Commit | Line | Data |
---|---|---|
01af22f4 BJ |
1 | From bill Thu Oct 18 01:41:53 1979 |
2 | To: v7bugs | |
3 | Subj: bug in icheck | |
4 | Cc: sklower | |
5 | ||
6 | there is a bug in the icheck program due to the declaration of | |
7 | unsigned short s_fsize | |
8 | in <filsys.h>... in the places where XXX.s_fsize is used in comparisons | |
9 | in icheck.c, it should be cast to an integer. comparisons of the form | |
10 | if (YYY < XXX.s_fsize) | |
11 | are deadly, since YYY may be negative. since XXX.s_fsize is positive, | |
12 | but signed, YYY is treated as unsigned, and havoc results from the fact | |
13 | that the comparsion fails. if an inode has a (bad) negative block | |
14 | number in it (YYY < 0) then icheck will (hopefully) core dump or screw | |
15 | up in some other way. | |
16 | bill | |
17 | ||
18 | From bill Thu Oct 18 01:48:39 1979 | |
19 | To: v7bugs | |
20 | ||
21 | the first set of fixes i sent around for the tty driver showed up further | |
22 | problems (e.g., now the tty driver hangs waiting for input on going into | |
23 | vi sometimes)... you should steal /usr/staff/ozalp/sys/sys/tty.c if you | |
24 | put in this first change and diff and take some more fixes. dmr thinks | |
25 | there may still be a problem with 0377's in raw input; if you are worried | |
26 | about this, change tty.c so that it always flushes if coming from/going | |
27 | to raw, i.e. no TIOCSETN for these transitions... no problem if you | |
28 | do this, i think | |
29 | ||
30 | From root Thu Oct 18 02:05:58 1979 | |
31 | To: v7bugs | |
32 | ||
33 | s/s_fsize/s_isize/ in previous mail... sorry. | |
34 | ||
35 | From uucp Wed Sep 26 13:16:38 1979 | |
36 | >From tom Tue Sep 25 22:01:30 1979 remote from ucsfcgl | |
37 | To: Bob Kridle, Ed Gould, Bill Joy | |
38 | Re: Bug in version 7 optimizer of dmr's pdp-11 compiler | |
39 | ||
40 | A bug involving unsigned integers has surfaced in the version 7 C compiler. | |
41 | After installing the following fix you should recompile: | |
42 | mkfs.c | |
43 | dcheck.c | |
44 | passwd.c | |
45 | getty.c | |
46 | mail.c | |
47 | pstat.c | |
48 | ||
49 | >From uucp Mon Jul 23 22:53:59 1979 | |
50 | >From dmr Mon Jul 23 23:59:07 1979 remote from research | |
51 | Here is the change needed to fix the optimizer. | |
52 | The file is /usr/src/cmd/c/c21.c. | |
53 | This is in routine rmove, after case CBR, the first two | |
54 | lines in the 'if r==0' clause: | |
55 | ||
56 | 190,191c | |
57 | < p->back->back->forw = p->forw; | |
58 | < p->forw->back = p->back->back; | |
59 | --- | |
60 | > if (p->forw->op==CBR | |
61 | > || p->forw->op==SXT | |
62 | > || p->forw->op==CFCC) { | |
63 | > p->back->forw = p->forw; | |
64 | > p->forw->back = p->back; | |
65 | > } else { | |
66 | > p->back->back->forw = p->forw; | |
67 | > p->forw->back = p->back->back; | |
68 | > } | |
69 | ||
70 | The old code deleted a test or compare with constant operands | |
71 | and a following conditional branch that would always fail. | |
72 | The new code only deletes the branch (leaves the test) | |
73 | if the combination is followed by another instruction that | |
74 | needs the condition codes. The test and second branch are liable | |
75 | to be deleted later. | |
76 | ||
77 | ||
78 | From michael Mon Oct 29 20:26:58 1979 | |
79 | To: v7bugs | |
80 | Subj: Tm.c | |
81 | ||
82 | There is a bug in the released version of V7 UNIX. The RLE bit (record | |
83 | length error) is defined wrong. You should | |
84 | /RLE/s/0100$/01000/ | |
85 | asap | |
86 | The effect is that the bit which is selected is the select remote bit | |
87 | which is on when the drive is on line and all errors are effectively | |
88 | ignored (programs get a short write) and no retries are attempted. | |
