MULTICS TECHNICAL BULLETIN 652 page 1
To: Distribution
From: Keith Loepere
Date: March 15, 1984
Subject: New Initialization SDN
What appears here is a proposed rewrite of the
Initialization SDN (AN70). It contains a description of the way
in which Multics is initialized. As such, it contains a
description of the internal operation of bootload Multics, and
therefore, this MTB becomes a companion volume to the bootload
Multics MTB, MTB-651.
This SDN contains a great deal of information about the
process of initialization; it also contains information on what
is initialized, including descriptions of all major system data
bases.
This SDN is being provided in MTB form at this time for two
reasons. First, it contains the technical description of
bootload Multics that is not reproduced within the bootload
Multics MTB. Secondly, it is being provided so that people may
comment upon it, especially to provide technical corrections to
those descriptions for which my understanding was imperfect.
Comments on this MTB should be sent to the author:
Keith Loepere (Loepere.Multics)
or via the bootload_multics or hardcore forums.
________________________________________
Multics Project internal working documentation. Not to be
reproduced or distributed outside the Multics Project.
�
SYSTEM INITIALIZATION
SYSTEM DESIGNER'S NOTEBOOK
SUBJECT:
Internal Organization of Multics System Initialization
SPECIAL INSTRUCTIONS:
This document supersedes the previous edition of the manual,
order number AN70-00, dated February 1975.
This System Designers' Notebook describes certain internal
modules constituting the Multics System. It is intended as
a reference for only those who are thoroughly familiar with
the implementation details of the Multics operating system;
interfaces described herein should not be used by applica-
tion programmers or subsystem writers; such programmers and
writers are concerned with the external interfaces only.
The external interfaces are described in the Multics
Programmers' Manual, Commands and Active Functions (Order
No. AG92) and Subroutines (Order No. AG93).
As Multics evolves, Honeywell will add, delete, and modify
module descriptions in subsequent SDN updates. Honeywell
does not ensure that the internal functions and internal
module interfaces will remain compatible with previous
versions.
DATE:
03/15/84
ORDER NUMBER:
AN70-01
PREFACE
Multics System Designers' Notebooks (SDNs) are intended for
use by Multics system maintenance personnel, development person-
nel, and others who are thoroughly familiar with Multics internal
system operation. They are not intended for application
programmers or subsystem writers.
The SDNs contain descriptions of modules that serve as
internal interfaces and perform special system functions. These
documents do not describe external interfaces, which are used by
application and system programmers.
This SDN contains a description of the software that
initializes the Multics system. This description is by no means
complete in all its details; for a thorough understanding of
Multics initialization, or of any particular area within this
system, this SDN should be used for reference in conjunction with
the source of the relevant programs.
(C) Honeywell Information Systems Inc., 1984 File No.: 2L13
In addition to this manual, the volumes of the Multics
Programmers' Manual (MPM) should be referred to for details of
software concepts and organization, external interfaces, and for
specific usage of Multics Commands and subroutines. These
volumes are:
MPM Reference Guide, Order No. AG91
MPM Commands and Active Functions, Order No. AG92
MPM Subroutines, Order No. AG93
CONTENTS
Page
Section 1 Summary of Initialization . . . . . . . . 1-1
Hardware and PL/1 Environment
initialization . . . . . . . . . . . 1-2
Page Control initialization . . . . . 1-2
File System initialization . . . . . . 1-3
Outer ring Environment initialization 1-3
Bootload Command Environment (bce) . . 1-3
Crash Handler (toehold) . . . . . . . 1-4
Section 2 Collection 0 . . . . . . . . . . . . . . 2-1
Getting started . . . . . . . . . . . 2-1
Programming in Collection 0 . . . . . 2-2
Module Descriptions . . . . . . . . . 2-2
bootload_abs_mode.alm . . . . . . . 2-2
bootload_0.alm . . . . . . . . . . 2-3
The firmware collection. . . . . . 2-3
bootload_console.alm . . . . . . . 2-4
bootload_dseg.alm . . . . . . . . . 2-4
bootload_early_dump.alm . . . . . . 2-5
bootload_error.alm . . . . . . . . 2-5
bootload_faults.alm . . . . . . . . 2-5
bootload_flagbox.alm . . . . . . . 2-6
bootload_formline.alm . . . . . . . 2-6
bootload_info.cds . . . . . . . . . 2-6
bootload_io.alm . . . . . . . . . . 2-6
bootload_linker.alm . . . . . . . . 2-7
bootload_loader.alm . . . . . . . . 2-7
bootload_slt_manager.alm . . . . . 2-7
bootload_tape_fw.alm . . . . . . . 2-8
template_slt_.alm . . . . . . . . . 2-8
Section 3 Collection 1 . . . . . . . . . . . . . . 3-1
Summary of Collection 1 Passes . . . . 3-1
normal (boot) pass . . . . . . . . . . 3-2
service pass . . . . . . . . . . . . . 3-4
early pass . . . . . . . . . . . . . . 3-5
crash pass . . . . . . . . . . . . . . 3-7
re_early pass . . . . . . . . . . . . 3-7
bce_crash pass . . . . . . . . . . . . 3-7
shut pass . . . . . . . . . . . . . . 3-7
Module Descriptions . . . . . . . . . 3-8
CONTENTS (cont)
Page
announce_chwm.pl1 . . . . . . . . . 3-8
boot_rpv_subsystem.pl1 . . . . . . 3-8
boot_tape_io.pl1 . . . . . . . . . 3-8
bootload_1.alm . . . . . . . . . . 3-8
collect_free_core.pl1 . . . . . . . 3-9
create_rpv_partition.pl1 . . . . . 3-9
delete_segs.pl1 . . . . . . . . . . 3-9
disk_reader.pl1 . . . . . . . . . . 3-9
establish_config_deck.pl1 . . . . . 3-10
fill_vol_extents_.pl1 . . . . . . . 3-10
find_rpv_subsystem.pl1 . . . . . . 3-10
get_io_segs.pl1 . . . . . . . . . . 3-11
get_main.pl1 . . . . . . . . . . . 3-11
hc_load_mpc.pl1 . . . . . . . . . . 3-11
init_aste_pools.pl1 . . . . . . . . 3-12
init_clocks.pl1 . . . . . . . . . . 3-12
init_early_config.pl1 . . . . . . . 3-12
init_empty_root.pl1 . . . . . . . . 3-12
init_hc_part.pl1 . . . . . . . . . 3-13
init_partitions.pl1 . . . . . . . . 3-13
init_pvt.pl1 . . . . . . . . . . . 3-13
init_root_vols.pl1 . . . . . . . . 3-13
init_scu.pl1 . . . . . . . . . . . 3-13
init_sst.pl1 . . . . . . . . . . . 3-14
init_vol_header_.pl1 . . . . . . . 3-14
initial_error_handler.pl1 . . . . . 3-14
initialize_faults.pl1 . . . . . . . 3-15
initialize_faults_data.cds . . . . 3-15
initializer.pl1 . . . . . . . . . . 3-15
iom_data_init.pl1 . . . . . . . . . 3-16
load_disk_mpcs.pl1 . . . . . . . . 3-16
load_mst.pl1 . . . . . . . . . . . 3-16
make_sdw.pl1 . . . . . . . . . . . 3-16
make_segs_paged.pl1 . . . . . . . . 3-17
move_non_perm_wired_segs.pl1 . . . 3-17
ocdcm_.pl1 . . . . . . . . . . . . 3-18
prds_init.pl1 . . . . . . . . . . . 3-18
pre_link_hc.pl1 . . . . . . . . . . 3-18
read_disk.pl1 . . . . . . . . . . . 3-19
read_disk_label.pl1 . . . . . . . . 3-19
real_initializer.pl1.pmac . . . . . 3-19
scas_init.pl1 . . . . . . . . . . . 3-20
scs_and_clock_init.pl1 . . . . . . 3-20
segment_loader.pl1 . . . . . . . . 3-20
slt_manager.pl1 . . . . . . . . . . 3-21
sys_info.cds . . . . . . . . . . . 3-21
tape_reader.pl1 . . . . . . . . . . 3-21
tc_init.pl1 . . . . . . . . . . . . 3-21
CONTENTS (cont)
Page
Section 4 The Bootload Command Environment . . . . 4-1
Initialization . . . . . . . . . . . . 4-1
Environment and facilities . . . . . . 4-1
Restrictions . . . . . . . . . . . . . 4-3
Module descriptions . . . . . . . . . 4-4
bce_alert.pl1 . . . . . . . . . . . 4-4
bce_alm_die.alm . . . . . . . . . . 4-4
bce_appending_simulation.pl1 . . . 4-4
bce_check_abort.pl1 . . . . . . . . 4-5
bce_command_processor_.pl1 . . . . 4-6
bce_console_io.pl1 . . . . . . . . 4-6
bce_continue.pl1 . . . . . . . . . 4-7
bce_data.cds . . . . . . . . . . . 4-7
bce_die.pl1 . . . . . . . . . . . . 4-7
bce_display_instruction_.pl1 . . . 4-7
bce_display_scu_.pl1 . . . . . . . 4-7
bce_dump.pl1 . . . . . . . . . . . 4-7
bce_error.pl1 . . . . . . . . . . . 4-8
bce_esd.pl1 . . . . . . . . . . . . 4-8
bce_exec_com_.pl1 . . . . . . . . . 4-8
bce_exec_com_input.pl1 . . . . . . 4-9
bce_execute_command_.pl1 . . . . . 4-9
bce_fwload.pl1 . . . . . . . . . . 4-9
bce_get_flagbox.pl1 . . . . . . . . 4-10
bce_get_to_command_level.pl1 . . . 4-10
bce_inst_length_.pl1 . . . . . . . 4-10
bce_list_requests_.pl1 . . . . . . 4-10
bce_listen_.pl1 . . . . . . . . . . 4-11
bce_map_over_requests_.pl1 . . . . 4-11
bce_name_to_segnum_.pl1 . . . . . . 4-11
bce_probe.pl1.pmac . . . . . . . . 4-11
Request routines . . . . . . . . 4-12
Internal Routines . . . . . . . 4-13
bce_probe_data.cds . . . . . . . . 4-14
bce_probe_fetch_.pl1 . . . . . . . 4-14
bce_query.pl1 . . . . . . . . . . . 4-14
bce_ready.pl1 . . . . . . . . . . . 4-15
bce_relocate_instruction_.pl1 . . . 4-15
bce_request_table_.alm . . . . . . 4-15
bce_severity.pl1 . . . . . . . . . 4-15
bce_shutdown_state.pl1 . . . . . . 4-15
bootload_disk_post.pl1 . . . . . . 4-15
bootload_fs_.pl1 . . . . . . . . . 4-16
bootload_fs_cmds_.pl1 . . . . . . . 4-16
bootload_qedx.pl1 . . . . . . . . . 4-16
config_deck_data_.cds . . . . . . . 4-16
config_deck_edit_.pl1 . . . . . . . 4-17
establish_temp_segs.pl1 . . . . . . 4-17
CONTENTS (cont)
Page
find_file_partition.pl1 . . . . . . 4-17
init_bce.pl1 . . . . . . . . . . . 4-18
Section 5 Crash Handling . . . . . . . . . . . . . 5-1
Early Crashes . . . . . . . . . . . . 5-1
The toehold . . . . . . . . . . . . . 5-1
Module Descriptions . . . . . . . . . 5-2
fim.alm . . . . . . . . . . . . . . 5-2
init_toehold.pl1 . . . . . . . . . 5-2
save_handler_mc.alm . . . . . . . . 5-2
Section 6 Collection 2 . . . . . . . . . . . . . . 6-1
Order of execution . . . . . . . . . . 6-1
Module Descriptions . . . . . . . . . 6-3
accept_fs_disk.pl1 . . . . . . . . 6-3
accept_rpv.pl1 . . . . . . . . . . 6-3
create_root_dir.pl1 . . . . . . . . 6-4
create_root_vtoce.pl1 . . . . . . . 6-4
dbm_man.pl1 . . . . . . . . . . . . 6-4
dir_lock_init.pl1 . . . . . . . . . 6-4
fnp_init.pl1 . . . . . . . . . . . 6-4
getuid.alm . . . . . . . . . . . . 6-5
init_branches.pl1 . . . . . . . . . 6-5
init_dm_journal_seg.pl1 . . . . . . 6-6
init_hardcore_gates.pl1 . . . . . . 6-6
init_lvt.pl1 . . . . . . . . . . . 6-6
init_processor.alm . . . . . . . . 6-6
init_root_dir.pl1 . . . . . . . . . 6-7
init_scavenger_data.pl1 . . . . . . 6-7
init_sst_name_seg.pl1 . . . . . . . 6-7
init_stack_0.pl1 . . . . . . . . . 6-7
init_str_seg.pl1 . . . . . . . . . 6-8
init_sys_var.pl1 . . . . . . . . . 6-8
init_volmap_seg.pl1 . . . . . . . . 6-8
init_vtoc_man.pl1 . . . . . . . . . 6-9
initialize_faults.pl1 . . . . . . . 6-9
kst_util.pl1 . . . . . . . . . . . 6-9
start_cpu.pl1 . . . . . . . . . . . 6-9
syserr_log_init.pl1 . . . . . . . . 6-9
tc_init.pl1 . . . . . . . . . . . . 6-10
Section 7 Collection 3 . . . . . . . . . . . . . . 7-1
Order of Execution . . . . . . . . . . 7-1
Module Descriptions . . . . . . . . . 7-1
init_proc.pl1 . . . . . . . . . . . 7-1
ioi_init.pl1 . . . . . . . . . . . 7-2
ioi_page_table.pl1 . . . . . . . . 7-2
load_system.pl1 . . . . . . . . . . 7-2
CONTENTS (cont)
Page
tc_init.pl1 . . . . . . . . . . . . 7-2
Section 8 Mechanisms . . . . . . . . . . . . . . . 8-1
Hardcore Segment Creation . . . . . . 8-1
Page Control Initialization . . . . . 8-3
Segment and Directory Control
Initialization . . . . . . . . . . . 8-4
Segment Number Assignment . . . . . . 8-5
Traffic Control Initialization . . . . 8-6
Section 9 Shutdown and Emergency Shutdown . . . . . 9-1
Order of Execution of Shutdown . . . . 9-1
Order of Execution of Emergency
Shutdown . . . . . . . . . . . . . . 9-3
Module Descriptions . . . . . . . . . 9-4
deactivate_for_demount.pl1 . . . . 9-4
demount_pv.pl1 . . . . . . . . . . 9-5
disk_emergency.pl1 . . . . . . . . 9-5
emergency_shutdown.alm . . . . . . 9-5
fsout_vol.pl1 . . . . . . . . . . . 9-6
scavenger.pl1 . . . . . . . . . . . 9-6
shutdown.pl1 . . . . . . . . . . . 9-6
shutdown_file_system.pl1 . . . . . 9-7
switch_shutdown_file_system.alm . . 9-7
tc_shutdown.pl1 . . . . . . . . . . 9-7
wired_shutdown.pl1 . . . . . . . . 9-7
Appendix A Glossary . . . . . . . . . . . . . . . . A-1
Appendix B Initialization and Initialized Data Bases B-1
ai_linkage (active init linkage) . . . B-1
as_linkage (active supervisor linkage) B-1
bce_data (bootload command environment
data) . . . . . . . . . . . . . . . . B-1
bootload_info . . . . . . . . . . . . B-1
config_deck . . . . . . . . . . . . . B-2
core_map . . . . . . . . . . . . . . . B-2
dbm_seg (dumper bit map seg) . . . . . B-2
dir_lock_seg . . . . . . . . . . . . . B-3
disk_post_queue_seg . . . . . . . . . B-3
disk_seg . . . . . . . . . . . . . . . B-3
dm_journal_seg_ . . . . . . . . . . . B-4
dn355_data . . . . . . . . . . . . . . B-4
dn355_mailbox . . . . . . . . . . . . B-4
dseg (descriptor segment) . . . . . . B-4
fault_vector (fault and interrupt vec-
tors) . . . . . . . . . . . . . . . . B-5
flagbox . . . . . . . . . . . . . . . B-5
CONTENTS (cont)
Page
inzr_stk0 (initializer stack) . . . . B-5
int_unpaged_page_tables . . . . . . . B-6
io_page_tables . . . . . . . . . . . . B-6
ioi_data . . . . . . . . . . . . . . . B-6
iom_data . . . . . . . . . . . . . . . B-6
iom_mailbox . . . . . . . . . . . . . B-7
kst (known segment table) . . . . . . B-7
lvt (logical volume table) . . . . . . B-7
name_table . . . . . . . . . . . . . . B-8
oc_data . . . . . . . . . . . . . . . B-8
physical_record_buffer . . . . . . . . B-8
pvt (physical volume table) . . . . . B-8
scas (system controller addressing
segment) . . . . . . . . . . . . . . B-9
scavenger_data . . . . . . . . . . . . B-9
scs (system communications segment) . B-9
slt (segment loading table) . . . . . B-10
sst (system segment table) . . . . . . B-10
sst_names_ . . . . . . . . . . . . . . B-10
stack_0_data . . . . . . . . . . . . . B-11
stock_seg . . . . . . . . . . . . . . B-11
str_seg (system trailer segment) . . . B-11
sys_info . . . . . . . . . . . . . . . B-11
sys_boot_info . . . . . . . . . . . . B-12
syserr_data . . . . . . . . . . . . . B-12
syserr_log . . . . . . . . . . . . . . B-12
tc_data . . . . . . . . . . . . . . . B-12
tc_data_header . . . . . . . . . . . . B-13
toehold . . . . . . . . . . . . . . . B-13
tty_area . . . . . . . . . . . . . . . B-13
tty_buf . . . . . . . . . . . . . . . B-13
tty_tables . . . . . . . . . . . . . . B-14
unpaged_page_tables . . . . . . . . . B-14
vtoc_buffer_seg . . . . . . . . . . . B-14
wi_linkage (wired init linkage) . . . B-14
wired_hardcore_data . . . . . . . . . B-14
ws_linkage (wired supervisor linkage) B-15
Appendix C Memory Layout . . . . . . . . . . . . . . C-1
Index . . . . . . . . . . . . . . . . . . . . . i-1
�
SECTION 1
SUMMARY OF INITIALIZATION
Multics initialization, as described in this SDN, can be
thought of as divided into the following parts:
* Hardware and PL/1 Environment initialization (Collec-
tion 0)
* Page Control initialization (Collection 1 service pass)
* Bootload Command Environment (bce) (Collection 1 multi-
ple passes)
* Crash Handler (toehold)
* File System initialization (Collection 2)
* Outer ring Environment initialization (Collection 3)
The parts listed before collection 2 are collectively called
"Bootload Multics."
A collection is simply a set of initialization routines
that are read in and placed into operation as a unit to perform a
certain set, or a certain subset, of the tasks required to
initialize a portion of the Multics supervisor. Each collection
consists of a distinct set of programs for reasons discussed
throughout this SDN. Even though each collection mostly exists
to perform a particular set of functions, they are normally
referred to by their number (which have only historical signifi-
cance) rather than the name of their function.
Initialization may also be thought of as having three
separate functions:
Bringing up the system
This role is obvious. The description of this role
follows along the functions needed to perform it. Each
portion of initialization runs, utilizing the efforts
of the previous portions to build up more and more
mechanism until service Multics itself can run.
Providing a command environment before the file system is
activated from which to perform configuration and disk
maintenance functions
Providing an environment to which service Multics may crash
which is capable of taking a dump of Multics and
initiating recovery and reboot operations
These last two functions are the role of bootload Multics
(bce). They take advantage of the fact that during
initialization an environment is built that has certain
facilities that allow operations such as disk manipulation to
occur but it is an environment in which the disks themselves are
not yet active for storage system operations. This environment,
at an intermediate point in initialization, forms the bootload
command environment (bce).
The bootload command environment is saved before further
initialization operations occur. When service Multics crashes,
service Multics is saved and this bce "crash" environment is
restored. This safe environment can then examine or dump the
service Multics image and perform certain recovery and restart
operations without relying on the state of service Multics.
HARDWARE AND PL/1 ENVIRONMENT INITIALIZATION
The purpose of collection 0 is to set up the pl/1
environment and to start collection 1. It has a variety of
interesting things to perform in the process. First of all,
collection 0 must get itself running. When Multics is booted
from BOS, this is an easy matter, since BOS will read in the
beginning of collection 0, leaving the hardware in a known and
good state and providing a description of the configuration
(config_deck) around. When not booted from BOS, that is, when
booted via the IOM boot function, collection 0 has the task of
getting the hardware into a good and known state and finding out
on what hardware it is working. Once collection 0 has set up the
hardware, it can load collection 1 into memory. Collection 1
contains the modules needed to support programs written in pl/1;
thus, this loading activates the pl/1 environment. After this
time, more sensible programs can run and begin the true process
of initialization. The result of this collection is to provide
an environment in which pl/1 programs can run, within the
confines of memory.
PAGE CONTROL INITIALIZATION
The main task of collection 1 is to make page control
operative. This is necessary so that we may page the rest of the
initialization programs (initialization programs all have to fit
into memory until this is done). The initialization of page
control involves setting up all of the disk and page control data
bases. Also, the interrupt mechanism must be initialized. The
result of this collection is to provide an environment in which
i/o devices may be operated upon through normal mechanisms (i.e.,
via page faults or direct calls to the standard device control
modules) but in which the storage system is not active. At the
final end of collection 1, this environment becomes paged, using
a special region of the disks (the hardcore partition) so that
the storage system is not affected.
Collection 1 can be run multiple times. The effect of
making a pass through collection 1 is to set up the device tables
(and general configuration describing tables) to reflect a new
configuration. The various passes of collection 1 are the key to
the operation of bce. There are several times when the running
of collection 1 is necessary. It is necessary when we first
start up, to allow accessing the hardware units "discovered" by
collection 0. Once the correct configuration is determined via
bce activities, collection 1 must be re-run to allow all of the
devices to be accessible during the rest of initialization and
Multics service proper. Finally, when the crash environment is
restored (see below), another pass must be made to provide
accessibility to the devices given the state at the time of the
crash.
