4 Oct
2006
4 Oct
'06
2:22 p.m.
Dave Horsfall wrote:
:-)
Oh, that would be having the HALT switch down and pressing the START
switch, by the way. That combination will trigger a Unibus reset, and
will bring the CPU out of almost all catatonic states that I've seen,
including serious bus problems.
Johnny
[ Meant to go to list, but sent to DMR only by
mistake. ]
On Wed, 4 Oct 2006 dmr(a)plan9.bell-labs.com wrote:
Yep, that's the one. I regard it as a bug because it indeed happened in
user mode...
It would have to wrap forwards. Basically, if you just have a
MOV (PC)+,(R0)+
SPL #7
and make sure that the rest of the memory don't do anything overly
foolish, and make sure that R0 starts pointing after this piece, it will
eventually fill the whole memory. The final step will be the MOV which
overwrites itself with an SPL, and then we're done.
However, another way of achieving this, if you have some kind of control
of the MMU is to just fill one page with SPLs, and then remap all of
your memory to be that page. The last page you remap is just the page
that holds all the code doing the setup.
I'm not sure you can control that under Unix well enough, but in RSX
this wouldn't be impossible, I think.
It
contains the famous Thrust Meter, a few papers by Yours Truly, and
I think it has the short assembly program that would bring a PDP-11/70
to its knees (the infamous "SPL" firmware bug).
Was this the feature (not really a bug; it's in the manual) that SPL
suppressed interrupts for one instruction after the SPL? I suppose it
was indeed a bug that this happened even in user mode where SPL was
intended to be a no-op. I remember trying this. It depends on completely
filling memory with
SPLs, which I could not figure out how to do using an instruction
sequence. However, putting a bunch of SPLs into a file and reading it
in over the program did the job.
There was a clever assembly program that did it; it relied upon the
instruction counter wrapping around (I can't remember in which direction,
or whether it first relocated itself). Anyone, it managed to fill memory
with SPLs, so the next instruction after overwriting its last instruction
was SPL, and for the foreseeable future after that... If I find the article I'll post it here; I
don't think there are too many
11/70s still in public operation.
Well, ours is occasionally. It's off at the moment, since we're not
allowed to consume that much money anymore, but Magica.Update.UU.SE is
just a key turn away from being online.
It was a bit
hard to break out of--the halt switch didn't work. At first
I thought that power-off was the only solution, but it turned out that
holding down both reset and halt simultaneously did the job.
I'll remember that, should I ever see an emulator :-) I still remember
Ian Johnstone cursing me...