Difference between revisions of "UNIX V6 dump analysis"
(A start, more to come) |
(No difference)
|
Revision as of 21:46, 29 January 2019
There are two kinds of dump analysis on UNIX V6, with some overlap between the two.
The first is of the core dump of an individual process into a file, created either by a user's request (typing '^\' in standard V6), or by any of the error conditions (odd address, etc) which cause a process abort.
The second is of a dump of the complete main memory of a PDP-11 running Unix; the system as distributed only supports doing such dumps to magnetic tape. This can be done either after the OS does a 'panic', which it does when something happens it can't recover from; or after halting the CPU.
Kernel stack top
For both process core dumps, and for system dumps after a panic, since all traps and interrupts come in through basically the same code, the base of the kernel stack will have the same format:
| Offset | Contents |
|---|---|
| 0 | Old PS |
| 2 | Old PC |
| 4 | R0 |
| 6 | New PS |
| 10 | R1 |
| 12 | User SP |
| 14 | Index (trap type, device number) |
| 16 | R5 |
| 20 | R4 |
| 22 | R3 |
| 24 | R2 |
The offset is from the top of the karnel stack, and is negative. In a process core dump, this starts at 01776 in the core dump file; in a dump of main memory, it is necessary to know the contents of kernel segment 6's address register, and the kernel stack top is 01776 above that.