FILE SYSTEM INITIALIZATION
With paging active, collection 2 can be read into a paged
environment. Given this environment, the major portion of the
rest of initialization occurs. Segment, directory and traffic
control are initialized here, making the storage system accessi-
ble in the process. The result of this collection is an
environment that has active virtually all hardcore mechanisms
needed by the rest of Multics.
OUTER RING ENVIRONMENT INITIALIZATION
Collection 3 is basically a collection of those facilities
that are required to run in outer rings. In particular, it
contains the programs needed to provide the initializer's ring
one environment, especially the code to perform a reload of the
system (especially the executable libraries). After the execu-
tion of this collection, the Initializer enters into a ring one
command environment, ready to load the system (if necessary) and
start up the answering service. (Activities performed from ring
one onward are not covered in this SDN.)
BOOTLOAD COMMAND ENVIRONMENT (BCE)
The bootload command environment is an environment that can
perform configuration and disk management functions. It needs to
be able to support i/o to devices in a pl/1 environment. Also,
since bce must be able to operate on arbitrary disks, it must be
capable of running before the storage system is active. Thus, it
is equivalent to the collection 1 environment before the environ-
ment becomes paged. In this environment, built by a special run
of collection 1, a series of facilities provides a command
environment that allows pl/1 programs to run in a manner similar
to their operation in the normal Multics programming environment.
CRASH HANDLER (TOEHOLD)
When Multics has crashed, Multics is incapable of
performing the types of analysis and recovery operations desired
in its distressed state. Thus, a safe environment is invoked to
provide these facilities. Since bce is capable of accessing
memory and disks independently of the storage system (and the
hardcore partitions), it becomes the obvious choice for a crash
environment. When Multics crashes, bce is restored to operation.
Facilities within bce can perform a dump of Multics as well as
start recovery and reboot operations. The crash environment
consists of the mechanisms needed to save the state of Multics
upon a crash and to re-setup the bootload command environment.
These mechanisms must work in the face of varying types of system
failures; they must also work given the possibility of hardware
reconfiguration since the time the safe environment was saved.
SECTION 2
COLLECTION 0
Collection 0 in Bootload Multics is an ensemble of ALM
programs capable of being booted from BOS or the IOM, reading
themselves off of the boot tape, loading tape firmware if needed,
setting up an I/O and error handling environment, and loading
collection 1.
Collection 0 is organized into two modules:
bootload_tape_label, and bound_bootload_0. The first is an MST
label program designed to read the second into its correct memory
location, after being read in by the IOM bootload program. The
second is a bound collection of ALM programs. bound_bootload_0
takes extensive advantage of the binder's ability to simulate the
linker within a bound unit. The programs in bound_bootload_0 use
standard external references to make intermodule references, and
the binder, rather than any run-time linker or pre-linker,
resolves them to TSR-relative addresses. Any external references
(such as to the config deck) are made with explicit use of the
fact that segment numbers for collection 0 programs are fixed at
assembly time.
GETTING STARTED
bootload_tape_label is read in by one of two means. In
native mode, the IOM or IIOC reads it into absolute location 30,
leaving the PCW, DCW's, and other essentials in locations 0
through 5. The IIOC leaves an indication of its identity just
after this block of information.
In BOS compatibility mode, the BOS BOOT command simulates
the IOM, leaving the same information. However, it also leaves a
config deck and flagbox (although bce has its own flagbox) in the
usual locations. This allows Bootload Multics to return to BOS
if there is a BOS to return to. The presence of BOS is indicated
by the tape drive number being non-zero in the idcw in the "IOM"
provided information.
The label overlays the interrupt vectors for the first two
IOM's. Because the label is formatted as a Multics standard tape
record, it has a trailer that cannot be changed. This trailer
overlays the interrupt vectors for channels B9 and B10. Without
a change in the label format, the bootload tape controller cannot
use either of these channels as a base channel, because the label
record wipes out the vectors that the IOM bootload programs sets
up. This prevents control from transferring to the label
program.
The label program first initializes the processor by
loading the Mode Register and the Cache Mode Register, and
clearing and enabling the PTWAM and the SDWAM. It then reads all
of bound_bootload_0 off the tape. This action places the toehold
and bootload_early_dump into their correct places in memory, in
as much as these two modules are bound to be the first two
objects in bound_bootload_0. If this is successful, it transfers
to the beginning of bootload_abs_mode through an entry in the
toehold. (This entry contains the address of bootload_abs_mode,
via the linking performed by the binder.) This program copies
the template descriptor segment assembled into template_slt_ to
the appropriate location, copies int_unpaged_page_tables and
unpaged_page_tables to their correct locations, loads the DSBR
and the pointer registers, enters appending mode, and transfers
to bootload_0.
PROGRAMMING IN COLLECTION 0
Collection 0 programs are impure assembly language pro-
grams. The standard calling sequence is with the tsx2 instruc-
tion. A save stack of index register 2 values is maintained
using id and di modifiers, as in traffic control. Programs that
take arguments often have an argument list following the tsx2
instruction. Skip returns are used to indicate errors.
The segment bootload_info, a cds program, is the repository
of information that is needed in later stages of initialization.
This includes tape channel and device numbers and the like. The
information is copied into the collection 1 segment sys_boot_info
when collection 1 is read in.
MODULE DESCRIPTIONS
bootload_abs_mode.alm
As mentioned above, bootload_abs_mode is the first program
to run in bound_bootload_0. The label program locates it by
virtue of a tra instruction at a known place in the toehold
(whose address is fixed); the tra instruction having been fixed
by the binder. It first clears the memory used by the Collection
0 data segments, then copies the template descriptor segment,
int_unpaged_page_tables and unpaged_page_tables from
template_slt_. The DSBR is loaded with the descriptor segment
SDW, the pointer registers are filled in from the ITS pointers in
template_slt_, and appending mode is entered. bootload_abs_mode
then transfers control to bootload_0$begin, the basic driver of
collection zero initialization.
bootload_0.alm
bootload_0's contract is to set up the I/O, fault, and
console services, and then load and transfer control to collec-
tion 1. As part of setting up the I/O environment, it must load
tape firmware in the bootload tape MPC if BOS is not present.
bootload_0 makes a series of tsx2 calls to set up each of these
facilities in turn. It calls bootload_io$preinit to interpret
the bootload program left in low memory by the IOM/IIOC/IOX,
including checking for the presence of BOS;
bootload_flagbox$preinit to set flagbox flags according to the
presence of BOS; bootload_faults$init to fill in the fault
vector; bootload_slt_manager$init_slt to copy the data from
template_slt_ to the SLT and name_table; bootload_io$init to set
up the I/O environment; bootload_console$init to find a working
console and initialize the console package; bootload_loader$init
to initialize the MST loading package; bootload_tape_fw$boot to
read the tape firmware and load it into the bootload tape
controller; bootload_loader$load_collection to load Collection
1.0; bootload_loader$finish to copy the MST loader housekeeping
pointers to their permanent homes; and bootload_linker$prelink to
snap all links in Collection 1.0.
Finally, the contents of bootload_info are copied into
sys_boot_info. Control is then transferred to bootload_1.
The firmware collection.
As described below under the heading of
"bootload_tape_fw.alm", tape firmware must be present on the MST
as ordinary segments. It must reside in the low 256K, because
the MPC's do not implement extended addressing for firmware
loading. The tape firmware segments are not needed after the MPC
is loaded, so it is desired to recycle their storage. It is
desired to load the MPC before collection 1 is loaded, so that
backspace error recovery can be used when reading the tape. The
net result is that they need to be a separate collection. To
avoid destroying the old correspondence between collection num-
bers and sys_info$initialization_state values, this set exists as
a sub-collection. The tape firmware is collection 0.5, since it
is loaded before collection 1. The segments in collection 0.5
have a fixed naming convention. Each must include among its set
of names a name of the form "fwid.Tnnn", where "Tnnn" is a four
character controller type currently used by the BOS FWLOAD
facility. These short names are retained for two reasons.
First, they are the controller types used by Field Engineering.
Second, there is no erase and kill processing on input read in
this environment, so that short strings are advantageous. Note
that if the operator does make a typo and enters the wrong
string, the question is asked again.
bootload_console.alm
bootload_console uses bootload_io to do console I/O. Its
initialization entry, init, finds the console on the bootload
IOM. This is done by first looking in the config deck, if BOS
left us one, or, if not, by trying to perform a 51 (Write Alert)
comment to each channel in turn). Only console channels respond
to this command. When a console is found, a 57 (Read ID) command
is used to determine the model.
The working entrypoints are write, write_nl, write_alert,
and read_line. write_nl is provided as a convenience. All of
these take appropriate buffer pointers and lengths. Read_line
handles timeout and operator error statuses.
There are three types of console that bootload_console must
support. The first is the original EMC, CSU6001. It requires
all its device commands to be specified in the PCW, and ignores
IDCW's. The second is the LCC, CSU6601. It will accept commands
in either the PCW or IDCW's. The third type is the IPC-CONS-2.
In theory, it should be just like the LCC except that it does NOT
accept PCW device commands. Whether or not it actually meets
this specification has yet to be determined.
To handle the two different forms of I/O (PCW commands
versus IDCW's), bootload_console uses a table of indirect words
pointing to the appropriate PCW and DCW lists for each operation.
The indirect words are setup at initialization time. The LCC is
run with IDCW's to exercise the code that is expected to run on
the IPC-CONS-2.
bootload_dseg.alm
bootload_dseg's task is to prepare SDW's for segments
loaded by bootload_loader, the collection zero loader.
bootload_dseg$make_sdw takes as an argument an sdw_info structure
as used by sdw_util_, and constructs and installs the SDW. The
added entrypoint bootload_dseg$make_core_ptw is used by
bootload_loader to generate the page table words for the unpaged
segments that it creates.
bootload_early_dump.alm
When an error occurs during early initialization,
bootload_early_dump is called. It is called in three ways.
First, if bootload_error is called for an error (as opposed to a
warning), this routine is called. Secondly, if a crash should
occur later in initialization (after collection 0) but before the
toehold is set up (and bce running), the toehold will transfer
here. Third, the operator can force a transfer to this routine
through processor switches any time up until collect_free_core
runs. (This includes while bce is running.) This is done by
force executing a "tra 30000o" instruction.
bootload_early_dump starts by reestablishing the collection
0 environment (masked, pointer registers appropriately set,
etc.). It then uses bootload_console to ask for the number of a
tape drive on the bootload tape controller to use for the dump.
When it gets a satisfactory answer, it dumps the first 512k of
memory (that used by early initialization and bce), one record at
a time, with a couple of miscellaneous values used by
read_early_dump_tape (which constructs a normal format dump). If
an error occurs while writing a record, the write is simply
retried (no backspace or other error recovery). After 16
consecutive errors, the dump is aborted, a status message
printed, and a new drive number requested.
bootload_error.alm
bootload_error is responsible for all the error messages in
collection 0. It is similar in design to page_error.alm; there
is one entrypoint per message, and macros are used to construct
the calls to bootload_formline and bootload_console.
bootload_error also contains the code to transfer to
bootload_early_dump. There are two basic macros used: "error",
which causes a crash with message, and "warning", which prints
the message and returns. All the warnings and errors find their
parameters via external references rather than with call parame-
ters. This allows tra's to bootload_error to be put in error
return slots, like:
tsx2 read_word
tra bootload_error$console_error
" error, status in
" bootload_console$last_error_status
... " normal return
Warnings are called with tsx2 calls.
bootload_faults.alm
bootload_faults sets up the segment fault_vector. All
faults except timer runout are set to transfer to
bootload_error$unexpected_fault. All interrupts are set to
transfer control to bootload_error$unexpected_interrupt, since no
interrupts are used in the collection zero environment. The same
structure of transfers through indirect words that is used in the
service fault environment is used to allow individual faults to
be handled specially by changing a pointer rather than
constructing a different tra instruction (also, instructions do
not allow "its" pointers within them). The structure of the
scu/tra pairs (but not the values of the pointers) formed by
bootload_faults is that used by the rest of initialization and
service.
bootload_flagbox.alm
bootload_flagbox zeroes the bce flagbox. It also zeroes
the cold_disk_mpc flag when BOS is present for historical
reasons. Various values are placed in the flagbox that no one
looks at.
bootload_formline.alm
This program is a replacement for the BOS erpt facility.
It provides string substitutions with ioa_-like format controls.
It handles octal and decimal numbers, BCD characters, ascii in
units of words, and ACC strings. Its only client is
bootload_error, who uses it to format error message. The BCD
characters are used to print firmware ID's found in firmware
images. Its calling sequence is elaborate, and a macro,
"formline", is provided in bootload_formline.incl.alm
bootload_info.cds
The contents of this segment are described under data
bases.
bootload_io.alm
bootload_io is an io package designed to run on IOM's and
IIOC's. It has entrypoints to connect to channels with and
without timeouts. It always waits for status after a connection.
It runs completely using abs mode i/o, and its callers must fill
in their DCW lists with absolute addresses. This is done because
NSA IOM's do not support rel mode when set in PAGED mode, and
there is no known way to find out whether an IOM is in paged
mode. Under normal operation, the config card for the IOM is
available to indicate whether the IOM is in paged mode or not,
relieving this difficulty.
The preinit entrypoint is called as one of the first
operations in collection 0. Besides setting up for i/o, it
copies and determines from the IOM/IIOC/BOS provided boot info
the assume_config_deck (BOS present) flag and the system_type
value.
bootload_linker.alm
bootload_linker is responsible for snapping all links
between collection one segments. It walks down the LOT looking
for linkage sections to process. For each one, it considers each
link and snaps it. It uses bootload_slt_manager$get_seg_ptr to
find external segments and implements its own simple definitions
search.
bootload_loader.alm
bootload_loader is the collection zero loader (of collec-
tions 0.5 and 1). It has entrypoints to initialize the tape
loader (init), load a collection (load_collection), skip a
collection (skip_collection), and clean up (finish). The loader
is an alm implementation of segment_loader.pl1, the collection 1
loader. It reads records from the mst, analyzes them, splitting
them into slt entries, definitions and linkage sections, and
segment contents. Memory is obtained for the segment contents
using allocation pointers in the slt. Page tables are allocated
for the segment within the appropriate unpaged_page_tables seg-
ment. When proper, the breakpoint_page is added as another page
to the end of the segment. Definitions and linkage sections are
added to the end of the proper segments (ai_linkage, wi_linkage,
ws_linkage, as_linkage). The loader has a table of special
segments whose segment numbers (actually ITS pointers) are
recorded as they are read in off of the tape. These include the
hardcore linkage segments, needed to load linkage sections,
definitions_, and others. The loader maintains its current
allocation pointers for the linkage and definitions segments in
its text. bootload_loader$finish copies them into the headers of
the segments where segment_loader expects to find them.
bootload_slt_manager.alm
bootload_slt_manager is responsible for managing the Seg-
ment Loading Table (SLT) for collection zero. It has three
entries. bootload_slt_manager$init_slt copies the SLT and name
table templates from template_slt_ to the slt and name_table
segments. bootload_slt_manager$build_entry is called by
bootload_loader to allocate a segment number and fill in the SLT
and name table from the information on the MST.
bootload_slt_manager$get_seg_ptr is called by bootload_linker to
search the SLT for a given name. It has imbedded in it a copy of
hash_index_ used to maintain a hashed list of segment names
compatible with the list for slt_manager in further collections.
bootload_tape_fw.alm
bootload_tape_fw is responsible for loading the bootload
tape MPC. It begins by loading collection 0.5 into memory with a
call to bootload_loader$load_collection. By remembering the
value of slt.last_init_seg before this call, bootload_tape_fw can
tell the range in segment numbers of the firmware segments.
Firmware segments are assigned init_seg segment numbers by
bootload_loader, but are loaded low in memory, for reasons
described above. bootload_tape_fw then determines the correct
firmware type. If bootload_info specifies the controller type,
then it proceeds to search the SLTE names of the firmware
segments for the appropriate firmware. If bootload_info does not
specify the firmware type, then bootload_tape_fw must ask the
operator to supply a controller type. This is because there is
no way to get a controller to identify itself by model.
Each of the firmware segments has as one of its SLTE names
(specified in the MST header) the six character MPC type for
which it is to be used. bootload_tape_fw walks the slt looking
for a firmware segment with the correct name. If it cannot find
it, it re-queries (or queries for the first time) the operator
and tries again.
Having found the right firmware, the standard MPC bootload
sequence is initiated to boot the tape MPC. The firmware
segments' SDW's are zeroed, and the slt allocation pointers
restored to their pre-collection-0.5 values. bootload_tape_fw
then returns.
template_slt_.alm
This alm program consists of a group of involved macros
that generate the SLTE's for the segments of collection zero. It
is NOT an image of the segment slt, because that would include
many zero SLTE's between the last sup seg in collection zero and
the first init seg. Instead, the init seg SLTE's are packed in
just above the sup segs, and bootload_slt_manager$init_slt
unpacks them. It also contains the template descriptor segment,
packed in the same manner, and the template name table. The
initial contents of int_unpaged_page_tables and
unpaged_page_tables are also generated. Also present are the
absolute addresses, lengths, and pointers to each of the collec-
tion 0 segments for use elsewhere in bound_bootload_0.
SECTION 3
COLLECTION 1
The basic charter of collection 1 is to set up paging,
fault handling, as well as various data bases needed for paging
and other like activities. Collection 1 can run multiple times,
for various reasons.
SUMMARY OF COLLECTION 1 PASSES
The first run through collection 1 is known as the "early"
pass which is described below. It is a run in which we are
restricted to work within 512K and in which only the rpv is
known; in fact, it is this pass which finds the rpv and the
config deck. If BOS is present, this pass is not needed. The
end of this pass is the arrival at "early" command level, used to
fix up the config deck, in preparation for the "boot" pass.
The second pass, which is known as "bootload Multics
initialization", also runs only within 512K. It, however, has
knowledge of all disks and other peripherals through the config
deck supplied either by BOS or the early initialization pass.
This pass is made to generate a crash-to-able system that can be
saved onto disk for crash and shutdown purposes. After the crash
handler (this image) is saved, the bootload Multics "boot"
command level can be entered. This level allows the booting of
Multics service. After Multics has shut down, a slight variant
of this pass, the "shut" pass, is run in a manner similar to that
for the "crash" pass, described below.
The third pass (which actually comes after the fourth) is
another run of bootload Multics initialization performed after
Multics has crashed. This pass is made to re-generate various
tables to describe the possibly different configuration that now
exists after having run Multics. Bootload Multics "crash"
command level is then entered.
The fourth pass through collection 1 is called "service
initialization", which runs using all memory and devices. The
result of this pass is suitable for running the later collec-
tions, and bringing up service.
The "early" pass creates a safe environment consisting of a
set of programs in memory and a synthesized config deck that
describes known hardware. This is saved away to handle crashes
during the "boot" pass. If the "boot" pass fails, the toehold
restores this earlier saved environment which then runs a
"re_early" pass. This is really a normal pass, but using the
saved away config deck of known good hardware. The "re_early"
pass comes back to an "early" command level to allow the operator
to fix the deck or hardware.
When the "boot" pass succeeds, it also saves a good memory
image and the now confirmed site config deck. After the "boot"
pass saves this image, the "boot" command level is entered and
eventually it boots Multics, running the "service" pass. If this
fails, the toehold restores the saved image. A "bce_crash" pass
then runs. This is a normal pass but one in which the saved
config deck is used. This pass is run on the assumption that,
either a bce command died and the operator may now examine it, or
that the "service" pass found a problem. The "bce_crash" level
allows the operator to fix things.
Once the boot of service Multics completes collection 1, a
crash or shutdown will invoke the toehold to restore bce. This
time, however, the current config deck is used to utilize any
reconfigurations that have occured. bce will come to the "crash"
or "boot" command levels.
We'll start by looking at the basic initialization pass,
that used to come to the normal ("boot") bce command level.
NORMAL (BOOT) PASS
The sequence of events in a normal initialization pass is
given here. As of the time of the start of a normal
initialization pass, the config deck has been found, either by
BOS or the early initialization pass. All other data bases
besides sys_boot_info and sys_info set or created during previous
initialization passes have been deleted. The pass starts with
saving certain attributes, such as free core extents, for later
restoration at the end of the pass (before running another).
scs_and_clock_init fills in the initial scs (system config-
uration segment) data from the config deck. This is information
on the processors and the memory controllers.
get_io_segs, iom_data_init, ocdcm_$init_all_consoles, and
scas_init are run to set up the disk_seg, pvt, iom_data,
ioi_data, oc_data and the system controller addressing segment.
tc_init initializes tc_data's apte and itt lists.
init_sst generates the sst and core map appropriate for the
pass. This is the last real memory allocation. After this time,
allocation of memory based upon the data in the slt is
deactivated. The remaining tables either have memory already
allocated for them or are generated paged, once paging is
started. announce_chwm announces memory usage.
initialize_faults$interrupt_init initializes the interrupt
vector. With iom_data and oc_data set up, this permits ocdcm_ to
be used for console I/O. The interrupt mask is opened with a
call to pmut$set_mask.
