[unix-history] / usr / news / v7bugs

From bill Thu Oct 18 01:41:53 1979
To: v7bugs
Subj: bug in icheck
Cc:  sklower

there is a bug in the icheck program due to the declaration of
	unsigned short s_fsize
in <filsys.h>... in the places where XXX.s_fsize is used in comparisons
in icheck.c, it should be cast to an integer.  comparisons of the form
	if (YYY < XXX.s_fsize)
are deadly, since YYY may be negative.  since XXX.s_fsize is positive,
but signed, YYY is treated as unsigned, and havoc results from the fact
that the comparsion fails.   if an inode has a (bad) negative block
number in it (YYY < 0) then icheck will (hopefully) core dump or screw
up in some other way.
	bill

From bill Thu Oct 18 01:48:39 1979
To: v7bugs

the first set of fixes i sent around for the tty driver showed up further
problems (e.g., now the tty driver hangs waiting for input on going into
vi sometimes)... you should steal /usr/staff/ozalp/sys/sys/tty.c if you
put in this first change and diff and take some more fixes.  dmr thinks
there may still be a problem with 0377's in raw input; if you are worried
about this, change tty.c so that it always flushes if coming from/going
to raw, i.e. no TIOCSETN for these transitions... no problem if you
do this, i think

From root Thu Oct 18 02:05:58 1979
To: v7bugs

s/s_fsize/s_isize/ in previous mail... sorry.

From uucp Wed Sep 26 13:16:38 1979
>From tom Tue Sep 25 22:01:30 1979 remote from ucsfcgl
To: Bob Kridle, Ed Gould, Bill Joy
Re: Bug in version 7 optimizer of dmr's pdp-11 compiler

A bug involving unsigned integers has surfaced in the version 7 C compiler.
After installing the following fix you should recompile:
	mkfs.c
	dcheck.c
	passwd.c
	getty.c
	mail.c
	pstat.c

>From uucp Mon Jul 23 22:53:59 1979
>From dmr Mon Jul 23 23:59:07 1979 remote from research
Here is the change needed to fix the optimizer.
The file is /usr/src/cmd/c/c21.c.
This is in routine rmove, after case CBR, the first two
lines in the 'if r==0' clause:

190,191c
< 				p->back->back->forw = p->forw;
< 				p->forw->back = p->back->back;
---
> 				if (p->forw->op==CBR
> 				  || p->forw->op==SXT
> 				  || p->forw->op==CFCC) {
> 					p->back->forw = p->forw;
> 					p->forw->back = p->back;
> 				} else {
> 					p->back->back->forw = p->forw;
> 					p->forw->back = p->back->back;
> 				}

The old code deleted a test or compare with constant operands
and a following conditional branch that would always fail.
The new code only deletes the branch (leaves the test)
if the combination is followed by another instruction that
needs the condition codes.  The test and second branch are liable
to be deleted later.


From michael Mon Oct 29 20:26:58 1979
To: v7bugs
Subj: Tm.c

There is a bug in the released version of V7 UNIX.  The RLE bit (record
length error) is defined wrong.  You should
/RLE/s/0100$/01000/
asap
The effect is that the bit which is selected is the select remote bit
which is on when the drive is on line and all errors are effectively
ignored (programs get a short write) and no retries are attempted.
We have also upped the retry count (from 2) since our tape is behind two 
disk controers and doesn't always get the bus in  time.

From michael Wed Oct 31 19:44:55 1979
To: v7bugs
Subj: pcc

we have a pile of fixes and/or bugs for the pdp-11 version of pcc
if anyone is interested.

From bill Mon Dec 31 14:37:09 1979
To: v7bugs
Subject: bug in exece()
Cc:  tbl jfr mhtsa!ted

there is a nasty bug in exece() (which appeared in 50 changes)
after the
	bp = bread(swapdev, (daddr_t)(dbtofsb(swplo+bno)+(nc>>BSHIFT)));
put
	bp->b_flags &= ~B_DELWRI;
else the buffer may stay in the cache with DELWRI set and clobber a
random block in the swap area at some later time.