89 | We have also upped the retry count (from 2) since our tape is behind two | |
90 | disk controers and doesn't always get the bus in time. | |
91 | ||
92 | From michael Wed Oct 31 19:44:55 1979 | |
93 | To: v7bugs | |
94 | Subj: pcc | |
95 | ||
96 | we have a pile of fixes and/or bugs for the pdp-11 version of pcc | |
97 | if anyone is interested. | |
98 | ||
99 | From bill Mon Dec 31 14:37:09 1979 | |
100 | To: v7bugs | |
101 | Subject: bug in exece() | |
102 | Cc: tbl jfr mhtsa!ted | |
103 | ||
104 | there is a nasty bug in exece() (which appeared in 50 changes) | |
105 | after the | |
106 | bp = bread(swapdev, (daddr_t)(dbtofsb(swplo+bno)+(nc>>BSHIFT))); | |
107 | put | |
108 | bp->b_flags &= ~B_DELWRI; | |
109 | else the buffer may stay in the cache with DELWRI set and clobber a | |
110 | random block in the swap area at some later time. | |
111 | ||
112 | From dmr Thu Jan 17 00:09:30 1980 | |
113 | Forward to v7 bugs manager: | |
114 | The stand-alone boot loader for PDP-11 systems turns on | |
115 | 22-bit addressing mode on 11/70's but does not set up the unibus | |
116 | map. Thus trying to boot on 11/70's with Unibus RP03's is a loss. | |
117 | Try booting V6 and don't turn the machine off. | |
118 | Failing that, set-em-up 1-1 by hand. | |
119 | ||
120 | From mark Fri Feb 15 21:43:11 1980 | |
121 | To: v7bugs | |
122 | Subject: bugs in learn, tty driver | |
123 | Cc: gst | |
124 | "learn eqn" does a really horrible job of handling terminals that aren't dtc's. | |
125 | For starters, it seems to look for term (not TERM) in the environment, and then | |
126 | not do anything with it. But it does bomb out gracefully if term isn't set, | |
127 | or not gracefully if term is set to something nroff doesn't know about. | |
128 | It also behaves rather strangely if you set term=lpr and admit it didn't | |
129 | come out right. | |
130 | (Fix: change the learn shell script to use TERM instead of term. Change | |
131 | nroff so if the -T terminal doesn't exist it uses lpr. Fixed learn shell | |
132 | script available to anyone who's interested.) | |
133 | ||
134 | Learn editor has scripts that assume there is no "w" program. Since there | |
135 | does exist such a program (nonstandard except in VM/Unix) this example | |
136 | should be changed to use q. | |
137 | ||
138 | It does seem to be possible to learn eqn on a regular crt terminal by using | |
139 | neqn file | nroff -ms | colcrt -2 | |
140 | although this doesn't do anything about Greek letters. | |
141 | ||
142 | ||
143 | When you change your interrupt character from DEL to something else, | |
144 | the BREAK key still maps to DEL instead of interrupt. This is in | |
145 | dz.c et.al., and can be found by searching for DEL or 0177. | |
146 | The fix is to replace the 0177 by something like tun.c_intr; | |
147 | ||
148 | ||
149 | From root Wed Apr 16 20:04:20 1980 | |
150 | To: v7bugs | |
151 | Subject: bug in /bin/time | |
152 | it prints null characters. | |
153 | what is needed is | |
154 | if (c) | |
155 | before each (of 2) | |
156 | fprintf(stderr,"%c",c); | |
157 | 's | |
158 | bill | |
159 | ||
160 | From mark Sat Apr 19 01:18:51 1980 | |
161 | To: v7bugs | |
162 | Subject: bug in pdp-11 C optimizer | |
163 | The following program demonstrates a bug in the V7 pdp-11 /lib/c2. | |
164 | #include <stdio.h> | |
165 | main () { | |
166 | int x; | |
167 | int t1; | |
168 | ||
169 | x = 0; | |
170 | x += 1; | |
171 | t1 = x != 1; | |
172 | printf("x=%d, t1=%d\n", x, t1); | |
173 | exit(0); | |
174 | } | |
175 | It should print 1, 0, but it prints 1, 1. Seems that the optimizer has | |
176 | correctly noticed that the value of x can be predicted at compile time | |