The basic command environment facilities (I/O interfaces
and a free area) are set up in a call to init_bce. (BCE is an
acronym for Bootload Command Environment). This allows programs
that query the operator to do so in a more friendly fashion than
raw calls to ocdcm_. Further descriptions of bce facilities
follow later.
load_disk_mpcs runs (only during a "boot" pass and only
when we do not have BOS present) to make sure that all disk mpcs
have firmware active within them.
init_pvt, read_disk$init and init_root_vols together have
the net effect of setting up disk and page control. No segments
are paged at this time, though, except for rdisk_seg. Once we
reach here, we know that the config deck describes a set of
hardware sufficient (and valid) enough to reach command level and
so we save the config deck as safe_config_deck.
establish_config_deck reads the config_deck segment from
disk, if appropriate. This segment will become the first paged
segment.
establish_temp_segs maps the bootload paged temp segments
onto the reserved area for them in the "bce" partition.
find_file_partition maps the bce file system area
(bootload_file_partition) unto the "file" partition.
load_mst$init_commands maps the pagable bce programs onto
the areas of disk in which they were read by load_mst earlier.
If this is a "early" or "boot" pass, this environment is
saved and the toehold setup to invoke it. This is done by
init_toehold. The "early" pass saves the entire environment; the
"boot" pass simply saves the safe_config_deck so determined by
this pass.
bce_get_to_command_level can now be called to provide the
appropriate bce command level. At the "early" command level, the
config deck must be made to be correct. At the "boot" command
level, the mpcs (other than the bootload tape mpc and all of the
disk mpcs) need to be loaded.
When the pass is over, the states saved at the beginning of
the pass are restored, the system is masked, and we proceed to
perform another pass.
SERVICE PASS
The sequence of events in a service pass differs from the
normal pass in many ways.
After initialize_faults$fault_init_one runs,
move_non_perm_wired_segs is called to move the segments loaded by
collection 0 to their proper places, thereby utilizing all of the
bootload memory.
[Collection 0 assumes 512K of bootload memory, for two
reasons. First, if BOS and the config deck are not present,
there is no easy way of finding out how much memory there is, so
some assumption is needed. Second, the crash handler will have
to run in some amount of memory whose contents are saved on disk.
512K is a reasonable amount of space to reserve for a disk
partition. At current memory and disk prices it is hard to
imagine anyone with a bootload controller with less that 512K, or
a problem with the disk partition.
When setting up the service environment, though, it is
necessary to move the segments that have been allocated in the
512K limit. It is desirable to have sst_seg and core_map at the
high end of the bootload memory controller. (On the one hand,
the controller they reside in cannot be deconfigured. On the
other hand, only the low 256K of memory can be used for I/O
buffers on systems with IOM's not in paged mode. While we could
just start them at the 256K point, that might produce
fragmentation problems. So the top of the controller is best.)
If the controller really has 512K of memory, collection 1 paged
segments will be there. move_non_perm_wired_segs takes the
segments that the collection zero loader allocated high (paged
segments and init segments that are not firmware segments) and
moves them to the highest contiguously addressable memory,
hopefully leaving the top of the low controller for the sst_seg
and core_map.]
tc_init sets the number of aptes and itt entries on the
basis of the tcd card. A normal bce pass really needs no such
entries.
init_sst generates the sst and core map appropriate for all
of memory at the top of the bootload memory. A normal pass
allocates these tables through normal off-the-slt allocation
(because the top of the 512k area is filled with temp segs).
establish_config_deck maps the config_deck segment onto the
disk "conf" partition. It writes out the memory version in the
process.
Since the service pass does not come to bce command level,
establish_temp_segs, find_file_partition and
load_mst$init_commands are not run.
init_toehold is not run since upon a crash we want to
return to the bootload environment and not to a state in which we
are booting.
init_partitions checks the "part" config cards.
Now, the routine we've all been waiting for runs.
make_segs_paged causes all pagable segments to be paged into the
various hardcore partitions thereby no longer needing memory. We
can then run collect_free_core to regain the freed space.
delete_segs$temp deletes the segments temporary to collec-
tion 1. We can then load, link, and run collection 2 (performed
by segment_loader, pre_link_hc and beyond).
EARLY PASS
The early initialization pass is a pass through collection
1 whose job is to set up paging and obtain the config deck from
its disk partition so that a normal initialization pass may be
run which knows about the complete set of hardware.
It starts with init_early_config constructing a config deck
based on assumptions and information available in sys_boot_info.
This config deck describes the bootload CPU, the low 512K of
memory, the bootload IOM, the bootload tape controller and the
bootload console. Given this synthetic deck, we can proceed
through scs_and_clock_init, etc. to setup the environment for
paging. scs_and_clock_init$early fills the bootload CPU port
number into the config deck, which is how it differs from
scs_and_clock_init$normal.
scas_init and init_scu (called from scas_init) have special
cases for early initialization that ignore any discrepancy
between the 512K used for the bootload controller and any larger
size indicated by the CPU port logic.
During the early pass (or, actually during the first "boot"
pass, if an early pass is never run), init_bce$wired sets up
references in bce_data to wired objects. This allows
bce_console_io and other friendlier routines to run.
To locate the RPV subsystem, find_rpv_subsystem looks in
sys_boot_info. If the data is there, it will try to boot the RPV
subsystem firmware (if needed). If not, it queries the operator
for the data. If, later in initialization, the data should prove
suspect (e.g. RPV label does not describe the RPV), control
returns here to re-query the operator. The operator is first
asked for a command line specifying the RPV subsystem model and
base channel, and the RPV drive model and device number. The
operator may request that the system generate a query in detail
for each item. Cold boot is also requested in the
find_rpv_subsystem dialog. The simple command processor,
bce_command_processor_, is used to parse the "cold" and "rpv"
request lines described above.
The RPV data is filled into the config deck, and
initialization continues with init_pvt and friends.
init_root_vols is called through its early entrypoint so as to
allow for an error return. Errors occuring during the initing of
the rpv will cause a re-query of the rpv data by returning to the
call to get_io_segs.
Firmware is booted in the RPV controller by
boot_rpv_subsystem, called from find_rpv_subsystem, which finds
the appropriate firmware image and calls hc_load_mpc. A database
of device models and firmware types and other configuration
rules, config_data_.cds, is used to validate operator input and,
for example, translate the subsystem model into a firmware
segment name.
init_roots_vols checks for the presence of and creates
certain key partitions on the rpv. The "conf" partition, if not
present, is created by trimming 4 pages off of the hardcore
partition. The "bce" (bce crash handler, temporary area and MST
storage) and "file" (bootload file system) partitions are
created, if any is not found, by a call to create_rpv_partition.
This program shuffles the disk pages to find enough contiguous
space at the end of the disk for the partitions.
Once paging is available, and the RPV has been found valid
(or cold-initialized), the real service config deck is read from
the RPV conf partition by establish_config_deck unless this is a
cold boot.
After running establish_temp_segs and find_file_partition,
the rest of the MST is read. This step is performed during the
"early" pass or whatever is the first boot pass.
tape_reader$init sets up tape reading. load_mst reads in collec-
tion 1.2 (config deck sources and exec_coms) into bce file system
objects, collection 1.5 (bce paged programs and firmware images)
into mst area pages leaving around traces for
load_mst$init_commands (which maps them into the bce address
space) and saves collections 2 and 3 on disk for warm booting.
tape_reader$final shuts down the tape. load_mst$init_commands
then runs.
The early or the first boot pass then initializes bce_data
references to paged objects with init_bce$paged.
An early command level is now entered, using a subset of
the real bce command level commands. This level is entered to
allow editing of the config deck.
After leaving command level, init_clocks is called. This
is the time when the operator sets the clock. Up until this
time, the times shown were random. If the operator realizes at
this time that he must fix the config deck, or whatever, he has a
chance to return to the early command level. When the clock is
set, control proceeds.
At this point, early initialization's work is done. The
real config deck is available, and the system can rebuild the
wired databases to their real sizes. Interrupts are masked,
completion of pending console I/O is awaited, and the slt
allocation pointers are restored to their pre-collection-1 val-
ues. Control then moves to the "boot" pass.
CRASH PASS
The crash pass recreates a "boot" environment from which
dumps can be taken and emergency_shutdown can be invoked. It
differs from the "boot" pass only in the verbosity (to avoid
printing many messages at breakpoints) and in the command level
that is reached.
RE_EARLY PASS
A re_early pass is run to restore a safe environment
following a failure to boot to the "boot" command level. It is
identical to a "boot" pass except that it uses a saved config
deck known to be good and reaches a "early" command level.
BCE_CRASH PASS
The bce_crash pass is run to restore a safe environment
following a failure to boot the "service" pass. This may also be
the result of a failure of a bce utility invoked at the "boot"
command level. This pass is identical to the boot pass except
that it uses a saved config deck known to be good and reaches the
"bce_crash" command level.
SHUT PASS
The shut pass is run when Multics shuts down, as opposed to
crashing. It differs from the boot pass only in that
load_disk_mpcs is not run, because it shouldn't be ncessary
(Multics was using the mpcs okay) and because it would interfere
with possible auto exec_com operation.
MODULE DESCRIPTIONS
Bootload Command Environment modules are not included in
this section.
announce_chwm.pl1
The name of this program means
announce_Core_High_Water_Mark. It will announce the extent to
which memory is filled during the various passes of collection 1
when the "chwm" parameter appears on the "parm" card in the
config deck. Near the beginning of each pass, this program
announces the amount of memory used, based upon information in
the slt. At the end of service initialization, it walks down the
core map entries, looking for pages that are available to page
control and those that are wired. The difference between the
memory size and the total figure given here is the amount taken
up by non-page control pages, the sst for example. As a side
bonus, the before entrypoint announces the usage of
int_unpaged_page_tables; the after entrypoint announces the usage
for unpaged_page_tables.
boot_rpv_subsystem.pl1
boot_rpv_subsystem is the interface between
find_rpv_subsystem and hc_load_mpc, the hardcore firmware loading
utility. All that it really has to do is find the appropriate
firmware segment in collection 1. config_data_ is used to map
the controller model to a firmware segment name, of the usual
(T&D) form (fw.XXXnnn.Ymmm). The segment and base channel are
passed to hc_load_mpc, and the results (success or failure) are
returned to find_rpv_subsystem.
boot_tape_io.pl1
This is the program that performs reading of the MST by
collections 1 and beyond. It uses the physical record buffer as
an i/o area. io_manager is used to perform the i/o, with dcw
lists generated within this program.
bootload_1.alm
bootload_1 is the first collection 1 program, called
directly by collection 0. It fills in the stack headers of the
prds and inzr_stk0 to initialize the PL/1 environment. It then
calls initializer.pl1 which pushes the first stack frame.
collect_free_core.pl1
At the end of collection 1 service initialization, this
program is called to free the storage taken up by the previously
wired initialization segments. It does this by marking all core
map entries for pages still unpaged (judged from the address
field of the sdws of all segments) as wired and marking all of
the rest as free (available for paging). It special cases
breakpointable segments to avoid freeing references to
breakpoint_page.
create_rpv_partition.pl1
To save the effort of creating the new Bootload Multics
partitions by requiring all sites to perform a rebuild_disk of
their rpv, this program was created. It creates partitions on
rpv (high end) by shuffling pages about so as to vacate the
desired space. The pages to move are found from the vtoces. The
vtoces are updated to show the new page location and the volmap
is updated to show the new used pages. This program uses
read_disk to read and write the pages. No part of the file
system is active when this program runs.
delete_segs.pl1
delete_segs is called after the various collections to
delete the segments specific only to that collection (temp segs).
It is also called at the end of collection 3 to delete segments
belonging to all of initialization (init segs). It scans the ast
list for the appropriate segments, uses pc$truncate to free their
pages (in the hardcore partition) or pc$cleanup to free the core
frames for abs-segs and then threads the astes into the free
list. This program is careful not to truncate a breakpoint_page
threaded onto a segment.
disk_reader.pl1
disk_reader is used by the collection 1 loader (of collec-
tion 2), segment_loader, and by the collection 2 loader,
load_system, to read the mst area of disk. It operates by paging
disk through disk_mst_seg. The init entrypoint sets up
disk_mst_seg unto the first 256 pages of the mst area to be read.
As requests come in to read various words, they are paged from
this segment. When a request comes in that is longer than what
is left in this segment, the remainder is placed into the
caller's buffer, and disk_mst_seg re-mapped onto the next 256
pages. This continues as needed.
establish_config_deck.pl1
The config deck is stored in the "conf" partition on the
RPV in between bootloads. In service, the segment config_deck is
effectively an abs-seg onto this partition. This program
establishes the segment, by filling in the aste and page table
appropriately. During the service pass, this abs-seg becomes
config_deck, with the wired version copied therein. When called
in early initialization, (at the $early entrypoint), it copies
the abs-seg's contents into the wired segment. Otherwise, the
abs-seg is built so that routines that which to update the disk's
config deck (config_deck_edit_) may do so.
fill_vol_extents_.pl1
This is the ring 1 program that obtains, through the
infamous "init_vol loop", the desired parameters of a disk to
initialize. It is called in initialization by init_empty_root
when performing a cold boot to determine the desired partitions
and general layout desired for the rpv.
find_rpv_subsystem.pl1
find_rpv_subsystem initializes configuration and firmware
for the RPV disk subsystem. When available, it uses information
in sys_boot_info. When that information is not present, the
operator is queried. The basic query is for a request line of
the form:
rpv Icc MPC_model RPV_model RPV_device
or
cold Icc MPC_model RPV_model RPV_device
as described in the MOH.
If the operator makes a mistake, or types help, the
operator is offered the opportunity to enter into an extended,
item by item dialog to supply the data.
The information is checked for consistency against
config_data_, a cds program that describes all supported devices,
models, etc. The mpc is tested through
hc_load_mpc$test_controller, to see if firmware is running in it.
If the response is power off, then boot_rpv_subsystem is called
to load firmware. Then init_early_config$disk is called to fill
this data into the config deck. If a later stage of
initialization discovers an error that might be the result of an
incorrect specification at this stage, control is returned here
to give the operator another chance.
The operator is also allowed to enter "skip_load" or
"skip", as a request before entering the rpv data. This forces a
skip of the firmware loading, regardless of the apparent state of
the mpc.
get_io_segs.pl1
A scan through the config deck determines the sizes of the
various hardcore i/o databases which this program allocates.
This program also fills in some of the headers of these databases
as a courtesy for later initialization programs. The key
determiners of the sizes of the tables allocated are the number
of subsystems, the number of logical channels to devices, the
number of drives, the number of ioms, etc. get_main is used to
allocate the areas, using entries in the slt to find the memory.
Areas allocated are: the pvt, the stock_segs, the disk_seg,
ioi_data and iom_data.
get_main.pl1
get_main is used to create a segment that is to reside in
main memory. It runs in one of two ways, depending on whether
allocation off the slt (slt.free_core_start) is allowed. When
this is not allowed (later in initialization),
make_sdw$unthreaded is used to generate the segment/aste.
pc_abs$wire_abs_contig forces this segment to be in memory.
Earlier in initialization (before page control is active), the
segment is allocated from the free core values in the slt. These
values determine the placement in memory of the to be created
segment. get_main allocates a page table for this segment in
either int_unpaged_page_tables or unpaged_page_tables (depending
on whether the segment will eventually be made paged). The ptws
are filled in and an sdw made. The given_address entrypoint of
get_main can be used to utilize its unpaged segment page table
generation capabilities (as in init_sst).
hc_load_mpc.pl1
hc_load_mpc embodies the protocol for loading all MPC's.
It is an io_manager client. Since the firmware must be in the
low 256K, a workspace is allocated in free_area_1 and the
firmware image is copied out of the firmware segment and into
this buffer for the actual I/O. The urc entrypoint is used to
load urc mpcs. This entry accepts an array of firmware images to
load. It scans the list to determine to which channels each
overlay applies. The extra entrypoint test_controller, used by
find_rpv_subsystem and load_disk_mpcs, tests a controller by
executing a request status operation. The results of this are
used to see if the mpc seems to be running (has firmware in it).
init_aste_pools.pl1
This program is called exclusively from init_sst and really
does most of its work. It builds the four aste pools with empty
astes appropriately threaded. Each aste is filled in with ptws
indicating null pages.
init_clocks.pl1
This program performs the setting of the system clock. It
starts by providing the time and asking if it is correct. If it
is, fine. If the operator says it's not, the operator is
prompted for a time in the form:
yyyy mm dd hh mm {ss}
The time is repeated back in English, in the form "Monday,
November 15 1982". If the bootload memory is a SCU, the operator
is invited to type "yes" to set this time (when the time is met),
or "no" to enter another time. The time is set in all the
configured memories, to support future jumping clock error
recovery. On 6000 SC's, the program translates times to SC
switch settings. The program gives the operator time to set the
clock by waiting for an input line. At any time, the operator
may enter "abort", realizing that something is wrong.
init_clocks then returns. real_initializer will re-enter the
early command level in this case.
init_early_config.pl1
init_early_config fabricates a config deck based on the
information available after collection zero has completed. The
bootload CPU, IOM, console, and tape controller are described.
The port number of the bootload CPU is not filled in here, since
it is not easily determined. Instead, scs_and_clock_init$early
fills it in. Appropriate parm, sst, and tcd cards are
constructed, and placeholders are filled in for the RPV
subsystem, so that iom_data_init will reserve enough channel
slots. init_early_config$disk is used to fill in the real values
for the RPV subsystem once they are known.
init_empty_root.pl1
fill_vol_extents_, the subroutine used by the user ring
init_vol command, has been adapted to provide the main function
of this program. It provides a request loop in which the
operator can specify the number of vtoces, partition layout, etc.
The operator is provided with a default layout, including the
usual set of partitions and the default (2.0) average segment
length. If it is changed, the operator is required to define at
least the hardcore and bce required partitions and (for the
moment) the bos partition.
init_hc_part.pl1
init_hc_part builds the appropriate entries so that paging
and allocation may be done against the hardcore partition. It
builds a pseudo volmap (volmap_abs_seg) describing the hardcore
partition (which is withdrawn from the beginning thereof)
allowing withdrawing of pages from the partition. A record stock
is also created of appropriate size for the partitions.
init_partitions.pl1
This program makes sure that the partitions the operator
specified in the config deck are really there. It checks the
labels of the config deck specified disks for the specified
partitions. Disks that do have partitions so listed are listed
as un-demountable in their pvt entries.
init_pvt.pl1
The pvt contains relatively static data about each disk
drive (as opposed to dynamic information such as whether i/o is
in progress). init_pvt sets each entry to describe a disk. No
i/o is done at this time so logical volume information, etc. can
not be filled in. Each disk is presumed to be a storage system
disk, until otherwise determined later.
init_root_vols.pl1
init_root_vols finds the disks that will be used for
hardcore partitions. It mostly finds the disks from root cards
and finds the hardcore partitions from the labels. For the rpv,
it will also call init_empty_root, if a cold boot is desired,
call create_rpv_partition, if various required partitions are
missing (MR11 automatic upgrade), and set various pvt entries to
describe the rpv. During the service pass, init_hc_part is
called to establish paging (and allow withdrawing) against the
hardcore partition.
init_scu.pl1
This routine is used within scas_init to init a given scu.
It compares the scu configuration information (from its switches)
with the supplied size and requirements. When called for
bootload Multics purposes, the size of the scu may be larger than
that specified (generated) in the config deck without a warning
message. It generates ptws so it can address the scu registers
(see the description in the glossary for the scas). The execute
interrupt mask assignment and mask/port assignment on the
memories is checked here.
init_sst.pl1
init_sst starts by determining the size of the pools.
Normally, this is found in the sst config card (although init_sst
will generate one of 400 150 50 20 if one isn't found). For
early and bootload Multics initialization, though, the pools
sizes are determined from the current requirements given in
figures in bootload_info. The size of the core_map is determined
from the amount of configured memory for normal operation and is
set to describe 512K for early and bootload Multics operation.
The area for the sst is obtained, either from the top of the
bootload scu for normal operation, or from the slt allocation
method for early and bootload Multics operation. The headers of
the sst and core map are filled in. init_aste_pools actually
threads the astes generated. The pages of memory not used in low
order (or bootload (512k)) memory are added to the core_map as
free. For normal operation, the other scu's pages are also added
to the free list. collect_free_core will eventually add the
various pages of initialization segments that are later deleted.
init_vol_header_.pl1
init_empty_root uses this program to initialize the rpv.
This routine writes out the desired label (which describes the
partitions filled in by fill_vol_extents_), generates an empty
volmap and writes it out, and generates empty vtoces and writes
them out.
initial_error_handler.pl1
This any_other handler replaces the fault_vector "unexpect-
ed fault" assignments. It implements default_restart and
quiet_restart semantics for conditions signalled with info, and
crashes the system for all other circumstances.
initialize_faults.pl1
initialize_faults has two separate entries, one for setting
things up for collection 1, and one for collections 2 and beyond.
This description is for collection 1
(initialize_faults$fault_init_one). initialize_faults_data
describes which faults have their fault vectors set to
fim$primary_fault_entry (scu data to pds$fim_data),
fim$signal_entry (scu data to pds$signal_data),
fim$onc_start_shut_entry (scu data to pds$fim_data) or
wired_fim$unexp_fault (scu data to prpds$sys_trouble_data) (all
others). Special cases are: lockup and timer runout faults are
set to an entry that will effectively ignore them. Derails go to
fim$drl_entry to handle breakpoints and special drl traps.
Execute faults are set to wired_fim$xec_fault (scu data to
prds$sys_trouble_data). Page faults are set to pagefault$fault
(scu data to pds$page_fault_data). And connect faults are set to
prds$fast_connect_code (scu data to prds$fim_data). Write access
is forced to certain key programs to set values within them.