From dmr Thu Jan 17 00:09:30 1980
Forward to v7 bugs manager:
The stand-alone boot loader for PDP-11 systems turns on
22-bit addressing mode on 11/70's but does not set up the unibus
map.  Thus trying to boot on 11/70's with Unibus RP03's is a loss.
Try booting V6 and don't turn the machine off.
Failing that, set-em-up 1-1 by hand.

From mark Fri Feb 15 21:43:11 1980
To: v7bugs
Subject: bugs in learn, tty driver
Cc: gst
"learn eqn" does a really horrible job of handling terminals that aren't dtc's.
For starters, it seems to look for term (not TERM) in the environment, and then
not do anything with it.  But it does bomb out gracefully if term isn't set,
or not gracefully if term is set to something nroff doesn't know about.
It also behaves rather strangely if you set term=lpr and admit it didn't
come out right.
(Fix: change the learn shell script to use TERM instead of term.  Change
nroff so if the -T terminal doesn't exist it uses lpr.  Fixed learn shell
script available to anyone who's interested.)

Learn editor has scripts that assume there is no "w" program.  Since there
does exist such a program (nonstandard except in VM/Unix) this example
should be changed to use q.

It does seem to be possible to learn eqn on a regular crt terminal by using
	neqn file | nroff -ms | colcrt -2
although this doesn't do anything about Greek letters.


When you change your interrupt character from DEL to something else,
the BREAK key still maps to DEL instead of interrupt.  This is in
dz.c et.al., and can be found by searching for DEL or 0177.
The fix is to replace the 0177 by something like tun.c_intr;


From root Wed Apr 16 20:04:20 1980
To: v7bugs
Subject: bug in /bin/time
it prints null characters.
what is needed is
	if (c)
before each (of 2)
	fprintf(stderr,"%c",c);
's
	bill

From mark Sat Apr 19 01:18:51 1980
To: v7bugs
Subject: bug in pdp-11 C optimizer
The following program demonstrates a bug in the V7 pdp-11 /lib/c2.
#include <stdio.h>
main () {
	int x;
	int t1;

	x = 0;
	x += 1;
	t1 = x != 1;
	printf("x=%d, t1=%d\n", x, t1);
	exit(0);
}
It should print 1, 0, but it prints 1, 1.  Seems that the optimizer has
correctly noticed that the value of x can be predicted at compile time
and hence the comparison can be precomputed, but it does the precomputation
wrong.  Changing the 2 assignments to x to "x = 1" works properly.

I don't know what the status of c2 is, I seem to recall someone telling me
many years ago that c2 made certain mistakes and that some programs just
couldn't be optimized.  If this is the case you probably don't care about
this, but if c2 is supposed to handle everything right, have fun.
	Mark

From bill Thu May 15 16:27:26 1980
To: v7bugs

the fileno macro omits parenthesization, i.e. it reads
	#define fileno(p)	p->_file
it should be defined as
	#define	fileno(p)	(p)->_file

From mark Wed May 21 13:11:49 1980
To: v7bugs
Subject: stdio fileno bug

	From uucp  Wed May 21 04:17:22 1980
	>From daemon Tue May 20 23:36:57 1980 remote from vax135
	>From uucp Tue May 20 21:23:42 1980 remote from duke
	>From smb Tue May 20 21:17:24 1980 remote from unc
	Your redefinition of fileno to fix the bug is wrong; it should be
	
		#define fileno(p)	((p)->file)
	
	
I fixed this on Ernie.
	Mark

From mark Tue May 27 23:34:24 1980
To: research!dan v7bugs wh5ess!ber
Subject: fix to uux bug
Cc: wh5ess!teklabs!clemc wh5ess!uwvax!bob

A bug in uux prevents the - option from working with binary files.
To fix it, in uux.c, search for "fputs".  (It's in an if (pipein) {.)
replace the fgets/fputs loop by
		while ((c = getc(stdin)) != EOF)
			putc(c, fpd);
and declare c somewhere to be an int.  (I put the line
		register int c;
right after the if (pipein).)

Fixing this bug will allow the new uusend program, which will be released
shortly, to work, allowing the transfer of binary files across indirect
uucp links.

(I don't know where dan's home machine is, would someone please let
him know about this?)

