30 Apr
2008
30 Apr
'08
1:56 p.m.
All, I'm trying to write a PDP-11 disassembler for a.out files. I'm having
trouble dealing with jsrs. Take, for example, the code here:
http://minnie.tuhs.org/UnixTree/1972_stuff/s1/frag19.html
I can happily deal with the jsr pc,do type of jsr, but the ones
involving r5 have me stumped, e.g.:
jsr r5,questf; < nonexistent\n\0>; .even
It appears that data is being inserted into the executable directly
after the jsr instruction. How does the rts which returns from the jsr
know how much data to skip, and what is the involvement of r5 here?
Thanks,
Warren
30 Apr
30 Apr
3:55 p.m.
In your example, -(sp) = r5; r5 = pc; pc = guestf.
Guestf will have to bump r5 as in consumes the parameters.
Rts r5 means pc = r5; r5 = (sp)+.
Hope this helps.
Warren Toomey wrote:
All, I'm trying to write a PDP-11 disassembler
for a.out files. I'm having
trouble dealing with jsrs. Take, for example, the code here:
http://minnie.tuhs.org/UnixTree/1972_stuff/s1/frag19.html
I can happily deal with the jsr pc,do type of jsr, but the ones
involving r5 have me stumped, e.g.:
jsr r5,questf; < nonexistent\n\0>; .even
It appears that data is being inserted into the executable directly
after the jsr instruction. How does the rts which returns from the jsr
know how much data to skip, and what is the involvement of r5 here?
Thanks,
Warren
_______________________________________________
TUHS mailing list
TUHS(a)minnie.tuhs.org
https://minnie.tuhs.org/mailman/listinfo/tuhs
4:41 p.m.
Hi,
This technique was a very common one in assembler sources for PDP-11
versions of UNIX. For example, m40.s of Version 6 UNIX shows a line
"jsr r0,call1; _trap" in its trap routine. I feel very funny to
tell this to Warren, the author of apout!
Anyway, it could be a source of the null-terminated expression of
character strings of the C language, I guess.
Naoki Hamada
nao(a)tom-yam.or.jp
2 May
2 May
1:47 a.m.
On Wed, Apr 30, 2008 at 11:41:17PM +0900, Naoki Hamada wrote:
This technique was a very common one in assembler
sources for PDP-11
versions of UNIX. For example, m40.s of Version 6 UNIX shows a line
"jsr r0,call1; _trap" in its trap routine. I feel very funny to
tell this to Warren, the author of apout!
Well, I borrowed the PDP-11 instruction simulaton code from Eric Edwards,
and spent most of my time on emulating the syscalls, so there are still
things I don't know!
I've got the disassembler to a point where it works OK on the instructions,
I haven't worked on the data side yet. I have put it aside for a bit, due
to increasing frustration levels and other things to do. If someone wants
a copy, e-mail me.
Thanks for all your responses, they were very useful.
Cheers,
Warren
30 Apr
30 Apr
6:53 p.m.
A subprogram using this calling convention would look something like
this:
questf: mov (r5)+,r0
/ play with string pointed to by r0.
rts r5
On Apr 30, 2008, at 8:55 AM, Brantley Coile wrote:
In your example, -(sp) = r5; r5 = pc; pc = guestf.
Guestf will have to bump r5 as in consumes the parameters.
Rts r5 means pc = r5; r5 = (sp)+.
Hope this helps.
Warren Toomey wrote:
> All, I'm trying to write a PDP-11 disassembler for a.out files. I'm
> having
> trouble dealing with jsrs. Take, for example, the code here:
> http://minnie.tuhs.org/UnixTree/1972_stuff/s1/frag19.html
>
> I can happily deal with the jsr pc,do type of jsr, but the ones
> involving r5 have me stumped, e.g.:
>
> jsr r5,questf; < nonexistent\n\0>; .even
>
> It appears that data is being inserted into the executable directly
> after the jsr instruction. How does the rts which returns from the
> jsr
> know how much data to skip, and what is the involvement of r5 here?
The rts doesn't know anything about how much data to skip. In this
snippet r5 is a linkage register that's doing double duty: it's both
an argument pointer to the location immediately following the jsr and
once r5 has been adjusted to point to the location after the argument
list it becomes a return address. This programming technique is
dependent on the subprogram and its callers agreeing on the number of
arguments though it's possible to do a vararg style as well. It's
necessary for the subprogram to pick up the arguments and adjust the
linkage register accordingly AND to return to the caller with the same
register named in the rts instruction as was used in the calling jsr.
