">;</span><span class="nt">AT</span> <span class="nt">END</span><span class="o">?</span>
        <span class="nt">BNE</span>     <span class="nt">2</span><span class="o">$</span>              <span class="o">;</span><span class="nt">IF</span> <span class="nt">NOT</span><span class="o">,</span> <span class="nt">LOOP</span>

        <span class="o">;</span><span class="nt">-----</span> <span class="nt">ONES</span> <span class="nt">TEST</span>

<span class="nt">ONES</span><span class="o">:</span>   <span class="nt">MOV</span>     <span class="p">#</span><span class="nn">177777</span><span class="o">,</span><span class="nt">R2</span>      <span class="o">;</span><span class="nt">EXPECTED</span> <span class="nt">VALUE</span> <span class="nt">US</span> <span class="nt">177777</span>       
        <span class="nt">MOV</span>     <span class="p">#</span><span class="nn">20000</span><span class="o">,</span><span class="nt">R0</span>       <span class="o">;</span><span class="nt">START</span> <span class="nt">AT</span> <span class="nt">VA</span> <span class="nt">20000</span>
<span class="nt">1</span><span class="o">$:</span>     <span class="nt">MOV</span>     <span class="nt">R2</span><span class="o">,(</span><span class="nt">R0</span><span class="o">)+</span>        <span class="o">;</span><span class="nt">WRITE</span> <span class="nt">A</span> <span class="nt">WORD</span> <span class="nt">AND</span> <span class="nt">ADVANCE</span>
        <span class="nt">CMP</span>     <span class="nt">R0</span><span class="o">,</span><span class="nt">R1</span>           <span class="o">;</span><span class="nt">AT</span> <span class="nt">END</span><span class="o">?</span>
        <span class="nt">BNE</span>     <span class="nt">1</span><span class="o">$</span>              <span class="o">;</span><span class="nt">IF</span> <span class="nt">NOT</span><span class="o">,</span> <span class="nt">LOOP</span>
        <span class="nt">MOV</span>     <span class="p">#</span><span class="nn">20000</span><span class="o">,</span><span class="nt">R0</span>       <span class="o">;</span><span class="nt">START</span> <span class="nt">AT</span> <span class="nt">VA</span> <span class="nt">20000</span>
<span class="nt">2</span><span class="o">$:</span>     <span class="nt">CMP</span>     <span class="o">(</span><span class="nt">R0</span><span class="o">)+,</span><span class="nt">R2</span>        <span class="o">;</span><span class="nt">CHECK</span> <span class="nt">A</span> <span class="nt">WORD</span> <span class="nt">AND</span> <span class="nt">ADVANCE</span>
        <span class="nt">BEQ</span>     <span class="nt">3</span><span class="o">$</span>              <span class="o">;</span><span class="nt">IF</span> <span class="nt">EXPECTED</span> <span class="nt">VALUE</span><span class="o">,</span> <span class="nt">SKIP</span> <span class="nt">AHEAD</span>
        <span class="nt">JSR</span>     <span class="nt">PC</span><span class="o">,</span><span class="nt">PRERR</span>        <span class="o">;</span><span class="nt">OTHERWISE</span><span class="o">,</span> <span class="nt">REPORT</span> <span class="nt">ERROR</span>
<span class="nt">3</span><span class="o">$:</span>     <span class="nt">CMP</span>     <span class="nt">R0</span><span class="o">,</span><span class="nt">R1</span>           <span class="o">;</span><span class="nt">AT</span> <span class="nt">END</span><span class="o">?</span>
        <span class="nt">BNE</span>     <span class="nt">2</span><span class="o">$</span>              <span class="o">;</span><span class="nt">IF</span> <span class="nt">NOT</span><span class="o">,</span> <span class="nt">LOOP</span>

        <span class="o">;</span><span class="nt">-----</span> <span class="nt">WRITE</span> <span class="nt">LOCATION</span> <span class="nt">WITH</span> <span class="nt">ITS</span> <span class="nt">VA</span> <span class="nt">TEST</span>

<span class="nt">ADDRS</span><span class="o">:</span>  <span class="nt">MOV</span>     <span class="p">#</span><span class="nn">20000</span><span class="o">,</span><span class="nt">R0</span>       <span class="o">;</span><span class="nt">START</span> <span class="nt">AT</span> <span class="nt">VA</span> <span class="nt">20000</span>
<span class="nt">1</span><span class="o">$:</span>     <span class="nt">MOV</span>     <span class="nt">R0</span><span class="o">,</span><span class="nt">R2</span>           <span class="o">;</span><span class="nt">USE</span> <span class="nt">VA</span> <span class="nt">AS</span> <span class="nt">TEST</span> <span class="nt">VALUE</span>
        <span class="nt">MOV</span>     <span class="nt">R2</span><span class="o">,(</span><span class="nt">R0</span><span class="o">)+</span>        <span class="o">;</span><span class="nt">WRITE</span> <span class="nt">A</span> <span class="nt">WORD</span> <span class="nt">AND</span> <span class="nt">ADVANCE</span>
        <span class="nt">CMP</span>     <span class="nt">R0</span><span class="o">,</span><span class="nt">R1</span>           <span class="o">;</span><span class="nt">AT</span> <span class="nt">END</span><span class="o">?</span>
        <span class="nt">BNE</span>     <span class="nt">1</span><span class="o">$</span>              <span class="o">;</span><span class="nt">IF</span> <span class="nt">NOT</span><span class="o">,</span> <span class="nt">LOOP</span>
        <span class="nt">MOV</span>     <span class="p">#</span><span class="nn">20000</span><span class="o">,</span><span class="nt">R0</span>       <span class="o">;</span><span class="nt">START</span> <span class="nt">AT</span> <span class="nt">VA</span> <span class="nt">20000</span>
<span class="nt">2</span><span class="o">$:</span>     <span class="nt">MOV</span>     <span class="nt">R0</span><span class="o">,</span><span class="nt">R2</span>           <span class="o">;</span><span class="nt">USE</span> <span class="nt">VA</span> <span class="nt">AS</span> <span class="nt">TEST</span> <span class="nt">VALUE</span>
        <span class="nt">CMP</span>     <span class="o">(</span><span class="nt">R0</span><span class="o">)+,</span><span class="nt">R2</span>        <span class="o">;</span><span class="nt">CHECK</span> <span class="nt">A</span> <span class="nt">WORD</span> <span class="nt">AND</span> <span class="nt">ADVANCE</span>
        <span class="nt">BEQ</span>     <span class="nt">3</span><span class="o">$</span>              <span class="o">;</span><span class="nt">IF</span> <span class="nt">EXPECTED</span> <span class="nt">VALUE</span><span class="o">,</span> <span class="nt">SKIP</span> <span class="nt">AHEAD</span>
        <span class="nt">JSR</span>     <span class="nt">PC</span><span class="o">,</span><span class="nt">PRERR</span>        <span class="o">;</span><span class="nt">REPORT</span> <span class="nt">ERROR</span>
<span class="nt">3</span><span class="o">$:</span>     <span class="nt">CMP</span>     <span class="nt">R0</span><span class="o">,</span><span class="nt">R1</span>           <span class="o">;</span><span class="nt">AT</span> <span class="nt">END</span><span class="o">?</span>
        <span class="nt">BNE</span>     <span class="nt">2</span><span class="o">$</span>

        <span class="o">;</span><span class="nt">-----</span> <span class="s2">&quot;RANDOM&quot;</span> <span class="nt">DATA</span> <span class="nt">TEST</span> <span class="o">(</span><span class="nt">PROGRAM</span> <span class="nt">AS</span> <span class="nt">TEST</span> <span class="nt">DATA</span><span class="o">)</span>

