Work Completed on the HP 3000 Simulator ======================================= General ------- + fprint_addr should size bank print to the number of bits in cpu_bank_mask, i.e., BIT_NUMBER (cpu_bank_mask + 1). + Update hp3000_diag.txt + Verify conflict messages for conformity: - [CPU] Device number 6 conflict (CLK and MS) - [CPU] Channel number 1 conflict (IMBA and ADCC) - [GIC] Bus address 0 conflict (DC and MA) - [DC] DC bus device 2 has multiple assignments for unit 0 x Product Numbers from the price guides: - HP 30018A ADCC Main - HP 30019A ADCC Extender - HP 30079A GIC (but 31264A is used in the HP Journal article on the 300) - HP 7970E Option 436 adds HP-IB master controller + Needs a new DATE_AA to rescale dates to 2000-2027 for MPE. Day assignments operate on a 28-year cycle, so 2028 -> 2000, etc. + BUG: fprint_sym comment 2 says EX -O CIR will override and print in octal, but it doesn't. + "fmt_char" takes a uint32 character value, but calls almost always need a cast from a byte value. ATC and ADCC might be only places where LOWER_BYTE conversions would be needed. + Cold load timeout occurs on MPE V boot if set to 1 second. 30 seconds works, the value specified by the microcode is 48 seconds! + DUS boot does RSW and INIT, implying that the switch register contains the cold load DEVNO (channel and device). + MPE V boot does LDI 377 and SBM (Set bank mask) for all PCN = 3 CPUs. + Add a generic calibrated keyboard timer, as in the HP2100, and coschedule the CPU process clock, system clock, and ATC poll (and eventually ADCC poll). Eliminate the exchange of the simulation console poll between the CPU and the ATC. + Add BIT, etc. macros for DEV_BIT, UNIT_BIT, MTUNIT_BIT. Otherwise must remember to add DEV_V_UF, UNIT_V_UF, etc. to parameters. + Add HPIB_BIT_NUMBER macro to get MSB of HPIB poll responses. Or maybe MSB_NUMBER and LSB_NUMBER intrinsic functions, with others derived from these? + Update "parse_sym" and "fprint_sym" to handle byte calls (from 2100). + Update "fprint_value" to handle full 8-bit characters. + "hp_trace" should detect output to stdout and change LF to CR LF in the format string. Console is in raw mode, and on Unix that means that LF is output as LF, so lines march across the page. On Windows, LF through a stream write is converted to CR LF, so it's not needed but is visually OK. Must not do unilateral change, as output to a file would produce CR CR LF on Windows, CR LF on Unix -- both are wrong. + Remove SCP 4.x accommodations (CONST, tmxr_set_get_, etc). + Eliminate dual-version software kit command files. + The opSCS3 operand printer in "fprint_instruction" sets the operand radix to the specified radix or the CPU data radix. But it is printing an S-decrement code that is either 0 or 1, so the radix is immaterial (and the default address radix is suitable). + EXAMINE -S is documented to use SBANK but instead displays in STA format! Must change STA format to use -T. + The software kit must include the COBOL-II library segments in the system SL. Also, the SET CPU CIS command must be included to enable the LEI firmware. + parse_addr does not range-check bank.offset values, so EXAMINE 20.177777 is accepted and reported as 00.177777, and EXAMINE 0.1777777 is accepted and reported as 07.177777. These should be reporting SCPE_ARG. + hp_device_conflict should set flag_size for only those flags enabled, not for all flags in every device. + Add symbolic display of EDIT subprograms using the -E switch. Adding the -R switch starts the display from the right-hand byte. Also, when a subprogram instruction ends in the left-hand byte of a word, the display routine sets -R, so that the next call will start decoding with the right-hand byte. + DUMP does not report Cold dump complete, CIR: 000020 when finished. Looks like cmdp->message must point at run_cmd_message to get it. Best if we copy from RUN entry to protect against future changes and for easy 3.x/4.x interoperability. Note: LOAD and POWER have the same problem. + Can't RESTORE if dib.interface addresses change, e.g., due to code size changes. DIBs are stored as SRDATA, but only the fields OTHER than "interface" should be stored (and therefore restored). Otherwise, the interface pointer is corrupted, and a sim explosion results. Maybe a new DIB_REGS macro to store each field except "interface" in a separate REG. + Change fmt_bitset() to allow multiple calls per print. Could still use a local buffer but would append, rather than replace, adding a NUL between formatted strings and returning pointers to the separate parts. This would make it less restrictive and eliminate the need for the strcpy() calls in the few places where a trace line prints two or more bitsets per line. + EXAMINE -I displays the wrong word count for 4K READ or WRITE order. + Some single-unit devices have a UNIT structure, and others have an array of one UNIT. The latter is preferable; homogenize. + In section 4.2 UNIT Structure, dev manual says, "buf, wait, u3, u4, u5, u6, and parts of flags are all saved and restored by the SAVE and RESTORE commands...", but buf and wait are NOT saved. Devices that set the wait field are ATCD, CLK, CPU, and LP. However, the ATCD and CPU poll service routines reset their wait fields, so only CLK and LP depend on the wait fields to persist. The disc and tape libraries explicitly save the wait times in REGs, so the DS and MS devices are not affected, and the SCMB and SEL devices statically initialize their wait times. + There are a number of "cannot convert 'bool' to 'FLIP_FLOP' in assignment" warnings when compiled as C++ (which fails for other reasons). SET_IF should fix these. + IOCLEARSIG is missing a result cast. + Various control/status macros convert to a defined type (HP_WORD, CNTLR_OPCODE, etc.) without casts. + %d formats a SIGNED decimal integer; use %u for unisgned decimal integers. + TOGGLE produces "error: invalid conversion from 'int' to 'FLIP_FLOP'" in C++ because of a missing cast of the result. + Is it proper to have REG words be HP_WORD? Register display width always wants to be 16 bits, and flags must be REG_FIT for HP_WORD = uint16 but must NOT be REG_FIT for HP_WORD = uint32! Problem is register access takes variable size from display width with REG_FIT, but these are really independent of each other. HP_WORD must be uint32 to work with REGs. + SET INTMASK sets the mask from the wrong end, i.e., INTMASK=15 sets the MSB instead of the LSB. Fixed in sys.c. + SET INTMASK=E should enable the mask FF regardless of the inbound_value, but it sets the mask value to 177777 and ANDs this with inbound_value, which may be 000000! Fixes needed to "atc", "ds", and "ms". + 16-bit parameters should be HP_WORD (e.g., dev_interface). + Main memory (uint16), disc library buffer (uint16) and tape library buffer (uint8) should have defined types to replace explicit uses. + The VM command table should be initialized by calling "find_cmd" to fill in the entries from the system command table during one-time initiation. This ensures that we get the current help strings for our replacement commands. + Usage of R_MASK vs. LA_MASK vs. DV_MASK vs. D16_MASK. + device_number, sr_number, etc. should be uint32 w/D32_UMAX as the "unused" value instead of signed ints + Add "desc" and "fields" fields to the sim_reg structure for 4.0 compatibility. Eliminate the "#if (SIM_MAJOR >= 4)" test currently required for register extension definitions. + Add REG_A to selected device registers to