Access is reset afterwards. These are pointers which must be
known by certain programs when there will be no mechanism for the
programs themselves to find them. An example is the pointers
within wired_fim specifying where scu data is to be stored. The
last thing done is to set the signal_ and sct_ptr in the
inzr_stk0 stack header so that signalling can occur in collection
1.
initialize_faults_data.cds
This cds segment describes which faults go to where so that
initialize_faults can so set them. For collection 1, the major
faults set are: command and trouble to fim$primary_fault_entry
(scu data in pds$fim_data), access violation, store, mme, fault
tag 1, 2 and 3, derail, illegal procedure, overflow, divide,
directed faults 0, 2 and 3, mme2, mme3, mme4 to fim$signal_entry
(scu data to pds$signal_data), shutdown, op not complete and
startup to fim$onc_start_shut_entry (scu data to pds$fim_data)
and the rest to wired_fim$unexp_fault (scu data to
prds$sys_trouble_data).
initializer.pl1
initializer consists of only calls to real_initializer,
delete_segs$delete_segs_init, and init_proc. real_initializer is
the main driver for initialization. It is an init seg.
initializer exists as a separate program from real_initializer
because, after the call to delete init segs, there must still be
a program around that can call init_proc. This is the one.
iom_data_init.pl1
The function of this program is to set up the data bases
used by io_manager. These include iom_data and the actual
mailboxes used in communicating with the iom. The iom cards are
validated here. The overhead channel mailboxes are set for the
described channels.
load_disk_mpcs.pl1
During the "boot" pass, all disk mpcs must have firmware
loaded into them. This is done by load_disk_mpcs. This program
scans the config deck, searching for disk mpcs. It tests each
one (with hc_load_mpc$test_controller) to determine a list of
apparently non-loaded disk mpcs. If this list is not empty, it
prints the list and asks the operator for a sub-set of these to
load. bce_fwload is used to perform the actual loading.
load_mst.pl1
load_mst reads in the MST. It contains a routine which
understands the format of a MST. This routine is supplied with
various entry variables to do the right thing with the objects
read from the various collections. For collection 1.2, the
objects are placed into the bce file system through bootload_fs_.
For collection 1.5, the segments have linkages combined, etc.
just as in segment loader. The objects are placed on disk, in
locations recorded in a table. These are paged bce programs.
Collections 2 and 3 are simply read in as is, scrolling down the
mst area of the "bce" partition using the abs-seg disk_mst_seg.
The init_commands entrypoint uses the table built while reading
collection 1.5. The appropriate bce segments are mapped onto
disk using the locations therein.
make_sdw.pl1
make_sdw is the master sdw/aste creation program for
collection 1 and beyond. It contains many special cases to
handle the myriad types of segments used and generated in
initialization. It's first job is to determine the size of the
desired segment. The size used is the maximum of the slte's
current length, maximum length and the size given on a tbls card
(if the segment's name is in variable_tables). Also, an extra
page is added for breakpoints when needed. Given this size, an
appropriate size aste is found and threaded into the appropriate
list, either init segs, temp segs, or normal segs. Wired segs
aren't threaded; they are just listed as hardcore segments. The
page table words are initialized to null addresses. If the
segment is wired and is breakpointable, the last ptw is instead
set to point to breakpoint_page. For abs-segs, this is the end;
abs segs and other "funny" segs must build their own page tables
and a real sdw to describe them. For a normal segment, however,
the page table entries are filled as follows: an appropriate
hardcore partition to hold the pages is chosen. abs_seg's sdw is
set to indicate this null address page table. The various pages
are touched, causing page control to be invoked to withdraw an
appropriate page against the hardcore partition whose drive index
is in the aste. (abs_seg's sdw is then freed.) make_segs_paged
and segment_loader, the main clients of make_sdw, will then copy
the desired data (either from wired memory or from the tape) into
these new (pagable) pages.
make_segs_paged.pl1
make_segs_paged, that most famous of initialization pro-
grams, actually, in a way, has most of its work performed by
make_sdw. make_segs_paged examines all of the initialization
segments, looking for those it can page (i.e., not wired, not
already made paged, non-abs-segs, etc.). It walks down this list
of segments from the top of memory down, using make_sdw to
generate an aste, an sdw, and a page table full of disk pages for
it. The sdw is put into dseg, and the contents of the wired
segment is copied into the paged version. The pages of memory
are then added to page control's free pool The dseg is also
copied with a new dbr generated to describe it.
Breakpointable segments are special cased in two ways.
First of all, when the pages of the old segment are freed,
occurences of breakpoint_page are not. Also, when copying the
segment, breakpoints set within it must be copied. All of
breakpoint_page cannot be copied since it includes breakpoints in
other segments. Thus, we must copy each breakpoint, one at a
time by hand.
move_non_perm_wired_segs.pl1
This program takes the segments allocated high addresses by
collection 0 (paged segments and init segments that are not
firmware segments) which were put at the top of the 512K early
initialization memory, and moves them to the top of the
contiguously addressable memory, leaving the top of the low
controller for the sst_seg and core_map.
This program depends on the knowledge that the loader
assigns segment numbers in monotonically increasing order to
permanent supervisor and init segs, and that the high segments
are allocated from the top of memory down. Thus it can move the
highest segment (in memory address) first, and so on, by stepping
along the SLTE's.
The copying of the segment can be tricky, though, since not
only must the contents be moved but the page table must be
changed to reflect the new location. For this, we build abs_seg0
to point to the new location. The segment is copied into
abs_seg0. We now make the sdw for the segment equal to that for
abs_seg0. The segment is now moved, but we are using the page
table for abs_seg0 for it, not the one belonging to it. So, we
fix up the old page table to point to the new location, and swap
back the old sdw. This starts using the new ptws in the old
place.
Segments that were breakpointable (had breakpoint_page in
them) must be special cased not to move the breakpoint page.
ocdcm_.pl1
Within initialization, the init_all_consoles entrypoint of
ocdcm_ is called. This entrypoint sets up oc_data to a nice safe
(empty) state. The various console specific parms are found and
saved. The main loop examines all prph opc cards. They are
validated (and later listed if clst is specified). For each
console, a console entry is filled describing it. The bootload
console, when found, is specifically assigned as bootload con-
sole. As a last feature, the number of cpus is found. This is
because the longest lock time (meaningful for determining
time-outs) is a function of the number of processors that can be
waiting for an i/o.
ocdcm_ also provides for bce a special function. It
maintains wired_hardcore_data$abort_request, set to true whenever
the operator hits the request key when this was not solicited (no
read pending). This flag is used by bce_check_abort to
conditionally abort undesired bce operations.
prds_init.pl1
This program simply initializes certain header variables in
the prds. This includes inserting the fast_connect_code, the
processor tag, etc.
pre_link_hc.pl1
The linker for collection 2, this program performs a
function analogous to that performed by bootload_linker. It
walks down the linkage sections of the segments in question,
looking for links to snap. slt_manager is used to resolve
references to segments. A definition search is imbeded within
this program.
read_disk.pl1
read_disk is the routine used to read a page from or to
write a page to disk. The init entry point sets up rdisk_seg as
a one page paged abs segment for such purposes. Actual page
reading and writing consists of using disk_control to test the
drive (unless the no_test entrypoints were used), and then page
control to page the page. For reads, we construct a page table
word describing the page of disk. Touching rdisk_seg then reads
it in. For writing, we generate a null address page table entry.
When we write to it, a page of memory is obtained. By forcing
the core map entry to describe the desired page of disk, unwiring
the page and performing a pc$cleanup (force write), the page
makes it to disk.
read_disk_label.pl1
To read a disk label, we call read_disk_label. It uses
read_disk to preform the i/o. Several such reads will be
performed. if necessary. The label is validated through a
simple check of label.Multics, label.version and
label.time_registered.
real_initializer.pl1.pmac
real_initializer is the main driver for initialization. It
largely just calls other routines to set things up, in the proper
order.
There are many paths through real_initializer as described
above. All paths set an any_other handler of
initial_error_handler to catch unclaimed signals, which eventual-
ly causes a crash.
The main path through real_initializer calls collection_1
(an internal subroutine) multiple times and then passes through
to collections 2 and 3. Each call to collection_1, in the normal
case, "increments" sys_info$collection_1_phase, thus producing
the main set of collection 1 passes. Various deviations from
this exist. Aborting disk mpc loading resets the phase to
re_early and branches back to the "early" command level. A
failure when finding the rpv during the "early" pass retries the
"early" pass. The reinitialize command resets the phase to
"early" and then simulates the bce "boot" function, thus making
the next pass become a new "boot" pass.
When Multics crashes or shuts down, the toehold restores
the machine conditions of bce saved in the toehold. These return
the system to save_handler_mc, which quickly returns through
init_toehold to real_initializer. The routine collection_1
senses this and returns to the main collection_1 calling loop.
real_initializer keys off the memory_state (determines between
crashing and shutting down) and old_memory_state (state of
crashed memory - determines crashed collection 1 phase) in the
toehold to determine the pass to run next.
real_initializer includes a stop-on-switches facility.
pl1_macro is used to assign a unique number to each step in
initialization. This number can also be used in the future to
meter initialization. Before each step in initialization, a call
is made to the internal procedure check_stop. If the switches
contain "123"b3 || "PNNN"b6, where PNNN is the error number in
binary coded decimal (P is the collection 1 phase, NNN is the
stop number obtained from a listing), bce is called (if the
toehold is active).
scas_init.pl1
scas_init inits the scas (system controller addressing
segment). It is the keeper of things cpu and scu. The config
deck is searched for cpu and mem cards which are validated and
the boxes' switches validated against the cards. The scs$cow
(connect operand words) are filled in here with values so that we
may send connects to the various processors. init_scu is called
to set masks and such for the various scus. The port enables are
set for the ioms. The cpu system controller masks are checked.
Finally, if the cpus and ioms do not overlap in port numbers, the
cyclic priority switches are set on the scus.
scs_and_clock_init.pl1
This program initializes most of the data in the scs. In
previous systems, the scs was mostly filled in its cds source.
To support multiple initializations, though, the segment must be
reset for each pass. This program also has the task of setting
sys_info$clock_ to point to the bootload SCU. Finally, at its
$early entrypoint, it fills in the bootload SCU memory port
number in the config deck, since it used that data in scs
initialization. Initializing the scs consists of initiating data
about cpus and scus.
segment_loader.pl1
segment_loader is used to load collections 2.0 and beyond.
It uses disk_reader to read records from the MST of disk. The
various records from the MST are either collection marks, header
records (denoting a segment) or the data forming the segments.
Given information in the segment header, an appropriately sized
area in wi_linkage$, ws_linkage$, ai_linkage$ or as_linkage$ is
generated. slt_manager$build_entry chooses the next segment
number (either supervisor of initialization) for the segment and
creates the slt entry. make_sdw creates an sdw an the page table
and allocates disk space in the hardcore partition for the
segment. With read/write access forced for this new (pagable)
segment, the segment is read from disk. Access is then set as
desired in the header record. We loop in this manner until we
encounter a collection mark when we stop.
slt_manager.pl1
This is a relatively simple program.
slt_manager$build_entry looks at the header read from an MST and
builds a slt entry. The header defines whether this is a
supervisor or an initialization segment (which defines from which
set of segment numbers (supervisory start at 0, initialization
start at 400 octal) it is given), what names to add to the name
table, and whether this segment has a pathname which needs to be
added to the name table (so that init_branches can thread them
into the hierarchy). While it is building the entry, it hashes
the names in the same manner as bootload_slt_manager.
slt_manager$get_seg_ptr uses this hash list to search for the
segment name requested.
sys_info.cds
sys_info is described under data bases.
tape_reader.pl1
tape_reader uses boot_tape_io to read MST tape records. It
is capable of reading several tape records and packing them into
a user supplied buffer. It validates the tape records it reads
for Multics-ness, performing the (old) reading re-written record
error recovery mechanism.
tc_init.pl1
tc_init is run in two parts, the second called part_2 run
in collection 2. Part one, just called tc_init, allocates an
appropriately sized tc_data (see the description of
tc_data_header, above) given the supplied number of aptes and itt
entries. The workclass entries are initialized to their
defaults. Workclass 0 is set up for the initializer as realtime,
etc. Everyone else is put initially into workclass 1. The aptes
and itts are threaded into empty lists. Initial scheduling
parameters are obtained from the schd card. The length of the
prds is set (either default or from tbls card). The stack_0_data
segment (which keeps track of the ring 0 stacks given to
processes when they gain eligibility) is initialized. Apte
entries for the initializer and idle (bootload cpu) are created.
Finally, memory is allocated for the pds and dseg of the various
idle processes (which won't actually be started until
tc_init$part_2).
SECTION 4
THE BOOTLOAD COMMAND ENVIRONMENT
Bootload Multics must provide a certain number of
facilities when the storage system is not available. Examples
are system dumps to disk, disk saves and restores , interactive
hardcore debug (patch and dump), and automatic crash recovery.
INITIALIZATION
There are two ways that the command environment is entered.
When an existing system is booted from power-up (cool boot), the
command environment is entered to allow config deck maintenance
and the like. When the service system crashes, the command
environment becomes the crash recovery environment that oversees
dumping and automatic restart. A full cold boot is a special
case of a cool boot.
The heart of the bootload Multics command environment (bce)
runs mostly wired. The paged segments are paged temp segments,
managed by get_temp_segment_ and friends, for such purposes as
qedx buffers and active function expansion. The bce file system
is paged. Also, some bce command programs are paged, through the
grace of load_mst. These are mapped onto an area of the bce
partition. bce does not use the storage system, nor the hardcore
partition.
Certain special programs are run so as to initialize bce.
These are: init_bce to enable the basic facilities of switches
and areas and such; find_file_partition to enable the bootload
Multics file system; establish_temp_segs to provide paged temp
segments; and, load_mst$init_commands to allow references to
paged bce programs. load_mst was described under the bootload
Multics initialization pass in collection 1.
ENVIRONMENT AND FACILITIES
The basic facilities of the command environment are:
*
a free area. free_area_1 is initialized with define_area_,
and a pointer left in stack_header.user_free_area and
stack_header.system_free_area, so that allocate statements
with no "in" qualifiers work. get_system_free_area_ () will
return a pointer to this area. This area is used for global
data needed between commands. Each command normally finds
its own local area, normally on a paged temp segment.
* standard input, output and error entries that hide the
distinction between console and "exec_com" input. These are
entry variables in the cds program bce_data.cds. They are
hardly ever called directly, as more sophisticated
interfaces are defined atop them. The entry variables are
bce_data$get_line, bce_data$put_chars and
bce_data$error_put_chars. get_chars is not sensible in the
console environment, for the console will not transmit a
partial line. The module bce_console_io is the usual target
of the entry variables. It uses ocdcm_, oc_trans_input_ and
oc_trans_output_. bce_data also contains the pointers
get_line_data_ptr, put_chars_data_ptr and
error_put_chars_data_ptr which point to control information
needed by the target of the entry variable. The pair of
values of an entry variable followed by the data pointer is
what constitutes a bce switch. A pointer to this switch is
passed around much as an iocb pointer is passed around in
Multics. Both ioa_ and formline_ understand these bce
switches so that normal calls may be made.
* bce_query and bce_query$yes_no. Each takes a response
argument, ioa_ control string, and arguments, and asks the
question on the console. An active function interface is
provided.
* bce_error is the local surrogate for com_err_, used by
various non command level programs. It does not signal any
conditions in its current implementation. com_err_ and
active_fnc_err_ simply call bce_error appropriately when in
bce.
* a command processor. The standard command_processor_ is
used to provide a ssu_-like subsystem facility. The various
command programs are called with a pointer to
bce_subsystem_info_, of which the arg_list_ptr is the impor-
tant information.
* a request line processor. Any program that wants to parse
lines using standard syntax (without quotes, parentheses, or
active functions, for now) calls bce_command_processor_ with
the command line, a procedure that will find the command,
and a return code. find_rpv_subsystem, for example, calls
it with an internal procedure that checks that the command
is either "rpv", "cold", "help", or "?", and returns the
appropriate internal procedure to process the command.
These procedures use the usual cu_ entrypoints to access
their arguments.
* The paged temp segments bootload_temp_1 .. bootload_temp_N.
These are each of 128/N pages long, and mapped as abs-seg's
onto a part of the bce partition. N is established by the
number of such segments listed in the MST header (and
computed by establish_temp_segs). These segments are
managed by get_temp_segments_ and friends.
* A primitive file system. bootload_fs_ manages a simple file
system mapped onto the "file" partition on the rpv. This
file system can hold config files or exec_coms. It is
writable from within Multics service. The objects in the
file system have a max length of 128/N pages, matching that
of the temp segments, and have a single name.
* The standard active function set.
* Disk i/o facilities. Several exist. Some utilities call
(read write)_disk. If they do not need the disk test that
this routine performs (as when accessing the (already)
trusted rpv), they call the no_test versions of these
entrypoints. Another mechanism is to build a paged segment
onto the desired disk area, normally via map_onto_disk.
This mechanism trusts the built in mechanisms of page
control (and traffic control disk polling) to ensure that
the i/o is noticed. A final mechanism is to call
dctl$bootload_(read write), which allows the queueing of
multiple i/os to different disks. This is used for high
volume operations, such as pack copying.
RESTRICTIONS
Various Multics facilties are not present within bce. Some
are listed below.
* No operations upon the file system hierarchy are allowed
(except for indirect references by bce_probe to segments in
the Multics image).
* Normal segment truncation/deletion/creation is not allowed.
The ptws must be manually freed.
* Segments may not be grown (no withdrawing of pages is
allowed). They must be explicitly mapped onto the desired
free area of disk or memory.
* No iox_ operations are allowed. Pseudo-iocb's do exist,
though.
* Only a finite (and small) number of paged/wired work areas
can exist. They also have comparatively small lengths.
* Dynamic linking is not done. References to object names are
done with slt_manager$get_seg_ptr.
* Wakeups and waiting for wakeups can not be done. A program
must loop waiting for status or use pxss facilities.
* Timers (cput and alrm) may not be set. Programs must loop
waiting for the time.
* There are no ips signals so no masking is involved. The
real question is the masking of interrupts (pmut$set_mask).
MODULE DESCRIPTIONS
bce_alert.pl1
Console alert messages (mostly for bce exec_com's) are
produced by bce_alert. It simply appends its arguments,
separated by a space) into one string which it prints through
bce_data$console_alert_put_chars. This prints the message with
audible alarm.
bce_alm_die.alm
bce_alm_die wipes out the bce toehold and enters a "dis"
state.
bce_appending_simulation.pl1
All references to absolute and virtual addresses within the
saved Multics image are performed by bce_appending_simulation.
It has multiple entrypoints for its functions.
The "init" entrypoint must be called before all others. It
initializes certain purely internal variables, for later effi-
ciency. Also, it determines, from scs data, the valid range of
memory addresses so it can later validate addresses before
faulting. As an added bonus, it sets the initial dbr for the
appending simulation based on whether it is desired to examine
the crash image or bce itself.
The entrypoint "new_dbr" sets a new dbr for the simulation.
This entrypoint takes apart the dbr supplied. The main purpose
of this entrypoint is to find this new address space's dseg, so
it can evaluate virtual addresses. This fetching of the descrip-
tion (aste/page table/sdw) of dseg can be done using the absolute
fetching routines of bce_appending_simulation and by manually
disecting sdws and ptws. This entrypoint must also find the
core_map, if present, which is needed by the virtual entrypoints
to find out-of-service pages.
The "(get put)_(absolute virtual)" address entrypoints
actually perform the fetching or patching of data. They take the
input address and fetch or replace data in pieces, keeping each
piece within a page. This is done because different pages
desired may reside in totally different locations.
"get_absolute" and "put_absolute" work in relatively simple
ways. They examine the address to determine its location. Some
low memory pages will be in the image on disk and fetched through
the paged abs-segs multics_(low high)_mem. Other pages are in
memory (above 512k). These are fetched through the abs-seg
abs_seg0 which this program slides onto a 256k block as needed.
References to absolute locations in examine-bce mode always use
the abs_seg0 approach to fetch everything from memory.
Before virtual addresses may be fetched/patched, the
"new_segment" entrypoint must be called. The purpose of this
entrypoint is to fetch the sdw/aste/page table for the segment
for later ease of reference. This is done by using the
"get_virtual" entrypoint, referencing dseg data given the previ-
ously discovered description of dseg (in the "new_dbr"
entrypoint). For efficiency in fetching the sdw (meaningful for
the dump command which calls this entrypoint for every segment
number valid in a process and ends up fetching null sdws), a dseg
page is kept internal to this routine.
Virtual addresses are manipulated by the "(get
put)_virtual" entrypoints. These entrypoints break apart the
request into blocks that fit into pages. For each page of the
segment that it needs, it examines its ptw (found in the segment
description found and provided by the "new_segment" entrypoint)
to determine its location. Pages flagged as in memory are
obtained by the absolute entrypoint. Pages on disk can be easily
manipulated by mapping rdisk_seg onto the page and paging it. If
it is in neither catagories, something is either wrong or the
page is out of service. For out of service pages (pages with i/o
in progress upon them), the "correct" page is found (the page at
the source of the i/o) and this manipulated. If this is a put
operation, it is necessary to replace this page in both locations
(both memory and the disk page in use) to make sure that the
effect is felt. Also, for any put operation, the proper page
table word must have its modified bit set so page control notices
the modification.
bce_check_abort.pl1
bce_check_abort contains the logic for possibly aborting
bce functions upon operator request. When called, it checks
wired_hardcore_data$abort_request, which is set by ocdcm_ whenev-
er an unsolicited request is hit. If this bit is set,
bce_check_abort prompts the operator with "Abort?" to which the
response determines the degree of abort. Both this query and the
response i/o are performed through bce_data$console_[whatever] to
force them to appear on the console. A response of "no" simply
returns. "yes" and "request" signals sub_request_abort_, which
is intercepted by the bce_exec_com_ and bce_listen_, or by a bce
subsystem. Entering "command" signals request_abort_, handled by
bce_exec_com_ and bce_listen_ to abort a subsystem. Entering
"all" performs a non-local goto to <sub-sys info>.abort_label,
which returns to bce_listen_ at top level.
bce_check_abort is called on the output side of
bce_console_io and other output oriented bce i/o modules. Thus,
most operations will notice quickly the operator's intent to
abort. However, any program that can enter an infinite
computational loop (such as the exex_com processor trying to
follow an infinite &goto ... &label loop) must call
bce_check_abort within the loop to provide a way out.
bce_command_processor_.pl1
This routine is a scaled down version of
command_processor_. It does not support active functions or
iteration sets. Written as such, it does not need the various
work areas that command_processor_ needs and can run completely
wired. It separates the command line into the usual tokens,
forming an argument list of the various argument strings. It
uses a routine supplied in its call to find an entry variable to
perform the command found. It is used in various very early
initialization programs like init_clocks and find_rpv_subsystem
(which obviously cannot page) as well as some bootload Multics
programs that can deal with the simplicity and wish not to power
up command_processor_.
bce_console_io.pl1
bce_console_io is the interface to the console dim ocdcm_.
