HP 3000 Simulator Fixes ======================= INCORPORATED FIXES ------------------ The following modifications have been incorporated into the global code base and released to the public: 1. PROBLEM: The effective address of a byte pointer with a negative index is calculated incorrectly. VERSION: Release 1. OBSERVATION: Defining a :WELCOME message in MPE appears to work, but when the next logon attempts to print the message, an infinite number of CRLFs are printed instead. CAUSE: The welcome message is stored in an extra data segment. The format for each message line is a line length stored in the lower byte of the word preceding the message string. The code defines BYTE POINTER NEXTLINE and points NEXTLINE to the first message character. The line length is set with NEXTLINE(-1) := IOCOUNT. This generates a LOAD ; LDXN 1 ; STB ,I,X sequence. In the "cpu_ea" routine, the indexing adds the X register value (-1) to the byte pointer (NEXTLINE). This causes an overflow that is not masked to 16 bits. For a word access, this displacement is added to the base register and then masked to 16 bits, which gives the correct value. However, for byte accesses, the displacement is divided by 2 and then added, and the sum is masked. Dividing by 2 shifts the overflow bit into the MSB, causing the addition result to be off by 32K. The STB goes to the wrong location, the original zero in the length byte location is retained, and when the welcome message is printed, a zero-length line is printed, and the byte pointer is incremented by zero, so the null line is printed forever. RESOLUTION: Modify "cpu_ea" (hp3000_cpu.c) to mask indexed displacements to 16 bits after adding the X register value. STATUS: Fixed in Release 2. 2. PROBLEM: An SMSK instruction may clear the interrupt mask flip-flop of a device that specifies that it is should be "always enabled." VERSION: Release 1. OBSERVATION: If the TOS word is zero, an SMSK instruction will clear the interrupt mask flip-flop of a device whose mask jumper is set to "E" (always enabled). CAUSE: In response to a DSETMASK signal, device interfaces set their interrupt mask flip-flops by "ANDing" the incoming data word with the interrupt mask jumper setting. The jumper setting value for "always enabled" is %177777, which sets the mask flip-flop in all cases, except when the data word is zero. RESOLUTION: Modify hp3000_atc.c, hp3000_ds.c, and hp3000_ms.c to set their mask flip-flops unconditionally if the jumper setting is "E". STATUS: Fixed in Release 2. 3. PROBLEM: The "SET INTMASK=" command sets the wrong bit in the device interface's interrupt mask jumper setting. VERSION: Release 1. OBSERVATION: The interrupt mask jumper on a device interface is set by specifying the mask bit number in a "SET INTMASK=" command. This sets a bit in the device's interrupt mask jumper word corresponding to the bit number requested. However, the bit numbering is incorrect; setting the jumper for bit 15, for example, sets bit 0 of the jumper word. Therefore, the interface's mask flip-flop is not set as expected when an SMSK instruction is executed. CAUSE: The bit numbers were counted from the wrong end of the word. RESOLUTION: Modify "hp_set_dib" and "hp_show_dib" (hp3000_sys.c) to number the bits from the MSB instead of the LSB. STATUS: Fixed in Release 2. 4. PROBLEM: The Multiplexer Channel is not generating the ACKSR signal correctly. VERSION: Release 1. OBSERVATION: The line printer controller hangs when an SIO chained write is performed. The first programmed write completes normally, but the second does not start. The channel is waiting for a service request that does not occur. CAUSE: The service request from the last write of the first block transfer is being cleared by an ACKSR generated by the Multiplexer Channel when it performs the IOCW fetch in State A for the second write request. The channel should omit this ACKSR when the previous I/O order was a chained read or write. However, the simulator is testing the order just fetched (Write) instead of the order that has just completed (Write Chained). RESOLUTION: Modify "mpx_service" (hp3000_mpx.c) to test the correct I/O order in State A. STATUS: Fixed in Release 2. 5. ENHANCEMENT: Change uint16 types to HP_WORD. VERSION: Release 1. OBSERVATION: The "uint16" type is used to represent 16-bit registers, memory, and buses across the simulator. In particular, the device controller interface routine takes a uint16 inbound data parameter, and the CPU registers and memory array are all uint16 variables. However, IA-32 processors execute instructions with 32-bit operands much faster than those with 16-bit operands, so the use of correctly sized variables is significantly slower (~10%) than the use of larger variables with explicit masking to 16 bits. RESOLUTION: Modify hp3000_atc.c, hp3000_cpu.c, hp3000_cpu.h, hp3000_defs.h, hp3000_ds.c, hp3000_mpx.c, hp3000_ms.c, hp3000_scmb.c, hp3000_sel.c, hp3000_sys.c, hp_disclib.c, hp_disclib.h, hp_tapelib.c, and hp_tapelib.h to replace "uint16" type uses with a new "HP_WORD" type that is defined as "uint32". This improves execution speed while still calling out that the variable corresponds to a 16-bit hardware value. Add a separate type, MEMORY_WORD, to represent memory values. It is defined as "uint16". STATUS: Fixed in Release 2. 6. ENHANCEMENT: Change the disc and tape library buffer element types from uint16 and uint8 to DL_BUFFER and TL_BUFFER, respectively. VERSION: Release 1. OBSERVATION: The disc and tape buffer arrays are declared in the client modules but manipulated by the respective libraries. To ensure that both use the same element types, they were changed from "uint16" and "uint8" to new "DL_BUFFER" and "TL_BUFFER" types that are exported by the libraries for the clients' use. The underlying types remain 16-bit and 8-bit unsigned values, respectively. RESOLUTION: Modify hp_disclib.c, hp_disclib.h, and hp3000_ds.c to use "DL_BUFFER" instead of "uint16", and hp_tapelib.c, hp_tapelib.h, and hp3000_ms.c to use "TL_BUFFER" instead of "uint8" as the buffer element types. STATUS: Fixed in Release 2. 7. ENHANCEMENT: Add a trace to identify the unit requesting attention. VERSION: Release 1. OBSERVATION: The disc library polls drives for attention when the controller is idle. If one is found, a Drive Attention interrupt is generated. The trace log records the check for attention but does not indicate which unit is causing the interrupt. RESOLUTION: Modify "poll_drives" (hp_disclib.c) to add a trace line that indicates the drive number that requested attention. STATUS: Fixed in Release 2. 8. ENHANCEMENT: Change SCP local routine declarations for the revised SCP API function parameter types. VERSION: Release 1. OBSERVATION: The SCP API was revised to change a number of pointer-to- variable parameters into pointer-to-constants. Specifically, a number of "char *" parameters became "const char *" parameters. To maintain compatibility with the 3.x code base, which still uses pointer-to-variable parameters, a shim in the form of a CONST macro is used to declare the parameters (e.g., "CONST char *"), where CONST is "const" in 4.x and is the null string in 3.x. RESOLUTION: Modify hp3000_atc.c, hp3000_cpu.c, hp3000_defs.h, hp3000_ds.c, hp3000_iop.c, hp3000_ms.c, hp3000_scmb.c, hp3000_sys.c, hp_disclib.c, hp_disclib.h, hp_tapelib.c, and hp_tapelib.h to add "CONST" to the affected SCP API parameter types. STATUS: Fixed in Release 2. 9. ENHANCEMENT: Change declarations to pointers-to-constants when referring to string literals. VERSION: Release 1. OBSERVATION: Several structures and function parameters are declared with "char *" types but point at literal strings. These must be "const char *" types, as they are pointing at constants. RESOLUTION: Modify hp3000_cpu.c, hp3000_mpx.c, hp3000_sel.c, hp3000_sys.c, hp_disclib.c, and hp_tapelib.c to use pointers-to-constants when referring to string literals. STATUS: Fixed in Release 2. 10. PROBLEM: Correct %d format to %u for unsigned values. VERSION: Release 1. OBSERVATION: In many places, the "%d" format was used to output the values of both signed and unsigned integer variables. However, "%d" is valid only for signed variables; the correct format for unsigned variables is "%u". The difference is apparent only when the signed value is negative or the unsigned value has the MSB set. RESOLUTION: Modify hp3000_clk.c, hp3000_cpu.c, hp3000_ds.c, hp3000_iop.c, hp3000_mpx.c, hp3000_ms.c, hp3000_sel.c, hp3000_sys.c, hp_disclib.c, and hp_tapelib.c to use "%u" where appropriate. STATUS: Fixed in Release 2. 11. ENHANCEMENT: Change the clear/attach/on/offline trace category from INCO to CMD. VERSION: Release 1. OBSERVATION: The trace lines that report clearing the controller and tape units attached, set offline, and set online are currently classified as "command initiations and completions." However, they would be more correctly classified as "controller commands." RESOLUTION: Modify the "dpprintf" calls that trace the above operations to pass the TL_DEB_CMD flag instead of the previous TL_DEB_INCO flag. STATUS: Fixed in Release 2. 12. ENHANCEMENT: Add a simulation of the 2607/13/17/18 line printers. VERSION: Release 1. OBSERVATION: MPE cannot be configured to run without a line printer, and attempting to output to one causes "NON-RESPONDING DRT #14" and "SYSTEM FAILURE #201" when the printer doesn't respond. A variety of printers connected via the HP 30051A Universal Interface are supported by MPE, with I/O configuration subtypes specifying the printer characteristics. RESOLUTION: Add a simulation of the HP 30051A Universal Interface and the HP 2607, 2613, 2617, and 2618 line printers (hp3000_lp.c), and modify the "sim_devices" array (hp3000_sys.c) to add the LP device. STATUS: Fixed in Release 2. 