permit symbolic display. + Code and comment cleanups are needed (e.g., CCA, move words/bytes subroutine, etc.) for all devices. + Regularize module organization. Note that calls that precede a function's definition cannot be inlined, so check the order of static functions. (Actually, gcc seems to inline even when definition is at the end of the file.) + SAVE and RESTORE via device REGs do not have full coverage. + Needs new REG macros: - YRDATA(nm,loc,wd) for binary data - SRDATA(nm,loc) for structures (stored as a byte array, HRO) - FBDATA(nm,loc,pos,dep) for arrayed flags Without, differences in REG layout 3.x-to-4.x will require duplicate entries! + Make RUN a synonym for GO (i.e., does not do a reset). RUN is useless if it resets, as that destroys the registers set up by the cold load process. + Add "LOAD {}" and "DUMP {}" commands. DUMP should return "Command not allowed" until it is implemented (but this reserves the command). + Parameterize REALTIME delays to use USEC_PER_EVENT (microseconds per instruction). Floating-point constants reduce at compile time, so OK to calculate integer times accurately. + Add CHANSO inbound signal for the disc interface. + Change IOP to respond to SRn by calling mpx_assert_SRn. mpx_assert_REQ must call mpx_assert_SRn because although SIO returns SRn, it's ignored by the IOP. Also, MS must call mpx_assert_SRn if DRESETINT starts a deferred command, but again that's because SRn is ignored. + Add INTREQ outbound signal. Still would need iop_assert_INTREQ for async setting. + With SET CALTIME, PCLK and CLK (when the latter is set to 1 msec) will actually set a 10 msec service interval to allow idling. However, RCLK and RIO will update their respective counters to reflect the actual elapsed time to a 1 msec resolution before returning the values. + There are places where dprintf is called in both branches of an IF statement. These should be recast as IF DPRINTING(...) THEN hp_debug ELSE hp_debug. + Harmonize debug logging keywords and actions across devices (DS is model). + simh.doc: Document tape runaway, set/show density, change in wrgap API. + Add alternates (i.e., names for both 0 and 1 state) to fmt_bitset(). + Add LtoR and RtoL options to fmt_bitset(). + Generalize fmt_signals() to print bitsets for tape status, etc. + Change OUTBOUND_SIGNAL definitions to occupy the upper 16 bits, retaining data in the lower 16 bits. This allows "IOSIGNALS (outbound) & CHANACK" to become "outbound & CHANACK", e.g. It also saves shifting and masking before testing the bit. Redefine IOSIGNALS(c) as a mask without a shift. CPU --- + [BUG] SET CPU DUMP= is being interpreted as SET CPU DUMPDEV= because of modifier table ordering. + Implement the CST expansion firmware and the SET CPU CSTX command. + Confirm XBR, PARC, and ENDP instructions with CST expansion. + XBR fails with an STT Uncallable trap with NOCSTX because the COBOL compiler sets the uncallable bit in STT 0. An external label with STTN = 0 means start at PB, so maybe the U bit is significant for PCAL 0 but not for XBR? [FIX] Rules change for CSTX. For XBR, etc., check M bit in CST entry and fail with trap_Privilege_Violation if NPRV and M bit is set. For PCAL, etc., use STT U bit if non-CSTX. For CSTX, trap_Uncallable if STT 0 and NPRV (as there is no U bit in STT 0). + Do not write MAPFLAG to the stack marker when NOCSTX. Otherwise, values in memory will be different that a real machine that doesn't have CSTX firmware. So the MAPFLAG register value becomes essentially random for NOCSTX. + Are any LSTT accessors needed? [No.] + Comment and OPND trace cleanup. + Move cpu_interrupt_pending from base to main? Used in base and CIS. Might be able to combine with main exec loop stuff. + Should switching from III to S58 keep memory size at 1024K or increase to 4096K? S58 minimum memory is 2048K; need this "features" field? + cpu_speed should be calculated with an instruction time of 2.57 usec for the Series III and 0.91 usec for the Series 58. + Verify SINC instruction works when STATUS_I. Have to write priv mode SPL program to test this. + Test DUMP instruction. + Does IXIT check for IMB IRQ and handle without ICS setup, as IOP does? [NO] + Change cold load to skip stop and proceed directly to run mode for 5x. + CPU traces need three octal digits for 5x? NO: banks are 00-77 octal! + Ensure power fail works. + Add SIR. It's probably good enough to update this in the postlude and use it to set CPX1/2 in the prelude, rather than keeping track of which one we are updating on the fly. + Note that the stack overflow handler in Module 10 (ININ) has Series-4x specific handling; search for "ICF/44 ADJUSTMENT". [Handling is identical to the Series III.] + Changing CPU types (IOP vs. IMB) should automatically enable/disable the associated devices. Also, enabling or disabling the IMBA should also enable or disable all associated devices (e.g., CPP, GIC, etc.) + Remove cold dump stuff for Starfish. Doesn't work the same as HP-IB systems, and there's no dump device available currently anyway. Add cold load programs for Amigo disc and tape. These aren't available either, but they're ready to add. + Implement Series III+ with 6-bit bank registers for Gavin Scott's patched MPE V/R. Do not document the option to avoid confusion with standard MPE. + BUG !!! CVND must queue down to 3 TOS registers, else a buffer that ends just under the third value will cause a bounds violation (buffer >= SM). PROBABLY ELSEWHERE TOO -- MUST QDOWN ANY EIS THAT USES < 4 TOS REGISTERS! + Test EIS cases not checked by the diagnostic. + Implement the Extended Instruction Set. + ENH: trace the registers when taking a trap. + CID 1415542 (hp3000_cpu_cis.c:1776): Operands don't affect result BUG: "TO_WORD ((filling ? D16_SIGN : 0), ...)" should be D8_SIGN (byte value)! Modify "edit" (hp3000_cpu_cis.c) to use the full 16-bit value when storing the significance trigger. + BUG: SCAL 0 and PCAL 0 do not re-push the popped relative address before a stack overflow trap is taken, so the wrong value is in the TOS when the instruction is reexecuted after stack enlargement. + The COBOL-II instructions must be checked for interruptibility. Or interruptibility must be disabled for the release and until testing is performed. Do this by "#DEFINE cpu_interrupt_pending(x) FALSE" so that code changes are not necessary. + Must not change CPU state or trace memory accesses for EXAMINE or SET DEBUG. Need either special mode for mem_read/mem_write calls from mem_byte_operand, or mem_init_byte could return an absolute byte address that could be passed to mem_byte_operand, which could then access M[] directly. + Add a general per-instruction trace. This would turn on ALL tracing for ONE instruction (actually for all instructions that match a given criteria). The idea is to allow tracing of a suspect instruction (e.g., IXIT) or a set of instructions (e.g., the COBOL extension instructions). Enabled by entering SET CPU EXEC=[;] to specify the matching criteria and then SET CPU DEBUG=EXEC to enable the trace. Implementation detects a match, saves existing cpu_dev.dctrl in a global, sets all dctrl bits on, and processes the instruction. Original dctrl is restored when match fails on next pass through the execution loop. Test in sim_instr() exec loop is conditional on sim_deb /= NULL, so it does not impose a high cost when not used. UI options: 1. SET CPU TRACE=[;] and SET CPU NOTRACE (mask defaults to 177777) 2. SET CPU EXEC=[;] and SET CPU