<span class="nt">RNDM</span><span class="o">:</span>   <span class="nt">MOV</span>     <span class="p">#</span><span class="nn">START</span><span class="o">,</span><span class="nt">R2</span>       <span class="o">;</span><span class="nt">SRC</span><span class="o">:</span> <span class="nt">START</span> <span class="nt">OF</span> <span class="nt">PROGRAM</span>
        <span class="nt">MOV</span>     <span class="p">#</span><span class="nn">20000</span><span class="o">,</span><span class="nt">R0</span>       <span class="o">;</span><span class="nt">DST</span><span class="o">:</span> <span class="nt">VA</span> <span class="nt">20000</span>
<span class="nt">1</span><span class="o">$:</span>     <span class="nt">MOV</span>     <span class="o">(</span><span class="nt">R2</span><span class="o">)+,(</span><span class="nt">R0</span><span class="o">)+</span>     <span class="o">;</span><span class="nt">WRITE</span> <span class="nt">A</span> <span class="nt">WORD</span> <span class="nt">AND</span> <span class="nt">ADVANCE</span>
        <span class="nt">CMP</span>     <span class="nt">R0</span><span class="o">,</span><span class="nt">R1</span>           <span class="o">;</span><span class="nt">AT</span> <span class="nt">END</span><span class="o">?</span>
        <span class="nt">BEQ</span>     <span class="nt">2</span><span class="o">$</span>              <span class="o">;</span><span class="nt">IF</span> <span class="nt">SO</span><span class="o">,</span> <span class="nt">SKIP</span> <span class="nt">AHEAD</span>
        <span class="nt">CMP</span>     <span class="nt">R2</span><span class="o">,</span><span class="p">#</span><span class="nn">END</span>         <span class="o">;</span><span class="nt">TIME</span> <span class="nt">TO</span> <span class="nt">RESET</span> <span class="nt">SRC</span><span class="o">?</span>
        <span class="nt">BLO</span>     <span class="nt">1</span><span class="o">$</span>              <span class="o">;</span><span class="nt">IF</span> <span class="nt">NOT</span><span class="o">,</span> <span class="nt">GO</span> <span class="nt">DO</span> <span class="nt">ANOTHER</span>
        <span class="nt">MOV</span>     <span class="p">#</span><span class="nn">START</span><span class="o">,</span><span class="nt">R2</span>       <span class="o">;</span><span class="nt">OTHERWISE</span> <span class="nt">RESET</span> <span class="nt">SRC</span>
        <span class="nt">BR</span>      <span class="nt">1</span><span class="o">$</span>              <span class="o">;</span><span class="nt">AND</span> <span class="nt">GO</span> <span class="nt">DO</span> <span class="nt">ANOTHER</span>
<span class="nt">2</span><span class="o">$:</span>     <span class="nt">MOV</span>     <span class="p">#</span><span class="nn">START</span><span class="o">,</span><span class="nt">R2</span>       <span class="o">;</span><span class="nt">SRC1</span><span class="o">:</span> <span class="nt">START</span> <span class="nt">OF</span> <span class="nt">PROGRAM</span>
        <span class="nt">MOV</span>     <span class="p">#</span><span class="nn">20000</span><span class="o">,</span><span class="nt">R0</span>       <span class="o">;</span><span class="nt">SRC2</span><span class="o">:</span> <span class="nt">VA</span> <span class="nt">20000</span>
<span class="nt">3</span><span class="o">$:</span>     <span class="nt">CMP</span>     <span class="o">(</span><span class="nt">R2</span><span class="o">)+,(</span><span class="nt">R0</span><span class="o">)+</span>     <span class="o">;</span><span class="nt">COMPARE</span> <span class="nt">ONE</span> <span class="nt">WORD</span> <span class="nt">AND</span> <span class="nt">ADVANCE</span>
        <span class="nt">BEQ</span>     <span class="nt">4</span><span class="o">$</span>              <span class="o">;</span><span class="nt">IF</span> <span class="nt">SAME</span><span class="o">,</span> <span class="nt">SKIP</span> <span class="nt">AHEAD</span>
        <span class="nt">MOV</span>     <span class="nt">R2</span><span class="o">,</span><span class="nt">-</span><span class="o">(</span><span class="nt">SP</span><span class="o">)</span>        <span class="o">;</span><span class="nt">SAVE</span> <span class="nt">SRC1</span>
        <span class="nt">MOV</span>     <span class="nt">-2</span><span class="o">(</span><span class="nt">R2</span><span class="o">),</span><span class="nt">R2</span>       <span class="o">;</span><span class="nt">FETCH</span> <span class="nt">EXPECTED</span> <span class="nt">VALUE</span>
        <span class="nt">JSR</span>     <span class="nt">PC</span><span class="o">,</span><span class="nt">PRERR</span>        <span class="o">;</span><span class="nt">REPORT</span> <span class="nt">ERROR</span>
        <span class="nt">MOV</span>     <span class="o">(</span><span class="nt">SP</span><span class="o">)+,</span><span class="nt">R2</span>        <span class="o">;</span><span class="nt">RESTORE</span> <span class="nt">SRC1</span>
<span class="nt">4</span><span class="o">$:</span>     <span class="nt">CMP</span>     <span class="nt">R0</span><span class="o">,</span><span class="nt">R1</span>           <span class="o">;</span><span class="nt">AT</span> <span class="nt">END</span><span class="o">?</span>
        <span class="nt">BEQ</span>     <span class="nt">5</span><span class="o">$</span>              <span class="o">;</span><span class="nt">IF</span> <span class="nt">SO</span><span class="o">,</span> <span class="nt">SKIP</span> <span class="nt">AHEAD</span>
        <span class="nt">CMP</span>     <span class="nt">R2</span><span class="o">,</span><span class="p">#</span><span class="nn">END</span>         <span class="o">;</span><span class="nt">TIME</span> <span class="nt">TO</span> <span class="nt">RESET</span> <span class="nt">SRC1</span><span class="o">?</span>
        <span class="nt">BLO</span>     <span class="nt">3</span><span class="o">$</span>              <span class="o">;</span><span class="nt">IF</span> <span class="nt">NOT</span><span class="o">,</span> <span class="nt">GO</span> <span class="nt">DO</span> <span class="nt">ANOTHER</span>
        <span class="nt">MOV</span>     <span class="p">#</span><span class="nn">START</span><span class="o">,</span><span class="nt">R2</span>       <span class="o">;</span><span class="nt">OTHERWISE</span> <span class="nt">RESET</span> <span class="nt">SRC1</span>
        <span class="nt">BR</span>      <span class="nt">3</span><span class="o">$</span>              <span class="o">;</span><span class="nt">AND</span> <span class="nt">GO</span> <span class="nt">DO</span> <span class="nt">ANOTHER</span>

<span class="nt">5</span><span class="o">$:</span>     <span class="nt">RTS</span>     <span class="nt">PC</span>              <span class="o">;</span><span class="nt">TESTS</span> <span class="nt">DONE</span><span class="o">,</span> <span class="nt">RETURN</span> <span class="nt">TO</span> <span class="nt">CALLER</span>

        <span class="o">;</span><span class="nt">-----</span> <span class="nt">RELOCATE</span>

<span class="nt">RELOC</span><span class="o">:</span>  <span class="nt">MOV</span>     <span class="nt">R5</span><span class="o">,@</span><span class="p">#</span><span class="nn">KIPAR1</span>     <span class="o">;</span><span class="nt">MAP</span> <span class="nt">VA</span><span class="p">:</span><span class="nd">020000</span> <span class="nt">-</span><span class="o">&gt;</span> <span class="nt">PA</span><span class="o">:(</span><span class="nt">R5</span><span class="o">&lt;&lt;</span><span class="nt">6</span><span class="o">)</span> 
        <span class="nt">CLR</span>     <span class="nt">R0</span>              <span class="o">;</span><span class="nt">SRC</span> <span class="nt">VA</span><span class="p">:</span><span class="nd">000000</span> 
        <span class="nt">MOV</span>     <span class="p">#</span><span class="nn">20000</span><span class="o">,</span><span class="nt">R1</span>       <span class="o">;</span><span class="nt">DST</span> <span class="nt">VA</span><span class="p">:</span><span class="nd">020000</span>
        <span class="nt">MOV</span>     <span class="nt">R1</span><span class="o">,</span><span class="nt">R2</span>           <span class="o">;</span><span class="nt">FULL</span> <span class="nt">PAGE</span> <span class="o">(</span><span class="nt">4K</span> <span class="nt">WORDS</span><span class="o">)</span>
        <span class="nt">MOV</span>     <span class="o">(</span><span class="nt">R0</span><span class="o">)+,(</span><span class="nt">R1</span><span class="o">)+</span>     <span class="o">;</span><span class="nt">COPY</span> <span class="nt">A</span> <span class="nt">WORD</span>
        <span class="nt">SOB</span>     <span class="nt">R2</span><span class="o">,</span><span class="p">.</span><span class="nc">-2</span>          <span class="o">;</span><span class="nt">LOOP</span> <span class="nt">UNTIL</span> <span class="nt">DONE</span>
        <span class="nt">MOV</span>     <span class="nt">R5</span><span class="o">,@</span><span class="p">#</span><span class="nn">KIPAR0</span>     <span class="o">;</span><span class="nt">MAP</span> <span class="nt">VA</span><span class="p">:</span><span class="nd">000000</span> <span class="nt">-</span><span class="o">&gt;</span> <span class="nt">PA</span><span class="o">:(</span><span class="nt">R5</span><span class="o">&lt;&lt;</span><span class="nt">6</span><span class="o">)</span>
        <span class="nt">MOV</span>     <span class="p">#</span><span class="nn">RELSTR</span><span class="o">,</span><span class="nt">R5</span>      <span class="o">;</span><span class="nt">GET</span> <span class="nt">RELOCATED</span> <span class="nt">STRING</span>
        <span class="nt">JSR</span>     <span class="nt">PC</span><span class="o">,</span><span class="nt">PRSTR</span>        <span class="o">;</span><span class="nt">PRINT</span> <span class="nt">IT</span>
        <span class="nt">MOV</span>     <span class="o">@</span><span class="p">#</span><span class="nn">KIPAR1</span><span class="o">,</span><span class="nt">R5</span>     <span class="o">;</span><span class="nt">GET</span> <span class="nt">RELOCATION</span> <span class="nt">TARGET</span>
        <span class="nt">ASHC</span>    <span class="p">#</span><span class="nn">6</span><span class="o">,</span><span class="nt">R4</span>           <span class="o">;</span><span class="nt">SHIFT</span> <span class="nt">OVER</span> <span class="nt">FOR</span> <span class="nt">PA</span> <span class="nt">IN</span> <span class="nt">R4</span><span class="p">:</span><span class="nd">R5</span>
        <span class="nt">JSR</span>     <span class="nt">PC</span><span class="o">,</span><span class="nt">PRW18</span>        <span class="o">;</span><span class="nt">PRINT</span> <span class="nt">IT</span>
        <span class="nt">MOV</span>     <span class="p">#</span><span class="nn">CRLF</span><span class="o">,</span><span class="nt">R5</span>        <span class="o">;</span><span class="nt">GET</span> <span class="nt">CRLF</span>
        <span class="nt">JSR</span>     <span class="nt">PC</span><span class="o">,</span><span class="nt">PRSTR</span>        <span class="o">;</span><span class="nt">PRINT</span> <span class="nt">IT</span>
        <span class="nt">RTS</span>     <span class="nt">PC</span>              <span class="o">;</span><span class="nt">RETURN</span> <span class="nt">TO</span> <span class="nt">CALLER</span>

        <span class="o">;</span><span class="nt">-----</span> <span class="nt">REPORT</span> <span class="nt">AN</span> <span class="nt">ERROR</span>