13. PROBLEM: Document the limitation on calling "fmt_bitset" twice in the same trace call. VERSION: Release 1. OBSERVATION: The "fmt_bitset" routine formats a set of bits into a readable string suitable for trace output. However, calling "fmt_bitset" more than once in the same output call garbles the output. CAUSE: The routine uses an internal static buffer to format the bit set and returns a pointer to that buffer. Calling the routine a second time within the same output statement overwrites the first buffer value. Either modify the routine to allocate the buffer dynamically, to receive an external buffer pointer as a parameter, or to document the restriction that the caller must save the buffer contents before calling the routine a second time within the same output call. RESOLUTION: Modify "fmt_bitset" (hp3000_sys.c) to document the restriction on multiple calls within the same trace output. STATUS: Fixed in Release 2. 14. ENHANCEMENT: Add UNDEFs for the simulator-specific register macros. VERSION: Release 1. OBSERVATION: The simulator defines three new register-definition macros with the names "FBDATA", "SRDATA", and "YRDATA." However, if any of these names are subsequently defined by SCP, a "duplicate macro" error will occur. RESOLUTION: Modify hp3000_defs.h to undefine any register macro names that are then defined by the simulator. STATUS: Fixed in Release 2. 15. PROBLEM: Use correct type for pointer subtraction. VERSION: Release 1. OBSERVATION: Subtracting two pointers returns a value of type "ptrdiff_t", which is a signed integer type with implementation-defined size. In particular, Windows declares it to be either a 32- or 64-bit value, depending on the underlying default integer size. There are several places where pointer subtraction is used to derive a device unit number. These will always be small integers but must be cast to a 32-bit size to avoid compiler warnings on 64-bit systems and to work correctly with "%d" output formats. RESOLUTION: Modify hp3000_atc.c, hp3000_ds.c, hp3000_lp.c, hp3000_ms.c, hp_disclib.c, and hp_tapelib.c to cast "ptrdiff_t" values to "int32" types. STATUS: Fixed in Release 2. 16. PROBLEM: Define bit-mask constants as unsigned. VERSION: Release 1. OBSERVATION: Numeric constants in C carry type information that is implied by the value and the base in which it is expressed. For example, decimal constants are always signed, but octal constants may be unsigned if the value exceeds the signed range. Moreover the precision of the constant depends on its value. This means that an expression such as "1 << x", which is signed, may be defined or undefined depending on the value of x. C provides explicitly unsigned constants by appending a "u" to the numeric value, and explicitly long constants by appending a "L" to the value. RESOLUTION: Modify all files that use constants as bit masks to define them as explicitly unsigned. STATUS: Fixed in Release 2. 17. ENHANCEMENT: Avoid saving pointers as device state variables. VERSION: Release 1. OBSERVATION: Several devices use pointers as state variables. All state variables must be referenced by REG entries to ensure that they are SAVEd and RESTOREd properly. However, pointers are specific to the memory layout employed by the host operating system when loading the simulator executable. It is better to save values that are independent of the load mapping, e.g., array indexes rather than array pointers, and to recreate the pointers as needed from these values during restoration. RESOLUTION: Modify "start_command" and "dl_attach" (hp_disclib.c), "tl_attach" (hp_tapelib.c), and "sel_initialize" (hp3000_sel.c) to reestablish their associated pointer state variables, rather than depending on REG entries to save them across a SAVE/RESTORE operation. STATUS: Fixed in Release 2. 18. PROBLEM: The simulator rejects a port configuration string when attaching an ATC channel to a host serial port. VERSION: Release 1. OBSERVATION: Attempting to add a serial port configuration string, such as "1200-8n1", when attaching an ATC channel to a host serial port fails with "Invalid argument." Because the ATC fakes speed-sensing, and because the terminal multiplexer library overrides the host default settings, there is no way for the user to specify the connection speed. RESOLUTION: Modify "atcc_reset" (hp3000_atc.c) to remove the call to the "tmxr_set_modem_control_passthru" routine. This call had been necessary to allow the ATCC to drop Telnet connections by denying DTR but is no longer. STATUS: Fixed in Release 2. 19. PROBLEM: Avoid setting FLIP_FLOPs with C boolean values. VERSION: Release 1. OBSERVATION: The "interrupt_request" DIB field is an enumeration type, FLIP_FLOP, that has the values CLEAR and SET. The DRESETINT case of the clock interface sets the value to a boolean expression rather than to these values. There is an implicit assumption that FALSE = CLEAR and TRUE = SET, but that is not necessarily correct. It would be better to use the boolean value to test which FLIP_FLOP enumeration value to assign. RESOLUTION: Modify "clk_interface" (hp3000_clk.c) to use boolean values as tests to determine the assignment to "interrupt_request" rather than assigning the boolean values directly. STATUS: Fixed in Release 2. 20. ENHANCEMENT: Change the macro used to define the IOP "filter" to BRDATA. VERSION: Release 1. OBSERVATION: The I/O Processor provides a user-settable filter to exclude trace lines for specified devices. The filter is implemented as a four-element array of unsigned 32-bit integers. This array is stored in a hidden register entry, as it is a state variable. Currently, the SRDATA macro is used to save the filter as an array of bytes. A better mapping would use a BRDATA macro to save it as an array of 32-bit words. RESOLUTION: Modify "iop_reg" (hp3000_iop.c) to specify the FILTER register with the BRDATA macro. STATUS: Fixed in Release 2. 21. ENHANCEMENT: Instruction masks for mnemonic printing need only be 16 bits wide. VERSION: Release 1. OBSERVATION: The "fprint_instruction" routine takes a mask value that is used to obtain the instruction opcode. This parameter had been of type "t_value", as that matches the type of the variable holding the instruction. A "t_value" may be either 32 or 64 bits wide, depending on compilation switches, and 32-bit constants must be zero-filled to 64 bits in the latter case. However, HP 3000 instructions are always 16 bits wide, so the extra precision incurs an execution penalty for no benefit. RESOLUTION: Modify "fprint_instruction" (hp3000_sys.c) to change the "mask" parameter type from "t_value" to "uint32". STATUS: Fixed in Release 2. 22. PROBLEM: Attempting to DUMP after a RESTORE of an MPE session aborts the simulator with an "integer division by zero" exception. VERSION: Release 2. OBSERVATION: Stopping the simulator during an idle MPE session, saving the state to a file, exiting, restarting, restoring, and attempting to create a cold dump tape aborts with a "divide by 0" error. CAUSE: The "clk_update_counter" routine in hp3000_clk.c is called as part of the instruction postlude to update the clock's counter register. A calculation divides the elapsed time since the last tick by the clock unit's "wait" value. The developer's manual states that this field is saved and restored automatically, but this is not true. When the simulator is restarted, the "wait" field is initially zero. If "clk_update_counter" is called before the clock's event service routine resets the value, the calculation will divide by zero, which causes the abort. RESOLUTION: Modify "clk_reg" (hp3000_clk.c) and "lp_reg" (hp3000_lp.c) to add register entries for the unit wait fields to ensure that they are saved and restored. STATUS: Fixed in Release 3. 23. ENHANCEMENT: Eliminate the variable width and depth features of the VFU register. VERSION: Release 2. OBSERVATION: In the prior release, the "width", "depth", and "offset" fields of the VFU register were changed to correspond to the current VFU definition. This allowed the EXAMINE LP VFU[ALL] command to display the number of entries corresponding to the form length and VFU channel count. However, this presented complications for SAVE/RESTORE, as these fields are not saved. A workaround was implemented that specified a structure register immediately preceding the VFU register that saved the content of the VFU register. This required a run-time assignment of the "loc" field to point at the VFU register. Unfortunately, saving the VFU register structure also saved its "loc" pointer, and if the save file was reloaded into a later version of the simulator (that changed the location), an access exception could occur. While it is possible to save the VFU register "width", "depth", and "offset" fields in three other registers, and set those locations at run time, it is simpler to extend the SHOW LP VFU command to display the VFU channel definitions and to return the VFU register to standard operation (where ALL displays the full element count). RESOLUTION: Extend "lp_show_vfu" to display the VFU channel definitions and remove the structure register that saved the VFU register values. STATUS: Fixed in Release 3. 24. ENHANCEMENT: Ensure that single-unit devices reference a unit array. VERSION: Release 2. OBSERVATION: The "units" field of the DEVICE structure is documented as pointing to an array of UNIT structures. Because array references in C are equivalent to pointers to the first elements, a pointer to a single UNIT structure is accepted for the "units" field in lieu of a reference to a single-element array. The single-unit devices in the simulator currently have a mix of these declarations. Logically, though, the latter is preferred. RESOLUTION: Modify "clk_unit" (hp3000_clk.c), "cpu_unit" (hp3000_cpu.c), and "sel_unit" (hp3000_sel.c) from single UNIT structures to arrays containing single elements. STATUS: Fixed in Release 3. 