DEBUG=EXEC 3. DEPOSIT CPU TMATCH/TMASK and SET CPU DEBUG=EXEC or SET CPU TRACE/NOTRACE #1 means that tracing instructions uses two different mechanisms: SET CPU TRACE and SET CPU DEBUG=INSTR. #3 adds "registers" that aren't machine registers, simply to avoid explicit parsing of a new command. #2 is therefore desirable. Note: can't do #2 with INSTR without testing every DEB_INSTR case for a mask/match. Testing everywhere is the same as using a separate flag, e.g., SET CPU DEBUG=TRACE. Also, may want to trace instructions only, except for certain ones that should be traced fully, so may want INSTR and TRACE. Ideally, after symbolic entry is implemented, one could SET CPU EXEC=FDIV, and the and values would be set appropriately (from the operand tables in sys.c). Instruction tracing shifts the CIR left by 8 if the R bit is set before masking and matching (to allow matching stackops in both locations with a single spec). If tracing, set flags BEFORE reg print if match, and clear flags AFTER print if no match. That way, regs are printed both before and after an instruction. = 0 is legal (may wish to trace NOP instructions). = 0 traces all instructions if = 0 or no instructions if /= 0. So disallow this case. + Implement the Language Extension Instructions. These are required to run COBOL II programs and, in some cases, the COBOL II compiler itself. Note: the EDIT diag does not test ICPS, and there are no tests for interruptibility! + Move interrupt_pending from base to cpu and make it global for use by lei. + Move byte accessors from lei to mem. Recast mem_byte_operand to use byte routines. + Operand trace of SETC 11/MDWO/SUFS 2/SUFT 2/DBNZ -4/TE prints source and target of length 12 because final SUFS/SUFT moves addresss back and then drops out of loop without accessing. Might handle by having mem_init_byte save the initial byte address and then comparing with the active byte address to see if no read/write was done after init (and updating fwa/lwa only if an access has occurred). + Clearing cpx1_PFINTR from CPX1 must inhibit all future CPX1 interrupts until power fails. Inhibit is cleared by -CPURST. Note that inhibit does NOT alter the CPX1 value, just recognition of interrupts from that value. May have to do "if (CPX1 & cpx1_irq_set) cpu_run_mode_interrupt ()" where "cpx1_irq_set" is either CPX1_IRQ_SET or 0, depending. Can't just return from run_mode_int, as instructions won't be executed in the instruction loop! + Implement the powerfail trap (trap_Power_On). + Simulate power failure and recovery with the POWER FAIL and POWER RESTORE commands. + The ICS interrupt handler is not implemented. However, this handles the System Parity Error, Address Parity Error, Data Parity Error, Module Interrupt, and Power Fail interrupts -- none of which are implemented yet. + Implement the CMD instruction (required for the diagnostic only). + Simulate the DUMP switch. This is the only way to generate a dump tape that can be analyzed with DPAN4. SET CPU DUMPDEV=0-127 (default is 6) SET CPU DUMPCTL=0-%377 (default is 4) DPAN4 is module "DN" in MPE sources. Note that Series III ucode writes the CPU context to %1400-%1425, whereas the Series II doesn't. Question: how does the ucode know that a write ring is present? TIO? + Impl note 2 in "halt_mode_interrupt" describes cold load process incorrectly. + Add a reason code to the syshalt message to indicate the reason for the halt. Use the parameter word of MICRO_ABORT to indicate the reason. + Verify bounds checks vs. unchecked. TSCK and TSC1 check for SM->SR access. many of the existing checked calls (e.g., "data") should actually be UNchecked, e.g., in EXIT stack marker unwinding. Need to verify all places where checks occur. + Usage of TO_MASKEDVALUE () vs. MASKEDVALUE (). Device simulators generally use the non-TO form to mask and right-justify a supplied value and the TO form to left-align and mask a returned value. + Undefined instruction stops do not have full coverage. + Bounds checking for word and byte moves and compares is not correct. Symptoms are BOUNDS VIOLATION aborts. + FLT must push stack before calling fp_flt because norm_round_pack writes value to RA,RB in case of a trap. Should return trap code and let the caller trap after adjusting the stack as desired. + QASL and QASR should pass instruction into routine rather than changing CIR. + Overflow tests on results are missing from DIVL and DIV. + Simplify arithmetic trap handling to do MICRO_ABORTs. + Enabling simulation stops on infinite loops breaks on MTBA P+0 and MTBX P+0, even though these are legal and don't lead to infinite loops. Showed up in the disc diagnostic, which uses MTBA P+0 for timing loops. + An EXIT with the stacked STA register R bit set to execute the 2nd stackop fails to set the CIR properly. + There are several problems with exiting and reentering the instruction loop. A series of STEPs must execute identically to continuous execution. That is, the state of the machine must be saved when exiting and restore when reentering (with allowances for changed P and/or PBANK registers). The problems generally occur with incomplete instructions, e.g., PAUS, two stack-ops, interrupted MOVE, etc. The problems manifest as these issues: - stepping through an instruction into an interrupt stacks the wrong P value - setting a breakpoint on the instruction after a dual stackop breaks on the right-hand stackop instead of the next instruction - stepping through XEQ does not execute the target instruction - stepping through interruptable instructions - stepping through A/B stack ops - must handle interrupt and return between stack ops Tests with CPU04 (breakpoints indicated): - (00.020736) breakpoint on single stackop - (00.020737) breakpoint after single stackop - (00.020743) breakpoint on dual stackop - (00.020744) breakpoint after dual stackop - (00.020736) step into single stackop - (00.020743) step into dual stackop - (00.021261) step into instruction with interrupt pending - (00.021275) step into single stackop with interrupt intervening - (00.020203) step into dual stackop with interrupt intervening - (00.023032) step into PAUS with trap - (00.021124) step into PAUS with interrupt pending - (00.020403) step into interruptable instruction with interrupt intervening (MOVE 0) - (00.024340) step into interrupt with CIR set correctly on reentry Tests with CPU02 (breakpoints indicated): - (00.012527) step into XEQ does not execute the target instruction (LDNI 1) + A cold load with the device not ready now causes a syshalt. A cold load on a device that is not connected to a channel, e.g., CLK, still hangs, but it would in hardware too. + Stepping through a PAUS into an interrupt stacks the wrong P value. Problem is that stepping reenters sim_instr(), which reloads CIR and sets P = P + 1 but then handles interrupt before NEXT is done to set CIR = NIR and P = P + 2 prior to reexecuting PAUS. + Stepping into XEQ does not execute the target instruction. P continues to point at the XEQ. Problem is that XEQ sets up the target instruction to execute at the same address, but sim_interval decrements on XEQ completion, so STEP drops out with P still pointing at the XEQ. + Interrupt between stackops stacks wrong P value. Section 4 step 24 does ADD,ADD with overflow. Problem is that P is already set to P + 2 after first stackop, so P + 1 is stacked, and return would be to instruction after ADD,ADD. Hardware inhibits INCP for NEXT after first stackop, whereas sim does NEXT after first but inhibits NIR->CIR. + Setting a breakpoint on the instruction after a dual stackop (e.g., DZRO,ZERO) breaks on the P of the right-hand stackop instead of the specified P. This is the same problem as above: P is incremented after the left-hand stack op instead of the right-hand op, so it matches the breakpoint between stack-op executions. + Stepping after a system halt shows P moving backward by two each time. + A device conflict backs up P each time a run is attempted. + Regularize the use of CCA, CCB, CCC, and CCZ, especially for double-word integers. + Exchange identifiers "data" and "unchecked_data" (e.g.) for "data_bnd" and "data", respectively, i.e., make the default unchecked bounds. The bounds-checked cases are almost always part of effective address processing, and cpu_ea returns the access class in a variable. The explicit cases are almost always unchecked, so it'd be cleaner to have them be the default case. Use identifiers "data_bnd" or "data_chk" or "data_bounded" or "data_checked"? 