Its function is to perform translation appropriate to the console
(oc_trans_input_ and oc_trans_output_) and to call
ocdcm_$priority_io to perform the i/o. bce_console_io$get_line
is the routine normally found in the entry variable
bce_data$get_line and bce_console_io$put_chars is the routine
normally found in bce_data$put_chars and
bce_data$error_put_chars.
bce_continue.pl1
bce_continue restarts the interrupted image. It flushes
memory and uses pmut$special_bce_return to invoke the toehold.
As it passes, it resets all rtb flags in the flagbox except
ssenb. This is so that the next return to bce does not show the
current rtb flags.
Also present in this module is the bos command, which
flushes memory and uses pmut$special_bce_return to invoke the BOS
toehold.
bce_data.cds
This cds segment contains data pertinent to the command
environment activities of bce. It holds the entry and data
pointers used to perform i/o on the pseudo switches
bce_data$get_line, bce_data$put_chars, bce_data$error_put_chars
and bce_data$exec_com_get_line. It keeps track of the current
exec_com level, through bce_data$command_abs_data_ptr (part of
the exec_com_get_line switch). It also holds the top level
subsystem info for the command level in bce_data$subsys_info_ptr.
bce_die.pl1
This module just checks to see if it is okay to die, which
is actually performed by bce_alm_die.
bce_display_instruction_.pl1
One of the bce_probe support utilities,
bce_display_instruction_ displays one (possibly multi-word)
instruction. It uses op_mnemonic_ for its information. The
result is to print an instruction and to return the number of
words dumped.
bce_display_scu_.pl1
bce_display_scu_ is another bce_probe utility. It displays
the scu data found in machine conditions supplied to it.
bce_display_instruction_ is used to interpret the instruction
words from the data.
bce_dump.pl1
The disk dumping facility of bce is found in bce_dump. It
is actually a rather simple program but with a few tricky special
decisions made within it. After parsing the command line
arguments, it figures out the process and segment options to use.
These options are merged together in a hierarchical fashion; that
is, options applying to all processes apply to eligible; all that
apply to elgible apply to running, etc. The dump header is
filled in with machine state information from the toehold. The
dump header on disk is flagged as invalid. An abs-seg (dump_seg,
created by establish_temp_segs) is built to run down the dump
partition during segment placing. Given this out of the way,
dumping can start. Each apte is read from the saved image
(through bce_appending_simulation). For each, the segment
options applying to each are determined. Given the segment
limits in the dbr for this process, each segment is examined to
see if it meets the segment options. Most of the options are
self-explanatory. When it comes to dumping non-hardcore seg-
ments, though, it is desired to dump any hierarchy segment only
once. This is done by keeping a pseudo bit-map of the sst, where
each bit says that a segment has been dumped. (Since the
smallest possible aste in the sst is 16 words, there can be at
most 256K/16 astes. Given an address within the sst from a
segments' sdw, we assume that any aste that crosses the mod 16
boundary near this address describes the same segment as this and
need not be dumped again.) If a segment is to be dumped, we read
pages from its end, looking for the first non-null page. All
pages from the beginning of the segment up to and including this
page are appended to the dump. (The dump_seg abs-seg is adjusted
to indicate these pages.) When all is dumped, we update the
header and write it out.
bce_error.pl1
A simplified form of com_err_, bce_error simply fetches the
text of an error message from error_table_ and constructs an
error message which is printed through bce_data$error_put_chars.
The com_err entrypoint is used to format a com_err_ style
message, used by com_err_ when called during initialization.
bce_esd.pl1
An emergency shutdown of Multics is initiated by bce_esd.
It uses bce_continue to invoke the toehold to restart the image.
However, before doing this, it patches the machine conditions in
the toehold to force the image to transfer to
emergency_shutdown|0, to perform an esd.
bce_exec_com_.pl1
bce_exec_com_, along with bce_exec_com_input, form the bce
equivalent of version 1 exec_com's. bce_exec_com_ is a merging
of functions found in exec_com with those found in
abs_io_$attach. It finds the ec and builds an appropriate
ec_info and abs_data structure to describe it. The ec attachment
is made (bce_data$exec_com_get_line) is made to refer to this ec
invocation, after saving the previous level. Commands are read
from the ec through bce_exec_com_input and executed through
command_processor_$subsys_execute_line. Once bce_exec_com_info
returns a code for end of file, the ec attachment is reverted.
bce_exec_com_input.pl1
bce_exec_com_input performs the parsing of exec_coms. It
is a pseudo i/o module, in the style of bce_console_io$get_line.
It is called in two possible cases. The first is to fetch a
command line for execution by bce_exec_com_. In this case, the
switch is bce_data$exec_com_get_line. When an &attach appears in
an ec, bce_exec_com_input will have attached itself (by making
bce_data$get_line point to itself) and then calls to
bce_data$get_line will call bce_exec_com_input for a line where
the switch (bce_data$get_line) will point to the abs_data for the
ec that performed the &attach. The basic code is stolen from
abs_io_v1_get_line_. The major changes are to delete
non-meaningful operations like &ec_dir.
bce_execute_command_.pl1
This routine is the caller for the various bce command
programs. It is passed as an argument to, and is called, from
command_processor_$subsys_execute_line. It is given a pointer to
an argument list generated by command_processor_, as well as the
request name. bce_execute_command_ uses bce_map_over_requests_
to scan through bce_request_table_ to find the entry to call. It
understands the difference in calling between Multics routines
(like active functions stolen from Multics) and bce routines. It
also understands the flags indicating within which command levels
a command is valid.
bce_fwload.pl1
Firmware is loaded into various mpcs by bce_fwload. Its
objective is to find, for each mpc desired, the set of firmware
images needed for it. hc_load_mpc does the actual loading. For
a normal (disk, tape) mpc, this involves just finding the mpc
card which shows the model. The model implies the firmware
module needed (config_data_$mpc_x_names.fw_tag). The desired
module is found through slt_manager. (Firmware images for disk
were part of collection 1 and are wired (they needed to be in
memory to be able to load the rpv controller); other images were
part of paged collection 1.5.) For urc controllers, the main
firmware can also be derived from the mpc's mpc card. However,
it is necessary to check all prph cards to find peripherals
accessible through that urc. For each, and depending on the urc
channel it is attached to, the appropriate firmware overlay is
found and put in the correct slot in the list of firmware to
load.
bce_get_flagbox.pl1
This module performs the bce (get set)_flagbox
commands/active functions. It is basically a version of the
corresponding Multics routine, modified to make direct references
to the flagbox instead of a gated access.
bce_get_to_command_level.pl1
The routine to get from real_initializer into command level
is bce_get_to_command_level. It builds a bce_subsystem_info_
structure which it passes to bce_listen_. It examines the
current state to determine if the initial command should be null
(manual entry), the flagbox bce command (normal) or probe
(breakpoint entry). Since it is the routine below
real_initializer on the stack, it is the routine to which control
must return so that real_initializer can be returned to to
perform boot and re_initialize functions. Thus, boot and
re_initialize are entrypoints within this program. re_initialize
just returns, setting the collection_1_phase to "early" so that
real_initializer will end up running another boot pass. This
will cause bootload Multics to pick up any changes that have been
made to the config_deck. boot scans the arguments which are
inserted into the intk card. It then returns.
bce_inst_length_.pl1
Another bce_probe utility. This routine is used to deter-
mine the length of an instruction, so that it may be correctly
relocated. It differs from the real probe's version in that it
does not attempt to deal with xec instructions.
bce_list_requests_.pl1
This program implements the list_requests (lr) bootload
Multics command. It does a simple minded walk down the bootload
Multics request table, using bce_map_over_requests_, with a
printing routine to print the request names and the description
within the table. It understands the dont_list flag, as well as
understanding flags indicating at which levels a given command is
valid.
bce_listen_.pl1
bce_listen is a simple loop that reads a command line from
bce_data$get_line and executes it through command_processor_
(using bce_execute_command_ to actually execute the request). It
contains the sub_request_abort_ and request_abort_ handlers to
work with the operation of bce_check_abort.
bce_map_over_requests_.pl1
Programs that wish to walk down the bootload Multics
request table (bce_list_requests_ and bce_execute_command_) call
bce_map_over_requests_ with a routine that is called on each
entry in the table. As such, the format of the table itself is
known only to this routine.
bce_name_to_segnum_.pl1
This bce_probe utility maps segment numbers to names. It
searches the slt and name_tables from the saved image.
Entrypoints exists to convert a segment number to a hardcore
segment name (bce_segnum_to_name_), a segment pointer to a
virtual name (bce_segptr_to_name_), and a segment name to a
segment number (bce_name_to_segnum_).
bce_probe.pl1.pmac
The main portion of bce's probe support, bce_probe contains
the main drivers for most of probe's facilities. It contains the
request line parser, address and value parsers and most of the
functional routines.
bce_probe starts by examining its arguments and its envi-
ronment to determine its operating mode. It defaults to
examining the breakpoint image if the flagbox indicates a break,
to examining the crash image, when at bce_crash or crash command
levels or to examining bce otherwise. Given its operating mode,
it initializes the appending simulation package accordingly and
establishes a few initial constants. If in break mode, it
determines the point of break for operator information.
bce proceeds to read request lines from the console. The
first "string" in the line (or partial line left, if this is a
multiple request line) found by internal routine get_string
becomes the request name. This is looked up in a table and
dispatched through a "case" statement.
REQUEST ROUTINES
The before request finds the desired address. It is
validated to ensure that it is virtual and that the segment named
is breakpointable. Finding the breakpoint page for this segment,
this request looks for an empty break slot. The original
instruction is relocated there (bce_relocate_instruction_) and
replaced by a transfer to the break block. The break block
consists of a "drl -1" instruction, which causes the break,
followed by the relocated instruction, followed by a transfer
back to just after the original instruction in the code. This
break block and the transfer to the block are patched into the
segment such that failure at any time will not damage the
segment.
The continue request validates itself and calls
bce_continue.
The dbr request fetches its arguments. Constructing a new
dbr, it calls internal routine new_dbr.
The display request gets and validates its arguments. It
loops, fetching (through bce_probe_fetch_) at most a page at a
time to display (since we only allocate a one page buffer for the
fetch). The internal routine "display" displays the data in the
specified mode. Since data to be displayed may cross page
boundaries, any data "display" cannot display (because it would
need data from the next page to fill out a line) is "scrolled" in
front of the page buffer and a new page worth's of data fetched.
This continues until the last page is fetched.
The let request finds the address and sets up for patching
of same. It then loops, finding values from the request line,
converting them to binary. These are appended unto a word based
buffer. When all are fetched, they are patched into place.
The list_requests request simple prints a canned list of
requests.
The mc request gets its address and uses bce_display_scu_.
The name request uses bce_segnum_to_name_.
The proc request fetches the desired apte from tc_data in
the image. A new dbr value found therein is passed to internal
routine "new_dbr".
The quit request quits.
The reset request performs the inverse of the before
request. After validating its address (for virtualness,
breakpointability, etc.), it undoes the effect of before, in
reverse order to prevent damage to the segment.
The segno request uses bce_name_to_segnum_.
The stack request validates its argument. Given the word
offset therein, it decides whether to start from the specified
stack header or frame. The needed data is fetched and displayed
in interpreted form. Each stack pointer fetched is validated,
not only to insure that it is a valid pointer, but to insure that
stack frame loops do not cause bce probe loops.
The status request uses the internal routine "status" to
display breakpoints set. It simply validates its argument and
decides between listing breakpoints for a segment versus listing
breakpointed segments.
INTERNAL ROUTINES
check_no_more_args insures that no more arguments appear on
the request line; that is, that we are looking at a semi-colon or
new-line.
display displays data in a specified mode. It determines
the bit sizes to display, alignments, etc. Its only trick is
when processing the end of a buffer full that doesn't fill a
display line. This causes it to not finish its display. Its
caller (the display request) then appends what was not displayed
to the front of the next buffer full so that it may appear in the
next group.
function is used to parse functional references, such as
"reg(ralr)". function extracts the arguments to the function
(whose identity was determined by its caller), builds an argument
list from these strings, and calls the function.
get_address contains the logic to parse a bce probe
address. It fills in the structure, bce_probe_data$address to
define the current address. It special cases the dot (".")
forms, checks for virtual forms (those with a "|" in them),
notices absolute addresses (single octal number) and uses func-
tion for the pseudo-variable type of addresses (reg and disk).
Internal routines to get_address, called by function, build the
address structure for these types.
get_string finds the next "string" in the request line.
Its basic job is to pass whitespace and find string delimiters.
get_value finds a let request value. It looks for ascii
strings (values starting with a quote character), which it must
parse separately (since quoted strings confuse the notion of
string contained in get_string), finds virtual pointers (strings
containing "|"), and finds the various numeric types.
line_error is used to print error messages. Besides
printing the given message, optionally with or without the
current request line arg or error code, it also aborts the
current request line.
new_dbr is the counterpart to the new_dbr entrypoint to the
appending package. It exists to set up references to a few
popular segments (slt and name_table) whenever the dbr changes.
pass_white passes whitespace.
status displays breakpoint status. Since break blocks are
zeroed when not in use it is possible to find them easily. For
any segment listed in the image's slt as being breakpointable,
status fetches the last page (that which holds the breakpoints)
and examines each break block. Any with a valid
original_instr_ptr are displayed.
bce_probe_data.cds
Information communicated between probe and its support
routines is done so through bce_probe_data. This cds contains
the current value of "." (current address), as well as pointers
to bce_appending_seg_info structures describing key segments in
the image used by the support routines.
bce_probe_fetch_.pl1
This support utility to bce_probe fetches data, given a
length and the current address (in bce_probe_data$address). It
simply uses bce_appending_simulation for absolute and virtual
address and read_disk for disk addresses. Register addresses
must be specially handled by the caller.
bce_query.pl1
bce_query is a simple-minded counterpart to command_query_.
It uses bce_data$put_chars to print a question and
bce_data$get_line to read an answer. The main entrypoint accepts
any answer and bce_query$yes_no accepts only yes or no which it
returns as a bit. This routine is called with no prompt by some
routines who find its return result (char (*)) to be better that
the buffer and length and return length returned by
bce_data$get_line.
bce_ready.pl1
bce_ready prints the bce ready message:
bce (BCE_COMMAND_LEVEL) TIME:
It has a nnl entrypoint to print the message without new-line (as
a prompt), The normal entry prints the line (for ready message
within exec_com).
bce_relocate_instruction_.pl1
This is another support routine for bce_probe. It differs
from the standard Multics version in that it does not allow
relocation of "xec" instructions. (Service probe allows this by
attempting to examine the target of the xec, something bce_probe
does not attempt.)
bce_request_table_.alm
The bootload Multics request table is a normal ssu_ request
table built with ssu_request_macros. Each entry contains a
pointer to the routine that performs a request, the name and
short name of the request, and a short description of the
request. The actual threading of the entries is known only to
bce_map_over_requests_, which performs the walking down of this
table. The last three flags in each rq_data entry is used to
specify whether the command is valid at the three main bce
command level types: early, boot and crash.
bce_severity.pl1
This is the bce counterpart to the Multics severity
command/active function. It does not work as the Multics routine
does, however. Instead, it knows the set of programs that
recognize a severity indicator. For the desired one, it calls
the severity entrypoint thereof to find the severity.
bce_shutdown_state.pl1
The current shutdown state of the storage system (rpv
label.shutdown_state) is found by this routine. It uses
read_disk to find this information.
bootload_disk_post.pl1
This routine is used in conjunction with the high volume
disk facility of bce (dctl$bootload_(read write)). Whenever a
disk i/o queued through this means is posted for completion, it
is done so through bootload_disk_post, called by either dctl or
disk_control. The result is posted in a structure described by
bootload_post_area.incl.pl1. This area must be maintained by the
caller.
bootload_fs_.pl1
bootload_fs_ contains various routines to act upon the
bootload Multics file system. The format of the bootload Multics
file system is known only to this program. The file system is
kept in a single abs-seg (bootload_file_partition), mapped (and
paged) off the bce partition on the rpv. A two page header at
the start of the partition contains a directory of 174 entries
(max that fits) listing the name, size and placement of the file
within the segment. Also present is a free block map. Files are
allocated as a contiguous series of blocks (64 word blocks)
within the segment. The segment is automatically compacted by
this routine when necessary. Entrypoints to this routine are:
lookup (find the length of a file given its name), list
(allocates a list of file names and sizes within a user supplied
area), get (copies a file into a user supplied buffer), get_ptr
(returns a pointer and length to a given file (hcs_$initiate?)),
put (allocates area within the file system for a file and copies
a user supplied buffer into it), put_ptr (allocates an area
within the file system large enough for a given file and returns
a pointer to it) (both put and put_ptr take an argument allowing
for the deletion of a file with the same name as the one
desired), delete (deletes a directory entry and frees the space
used), rename (renames a file (does not allow name duplication)),
and init (clear out the bootload file system entirely).
bootload_fs_cmds_.pl1
This program simply calls bootload_fs_ to perform the
functions of the bootload Multics commands print, list, delete,
rename, and initialize. This routine supports the star and equal
conventions for most of its operations through match_star_name_
and get_equal_name_.
bootload_qedx.pl1
bootload_qedx is a modified version of qedx. It differs in
its use of file system operations (bootload_fs_) and its use of
temp segs.
config_deck_data_.cds
The config deck editor's source of config card descriptions
is found in config_deck_data_. This cds provides labels for the
fields, numbers and types of fields, etc.
config_deck_edit_.pl1
This is the program that edits config decks. It calls
qedx_ to perform text editing, specifying the caller_does_io
option. With this option, qedx_ calls config_deck_edit_ to
perform read and write operations on buffers. Any read/write not
to the config deck uses bootload_fs_. Reads/writes to <config
deck> (buffer 0) use the config deck conversion routines. This
program makes use of config_deck_parse_, the routine that can
convert from ascii (possibly labeled) form to and from binary
form. The conversions are performed using a set of tables
(config_deck_data_) that describe the names of the fields, the
required and optional number thereof, the data types of the
fields, etc. Also allowed by the conversion routines are cards
of types not recognizable starting with a dot (.) which are not
validated. This is to allow for future expansion and site
formatted cards.
When a command line argument is supplied, the file
specified is accessed (bootload_fs_$get_ptr) and the object
obtained is supplied to the internal routine write_config_deck
which sets this new deck.
establish_temp_segs.pl1
Whenever bce needs (paged) temp segments, it calls
get_temp_segments_. get_temp_segments_ gets these segments from
the pool of segments bootload_temp_1..N. establish_temp_segs
divides the temp seg pages allocated in the bce partition (128
pages) up into the N segments (N is determined from the number of
such segments listed in the mst header). The paged segments are
built as abs-seg's onto this area of the determined length. This
size is saved in sys_info$bce_max_seg_size. establish_temp_segs
also creates the bce segments multics_(low high)_mem, used to
access the saved image, and dump_seg, used to access the dump
partition.
find_file_partition.pl1
find_file_partition maps the bootload Multics file system
abs-seg (bootload_file_partition) onto the bce partition on the
rpv in much the same manner as establish_config_deck maps the
config deck. It also calls bootload_fs_$init to begin accessing
the segment. If bootload_fs_ states that the file system is bad,
find_file_partition will call bootload_fs_$init again, this time
to clear out the file system.
init_bce.pl1
init_bce initializes the bootload Multics command environ-
ment features required for future programs. It is called early
in initialization. At its wired entrypoint, it sets up
free_area_1 as an area, setting the inzr_stk0 stack header to
point to it so that allocates without an area work correctly and
so that get_system_free_area_ also works. This routine also
initially sets bce_data$get_line, bce_data$put_chars and
bce_data$error_put_chars to their appropriate entry values
(bce_console_io$get_line, bce_console_io$put_chars and
bce_console_io$put_chars, respectively) so that calls to
bce_query, bce_error and especially ioa_, will work. At its
paged entrypoint, it finishes up references to paged objects, in
particular, to the exec_com routines.
SECTION 5
CRASH HANDLING
Bootload Multics must be able to save the salient state of
a crashing system and set up the command environment for dumping
and other intervention.
EARLY CRASHES
Crashes in collection 0 or the early initialization pass of
collection one should be very rare. Since the system uses a
generated config deck, the set of possible operator inputs is
small, and it is possible to do a much more thorough job of
testing than can be done with BOS or service initialization.
However, hardware problems will happen, and software bugs will
sneak through. To cover these cases, collection 0 includes a
crash handler that can write a core image to tape, prompting the
operator for the drive number.
THE TOEHOLD
The toehold, toehold.alm, is an impure, wired, privileged
program that resides in a known location in absolute memory
(24000o). It has entrypoints at the beginning that can be
entered in one of two ways: with the execute switches processor
function, or by being copied into the fault vector. The toehold,
therefore, is entered in absolute mode. It must save the 512K
memory image off to disk, and then load in the crash handler.
The memory image includes the complete machine state. All
absolute addresses, channel programs, port and channel numbers,
and other configuration dependent information is stored into the
toehold by a PL/I program, init_toehold.pl1. Thus the alm code
does not have to know how to do any of these things, which
simplifies it considerably.