177 | and hence the comparison can be precomputed, but it does the precomputation | |
178 | wrong. Changing the 2 assignments to x to "x = 1" works properly. | |
179 | ||
180 | I don't know what the status of c2 is, I seem to recall someone telling me | |
181 | many years ago that c2 made certain mistakes and that some programs just | |
182 | couldn't be optimized. If this is the case you probably don't care about | |
183 | this, but if c2 is supposed to handle everything right, have fun. | |
184 | Mark | |
185 | ||
186 | From bill Thu May 15 16:27:26 1980 | |
187 | To: v7bugs | |
188 | ||
189 | the fileno macro omits parenthesization, i.e. it reads | |
190 | #define fileno(p) p->_file | |
191 | it should be defined as | |
192 | #define fileno(p) (p)->_file | |
193 | ||
194 | From mark Wed May 21 13:11:49 1980 | |
195 | To: v7bugs | |
196 | Subject: stdio fileno bug | |
197 | ||
198 | From uucp Wed May 21 04:17:22 1980 | |
199 | >From daemon Tue May 20 23:36:57 1980 remote from vax135 | |
200 | >From uucp Tue May 20 21:23:42 1980 remote from duke | |
201 | >From smb Tue May 20 21:17:24 1980 remote from unc | |
202 | Your redefinition of fileno to fix the bug is wrong; it should be | |
203 | ||
204 | #define fileno(p) ((p)->file) | |
205 | ||
206 | ||
207 | ||
208 | ||
209 | I fixed this on Ernie. | |
210 | Mark | |
211 | ||
212 | From mark Tue May 27 23:34:24 1980 | |
213 | To: research!dan v7bugs wh5ess!ber | |
214 | Subject: fix to uux bug | |
215 | Cc: wh5ess!teklabs!clemc wh5ess!uwvax!bob | |
216 | ||
217 | A bug in uux prevents the - option from working with binary files. | |
218 | To fix it, in uux.c, search for "fputs". (It's in an if (pipein) {.) | |
219 | replace the fgets/fputs loop by | |
220 | while ((c = getc(stdin)) != EOF) | |
221 | putc(c, fpd); | |
222 | and declare c somewhere to be an int. (I put the line | |
223 | register int c; | |
224 | right after the if (pipein).) | |
225 | ||
226 | Fixing this bug will allow the new uusend program, which will be released | |
227 | shortly, to work, allowing the transfer of binary files across indirect | |
228 | uucp links. | |
229 | ||
230 | (I don't know where dan's home machine is, would someone please let | |
231 | him know about this?) | |
232 | ||
233 | Mark | |
234 | ||
235 | From michael Wed Jun 4 18:21:35 1980 | |
236 | To: v7bugs | |
237 | Subject: Adb | |
238 | ||
239 | I have found two bugs in Adb (on the 11 at least) | |
240 | First I think the floating point registers are not collected properly, | |
241 | we have no floating point so I havent checked. It looks to me like | |
242 | "readregs" in runpcs.c gets the 25 BYTES starting at u.u_fpsr rather | |
243 | than the 25 words. Those without an fp unit might want to comment | |
244 | that section out anyway and make break pointing run faster. | |
245 | Second in runpcs (same file) the line which has the following fragment: | |
246 | ... BKPTEXEC, command(bkpt->comm,':')) ..... | |
247 | should be: | |
248 | ... BKPTEXEC, !command(bkpt->comm,':')) .... | |
249 | This causes the count in the break point to be used. | |
250 | Also anyone who has a method of translating adb into readable 'C' should | |
251 | get a prize. | |
252 | ||
253 | From michael Mon Jun 9 09:02:14 1980 | |
254 | To: ucsfcgl!tom | |
255 | Cc: v7bugs | |
256 | ||
257 | What I should have said about the fp registers is that it is fetching | |
258 | 25 words at 25 byte addresses. I think that the ptrace call | |
259 | sould be: | |
260 | ptrace(RUREGS,pid,i*2,0) OD | |
261 | ||
262 | From Cory:root Wed Jun 25 18:17:42 1980 | |
263 | To: kridle | |
264 | Cc: v:v7bugs | |
265 | ||
266 | Bob, | |
267 | I fixed a bug in trap.c that I found when installing V7 on the 11/45. | |