168 unchecked, 73 checked. + Consistent use of SR_PREADJUST() vs. sr_preadjust[]. + DCMP, LCMP, and FCMP set the CC with CCG instead of STATUS_CCG. This incorrectly sets the carry flag in the status register. + Eliminate cpu_int_defer and instead use a CIR == SED_1 test to defer in the instruction loop. Calls from elsewhere will not defer because they're made within another instruction, which cancels the deferral. + Merge IXIT use of INT4 / INT6 with other uses. + IXIT jump to INT4 for a pending external interrupt is not handled. Executing an IXIT while a second interrupt is pending will return SCPE_INCOMP. "yixit.sim" is a SLEUTH program that tests this (SED 0/SIN 4/SIN 6/SED 1). + The RIN handler within IXIT should call iop_poll(), as resetting a higher-priority interrupt will allow a lower-priority interrupt to assert. + SLEUTH CONF reports "MEMORY SIZE = 528K WORDS" for a 512K machine. The memory limit test is off by 1. + A dispatch interrupt does not report the base registers. + Clean up CPU debug printouts; sim stops should be printed if any CPU debug flag is set. + Separate the sim stops into a new SET CPU STOP{={stopname...}) command. This will allow SET CPU DEBUG without the mandatory SET CPU NODEBUG=PSTOP. Make the STOP option MTAB_NMO, so that it isn't normally printed. + Add separate stops for unimplemented instructions vs. undefined instructions. The latter would be instructions that have reserved fields that are decoded in some unexpected fashion. Maybe ISTOP and USTOP? There are four cases: 1. Canonical instructions, where all bits are defined (e.g., LOAD). 2. Defined but unimplemented instructions, e.g., stackop 072 or EADD with no EIS. 3. Undefined instructions, where a reserved field is don't care (e.g., PAUS). 4. Undefined instructions, where a reserved field is decoded (e.g., DISP). An unimplemented instruction stop should catch case 2 only; bypassing should produce an unimplemented instruction trap. An undefined instruction stop should catch case 4 only; bypassing should decode and execute the instruction per the microcode. The idea is to catch instructions with reserved fields whose values would change the meaning of the instruction. If the field is don't care (case 3), then the instruction meaning is the same as if the value were canonical (case 1), so stopping has no value. + Add a debug printout for the base registers (e.g., PB, PL, etc.). As these are only changed by certain instructions (SETR, PCAL, traps/interrupts, etc.), the registers would only be printed for these situations; printing for every instruction would be largely redundant. Also print the registers on every sim_instr entry to establish the baseline. MEM --- + Change byte accessor to add "length" and remove "last_byte_offset", as length is needed by fmt_byte_operand and can be determined from start and count. IOP --- + Move odd_parity, in/outbound_names, and in/outbound_formats from IOP to SYS. (hp3000 odd_parity is used by ATC, MPX, TAPELIB; hp2100 parity is used by BACI [calculated!], MS, MUX) + Change iop_read_memory and iop_write_memory to accept a physical memory address in the "offset" parameters for the "dma" classification. Currently, we have a pseudo-IBANK that must be set from the mux_aux_ram before calling. The real IOP uses the IOX lines to transmit the bank address to the memory controller. Eliminate ABANK and IBANK as globals. + Eliminate IOD as a global register. + Change IOA to an internal register. Return IOA as the value of the iop_poll function. + IOP DIO debug statements generate millions of irrelevant lines when a program polls for input, e.g., from the ATC, or when it looks for timing, e.g., from the CLK. It would be far more useful if we could specify the DEVNO(s) of the DIOs in which we're interested, e.g., something like SET IOP DEBUG=6 to debug only DEVNO 6. (Implemented as FILTER=n to leave out lines related to device number "n".) MPX --- + SLEUTH CONF reports "MUX ADDRESS RAM WAS WRONG VALUE" error. The address RAM is being incremented in State B by the End order, but increment only occurs in State A and State D. + mux_poll() should incorporate next_state() instead of deciding on its own. + "mux_" should be "mpx_" to comport with diag terminology. Ditto for the device name. + mux_poll() should unload RAMs into registers at top and store registers back into RAMs at bottom. + mux_sio_order [] is a hack. We don't use mux_order_ram [] at all, except to test ORDER_DC. The hardware tests IOCW4 in these cases: + with JMP * JMPMET in STATE C + with JMP in STATE B to assert SETJMP + with END in STATE B to assert SETINT + to test for BUS = CONTRL, SBANK, and RTRES in STATE A Everything else tests order[1:3]. There are four options to fix this: 1. Continue with mux_sio_order []. 2. Eliminate mux_sio_order [] and have mux_order_ram [] store 5 bits instead of four. 3. Eliminate mux_sio_order [] and derive from mux_order_ram [] and mux_cntr_ram [] each time. 4. Eliminate mux_sio_order [] and use mux_order_ram [] with mux_cntr_ram[0:0] as needed Options 3 and 4 require that mux_order_ram [] be masked to three bits to remove DC bit each time, as well as masking (and merging) mux_cntr_ram [0:0] each time. Option 2 requires masking each time, but the merge of mux_cntr_ram [0:0] is done once. Option 1 requires masking and merging once but requires an extra indexed load each time. Options 3 and 4 directly follows the hardware. Option 2 seems to preserve the hardware logic the closest while allowing efficient access. Option 1 is the farthest from the hardware. Implement option 2. SEL --- + Change port_read_memory() and port_write_memory() to accept a physical memory address in the "offset" parameters for the "dma" classification. Eliminate the "bank" parameter and ABS_BANK. + Read of SIO program words should be listed as "absolute read" not "dma read". ADCC ---- + [BUG] Setting NOEXTENDER causes the simulator to exit quietly on Unix. The problem is calling "tmxr_disconnect_line" with lp->conn = 0. The eventual "shutdown (0)" call closes stdin on Unix, causing "readline" to fail at the next command input (Winsock ignores such a call). + Verify TRACE messages. + To support serial printers without requiring a Telnet connection, perhaps enabling logging on a port will allow writing to the file but otherwise discard all characters without failing the write. Note that tmxr_putc_ln will log the character and then return SCPE_LOST if there is