The toehold starts with the various entry sequences; one
for manual entry, one for Multics entry (which differs from
manual entry in that the means of entry is to execute the entry
through a fault vector entry; it is necessary to update the
machine conditions in this case to pass the instruction that
caused the fault vector execution) and one for restarting the
machine image. The crash entries save the entire machine state.
This is done under the protection of the memory_state so that the
machine state is not overwritten if the toehold is invoked again
after being invoked after a crash. An internal routine performs
i/o given a set of dcw lists (built by init_toehold). After the
memory is saved and the crash handler read in, the machine state
of bce is restored. (It was saved by save_handler_mc.) This
causes a return into save_handler_mc, which quickly returns to
init_toehold, which quickly returns to real_initializer who
quickly starts the appropriate crash initialization pass.
On the restore side, the system is masked and the internal
routine called to read back the saved image. The machine
conditions are restored from the toehold (which is not
saved/restored during the memory shuffle).
MODULE DESCRIPTIONS
fim.alm
fim is listed in the crashing set of modules in as much as
that it contains the bce breakpoint handler. A bce breakpoint
consists of a "drl -1" instruction. fim's drl handler special
cases these (in ring 0), saves the machine state in
breakpoint_page (after advancing the ic to pass the drl instruc-
tion) and calls pmut$bce_and_return. It also performs the
restart from a breakpoint.
init_toehold.pl1
This pl1 program constructs the channel programs to save
and restore the 512K memory image, and fills it and other data
into the text of toehold. After saving the bce image (crash
handler) on disk, it calls save_handler_mc to save the current
machine state of bce in the toehold. When bce is invoked upon a
crash, the bce restore operation will return to the return in
save_handler_mc which will return to this point in init_toehold.
init_toehold notices this and quickly returns to real_initializer
who will perform the desired crash initialization pass.
save_handler_mc.alm
The save_handler_mc program, called from init_toehold right
after it saves the crash handler to disk, saves in the toehold
the machine conditions appropriate for bce. Besides register
contents and such, it saves the return address to the return in
save_handler_mc.
�
SECTION 6
COLLECTION 2
The main task of collection 2 is to make the storage system
accessible. Along its way, it loads collection 3 into the
storage system and places the appropriate entities from collec-
tions 1 and 2 into the hierarchy. The sub-tasks are to enable
segment control and directory control. The real traffic control
is also started. Since collection 2 runs in a paged environment,
it does not have the memory restrictions that collection 1 had.
This is the reason why it is in a different collection from
collection 1.
ORDER OF EXECUTION
The operations performed in collection 2 are described
below.
initialize_faults$fault_init_two is called to change the
fault vectors into the desired values for normal service opera-
tion, now that the code for such has been loaded.
Initialization now runs performing several intermingled
functions. All hardcore segments must be created now, before
traffic control is fully initialized. This is so that the
address space inherited by the new processes (idle in particular)
encompasses all of hardcore.
tty_buf, tty_area and tty_tables are generated through a
call to fnp_init. They won't be needed at this time but must be
allocated before tc_init$part_2.
Unique id (uid) generation is initialized by a call to
getuid$init. This is required before segments in the hierarchy
(in particular, >sl1 and >pdd) can be created.
init_vtoc_man allocates and initializes the
vtoc_buffer_seg. We are therefore eligible to read and write
(and create) vtoces.
dbm_seg is allocated and initialized to an area by
dbm_man$init. init_scavenger_data allocates the scavenger_data
segment, used by the volume scavenger. The page control data
base, dm_journal_seg_, used to control synchronous page opera-
tions (data management), is initialized by init_dm_journal_seg.
dir_lock_seg, used to keep track of directory lockings and
waitings thereupon, is initialized by dir_lock_init. Again,
these are created before tc_init$part_2 is run.
After this point, changes to the hardcore descriptor
segment may not be reflected in idle process and hproc descriptor
segments. This is because init_sys_var, which sets various
system variables, uses the number of supervisor segments present
(which is the expected total set thereof) to set the stack base
segment number in various variables and in the dbr.
We can now run tc_init$part_2, which creates the idle
processes and starts multiprogramming. At this time, only the
bootload cpu will be running but the idle process will be enabled
to run on it.
With multiprogramming active, syserr_log_init can create
the syserr hproc (after it makes the syserr partition accessi-
ble). We then log a message to the effect that this was done.
The activation of segment control, which began with the
creation of the sst, continues now with the creation of the
system trailer seg (str_seg) by init_str_seg. If the astk (ast
track) parm was specified, init_sst_name_seg initializes the
sst_names_ segment with the names of paged hardcore segments.
The entrybounds of hardcore gates are set via a call to
init_hardcore_gates, which also stores linkage pointers into the
gates for a reason described under the description of the
program.
We can finally make the volumes of the rlv accessible for
storage system activity by a call to accept_rpv. This sets up
the volume and vtoc maps and stocks for the drives, allowing
vtoc_man and the page creation/destruction functions to work
against the paging region of the disks.
The logical volume table (lvt) is initialized to describe
the rlv by init_lvt.
bad_dir_ and seg_fault_handlers are now set up as we are
about to access our first directory. init_root_dir makes the
root directory known in the Initializer's process, creating it if
this is a cold boot. The functions performed here are those that
will allow future hierarchy segment references through segment
control (kst creation, in particular). kst_util$garbage_collect
is called just to make the kst neat. At this time, we can
consider segment control to be active. We can call upon it to
create, delete or whatever. The presence of the root will allow
these activities by virtue of the special casing performed by
segment control when it discovers a segment with no parent (the
root).
The hardcore entities which need to be placed into the
hierarchy (deciduous segments) are done so by init_branches,
which also creates >sl1 and >pdd appropriately. These entities
will be needed when we try to leave ring zero. Of course, other
required segments are needed; these are the contents of collec-
tion 3.
init_stack_0 then runs to create the various stack_0's to
be shared between eligible processes, now that it has a place to
put them.
delete_segs$temp can now run, deleting collection 2 tempo-
rary segments. This ends collection 2.
MODULE DESCRIPTIONS
accept_fs_disk.pl1
A disk is accepted into the file system by accept_fs_disk.
It validates the pvte for the disk. The label is read. (If this
is a pre-MR10 pack, salvage_pv is called to convert the vtoc
region for stock operations.) The pvid and lvid of this disk are
copied into the pvt, finally making this data valid. The volmap
and vtoc map are initialized and the stocks made active by
init_volmap_seg. If this fails, the volume salvager is called
and we try again. The partition map from the label is checked
against the volmap to make sure that no partition claims pages in
the paging region. The updated disk label is written out as we
exit.
accept_rpv.pl1
The volumes of the rlv are accepted for storage system use
by accept_rpv. First, the various disks that have hardcore
partitions are validated, from their labels, to be part of the
rlv. We then scan the intk card to see if the rpv or rlv desire
salvaging; these facts are stored in the pvt. If the rpv needs
salvaging, this is done now (salvager$volume_salvage). For
information purposes, we log (or print, if the hcpt parm was
specified), the amount of the hardcore partition used on the
various disks. accept_fs_disk is called to accept the rpv in the
normal way. wired_shutdown is enabled as the storage system is
considered to be enabled. Appropriately, make_sdw$reset_hcp is
called to prevent further attempts to allocate from the hardcore
partition. Contrary to the name (accept_rpv), the entire rlv is
accepted next by calling the salvager, if necessary, and
accept_fs_disk for the other rlv volumes. We can then clear
salv_data$rpv to keep the salvager from salvaging the rpv later.
create_root_dir.pl1
During a cold boot, the root is initialized by
create_root_dir. It locks the root, setting its uid to all ones.
The various dir header variables are set, pvid, master_dir flag,
etc. A directory style area is set up along with a directory
hash table. The dir is then unlocked and we exit.
create_root_vtoce.pl1
create_root_vtoce creates a vtoce for the root directory
during a cold boot. The vtoce created describes the root as a
master directory of appropriate length, maximum quota limit,
created as of the current time, primary name of ">", etc.
vtoc_man is used to allocate space in the vtoc map for this and
to write it out.
dbm_man.pl1
dbm_man manages the dbm_seg (dumper bit map) for the volume
dumper. The init entrypoint used during initialization allocates
and initializes the dbm_seg. Its size is determined from the
number of disk drives configured and allocated out of the
hardcore partition by make_sdw. This routine changes dbm_seg
from its MST status (an abs_seg) to being a real segment.
dir_lock_init.pl1
The segment used to keep track of directory lockings and
waitings thereupon, dir_lock_seg, is allocated and initialized by
dir_lock_init. The size of this segment is based upon
max_max_eligible (the maximum number of readers of a lock) and
sys_info$max_tree_depth (maximum lock depth one can hold). The
dir_lock_seg is converted from an abs_seg to a real seg, paged
out of the hardcore partition. Initially, ten dir_lock's are
allocated, threaded appropriately.
fnp_init.pl1
fnp_init initializes the data bases used in Multics-fnp
communication. tty_buf is allocated in wired memory either with
a default size or a size specified by the ttyb parm. Various
header variables are set up. If a tty trace table is called for
by a config parm, it is allocated in the tty_buf free_space area.
tty_area is initialized as an empty area. tty_tables also has
its header filled in and its table_area set to an empty area.
The config file is scanned for fnp cards; each one sets the
fnp_config_flags appropriate to it. The hardware fixed
dn355_mailbox for each fnp is zeroed. fnp_info is set. Finally,
io_manager$assign is called to assign each fnp with an interrupt
handler of dn355$interrupt.
getuid.alm
getuid is the generator of uid's (unique identifiers) for
storage system objects. It operates by effectively incrementing
tc_data$id under its own form of lock. The init entrypoint used
during initialization stores an initial uid "seed" in tc_data$id
generated from the clock value.
init_branches.pl1
The program that places the appropriate hardcore segments
into the hierarchy, creating >sl1 and >pdd as it goes, is
init_branches. To start with a clean slate, it renames the old
>process_dir_dir and >pdd to a screech name. append then creates
a new >process_dir_dir (added name of >pdd) which is then
initiated. The per_process sw is set on for this dir. It is
given the maximum quota possible. The old >system_library_1
(>sl1) is also renamed and a new one created and initiated.
Access is set to s for *.*.* on it. We then walk down the
various sst pools looking for segments to have branches created.
The sst entry leads us to the slt entry for the segment to be
placed in the hierarchy. create_branch is called (running
recursively) to create a branch for the segment (it creates all
necessary containing directories and a vtoce for the segment). A
pointer to the parent directory and its aste is found. The aste
for the hardcore segment is threaded into the parent entry. The
per_process sw, max_length and uid fields are set in the aste.
It is then threaded out of the hardcore lists and into the
appropriate segment list. The vtoc index provided for the
segment (found in its entry in the parent directory) is copied
into the aste so vtoc_man will work. The entrybound of the
segment is placed into the directory entry. If aste tracking is
going on, a sstnt entry is added. Its vtoce is updated, putting
the correct information from the initialization created aste into
the vtoce. The parent directory is then unlocked and terminated.
The per_process sw is turned on in the aste for >pdd so
that it can propogate down to sons activated off it. We walk
down >pdd to propogate this switch. The maximum length of the
slt and name_table are explicitly set, not trusting the slte
fields for them. A maximum quota is reset on >pdd. The default
acl term of sma *.SysDaemon is removed from >pdd and the acl term
of sma Initializer.SysDaemon.z is added. >dumps is created and
salvaged if needed. The hierarchy is now properly created and
active.
init_dm_journal_seg.pl1
init_dm_journal_seg initializes the page control data base
dm_journal_seg_ used to control synchronous page operations.
This routine parses the dbmj card. This card describes the sizes
of the various journals needed. Once the size of dm_journal_seg_
is found, its memory (wired) is obtained from make_sdw. Various
header parameters (pool thresholds, pages held, events) are
filled in. The various journal entries have their time stamp
initialized to tc_data$end_of_time. The various page_entry's are
threaded into a list. After this, sst$dm_enabled is set for the
world to know.
init_hardcore_gates.pl1
init_hardcore_gates performs a variety of functions to make
those things which are hardcore gates into future usable
entities. It recognizes anything in the slt with ring brackets
of 0, 0, n as a hardcore gate. It finds within the text (given
the definitions) the segdef .my_lp and stores there (having
forced write access) the linkage pointer for the gate. This is
done because, the gate, known in outer rings by a segment number
different from the hardcore number, would not be able to find its
linkage by indexing into the lot by its segment number as normal
outer ring programs do. Given the segdef .tv_end found for the
gate, the entrybound is set in the gate's sdw. Finally, the ring
brackets for restart_fault and return_to_ring_0_ are set from
their slt values so that these segments may be used in outer
rings with their hardcore segment numbers. (return_to_ring_0_
has a pointer to it stored as the return pointer in the stack
frame by signaller. return_to_ring_0_ finds restart_fault
through a text imbeded pointer.)
init_lvt.pl1
The logical volume table is initialized by init_lvt. It
sets up the header and then uses logical_volume_manager$add to
add the entry for the rlv.
init_processor.alm
A processor is inited by init_processor. The init
entrypoint stores the absolute address of various variables into
init_processor itself for execution within absolute mode when
started on other cpus. When run to start a cpu, it performs some
collection of tests, enters appending mode, fiddles with associa-
tive memories and cache, informs pxss that it is running (through
its apte), initializes pds and prds time values, sends out a
connect to preempt the processor and then opens the mask to allow
interrupts. (We will be interrupted at this time (by the connect
we sent). This will cause us to find our way back to pxss to
schedule something to run on this processor.) The idle loop for
a processor is contained within init_processor following this.
The idle loop flashes a moving pattern in the aq lights when it
is on the processor. At this time, x4 contains the number of
eligible processes, x5 the term processid and x6 the number of
ready processes for the sake of checking system operation.
init_root_dir.pl1
The root directory is made known by init_root_dir. We
start by checking to see if this is a cold boot. If so,
create_root_vtoce is called. The root vtoce is read. An aste is
obtained for the root dir (64 pages), which is initialized from
the data in this vtoce. pc is used to fill the page table.
search_ast hashes in this aste. We can now begin the process
that will allow future segment accessing activity through segment
control. The Initializer's kst is built, by initialize_kst. The
pathname "associative memory" used to map segment numbers to
pathnames is initialized by pathname_am$initialize. makeknown_
is called to make the root (uid of all ones) known (found in the
kst). If this is a cold boot, this segment just made known must
be initialized to a directory by create_root_dir. Finally, this
directory is salvaged, if necessary.
init_scavenger_data.pl1
The segment scavenger_data is initialized by
init_scavenger_data.
init_sst_name_seg.pl1
The sst_names_ segment is initialized by init_sst_name_seg
whenever the astk parm appears. It walks down the slt, looking
for segments that are paged with page tables in the sst. For
each, it copies the primary name into the sst_names_ segment.
init_stack_0.pl1
The various ring zero stacks (stack_0) are created by
init_stack_0. Since a process cannot lose eligibility while in
ring 0, the number of processes that can have frames down on ring
zero stacks is equal to the maximum possible number of eligible
processes (max_max_eligible). We thus create this many ring 0
stacks which are used by eligible processes. The various
stack_0.nnn segments are created in >sl1. They are, in turn,
initiated, truncated, and prewithdrawn to be 16k long. The vtoce
is updated accordingly. The stack header from the initializer's
ring zero stack is copied into the header of these stacks. The
stack is then terminated. The acl for Initializer is removed.
The first stack slot is claimed for the Initializer; the current
stack being put into the slot in stack_0_data.
init_str_seg.pl1
init_str_seg initializes the system trailer segment
(str_seg) into a list of free trailer entries.
init_sys_var.pl1
Now that all of the hardcore segments have either been read
in or created, we can now stand back and observe hardcore. The
next supervisor segment number (mod 8) becomes the ring 0 stack
segment number (stack base) which is stored in
active_all_rings_data$stack_base_segno and hcscnt. We make sure
that the dsegs for the idle processes will be big enough to
describe these segments. The stack base is stored in the dbr
value in the apte. Various other system variables are set:
sys_info$time_of_bootload, sst$pvhtp (physical volume hold table
pointer), sst$rqover (record quota overflow error code, which is
moved to this wired place from the paged error_table_), and
sst$checksum_filemap (depending on the nock parm).
init_volmap_seg.pl1
init_volmap_seg initializes a volmap and vtoc map segment
allowing us to reference such things on a given physical volume.
It starts by acquiring an aste for the volmap_seg (for the
segment abs_seg) and one for the vtoc header (for the segment
volmap_abs_seg) (vtoc map) which are then mapped onto the desired
areas of the disk. (This is done under the ast lock, of course.)
The free count of records is redetermined from the volmap. The
same is done for the vtoc map. If this is a member of the rlv
and volume inconsistencies were previously found and the number
of free vtoces or records is below a certain threshold, a volume
salvage is called for. If we will not salvage, we can accept the
disk. Use of the hardcore partition on the disk is terminated
through a call to init_hc_part$terminate_hc_part. Vtoc and
record stocks are allocated. The pointers in the pvte to these
stocks are set as are various other status and count fields. The
number of free records and the base address of the first record
in each stock page is computed. The dumper bit map from the disk
is allocated into the dbm_seg (previously created by
dbm_man$init_map). Finally, under the ast lock, we clean up the
abs_seg and volmap_abs_seg segments (free their sdws).
init_vtoc_man.pl1
The vtoc_buffer_seg is initialized by init_vtoc_man. This
routine acquires enough contiguous memory for the
vtoc_buffer_seg, determining the number of vtoc buffers either
from the config vtb parm or from a default. Various vtoc buffer
headers are initialized here.
initialize_faults.pl1
initialize_faults was described earlier, under collection
1. The entry point fault_init_two, used by collection 2, sets up
fault vectors for normal (file system) operations. It prevents
timer run-out faults during operation through a call to pmut$ldt.
initialize_faults_data is used to set the main faults. Faults
set are: command, trouble, segment and linkage to
fim$primary_fault_entry (scu data to pds$fim_data), store, mme,
ft1, lockup, ipr, overflow, divide, df3, mme2, mme3, mme4 and ft3
to fim$signal_entry (scu data to pds$signal_data), and fault
numbers 26 to 30 to wired_fim$unexp_fault (scu data to
prds$sys_trouble_data). Access violations are routed specially
to fim$access_violation_entry which maps the acv fault into our
sub-faults. Timer runouts are sent to wired_fim$timer_runout
(who normally calls pxss) with the scu data stored in
prds$fim_data. Parity goes to fim$parity_entry. Finally, we set
up the static handlers for the no_write_permission, isot_fault
and lot_fault conditions.
kst_util.pl1
kst_util performs utility functions with regard to
maintaining the kst. The garbage collect entrypoint cleans up
the kst by terminating any segment not known in any ring or a
directory with no active inferiors.
start_cpu.pl1
start_cpu might best be described as a reconfiguration
program. It is used during initialization to start a idle
process on each configured cpu (at the appropriate time). When
starting the bootload cpu in collection 2, it fills in the apte
entry for the idle process for the cpu in question. Some more
variables in init_processor are set (controller_data). A simple
call out to init_processor$start_bootload_cpu can be made.
syserr_log_init.pl1
The syserr logging mechanism is made operative by
syserr_log_init. It creates the segment syserr_log which it maps
onto the log partition, wherever it is. A consistency check is
made of the partition; if the check fails, the partition is
re-inited. The syserr hproc (SyserrLogger.Daemon.z)'s ring 0
stack (syserr_daemon_stack) is initialized. The hproc is created
by create_hproc$early_hproc with a stack of syserr_daemon_stack,
dseg of syserr_daemon_dseg, pds of syserr_daemon_pds, and proce-
dure of syserr_logger. A fast channel is defined for communica-
tion through syserr_data to the hproc. Logging is now enabled.
tc_init.pl1
tc_init was described earlier to set up and initialize
tc_data. tc_init$part_2, in collection 2, starts up
multiprogramming by creating the idle processes. This entry can
only be called once the initialzer's dseg is completely filled in
by all those who read or create hardcore segments. Various
variables in template_pds are filled in which are applicable to
the idle processes. For each configured processor, a copy of
template_pds and the initializer's dseg is made into appropriate
entries in idle_dsegs and idle_pdses. The stack_0 for these
processes is made to be the prds for the given processor. The
initial process for the bootload processor (the initializer
himself) is created by threading in an apte specifying
init_processor as an initial procedure. It is placed in work
class zero. tcm is initialized to indicate only this one process
running. Various polling times are set for when polling becomes
enabled as we start multiprogramming. init_processor$init sets
up the rest of the state. We can now call start_cpu to start the
bootload cpu idle process.
SECTION 7
COLLECTION 3
The main task of collection three is to read itself into
the hierarchy. Collection three consists of those programs that
are necessary to reach ring one in the initializer's process and
to be able to perform a reload function (and other maintenance
functions). A few extraneous functions are also performed in
collection three.
ORDER OF EXECUTION
Collection three starts with its main function:
load_system is called to read the remaining mst entities into the
hierarchy. At this time, the mst reading function is shut down.
ioi_init is called to prepare for outer ring usage of
physical devices.
tc_init$start_other_cpus starts up the other processors.
We now consider collection three done and set
sys_info$initialization_state to 4.
real_initializer finally finishes, returning to
initializer. initializer can then delete init segs through
delete_segs$init, real_initializer being part of one.
Initialization then finishes by a call to init_proc, to call out
to ring one command level.