<span class="nt">PRERR</span><span class="o">:</span>  <span class="nt">MOV</span>     <span class="o">@</span><span class="p">#</span><span class="nn">KIPAR1</span><span class="o">,</span><span class="nt">R5</span>     <span class="o">;</span><span class="nt">GET</span> <span class="nt">KIPAR</span> <span class="nt">FOR</span> <span class="nt">MAPPED</span> <span class="nt">BASE</span>      
        <span class="nt">ASHC</span>    <span class="p">#</span><span class="nn">6</span><span class="o">,</span><span class="nt">R4</span>           <span class="o">;</span><span class="nt">SHIFT</span> <span class="nt">OVER</span> <span class="nt">FOR</span> <span class="nt">PA</span> <span class="nt">IN</span> <span class="nt">R4</span><span class="p">:</span><span class="nd">R5</span>
        <span class="nt">ADD</span>     <span class="nt">R0</span><span class="o">,</span><span class="nt">R5</span>           <span class="o">;</span><span class="nt">ADD</span> <span class="nt">IN</span> <span class="nt">ERROR</span> <span class="nt">VA</span>
        <span class="nt">ADC</span>     <span class="nt">R4</span>              <span class="o">;</span><span class="nt">CARRY</span> <span class="nt">IF</span> <span class="nt">NECESSSARY</span>
        <span class="nt">SUB</span>     <span class="p">#</span><span class="nn">20002</span><span class="o">,</span><span class="nt">R5</span>       <span class="o">;</span><span class="nt">SUB</span> <span class="nt">VA</span> <span class="nt">OFFSET</span> <span class="nt">AND</span> <span class="nt">BACK</span> <span class="nt">UP</span> <span class="nt">ONE</span>
        <span class="nt">SBC</span>     <span class="nt">R4</span>              <span class="o">;</span><span class="nt">BORROW</span> <span class="nt">IF</span> <span class="nt">NECESSARY</span>
        <span class="nt">JSR</span>     <span class="nt">PC</span><span class="o">,</span><span class="nt">PRW18</span>        <span class="o">;</span><span class="nt">PRINT</span> <span class="nt">PHYSICAL</span> <span class="nt">ADDRESS</span>
        <span class="nt">MOV</span>     <span class="p">#</span><span class="nn">DELIM1</span><span class="o">,</span><span class="nt">R5</span>      <span class="o">;</span><span class="nt">GET</span> <span class="nt">DELIMITER</span>
        <span class="nt">JSR</span>     <span class="nt">PC</span><span class="o">,</span><span class="nt">PRSTR</span>        <span class="o">;</span><span class="nt">PRINT</span> <span class="nt">IT</span>
        <span class="nt">MOV</span>     <span class="nt">R2</span><span class="o">,</span><span class="nt">R5</span>           <span class="o">;</span><span class="nt">GET</span> <span class="nt">EXPECTED</span> <span class="nt">VALUE</span>
        <span class="nt">JSR</span>     <span class="nt">PC</span><span class="o">,</span><span class="nt">PRW16</span>        <span class="o">;</span><span class="nt">PRINT</span> <span class="nt">IT</span>
        <span class="nt">MOV</span>     <span class="p">#</span><span class="nn">DELIM2</span><span class="o">,</span><span class="nt">R5</span>      <span class="o">;</span><span class="nt">GET</span> <span class="nt">DELIMETER</span>
        <span class="nt">JSR</span>     <span class="nt">PC</span><span class="o">,</span><span class="nt">PRSTR</span>        <span class="o">;</span><span class="nt">PRINT</span> <span class="nt">IT</span>
        <span class="nt">MOV</span>     <span class="nt">R0</span><span class="o">,</span><span class="nt">R4</span>           <span class="o">;</span><span class="nt">GET</span> <span class="nt">ADDRESS</span> <span class="nt">AFTER</span> <span class="nt">ERROR</span>
        <span class="nt">MOV</span>     <span class="nt">-</span><span class="o">(</span><span class="nt">R4</span><span class="o">),</span><span class="nt">R5</span>        <span class="o">;</span><span class="nt">BACK</span> <span class="nt">UP</span> <span class="nt">AND</span> <span class="nt">GET</span> <span class="nt">ERROR</span> <span class="nt">VALUE</span>
        <span class="nt">JSR</span>     <span class="nt">PC</span><span class="o">,</span><span class="nt">PRW16</span>        <span class="o">;</span><span class="nt">PRINT</span> <span class="nt">IT</span>
        <span class="nt">MOV</span>     <span class="p">#</span><span class="nn">CRLF</span><span class="o">,</span><span class="nt">R5</span>        <span class="o">;</span><span class="nt">GET</span> <span class="nt">CRLF</span>
        <span class="nt">JSR</span>     <span class="nt">PC</span><span class="o">,</span><span class="nt">PRSTR</span>        <span class="o">;</span><span class="nt">PRINT</span> <span class="nt">IT</span>
        <span class="nt">RTS</span>     <span class="nt">PC</span>              <span class="o">;</span><span class="nt">RETURN</span> <span class="nt">TO</span> <span class="nt">CALLER</span>

        <span class="o">;</span><span class="nt">-----</span> <span class="nt">PRINT</span> <span class="nt">SIX</span> <span class="nt">DIGIT</span> <span class="nt">OCTAL</span> <span class="nt">NUMBER</span>

<span class="nt">PRW16</span><span class="o">:</span>  <span class="nt">CLR</span>     <span class="nt">R4</span>              <span class="o">;</span><span class="nt">CLEAR</span> <span class="nt">UPPER</span> <span class="nt">WORD</span>
<span class="nt">PRW18</span><span class="o">:</span>  <span class="nt">MOV</span>     <span class="p">#</span><span class="nn">6</span><span class="o">,</span><span class="nt">R3</span>           <span class="o">;</span><span class="nt">SIX</span> <span class="nt">DIGITS</span> <span class="nt">TO</span> <span class="nt">PRINT</span>
        <span class="nt">ASHC</span>    <span class="p">#</span><span class="nn">1</span><span class="o">,</span><span class="nt">R4</span>           <span class="o">;</span><span class="nt">SHIFT</span> <span class="nt">IN</span> <span class="nt">MSB</span> <span class="nt">OF</span> <span class="nt">LOW</span> <span class="nt">WORD</span>
<span class="nt">1</span><span class="o">$:</span>     <span class="nt">ADD</span>     <span class="p">#</span><span class="nn">60</span><span class="o">,</span><span class="nt">R4</span>          <span class="o">;</span><span class="nt">MAKE</span> <span class="nt">INTO</span> <span class="nt">ASCII</span> <span class="nt">DIGIT</span>
        <span class="nt">MOV</span>     <span class="nt">R4</span><span class="o">,@</span><span class="p">#</span><span class="nn">XBUF</span>       <span class="o">;</span><span class="nt">PRINT</span> <span class="nt">IT</span>
        <span class="nt">TSTB</span>    <span class="o">@</span><span class="p">#</span><span class="nn">XCSR</span>          <span class="o">;</span><span class="nt">CHECK</span> <span class="nt">IF</span> <span class="nt">XMIT</span> <span class="nt">DONE</span>
        <span class="nt">BPL</span>     <span class="p">.</span><span class="nc">-4</span>             <span class="o">;</span><span class="nt">LOOP</span> <span class="nt">UNTIL</span> <span class="nt">SO</span>
        <span class="nt">CLR</span>     <span class="nt">R4</span>              <span class="o">;</span><span class="nt">RESET</span> <span class="nt">OUTPUT</span> <span class="nt">CHAR</span>
        <span class="nt">ASHC</span>    <span class="p">#</span><span class="nn">3</span><span class="o">,</span><span class="nt">R4</span>           <span class="o">;</span><span class="nt">SHIFT</span> <span class="nt">IN</span> <span class="nt">NEXT</span> <span class="nt">THREE</span> <span class="nt">BITS</span>
        <span class="nt">SOB</span>     <span class="nt">R3</span><span class="o">,</span><span class="nt">1</span><span class="o">$</span>           <span class="o">;</span><span class="nt">LOOP</span> <span class="nt">DIGITS</span>
        <span class="nt">RTS</span>     <span class="nt">PC</span>              <span class="o">;</span><span class="nt">RETURN</span> <span class="nt">TO</span> <span class="nt">CALLER</span>

        <span class="o">;</span><span class="nt">-----</span> <span class="nt">PRINT</span> <span class="nt">NULL-TERMINATED</span> <span class="nt">STRING</span>

<span class="nt">PRSTR</span><span class="o">:</span>  <span class="nt">MOVB</span>    <span class="o">(</span><span class="nt">R5</span><span class="o">)+,@</span><span class="p">#</span><span class="nn">XBUF</span>    <span class="o">;</span><span class="nt">PRINT</span> <span class="nt">ONE</span> <span class="nt">CHAR</span> <span class="nt">AND</span> <span class="nt">ADVANCE</span>
        <span class="nt">TSTB</span>    <span class="o">@</span><span class="p">#</span><span class="nn">XCSR</span>          <span class="o">;</span><span class="nt">CHECK</span> <span class="nt">IF</span> <span class="nt">XMIT</span> <span class="nt">DONE</span>
        <span class="nt">BPL</span>     <span class="p">.</span><span class="nc">-4</span>             <span class="o">;</span><span class="nt">LOOP</span> <span class="nt">UNTIL</span> <span class="nt">SO</span>
        <span class="nt">TSTB</span>    <span class="p">@</span><span class="k">R5</span>             <span class="p">;</span><span class="nt">CHECK</span> <span class="nt">IF</span> <span class="nt">END</span> <span class="nt">OF</span> <span class="nt">STRING</span>
        <span class="nt">BNE</span>     <span class="nt">PRSTR</span>           <span class="o">;</span><span class="nt">LOOP</span> <span class="nt">IF</span> <span class="nt">NOT</span>
        <span class="nt">RTS</span>     <span class="nt">PC</span>              <span class="o">;</span><span class="nt">ELSE</span> <span class="nt">RETURN</span> <span class="nt">TO</span> <span class="nt">CALLER</span>

<span class="nt">IPDRS</span><span class="o">:</span>  <span class="p">.</span><span class="nc">WORD</span>   <span class="nt">077406</span><span class="o">,</span><span class="nt">077406</span><span class="o">,</span><span class="nt">077406</span><span class="o">,</span><span class="nt">077406</span>
        <span class="p">.</span><span class="nc">WORD</span>   <span class="nt">077406</span><span class="o">,</span><span class="nt">000000</span><span class="o">,</span><span class="nt">000000</span><span class="o">,</span><span class="nt">077406</span>

<span class="nt">IPARS</span><span class="o">:</span>  <span class="p">.</span><span class="nc">WORD</span>   <span class="nt">000000</span><span class="o">,</span><span class="nt">000200</span><span class="o">,</span><span class="nt">000400</span><span class="o">,</span><span class="nt">000600</span>
        <span class="p">.</span><span class="nc">WORD</span>   <span class="nt">001000</span><span class="o">,</span><span class="nt">000000</span><span class="o">,</span><span class="nt">000000</span><span class="o">,</span><span class="nt">007600</span>

<span class="nt">DELIM1</span><span class="o">:</span> <span class="p">.</span><span class="nc">ASCIZ</span>  <span class="o">/:</span> <span class="o">/</span>            <span class="o">;</span><span class="nt">POST-ADDRESS</span> <span class="nt">DELIMETER</span>
<span class="nt">DELIM2</span><span class="o">:</span> <span class="p">.</span><span class="nc">ASCIZ</span>  <span class="o">/</span> <span class="o">/</span>             <span class="o">;</span><span class="nt">POST-CRC</span> <span class="nt">DELIMETER</span>
<span class="nt">CRLF</span><span class="o">:</span>   <span class="p">.</span><span class="nc">ASCIZ</span>  <span class="o">&lt;</span><span class="nt">15</span><span class="o">&gt;&lt;</span><span class="nt">12</span><span class="o">&gt;</span>        <span class="o">;</span><span class="nt">LINE</span> <span class="nt">DELIMETER</span>
<span class="nt">RELSTR</span><span class="o">:</span> <span class="p">.</span><span class="nc">ASCIZ</span>  <span class="o">/</span><span class="nt">RELOCATED</span> <span class="nt">TO</span> <span class="nt">PA</span><span class="o">:/</span>
<span class="nt">PCOMPL</span><span class="o">:</span> <span class="p">.</span><span class="nc">ASCIZ</span>  <span class="o">/</span><span class="nt">PASS</span> <span class="nt">COMPLETED</span><span class="o">/&lt;</span><span class="nt">15</span><span class="o">&gt;&lt;</span><span class="nt">12</span><span class="o">&gt;&lt;</span><span class="nt">15</span><span class="o">&gt;&lt;</span><span class="nt">12</span><span class="o">&gt;</span>