	Mark

From michael Wed Jun  4 18:21:35 1980
To: v7bugs
Subject: Adb

I have found two bugs in Adb (on the 11 at least)
First I think the floating point registers are not collected properly,
we have no floating point so I havent checked.  It looks to me like
"readregs" in runpcs.c gets the 25 BYTES starting at u.u_fpsr rather
than the 25 words.  Those without an fp unit might want to comment
that section out anyway and make break pointing run faster.
Second in runpcs (same file) the line which has the following fragment:
	... BKPTEXEC, command(bkpt->comm,':')) .....
should be:
	... BKPTEXEC, !command(bkpt->comm,':')) ....
This causes the count in the break point to be used.
Also anyone who has a method of translating adb into readable 'C' should
get a prize.

From michael Mon Jun  9 09:02:14 1980
To: ucsfcgl!tom
Cc: v7bugs

What I should have said about the fp registers is that it is fetching
25 words at 25 byte addresses.  I think that the ptrace call
sould be:
	ptrace(RUREGS,pid,i*2,0) OD

From Cory:root Wed Jun 25 18:17:42 1980
To: kridle
Cc: v:v7bugs

Bob,
I fixed a bug in trap.c that I found when installing V7 on the 11/45.
The case1+USER fuiword should be ((caddr_t)pc-2) and not ((caddr_t)(pc-2)).
You might want to forward this to others who might be interested.
	jeff


From Cory:len Sat Jun 28 13:44:33 1980
To: v:v7bugs

	From root Wed Jun 25 18:14:05 1980
	To: kridle
	Cc: v:v7bugs
	
	Bob,
	I fixed a bug in trap.c that I found when installing V7 on the 11/45.
	The case1+USER fuiword should be ((caddr_t)pc-2) and not ((caddr_t)(pc-2)).
	You might want to forward this to others who might be interested.
		jeff
	

From uucp Sun Jul 20 07:06:17 1980
>From daemon Sun Jul 20 02:28:59 1980 remote from ucsfcgl
>From rusty Fri Jul 18 20:23:26 1980 remote from cmevax
To: ucsfcgl!ucbvax!v7bugs
Subject: learn bug

In file dounit.c insert before the "goto retry;" "fclose(scrin);" otherwise
you can run out of file descriptors if you goto retry enough times, and one
of the fclose's will produce a core.


From michael Fri Aug 29 14:54:47 1980
To: v7bugs
Subject: unix on 11/70's with unibus disks

Unix as released cannot run on an 11/70 without a massbus disk.
A change to the standalone boot code and to UNIX itself is necessary
for this to work.  In standalone/M.s simply change the code so it
does not enable the unibus map:
<	mov	$65,SSR3	/* 22-bit, map, K+U sep */
-----
>	mov	$45,SSR3	/* 22-bit, K+U sep */

This will allow the system to boot.  But strange things happen when
you do raw I/O on a unibus disk.

In conf/mch.s before:
	bit	$20,SSR3
add:
	mov	$65,SSR3

There is similar code farther down, but I think that it doesnt get 
executed....
					mike

From ESVAX:jimbo Wed Sep 17 01:29:39 1980
To: v:v7bugs
Subject: "last" catches interrupts

when forked into the background.


From bill Wed Sep 17 11:56:45 1980
To: ESVAX:jimbo v7bugs
Subject: "last" catches interrupts

there is a cleaned up last in /usr/src/new on csvax.
	bill

From mhtsa!mp Wed Sep 24 06:53:45 1980
To: ucbvax!v7bugs
Subject: floating point bugs
Cc:  mp

You may have heard of these bugs before (the following is quoted verbatim
from Vrije Universiteit's Pascal-VU package, which has been around for awhile),
yet I find that USG's UNIX still has them...

Floating point registers

     When a program is swapped to  disk  if  it  needs  more
     memory,  then  the  floating  point  registers were not
     saved, so that it may have different registers when  it
     is  restarted.   A  small assembly program demonstrates
     this for the status register.   If  the  error  is  not
     fixed,  then  the  program  generates  an IOT error.  A
     "memory fault" is generated if all is fine.

          start:  ldfps   $7400
          1:      stfps   r0
                  mov     r0,-(sp)
                  cmp     r0,$7400
                  beq     1b
                  4

     You have to  dig  into  the  kernel  to  fix  it.   The
     following patch will do:

          /* original /usr/sys/sys/slp.c */

          563             a2 = malloc(coremap, newsize);
          564             if(a2 == NULL) {
          565                     xswap(p, 1, n);
          566                     p->p_flag |= SSWAP;
          567                     qswtch();
          568                     /* no return */
          569             }

          /* modified /usr/sys/sys/slp.c */

          590             a2 = malloc(coremap, newsize);
          591             if(a2 == NULL) {
          592     #ifdef FPBUG
          593                     /*
          594                      * copy floating point register and status,
          595                      * but only if you must switch processes
          596                      */
          597                     if(u.u_fpsaved == 0) {
          598                             savfp(&u.u_fps);
          599                             u.u_fpsaved = 1;
          600                     }
          601     #endif
          602                     xswap(p, 1, n);
          603                     p->p_flag |= SSWAP;
          604                     qswtch();
          605                     /* no return */
          606             }


Floating point registers.

     A similar problem arises when  a  process  forks.   The
     child  will  have random floating point registers as is
     demonstrated  by  the   following   assembly   language
     program.  The child process will die by an IOT trap and
     the father prints the message "child failed".

          exit    = 1.
          fork    = 2.
          write   = 4.
          wait    = 7.

          start:  ldfps   $7400
                  sys     fork
                  br      child
                  sys     wait
                  tst     r1
                  bne     bad
                  stfps   r2
                  cmp     r2,$7400
                  beq     start
                  4
          child:  stfps   r2
                  cmp     r2,$7400
                  beq     ex
                  4
          bad:    clr     r0
                  sys     write;mess;13.
          ex:     clr     r0
                  sys     exit

                  .data
          mess:   <child failed\n>

     The same file slp.c should be patched as follows:

          /* original /usr/sys/sys/slp.c */

          499             /*
          500              * When the resume is executed for the new process,
          501              * here's where it will resume.
          502              */
          503             if (save(u.u_ssav)) {
          504                     sureg();
          505                     return(1);
          506             }
          507             a2 = malloc(coremap, n);
          508             /*
          509              * If there is not enough core for the
          510              * new process, swap out the current process to generate the
          511              * copy.
          512              */

          /* modified /usr/sys/sys/slp.c */

          519             /*
          520              * When the resume is executed for the new process,
          521              * here's where it will resume.
          522              */
          523             if (save(u.u_ssav)) {
          524                     sureg();
          525                     return(1);
          526             }
          527     #ifdef FPBUG
          528             /* copy the floating point registers and status to child */
          529             if(u.u_fpsaved == 0) {
          530                     savfp(&u.u_fps);
          531                     u.u_fpsaved = 1;
          532             }
          533     #endif
          534             a2 = malloc(coremap, n);
          535             /*
          536              * If there is not enough core for the
          537              * new process, swap out the current process to generate the
          538              * copy.
          539              */


From ESVAX:asa Wed Sep 24 13:34:03 1980
To: v:v7bugs
Subject: as: Symbol table overflow

I have gotten a complaint from a user trying to compile a fortran
program. The assembler complains about symbol table overflow.
What can be done about it? What is the size of the symbol table?


From bill Wed Sep 24 16:02:10 1980
To: ESVAX:asa v7bugs
Subject: as: Symbol table overflow