MODULE DESCRIPTIONS
init_proc.pl1
init_proc is the first program run in ring zero in a normal
process. It calls out to the initial procedure for a process in
the outer ring. For the Initializer, the initial_proc is made to
be system_startup_. The setting of the working dir is skipped,
since we can't be sure it's there yet. The ring one stack is
created explicitly, by makestack. system_startup_ is initiated.
call_outer_ring_ is called to "return" out to ring one (outward
calls are not allowed) to transfer to system_startup_.
ioi_init.pl1
ioi_init sets up the various ioi_ data bases. It walks the
config deck, allocating group table entries for each channel
group. Each device whose channel is accessed through a control-
ler has its group entry flagged as a psia. The device table
entries and channel table entries are allocated from information
on the prph card. Then, for each chnl card, the group table
entry corresponding is found and the channel table entries
allocated from the information on the chnl card. The base
logical channel for each group is found. The group entries are
then traversed to find storage system disk channels. All
non-storage system disk channels are assigned to ioi_ through
io_manager. As a final gesture, the ioi_ page tables are setup
(ioi_page_table$init).
ioi_page_table.pl1
The init entrypoint of ioi_page_table is called during
initialization to set up the io_page_tables segment. It starts
by abs wiring the segment as one page (initially) and zeroing it.
The header is initialized. Sixty-four word page tables are
allocated and initialized within this page, as many as will fit.
load_system.pl1
Collection three is loaded into the hierarchy by
load_system. It reads the mst source (disk_reader) looking for
segments. For each, init_branches$branch is called to create the
branch (init_branches is described under collection two). The
appropriate acl is set up, given the mst information. The
segment contents are copied into the created branch. If the
Initializer does not have write access to the final segment, the
acl is cleared of this acl entry.
tc_init.pl1
tc_init was described earlier. The entrypoint
start_other_cpus, starts cpus other than the bootload cpu at the
end of collection three (after their interference won't matter).
A prds for the various non-bootload processors is created and
entry-held. The pds and dseg for the other cpu's idle processes
was already created so we can now call start_cpu on this new cpu
as we would normally during reconfiguration.
SECTION 8
MECHANISMS
This chapter describes certain tricky and not so tricky
mechanisms used within initialization to get things done. Also
included is a look at the mechanism by which the various parts of
the supervisor come into operation.
HARDCORE SEGMENT CREATION
There are various ways that segments come into being within
the hardcore. These mechanisms are usually quite distinct from
the normal method of creating a segment within the hierarchy
(append$foo).
The first group of segments that are created are those
needed by collection zero. Collection zero itself is read in in
absolute mode; no segments exist other than those hardware
supplied. To save collection zero the problem of generating
segments for its use in absolute mode, its segments are generated
by macros within template_slt_.alm. These macros generate not
only the slt entries for collection zero segments (and various
segments at fixed absolute memory addresses); they also generate
the page tables and the segment descriptor words for the
segments. A much simpler program in absolute mode moves these
page tables and sdws (the dseg) to appropriate places and loads
the dbr (also generated by template_slt_). Thus, these early
segments come quickly and magically into being. All of the
segments described by the template_slt_ are data segments with no
initial content except for bound_bootload_0 itself, which was
loaded into the correct memory address by the bootload tape
label, and toehold, by virtue of being the first part of
bound_bootload_0.
The second group of segments to come into being are the
collection one segments loaded by collection zero. These seg-
ments are created through a mechanism imbeded in bootload_loader
and bootload_dseg. When the segment header (actually a slt
entry) is read from the MST, the need for a segment of a certain
size is called for. Values in the slt header keep track of the
extent of memory allocated. The type of segment (permanent
"unpaged" or not) determines from what end of memory the space
will be obtained. A page table of appropriate size is
constructed in the proper area (either the segment
unpaged_page_tables for permanent "unpaged" segments or
int_unpaged_page_tables for temporary or to be made paged seg-
ments). A new sdw pointing to this page table is tacked onto the
appropriate end of dseg (low segment numbers for permanent
segments, high for temporary or init segs). With write access
set on in this sdw, the segment contents can be loaded from tape
into the memory area. Proper access is then set in the sdw. The
segment is now existent.
Collection one creates certain data segments that are wired
and contiguous. The most obvious is the sst. These are created
by the routine get_main. get_main might be considered the
counterpart of the collection zero segment creation mechanism
when called in collection one. It also allocates memory space
from values in the slt header. A page table of appropriate
length in one of the two unpaged page table segments is
constructed and a sdw fabricated to this page table. The caller
of get_main forces this sdw into dseg and performs the appropri-
ate associative memory clearing function.
The other type of segment created by collection one is a
paged segment. There are two cases of this. The first is a
paged segment that is to be mapped against a previously defined
area of disk. This is done when we want to access a partition or
part thereof, as when we want to read the config deck from disk.
To do this, make_sdw is called, specifying that we want an sdw
for an abs-seg. make_sdw finds us an aste of appropriate size
and threads it into the hardcore lists, but senses the abs-seg
switch and does not allocate pages or whatever. The caller of
make_sdw builds its own page table within the aste obtained by
calling ptw_util_$make_disk to make each page table word point to
the correct disk record. The pvtx of the desired disk is
inserted into the aste. Thus, references to this segment (whose
sdw points to the page table in this aste) will wake up page
control who will page in the proper pages. This mechanism
appears in several places; the desired way of generating such a
segment is to call map_onto_disk.
The second type of paged segment created by collection one
(or two for that matter) is a segment paged off the hardcore
partition. In this case, allocation of pages is done by page
control. make_sdw is called as before, but, this time, it not
only creates an aste for the segment, but it finds space for it.
A disk with a hardcore partition with enough free space to hold
the segment is selected. This pvtx is put into the aste. As an
added bonus, since such segments will not have trailer entries,
the trailer pointer in the aste is set to the hardcore segment
number (for those programs that need to map the hardcore aste
list entries to slt entries). The page table words are set to a
nulled state. make_sdw then touches each page, causing page
control, when the page fault occurs, to withdraw a page from the
partition. (init_hc_part created a vol map and record stock that
page control can use which describes only the hardcore parti-
tion.) With the segment now in existence, the caller of make_sdw
can now load the segment. For collection one or two, this
involves either initializing the data segment or copying in the
segment contents read from the mst.
When collection two needs a wired contiguous data space, it
calls get_main also. In this case, though, get_main calls
make_sdw$unthreaded which will obtain an aste and sdw and page
space. pc_abs$wire_abs_contig is then called to wire this
segment into contiguous memory pages. A paged segment to be
mapped onto a particular area of disk is created as described for
collection one.
Hardcore segments that need to be placed into the hierarchy
(deciduous segments) are so placed as follows. append is called
to create a branch. This creates a vtoce for the segment and
makes active, creating if necessary, all parent directories.
Normally, segment control activities would then create an aste
for this being created segment which would be threaded as a son
of the parent directory's aste. In this initialization case,
though, the aste for the new segment already exists. We hand
thread this aste into the normal segment lists and thread it as a
son of the parent directory's aste. The directory entry for this
segment created by append gives the vtoc index of the vtoce for
it. By placing this vtocx into the old aste for the new segment,
vtoc_man can make the vtoce for this now deciduous segment
reflect the placement of this segment in the hardcore partition
(where it was allocated during hardcore initialization). The
segment is now properly active and accessible from the hierarchy.
PAGE CONTROL INITIALIZATION
Page control initialization consists of a variety of
activities run during collection one. init_sst build the sst and
core_map. The sst is needed since we need to have an aste for
page control so that it can find what disk needs i/o (from the
pvtx within the aste). The core_map is needed since it shows the
status of memory pages (initially free between the groups of
initialization segments, currently wired). Page control needs
this information so it can find a free memory frame into which it
can read a desired page. init_pvt performs the function of
creating the pvt. It is the index into the pvt for the device
from which a page (or other i/o) is desired that is needed by
disk_control (dctl). read_disk$init is needed to initialize page
reading/writing through rdisk_seg. This routine builds the paged
segment rdisk_seg, which can be mapped onto the desired page of
disk to read. The aste for rdisk_seg contains the pvtx of the
disk to read. The page table word for rdisk_seg provides the
disk address. At this point, we can actually read or write a
page by touching rdisk_seg within read_disk. read_disk sets up
the aste and page table word, as described. When the page is
touched, a page fault will wake up page control. It will find a
free memory frame, read the page in, and resolve the page fault.
read_disk_label uses read_disk, then, to read a disk label.
init_root_vols uses read_disk_label to read the label of hardcore
partition volumes. Given the label, it finds the partition map
and finds the hardcore partition. A small volmap is built that
describes this partition and is mapped onto the beginning of the
partition. A small record stock is built to describe the volmap.
Given this initial stock, attempts to create or free pages on a
disk (within the hardcore partition) can succeed. Now, we can
create hardcore segments by building null page tables and taking
page faults. Page control will find a free page from the volmap
for the partition (whose pvtx is in the aste) and resolve our
page fault. At this point, all of the services we need of page
control are available. For the ease of later activities who need
various partitions to map paged areas onto, init_partitions is
called to validate the part information. We now page happily.
Later, in collection two, the real volmaps and record
stocks are set up by accept_rpv. After this point, page control
will simply shift its page creation/freeing activity to that
described by the paging region. All hardcore segments had their
pages pre-withdrawn from the hardcore partition, so no possibili-
ty exists that we will accidentally put a paging region page into
a hardcore segment.
SEGMENT AND DIRECTORY CONTROL INITIALIZATION
Segment and directory control are initialized in stages
throughout collections one and two. It started in collection one
when the sst was built. It continues into collection two with
getuid$init. This allows us to generate unique ids for newly
created segments and directories. init_vtoc_man paves the way
for vtoc_man to perform i/o on vtoces. Segment control's trailer
segment is created by init_str_seg. accept_rpv sets up the real
vtoc maps and vtoc stocks. Now vtoc_man can really read and
write vtoces, as well as create and free them. Now, if we were
to try a normal activation of a segment, given its pvtx/vtocx, we
could find the segment and thread the segment into the right
astes and trailers. init_lvt builds an initial rlv (in the lvt)
out of the disks listed as having hardcore partitions. This
allows segment control's disk selection algorithm to be able to
find a disk to use when segments try to be created. We now have
enough mechanism in place to utilize most of the facilities of
segment control, but we cannot yet access and activate hierarchy
segments.
The initialization of directory control is imbedded within
the initialization of segment control. It started with
dir_lock_init providing us with an initially empty list of locked
directories. The real start up of directory control, though,
occurs in init_root_dir. This builds the kst (used at segment
fault time to resolve segment numbers into an understanding of
what needs activation) and creates (if need be) and activates and
initiates by hand the root directory. Directory control can now
reference hierarchy objects with segment control's help. Any
attempt to create a hierarchy segment (append) can succeed by
selecting a disk (lvt lookup), vtoce creation (vtoc_man using
vtoc stock, vtoc map and vtoc buffers) and aste creation (using
sst and the trailer seg). Also, deactivation is possible since
the trailer is built to describe what to setfault and the kst is
present to be able to re-activate. At this point, we are able to
handle segment faults, given the information in the kst and by
recursively traveling down the hierarchy by virtue of the fact
that the root is now and always active.
SEGMENT NUMBER ASSIGNMENT
There are basically three classes of segments as far as
segment number assignment is concerned. The first is segments
that will be a permanent part of the supervisor. These are
assigned consecutive segment numbers, starting at 0. dseg is
always 0, of course.
The second class is initialization and collection temporary
segments. These are assigned consecutive numbers starting at 400
octal. Although temporary segments are deleted at the end of
each collection, their numbers are not re-used. We continue to
assign the next non-used number to the next temporary or
initialization segment.
The order of assignment of these numbers is purely
according to the order that the segments are encountered. The
first few segments are assigned numbers by template_slt_; but,
again, this is in order of encounterance. The only requirements
are that dseg must be segment 0 and that the slt must be segment
7 (assumed by all dump analyzers).
Normal hierarchy segments fall into the third class of
segments, as far as segment number assignment is concerned. As
for these, the sequence is as follows. The next higher mod 8
segment number after the last permanent supervisor segment is
chosen as the stack base (ring zero stack number). The next
seven numbers are assigned to the outer ring stacks, in order.
Since the root is made active after this, and the root becomes
the first real hierarchy segment initiated, it gets the segment
number after stack_7. Other segments are assigned progressively
higher segment numbers according to segment control's normal
rules. We do not need to worry about running into segment number
400 octal since these segments will be deleted before we ever get
that far. Only permanent supervisor segments will show up in
one's dseg.
Some supervisor segments (deciduous segments) get initiated
into the normal user's address space. Regular stacks are
initiated by special handling (makestack called from the segfault
handler) and are directly referred to by the reserved stack
segment numbers. A normal segment like bound_library_1_ is
activated through normal segment control means. Thus, it will
appear in two places in the user's address space; one in the
supervisor segment number range (with ring brackets of 0, 0, 0,
by the way) and once in the user ring segment number range
(greater than the root's segment number) (with ring brackets of
0, n, n).
This is a problem for hardcore gates, though, relative to
their linkages. A user ring call to bound_library_1_ will cause
modules within it to find their linkage section from the lot
entry for this segment. Any module called from bound_library_1_
will also be in the user ring, so the user ring linkage section
for the segment number corresponding to the user ring version of
bound_library_1_ will find the called module. Hardcore gates,
however, don't call hierarchy entities but instead call entities
that can only be found through the linkage section generated via
pre-linking during initialization which resides in the ring zero
linkage section corresponding to the hardcore segment number. To
make it possible to find this easily, init_hardcore_gates stored
into the hardcore gate segdef .my_lp the pointer to this linkage
section. Thus, when called from the outer ring with the outer
ring segment number, hardcore gates will quickly switch over to
the hardcore linkage section and function properly.
TRAFFIC CONTROL INITIALIZATION
All three collections contribute efforts toward enabling
traffic control. Collection one starts by building the tc_data
segment in tc_init, full of empty aptes to describe processes.
At this time, though, a flag in tc_data indicates that
mult-programming is not active. Any call to traffic control to
pxss$wait will simply loop for notification (which will come from
a call to pxss$notify in some interrupt routine). No polling
routines are run at this time. Other initialization activities
proceed to build the supervisor address space.
Collection two starts up multi-programming. It does this
through tc_init$part_2. Multi-programming requires
multi-processes; initially this is the Initializer and an idle
process, but it soon encompasses answering service created
processes and hardcore processes (hprocs). Creating an idle
process requires creating a pds, stack_0 (prds) and dseg for it.
The dseg and pds are simply copies of those for the Initializer,
now that they are filled in. apte entries for the Initializer
and for idle are created. We can now consider multi-programming
to be on. start_cpu is called to start the processor. For the
bootload processor, this means calling init_processor in a
special case environment (non-absolute mode, if nothing else).
init_processor (the idle loop) marks itself as a running
processor, sends itself a connect, and unmasks the processor.
The connect will go to traffic control, who will pre-empt idle
and return control to Initializer.
In collection three, start_cpu is called (from
tc_init$start_other_cpus) in the same manner as would be done for
adding a cpu during reconfiguration. This is somewhat described
in the reconfiguration manual.
�
SECTION 9
SHUTDOWN AND EMERGENCY SHUTDOWN
The goal of shutdown, obviously enough, is to provide an
orderly cessation to service. A normal shutdown is one in which
the system shuts itself down, following the direction of the
operator's "shut" command. An emergency shutdown is that opera-
tion invoked by bce which forces Multics to run
emergency_shutdown, which performs the clean up operations below.
One could consider the system to be shutdown if one simply
forced a return to bce, but this is not enough. Proper shutdown
involves, at first, the answering service function of logging out
all users. The answering service then shuts itself down,
updating final accounting figures. Now with just the Initializer
running, the task of shutdown described here follows.
The major goal of shutdown and emergency_shutdown is to
maintain consistency of the storage system. It is necessary to
move all updated pages of segments to disk, to update all
directories in question with new status information, to update
vtoces of segments referenced, and to clear up any effects caused
by the creation of supervisor segments.
These functions must be performed in several stages. Also,
the ordering of operations is such as to minimize the degree of
inconsistency within the storage system that would occur if a
failure were to occur at any point.
Since these same functions are performed for an emergency
shutdown, the operations are performed so as to assume as little
as possible from the information in memory.
ORDER OF EXECUTION OF SHUTDOWN
The module shutdown is called via hphcs_$shutdown. It
starts by removing the fact that we were called from an outer
ring, so we won't accidentally return. An any_other handler is
set up to flag any possible error, later. The first action of
shutdown is to force itself to run on the bootload cpu and to
stop the others (stop_cpu).
disk_emergency$test_all_drives checks out all of the stor-
age system drives at once to avoid errors later.
tc_shutdown destroys the remnants of any processes and
turns off multi-processing.
scavenger$shutdown cleans up any scavenges that were in
progress.
We then switch over to the stack inzr_stk0 for the rest of
shutdown. This is performed through the alm routine,
switch_shutdown_file_system, which starts the file system shut
down.
shutdown_file_system is the first program called on
inzr_stk0. It is a driver for the shutdown of the file system.
It starts by updating the rpv volmap, vtoc header (and vtoc map)
and label of the rpv to show the current state (in case problems
occur later).
The most important step, from the user's point of view, is
to flush all pages in memory (considered to be part one of
shutdown) with pc$flush. This is relatively easy and safe to
perform since it only requires walking down core map entries; sst
threads, etc. do not have to be trusted. This marks the
completion of (emergency) shutdown, part 1.
The stack zero segments are released so that demount_pv can
deactivate them.
deactivate_for_demount$shutdown deactivates all
non-hardcore segments and reverts deciduous segments (removes
from the hierarchy those supervisor segments put into the
hierarchy during initialization). This updates the directories
containing those segments that were active at shutdown time (and
their vtoces).
Our next task is to remove the pages of these updated
directories from memory. We start by demounting all operative
disks (other than the rpv) with demount_pv. After this, if any
locks remain set, we set the shutdown state to three; it is
normally four.
If any disks are inoperative, we just perform another
memory flush (to remove rpv directory pages), wait for console
i/o to finish (ocdcm_$drain_io) and return to bce.
If all was okay, we demount the rpv with demount_pv. The
storage system is now considered to be shut down. The ssenb flag
in the flagbox is reset to show this. We flush memory once more,
to get the last log messages out. The message "shutdown
complete" is printed; we wait for console completion. Shutdown
can now return to bce.
ORDER OF EXECUTION OF EMERGENCY SHUTDOWN
emergency_shutdown is called from bce. bce modified the
machine conditions of the time of return to bce to cause a return
to emergency_shutdown|0. This module initializes itself through
text imbeded pointers to its linkage section, etc. and enters
appending mode.
Multi-programming is forced off (tc_data$wait_enable).
The apt, metering and various apte locks are forced
unlocked.
The return to bce earlier stopped all of the other cpus.
scs$processor is set to show this fact.
The connect lock is forced unlocked.
Various trouble pending, etc. flags are reset in case of
another failure.
scs masks, etc. are set up for single (bootload) cpu
operation. We mask down to sys_level.
A switch is made to the idle process. This is done by
using scs$idle_aptep to find the idle's apte. Its dbr is loaded.
All other cpus are set to delete themselves, in case they
try to start.
The idle process has prds as its stack. A stack frame is
pushed onto this stack by hand.
The ast and reconfiguration locks are forcibly unlocked.
The first external module is called. ocdcm_$esd_reset
resets oc_data, and the console software.
syserr_real$syserr_reset resets the syserr logger and the
syserr_data segment and flags.
io_manager$reset resets iom_data status.
page$esd_reset resets its view of the disk dim.
pc_recover_sst recomputes the page control state.
page$time_out is called.
disk_emergency$test_all_drives_masked runs as for normal
shutdown, but in a masked state.
The prds is abandoned as a stack (it is reset) and the
stack pointer set to null (idle process). The first page of
template_pds is wired and the sdw for pds set to point to
template_pds (hopefully a good pds). The first page is touched,
hopefully successfully paging in the page. The stack pointers
are then set to inzr_stk0. We then call
wired_shutdown$wired_emergency.
wired_shutdown sets an any_other handler and unmasks the
processor. It makes a few checks to see if the storage system
was enabled. If a vtoc_buffer is in the unsafe state, its
physical volume has its trouble count incremented.
For each pvte, the scavenger data is reset as in a normal
shutdown. page$reset_pvte is called. Emergency shutdown part 1
is started.
fsout_vol updates the rpv information on disk as for
shutdown.
Pages of segments are flushed from information in the core
map entries (pc$flush). The rpv information is again written.
This ends part one of emergency shutdown.
vtoc_man$stablilize gets vtoc buffers into shape.
We can now call shutdown_file_system and let normal opera-
tions carefully try to update directories and vtoces, as for a
normal shutdown.
MODULE DESCRIPTIONS
deactivate_for_demount.pl1
Other than the flushing of pages themselves, the
deactivation of segments (updating their directory entries and
vtoces) performed by deactivate_for_demount is one of the most
important functions of shutdown. The deactivations are performed
by hand so as not to disturb aste threads. The operation
consists of walking down the ast hierarchy (tree)-wise,
recognizing that each active segment has all of its parent
directories also active. We start at the root. For each segment
to consider, we look down its inferior list. Each look at an
aste and an inferior element is performed with a variety of
validity checks on the aste (within pool boundaries, parent/son
pointers correct, etc). If inferiors exists, they are pushed
onto a stack (max hierarchy depth deep) of astes to consider.
When we push an aste with no inferiors, we consider it directly.
If it was a hardcore segment (deciduous), it is removed from the
aste list it is in and its vtoce freed. Non-hardcore segments
have their pages flushed (pc$cleanup) if they are not entry-held
(entry-held segments, such as pdses had their pages flushed
earlier and will be caught in the final flush) and their vtoces
updated (update_vtoce$deact). After a segment is considered, its
brothers are considered. When they are done, we return back to
their parent for consideration. We proceed in this manner until
we consider and pop the root aste off the stack. Segment control
is now no longer active.
demount_pv.pl1
demount_pv demounts a physical volume. It starts by
waiting for everyone to relinquish the drive; that is, no one can
be in the middle of a physical volume operation. All segments on
the volume are deactivated. For the shutdown case described
here, a special deactivation is performed to avoid possible
problems in the case of emergency shutdown. Each aste pool is
traversed (by numerical order, not link order because of possible
mis-linkings). All non-hardcore segments (except the root) are
deactivated in-line by calling pc$cleanup and update_vtoce$deact
on the segment. We then wait for all vtoc i/o to complete to the
disk. fsout_vol is called to update the volmap, vtoc header and
map and the label. Finishing, we clean up the pvt entry.
disk_emergency.pl1
To ease the burden on shutdown of drives being inoperative,
disk_emergency$test_all_drives is called. It tests all storage
system drives by first assuming that each one is good, then
running disk_control$test_drive. If the drive is declared inop-
erative this time, it is marked as such with an error report
printed. Shutdown of objects on this drive will be suspended.
emergency_shutdown.alm
bce, when crashed to, received the machine conditions at
the time of the call to bce. For an emergency shutdown (esd),
bce patches these to force a transfer to emergency_shutdown|0.