no connection. So testing for that with lp->txlog non-NULL should work. + Step 49 fails with "Unexpected DSJ value returned, testing DEVICE# 2" after channel program halts. Problem is DSJs are issued to device 2 and device 3 (Listen 30/Talk 2/Secondary 10H) and then, while waiting for the responses, CSRQ is asserted by device 2 for a loopback reception. This causes device 2 program to resume and read DSJ, but the address latch contains 3 instead of 2. Either CPP must issue read within original DSJ code, or DSJ must assert CSRQ immediately after the secondary arrives, so that no other channel program can interleave. The issue is that the DSJ needs to be atomic to succeed. --> OR MAYBE the solution is for the CPP to "reenter" itself when the target is an ADCC and the command is DSJ, Identify, or Read. That would avoid putting workarounds in the ADCC that do not exist in the hardware. I don't actually know how the Series 3x/4x/5x CPPs handled the ADCC, but the 6x/7x code seems ATP-specific. + Step 49 fails with "Unexpected value !8008 found in DRT, testing DEVICE# 0". Trace reveals that Read is writing to the UART, specifically when the CPP writes 100001 to Register 0 to set up a receive count of 1. The ADCC does not appear to have any circuitry that differentiates between Talk and Listen. So a Talk 0 followed by a write to Register 0 is accepted and executed! + Channel program aborts on DSJ because ADCC does OBSI for device request, but that plus a general wait causes an abort (condition 4b) in process_channel. This may be because microcode is for Series 6x that uses ATP not ADCC. Another ADCC problem is that reg 2 sets only "outbound FIFO empty" and "outbound FIFO has space available" bits. It does NOT set "inbound FIFO has data" bit, which DSJ, e.g., needs to see! Microcode differentiates between entry via "fetch next instruction" and entry via CSRQ for a "waiting for data" condition. Changing Reg 2 definition will cause ADCCDIAG to fail. + ADCCDIAG step 40 (channel program Identify) fails because ADCC doesn't assert CSRQ after receiving Untalk and MSA. + ADCCDIAG step 49 fails because loopback DSJ = 0 causes Read, but Read checks for data available to determine if entered to initiate or complete the read. However, it's the presence of read data that causes the channel program to execute the read. (For the GIC, the Read command initiates the read. For the ADCC, the read has already occurred, and the Read is merely there to pick up the data.) + DRT'INIT (ADCCDIAG) sets int handler into wrong DRT location (uses DRT+2, which is correct for HP-IB but not for Series III). When an interrupt occurs, a TRAP 1 (bounds violation) occurs. + implement RCCR (5x simulates process clock and cpu timer) + SMSK must issue IMB SMSK for S58 + SETUP'DRT (ADCCDIAG) sets int handler into wrong DRT location (uses DRT+2, which is correct for HP-IB but not for Series III). There are several places that reference the HP-IB DRT! ATC --- + SET ATCD DIAGNOSTIC disconnects Telnet connections but not serial connections. + When the REMOTEACK mode is selected, the ATC transmits an ENQ to the terminal and waits for an ACK to be returned. Regardless of how quickly the terminal returns the ACK, it won't be seen until the next scheduled "tmxr_poll_rx" call, which is performed every 10 mS. Typically, this will be several orders of magnitude greater than the Telnet character reception time and is about 2.5 times slower than the serial time. Modify "line_service" to call "tmxr_poll_rx" and check for ACK reception after one character reception time, thereafter doubling the time until reception succeeds or the time exceeds the normal poll time. Also, if more than one reception time has elapsed, the line service routine should be scheduled immediately when the poll service detects that characters have been received. + In FASTTIME mode (e.g.), input and output occurs at the specified I/O rate, initially 500 event ticks. However, the check for pending input occurs at the poll rate, which is 10 mS realtime, or approximately 200,000 event ticks. The input poll reads characters from the Telnet line up to the size of the input buffer (256 bytes), but the line service is scheduled only once per input poll, regardless of the buffer occupancy. This works fine for keyboard input but is very slow for block transfers, e.g., a Reflection upload, which yields transfer rates of around 100 bytes per second. The line service routine should reschedule itself if bytes remain in the Telnet receive buffer. This is much faster (100x). + Telnet output is currently performed a byte at a time. It is faster (3x) if output is buffered and sent as a block. Modify line_service to skip the output poll unless the buffer is full (xmte = 0 on return from tmxr_putc_ln) or an ENQ has just been output (so output is paused until an ACK is received). One problem is that the ATC does not know when MPE is finished writing. Add an output poll to poll_service to flush the accumulated buffers. This means that the user won't see an output (e.g., the ":" prompt) for 10 msec. after it is written, but this won't be perceptible. + SAVEing on 3.9 when a character output service is pending does not reschedule the service on immediately following RESTORE. Problem is that sim_rest calls detach routine if poll unit currently attached, and that detaches all lines, so line 0 that was reactivated earlier gets cancelled. Need to skip line detach if SIM_SW_REST. + BUG: poll_unit has capac, not wait, set in initializer! (search UDATA) + Does specifying serial port parameters work? Manual says so. Yes, apparently, if I don't call "tmxr_set_modem_control_passthru". + The SET CONSOLE TELNET= command moves the system console, not the simulation console. It's effectively the same as SET ATCD NOCONSOLE, except that it gets its own dedicated port number. Remove NOCONSOLE. + Manual: Add display of dataset vs. direct. + Add REALTIME/FASTTIME options. + Add LOCALACK/REMOTEACK options; the former handles ENQ/ACK internally. + Add the TCI. + Add CAPSLOCK, default to DOWN for channel 0 and UP for channels 1-15. + Synchronize the poll clock with the CPU process clock for idling. + Finish the implementation of selecting the sim console window vs. Telnet session for the system console. + Channel 0 (console) ideally would be 7B for input and 7P for output. Currently, it's UC, which won't print LC characters in messages. However, we do get symbols for CTRL+A (smiley) and CTRL+X ("!!!") showing. Actually, 7P is 7B for input; problem was output filter was not being applied to the echo. + If a channel interrupt occurs while an earlier channel interrupt is being serviced, the ATC will stop interrupting. That's because device_flag is set, but INTREQ is clear. The fix requires two changes: + ATC DRESETINT must clear interrupt_active BUT NOT interrupt_request too. (This is a problem with several interfaces!) + IOP ioRIN must clear the associated interrupt_poll_set bit ONLY IF the interrupt_request_set bit is clear. + Separate SERV debug printout into LSERV (line service) and PSERV (poll service). The latter floods the debug log if enabled for a long time. + Pressing BREAK (VK_PAUSE) on the console window does not enter CI break mode. + Enhance debug printouts for CMDS to decode words. CLK --- + irq_reset_name is not decoded and is unused, i.e., it's missing from some trace printout. + MPE sets the clock rate to 1 ms, limit to 100 counts, and interrupt on limit. This is