<span class="nt">END</span><span class="o">:</span>    <span class="p">.</span><span class="nc">END</span>    <span class="nt">START</span>
</pre></div>
</td></tr></table>

<p>The code above is the end result of quite a bit of successive refinement.  Things learned along the way:</p>
<ul>
<li>
<p>At first the tests consisted only of writing and checking all-ones and all-zeros to each location.  This did
  uncover one more bank with a stuck bit at only some addresses, that my previous spot-checking had missed.
  Lesson: you really gotta check every byte.  Removed, socketed, and replaced the implicated DRAM, and my
  tests passed.</p>
</li>
<li>
<p>Maybe I fixed it, so after this I invested the download time to try the the DEC ZQMC diagnostic again.  It
  ran better than I had seen before, proceeding through a few subtests, but soon started flagging a lot of
  errors that my diagnostic missed. Hmmm.  Inspecting the DEC code, it seemed to be writing and checking
  random data at the time, not just all ones an zeros.  Went ahead and implemented "random" data test in my
  diagnostic, and it immediately started implicating the same chips.  Lesson: all-ones, all-zeros isn't good
  enough...</p>
</li>
<li>
<p>While I was at it, I implemented an additional "write/check each byte with its virtual address" test.
  Interestingly, this found <em>most</em>, but not <em>all</em> of the same chips as the random data test.  Lesson:
  all-ones, all-zeros, and address in each word isn't good enough, either; you really do gotta have that
  "random" data test, too. At this point, went ahead and replaced three more implicated DRAMS, and my tests
  once again passed clean...</p>
</li>
<li>
<p>In the meantime, I did some more code reading on the DEC diagnostic, and found that various features could
  be enabled/disabled via the front panel switches.  With some care, the diagnostic might also be restartable
  without having to wait for an entire re-download, if stopped carefully and in the right place.  So I spent
  the time to re-download, and found with experimentation that the DEC diagnostic would now pass all banks of
  memory cleanly, as long as <em>parity checking was disabled</em>.  Hmm...</p>
</li>
<li>
<p>Moving back to my diagnostic, I noticed that while it ran clean now on all banks, on a fresh power-up it
  would usually light the parity-error LED on the MS11-L on its first pass.  Subsequent passes, after every
  location had been written at least once, were fine.  Since the MS11-L doesn't have any fancy power-up init
  logic, it would make sense to see this if the program read locations without writing them first, but I
  didn't think my code did that.  Enabling parity traps let me catch it in the act, and it was happening on a
  <code>CLR</code> instruction that I was using to init memory!  Lesson: on an 11/45, <code>CLR</code> is implemented like other
  single- operand, modifying instructions, and actually does a DATIP bus cycle from the destination before
  writing back a zero!  So use <code>MOV</code> instead of <code>CLR</code> to init memory if you are worried about tripping parity
  errors... Cleaned this up in my code, and my diagnostic now runs clean on my machine in all circumstances
  without ever tripping a parity error.</p>
</li>
</ul>
<p>So, a lot of issues found and repaired on the MS11-L.  Maybe still some issues with parity error handling,
which seems to be halting the machine instead of taking a trap.  Figured it might be worth a shot to try the
operating systems again, so mounted the respective disks and tried both, and... exact same failures in both
cases!  Womp, womp...</p>
<p>Well, might as well continue to look into the parity error handling, since some things still seem fishy there.
The DEC documentation is a bit murky here; various versions of the KB11-A maintenance manual and 11/45
processor handbook say different and somewhat contradictory things; some info in earlier editions is also
removed from later ones.  The available engineering drawings for the relevant parts of the KB11-A CPU look to
have some significant differences from the actual boards I have on hand, and there are more than a few ECO's
for these boards listed as relating specifically to parity handling, but for which no other information is
available.  And Noel has uncovered evidence that even the Unibus signaling related to parity may have been
changed by DEC around the times of the early 11/45. Could be interesting...</p></div>
    <hr />
</div>
    

        

<div class='article'>
    <div class="content-title">
        <a href="https://fritzm.github.io/rsts.html"><h1>PDP-11/45: RSTS/E V06C attempts</h1></a>
Mon 07 January 2019

by <a class="url fn" href="https://fritzm.github.io/author/fritz-mueller.html">Fritz Mueller</a>
 


 
    </div>
    
    <div><p>Okay, back in action after replacing the failed nand at B26 in the RK11-C.  MAINDEC ZRKK now passes reliably.
Wish I'd been able to get to the bottom of this at the show, but it was really hard to effectively debug on
the floor there while the show was in progress -- you naturally want to stop and chat with everybody who drops
by to take a look, so its hard to get into a good technical flow.</p>
<p>Since one of the RK11-C diagnostics I needed to use writes a pack destructively, I had to sacrifice my working
RT-11 pack along the way.  Rather than go back to the same old RT-11 image, I figured maybe time to try
something different?  RSTS/E would probably be more fun with multiple terminals and the DZ11 that I have
anyway, and I've never actually played around with RSTS.  So decided to give that a go...</p>
<p>Did some poking around looking at various available versions, and V06C seemed like a pretty good starting
point: it's new enough to explicitly support all of my hardware (including the DZ11 and excepting the VT100),
but old enough to still have relatively modest storage requirements so I can hope to run it with the single
RK05 that I currently have working.  There is also complete distribution tape available at rsts.org, and a
fairly complete set of documentation at bitsavers.</p>
<p>Spent a bit of time reading the sysgen manual, and managed to sysgen under simh and generate a bootable
RK05 image for my hardware.  I then transferred this image to my single working pack using PDP11GUI; this is
frustratingly slow (~3 hours to write a 2.5mb pack)!!  I had forgotten how bad this is.  I'm not quite sure
why it is as slow as it is; it shouldn't take much more than 45 minutes to push that much data through a DL11
at 9600 baud, even without compression, and the PDP-11 disk subsystem can easily keep up with that.  I'm not
sure if PDP11GUI is spending a lot of time turning around the serial line, or has a bunch of per-character
overhead, or...?  In any case, I'm motivated to do something about it; more on this some other time soon.</p>
<p>So, unfortunately, the RSTS image which works under simh fails to completely boot on the real hardware. It
runs through the initial "Option:" menu without trouble, and upon start the RSTS light chaser runs in the
data lights on the front panel.  Characters are echoed on the console terminal, but it never reaches code to
print the banner or prompt for the initial control file.  The system appears to be in a loop reading the same
section of disk repetitively, and the display register shows a continuously increasing count.</p>
<p>Got a lot of help from folks over on the cctalk mailing list on this one, since I'm a newbie to RSTS.  Paul K.
provided some useful tips:</p>
<ul>
<li>
<p>RSTS displays an error count in the display register, so that's why I see an increasing count there.</p>
</li>
<li>
<p>The "fancy" idle pattern that includes both the address and data lights apparently shows up in a later
  release of RSTS and requires a particular sysgen option, so its not surprising that I only see the pattern
  in the data lights on my machine.</p>
</li>
<li>
<p>The ODT debugger may be loaded with RSTS for startup debugging by configuring it using an undocumented
  option in the change memory layout section of the "DEFAULT" command at the boot prompt.  Enter "ODT" there,
  and provide a space for it in the memory map.  After that, at ^P at the console will take you to the ODT
  prompt. </p>
<div class="highlight"><pre><span></span>Memory allocation table:

  0K: 00000000 - 00123777 (  21K) : EXEC
 21K: 00124000 - 00213777 (  14K) : RTS (BASIC)
 35K: 00214000 - 00227777 (   3K) : ODT
 38K: 00230000 - 00757777 (  86K) : USER
124K: 00760000 - End              : NXM
</pre></div>


</li>
<li>
<p>A handy way to query the RSTS symbol table is to use the "PATCH" command at the boot prompt (one can also
  look through the .MAP files generated during sysgen):</p>
<div class="highlight"><pre><span></span>Option: PA
File to patch? 
Module name? 
Base address? ERL
Offset address? 
 Base   Offset  Old     New?
041314  000000  005267  ? ^Z
Offset address? ^Z
Base address?
</pre></div>


</li>
<li>
<p>Paul also provided this procedure for triggering a crash dump from an ODT breakpoint under RSTS:</p>
<blockquote>
<p>1. Make sure crash dump is enabled (in the "default" option).  Start the system.  Let it run for at least
one minute.  (I'm not entirely sure about older versions, but I think that a crash within one minute of
startup is handled differently and doesn't do all the usual dump and restart machinery.)</p>
<p>2. Set the data switches all UP.  (In SIMH, enter "D SR 177777".)</p>
<p>3. Set a breakpoint.</p>
<p>4. When you hit the breakpoint, change the PC to 52, like this:</p>
<p>0B:055244<br>
_$7/055244 52<br>
_P  </p>
<p>(you enter only "$7/" and "52<return>" and "P", the rest is output from ODT.)</p>
<p>The system will write the crashdump and then automatically restart.</p>
<p>5. You should now have the crash dump in [0,1]CRASH.SYS</p>
</blockquote>
</li>
</ul>
<p>Further experiments coordinated by Paul then led to the conclusion that an error like this could reasonably be
expected to be triggered by a corrupted INIT.BAC or BASIC.RTS file.  This led me to wish to verify that the
disk pack contents really matched the image file I was running successfully under simh.  Some standalone code
to dump a CRC of every sector on the pack seemed like it would be useful in this regard, so I coded up the
following:</p>
<table class="highlighttable"><tr><td class="linenos"><div class="linenodiv"><pre>  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131</pre></div></td><td class="code"><div class="highlight"><pre><span></span>        <span class="nt">RKDS</span><span class="o">=</span><span class="nt">177400</span>
        <span class="nt">RKER</span><span class="o">=</span><span class="nt">177402</span>
        <span class="nt">RKCS</span><span class="o">=</span><span class="nt">177404</span>
        <span class="nt">RKWC</span><span class="o">=</span><span class="nt">177406</span>
        <span class="nt">RKBA</span><span class="o">=</span><span class="nt">177410</span>
        <span class="nt">RKDA</span><span class="o">=</span><span class="nt">177412</span>

        <span class="nt">XCSR</span><span class="o">=</span><span class="nt">177564</span>
        <span class="nt">XBUF</span><span class="o">=</span><span class="nt">177566</span>

        <span class="p">.</span><span class="nc">ASECT</span>
        <span class="o">.=</span><span class="nt">1000</span>
<span class="nt">START</span><span class="o">:</span>  
        <span class="nt">MOV</span>     <span class="p">#</span><span class="nn">700</span><span class="o">,</span><span class="nt">SP</span>         <span class="o">;</span><span class="nt">INIT</span> <span class="nt">STACK</span> <span class="nt">POINTER</span>