25. ENHANCEMENT: Add the DUMP command to simulate the cold dump facility. VERSION: Release 2. OBSERVATION: The Series II/III systems write the contents of main memory to magnetic tape when the ENABLE and DUMP front panel buttons are pressed. This tape can then be analyzed with the MPE Dump Analyzer program (DPAN4). This facility is not currently simulated. RESOLUTION: Modify "halt_mode_interrupt" (hp3000_cpu.c) to simulate the cold dump process. STATUS: Fixed in Release 3. 26. PROBLEM: An SIO READ or WRITE order with a 4K count displays as zero. VERSION: Release 2. OBSERVATION: SIO READ and WRITE orders define bits 4-15 as the negative word count of the transfer. If bits 4-15 are zero, the transfer is 4096 words long. However, an EXAMINE -I command displays the word count as zero. CAUSE: The display value is being calculated incorrectly. RESOLUTION: Modify "IOCW_COUNT" (hp3000_cpu_ims.h) to sign-extend the 12-bit count correctly to 16 bits, and modify "fprint_order" (hp3000_sys.c) to negate the values to display the counts as positive. Also modify "mpx_interface" (hp3000_mpx.c) to display the correct count in the debug trace for the DREADSTB operation. STATUS: Fixed in Release 3. 27. PROBLEM: An I/O reset does not clear a pending external interrupt. VERSION: Release 2. OBSERVATION: A cold load begins with a CPU reset and an I/O reset. A cold dump begins with an I/O reset only to preserve the CPU state for the dump operation. The external interrupt flip-flop on the IOP is cleared by an I/O reset, which should clear the external interrupt bit in the CPX1 register. However, this does not occur, causing the interrupt generated by placing the tape drive online to be misinterpreted as the SIO program completion interrupt. Because the SIO pointer is not set as expected, the cold dump microcode assumes that a tape error occurred and performs a retry. This writes an erase gap at the beginning of the tape but otherwise produces a valid tape. CAUSE: Oversight. RESOLUTION: Add a new "iop_reset" routine (hp3000_iop.c) that is called during an I/O reset and that clears the external interrupt bit of the CPX1 register. STATUS: Fixed in Release 3. 28. ENHANCEMENT: Change the character and bitset formatting routines to allow multiple concurrent calls. VERSION: Release 2. OBSERVATION: The "fmt_bitset" and "fmt_char" routines use static buffers to hold their formatted results. If a routine is called twice within the same trace output call, the first results are overwritten by the second results. Avoiding this requires the intermediate results to be copied to separate buffers, which is awkward. RESOLUTION: Modify "fmt_bitset" and "fmt_char" (hp3000_sys.c) to implement circular static buffers so that pointers to multiple formatted strings may be returned concurrently. STATUS: Fixed in Release 3. 29. ENHANCEMENT: Add the CMD instruction and module interrupt support. VERSION: Release 2. OBSERVATION: The base instruction set is missing the CMD instruction, which is used to send programmable commands from the CPU to any designated module. CAUSE: Implementation of the CMD instruction was intentionally deferred until after the initial releases, as it is only used by the CPU diagnostics. RESOLUTION: Modify "io_control" (hp3000_cpu_base.c) to add the CMD instruction executor and to modify the SED executor to set the module interrupt bit in the CPX1 register if one is pending, and modify "cpu_run_mode_interrupt" (hp3000_cpu.c) to add a handler for module interrupts. STATUS: Fixed in Release 3. 30. ENHANCEMENT: Add power failure and restoration support. VERSION: Release 2. OBSERVATION: The simulator currently does not model power failure and power restoration, so the power-fail interrupt and power-on trap routines have not been tested. RESOLUTION: Add the "UNIT_PFARS" flag (hp3000_cpu.h) and the "set_pfars" validation routine (hp3000_cpu.c) for the new SET CPU ARS and SET CPU NOARS commands. Add "iop_assert_PFWARN" (hp3000_iop.c, hp3000_io.h) to assert the PFWARN signal to all devices. Modify "ui_interface", "diag_control", and "lp_reset" (hp3000_lp.c) to handle PFWARN assertion. Add the POWER command and "cpu_power_cmd" handler to the "aux_cmds" table (hp3000_sys.c), and move the "hp_cold_cmd" routine to the CPU module as "cpu_cold_cmd". STATUS: Fixed in Release 3. 31. PROBLEM: RESTORE of a file SAVEd with a different executable may abort the simulator. VERSION: Release 2. OBSERVATION: Entering SAVE to save the simulator state on an executable compiled with one set of compiler options or compiler version and then entering RESTORE to restore the state on an executable compiled with a different set of compiler options or compiler version succeeds. However, attempting to resume execution results in an access exception. CAUSE: The simulator's internal Device Information Blocks contain pointers to the devices' I/O interface handlers, which are saved as part of the DIB structure in the simulator state file. When restoring the state, the interface handler pointers are restored. However, the addresses of one or more routines may have changed, due to differing memory layouts, so the restored values are no longer correct. If they are not, and I/O is performed to the affected device(s), control transfers to an invalid code location. RESOLUTION: Modify hp3000_io.h to add a new REG_DIB macro that defines the register entries needed to save the DIB state, and modify hp3000_atc.c, hp3000_clk.c, hp3000_ds.c, hp3000_lp.c, hp3000_mpx.c, hp3000_ms.c, and hp3000_scmb.c to change the REG entries referencing the DIB structures to use the REG_DIB macro. STATUS: Fixed in Release 3. 32. PROBLEM: The LOAD command does not report "Cold load complete". VERSION: Release 2. OBSERVATION: The LOAD command should report success after completion of a cold load operation, but it doesn't. Instead, the SCP prompt returns with no indication of whether the command succeeded or failed. Using the equivalent BOOT CPU command does print the expected "Cold load complete" message. CAUSE: The "Cold load complete" message is printed by the simulator's "fprint_stopped" routine that is called via the "sim_vm_fprint_stopped" pointer from the "run_cmd_message" routine in SCP. The latter is invoked via the "message" field of the command table. The LOAD, DUMP, and POWER commands all invoke "sim_instr" via "run_cmd" but do not specify routine pointers for their message fields, so no completion messages are reported. RESOLUTION: Modify "one_time_init" (hp3000_sys.c) to set the "message" fields of the LOAD, DUMP, and POWER commands to point at the same routine as is used by the system "CONTINUE" command. STATUS: Fixed in Release 3. 33. PROBLEM: RESTOREing with the ATCD attached cancels active line services. VERSION: Release 2. OBSERVATION: Doing a SAVE while the ATCD has line services scheduled, e.g., while outputting characters, and then following immediately with a RESTORE cancels the line services. For example, after a SAVE, a SHOW QUEUE command prints: HP 3000 event queue status, time = 907247803 CLK at 0 ATCD unit 0 at 241 CPU at 27917 ATCD unit 16 at 27918 DS unit 8 at 612615 Entering RESTORE and then SHOW QUEUE prints: HP 3000 event queue status, time = 907247803 CLK at 0 CPU at 27917 ATCD unit 16 at 27918 DS unit 8 at 612615 Note that ATCD unit 0 is no longer scheduled. CAUSE: The "atcd_detach" routine is called during RESTORE if the listening port is currently attached in preparation for reattaching to the port specified in the SAVE file. The routine detaches the listening port and then cancels each line to terminate any transfers in progress. This is appropriate for DETACH ATCD and DETACH ALL, but not for RESTORE, as the terminal channels have already been rescheduled as indicated in the SAVE file, and canceling them hangs the channels. RESOLUTION: Modify "atcd_detach" (hp3000_atc.c) to skip the channel termination loop if the SIM_SW_REST flag is set to indicate a RESTORE in progress. STATUS: Fixed in Release 3. 34. ENHANCEMENT: Add a simulation of the COBOL II Extension Instruction Set. VERSION: Release 3. OBSERVATION: The COBOLII compiler generates machine code that uses special microcoded routines to accelerate COBOL programs. Without a simulation of the COBOL II Extension Instruction Set, COBOL-II programs will not run. RESOLUTION: Add a new "hp3000_cis.c" module that implements the HP 32234A COBOL II Extension Instruction Set firmware. Modify "cpu_mod" (hp3000_cpu.c) to add the CIS/NOCIS modifiers to the command table. STATUS: Fixed in Release 4. 35. ENHANCEMENT: Add symbolic display of EDIT subprograms. VERSION: Release 3. OBSERVATION: The EDIT instruction takes as an operand a relative byte offset to the subprogram to be executed. This subprogram consists of a sequence of operations that are performed by the instruction. It would be helpful to permit both tracing and symbolic examination of the operations. RESOLUTION: Add "fprint_edit" and "fprint_subop" routines (hp3000_sys.c) to format and print EDIT operation mnemonics. Modify "fprint_sym" to support an "-E" switch that allows examination of memory as a sequence of EDIT operations and an "-R" switch that begins symbolic display with the operation in the right-hand byte of the word at the starting address rather than the left-hand byte. STATUS: Fixed in Release 4. 