this will be fixed in the next release of the system.
for the time being he should break up the program into pieces.
(there is no fixed limit on symbol table size in the next releasre)
Commit	Line	Data
01af22f4 BJ	1	From bill Thu Oct 18 01:41:53 1979
	2	To: v7bugs
	3	Subj: bug in icheck
	4	Cc: sklower
	5
	6	there is a bug in the icheck program due to the declaration of
	7	unsigned short s_fsize
	8	in <filsys.h>... in the places where XXX.s_fsize is used in comparisons
	9	in icheck.c, it should be cast to an integer. comparisons of the form
	10	if (YYY < XXX.s_fsize)
	11	are deadly, since YYY may be negative. since XXX.s_fsize is positive,
	12	but signed, YYY is treated as unsigned, and havoc results from the fact
	13	that the comparsion fails. if an inode has a (bad) negative block
	14	number in it (YYY < 0) then icheck will (hopefully) core dump or screw
	15	up in some other way.
	16	bill
	17
	18	From bill Thu Oct 18 01:48:39 1979
	19	To: v7bugs
	20
	21	the first set of fixes i sent around for the tty driver showed up further
	22	problems (e.g., now the tty driver hangs waiting for input on going into
	23	vi sometimes)... you should steal /usr/staff/ozalp/sys/sys/tty.c if you
	24	put in this first change and diff and take some more fixes. dmr thinks
	25	there may still be a problem with 0377's in raw input; if you are worried
	26	about this, change tty.c so that it always flushes if coming from/going
	27	to raw, i.e. no TIOCSETN for these transitions... no problem if you
	28	do this, i think
	29
	30	From root Thu Oct 18 02:05:58 1979
	31	To: v7bugs
	32
	33	s/s_fsize/s_isize/ in previous mail... sorry.
	34
	35	From uucp Wed Sep 26 13:16:38 1979
	36	>From tom Tue Sep 25 22:01:30 1979 remote from ucsfcgl
	37	To: Bob Kridle, Ed Gould, Bill Joy
	38	Re: Bug in version 7 optimizer of dmr's pdp-11 compiler
	39
	40	A bug involving unsigned integers has surfaced in the version 7 C compiler.
	41	After installing the following fix you should recompile:
	42	mkfs.c
	43	dcheck.c
	44	passwd.c
	45	getty.c
	46	mail.c
	47	pstat.c
	48
	49	>From uucp Mon Jul 23 22:53:59 1979
	50	>From dmr Mon Jul 23 23:59:07 1979 remote from research
	51	Here is the change needed to fix the optimizer.
	52	The file is /usr/src/cmd/c/c21.c.
	53	This is in routine rmove, after case CBR, the first two
	54	lines in the 'if r==0' clause:
	55
	56	190,191c
	57	< p->back->back->forw = p->forw;
	58	< p->forw->back = p->back->back;
	59	---
	60	> if (p->forw->op==CBR
	61	> \|\| p->forw->op==SXT
	62	> \|\| p->forw->op==CFCC) {
	63	> p->back->forw = p->forw;
	64	> p->forw->back = p->back;
65	> } else {
66	> p->back->back->forw = p->forw;
67	> p->forw->back = p->back->back;
68	> }
69
70	The old code deleted a test or compare with constant operands
71	and a following conditional branch that would always fail.
72	The new code only deletes the branch (leaves the test)
73	if the combination is followed by another instruction that
74	needs the condition codes. The test and second branch are liable
75	to be deleted later.
76
77
78	From michael Mon Oct 29 20:26:58 1979
79	To: v7bugs
80	Subj: Tm.c
81
82	There is a bug in the released version of V7 UNIX. The RLE bit (record
83	length error) is defined wrong. You should
84	/RLE/s/0100$/01000/
85	asap
86	The effect is that the bit which is selected is the select remote bit
87	which is on when the drive is on line and all errors are effectively
88	ignored (programs get a short write) and no retries are attempted.
89	We have also upped the retry count (from 2) since our tape is behind two
90	disk controers and doesn't always get the bus in time.
91
92	From michael Wed Oct 31 19:44:55 1979
93	To: v7bugs
94	Subj: pcc
95
96	we have a pile of fixes and/or bugs for the pdp-11 version of pcc
97	if anyone is interested.
98
99	From bill Mon Dec 31 14:37:09 1979
100	To: v7bugs
101	Subject: bug in exece()
102	Cc: tbl jfr mhtsa!ted
103
104	there is a nasty bug in exece() (which appeared in 50 changes)
105	after the