        <span class="o">;</span><span class="nt">-----</span> <span class="nt">INIT</span> <span class="nt">CRC</span> <span class="nt">LOOKUP</span> <span class="nt">TABLE</span>

        <span class="nt">MOV</span>     <span class="p">#</span><span class="nn">10041</span><span class="o">,</span><span class="nt">R0</span>       <span class="o">;</span><span class="nt">CRC</span> <span class="nt">POLYNOMIAL</span> 
        <span class="nt">MOV</span>     <span class="p">#</span><span class="nn">CRCTBL</span><span class="o">,</span><span class="nt">R1</span>      <span class="o">;</span><span class="nt">LOOKUP</span> <span class="nt">TABLE</span> <span class="nt">TO</span> <span class="nt">FILL</span>
        <span class="nt">ADD</span>     <span class="p">#</span><span class="nn">1000</span><span class="o">,</span><span class="nt">R1</span>        <span class="o">;</span><span class="nt">START</span> <span class="nt">FILLING</span> <span class="nt">FROM</span> <span class="nt">END</span> <span class="o">(+</span><span class="nt">256</span> <span class="nt">WORDS</span><span class="o">)</span>
        <span class="nt">MOV</span>     <span class="p">#</span><span class="nn">377</span><span class="o">,</span><span class="nt">R2</span>         <span class="o">;</span><span class="nt">COUNT</span> <span class="nt">DOWN</span> <span class="nt">FROM</span> <span class="nt">INDEX</span> <span class="nt">255</span>
<span class="nt">L0</span><span class="o">:</span>     <span class="nt">MOV</span>     <span class="nt">R2</span><span class="o">,</span><span class="nt">R4</span>           <span class="o">;</span><span class="nt">GET</span> <span class="nt">COPY</span> <span class="nt">OF</span> <span class="nt">INDEX</span>
        <span class="nt">SWAB</span>    <span class="nt">R4</span>              <span class="o">;</span><span class="nt">MOVE</span> <span class="nt">TO</span> <span class="nt">UPPER</span> <span class="nt">BYTE</span>
        <span class="nt">MOV</span>     <span class="p">#</span><span class="nn">10</span><span class="o">,</span><span class="nt">R3</span>          <span class="o">;</span><span class="nt">LOOP</span> <span class="nt">OVER</span> <span class="nt">EIGHT</span> <span class="nt">BITS</span> <span class="nt">OF</span> <span class="nt">INDEX</span>  
<span class="nt">L1</span><span class="o">:</span>     <span class="nt">ASL</span>     <span class="nt">R4</span>              <span class="o">;</span><span class="nt">SHIFT</span><span class="o">,</span> <span class="nt">MSB</span> <span class="nt">TO</span> <span class="nt">CARRY</span> <span class="nt">FLAG</span>
        <span class="nt">BCC</span>     <span class="nt">L2</span>              <span class="o">;</span><span class="nt">IF</span> <span class="nt">MSB</span> <span class="nt">NOT</span> <span class="nt">SET</span> <span class="nt">SKIP</span> <span class="nt">AHEAD</span>
        <span class="nt">XOR</span>     <span class="nt">R0</span><span class="o">,</span><span class="nt">R4</span>           <span class="o">;</span><span class="nt">ELSE</span> <span class="nt">XOR</span> <span class="nt">IN</span> <span class="nt">POLYNOMIAL</span>
<span class="nt">L2</span><span class="o">:</span>     <span class="nt">SOB</span>     <span class="nt">R3</span><span class="o">,</span><span class="nt">L1</span>           <span class="o">;</span><span class="nt">LOOP</span> <span class="nt">OVER</span> <span class="nt">BITS</span>
        <span class="nt">MOV</span>     <span class="nt">R4</span><span class="o">,</span><span class="nt">-</span><span class="o">(</span><span class="nt">R1</span><span class="o">)</span>        <span class="o">;</span><span class="nt">SAVE</span> <span class="nt">RESULT</span> <span class="nt">IN</span> <span class="nt">LOOKUP</span> <span class="nt">TABLE</span>
        <span class="nt">DEC</span>     <span class="nt">R2</span>              <span class="o">;</span><span class="nt">COUNT</span> <span class="nt">DOWN</span>
        <span class="nt">BPL</span>     <span class="nt">L0</span>              <span class="o">;</span><span class="nt">LOOP</span> <span class="nt">OVER</span> <span class="nt">TABLE</span> <span class="nt">ENTRIES</span>

        <span class="nt">CLR</span>     <span class="nt">R5</span>              <span class="o">;</span><span class="nt">INIT</span> <span class="nt">SECTOR</span> <span class="nt">COUNTER</span>

        <span class="o">;</span><span class="nt">-----</span> <span class="nt">PRINT</span> <span class="nt">START</span> <span class="nt">OF</span> <span class="nt">LINE</span>

<span class="nt">L3</span><span class="o">:</span>     <span class="nt">MOV</span>     <span class="nt">R5</span><span class="o">,</span><span class="nt">R0</span>           <span class="o">;</span><span class="nt">GET</span> <span class="nt">SECTOR</span> <span class="nt">COUNTER</span>
        <span class="nt">JSR</span>     <span class="nt">PC</span><span class="o">,</span><span class="nt">PRNW</span>         <span class="o">;</span><span class="nt">PRINT</span> <span class="nt">IT</span>
        <span class="nt">MOV</span>     <span class="p">#</span><span class="nn">DELIM1</span><span class="o">,</span><span class="nt">R0</span>      <span class="o">;</span><span class="nt">GET</span> <span class="nt">POST-SECTOR</span> <span class="nt">DELIMETER</span>
        <span class="nt">JSR</span>     <span class="nt">PC</span><span class="o">,</span><span class="nt">PRNSTR</span>       <span class="o">;</span><span class="nt">PRINT</span> <span class="nt">IT</span>

        <span class="o">;</span><span class="nt">-----</span> <span class="nt">READ</span> <span class="nt">8</span> <span class="nt">SECTORS</span> <span class="nt">FROM</span> <span class="nt">DISK</span>

<span class="nt">L4</span><span class="o">:</span>     <span class="nt">MOV</span>     <span class="nt">R5</span><span class="o">,@</span><span class="p">#</span><span class="nn">RKDA</span>       <span class="o">;</span><span class="nt">SET</span> <span class="nt">START</span> <span class="nt">SECTOR</span>
        <span class="nt">MOV</span>     <span class="p">#</span><span class="nn">DBUF</span><span class="o">,@</span><span class="p">#</span><span class="nn">RKBA</span>    <span class="o">;</span><span class="nt">SET</span> <span class="nt">TARGET</span> <span class="nt">ADDRESS</span>
        <span class="nt">MOV</span>     <span class="p">#</span><span class="nn">-4000</span><span class="o">,@</span><span class="p">#</span><span class="nn">RKWC</span>   <span class="o">;</span><span class="nt">READ</span> <span class="nt">8</span> <span class="nt">SECTORS</span> <span class="o">(</span><span class="nt">2K</span> <span class="nt">WORDS</span><span class="o">)</span>
        <span class="nt">MOV</span>     <span class="p">#</span><span class="nn">5</span><span class="o">,@</span><span class="p">#</span><span class="nn">RKCS</span>       <span class="o">;</span><span class="nt">READ</span> <span class="o">+</span> <span class="nt">GO</span>
        <span class="nt">TSTB</span>    <span class="o">@</span><span class="p">#</span><span class="nn">RKCS</span>          <span class="o">;</span><span class="nt">CHECK</span> <span class="nt">RKCS</span> <span class="nt">RDY</span> <span class="nt">BIT</span>
        <span class="nt">BPL</span>     <span class="p">.</span><span class="nc">-4</span>             <span class="o">;</span><span class="nt">LOOP</span> <span class="nt">IF</span> <span class="nt">BUSY</span>

        <span class="o">;</span><span class="nt">-----</span> <span class="nt">HANDLE</span> <span class="nt">ERROR</span> <span class="nt">IF</span> <span class="nt">ANY</span>

        <span class="nt">BIT</span>     <span class="p">#</span><span class="nn">100000</span><span class="o">,@</span><span class="p">#</span><span class="nn">RKCS</span>  <span class="o">;</span><span class="nt">CHECK</span> <span class="nt">FOR</span> <span class="nt">ERROR</span>
        <span class="nt">BEQ</span>     <span class="nt">L5</span>              <span class="o">;</span><span class="nt">SKIP</span> <span class="nt">AHEAD</span> <span class="nt">IF</span> <span class="nt">NOT</span>
        <span class="nt">MOV</span>     <span class="p">#</span><span class="nn">ERRSTR</span><span class="o">,</span><span class="nt">R0</span>      <span class="o">;</span><span class="nt">POINT</span> <span class="nt">TO</span> <span class="nt">ERROR</span> <span class="nt">INDICATOR</span>
        <span class="nt">JSR</span>     <span class="nt">PC</span><span class="o">,</span><span class="nt">PRNSTR</span>       <span class="o">;</span><span class="nt">PRINT</span> <span class="nt">IT</span>
        <span class="nt">MOV</span>     <span class="o">@</span><span class="p">#</span><span class="nn">RKER</span><span class="o">,</span><span class="nt">R0</span>       <span class="o">;</span><span class="nt">GET</span> <span class="nt">ERROR</span> <span class="nt">REG</span>
        <span class="nt">JSR</span>     <span class="nt">PC</span><span class="o">,</span><span class="nt">PRNW</span>         <span class="o">;</span><span class="nt">PRINT</span> <span class="nt">IT</span>
        <span class="nt">BR</span>      <span class="nt">L8</span>              <span class="o">;</span><span class="nt">MOVE</span> <span class="nt">ON</span> <span class="nt">TO</span> <span class="nt">NEXT</span> <span class="nt">8</span> <span class="nt">SECTORS</span>

<span class="nt">L5</span><span class="o">:</span>     <span class="nt">MOV</span>     <span class="p">#</span><span class="nn">DBUF</span><span class="o">,</span><span class="nt">R4</span>        <span class="o">;</span><span class="nt">POINT</span> <span class="nt">TO</span> <span class="nt">START</span> <span class="nt">OF</span> <span class="nt">DATA</span> <span class="nt">JUST</span> <span class="nt">READ</span>