36. ENHANCEMENT: Create a new module to contain the main memory simulation. VERSION: Release 3. OBSERVATION: The Language Extension Instructions make extensive use of byte memory operands. Rather than implementing memory accesses in each instruction's executor, a set of byte-access routines is added. To avoid adding to an already-large CPU simulation, the existing memory access routines were split out into a new module, which includes the new byte-access routines. RESOLUTION: Add a new "hp3000_mem.c" module that implements a simulation of the HP 3000 memory subsystem. STATUS: Fixed in Release 4. 37. ENHANCEMENT: Add the ability to trace instruction operands. VERSION: Release 3. OBSERVATION: Some instructions take memory and register operands that are difficult to decode from DATA or REG traces. It would be helpful if these operands were presented in a higher-level format. RESOLUTION: Modify "cpu_deb" (hp3000_cpu.c) to add an OPND trace option that enables operand tracing. Add "fmt_byte_operand", "fmt_bcd_operand", and "fmt_translated_byte_operand" routines (hp3000_mem.c) to trace byte, BCD, and translated byte operands. STATUS: Fixed in Release 4. 38. ENHANCEMENT: Add the ability to trace execution of selected instructions. VERSION: Release 3. OBSERVATION: General CPU instruction tracing very quickly generates a large number of lines in the debug log. Still, it is helpful to have detailed tracing enabled when an instruction is suspected of executing improperly. A good compromise would be the ability to enable a full trace for the execution of a single instruction or set of related instructions (e.g., for the CIS set). RESOLUTION: Add a new "SET CPU EXEC={;}" command and corresponding EXEC debug option that turns on all tracing options only for instructions matching the specified criteria. STATUS: Fixed in Release 4. 39. ENHANCEMENT: Use only the names of active options to align the output trace. VERSION: Release 3. OBSERVATION: When tracing is enabled, the longest trace option name is determined to permit the trace lines to be padded to align the output. Only devices with active tracing are scanned to minimize the trace line length. However, short names are padded to the longest trace name in the table, rather than the longest trace name enabled. This results in output such as: >>MPX sr: Device number 6 asserted SR3 ...instead of the preferred: >>MPX sr: Device number 6 asserted SR3 RESOLUTION: Modify "hp_device_conflict" (hp3000_sys.c) to consider only trace options that are enabled rather than all options when determining the longest name. STATUS: Fixed in Release 4. 40. PROBLEM: SETR prints a base register trace when values have not changed. VERSION: Release 3. OBSERVATION: The SETR instruction may be used to change any combination of the SBANK, DB, DL, Z, STA, X, Q, and SM register values. If the REG trace is active, the base register values will be printed after the instruction completes. This occurs whether or not the base register values were actually changed. In particular, the CPU diagnostic uses the SETR instruction to flush the stack to memory without changing any base registers. The REG trace in this case is unnecessary. CAUSE: The "cpu_base_changed" flag is set unconditionally when the instruction completes. It should be set only if the SETR instruction specifies one or more base registers to change. RESOLUTION: Modify "cpu_move_spec_fw_imm_field_reg_op" (hp3000_cpu_base.c) to set the "cpu_base_changed" flag only if one or more base register change bits are set in the instruction operand field. STATUS: Fixed in Release 4. 41. PROBLEM: Invalid bank and offset values are accepted for address entry. VERSION: Release 3. OBSERVATION: Bank-offset addresses with out-of-range the bank or offset values, e.g., EXAMINE 30.0 and EXAMINE 0.1777777, are accepted without complaint. The bank value is taken modulo 20, and the higher order bits of the offset value are merged into the bank number. Values out of range should be rejected with errors. CAUSE: Incomplete range verification. RESOLUTION: Modify "parse_addr" (hp3000_sys.c) to check the parsed bank and offset values against their respective maximums and return an "Invalid argument" error if either is exceeded. STATUS: Fixed in Release 4. 42. PROBLEM: The "-S" (SBANK-offset) switch displays values in status-register format. VERSION: Release 3. OBSERVATION: The HP 3000 User's Manual states that adding the "-S" switch to the EXAMINE command implies that the offset is from the bank number in the SBANK register. The example given, "EXAMINE -S ", should display the memory data value at the address . in octal format. Instead, it displays the value in status-register format. CAUSE: The "-S" switch is used for both SBANK and STA formats. Section 2.1.3 says that -S means that "The implied bank number is obtained from SBANK." Section 2.1.2 says that -S means that "A CPU status mnemonic" is being displayed. For EXAMINE -S, the latter interpretation causes the expected octal value to be displayed in status-register format. RESOLUTION: Modify "fprint_sym" (hp3000_sys.c) to use the "-T" switch to designate status-register format. Modify hp3000_sys.c, hp3000_cpu.c, and hp3000_defs.h to rename the "REG_S" format indicator to "REG_T" for consistency with the switch change. STATUS: Fixed in Release 4. 43. PROBLEM: SCAL 0 and PCAL 0 instructions fail when a stack overflow occurs. VERSION: Release 3. OBSERVATION: The SCAL 0 and PCAL 0 instructions transfer control via subroutine or procedure calls, respectively, through program labels residing on the top of the stack. If a stack overflow occurs during instruction execution, the stack overflow trap handler is called to enlarge the stack, and the instruction is reexecuted. However, the program label has been lost, so control transfers to a random location. CAUSE: The instructions obtain the label and then delete the TOS, flush the rest of the stack registers to memory, and then check that SM <= Z, i.e., that the current top of the stack in memory does not exceed the stack limit. If SM > Z, a stack overflow has occurred, and the trap handler is called. However, the label has not been restored to the stack, so when the instruction is reexecuted after the stack is enlarged, the wrong value is pulled from the TOS. RESOLUTION: Modify "cpu_io_cntl_prog_imm_mem_op" SCAL and PCAL executors (hp3000_cpu_base.c) to push the label back onto the stack before taking the stack overflow trap. STATUS: Fixed in Release 4. 44. PROBLEM: Host file system seek errors are not caught. VERSION: Release 4. OBSERVATION: The MAC/ICD disc library checks for host file system read or write errors and returns Uncorrectable Data Error status if an error is indicated. However, host file system seeks are simply assumed to succeed; no indication of an error is given if a call fails. A failed seek should be detected, and a Drive Fault (positioner error) should be returned. CAUSE: Oversight. RESOLUTION: Modify "position_sector" (hp_disclib.c) to test the "sim_fseek" call for error status and to simulate a Drive Fault (AGC error) if the call fails. STATUS: Fixed in Release 5. 45. PROBLEM: An interrupted EDIT instruction does not resume properly. VERSION: Release 4. OBSERVATION: The EDIT instruction is interruptible between operations. If an interrupt is detected, two words are pushed onto the stack before the interrupt handler is called. These words hold the current significance trigger, loop count, float character, and fill character. This allows the instruction to resume from the point of suspension. However, the significance trigger is not preserved properly; it is always clear after an interrupt. CAUSE: The significance trigger is preserved in the MSB of the upper byte of the word pushed onto the stack, but a 16-bit value with the MSB set is used to set the upper byte. As only the lower 8 bits of the value are used to set the byte, the MSB is lost. RESOLUTION: Modify "edit" (hp2100_cpu_cis.c) to use the full 16-bit value when storing the significance trigger. STATUS: Fixed in Release 5. 46. PROBLEM: Tracing a tape runaway error prints gibberish in the log file. VERSION: Release 4. OBSERVATION: Tracing tape controller commands or command initiations and completions reports the success or failure of calls to the simulator tape library, e.g., "write failed with no write ring." A call that fails with Tape Runaway status, such as a read across a long erase gap, should report that the operation "failed with tape runaway." Instead, it reports gibberish. CAUSE: The descriptive lookup table is missing an entry for the MTSE_LEOT status that precedes MTSE_RUNAWAY. Attempting to look up the description for MTSE_RUNAWAY indexes beyond the end of the table. RESOLUTION: Modify the "status_name" array (hp_tapelib.c) to include descriptions for all of the possible simulator tape library status returns. STATUS: Fixed in Release 5. 47. PROBLEM: Commanding a VFU channel that is not punched causes a simulator stop. VERSION: Release 4. OBSERVATION: A format command that specifies a slew to a VFU channel that is not punched causes a tape fault, and the printer goes offline. However, the simulator then incorrectly stops with a "System halt" message, rather than reflecting the "not ready" status back to MPE. CAUSE: The return value from the "lp_set_alarm" routine is being passed back as the status of the "lp_service" call. However, the return value is a Boolean and is TRUE if the printer successfully went offline. When interpreted as a service status return value, TRUE is seen as STOP_SYSHALT and causes a system halt simulator stop. RESOLUTION: Modify "lp_service" (hp3000_lp.c) to return SCPE_OK after the tape fault alarm is set, allowing the simulation to continue. STATUS: Fixed in Release 5. 