106	bp = bread(swapdev, (daddr_t)(dbtofsb(swplo+bno)+(nc>>BSHIFT)));
107	put
108	bp->b_flags &= ~B_DELWRI;
109	else the buffer may stay in the cache with DELWRI set and clobber a
110	random block in the swap area at some later time.
111
112	From dmr Thu Jan 17 00:09:30 1980
113	Forward to v7 bugs manager:
114	The stand-alone boot loader for PDP-11 systems turns on
115	22-bit addressing mode on 11/70's but does not set up the unibus
116	map. Thus trying to boot on 11/70's with Unibus RP03's is a loss.
117	Try booting V6 and don't turn the machine off.
118	Failing that, set-em-up 1-1 by hand.
119
120	From mark Fri Feb 15 21:43:11 1980
121	To: v7bugs
122	Subject: bugs in learn, tty driver
123	Cc: gst
124	"learn eqn" does a really horrible job of handling terminals that aren't dtc's.
125	For starters, it seems to look for term (not TERM) in the environment, and then
126	not do anything with it. But it does bomb out gracefully if term isn't set,
127	or not gracefully if term is set to something nroff doesn't know about.
128	It also behaves rather strangely if you set term=lpr and admit it didn't
129	come out right.
130	(Fix: change the learn shell script to use TERM instead of term. Change
131	nroff so if the -T terminal doesn't exist it uses lpr. Fixed learn shell
132	script available to anyone who's interested.)
133
134	Learn editor has scripts that assume there is no "w" program. Since there
135	does exist such a program (nonstandard except in VM/Unix) this example
136	should be changed to use q.
137
138	It does seem to be possible to learn eqn on a regular crt terminal by using
139	neqn file \| nroff -ms \| colcrt -2
140	although this doesn't do anything about Greek letters.
141
142
143	When you change your interrupt character from DEL to something else,
144	the BREAK key still maps to DEL instead of interrupt. This is in
145	dz.c et.al., and can be found by searching for DEL or 0177.
146	The fix is to replace the 0177 by something like tun.c_intr;
147
148
149	From root Wed Apr 16 20:04:20 1980
150	To: v7bugs
151	Subject: bug in /bin/time
152	it prints null characters.
153	what is needed is
154	if (c)
155	before each (of 2)
156	fprintf(stderr,"%c",c);
157	's
158	bill
159
160	From mark Sat Apr 19 01:18:51 1980
161	To: v7bugs
162	Subject: bug in pdp-11 C optimizer
163	The following program demonstrates a bug in the V7 pdp-11 /lib/c2.
164	#include <stdio.h>
165	main () {
166	int x;
167	int t1;
168
169	x = 0;
170	x += 1;
171	t1 = x != 1;
172	printf("x=%d, t1=%d\n", x, t1);
173	exit(0);
174	}
175	It should print 1, 0, but it prints 1, 1. Seems that the optimizer has
176	correctly noticed that the value of x can be predicted at compile time
177	and hence the comparison can be precomputed, but it does the precomputation
178	wrong. Changing the 2 assignments to x to "x = 1" works properly.
179
180	I don't know what the status of c2 is, I seem to recall someone telling me
181	many years ago that c2 made certain mistakes and that some programs just
182	couldn't be optimized. If this is the case you probably don't care about
183	this, but if c2 is supposed to handle everything right, have fun.
184	Mark
185
186	From bill Thu May 15 16:27:26 1980
187	To: v7bugs
188
189	the fileno macro omits parenthesization, i.e. it reads
190	#define fileno(p) p->_file
191	it should be defined as
192	#define fileno(p) (p)->_file
193
194	From mark Wed May 21 13:11:49 1980
195	To: v7bugs
196	Subject: stdio fileno bug
197
198	From uucp Wed May 21 04:17:22 1980
199	>From daemon Tue May 20 23:36:57 1980 remote from vax135
200	>From uucp Tue May 20 21:23:42 1980 remote from duke
201	>From smb Tue May 20 21:17:24 1980 remote from unc
202	Your redefinition of fileno to fix the bug is wrong; it should be
203
204	#define fileno(p) ((p)->file)
205
206
207
208
209	I fixed this on Ernie.
210	Mark
211
212	From mark Tue May 27 23:34:24 1980
213	To: research!dan v7bugs wh5ess!ber
214	Subject: fix to uux bug
215	Cc: wh5ess!teklabs!clemc wh5ess!uwvax!bob
216