        <span class="o">;</span><span class="nt">-----</span> <span class="nt">RUN</span> <span class="nt">CRC</span> <span class="nt">FOR</span> <span class="nt">ONE</span> <span class="nt">SECTOR</span><span class="o">.</span>  <span class="nt">FOR</span> <span class="nt">EACH</span> <span class="nt">INPUT</span> <span class="nt">BYTE</span> <span class="nt">CH</span><span class="o">:</span>
        <span class="o">;</span>       <span class="nt">CRC</span> <span class="o">=</span> <span class="nt">CRCTBL</span><span class="cp">[</span><span class="p">((</span><span class="nx">CRC</span> <span class="o">&gt;&gt;</span> <span class="mi">8</span><span class="p">)</span> <span class="p">^</span> <span class="nx">CH</span><span class="p">)</span> <span class="o">&amp;</span> <span class="mi">255</span><span class="cp">]</span> <span class="o">^</span> <span class="o">(</span><span class="nt">CRC</span> <span class="o">&lt;&lt;</span> <span class="nt">8</span><span class="o">)</span>

<span class="nt">L6</span><span class="o">:</span>     <span class="nt">CLR</span>     <span class="nt">R0</span>              <span class="o">;</span><span class="nt">RESET</span> <span class="nt">CRC</span>
        <span class="nt">MOV</span>     <span class="p">#</span><span class="nn">1000</span><span class="o">,</span><span class="nt">R1</span>        <span class="o">;</span><span class="nt">LOOP</span> <span class="nt">OVER</span> <span class="nt">ONE</span> <span class="nt">SECTOR</span> <span class="o">(</span><span class="nt">256</span> <span class="nt">WORDS</span><span class="o">)</span>
<span class="nt">L7</span><span class="o">:</span>     <span class="nt">MOV</span>     <span class="nt">R0</span><span class="o">,</span><span class="nt">R2</span>           <span class="o">;</span><span class="nt">GET</span> <span class="nt">COPY</span> <span class="nt">OF</span> <span class="nt">CRC</span>
        <span class="nt">SWAB</span>    <span class="nt">R2</span>              <span class="o">;</span><span class="nt">MOVE</span> <span class="nt">HIGH</span> <span class="nt">BYTE</span> <span class="nt">DOWN</span>
        <span class="nt">MOVB</span>    <span class="o">(</span><span class="nt">R4</span><span class="o">)+,</span><span class="nt">R3</span>        <span class="o">;</span><span class="nt">GET</span> <span class="nt">NEXT</span> <span class="nt">INPUT</span> <span class="nt">BYTE</span> <span class="nt">TO</span> <span class="nt">PROCESS</span>
        <span class="nt">XOR</span>     <span class="nt">R3</span><span class="o">,</span><span class="nt">R2</span>           <span class="o">;</span><span class="nt">XOR</span> <span class="nt">ONTO</span> <span class="nt">MUNGED</span> <span class="nt">CRC</span>
        <span class="nt">BIC</span>     <span class="p">#</span><span class="nn">177400</span><span class="o">,</span><span class="nt">R2</span>      <span class="o">;</span><span class="nt">MASK</span> <span class="nt">OFF</span> <span class="nt">HIGH</span> <span class="nt">BYTE</span>
        <span class="nt">ASL</span>     <span class="nt">R2</span>              <span class="o">;</span><span class="nt">TIMES</span> <span class="nt">TWO</span> <span class="nt">INDEX</span> <span class="nt">INTO</span> <span class="nt">LOOKUP</span> <span class="nt">TABLE</span>
        <span class="nt">MOV</span>     <span class="nt">CRCTBL</span><span class="o">(</span><span class="nt">R2</span><span class="o">),</span><span class="nt">R3</span>   <span class="o">;</span><span class="nt">LOOKUP</span> <span class="nt">VALUE</span>
        <span class="nt">SWAB</span>    <span class="nt">R0</span>              <span class="o">;</span><span class="nt">MOVE</span> <span class="nt">LOW</span> <span class="nt">BYTE</span> <span class="nt">OF</span> <span class="nt">CRC</span> <span class="nt">UP</span>
        <span class="nt">CLRB</span>    <span class="nt">R0</span>              <span class="o">;</span><span class="nt">MASK</span> <span class="nt">OFF</span> <span class="nt">THE</span> <span class="nt">BOTTOM</span>
        <span class="nt">XOR</span>     <span class="nt">R3</span><span class="o">,</span><span class="nt">R0</span>           <span class="o">;</span><span class="nt">XOR</span> <span class="nt">IN</span> <span class="nt">THE</span> <span class="nt">LOOKED</span> <span class="nt">UP</span> <span class="nt">VALUE</span>
        <span class="nt">SOB</span>     <span class="nt">R1</span><span class="o">,</span><span class="nt">L7</span>           <span class="o">;</span><span class="nt">LOOP</span> <span class="nt">OVER</span> <span class="nt">BYTES</span>

        <span class="o">;</span><span class="nt">-----</span> <span class="nt">PRINT</span> <span class="nt">CRC</span><span class="o">,</span> <span class="nt">DELIMIT</span> <span class="nt">AND</span> <span class="nt">LOOP</span>

        <span class="nt">JSR</span>     <span class="nt">PC</span><span class="o">,</span><span class="nt">PRNW</span>         <span class="o">;</span><span class="nt">PRINT</span> <span class="nt">CRC</span><span class="o">,</span> <span class="nt">ALREADY</span> <span class="nt">IN</span> <span class="nt">R0</span>
        <span class="nt">CMP</span>     <span class="nt">R4</span><span class="o">,</span><span class="p">#</span><span class="nn">DBUF</span><span class="o">+</span><span class="nt">10000</span>  <span class="o">;</span><span class="nt">END</span> <span class="nt">OF</span> <span class="nt">DISK</span> <span class="nt">BUFFER</span><span class="o">?</span>
        <span class="nt">BEQ</span>     <span class="nt">L8</span>              <span class="o">;</span><span class="nt">IF</span> <span class="nt">SO</span><span class="o">,</span> <span class="nt">EXIT</span> <span class="nt">LOOP</span>
        <span class="nt">MOV</span>     <span class="p">#</span><span class="nn">DELIM2</span><span class="o">,</span><span class="nt">R0</span>      <span class="o">;</span><span class="nt">ELSE</span> <span class="nt">POINT</span> <span class="nt">TO</span> <span class="nt">POST-CRC</span> <span class="nt">DELIMETER</span>
        <span class="nt">JSR</span>     <span class="nt">PC</span><span class="o">,</span><span class="nt">PRNSTR</span>       <span class="o">;</span><span class="nt">PRINT</span> <span class="nt">IT</span>
        <span class="nt">BR</span>      <span class="nt">L6</span>              <span class="o">;</span><span class="nt">GO</span> <span class="nt">DO</span> <span class="nt">ANOTHER</span> <span class="nt">SECTOR</span>

        <span class="o">;</span><span class="nt">-----</span> <span class="nt">DELIMIT</span> <span class="nt">END</span> <span class="nt">OF</span> <span class="nt">LINE</span><span class="o">,</span> <span class="nt">LOOP</span>

<span class="nt">L8</span><span class="o">:</span>     <span class="nt">MOV</span>     <span class="p">#</span><span class="nn">CRLF</span><span class="o">,</span><span class="nt">R0</span>        <span class="o">;</span><span class="nt">POINT</span> <span class="nt">TO</span> <span class="nt">LINE</span> <span class="nt">DELIMETER</span>
        <span class="nt">JSR</span>     <span class="nt">PC</span><span class="o">,</span><span class="nt">PRNSTR</span>       <span class="o">;</span><span class="nt">PRINT</span> <span class="nt">IT</span>
        <span class="nt">ADD</span>     <span class="p">#</span><span class="nn">10</span><span class="o">,</span><span class="nt">R5</span>          <span class="o">;</span><span class="nt">MOVE</span> <span class="nt">AHEAD</span> <span class="nt">8</span> <span class="nt">SECTORS</span>
        <span class="nt">CMP</span>     <span class="nt">R5</span><span class="o">,</span><span class="p">#</span><span class="nn">11410</span>       <span class="o">;</span><span class="nt">AT</span> <span class="nt">END</span> <span class="nt">OF</span> <span class="nt">PACK</span><span class="o">?</span>
        <span class="nt">BLT</span>     <span class="nt">L3</span>              <span class="o">;</span><span class="nt">IF</span> <span class="nt">NOT</span><span class="o">,</span> <span class="nt">GO</span> <span class="nt">DO</span> <span class="nt">THE</span> <span class="nt">NEXT</span> <span class="nt">8</span>

        <span class="nt">HALT</span>                    <span class="o">;</span><span class="nt">ALL</span> <span class="nt">DONE</span><span class="o">!</span>

        <span class="o">;</span><span class="nt">-----</span> <span class="nt">PRINT</span> <span class="nt">A</span> <span class="nt">WORD</span> <span class="nt">IN</span> <span class="nt">OCTAL</span>

<span class="nt">PRNW</span><span class="o">:</span>   <span class="nt">MOV</span>     <span class="p">#</span><span class="nn">6</span><span class="o">,</span><span class="nt">R2</span>           <span class="o">;</span><span class="nt">SIX</span> <span class="nt">DIGITS</span> <span class="nt">TO</span> <span class="nt">PRINT</span>
        <span class="nt">MOV</span>     <span class="nt">R0</span><span class="o">,</span><span class="nt">R1</span>           <span class="o">;</span><span class="nt">MOVE</span> <span class="nt">OUTPUT</span> <span class="nt">WORD</span> <span class="nt">OVER</span> <span class="nt">TO</span> <span class="nt">R1</span>
        <span class="nt">CLR</span>     <span class="nt">R0</span>              <span class="o">;</span><span class="nt">RESET</span> <span class="nt">OUTPUT</span> <span class="nt">CHAR</span>
        <span class="nt">ASHC</span>    <span class="p">#</span><span class="nn">1</span><span class="o">,</span><span class="nt">R0</span>           <span class="o">;</span><span class="nt">AND</span> <span class="nt">SHIFT</span> <span class="nt">IN</span> <span class="nt">MSB</span> <span class="nt">TO</span> <span class="nt">START</span>
<span class="nt">L9</span><span class="o">:</span>     <span class="nt">ADD</span>     <span class="p">#</span><span class="nn">60</span><span class="o">,</span><span class="nt">R0</span>          <span class="o">;</span><span class="nt">MAKE</span> <span class="nt">INTO</span> <span class="nt">ASCII</span> <span class="nt">DIGIT</span>
        <span class="nt">MOV</span>     <span class="nt">R0</span><span class="o">,@</span><span class="p">#</span><span class="nn">XBUF</span>       <span class="o">;</span><span class="nt">PRINT</span> <span class="nt">IT</span>
        <span class="nt">TSTB</span>    <span class="o">@</span><span class="p">#</span><span class="nn">XCSR</span>          <span class="o">;</span><span class="nt">CHECK</span> <span class="nt">IF</span> <span class="nt">XMIT</span> <span class="nt">DONE</span>
        <span class="nt">BPL</span>     <span class="p">.</span><span class="nc">-4</span>             <span class="o">;</span><span class="nt">LOOP</span> <span class="nt">UNTIL</span> <span class="nt">SO</span>
        <span class="nt">CLR</span>     <span class="nt">R0</span>              <span class="o">;</span><span class="nt">RESET</span> <span class="nt">OUTPUT</span> <span class="nt">CHAR</span>
        <span class="nt">ASHC</span>    <span class="p">#</span><span class="nn">3</span><span class="o">,</span><span class="nt">R0</span>           <span class="o">;</span><span class="nt">SHIFT</span> <span class="nt">IN</span> <span class="nt">NEXT</span> <span class="nt">THREE</span> <span class="nt">BITS</span>
        <span class="nt">SOB</span>     <span class="nt">R2</span><span class="o">,</span><span class="nt">L9</span>           <span class="o">;</span><span class="nt">LOOP</span> <span class="nt">DIGITS</span>
        <span class="nt">RTS</span>     <span class="nt">PC</span>              <span class="o">;</span><span class="nt">RETURN</span> <span class="nt">TO</span> <span class="nt">CALLER</span>