48. PROBLEM: The 2613/17/18 printers do not ignore characters exceeding the line length. VERSION: Release 4. OBSERVATION: When characters are output in excess of the defined line length, the printer performs an automatic print-and-space operation and prints the excess characters on the following line. This operation is correct for the 2607 printer but not for the 2613/17/18 printers, which ignore output that exceeds the line length. CAUSE: Excess character handling should be, but is not, model-specific. RESOLUTION: Modify the "print_props" table (hp3000_lp.c) to add a field for automatic printing, and modify "lp_service" to check the field to decide if excess characters are printed or ignored. STATUS: Fixed in Release 5. 49. PROBLEM: Cancelling a deferred detach with ATTACH LP is rejected. VERSION: Release 5. OBSERVATION: The line printer "Unit Options" section of the HP 3000 Simulator User's Guide states that a DETACH LP command will be deferred if there are characters in the print buffer. It further states that entering ATTACH LP without specifying a filename will cancel the action. This does not work. Entering ATTACH LP prints "Too few arguments" and does not alter a pending detach. CAUSE: The SCP routine "attach_cmd" checks for the presence of a filename before calling the line printer simulator's "lp_attach" routine. If the filename is omitted, "lp_attach" is never called to cancel the pending detach. RESOLUTION: Modify "lp_set_on_offline" (hp3000_lp.c) to cancel a deferred detach, and modify the User's Guide to state that SET LP ONLINE is used to cancel both the deferred offline and deferred detach actions. STATUS: Fixed in Release 6. 50. PROBLEM: Changing printer models does not change the REALTIME delays. VERSION: Release 5. OBSERVATION: In REALTIME mode, the line printer simulator attempts to model the print buffer load and print-and-space operation delays inherent in the physical hardware. However, after setting a different model, the buffer load, print, and paper advance times have not been changed. CAUSE: The "lp_set_model" routine that is called in response to a "SET LP " command sets the realistic times to those of the current model rather than those of the new model. RESOLUTION: Modify "lp_set_model" (hp3000_lp.c) to use the new model value to index into the realistic times array. STATUS: Fixed in Release 6. 51. PROBLEM: Paper cannot be removed from a 2607 printer except at the TOF. VERSION: Release 5. OBSERVATION: Printing a few lines on a 2607 and then attempting to remove the paper with the DETACH LP command displays "Command not completed" on the simulation console. The file remains attached and therefore cannot be manipulated externally. CAUSE: The DETACH command simulates both running out of paper and removing the paper from the printer. For the former, the 2607 continues to print until the current form is complete (i.e., the top of what would be the next form is reached). For the latter, the paper may be physically removed by the operator while at any print position. The simulator incorrectly forbids the latter operation unless the paper is positioned at the TOF. RESOLUTION: Modify "lp_detach" (hp3000_lp.c) to add a "forced detach" option ("DETACH -F LP") to detach the printer regardless of print position. STATUS: Fixed in Release 6. 52. PROBLEM: Serial port output stalls are not handled properly. VERSION: Release 6. OBSERVATION: The ATCD device supports I/O via host serial ports as well as via Telnet connections. While output via Telnet works correctly, output via serial ports fails. Attempting to output to the ATCD results in a few characters written, and then the line hangs. Sometimes pressing ENTER at the system console (ATCD channel 0) causes a few more characters to appear on the serial terminal. Eventually, the line hangs permanently. CAUSE: The terminal multiplexer library (sim_tmxr.c, part of the SIMH framework) had provided a 256-byte output buffer for each line, independent of the connection type (Telnet or serial). The library was changed to reduce the serial buffer size to one byte. If the library output routine receives the second character before the first one has been written to the serial port, it returns SCPE_STALL status to indicate a buffer overflow. The ATCD simulation correctly responds to this status by rescheduling the output attempt. However, it fails to call the "tmxr_poll_tx" routine to write to the serial port, so the rescheduled attempt fails as well. RESOLUTION: Modify "line_service" (hp3000_atc.c) to call "tmxr_poll_tx" if a buffer overflow occurs. STATUS: Fixed in Release 7. 53. ENHANCEMENT: Use output buffering to improve ATC write performance. VERSION: Release 6. OBSERVATION: The terminal multiplexer library used by the ATC provides a 256-byte output buffer, but the ATC code currently calls "tmxr_poll_tx" to transmit the buffer after each character. This gives immediate response but imposes some overhead. A better scheme would be to call "tmxr_poll_tx" only when the buffer is full or an ENQ is sent (and an ACK is expected in reply). To handle the case of a write terminating before the buffer fills, e.g., when the MPE colon prompt is issued, "tmxr_poll_tx" should be called during the poll service as well. RESOLUTION: Modify "line_service" and "poll_service" (hp3000_atc.c) to call "tmxr_poll_tx" under the conditions listed above. This results in an output speed improvement of about 50%. STATUS: Fixed in Release 7. 54. ENHANCEMENT: Reschedule service if characters remain in the input buffer. VERSION: Release 6. OBSERVATION: The "poll_service" routine calls "tmxr_poll_rx" every ten milliseconds of wall-clock time to poll for input. A single call may read from one to 256 characters into the reception buffer. When characters are received, the "line_service" routine associated with the ATC channel is scheduled to receive the first character. However, after the service completes, the next character is not picked up from the buffer until the next poll service call. This limits the input rate to about 100 characters per second. It would be more efficient to reschedule the line service after the reception time delay while characters remain in the input buffer. RESOLUTION: Modify "line_service" (hp3000_atc.c) to reschedule itself if characters remain in the input buffer. This results in an improvement in block input transfers, such as a Reflection upload, of about 1400%. STATUS: Fixed in Release 7. 55. ENHANCEMENT: Poll for an ACK at an increased rate after sending an ENQ. VERSION: Release 6. OBSERVATION: MPE defaults to ENQ/ACK handshaking on ATC terminals. When the REMOTEACK mode is selected, the ATC transmits an ENQ to the terminal and waits for an ACK to be returned. Regardless of how quickly the terminal returns the ACK, it won't be seen until the next scheduled "tmxr_poll_rx" call, which is performed every ten milliseconds of wall-clock time. Typically, this will be several orders of magnitude greater than the Telnet character reception time and is about 2.5 times slower than the serial time. Given that a terminal response is expected, increasing the poll rate while waiting for the ACK will improve response time while not unduly increasing the system overhead. RESOLUTION: Modify "line_service" (hp3000_atc.c) to call "tmxr_poll_rx" and check for ACK reception after one character reception time, thereafter doubling the time until reception succeeds or the time exceeds the normal poll time. This results in an output speed improvement in REMOTEACK mode of about 400%. STATUS: Fixed in Release 7. 56. PROBLEM: Simulation stops are reported improperly in CPU traces. VERSION: Release 7. OBSERVATION: A simulation stop that occurs while CPU tracing is enabled reports the cause of the stop in the trace log. However, stop reasons specific to the HP simulator are not reported properly. For example, tracing a halt instruction reports "simulation stop: Error 5" instead of "simulation stop: Programmed halt". CAUSE: The "sim_error_text" routine called to obtain the error translation does not return simulator-specific messages. Instead, the routine returns the generic message, "Error ", where is the value of the simulator- specific stop code. RESOLUTION: Modify the simulation stop trace at the end of the instruction postlude in "sim_instr" (hp3000_cpu.c) to call "sim_error_text" for SCP errors and to obtain HP-specific messages from the "sim_stop_messages" array. STATUS: Fixed in Release 8. 