/ variable argument list with linkage register
jsr r5,some_fn; $argc; arg1; arg2; ... argn
/ in the function it's necessary to pick up all the args
some_fn: mov (r5)+,r0 / pick up argc
beq 2f / if no arguments, process simplest case.
1:
/ pick up an argument:
mov (r5)+, somewhere
/ or
mov *(r5)+, somewhere
...
dec r0
bne 1b / process remaining arguments.
2: ...
rts r5
I've seen other ways of processing arguments passed with this method
that involved using indexing and adding the argument count to the
linkage register. Tastes and mileage may vary.
Regards,
Milo
--
Milo Velimirović, Unix Computer Network Administrator
608.785.6618 Office - 608.386.2817 Cell
University of Wisconsin - La Crosse
La Crosse, Wisconsin 54601 USA 43 48 48 N 91 13 53 W
7 p.m.
On Wed, Apr 30, 2008 at 11:53:52AM -0500, Milo Velimirovic wrote:
A subprogram using this calling convention would look
something like
this:
questf: mov (r5)+,r0
/ play with string pointed to by r0.
rts r5
It warms my heart to see pdp-11 assembly again. What a pleasant instruction
set. m68k was close but already starting to get weird and x86 is the pits.
--
---
Larry McVoy lm at bitmover.com http://www.bitkeeper.com
7:47 p.m.
Larry McVoy scripsit:
It warms my heart to see pdp-11 assembly again. What
a pleasant instruction
set.
Indeed. PDP-8 and PDP-11 assembly are the only assembly languages I've
ever used, and I liked both of them a lot.
--
John Cowan <cowan(a)ccil.org> http://www.ccil.org/~cowan
One time I called in to the central system and started working on a big
thick 'sed' and 'awk' heavy duty data bashing script. One of the
geologists
came by, looked over my shoulder and said 'Oh, that happens to me too.
Try hanging up and phoning in again.' --Beverly Erlebacher
7:59 p.m.
On Wed, Apr 30, 2008 at 01:47:39PM -0400, John Cowan wrote:
Larry McVoy scripsit:
I had a TA that could read PDP-11 octal the way other people read C.
I used to go over to his apartment with a listing and a 6-pack and
let him debug (lazy bastard that I was :) Ken Witte, wonder where
he is now. Well there he is: http://www.linkedin.com/pub/4/B08/637
--
---
Larry McVoy lm at bitmover.com http://www.bitkeeper.com
It warms my heart to see pdp-11 assembly again.
What a pleasant instruction
set.
Indeed. PDP-8 and PDP-11 assembly are the only assembly languages I've
ever used, and I liked both of them a lot. 
5:08 p.m.
On Wed, Apr 30, 2008 at 4:56 AM, Warren Toomey <wkt(a)tuhs.org> wrote:
All, I'm trying to write a PDP-11 disassembler
for a.out files. I'm having
trouble dealing with jsrs. Take, for example, the code here:
http://minnie.tuhs.org/UnixTree/1972_stuff/s1/frag19.html
I can happily deal with the jsr pc,do type of jsr, but the ones
involving r5 have me stumped, e.g.:
jsr r5,questf; < nonexistent\n\0>; .even
It appears that data is being inserted into the executable directly
after the jsr instruction. How does the rts which returns from the jsr
know how much data to skip, and what is the involvement of r5 here?
Standard subroutine calling sequence.
The called routine must know how many parameters it is called with.
It retrieves them by MOV (R5)+, <somewhere>.
This advances R5 so that eventually it points to the return address,
and the return is done as RTS R5.
A more advanced calling sequence could insert the number of parameters
as the first value after the JSR, and the called routine would then
retrieve that number and use it to tell when it had fetched the right
amount of data.
carl
--
carl lowenstein marine physical lab u.c. san diego
clowenstein(a)ucsd.edu
6044
days inactive
6045
days old
8 comments
7 participants
participants (7)
-
Brantley Coile -
Carl Lowenstein -
John Cowan -
lm@bitmover.com -
Milo Velimirovic -
Naoki Hamada -
Warren Toomey