268 | The case1+USER fuiword should be ((caddr_t)pc-2) and not ((caddr_t)(pc-2)). | |
269 | You might want to forward this to others who might be interested. | |
270 | jeff | |
271 | ||
272 | ||
273 | From Cory:len Sat Jun 28 13:44:33 1980 | |
274 | To: v:v7bugs | |
275 | ||
276 | From root Wed Jun 25 18:14:05 1980 | |
277 | To: kridle | |
278 | Cc: v:v7bugs | |
279 | ||
280 | Bob, | |
281 | I fixed a bug in trap.c that I found when installing V7 on the 11/45. | |
282 | The case1+USER fuiword should be ((caddr_t)pc-2) and not ((caddr_t)(pc-2)). | |
283 | You might want to forward this to others who might be interested. | |
284 | jeff | |
285 | ||
286 | ||
287 | ||
288 | From uucp Sun Jul 20 07:06:17 1980 | |
289 | >From daemon Sun Jul 20 02:28:59 1980 remote from ucsfcgl | |
290 | >From rusty Fri Jul 18 20:23:26 1980 remote from cmevax | |
291 | To: ucsfcgl!ucbvax!v7bugs | |
292 | Subject: learn bug | |
293 | ||
294 | In file dounit.c insert before the "goto retry;" "fclose(scrin);" otherwise | |
295 | you can run out of file descriptors if you goto retry enough times, and one | |
296 | of the fclose's will produce a core. | |
297 | ||
298 | ||
299 | ||
300 | From michael Fri Aug 29 14:54:47 1980 | |
301 | To: v7bugs | |
302 | Subject: unix on 11/70's with unibus disks | |
303 | ||
304 | Unix as released cannot run on an 11/70 without a massbus disk. | |
305 | A change to the standalone boot code and to UNIX itself is necessary | |
306 | for this to work. In standalone/M.s simply change the code so it | |
307 | does not enable the unibus map: | |
308 | < mov $65,SSR3 /* 22-bit, map, K+U sep */ | |
309 | ----- | |
310 | > mov $45,SSR3 /* 22-bit, K+U sep */ | |
311 | ||
312 | This will allow the system to boot. But strange things happen when | |
313 | you do raw I/O on a unibus disk. | |
314 | ||
315 | In conf/mch.s before: | |
316 | bit $20,SSR3 | |
317 | add: | |
318 | mov $65,SSR3 | |
319 | ||
320 | There is similar code farther down, but I think that it doesnt get | |
321 | executed.... | |
322 | mike | |
323 | ||
324 | From ESVAX:jimbo Wed Sep 17 01:29:39 1980 | |
325 | To: v:v7bugs | |
326 | Subject: "last" catches interrupts | |
327 | ||
328 | when forked into the background. | |
329 | ||
330 | ||
331 | From bill Wed Sep 17 11:56:45 1980 | |
332 | To: ESVAX:jimbo v7bugs | |
333 | Subject: "last" catches interrupts | |
334 | ||
335 | there is a cleaned up last in /usr/src/new on csvax. | |
336 | bill | |
337 | ||
338 | From mhtsa!mp Wed Sep 24 06:53:45 1980 | |
339 | To: ucbvax!v7bugs | |
340 | Subject: floating point bugs | |
341 | Cc: mp | |
342 | ||
343 | You may have heard of these bugs before (the following is quoted verbatim | |
344 | from Vrije Universiteit's Pascal-VU package, which has been around for awhile), | |
345 | yet I find that USG's UNIX still has them... | |
346 | ||
347 | Floating point registers | |
348 | ||
349 | When a program is swapped to disk if it needs more | |
350 | memory, then the floating point registers were not | |
351 | saved, so that it may have different registers when it | |
352 | is restarted. A small assembly program demonstrates | |
353 | this for the status register. If the error is not | |
354 | fixed, then the program generates an IOT error. A | |
355 | "memory fault" is generated if all is fine. | |
356 | ||
357 | start: ldfps $7400 | |
358 | 1: stfps r0 | |
359 | mov r0,-(sp) | |
360 | cmp r0,$7400 | |
361 | beq 1b | |
362 | 4 | |
363 | ||
364 | You have to dig into the kernel to fix it. The | |
365 | following patch will do: | |
366 | ||
367 | /* original /usr/sys/sys/slp.c */ | |
368 | ||
369 | 563 a2 = malloc(coremap, newsize); | |
370 | 564 if(a2 == NULL) { | |