        <span class="o">;</span><span class="nt">-----</span> <span class="nt">PRINT</span> <span class="nt">A</span> <span class="nt">NULL-TERMINATED</span> <span class="nt">STRING</span>

<span class="nt">PRNSTR</span><span class="o">:</span> <span class="nt">MOVB</span>    <span class="o">(</span><span class="nt">R0</span><span class="o">)+,@</span><span class="p">#</span><span class="nn">XBUF</span>    <span class="o">;</span><span class="nt">PRINT</span> <span class="nt">ONE</span> <span class="nt">CHAR</span> <span class="nt">AND</span> <span class="nt">ADVANCE</span>
        <span class="nt">TSTB</span>    <span class="o">@</span><span class="p">#</span><span class="nn">XCSR</span>          <span class="o">;</span><span class="nt">CHECK</span> <span class="nt">IF</span> <span class="nt">XMIT</span> <span class="nt">DONE</span>
        <span class="nt">BPL</span>     <span class="p">.</span><span class="nc">-4</span>             <span class="o">;</span><span class="nt">LOOP</span> <span class="nt">UNTIL</span> <span class="nt">SO</span>
        <span class="nt">TSTB</span>    <span class="p">@</span><span class="k">R0</span>             <span class="p">;</span><span class="nt">CHECK</span> <span class="nt">IF</span> <span class="nt">END</span> <span class="nt">OF</span> <span class="nt">STRING</span>
        <span class="nt">BNE</span>     <span class="nt">PRNSTR</span>          <span class="o">;</span><span class="nt">LOOP</span> <span class="nt">IF</span> <span class="nt">NOT</span>
        <span class="nt">RTS</span>     <span class="nt">PC</span>              <span class="o">;</span><span class="nt">ELSE</span> <span class="nt">RETURN</span> <span class="nt">TO</span> <span class="nt">CALLER</span>

<span class="nt">DELIM1</span><span class="o">:</span> <span class="p">.</span><span class="nc">ASCIZ</span>  <span class="o">/:</span> <span class="o">/</span>            <span class="o">;</span><span class="nt">POST-SECTOR</span> <span class="nt">DELIMETER</span>
<span class="nt">DELIM2</span><span class="o">:</span> <span class="p">.</span><span class="nc">ASCIZ</span>  <span class="o">/</span> <span class="o">/</span>             <span class="o">;</span><span class="nt">POST-CRC</span> <span class="nt">DELIMETER</span>
<span class="nt">CRLF</span><span class="o">:</span>   <span class="p">.</span><span class="nc">ASCIZ</span>  <span class="o">&lt;</span><span class="nt">15</span><span class="o">&gt;&lt;</span><span class="nt">12</span><span class="o">&gt;</span>        <span class="o">;</span><span class="nt">LINE</span> <span class="nt">DELIMETER</span>
<span class="nt">ERRSTR</span><span class="o">:</span> <span class="p">.</span><span class="nc">ASCIZ</span>  <span class="o">/</span><span class="nt">ERROR</span><span class="o">:</span> <span class="o">/</span>       <span class="o">;</span><span class="nt">ERROR</span> <span class="nt">INDICATOR</span>

<span class="nt">CRCTBL</span><span class="o">:</span> <span class="p">.</span><span class="nc">BLKW</span>   <span class="nt">400</span>             <span class="o">;</span><span class="nt">CRC</span> <span class="nt">LOOKUP</span> <span class="nt">TABLE</span>
<span class="nt">DBUF</span><span class="o">:</span>   <span class="p">.</span><span class="nc">BLKW</span>   <span class="nt">4000</span>            <span class="o">;</span><span class="nt">DISK</span> <span class="nt">DATA</span> <span class="nt">BUFFER</span>

        <span class="p">.</span><span class="nc">END</span>    <span class="nt">START</span>
</pre></div>
</td></tr></table>

<p>Running this indicated the RSTS pack was in good shape, and not corrupt.  So, maybe I have had a lurking
hardware bug in my memory system (a 256KB MS11-L), which never tripped up RT-11 and so has to date
gone undiagnosed?</p>
<p>At this point, Noel suggested on cctalk that I give Release 6 Unix a try as well, and see if it suffers
similarly.  Worth a shot!  Out of time for now, and back to the day gig tomorrow after holiday break.
Happy new year, all!</p></div>
    <hr />
</div>
    

        

<div class='article'>
    <div class="content-title">
        <a href="https://fritzm.github.io/behaving-badly.html"><h1>PDP-11/45 Behaving Badly</h1></a>
Sun 09 December 2018

by <a class="url fn" href="https://fritzm.github.io/author/fritz-mueller.html">Fritz Mueller</a>
 


 
    </div>
    
    <div><p>Wow, a year to the day since the previous post here!  Not a lot of PDP-11 work this past year, with lots of
other stuff like home improvements going on, but a few things worth catching up on here.</p>
<p>Mainly, I got brave this past year and decided to actually rent a van and take the 11/45 out of the basement
to the VCF West show at the Computer History Museum in Mountain View.  This was a <em>lot</em> more physical work
than I had anticipated.  Working on this thing a piece at a time, sitting in one place in the basement, you
get kind of used to it and forget how much iron it actually is...  But breaking it down, loading it into a
van, unloading into the show, reassembling, then reversing the whole process at the end of the show is a stark
reminder, both of the size of the machine and of my advancing age, ha!  A <em>huge</em> thank-you to my workmate
Brian, who selflessly gave up a weekend, a vacation day, and some mileage on his back to give me
a hand.  He has already informed me that "the answer for next year is 'no'." :-)</p>
<p><img src='/images/pdp11/VCFW3_thumbnail_tall.jpg' title='Reassembly on the VCF West show floor' onclick='pswipe("pdp11",76);'/>
<img src='/images/pdp11/VCFW1_thumbnail_tall.jpg' title='Running diagnostics and consulting the RK11-C prints...' onclick='pswipe("pdp11",77);'/>
<img src='/images/pdp11/VCFW2_thumbnail_tall.jpg' title='Pavl stops by with an RX02 and controller to help out with debug.  Replacement KM11 debug board visible in the upper diagnostic port of the RK11-C.' onclick='pswipe("pdp11",78);'/>
<img src='/images/pdp11/VCFW4_thumbnail_tall.jpg' title='With Pete Richert, an old friend from Digidesign days!' onclick='pswipe("pdp11",79);'/></p>
<p>I suppose I should have expected it, but in the course of transportation to the show something shook loose resulting in a machine that wouldn't boot RT-11 when reassembled on the show floor (stupid bumpy rental
van!)  So my show became a two day live-troubleshooting exhibit.  This was fine, and I think a lot of
folks had fun jumping in and helping with troubleshooting (thanks, all!)  There was a lot of interest and
reminiscence about the machine and I met a lot of nice people.  Still, a little disappointing, because I
really had wanted people to be able to sit down and use the machine, and also because my head ended up in the
machine the whole time I really didn't get to see the rest of the show or talk to other people about their
exhibits!  Ah well.  In the end I did cajole a successful boot out of it, 15 mins. before the show closed, so
at least a couple people got to sit down and play Adventure.  Placed 3rd in the restoration category :-)</p>
<p>So, what went wrong?  At the show I managed to isolate the problem to something intermittent related to
interrupts from the RK11-C controller.  I was still able to boot the RKDP diagnostic pack, since its
bootstrap and monitor make very conservative use of processor and device interface features.  Running through
the diagnostics, managed to narrow down the problem to RK11-C completion polling after overlapped seeks.  I
guess RT-11 makes use of this feature.</p>
<p>I got the machine home and reassembled, and verified that the problem was still manifesting.  Then many months
passed, until I found some time to dig deeper into the problem just last night.  The relevant failing
diagnostic is ZRKK test 37, and the output is:</p>
<div class="highlight"><pre><span></span>DRIVE 0