not compatible with idling! Change this to 10 ms event time and add 10 to the count register on each service. Note that there is a "shared clock" routine that allows faster interrupt rates for performance measurement (S96). + Enhance debug printouts for CMDS to decode words. CPP --- + trace_program doesn't show whole program for: 0: Relative Jump 1 1: Read ... termination 3 2: Relative Jump 0 3: ... Instruction 3 is not shown; trace ends with 2 [last CP in adcc2.log]. [ Can't reproduce; the following program traces properly. ] 10 LET CHANNEL:=9,DEVICE:=0 20 DB AA,10 30 INIT 40 BSIO XX 50 JUMP 60 60 RR 1,AA(0),10,,,80 70 JUMP 50 80 RREG 3,Z 90 IN H,0,44 100 RSIO 110 END + imb_interrupt_poll clears cpp_irq_enable when servicing an interrupt for the Starfish. Is this correct? The IMBA has no mechanism to handle successive interrupts without intervening service, so maybe this is OK, and there is a Starfish SED2 instruction to reenable. + cpp needs a FILTER like IOP; there are way too many ADCC entries when looking at DC or MA actions. + There is a generic problem with the CPP using the "data available" bit in Reg 2 to determine whether DSJ, Read, Identify, etc. are being executed the initial time or the second time. The CPP itself seems to use a flag to determine the entry, with the flag set if execution falls into a command, and the flag cleared if execution is resuming after a wait for CSRQ. + Abstract HP-IB I/O instructions to a routine that uses parameters in lieu of direct access to CPU registers. Then call that routine to handle Starfish instructions; it can be reused by calling from CPU base set when CPU = 4x/5x. Callers move parameters into local variables or CPU registers, depending. + Call cpp_initialize in CPU instruction prelude, which in turn calls imb_initialize. Eliminate IMB device. + From the CPU instruction loop, call cpp_service if cpp_request is TRUE. Eliminate timer reentry. + Add missing handlers for single-byte read/write and chained transfers. + Running CS80DIAG (DUS-III) fails with "CHANNEL PROGRAM ABORT - CPVA(0) = !E020" if all eight devices on the channel are not present. The abort comes from the HIOP executed after each missing device fails to respond. Adding "1837 LET YY(0):=0" to clear CPVA(0) after the HIOP prevents the error. Hardware prevents HIOP from asserting CSRQ unless the PHI is doing a parallel poll AND the CSRQ disable bit is not set. But the Identify microcode does set the disable bit, so HIOP will not stop the program. Instead, it is the INIT that follows the HIOP that actually stops it. + When CS80DIAG Step 45 fails because the 01H + EOI byte was not sent, DMA times out, and the channel program aborts with code 160004. This is properly reflected in the OBSI. However, a subsequent SIOP to start another channel program never asserts CSRQ, so the CPP idles. Problem is that SIOP asserts CSRQ only when poll is active, and it is not. Issue is that no bus cleanup is done; talk and listen are still active. An Unlisten would do the parallel poll, which would allow SIOP to start. Problem is error_exit with NF1 should go to CHRA to cleanup_and_halt. + Add a handler for the Execute DMA command. + Add cold load support for GIC devices. + WAIT instruction display is showing the CPVA field, which is only valid for Series 4x/5x, not Series III. DC -- + [BUG] Masking response_set with present set in run-time init is wrong! response_set is HPIB order, while present is C order! x Command parity check isn't correct; parity field is a bitmap of those devices that have requested parity checking. Should be qualified with my address. [NO! ANY device on the bus that checks parity will freeze the bus if wrong!] + Test cartridge tape operation. + NOTE: CS80DIAG has 6 sections; 1-4 are standard, Section 6 is "CS'80 EXTERNAL EXERCISER". + [BUG] DCA and DCB both on channel 11 with unit 0 on bus 0 causes no conflicts! If both on same channel, how does dc_hpib_accept know which state to use? What if units on both devices are listening? + Add a RESET -C to perform a Device Clear to remove power-on status. CS80DIAG Step 21 does CI Clear to unit 0 but then trips on unit 15 qstat 2 that was never cleared. This seems to be a diag error.... Fix is to run CS80DIAG step 6 (exerciser), SDCLEAR to clear power-on status in all units, then run CS80DIAG to test the drive. Alternate fix is to change line 1084 to "1084 LET WW(112):=!2F08,P:=2". This does a Set Unit 15 and then CI Clear, which clears all units. + Support BOOT DC. + Trim model list to just 7911, 7912, 7933, and 7935? These are the only models supported by HIOMDSC2. Eliminate tape units on 7911/12? + CS80DIAG section 5 is a data test. Fails in step 69, "Testing Set Burst Command", with illegal opcode error. If Set Burst command is implemented, then fails when burst-mode Read/Write is done (CPP does not set this up correctly, yet). + NOTE: Step 30 does 33H Initiate Diagnostic, which fails with illegal opcode error. Fix with NOP. + CS80DIAG Step 45 does Set Length 6, Locate and Write, then does Talk 0 and Secondary 0EH. This is erroneous because this is a read execution phase for a write command, so error 10 (message sequence) is set. Problem is that the host read is still pending -- it needs an 01H + EOI data byte to tie off. + CS80DIAG Step 44 does Listen 0, Secondary 05H, data 48H + EOI (Set Return Addressing Mode), and Unlisten and expects error 9 (Illegal Parameter) because the "parameter field was the wrong length for the opcode preceding it." However, the Unlisten causes a Channel Abort and sets error 12 (message length). + Set Return Addressing Mode should accept unit 15, but it doesn't. + Add modifier support for multiple GICs; SET GIC=. + Allow display in bytes or words. + If "LIST DEFECTIVE TRACK/SECTOR INFORMATION?" is ansered "YES," then INITIAL fails with "ERROR #30 CS'80 DRIVER ERROR NUMBER 1". INITIAL sends command 32H (Initiate Utility), C4H (Read Drive Tables), 01H (Spare Track Table). This fails because it is not implemented (see CDB'INIT'UTIL). Table format is shown in 5959-3913 p.21. + EXAMINE -P is incrementing by bytes rather than words. + EXAMINE -P displays relative addresses (e.g., jumps) as byte addresses instead of word addresses (or 2 * byte address). + Power-on condition should enable PPR, per SS/80 3.6. Problem is set_error sets dsptr->state = Optional_Wait, but dc_initialize is looking for dsptr->state = Reporting_Wait before enabling PPR. + Attach and detach produce "20:18/7/FOREIGN VOLUME ON LDEV# 2" and "20:18/7/VOLUME DISMOUNTED ON LDEV #2" using a MAC disc. For a CS/80 disc, attach produces "20:05/7/(VOLUME DISMOUNTED)" and "FOREIGN VOLUME ON LDEV# 2", while detach produces nothing (the "volume dismounted" message occurs because MPE is not being notified of the detach; this message does not occur if the drive is not attached at startup). Unloading a removable drive sets the user release bit in the status array and enables PPR. HIOMDSC2 leaves a WAIT running on the channel when it is idle to pick this up. Currently, we do not handle release, Set Release, Release, or Release Denied. If we want to support removable media, such as the 9144 CTD, we need to. DS -- + Documented register names include CYL, STATUS and OPCODE, but using these produces "Invalid argument" errors (names are #defined as u3, u4, u5). + Create a full-sized disc image when ATTACH -N is specified. + CID 1415433 (hp_disclib.c:3903): Unchecked return value from library BUG: host file system