217	A bug in uux prevents the - option from working with binary files.
218	To fix it, in uux.c, search for "fputs". (It's in an if (pipein) {.)
219	replace the fgets/fputs loop by
220	while ((c = getc(stdin)) != EOF)
221	putc(c, fpd);
222	and declare c somewhere to be an int. (I put the line
223	register int c;
224	right after the if (pipein).)
225
226	Fixing this bug will allow the new uusend program, which will be released
227	shortly, to work, allowing the transfer of binary files across indirect
228	uucp links.
229
230	(I don't know where dan's home machine is, would someone please let
231	him know about this?)
232
233	Mark
234
235	From michael Wed Jun 4 18:21:35 1980
236	To: v7bugs
237	Subject: Adb
238
239	I have found two bugs in Adb (on the 11 at least)
240	First I think the floating point registers are not collected properly,
241	we have no floating point so I havent checked. It looks to me like
242	"readregs" in runpcs.c gets the 25 BYTES starting at u.u_fpsr rather
243	than the 25 words. Those without an fp unit might want to comment
244	that section out anyway and make break pointing run faster.
245	Second in runpcs (same file) the line which has the following fragment:
246	... BKPTEXEC, command(bkpt->comm,':')) .....
247	should be:
248	... BKPTEXEC, !command(bkpt->comm,':')) ....
249	This causes the count in the break point to be used.
250	Also anyone who has a method of translating adb into readable 'C' should
251	get a prize.
252
253	From michael Mon Jun 9 09:02:14 1980
254	To: ucsfcgl!tom
255	Cc: v7bugs
256
257	What I should have said about the fp registers is that it is fetching
258	25 words at 25 byte addresses. I think that the ptrace call
259	sould be:
260	ptrace(RUREGS,pid,i*2,0) OD
261
262	From Cory:root Wed Jun 25 18:17:42 1980
263	To: kridle
264	Cc: v:v7bugs
265
266	Bob,
267	I fixed a bug in trap.c that I found when installing V7 on the 11/45.
268	The case1+USER fuiword should be ((caddr_t)pc-2) and not ((caddr_t)(pc-2)).
269	You might want to forward this to others who might be interested.
270	jeff
271
272
273	From Cory:len Sat Jun 28 13:44:33 1980
274	To: v:v7bugs
275
276	From root Wed Jun 25 18:14:05 1980
277	To: kridle
278	Cc: v:v7bugs
279
280	Bob,
281	I fixed a bug in trap.c that I found when installing V7 on the 11/45.
282	The case1+USER fuiword should be ((caddr_t)pc-2) and not ((caddr_t)(pc-2)).
283	You might want to forward this to others who might be interested.
284	jeff
285
286
287
288	From uucp Sun Jul 20 07:06:17 1980
289	>From daemon Sun Jul 20 02:28:59 1980 remote from ucsfcgl
290	>From rusty Fri Jul 18 20:23:26 1980 remote from cmevax
291	To: ucsfcgl!ucbvax!v7bugs
292	Subject: learn bug
293
294	In file dounit.c insert before the "goto retry;" "fclose(scrin);" otherwise
295	you can run out of file descriptors if you goto retry enough times, and one
296	of the fclose's will produce a core.
297
298
299
300	From michael Fri Aug 29 14:54:47 1980
301	To: v7bugs
302	Subject: unix on 11/70's with unibus disks
303
304	Unix as released cannot run on an 11/70 without a massbus disk.
305	A change to the standalone boot code and to UNIX itself is necessary
306	for this to work. In standalone/M.s simply change the code so it
307	does not enable the unibus map:
308	< mov $65,SSR3 /* 22-bit, map, K+U sep */
309	-----
310	> mov $45,SSR3 /* 22-bit, K+U sep */
311
312	This will allow the system to boot. But strange things happen when
313	you do raw I/O on a unibus disk.
314
315	In conf/mch.s before:
316	bit $20,SSR3
317	add:
318	mov $65,SSR3
319
320	There is similar code farther down, but I think that it doesnt get
321	executed....
322	mike
323
324	From ESVAX:jimbo Wed Sep 17 01:29:39 1980
325	To: v:v7bugs
326	Subject: "last" catches interrupts
327
328	when forked into the background.
329
330
331	From bill Wed Sep 17 11:56:45 1980
332	To: ESVAX:jimbo v7bugs
333	Subject: "last" catches interrupts
334
335	there is a cleaned up last in /usr/src/new on csvax.
336	bill
337
338	From mhtsa!mp Wed Sep 24 06:53:45 1980