371 | 565 xswap(p, 1, n); | |
372 | 566 p->p_flag |= SSWAP; | |
373 | 567 qswtch(); | |
374 | 568 /* no return */ | |
375 | 569 } | |
376 | ||
377 | /* modified /usr/sys/sys/slp.c */ | |
378 | ||
379 | 590 a2 = malloc(coremap, newsize); | |
380 | 591 if(a2 == NULL) { | |
381 | 592 #ifdef FPBUG | |
382 | 593 /* | |
383 | 594 * copy floating point register and status, | |
384 | 595 * but only if you must switch processes | |
385 | 596 */ | |
386 | 597 if(u.u_fpsaved == 0) { | |
387 | 598 savfp(&u.u_fps); | |
388 | 599 u.u_fpsaved = 1; | |
389 | 600 } | |
390 | 601 #endif | |
391 | 602 xswap(p, 1, n); | |
392 | 603 p->p_flag |= SSWAP; | |
393 | 604 qswtch(); | |
394 | 605 /* no return */ | |
395 | 606 } | |
396 | ||
397 | ||
398 | Floating point registers. | |
399 | ||
400 | A similar problem arises when a process forks. The | |
401 | child will have random floating point registers as is | |
402 | demonstrated by the following assembly language | |
403 | program. The child process will die by an IOT trap and | |
404 | the father prints the message "child failed". | |
405 | ||
406 | exit = 1. | |
407 | fork = 2. | |
408 | write = 4. | |
409 | wait = 7. | |
410 | ||
411 | start: ldfps $7400 | |
412 | sys fork | |
413 | br child | |
414 | sys wait | |
415 | tst r1 | |
416 | bne bad | |
417 | stfps r2 | |
418 | cmp r2,$7400 | |
419 | beq start | |
420 | 4 | |
421 | child: stfps r2 | |
422 | cmp r2,$7400 | |
423 | beq ex | |
424 | 4 | |
425 | bad: clr r0 | |
426 | sys write;mess;13. | |
427 | ex: clr r0 | |
428 | sys exit | |
429 | ||
430 | .data | |
431 | mess: <child failed\n> | |
432 | ||
433 | The same file slp.c should be patched as follows: | |
434 | ||
435 | /* original /usr/sys/sys/slp.c */ | |
436 | ||
437 | 499 /* | |
438 | 500 * When the resume is executed for the new process, | |
439 | 501 * here's where it will resume. | |
440 | 502 */ | |
441 | 503 if (save(u.u_ssav)) { | |
442 | 504 sureg(); | |
443 | 505 return(1); | |
444 | 506 } | |
445 | 507 a2 = malloc(coremap, n); | |
446 | 508 /* | |
447 | 509 * If there is not enough core for the | |
448 | 510 * new process, swap out the current process to generate the | |
449 | 511 * copy. | |
450 | 512 */ | |
451 | ||
452 | /* modified /usr/sys/sys/slp.c */ | |
453 | ||
454 | 519 /* | |
455 | 520 * When the resume is executed for the new process, | |
456 | 521 * here's where it will resume. | |
457 | 522 */ | |
458 | 523 if (save(u.u_ssav)) { | |
459 | 524 sureg(); | |
460 | 525 return(1); | |
461 | 526 } | |
462 | 527 #ifdef FPBUG | |
463 | 528 /* copy the floating point registers and status to child */ | |
464 | 529 if(u.u_fpsaved == 0) { | |
465 | 530 savfp(&u.u_fps); | |
466 | 531 u.u_fpsaved = 1; | |
467 | 532 } | |
468 | 533 #endif | |
469 | 534 a2 = malloc(coremap, n); | |
470 | 535 /* | |
471 | 536 * If there is not enough core for the | |
472 | 537 * new process, swap out the current process to generate the | |
473 | 538 * copy. | |
474 | 539 */ | |
475 | ||
476 | ||
477 | From ESVAX:asa Wed Sep 24 13:34:03 1980 | |
478 | To: v:v7bugs | |
479 | Subject: as: Symbol table overflow | |
480 | ||
481 | I have gotten a complaint from a user trying to compile a fortran | |
482 | program. The assembler complains about symbol table overflow. | |
483 | What can be done about it? What is the size of the symbol table? | |
484 | ||
485 | ||
486 | From bill Wed Sep 24 16:02:10 1980 | |
487 | To: ESVAX:asa v7bugs | |
488 | Subject: as: Symbol table overflow | |
489 | ||
490 | this will be fixed in the next release of the system. | |
491 | for the time being he should break up the program into pieces. | |
492 | (there is no fixed limit on symbol table size in the next releasre) | |
493 |