57. PROBLEM: "Non-configured device" error when mounting a magnetic tape. VERSION: Release 7. OBSERVATION: Occasionally, resuming simulation after mounting a magnetic tape produces this message on the system console: 18:05/3/Interrupt received for non-configured device on DRT 6. Check I/O configuration. ...instead of the expected: 17:59/10/Vol (unlabelled) mounted on LDEV# 7 However, the I/O map produced as part of a system reload shows that all four magnetic tape units are configured properly. Tracing CPU execution after resumption shows that the error occurs when the mag tape controller interrupt (a result of the offline-to-online transition when the tape is mounted) is immediately followed by a system clock interrupt. The wrong return address is stacked by the second interrupt, so the first instruction of the mag tape interrupt service routine (a TIO instruction for DRT 6) is skipped when the clock interrupt routine exits. As a result, the stack alignment is wrong, so the test for a configured device fails, resulting in the error message observed. CAUSE: MPE executes a PAUS instruction to wait for an interrupt while idle. The mag tape interrupt stacks a return address that points to the instruction after the PAUS, which is correct. But before the mag tape interrupt handler can execute its first instruction, the higher-priority clock interrupt occurs. This should stack a return address that points to the first instruction of the mag tape interrupt handler, which has not yet been executed. But instead, the return address points to the second instruction. Consequently, the first instruction will be skipped when the clock handler completes. The problem occurs because the "cpu_run_mode_interrupt" routine in "hp3000_cpu.c" must adjust the program counter (P register) when resuming from a simulation stop that occurred while a PAUS instruction was executing. Because of the Series III's two-stage instruction pipeline, the P register normally points two instructions past the instruction currently executing. When an interrupt occurs, P is decremented to point at the instruction after the current instruction, which is the correct point of return after the interrupt service routine completes. When the simulator is stopped, P is backed up to point at the next instruction to execute. In the case of a PAUS instruction, the "next instruction" is the same PAUS instruction. When simulation resumes, the PAUS instruction is fetched into the NIR (Next Instruction Register), and P is incremented. If no interrupt is pending, the main instruction execution loop copies the NIR into the CIR (Current Instruction Register), prefetches the instruction following the PAUS into the NIR, and increments P again, so that it points two instructions beyond the current instruction. At this point, everything is set up properly as before the simulation stop. However, in the error case, the tape controller has requested an interrupt that is pending when simulation is resumed. Interrupts are checked before each instruction executes, so when the interrupt is acknowledged, P is still pointing to the next instruction instead of two instructions ahead. For things to work as expected, P needs to be advanced one more instruction before the interrupt is serviced. So, in the special case of a PAUS instruction present in the CIR after resuming a simulator stop with an interrupt pending, the "cpu_run_mode_interrupt" routine increments P again before stacking the return address. That code does just what it is supposed to...except in the case of a higher priority device that immediately interrupts a lower priority device while a PAUS instruction is in the CIR. In this case, the second interrupt causes a second entry into the "cpu_run_mode_interrupt" routine, and because it still sees the PAUS instruction in the CIR, P is incremented again. This is wrong, because the instruction now being interrupted is not the PAUS but is the first instruction of the lower-priority interrupt routine, which never had a chance to execute. The result is that when the lower-priority routine is resumed, the first instruction of that routine is skipped because P was incremented a second time. The problem does not occur if the higher-priority interrupt is delayed by one instruction, or if the higher-priority interrupt occurs before the lower-priority interrupt, or if the CPU is executing something other than a PAUS instruction when it was stopped. RESOLUTION: Modify "cpu_run_mode_interrupt" (hp3000_cpu.c) to test a flag that is set in "halt_mode_interrupt" when resuming into a PAUS instruction. If the flag is set, increment P and clear it, so that a second entry will not increment P twice. STATUS: Fixed in Release 8. 58. ENHANCEMENT: Resume IOP polling if the first interface returns INTPOLLOUT. VERSION: Release 7. OBSERVATION: An IOP poll is performed to check for interrupting devices. When polled, a device requesting an interrupt will respond either with INTACK to acknowledge the interrupt request or with INTPOLLOUT to cancel the request. In the latter case, the poll should continue if there are additional (lower-priority) devices that have requested interrupts, as it would in hardware. Currently, however, the "iop_poll" routine abandons the poll at that point, deferring recognition of a pending interrupt for an additional instruction. RESOLUTION: Modify "iop_poll" (hp3000_iop.c) to poll until a device responds with INTACK or there are no pending interrupt requests. STATUS: Fixed in Release 8. 59. ENHANCEMENT: Create full-size disc images if the -N option is specified. VERSION: Release 7. OBSERVATION: Currently, attaching a new file creates an image of zero size. Only when the image is written is the size extended. Therefore, until the last sector of an image is written, the file size will not match the expected size of the corresponding disc. HPDrive will warn if an image does not correspond to the hardware size. A workaround for MAC/ICD discs is to initialize the last subchannel of a drive. However, this still fails if not all of the drive's tracks are mapped. Also, it may not work for CS/80 drives unless (a) the Initialize command is invoked, and (b) the command implementation writes to every disc block. RESOLUTION: Modify "ds_attach" (hp3000_ds.c) to call "sim_fseek" to seek to the last defined byte in the file and then "fwrite" to write a zero byte if the -N option is specified to the ATTACH command. The C standard guarantees that the bytes between the initial position (byte 0) and the new position are be zeroed. STATUS: Fixed in Release 8. 60. PROBLEM: DETACH -F LP will not detach if the print buffer is not empty. VERSION: Release 7. OBSERVATION: The 2607/13/17/18 line printers do not allow the operator to take the printer offline if unprinted characters remain in the print buffer. Instead, the request is deferred until printing completes. The LP simulator follows this hardware behavior when processing a DETACH LP command, which simulates running out of paper. If printing is still pending or, for the 2607 only, the paper position is not at the top-of-form, the message "Command not completed" is printed, and the detach is deferred until a print command empties the print buffer and paper movement ceases. A "force" option is provided to detach the printer paper image file immediately, regardless of the printer condition. DETACH -F LP works if the paper position is not at the TOF. However, it does not work if the print buffer contains unprinted characters; "Command not completed" is displayed instead. Entering RESET LP followed by DETACH LP works, but the partial print buffer is discarded rather than flushed to the output file. CAUSE: The "lp_detach" routine sets TOF status if the -F switch is specified, but it does not alter the buffer state. RESOLUTION: Modify "lp_detach" (hp3000_lp.c) to write a partial line to the output file before detaching when the -F option is specified. STATUS: Fixed in Release 8. 61. PROBLEM: Trace output to stdout on Unix results in stair-step output. VERSION: Release 8. OBSERVATION: Directing the trace output to "stdout" on a Unix system results in lines stair-stepping across the screen. For example: sim> set console debug=stdout sim> set cpu debug=instr sim> step 2 ...produces this output: >>CPU instr: 00.000000 000000 NOP,NOP >>CPU instr: 00.000001 000000 NOP,NOP CAUSE: Trace statements are output with LF ('\n') line ends and depend on host-system translation to the proper line-end convention when the lines are written to the trace log. However, while the simulator is executing instructions, the console is placed in "raw" mode so that output translation, which would interfere with the output from the target operating system, is not done. As there are no carriage returns in the trace output stream when writing to stdout, the console cursor simply drops in place to the next line, so that each line begins at the same column where the previous line ended. RESOLUTION: Modify "hp_trace" (hp3000_sys.c) to convert a terminating LF to a CR LF sequence if output is to stdout. Also modify "sim_instr" (hp3000_cpu.c) and "edit" (hp3000_cpu_cis.c) to add CR characters to the stdout stream where line termination is done explicitly. STATUS: Fixed in Release 9. 62. PROBLEM: CPU EXEC traces can include unrelated process clock events. VERSION: Release 8. OBSERVATION: When the SET CPU DEBUG=EXEC command is used to trace specific CPU instruction executions, process clock event traces may be embedded. For example, tracing the ABSD instruction is seen to produce: >>CPU exec: ***************** >>CPU reg: 00.045172 000002 A 000005, B 000316, X 000001, M i t r o C CCG >>CPU fetch: 00.042440 000047 instruction fetch >>CPU instr: 00.042437 020477 ABSD 1 >>CPU data: 00.045172 020040 stack read >>CPU data: 00.045171 020040 stack read >>CPU fetch: 00.042441 140003 instruction fetch >>CPU opnd: 00.045113 000316 source 5,"12345D" >>CPU data: 00.045114 056400 data read >>CPU data: 00.045114 057400 data write >>CPU opnd: 00.045113 000316 target 5,"12345F" >>CPU pserv: Process clock delay 3890 service entered on the user stack >>CPU pserv: Simulation rate 1x >>CPU reg: 00.045170 000002 A 020040, B 020040, X 000001, M i t r o C CCL >>CPU exec: ***************** The PSERV trace is unrelated to instruction execution. CAUSE: EXEC tracing works by enabling all trace options when the target instruction is present in the CIR. However, it should enable just the trace options relevant to execution. RESOLUTION: Modify the definition of DEB_ALL (hp3000_cpu.h) to exclude the DEB_PSERV trace option. STATUS: Fixed in Release 9. 