339	To: ucbvax!v7bugs
340	Subject: floating point bugs
341	Cc: mp
342
343	You may have heard of these bugs before (the following is quoted verbatim
344	from Vrije Universiteit's Pascal-VU package, which has been around for awhile),
345	yet I find that USG's UNIX still has them...
346
347	Floating point registers
348
349	When a program is swapped to disk if it needs more
350	memory, then the floating point registers were not
351	saved, so that it may have different registers when it
352	is restarted. A small assembly program demonstrates
353	this for the status register. If the error is not
354	fixed, then the program generates an IOT error. A
355	"memory fault" is generated if all is fine.
356
357	start: ldfps $7400
358	1: stfps r0
359	mov r0,-(sp)
360	cmp r0,$7400
361	beq 1b
362	4
363
364	You have to dig into the kernel to fix it. The
365	following patch will do:
366
367	/* original /usr/sys/sys/slp.c */
368
369	563 a2 = malloc(coremap, newsize);
370	564 if(a2 == NULL) {
371	565 xswap(p, 1, n);
372	566 p->p_flag \|= SSWAP;
373	567 qswtch();
374	568 /* no return */
375	569 }
376
377	/* modified /usr/sys/sys/slp.c */
378
379	590 a2 = malloc(coremap, newsize);
380	591 if(a2 == NULL) {
381	592 #ifdef FPBUG
382	593 /*
383	594 * copy floating point register and status,
384	595 * but only if you must switch processes
385	596 */
386	597 if(u.u_fpsaved == 0) {
387	598 savfp(&u.u_fps);
388	599 u.u_fpsaved = 1;
389	600 }
390	601 #endif
391	602 xswap(p, 1, n);
392	603 p->p_flag \|= SSWAP;
393	604 qswtch();
394	605 /* no return */
395	606 }
396
397
398	Floating point registers.
399
400	A similar problem arises when a process forks. The
401	child will have random floating point registers as is
402	demonstrated by the following assembly language
403	program. The child process will die by an IOT trap and
404	the father prints the message "child failed".
405
406	exit = 1.
407	fork = 2.
408	write = 4.
409	wait = 7.
410
411	start: ldfps $7400
412	sys fork
413	br child
414	sys wait
415	tst r1
416	bne bad
417	stfps r2
418	cmp r2,$7400
419	beq start
420	4
421	child: stfps r2
422	cmp r2,$7400
423	beq ex
424	4
425	bad: clr r0
426	sys write;mess;13.
427	ex: clr r0
428	sys exit
429
430	.data
431	mess: <child failed\n>
432
433	The same file slp.c should be patched as follows:
434
435	/* original /usr/sys/sys/slp.c */
436
437	499 /*
438	500 * When the resume is executed for the new process,
439	501 * here's where it will resume.
440	502 */
441	503 if (save(u.u_ssav)) {
442	504 sureg();
443	505 return(1);
444	506 }
445	507 a2 = malloc(coremap, n);
446	508 /*
447	509 * If there is not enough core for the
448	510 * new process, swap out the current process to generate the
449	511 * copy.
450	512 */
451
452	/* modified /usr/sys/sys/slp.c */
453
454	519 /*
455	520 * When the resume is executed for the new process,
456	521 * here's where it will resume.
457	522 */
458	523 if (save(u.u_ssav)) {
459	524 sureg();
460	525 return(1);
461	526 }
462	527 #ifdef FPBUG
463	528 /* copy the floating point registers and status to child */
464	529 if(u.u_fpsaved == 0) {
465	530 savfp(&u.u_fps);
466	531 u.u_fpsaved = 1;
467	532 }
468	533 #endif
469	534 a2 = malloc(coremap, n);
470	535 /*
471	536 * If there is not enough core for the
472	537 * new process, swap out the current process to generate the
473	538 * copy.
474	539 */
475
476
477	From ESVAX:asa Wed Sep 24 13:34:03 1980
478	To: v:v7bugs
479	Subject: as: Symbol table overflow
480
481	I have gotten a complaint from a user trying to compile a fortran
482	program. The assembler complains about symbol table overflow.
483	What can be done about it? What is the size of the symbol table?
484
485
486	From bill Wed Sep 24 16:02:10 1980
487	To: ESVAX:asa v7bugs
488	Subject: as: Symbol table overflow
489
490	this will be fixed in the next release of the system.
491	for the time being he should break up the program into pieces.
492	(there is no fixed limit on symbol table size in the next releasre)
493