RK11 DIDN&#39;T INTRUPT AFTER SK COMPLETED
  PC     RKCS    RKER    RKDS
014476  000310  000000  004713


SCP DIDN&#39;T SET AFTER SEEK WAS DONE
  PC   RKCS
014526  000310


RK11 DIDN&#39;T INTRUPT AFTER SK COMPLETED
  PC     RKCS    RKER    RKDS
014476  000310  000000  004712


SCP DIDN&#39;T SET AFTER SEEK WAS DONE
  PC   RKCS
014526  000310


TIMOUT,PC=004536
</pre></div>


<p>And the relevant bit of the diagnostic listing:</p>
<table class="highlighttable"><tr><td class="linenos"><div class="linenodiv"><pre> 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48</pre></div></td><td class="code"><div class="highlight"><pre><span></span>014362  2$:     MOV     RKVEC,R1
014366          MOV     #3$,(R1)+               ;SET UP VECTOR ADRES FOR RK11 INTERUPT
014372          MOV     #340,(R1)               ;SET UP PSW ON INTERRUPT
014376          BIS     #40,@RKDA               ;ADRES CYLINDER #1
014404          MOV     #111,@R0                ;SEEK, GO WITH IDE SET
014410          WAT.INT ,300                    ;WAIT FOR THE DRIVE TO
                                                ;INTERRUPT AFTER ADRES WAS RECVD
                                                ;WAITING TIME= 1.4 MS FOR 11/20
                                                ;280 US FOR 11/45
                                                ;ERROR, IF INTERUPT DID NOT OCCUR
                                                ;BY NOW
014414          MOV     #BADINT,@RKVEC          ;RESTORE UNEXPECTED RK11 INTERRUPT
014422          MOV     @R0,$REG0               ;GET RKCS
014426          ERROR   75                      ;INTERRUPT DID NOT OCCUR AFTER
                                                ;SEEK WAS INITIATED WITH IDE SET
014430          BR      3$+4
014432  3$:     CMP     (SP)+,(SP)+             ;OK, IF RK11 INTERRUPTED TO THIS
                                                ;RESTORE STACK POINTER (FROM RK11 INTERRUPT)
014434          CMP     (SP)+,(SP)+             ;RESTORE STACK POINTER (FROM
                                                ;WAT.INT)
014436          MOV     #5$,@RKVEC              ;SET UP NEW VECTOR ADRES FOR RK11
014444          BIT     #20000,@R0              ;IS SCP CLEAR
014450          BEQ     4$                      ;YES, BRANCH
014452          MOV     @R0,$REG0               ;GET RKCS
014456          ERROR   76                      ;SCP SET BEFORE SEEK TO LAST
                                                ;CYLINDER WAS DONE
014460  4$:     WAT.INT ,56700                  ;WAIT FOR DRIVE TO INTERRUPT
                                                ;AFTER SEEK WAS COMPLETED
                                                ;WAITING TIME=180 MS FOR 11/20
                                                ;36 MS FOR 11/45
014464          MOV     #BADINT,@RKVEC          :IT&#39;S AN ERROR IF BY THIS TIME
                                                ;INTERRUPT HAS NOT OCCURERED
014472          JSR     PC,GT3RG                ;GO GET RKCS, ER, DS
014476          ERROR   77                      ;RK11 DID NOT INTERRUPT AFTER SEEK (TO
                                                ;LAST CYLINDER) WAS DONE WITH IDE SET
014500          BR      5$+2
014502  5$:     CMP     (SP)+,(SP)+             ;OK, IF RK11 INTERUPTED TO THIS AFTER
                                                ;SEEK WAS COMPLETED. RESTORE
                                                ;STACK POINTER (FROM RK11 INTERRUPT)
014504          CMP     (SP)+,(SP)+             ;RESTORE STACK POINTER (FROM
                                                ;WAT.INT)
014506          MOV     #BADINT,@RKVEC          ;RESTORE RK11 INTERRUPT VECTOR ADRES
                                                ;FOR UNEXPECTED INTERUTS
014514          BIT     #20000,@R0              ;DID SCP BIT SET?
014520          BNE     6$                      ;YES, BRANCH
014522          MOV     @R0,$REG0               ;GET RKCS
014526          ERROR   53                      ;SCP DID NOT SET AFTER RK11 INTERRUPTED
                                                ;INDICATING SEEK WAS
</pre></div>
</td></tr></table>

<p>So, based on the fact that we don't hit error 75 from 14426 (and the fact that the previous test, #36, in
this diagnostic is passing) unlike some previous issues the RK11 here <em>is</em> able to generate interrupts and the
11/45 CPU is fielding them.  The issue seems related to the seek completion polling circuitry on the RK11.</p>
<p>This circuitry is described in section 3.3.2 of the RK11-C manual, and is detailed in engineering drawings
D-BS-RK11-C-12, sheets 1 and 2.  When a seek or reset is in progress for any drive and the IDE bit in the
controller is set, the controller will poll all drives for completion when it is otherwise idle.  When
polling is active, a pulse train which drives a count through the polled drives should be visible at B27F2:</p>
<p><img style="display:block; margin-left:auto; margin-right:auto" src="/images/pdp11/poll-counter.png" title="RK11-C polling clock"/></p>
<p>A quick look with the 'scope shows no joy here.  This clock is initiated by signal POLL; which doesn't seem to
be being asserted.  Checking the origin of that signal takes us to B26 and A26:</p>
<p><img style="display:block; margin-left:auto; margin-right:auto" src="/images/pdp11/poll-enable.png" title="RK11-C polling clock enable"/></p>
<p>Hmmm, one of these gates (the inverter at A26) is one that had failed and that I had repaired sometime last
year...  Reseated the socketed replacement on A26, reloaded the diagnostic, but still no go.  Well at least
it wasn't my repair job!  Went ahead and pulled A26 and B26 and bench tested the gates.  The 8-input nand
that outputs to B26J2 does look fishy.  Pulled and socketed the piece, and put a replacement and some spares
on order at Jameco where I can pick them up on my way in to work tomorrow.  All for now!</p></div>
    <hr />
</div>
    

        

<div class='article'>
    <div class="content-title">
        <a href="https://fritzm.github.io/la30-4.html"><h1>PDP-11/45: LA30 repair IV</h1></a>
Sat 09 December 2017

by <a class="url fn" href="https://fritzm.github.io/author/fritz-mueller.html">Fritz Mueller</a>
 


 
    </div>
    
    <div><p>Received replacement components for the blown G380 solenoid driver channel.  After this repair, all pins are
firing and printing correctly.  Calibrated left margin.  Checked pin drive signal, which was within
specifications and required no adjustment.</p>
<p>Went to check carriage return pulse timing calibrations, but as it turns out the G396 clock accelerator card
in this LA30 has not had ECO 2 applied and therefore has no timing calibration pots.  Carriage return seems to
be functioning correctly and reliably after the left margin adjustment in any case.</p>
<p>Inspected and cleaned the M7910 interface card; it appears to be in good shape.  Rejumpered the base address
and interrupt vector for console operation. Slotted it into the PDP-11 in place of the DL11 I had been using
up until now, and cabled up to the LA30.  Booted to the M9301 monitor and then on into RT-11, and everything
seems to be working fine!  Here's a short video of the RT-11 boot, followed by the start of a session of
Adventure:</p>
<p><span class="videobox">
                    <iframe width="640" height="390"
                        src='https://www.youtube.com/embed/gMIL2bvUYIs?rel=0'
                        frameborder='0' webkitAllowFullScreen
                        mozallowfullscreen allowFullScreen>
                    </iframe>
                </span></p></div>
    <hr />
</div>
    
<div class="pagination">
<ul>
    <li class="prev"><a href="https://fritzm.github.io/index.html">&larr; Previous</a></li>

    <li class=""><a href="https://fritzm.github.io/index.html">1</a></li>
    <li class="active"><a href="https://fritzm.github.io/index2.html">2</a></li>
    <li class=""><a href="https://fritzm.github.io/index3.html">3</a></li>
    <li class=""><a href="https://fritzm.github.io/index4.html">4</a></li>
    <li class=""><a href="https://fritzm.github.io/index5.html">5</a></li>
    <li class=""><a href="https://fritzm.github.io/index6.html">6</a></li>
    <li class=""><a href="https://fritzm.github.io/index7.html">7</a></li>
    <li class=""><a href="https://fritzm.github.io/index8.html">8</a></li>

    <li class="next"><a href="https://fritzm.github.io/index3.html">Next &rarr;</a></li>

</ul>
</div>
  
        </div>
        
        <div class="span3">

            <div class="well" style="padding: 8px 0; background-color: #FBFBFB;">
            <ul class="nav nav-list">
                <li class="nav-header"> 
                Site
                </li>
            
                <li><a href="https://fritzm.github.io/archives.html">Archives</a>
                <li><a href="https://fritzm.github.io/tags.html">Tags</a>



                <li><a href="https://fritzm.github.io/feeds/all.rss.xml" rel="alternate">RSS feed</a></li>

            </ul>
            </div>


            <div class="well" style="padding: 8px 0; background-color: #FBFBFB;">
            <ul class="nav nav-list">
                <li class="nav-header"> 
                Categories
                </li>
                
                <li><a href="https://fritzm.github.io/category/arcade-games.html">Arcade Games</a></li>
                <li><a href="https://fritzm.github.io/category/math.html">Math</a></li>
                <li><a href="https://fritzm.github.io/category/micros.html">Micros</a></li>
                <li><a href="https://fritzm.github.io/category/pdp-11.html">PDP-11</a></li>
                <li><a href="https://fritzm.github.io/category/programming.html">Programming</a></li>
                <li><a href="https://fritzm.github.io/category/radios.html">Radios</a></li>
                   
            </ul>
            </div>




            <div class="social">
            <div class="well" style="padding: 8px 0; background-color: #FBFBFB;">
            <ul class="nav nav-list">
                <li class="nav-header"> 
                Social
                </li>
           
                <li><a href="http://facebook.com/fritzmueller">facebook</a></li>
                <li><a href="http://instagram.com/infrafritz">Instagram</a></li>
                <li><a href="http://www.linkedin.com/pub/fritz-mueller/a/679/62/">LinkedIn</a></li>
                <li><a href="http://jsfiddle.net/user/fritzm/fiddles/">JSFiddle</a></li>
                <li><a href="https://github.com/fritzm">GitHub</a></li>
            </ul>
            </div>
            </div>

        </div>  
    </div>     </div> 
<footer>
<br />
<p><a href="https://fritzm.github.io">fritzm.github.io</a> &copy; Fritz Mueller 2023</p>
</footer>

</div> <!-- /container -->

<!-- Photoswipe -->
<div class="pswp" tabindex="-1" role="dialog" aria-hidden="true">
    <div class="pswp__bg"></div>
    <div class="pswp__scroll-wrap">
        <div class="pswp__container">
            <div class="pswp__item"></div>
            <div class="pswp__item"></div>
            <div class="pswp__item"></div>
        </div>
        <div class="pswp__ui pswp__ui--hidden">
            <div class="pswp__top-bar">
                <div class="pswp__counter"></div>
                <button class="pswp__button pswp__button--close" title="Close (Esc)"></button>
                <button class="pswp__button pswp__button--share" title="Share"></button>
                <button class="pswp__button pswp__button--fs" title="Toggle fullscreen"></button>
                <button class="pswp__button pswp__button--zoom" title="Zoom in/out"></button>
                <div class="pswp__preloader">
                    <div class="pswp__preloader__icn">
                      <div class="pswp__preloader__cut">
                        <div class="pswp__preloader__donut"></div>
                      </div>
                    </div>
                </div>
            </div>
            <div class="pswp__share-modal pswp__share-modal--hidden pswp__single-tap">
                <div class="pswp__share-tooltip"></div>
            </div>
            <button class="pswp__button pswp__button--arrow--left" title="Previous (arrow left)">
            </button>
            <button class="pswp__button pswp__button--arrow--right" title="Next (arrow right)">
            </button>
            <div class="pswp__caption">
                <div class="pswp__caption__center"></div>
            </div>
        </div>
    </div>
</div>

<script src="http://ajax.googleapis.com/ajax/libs/jquery/1.7.1/jquery.min.js"></script>
<script src="https://fritzm.github.io/theme/bootstrap-collapse.js"></script>
 
</body>
</html>