63. PROBLEM: A bounds violation can occur with valid CVND operands. VERSION: Release 8. OBSERVATION: The following valid SPL program: BEGIN BYTE ARRAY X (0:5) := "-31416"; PROCEDURE CVND (DISPLAY); BYTE ARRAY DISPLAY; BEGIN BYTE ARRAY ASCII (0:5); TOS := @ASCII; TOS := DISPLAY; TOS := 6; ASSEMBLE (CON %020477; << CVND LS,1 >> CON %000021); END; CVND (X); END. ...produces this error: PROGRAM ERROR #24 :BOUNDS VIOLATION CAUSE: Tracing the instruction execution shows: >>CPU reg: 01.042453 000003 A 000006, B 000002, C 000042, X 000000, m I T r o c CCG >>CPU reg: 01.000000 000301 PB 177630, PL 177653, DL 042274, DB 042430, Q 042447, Z 044714 >>CPU fetch: 04.177644 000021 instruction fetch >>CPU instr: 04.177643 020477 CVND LS,1 >>CPU data: 01.042453 042430 stack read >>CPU fetch: 04.177645 031401 instruction fetch >>CPU reg: 01.042452 000004 A 000006, B 000002, C 000042, D 042430, X 000000, m I T r o c CCG >>CPU instr: 04.177645 000000 bounds violation trap The HP 3000 microcode preloads four top-of-stack registers before calling any of the firmware extension instruction routines. However, only three TOS values are pushed for the CVND instruction, so the fourth register actually contains a word from whatever was on the stack before the instruction was executed. If the source or target buffer resides on the stack immediately below the three CVND parameters, preloading the fourth TOS register sets SM to point below the last word of the buffer, and a bounds violation results. In the above trace, the stack preload shows the fourth TOS register is read from location 042453. This increments SR and decrements SM to point at 042452, as shown in the REG trace two lines later. The C register contains the relative byte address of the target array -- in this case, 42 (octal) relative to the DB register contents. The starting word address is therefore 42 / 2 + 042430 = 042451. The buffer is 6 bytes or 3 words long, so the ending address is 042453. But because the preload pulled in a fourth stack word (that was never pushed), the end of the buffer is under SM, and a bounds violation occurs. RESOLUTION: Modify the CVND executor in "cpu_cis_op" (hp3000_cpu_cis.c) to queue down (i.e., transfer from a register back to memory) the fourth TOS register value before checking the buffer legality. STATUS: Fixed in Release 9. 64. ENHANCEMENT: Add the LINEORDER option to the ATCD device. VERSION: Release 8. OBSERVATION: MPE allows per-line specification of the terminal type and other parameters, such that the multiplexer lines are not necesssarily interchangeable. The user therefore may want to connect to lines in a specific order or restrict connections to a subset of the available lines. RESOLUTION: Add "SET ATCD LINEORDER=" and "SHOW ATCD LINEORDER" commands to the ATC simulator while preventing connections to channel 0, which is reserved for the system console. STATUS: Fixed in Release 9. 65. PROBLEM: Patch delta values are not simulator-specific. VERSION: Release 9. OBSERVATION: Setting the SIM_DELTA value is a useful way of indicating the change level of a development simulator. Version banners such as "Release 10 delta 1" and "Release 10 delta 2" serve to identify the specific simulator in use and the level of divergence between a released version and a development version. As such, the delta should be reset to 0 after a release, e.g., it should go from "Release 10 delta 23" to "Release 11 delta 0" before any new changes are made. However, the delta is a global value, so a problem arises if one of the HP simulators has a new release while another does not. The latter will see an apparent regression from (e.g.) "Release 10 delta 2" to "Release 10 delta 0". Moreover, changing the global delta forces a recompilation of every module in every simulator, as every module indirectly includes "sim_rev.h". It would be nicer to recompile only the module containing the specific delta value that changed. We already use "hp_release" to indicate release candidates by appending "Candidate" and the number to the current release number (producing, e.g., "Release 30 Candidate 1"). Using "Release 30 delta 1" is no more difficult. With this scheme, the "SIM_DELTA" value reflects the SCP delta, while the new release string delta reflects the simulator delta. "Delta" is changed to "Candidate" for release candidates and is removed for releases (with appropriate value adjustments). CAUSE: There is no simulator-specific delta value. This was reasonable when all simulators changed together at a given SCP release but is inappropriate with separate simulator releases. RESOLUTION: Modify the "hp_release" string (hp3000_sys.c) to include the delta indication, and modify the various command scripts to obtain the simulator delta from that string rather than the SIM_DELTA global. STATUS: Fixed in Release 10. 66. PROBLEM: DS and MS have undocumented "u3", "u4", and "u5" registers. VERSION: Release 9. OBSERVATION: The "HP 3000 Simulator User's Guide" describes DS device registers named CYL, STATUS and OPCODE, but doing "EXAMINE DS STATE" lists no registers with those names. Instead, there are undocumented registers named "u3", "u4", and "u5". Similarly, the MS device is documented as having a register named STATUS, but instead there is one named "u4". CAUSE: CYL, STATUS, OPCODE, and STATUS are macro aliases for "u3", etc. The register definitions use the same names and so are substituted during compilation. RESOLUTION: Modify the disc and tape libraries (hp_disclib.c/h, hp_tapelib.c/h) to change the internal aliases from upper case to title case (e.g., from STATUS to Status). STATUS: Fixed in Release 10. 67. ENHANCEMENT: Add a SET ATCD CONNECT command to wait for a connection. VERSION: Release 9. OBSERVATION: Terminal multiplexer connections are made when the multiplexer polls the listening port while the simulator is executing. Typically, this is done at a calibrated rate of 100 Hz. The listening port is set up with a queue depth of one connection, so if multiple terminal emulators are to be started before an operating system is booted, each connection must be made by running the simulator in a loop for a time long enough to cause a poll to occur. This is awkward, as the CPU memory must be loaded with an execution loop, while the poll calibration interval is not known to the command file. What is needed is a command that waits until a connection is made before returning. RESOLUTION: Add a new "tmxr_connect" routine (sim_extension.c) that can be called as a validation routine. The routine will wait until a line connection is made before returning, or it may be aborted by entering CTRL+E. Add a new "CONNECT" device command to "atcd_mod" (hp3000_atc.c) that calls "tmxr_connect". STATUS: Fixed in Release 10. 68. PROBLEM: Burst reads of more than one burst terminate after the first. VERSION: Release 12. OBSERVATION: Burst transfers are a method of breaking up long read or write transactions on slow devices into smaller pieces ("bursts") that free the HP-IB between bursts. This allows other devices on the bus to request service or execute their own channel programs. A channel program executing a Read instruction that specifies a burst read is expected to return to one of three locations, depending on how the burst terminates: Location Reason for Read Termination -------- ----------------------------------------- * + 0 End of transaction on EOI receipt * + 2 End of burst transfer but not transaction * + TD End of transaction on Byte Count ...where "*" indicates the address of the next channel instruction, and "TD" indicates the termination displacement field within the Read instruction. If a Read specifies a 256-byte transaction with 64-byte bursts, and assuming that the device does not assert EOI prematurely, the instruction returns to * + 2 three times to allow the program to pause until the device indicates that it has more data ready before looping back for another burst. The fourth time, the transaction completes, and the instruction returns to * + TD. However, as implemented, the Read instruction returns to * + TD after the first burst. The error does not occur with record reads, which are used exclusively with Starfish devices. CAUSE: The remaining byte count is not being checked at the end of a burst read. Record reads always return to * + 0 if a premature EOI was seen or to * + TD when the full record is complete. RESOLUTION: Modify "execute_program" (hp3000_cpp.c) to use the remaining byte count to determine the return location. STATUS: Fixed in Release 13. 69. PROBLEM: Write Relative Immediate writes to the wrong memory location. VERSION: Release 12. OBSERVATION: The Write Relative Immediate channel program instruction is intended to support self-modifying channel programs. For instance, the ADCC diagnostic uses the instruction to write an initial zero value to the location where the Device Specified Jump instruction writes its obtained value. This ensures that the diagnostic can verify that the DSJ value was returned from the ADCC under test. However, this does not work, and the diagnostic reports a DSJ failure, even though the value is being returned correctly. A trace of the channel program shows that the instruction is writing to the wrong location: >>CPP cmd: Executing channel 2 Write Relative Immediate 076036 value 000000 >>CPP data: 00.105436 000000 bank 0 write CAUSE: The signed relative displacement of the target is contained in the lower byte of the first word of the instruction. The instruction executor attempts to sign-extend the byte to a 16-bit value before adding it to the current instruction address, but it fails to mask off the instruction opcode in the upper byte first, resulting in the wrong displacement. RESOLUTION: Modify "execute_program" (hp3000_cpp.c) to mask the displacement to the lower eight bits before sign extension. STATUS: Fixed in Release 13. 