error should be checked here. Modify "position_sector" (hp_disclib.c) to test the "sim_fseek" call for error status and to simulate a Drive Fault (AGC error) if the call fails. + Offline diagnostic fails at step 66 if REALTIME. Problem is a timing loop that assumes that MTBA takes longer than the 2.5 usec average instruction time. Do we need to have variable timings? Worked around by decrementing sim_interval twice for the MTBA instruction. + Implement REALTIME and FASTTIME phase times. + Finish the DS implementation (ioreset, confirm FF set/clear, retry counter). + Can we have a setting that produces a failure for a certain type of access? This would be to test Uncorrectable Data Error, for example. Maybe something like SET DS0 FAIL=017;005;1;4;32 to return CDE (017) for a Read (005) from cylinder 1 head 4 sector 32? It's necessary, because a host system I/O error generates an Uncorrectable Data Error, which we can't otherwise test. + Step 54 does six chained reads of one word and expects OVRUN at end of sector i.e., at end of chain. But it looks like PREADSTBs and IFINs are interleaved 1:1. + OVRUN sets at the end of write transfers that do not transfer a full sector. The write data_phase sets cvptr->eod if EOD flag but doesn't suppress outbound functions, so IFOUT is returned! + Implement separate PROTECT=UPPER and LOWER switches for the 7905/06. + Rationalize phases, e.g., auto-seek sets Seek_Phase (maybe so does waiting for seek). + Clean up end_command so that it no longer returns values. + Use SLEUTH to test RWO, RNV, Wakeup. GIC --- + GICDIAG step 22 fails because a write to Register E clears the DMAEN flip-flop, but the output is part of the state register and so is not seen by the state machine until the NEXT clock occurs. In other words, the write to Register E does not advance the state machine, which stays in the same state until three more reads occur to clock the state machine again. Fix is to implement this delay in "dma_cycle". + Write to reg 5 then 4 generate PPR but does not show a bus cycle, even though PHI is online. NOT A BUG! Regs are Poll Sense and Poll Mask, but changing them does not alter anything on the bus. Instead, it is the internal PHI view of the bus that is altered and that causes the PPR interrupt. + Can't currently handle, e.g., two MA instances on the same GIC because "report" only returns one descriptor. Should return an array of 8 with zero "present" field indicating last one. GIC should then enter all descriptors into dispatcher table, which needs to have 8 (devices) + 1 (GIC) entries. Or maybe 2 GIC entries to accommodate diag connection while having GIC(s) at known entry locations (so don't need GIC pointer in dispatcher table). + Double-check timeout conditions (timer_enable). + Timeout bit in Reg F never clears. x Redo the timeout clock to use calibrated time (or perhaps allow both real and cal time). Set for 10 msec coscheduled and use count up to 100 to perform timeout. This allows restart of timer to be simply clearing the counter rather than rescheduling via sim_activate_abs on each DMA step. [GICDIAG section 24 tests timeouts using the PCU process clock timer. If set for cal time, the diag fails because the GIC timer is set for realtime. Setting the CPU clock to realtime allows the diag to pass. A one-second realtime GIC timer calls the event routine approximately every 30 msec.] + Need a mechanism to "connect" a non-controlling GIC to a controlling GIC's bus. This would occur if the "NCGIC" was registered separately from the "CGIC". But currently, multiple GICs will call hpib_register with the same registration info, so only one entry will persist. [HP2100 DI does this by searching during run-time init for another DI with the DIAG bit set in dptr->flags. We could do this; when we find it, we save the channel number and substitute that when calling the "other" GIC.] [GICDIAG section 25 appears to use Read and Write instructions to address the NCGIC as device 0 -- the default address after a PHI reset -- and uses Execute DMA instructions on the NCGIC end. The NCGIC would need to indicate that address 0 is present instead of address 30 when configured as a device.] + Pass the GIC diagnostic, except for Section 18 (memory parity error test). + Add run-time initialization test for conflicting addresses from multiple protocol handlers. + Complete the register behavior. + Add modifiers for S1 "PROCESSOR" (CPU/CPP), S2 "DEVICE TYPE" (A/B), S3 "SYS CTRL" (OFF/ON), S4 (CHANNEL), and S5 "MODE" (OPER/TEST). IMBA ---- LP -- + The ATTACH LP command documented to cancel a pending offline transition does not work. The "lp_attach" routine is never called, as the SCP "attach_cmd" routine fails when the filename is not supplied. + Cannot call service routines directly (e.g., LP) if they return status. The status returns are lost unless they are called by sim_process_event. Need to recast direct call as a sim_activate call with time = 0. + BUG: Commanding a VFU channel that is not punched returns the result of the "lp_set_alarm" call, but that is a "t_bool" type! This causes a simulator halt from the service call. + BUG: The 1000 diagnostics for the 2607 and 2613/17/18 test that the former automatically prints when the 133rd character is received, while the latter ignore characters after the 136th (2613) or 132nd (2617/18). The 3000 on-line verifier does not check this; it prints a maximum of 132 characters. The 3000 "Installation and Service Manual for Line Printer Subsystems" explicitly says that an auto-print occurs on the 133rd character, but it doesn't mention that this behavior is specific to the 2607. The auto-print feature of the 12845 interface for the 1000 also says that the 2607 auto-prints and the 2613/17/18 do not. (Fix the manual description under Unit Options.) + SHOW LP outputs the full VFU table when we only want the title. SHOW LP VFU should output both. + Modify the SHOW LP VFU command to display the VFU contents. This saves a lot of horsing around with REG fields. + Simulate the 2613 line printer (simpler than the 2607, per the IOLPRT0 driver). LPA --- x Do these printers perform auto-skip at the bottom of pages? The RELOAD printed output does not obey the top and bottom margins. [ACTUALLY, it looks as though the serial driver doesn't skip margins, but the HP-IB driver does.] + Verify that multiple printers work properly. + Implement the 26069A HP-IB-to-differential interface to provide a line printer. MA -- + [BUG] Masking response_set with present set in run-time init is wrong! response_set is HPIB order, while present is C order! + Add registers. + Add error handling for wrong dats xfer secondary. + Move CNTLR_VARS to MA_STATE; include "cvptr" field that points to it. + REGs base is state, except for depth = 4, for which base is dptr->units. + Modify tapelib TL_REGS to use expanded MTABs. + BOOT is currently shimmed. + Change UNIT_OFFLINE to UNIT_ONLiNE (here and in MS). + Set default unit number field in tl_reset -P and add tl_show_unit. + Eliminate wait state for HP-IB controller. + Run diag with four drives. MS -- + STATUS is a documented register name, but using it produces an "Invalid argument" error (name is #defined as u4). + CID 1415735 (hp_tapelib.c:2969): Out-of-bounds read in status_name array. BUG: 4.x defines one more MTSE constant than 3.x. Modify the "status_name" array (hp_tapelib.c) to include descriptions for all of the possible simulator tape library status returns. + hp_tapelib