EXTENDING RSX-11M BY USE OF THE ILLEGAL INSTRUCTION TRAP Daniel B. Curtis Fermi National Accelerator Laboratory Bativia, Il. ABSTRACT This paper describes a method of extending the RSX-11M executive by using illegal instructions to initiate the execution of kernal code. This method does not modify the executive. Code, which is loaded into the system pool, intercepts the illegal instruction trap. If it recognizes the illegal instruction that caused the trap, it does a directive save ($DIRSV), and the service invoked executes as if it were a directive. This method was developed to allow safe, moderately efficient access to a shared memory data base by multiple tasks. Since the data base linkages are manipulated in an executive process, there is no need for locking the data base. INTRODUCTION In many control or real-time situations, it is desirable to add functionality to the computer's executive. This is usually done only when the benefits outweigh the costs of implementing and maintaining a non-standard executive. This paper describes a simple method of expanding the capabilities of the executive. We use the illegal instruction trap to enter the executive and perform a pseudo-directive operation (an extension). Thus, the task that wishes to invoke one of the executive extensions places the correct parameters on the stack and issues a specific illegal instruction. The illegal instruction trap occurs and is intercepted by routines which are loadable and reside in the executive dynamic pool space. These routines determine if the trap should be handled as a normal illegal instruction trap or as a request for executive extensions. If the instruction that caused the trap is an executive extension request, the parameters on the stack are examined for legality. If legal, the request is dispatched; otherwise, depending on the severity of the error, the request is either treated as a normal illegal instruction or the carry is set and returned to the task. EXTENDING RSX-11M PAGE 2 NO EXECUTIVE MODIFICATIONS This method is not intended to facilitate modification of executive code. It only allows the addition of directive-like extensions. The less these extensions interact with the executive, the safer the extensions will be and the more likely they will survive the next release of the executive. Examples of Executive Extensions Some of the extensions that could be provided are: 1. Large array handling - Allows access to attached commons without using virtual space to map to the common. 2. Dynamic Memory and Queue Operations - Allows multiple tasks to operate on shared structures by implementing critical sections through invoking the executive. For 2 above, other methods could be used. Some of these are: 1. Mapping to the PSW and raising the processor priority to disable interrupts. This has some disadvantages but is fast. 2. Having a separate task manage the operations. This is very slow but quite safe. 3. Using a lock bit for the structures. This is fast but is vulnerable to task failures and requires the additional overhead of blocking and unblocking task execution. The illegal instruction method is much faster but otherwise similar to the separate task method. Very Large Array Handling- This extension gives a task access to a shared common to which the task is attached but not mapped. This access is not fast; however, it can randomly access 32K or more words of common without using virtual space. In some cases<1> this method could be more efficient than mapping to different parts of the array. Managing Queues and Dynamic Memory- This extension serializes dynamic memory and queue operations. Therefore, it allows tasks to access queues, lists, etc., in a safe manner whether the access is in a shared common or in the task. ******* <1> Where the data access sequence in the common is random and would possibly require a remap to access each data point. EXTENDING RSX-11M PAGE 3 Microcode Emulation- Many of the extensions could be viewed as specialized PDP-11 instructions. As such, they may be implemeted in micro-code for the PDP-11 computers that have that option. The use of the illegal instruction trap allows a degree of transparency across different PDP-11 computers. SUPPORT TASKS The extensions need to be easy to correct and modify. This allows simple creation and debugging of the extensions without requiring much knowledge of the executive internals. This support is provided by two tasks that allow the extensions to be added and removed from the system. Install Extension Task This task installs the extensions into the executive pool by inserting a PIC shared library task image. The extensions must be built with the restrictions that are mentioned below. Legality checks are made on the library that is loaded; the library is inserted into the executive pool space; if XDT is part of the executive, it is slightly modified; and the illegal instruction trap vector is pointed to the inserted library. This library must be removed before another insertion attempt will succeed. This removal is performed by the Remove Extension Task. Remove Extension Task This task removes all traces of the inserted library. It resets the illegal instruction vector to its original form, removes the XDT modification if necessary, and returns the pool space. XDT Problems The XDT modification mentioned above is required because XDT resets the illegal instruction vector each time it proceeds from a break. Therefore, the modification is needed if XDT is invoked. The modification points XDT's default illegal instruction vector to the inserted library. This modification is removed when the Remove Extension Task is executed. The modification does not affect the operation of XDT<2>. ******* <2> All this means is that normal illegal instructions are handled essentially the same. XDT is not informed of the occurence of the special instruction that invokes the extension. EXTENDING RSX-11M PAGE 4 REQUIREMENTS FOR THE EXTENSIONS ADDED The requirements for the extensions that are added to the system pool are: 1. The routines must be written in position independent code (PIC). 