70. PROBLEM: Cannot suppress address increment for burst reads and writes. VERSION: Release 12. OBSERVATION: When operating in burst mode with single-byte transfers, the Read and Write instructions are not honoring the "No memory address increment" bit. Normally, after the right-hand byte is read or written, the transfer address, which is kept in the fifth word of the instruction, is updated to point at the next memory word. If the above bit is set, the address should not change, but it does. CAUSE: The instruction executors check the "Do not update instruction words after execution" bit before deciding whether to modify the byte count in the second instruction word. But then they are not checking "no increment" bit in the instruction before deciding whether to increment the address and write it back to the fifth instruction word. RESOLUTION: Modify "execute_program" (hp3000_cpp.c) to check the "no increment" bit before incrementing the transfer address. STATUS: Fixed in Release 13. 71. PROBLEM: EXAMINE -O CIR should override and print in octal, but it doesn't. VERSION: Release 12. OBSERVATION: In Section 3.1.5, "Registers," the HP 3000 Simulator User's Guide says, "The CIR and NIR registers default to CPU instruction mnemonic format, and the STA register defaults to CPU status mnemonic format for display and entry but may be overridden with a numeric-format switch, if desired." However, attempting to use a numeric override fails: sim> EXAMINE CIR CIR: HALT 10 sim> EXAMINE -O CIR CIR: HALT 10 sim> CAUSE: The "fprint_sym" routine is checking for symbolic overrides, so, e.g., "EXAMINE -C CIR" produces "CIR: '0',\370" but is ignoring numeric overrides. The default register format should be used only if the user does not specify any override switch. RESOLUTION: Modify "fprint_sym" (hp3000_sys.c) to use register defaults only if no override switches are specified. STATUS: Fixed in Release 13. 72. PROBLEM: Executing undefined instructions produce unimplemented traps. VERSION: Release 12. OBSERVATION: In Section 3.1.3, "Simulation Stops," the HP 3000 Simulator User's Guide says: When the simulator examines the bit patterns of instructions to execute, each will fall into one of four categories: 1. Defined (canonical) instruction encodings, where all bits are defined or all reserved bits are zero (e.g., LOAD). 2. Undefined (non-canonical) instruction encodings, where reserved fields are �don't care� bits (e.g., MOVE). 3. Undefined (non-canonical) instruction encodings, where reserved fields are decoded (e.g., IXIT). 4. Unimplemented instruction encodings (e.g., stack opcode 072, or EADD without the EIS firmware option installed). Instructions in categories 1 and 2 are always executed. The UNDEF option stops the simulator for instructions in category 3. The intent is to catch instructions containing reserved fields with values that change the meaning of those instructions. The UNIMPL option stops the simulator for instructions in category 4. However, SET CPU STOP=UNDEF has no effect. Executing the SED 1 instruction using the non-canonical encoding 030043 instead of 030041 produces an unimplemented instruction trap. For example: sim> SET CPU STOP=UNDEF;UNIMPL sim> DEPOSIT PB 0 sim> DEPOSIT PL 1000 sim> DEPOSIT STA 100000 sim> DEPOSIT 100 030043 sim> EXAMINE -M 100 000.000100: sed 1 sim> STEP 100 Unimplemented instruction, P: 000100 (sed 1) sim> The SED instruction is printed in lower case, indicating that the encoding is non-canonical but that it will execute as SED. However, executing it results in an unimplemented instruction trap instead. CAUSE: The tests for undefined instructions are made correctly, as are the tests for the UNDEF stop setting. However, the tests are returning STOP_UNIMPL status instead of the correct STOP_UNDEF status. RESOLUTION: Modify the tests in hp3000_cpu_base.c to return STOP_UNDEF status for an undefined instruction execution when the UNDEF stop is set. STATUS: Fixed in Release 13. 73. PROBLEM: EXAMINE CIR and EXAMINE STATE display CIR differently. VERSION: Release 13. OBSERVATION: When displaying registers without specifying any numeric override switches such as -D or -O on the command line, certain registers will display by default in a symbolic format (e.g., as a character or an instruction mnemonic). For example, EXAMINE CIR with no override switches displays the content of the Current Instruction Register register in mnemonic form, e.g.: sim> EXAMINE CIR CIR: HALT 10 However, EXAMINE STATE with no override switches displays the register in octal: sim> EXAMINE STATE CIR: 030370 NIR: 000000 [...] Unless overridden, the CIR register should display its content in mnemonic form in both cases. CAUSE: The test for display override switches is not excluding the SIM_SW_HIDE value that is added automatically by SCP when displaying the full device state. Consequently, default symbolic display modes are being suppressed erroneously. RESOLUTION: Modify "fprint_sym" (hp3000_sys.c) to use register defaults if no override switches from -A to -Z are specified. STATUS: Fixed in Release 14. 74. PROBLEM: Intersegment COBOL-II calls abort with an STT Uncallable trap. VERSION: Release 13. OBSERVATION: Given this program in source file COBBUG: $CONTROL USLINIT IDENTIFICATION DIVISION. PROGRAM-ID. COBOL-BUG. ENVIRONMENT DIVISION. DATA DIVISION. PROCEDURE DIVISION. MAIN-PROGRAM SECTION 01. 000-START-PROGRAM. DISPLAY "Hello world!" PERFORM 001-PARA THRU 001-EXIT. DISPLAY "Back in START-PROGRAM." STOP RUN. SUB-PROGRAM SECTION 02. 001-PARA. DISPLAY "Hello from Paragraph 1!" DISPLAY "Leaving Paragraph 1.". 001-EXIT. EXIT. ...compiling, preparing, and running with these commands produces: :COBOLIIGO COBBUG PAGE 0001 HP32233A.02.05 [74] Copyright Hewlett-Packard CO. 1989 [...] 0 ERROR(s), 0 QUESTIONABLE, 0 WARNING(s) DATA AREA IS %000220 WORDS. CPU TIME = 0:00:00. WALL TIME = 0:00:00. END OF COMPILE END OF PREPARE ABORT :$OLDPASS.OPERATOR.SYS.?.?:SYSL.%123.%177777 PROGRAM ERROR #17 :STT UNCALLABLE PROGRAM TERMINATED IN AN ERROR STATE. (CIERR 976) : Compiling, preparing, and running with the original COBOL compiler produces: :COBOLGO COBBUG PAGE 0001 HP32213C.02.05 (C) HEWLETT-PACKARD CO. 1980 DATA AREA IS %000303 WORDS. CPU TIME = 0:00:00. WALL TIME = 0:00:00. END COBOL/3000 COMPILATION. NO ERRORS. NO WARNINGS. END OF COMPILE END OF PREPARE Hello world! Hello from Paragraph 1! Leaving Paragraph 1. Back in START-PROGRAM. END OF PROGRAM : CAUSE: The COBOL-II compiler generates an XBR instruction to call from 000-START-PROGRAM to 001-PARA, and it generates its Segment Transfer Tables with the Uncallable bit set in the STT headers. The XBR instruction constructs an external label that references STT 0 of segment 2. Because the program is running in user mode, and STT 0 (the header) has its Uncallable bit set, the instruction traps with an STT Uncallable error. Setting the Uncallable bit in the STT header is intended to prevent an unprivileged PCAL 0 from specifying an external label for STT 0. However, XBR (and PARC and ENDP) should not be checking the Uncallable bit in the header. RESOLUTION: Modify "cpu_call_procedure" (hp3000_cpu.c) to skip the Uncallable check for the XBR, PARC, and ENDP instructions. STATUS: Fixed in Release 14. 75. PROBLEM: Dataset terminals are dead after a DUMP-initiated WARMSTART. VERSION: Release 13. OBSERVATION: If a terminal session is currently connected to an ADCC port configured as subtype 1 (modem connection), and a DUMP command is entered (e.g., after a system crash) with the simulator configured as a Series 58, the port will be unresponsive after the DUMP-initiated WARMSTART completes. If the port is configured as subtype 0 (direct connection), or if the session is logged off and disconnected before the DUMP is done, then the port will operate normally after the WARMSTART. CAUSE: DUMP issues an IOCL (I/O Clear) IMB command when it starts. In hardware, IOCL clears the modem control register on the ADCC, which drops DTR to the datasets, which respond by disconnecting. However, while the register is cleared in simulation, the DTR drop is not done. That causes the MPE driver and the ADCC simulation to get out of synchronization with each other, leaving the port unresponsive. RESOLUTION: Modify "adcc_reset" (hp3000_adcc.c) to disconnect all modem-connected ports when the modem control register is cleared. STATUS: Fixed in Release 14. 76. PROBLEM: The Series 58 SET CPU DUMP command is rejected erroneously. VERSION: Release 14. OBSERVATION: With the CPU configured as a Series 58, setting the control panel DUMP thumbwheel switch to a different value is rejected: sim> SET CPU S58 sim> SET CPU DUMP=11;1 Command not allowed sim> Setting the START and LOAD thumbwheel switches are accepted and processed normally. CAUSE: Internally, device options are specified in a modifier table, which is searched linearly by the command parser in the SCP front end. The parser matches command names using the (sub)string entered by the user; this allows the user to abbreviate commands to just their unique starting letters. In this case, the Series 58 DUMP command appears after the Series III DUMPDEV and DUMPCTL commands in the table. Consequently, the entered DUMP string is seen as an abbreviation of DUMPDEV rather than as the thumbwheel configuration command. As the CPU is configured as a Series 58 instead of a Series III, the (DUMPDEV) command is rejected. RESOLUTION: Modify the "cpu_mod" table (hp3000_cpu.c) to move the "DUMPDEV" and "DUMPCTL" command entries after the "DUMP" command. STATUS: Fixed in Release 14 Update 1. �� xxx. PROBLEM: VERSION: Release . OBSERVATION: CAUSE: RESOLUTION: STATUS: Fixed in Release . xxx. ENHANCEMENT: VERSION: Release . OBSERVATION: RESOLUTION: STATUS: Fixed in Release .