does not call ferror to check for a host system file error from sim_fread when repositioning within a gap in tl_clear. + MS does a lot of command/unit manipulation that should be done by tapelib. + Phase timing seems to be overly complicated. + XFERERROR does not set TRANSFER ERROR status (sets FF, cleared by MR). + Mounting a magnetic tape produces "LDEV 7 UNIT FAILURE. I/O STATUS % 54". However, with SET MS REALTIME, the result is "VOL (UNLABELLED) MOUNTED ON LDEV# 7". This is a race condition; correct via better FASTTIME settings. + Select_Unit should either be scheduled on a controller unit, or it should execute immediately. Currently, a Select_Unit_0 while unit 0 is rewinding will lose the rewind completion interrupt. + Select unit 0 returns Command Reject if called while a rewind is in progress. + :STORE does a read on a blank tape to look for the label. Debug reports "read of 2684354.4-inch erase gap terminated with end of medium seen", but start and end position are both 0. + Rewind after attach of second tape starts at position 0 but does not complete! For the 30215, a rewind at load point completes immediately without DRIVE ATTN. + Restoring tape 1 of 2 (e.g., 32033-11009_1of2.tape) does not end cleanly. Instead, RESTORE reports "TAPE READ ERROR" for the final (split) file and "CATASTROPHIC ERROR" for all files on tape 2 of 2. + Setting MSn offline does not stop access, nor does it reflect offline status! The problem is that UST_UNITRDY is not set consistently. + Fixed ACKSR to allow STEP 532 to pass without wrong value for 800 bpi data xfer time. + Verify sim_tape.c changes with 13181 diagnostic. + Merge sim_tape.c changes into 4.0 code base. + Handle read vs. read w/CRC in service rather than start_command. + Standard read w/13181 and REALTIME appends CRC/LRC to the buffer (same as read w/CRC). + Store unit in flags ("SET MS0 UNIT=1" to model OFF/0/1/2/3 switches)? NO; gain is nil. + Check CRC gen against HP 1000 7970 diag source (OPDSN CRC/CRCI/CRCO commands). + sim_tape half-gap read reverse. + sim_tape add runaway, depends on bpi (disable if bpi = 0). + sim_tape runaway not indicated in reverse direction! + sim_tape wreom pos must not be updated. + sim_tape set bpi. + sim_tape change wrgap to use stored bpi. + Add gap traverse time to REALTIME reads and spacing. + Reposition if reset while traversing gap (fix step 642). + Validate class_write AND data_transfer for TOGGLEOUTXFER. + Report library error codes after sim_tape calls. + Fix deferred unit interrupt. + Clear unit interrupt when IRQ is reset. + Faster gap skipping code in sim_tape (read blocks of gap at one time). + sim_tape.c: document tape runaway as a function of set density call. + tapelib: use high word of PROP for unit number, reel size, etc. + tapelib: move REELSIZE (2 bits) to high word of PROP? (REELSIZE is set by XTD MTAB, so it doesn't have to be in FLAGS.) + tapelib: adjust ml_clear to do End_Phase (for write, spacing over gap). + tapelib: move set_phase_delays into call location. + tapelib: merge OP and PHASE in same variable? NO: phase is set a lot. + tapelib: cmd_props[].transfer field is not used. + Test auto w/one B (with expected failures in steps 434 and 437). + Test auto w/one E. + Test manual 12-13 w/one B. + Test manual 12-13 w/one E. + Test auto w/multi B (with expected failures in steps 434 and 437). + Test auto w/multi E. + Note: manual tests 11, 14, 15 fail because they each write a single record through EOT. User's Manual ------------- + Add 26069A translator and 2611/13/17/18/19 line printer. + Extensive rewrite of intro and CPU for IMB and Series 58. + SHOW IMBA now shows "channel=1". But note that that the channel number is fixed at 1. + Document Starfish (IMBA, CPP, GIC) and CS/80 (DC) devices. + The LP device refers to the SET LP DETACH command. This should be DETACH LP. + Mention that only one instance of each device is supported. Software Kits ------------- + Add 26069A translator and 2611/13/17/18/19 line printer. + Configure G.3P.00 with cartridge tape. Also a serial printer. + Must expand code segment size to run DPAN5. + Add Starfish configuration section. + Add Starfish command files. x Change :RELEASE to :ALTSEC for the COBOLII UDCs per Frank McConnell message of 7/25/20. NO! ALTSEC requires enabling LOCK access to all PUB.SYS files, whereas RELEASE affects only the UDC files, which cannot be changed while the UDC is in use (exclusion violation reported if attempted). False Positives --------------- - [F] CID 1415550 (hp3000_sys.c:2589): Dereference null return value (NULL_RETURNS)6. dereference: Dereferencing a null pointer contab. Claims "2. var_assigned: Assigning: contab = null return value from find_cmd" ==> but find_cmd CANNOT return null for the CONT command! (would RUN be less likely to be removed?) - [I] CID 1415781 (hp3000_sys.c:2361): Copy into fixed size buffer (STRING_OVERFLOW)10. fixed_size_dest: You might overrun the 1024-character fixed-size string header_fmt by copying format without checking the length. ==> but this is intentional; the size is "sufficiently large". - [F] CID 1415790 (hp3000_sys.c:2250): Copy into fixed size buffer (STRING_OVERFLOW)14. fixed_size_dest: You might overrun the 1024-character fixed-size string fmt_buffer by copying fmtptr without checking the length. ==> but fmtptr is a pointer into fmt_buffer, so it's always wholly contained. - [I] CID 1415870 (hp3000_sys.c:1625): Unused value (UNUSED_VALUE)returned_value: Assigning value from fprint_instruction(ofile, stack_ops, val, 4032U, 6U, radix) to status here, but that stored value is overwritten before it can be used. ==> but this is intentional; the return status is ALWAYS SCPE_OK for fully decoded ops and stack ops are fully decoded; alternative is simply to omit the return assignment, but then I'd get an unused return value warning unless I cast to void. - [I] CID 1415586 (hp3000_cpu_base.c:861): Operands don't affect result (CONSTANT_EXPRESSION_RESULT)result_independent_of_operands: (TR[1] | 1) == 0 is always false regardless of the values of its operands. This occurs as the logical first operand of "?:". ==> but this is intentional to optimize the CCE test away. - [F] CID 1415813 (hp3000_cpu_base.c:837): Uninitialized scalar variable (UNINIT)6. uninit_use_in_call: Using uninitialized value operand_v. Field operand_v.trap is uninitialized when calling fp_exec. [show details] ==> but the "trap" field is only used for the result value, never for the operands. - [F] CID 1415844 (hp3000_cpu_base.c:977): Uninitialized scalar variable (UNINIT)6. uninit_use_in_call: Using uninitialized value operand_u. Field operand_u.trap is uninitialized when calling fp_exec ==> but the "trap" field is only used for the result value, never for the operands. - [I] CID 1415628 (hp3000_mpx.c:1751): Operands don't affect result (CONSTANT_EXPRESSION_RESULT)result_independent_of_operands: (outbound_value | (61440U /* ~0xfffU & 0xffffU */)) & 0x8000U is always 0x8000 regardless of the values of its operands. This occurs as the logical first operand of "?:". ==> but this is intentional (the count is always negative, but the SEXT16 checks both conditions). - [F] CID 1415786 (hp3000_lp.c:3579): Copy into fixed size buffer (STRING_OVERFLOW)7. fixed_size_dest: You might overrun the 256-character fixed-size string vfu_title by copying tptr without checking the length ==> but the buffer is larger than the maximum line allowed by the read less the initial "VFU=" keyword.