2. The total amount of code added to the pool must be less than 4K words. This is an arbitrary limitation. Another possible implementation is to create and load the library into a region, and to provide code in the pool that receives the trap and maps the region into the kernal. This would be implemented just like executive access to loadable driver code. 3. The routines are built by the task builder just as if they were part of a PIC sharable library. HOW TO INTERFACE TO THE SYSTEM The code executed upon an illegal instruction can be separated into two parts: 1. code executed at interrupt level. 2. code executed at fork level. Each of these parts have normal and error exit procedures. Interrupt Part- This part is entered directly from the interrupt vector processing. First, the illegal instruction is checked to see if it is recognized. If not, execution passes to the normal illegal instruction code. The normal illegal instruction operation then completes. If the instruction is recognized, a JSR (R5),@#$DIRSV is executed which causes a system fork and eventual execution of the code following the call. Fork Part- If an error is detected that requires an illegal instruction error return, a JMP @#$ILINS+4 is executed. This totally bypasses the XDT check but correctly handles most operations. An argument error sets the saved processor status carry bit and exits normally. A normal exit simply returns parameters and executes a RETURN. EXTENDING RSX-11M PAGE 5 CURRENT STATUS Currently, the Install and Remove Extension tasks have been written and tested. We have implemented the large array access extensions. They have been slightly tested on a working RSX-11M V3.1 development system without indication of any problems. The dynamic memory and queueing extensions are under development. Large Array Handling Calls The following describes the calling sequence for the first version of the large array handling extension<3>. The task must use the region ID as a parameter in the calling sequence. If this ID is incorrect, the illegal instruction will cause the task to receive an illegal instruction exception. Usage (calling sequences)- The instruction that starts the system extension has the octal representation 210. The arguments of the instruction are on the stack. There are the following types. 1. TYPE 0 -- transfer word to user 2. TYPE 1 -- transfer word from user 3. TYPE 2 -- transfer block of words to user 4. TYPE 3 -- transfer block of words from user 5. TYPE 4 -- set a block to a user specified value ******** <3> Later versions of this package will provide a method of passing a pointer to the argument block instead of requiring that the parameters themselves be passed on the stack. EXTENDING RSX-11M PAGE 6 Each of these types have the following information on the stack at the time of the 210 instruction execution. This information is required for each type. Each type may have other information placed on the stack along with the required information. 10(SP) INDEX HIGH PART 6(SP) INDEX LOW PART 4(SP) REGION ID WORD OBTAINED FROM ATTACH REGION DIRECTIVE 2(SP) TYPE CODE (SP) RAD50 REPRESENTATION OF "ILL" Where the INDEX is a 24-bit byte offset into the region. For type 0: no more information needed For type 1: 12(SP) VALUE TO BE STORED IN THE REGION For type 2: 14(SP) NUMBER OF BYTES TO TRANSFER 12(SP) VIRTUAL ADDRESS OF DESTINATION For type 3: 14(SP) NUMBER OF BYTES TO TRANSFER 12(SP) VIRTUAL ADDRESS OF SOURCE For type 4: 14(SP) NUMBER OF BYTES TO SET 12(SP) VALUE TO SET INTO AREA All cases except TYPE 0 finish the operation with the stack cleared. TYPE 0 returns on the stack the value obtained from the area. Carry clear implies a successfully completed operation. Carry set implies an error and the stack is not cleared. The instruction will produce an illegal instruction AST for the following: 1. The instruction used to cause the trap is an illegal instruction other than "210". 2. The first word of the user's stack is not the RAD50 representation of "ILL". EXTENDING RSX-11M PAGE 7 3. The TYPE argument is out of range. 4. The region specified does not exist or is not attached to the task. 5. The high part of the index is non-zero<4>. The instruction will return carry set for the following: 1. If the index is odd. 2. If the index points outside the region. 3. If the block transfer/set would attempt access outside the region. 4. If the block transfer/set has a zero byte count. ACKNOWLEDGMENT Work performed under the auspices of the U.S. Department of Energy by the Fermi National Accelerator Laboratory. REFERENCES Software Support Group document numbers 34, 67, and 70. Daniel B. Curtis MS 222 FERMILAB POB 500 Batavia, IL. 60510 ********* <4> The current version only allows a 16-bit index. Later versions will support the 24-bit index.