Multi-programming is forced off (tc_data$wait_enable). The apt,
metering and various apte locks are forced unlocked. The return
to bce earlier stopped all of the other cpus. scs$processor is
set to show this fact. The connect lock is forced unlocked.
Various trouble pending, etc. flags are reset in case of another
failure. scs masks, etc. are set up for single (bootload) cpu
operation. We mask down to sys_level. A switch is made to the
idle process. All other cpus are set to delete themselves, in
case they try to start. The idle process has prds as its stack.
A stack frame is pushed onto this stack. The ast and
reconfiguration locks are forcibly unlocked. ocdcm_$esd_reset
resets oc_data, and the console software.
syserr_real$syserr_reset resets the syserr logger and the
syserr_data segment and flags. io_manager$reset resets iom_data
status. page$esd_reset resets its view of the disk dim.
pc_recover_sst recomputes the page control state. page$time_out
is called. disk_emergency$test_all_drives_masked runs as for
normal shutdown, but in a masked state. The prds is abandoned as
a stack (it is reset) and the stack pointer set to null (idle
process). The first page of template_pds is wired and the sdw
for pds set to point to template_pds (hopefully a good pds). The
first page is touched, hopefully successfully paging in the page.
The stack pointers are then set to inzr_stk0. We then call
wired_shutdown$wired_emergency.
fsout_vol.pl1
fsout_vol is called whenever a volume is demounted. This
includes the shutdown equivalent function. It endeavors to
update the volume map, vtoc header and map and label for a
physical volume. It drains the vtoce stock for the disk
(vtoc_stock_man$drain_stock) to return those vtoces withdrawn
previously. The vtoc map is then forced out to disk. We can
then free the vtoc stock. We similarly drain, write out and free
the record stock/map. The dumper bit map is freed and updated to
disk. The time map updated and mounted is updated in the label.
If this is the root, this is the program that records in the
label such useful information as the disk_table_vtocx and uid and
the shutdown and esd state.
scavenger.pl1
The shutdown entrypoint to scavenger is called during
shutdown to clean up any scavenge operations in progress. It
walks down scavenger_data looking for live entries. For each, it
clears the corresponding pvte fields deposit_to_volmap,
scav_check_address and scavenger_block_rel which affects the
operation of page control.
shutdown.pl1
This is the starting driver for shutdown operations. It is
called from hphcs_$shutdown from the Initializer command
shutdown. It forces itself to run on the bootload cpu and it
stops the others. disk_emergency$test_all_drives test the drives
before use. tc_shutdown stops and destroys the other processes.
scavenges are stopped (scavenger$shutdown). We then switch
stacks back to inzr_stk0 and proceed through shutdown within
switch_shutdown_file_system.
shutdown_file_system.pl1
shutdown_file_system is the driver for the shutdown of the
file system. It runs on inzr_stk0. Its operations include:
fsout_vol updating of the rpv, flushing pages of segments,
releasing stack_0 segments for deactivation purposes, running
deactivate_for_demount$shutdown to deactivate non-hardcore seg-
ments and revert supervisor segments threaded into the hierarchy
at initialization (updating directories as a result) and then
flushing memory again (by calls to demount_pv for the various
disks). This module keeps track of the state of operativeness of
drives; if any are inoperative, we just perform a final flush and
quit; otherwise we can demount the rpv also. A final flush is
performed to get syserr log pages out. After console i/o has
drained, we can return to bce.
switch_shutdown_file_system.alm
switch_shutdown_file_system is the first program in a set
to shut down the file system. It moves us back to inzr_stk0, the
initialization stack for our processing. While it is fiddling
with stack pointers, it also sets pds$stack_0_ptr and
pds$stack_0_sdwp. On this new stack, it calls
shutdown_file_system.
tc_shutdown.pl1
Traffic control is shutdown by tc_shutdown. It flags the
system as being in a shutting down state
(tc_data$system_shutdown). It also sets wait_enable to 0,
disabling multi-programming. For each process in the apt,
deactivate_segs is called, destroying the process and finishing
our task.
wired_shutdown.pl1
The module wired_shutdown is the counterpart to shutdown in
the esd case. It starts by setting an any_other handler and
unmasking the processor. It makes a few checks to see if the
storage system was enabled. If a vtoc_buffer is in the unsafe
state, its physical volume has its trouble count incremented.
For each pvte, the scavenger data is reset as in a normal
shutdown. page$reset_pvte is called. Emergency shutdown part 1
is started. fsout_vol updates the rpv information on disk as for
shutdown. Pages of segments are flushed from information in the
core map entries (pc$flush). The rpv information is again
written. This ends part one of emergency shutdown.
vtoc_man$stablilize gets vtoc buffers into shape. We can now
call shutdown_file_system and let normal operations carefully try
to update directories and vtoces, as for a normal shutdown.
�
APPENDIX A
GLOSSARY
abs-seg
An abs-seg is a reserved segment number in the hardcore
address space used to access disk or memory outside of the
normal mechanisms. That is, they are not built by the
normal functions that append to the storage system nor are
they built by the functions that create segments out of the
hardcore partition or initialization memory. Examples of
abs-segs are segments mapped onto an area of disk to allow
paging to be used to read/write them (such a mechanism is
used to read the config deck from disk) or segments mapped
onto an area of memory for examination (page control does
this to examine pages being evicted). abs-segs are managed
(i.e., created and deleted), each in its own way, by a set
of software created for the purpose; One may not use the
standard system functions to operate upon them (such as
segment deletion). However, the contents of the segments
are addressed through normal mechanisms; that is, memory
mapped abs-segs are referencable via the hardware and
abs-segs built with an aste/page table pair in the sst are
allowed to have page faults taken against them.
bce
The Bootload Command Environment within bootload Multics,
that is, the collection of programs and facilities that make
up a command level that allows certain critical functions to
be performed before storage system activation occurs during
system initialization.
bootload Multics
Those early parts of initialization that are capable of
booting bce from a cold, bare machine, including bce itself.
cold boot
A bootload in which the state of all hardware and peripher-
als is unknown. In particular, the Multics file system is
either non-existant or has been destroyed. This is also
known as an initial boot.
collection
A "collection" is a set of programs read in as a unit that
together perform a function during initialization. Collec-
tions are referred to by number, starting with zero. Each
collection depends on the mechanisms initialized by the
collections that preceded it. As each collection finishes
its task, some of that collection is deleted and some is
kept, depending on the requirements of future collections.
There are also fractionally numbered collections, which
consist of support entities for the preceding collection.
The division of initialization into collections is done
based upon various restrictions imposed by the course of
initialization. For example, since the first few collec-
tions must run entirely within memory, restrictions on
available memory (and the amount that can be required of a
system) force unessential programs into later collections.
contiguous
A contiguous segment is one whose memory locations describe
contiguous absolute memory locations. Most segments do not
have this requirement; their pages may appear arbitrarily in
memory. Certain segments, though, such as the sst_seg must
have their locations in order, due to hardware requirements
for placement of their contents.
cool boot
A bootload in which the Multics file system is on disk and
believed to be good but in which the state of memory and
other peripherals is unknown. In particular, bootload
Multics is not running. The mpc's may or may not have
firmware running in them. The system is loaded from the MST
(tape) and initiated via iom switches.
crash
A failure of Multics. This may be the result of a hardware
or software failure that causes Multics to abort itself or
the result of an operator aborting it. A crash of Multics
during early initialization can produce a tape dump of
memory. Crashes after this time can be examined with bce
utilities or saved to disk by bce and analyzed later.
deciduous segments
These are segments generated or read in as part of
initialization which are given branches in the hierarchy (by
init_branches). Although they become part of the hierarchy,
their pages remain in the hardcore partition and are
therefore destroyed between bootloads. Examples are the
segments in >sl1 and the Initializer's pds. (The name
suggests the leaves of trees.)
deposit
A page control concept. It means to add an object to a list
of free objects.
dseg
descriptor segment (see data bases)
dump
A subset of Multics segments saved after a crash that can be
examined through various dump analysis tools to determine
the cause of the preceding crash. A dump is either a disk
dump, a dump performed to the dump partition of disk by the
dump facility of bce, or an "early dump", one performed to
tape during early initialization.
early initialization
Those parts of initialization needed to reach bootload
Multics command level. All activities after leaving
bootload Multics command level are referred to as service
initialization.
emergency shutdown
A Multics operation, invoked by bce, that runs a subset of
the hardcore facilities to shut down the file system (put
the storage system into a consistent state) after a crash.
esd
emergency shutdown
hardcore
The supervisor of Multics, loosely defined. This is a
collection of programs and segments generated or read in
during initialization.
hproc
A hardcore process. Such a process is created by a call to
create_hproc, as opposed to being created through the
answering service. Such hprocs (currently
SyserrLogger.Daemon and MCS_Timer_Daemon.SysDaemon) perform
activities integral to the system operation and must be
created prior to, and independent of, the answering service.
init segments
Segments needed only during the course of initialization.
These are deleted after the end of the last hardcore
collection.
initialization
The action of starting Multics. This consists of placing
the appropriate software modules in the appropriate places
and constructing the appropriate software tables such that
an event, such as someone trying to dial a login line, or a
page fault occuring, etc. will invoke the proper software
which will be in a position to perform the necessary
operation.
kst
known segment table (see data bases)
lvt
logical volume table (see data bases)
MST
Multics system tape
Multics system tape
The "tape" is the set of Multics programs that will make up
the supervisor in un-pre-linked form. This set of programs
originates on a tape; some of them spend part of their lives
in a disk partition.
nondeciduous
A hardcore segment not mapped into the hierarchy. These
segments live in the hardcore partition and are known only
by having sdw's in the hardcore address space.
partition
An area of a storage system disk, other than the label,
vtoc, volume map and paging area. These areas can be
accessed by paging mechanisms but are not used to hold pages
of storage system segments. Hardcore segments are mapped
onto the hardcore partition so that they may be used, and
early initialization can run, without touching the file
system proper.
pre-linking
As the Multics supervisor is read from the MST, the various
modules are linked together. This operation, called
pre-linking, is similar to linking (binding) that occurs
during normal service operation for user programs, except
that it consists of running through all segments and finding
all external references and resolving them. This is done
during initialization for efficiency, as well as for the
fact that the dynamic linker cannot be used to link itself.
ptw
page table word
ptwam
page table word associative memory
pvt
physical volume table (see data bases)
root physical volume
The main disk drive. It can never be deleted. This drive
is used to hold the original hardcore partition as well as
the partitions required by bce and is therefore required at
an early point in Multics initialization.
rpv
root physical volume
scas
system controller addressing segment (see data bases)
scs
system communications segment (see data bases)
sdw
segment descriptor word
sdwam
segment descriptor word associative memory
shutdown
The orderly cessation of Multics service, performed such as
to maintain consistency of the storage system.
slt
segment loading table (see data bases)
supervisor
A collection of software needed for operation of user's
software and support software provided for the user. This
would include software to make disk accessing possible, to
provide scheduling activity, etc. The supervisor in Multics
is referred to as "hardcore".
temp segments
Segments needed only during one collection. They are
deleted at the end of the major collection, before loading
the next collection.
uid
unique identifier (of a segment)
unpaged
A segment that is not paged under the auspices of page
control. Such a segment has its page table either in
unpaged_page_tables or int_unpaged_page_tables. Except for
the possible presence of the breakpoint_page, these segments
are contiguous. During early initialization, all segments
are generated to be of this type. The program
make_segs_paged forms paged segments that are copies of the
pagable initialization segments. Certain wired segments,
though, are left unpaged.
In previous releases, unpaged segments were literally
unpaged, that is, they had no page table and had the unpaged
flag set in their sdw. Currently only fault_vector,
iom_mailbox, dn355_mailbox, isolts_abs_seg, abs_seg and
abs_seg1 are of this type but will receive page tables in a
future release.
vtoc
The volume table of contents of a storage system volume.
The vtoc is divided into entries (vtoce), each of which
describes a hierarchy segment contained on that volume.
warm boot
A bootload in which the Multics file system is present on
disk and believed good, and in which bootload Multics is
running on the processor. This type of bootload of Multics
is performed from disk.
wired
A page, or set of pages, is wired if it cannot be moved from
memory by page control.
withdraw
A page control concept, said of records and vtoces. It
means to remove an object from a list of free objects.
APPENDIX B
INITIALIZATION AND INITIALIZED DATA BASES
This appendix describes various data bases kept by
initialization or that are generated by initialization. As such,
this list incorporates the most significant data bases within the
system.
AI_LINKAGE (ACTIVE INIT LINKAGE)
This initialization segment corresponds to area.linker for
initialization programs that will be paged. This area is built
by bootload_loader and segment_loader from linkage sections found
on the MST.
AS_LINKAGE (ACTIVE SUPERVISOR LINKAGE)
This hardcore segment corresponds to area.linker for paged
supervisor programs. It is shared across processes, and can
therefore contain only per-system static such as initialization
static variables (when only one process is running) or system
wide counters, etc. The linkage areas are formed in here by the
various MST loading programs.
BCE_DATA (BOOTLOAD COMMAND ENVIRONMENT DATA)
bce_data keeps information that pertains to the command
environment features of bootload Multics. It contains entries
that describe the main pseudo i/o switches (input, output and
error) as well as the state of exec_com and subsystem execution.
BOOTLOAD_INFO
bootload_info, generated initially from bootload_info.cds,
contains various information about the state and configuration of
early initialization. It contains: the location of the bootload
tape (iom, controller channel, drive number and drive and
controller type provided by the IOM boot function), status about
firmware loading into the bootload controller, the location of
the rpv (iom, controller, drive number and drive and controller
type provided in the find_rpv_subsystem dialog), the location of
the bootload console (and type), a variety of pointers to other
data bases, as well as the master flags indicating the presence
of BOS and the need for a cold boot. All of this data is copied
into sys_boot_info during generation and during system
initialization. Most references to this data are therefore to
sys_boot_info.
bootload_info.cds has provisions to contain site-supplied
configuration information. If these values are provided, no
operator queries will be needed to bring the system up. Only
cold site boots or disk problems would require operator interven-
tion during boot. It is intended that an interface will be
provided to fill in these values, such that generate_mst could
set the values into the segment and the checker could report
their settings in the checker listing.
CONFIG_DECK
Historically named, the config_deck contains the descrip-
tion of the configuration. It contains one entry (card) for each
iom, cpu, memory, peripheral subsystem, etc. in the configura-
tion. It also describes various software parameters. These
entries are referenced by programs too numerous to count. It is
built initially by init_early_config to describe enough of the
system to find the rpv and read in the real config_deck saved in
a partition thereon. (If this is a cold boot, in which there
would be no config_deck, the config_deck is entered manually or
from the MST through the config deck editor.) After this time,
it becomes an abs-seg on the "conf" partition. Various
reconfiguration programs modify the entries.
CORE_MAP
One of the page control data bases, the core_map describes
frames of memory available for paging. Each entry describes a
page frame. When a frame is used (it has a ptw describing it),
the disk address of the page occupying the frame is kept in the
core_map entry. init_sst initially builds the core_map. It is
updated to accurately describe the state of pagable memory by
make_segs_paged, which frees certain unpaged segments and
collect_free_core which works to find various holes between
segments. Page control maintains these entries.
DBM_SEG (DUMPER BIT MAP SEG)
dbm_seg holds the dumper bit maps used by the volume
dumper. It is paged off the hardcore partition. Its
initialization as an area was performed by dbm_man$init. Each
configured disk drive has two maps here, one for the incremental
dumper and one for the consolidated dumper. The segment starts
with the usual lock, control information, and meters. After this
comes an area in which the bit maps are allocated. Each bit map
consists of a bit corresponding to each vtoce on the volume in
question. The bits indicate the need to dump the various
segments.
DIR_LOCK_SEG
dir_lock_seg keeps track of lockings of directories and on
processes waiting thereupon. It has a header with a lock and
various status. Each dir_lock entry contains the uid of that
which is locked, various flags, threads to a more recently locked
entry, and the array of process ids for the various lockers (more
than one only for all readers).
DISK_POST_QUEUE_SEG
A part of page_control, disk_post_queue_seg is an obscure
data base used to keep track of disk i/o postings that could not
be made because the page table was locked at the time of i/o
completion.
DISK_SEG
The disk seg contains the various tables (except the pvt)
used by disk_control and dctl to perform i/o to disks. It is
split into the tables disk_data, disktab, chantab, devtab as well
as the queue of disk i/o requests. disk_data contains entries
giving the names and locations within disk_seg of the disktab
entry for each configured disk subsystem. The disktab entry
contains various subsystem meters, as well as holding the queue
entries for the subsystem. Also contained herein are the chantab
and devtab entries for the subsystem. Each chantab entry lists a
i/o channel to use to perform i/o to the subsystem, given as an
io_manager index. It also holds various per channel meters, and,
most importantly, the dcw list that performs i/o on the channel.
The devtab entries, one per subsystem drive, describe the drives.
This consists of status information (inoperative, etc.) as well
as per drive statistics.
DM_JOURNAL_SEG_
A page control data base, dm_journal_seg_ is used to keep
track of page synchronization operations for data management. It
is allocated and initialized by init_dm_journal_seg. It starts
with a lock for manipulating the journal entries as well as the
usual wait event information. Also present are information about
the number of pages held in memory, the maximum pages held, the
number of journals, etc. Corresponding to each aste pool is a
structure containing a threshold and number of active,
synchronized segments. Following this are various meters. Then
comes the journal entries and then the page entries. Each
journal entry contains the time stamp that determines when pages
of the segment being held can be written (when the journal was
written), the number of pages held, and a relative thread to the
list of page entries for the pages being held. A page entry
contains the threads that make up this list, a relative pointer
to the core map entry for the page, and a relative pointer to the
journal entry for the page.
DN355_DATA
This data seg, initialized by fnp_init, contains global
information on each configured fnp. Data for each fnp includes:
a pointer to the hardware mailbox, pointers to the dcw lists and
the physical channel blocks (pcb), the number of subchannels, the
iom/channel info, indexes into the pcb for lslas and hslas
(hmlcs), status of the delay queues, various flags about the
state of fnp operations, the lct (logical channel table) entry
pointer, status of bootloading, and various counts of free
blocks, input and output data and control transaction counts,
etc.
DN355_MAILBOX
The dn355_mailbox is a set of mailboxes at fixed hardware
addresses. They start with the fnp pcw. Also present are
various counts of requests and the fnp crash data. Following
this are 8 Multics initiated sub-mailboxes and 4 fnp initiated
sub-mailboxes. The sub-mailboxes describe the line for which the
operation is being performed along with the data for that
operation.
DSEG (DESCRIPTOR SEGMENT)
The descriptor segment is a hardware known data base. It
contains a sdw (segment descriptor word) for each segment within
a process' address space. The ultra important processor register
dsbr (descriptor segment base register), also called the dbr,
indicates the absolute address of the page table describing it.
The sdw of a segment indicates the address of the page table of
the segment (which contain the locations of the pages of the
segment) and other information, such as the length of the
segment, accesses allowed, etc. dseg must be segment 0. The
initial dseg is generated by template_slt_ and copied into dseg
by bootload_abs_mode. Entries are added by bootload_dseg,
get_main and make_sdw as segments are loaded from the MST. The
generation of sdws is integrated with the creation of slt
entries, and the allocation of memory/disk that the sdw/page
tables effectively describe.
FAULT_VECTOR (FAULT AND INTERRUPT VECTORS)
This is another hardware known data base, at a fixed
absolute memory address (0). It contains two words for each
possible fault and interrupt. Normally, each entry contains a
scu instruction, to store all machine conditions, and a tra
instruction, to transfer to the code that handles the
fault/interrupt. These two instructions are force executed in
absolute mode on the processor. The entries are filled in by
bootload_faults and initialize_faults. During some phases of
initialization, when a particular fault/interrupt is to be
ignored (such as a timer running out), the fault vector entry is
set to a scu/rcu pair, which stores machine conditions and then
reloads them, returning to the point of interruption. The scu
and tra instructions actually perform indirect references through
"its" pointers that are present following the interrupt vectors
within this segment. During normal operations, only these
pointers are changed.
FLAGBOX
The flagbox is an area of memory, at a known address, that
allows communication between Multics operation and bootload
Multics. This area contains information from Multics to bootload
Multics such as the fact that we are crashing, and here's what
exec_com to run. Bootload Multics can pass information up when
booting, such as being in unattended mode so that Multics will
know how to boot. The area is examined by various programs and
set through commands/active functions in both Multics and
bootload Multics operation. This area is within the bce toehold.
INZR_STK0 (INITIALIZER STACK)
This is the stack used by initialization and shutdown. The
name stands for initializer stack. Originally wired, it becomes
paged during initialization. Once the actual ring 0 stacks are
created and after collection 3, initialization will leave this
stack (in init_proc). Shutdown will return to this stack for
protection as the stack_0's are deleted.
INT_UNPAGED_PAGE_TABLES
The page tables for init and temp segments are kept here.
It gets an initial value through template_slt_ and is managed by
the various segment creation routines. Once make_segs_paged is
run, no unpaged segments exists whose page tables are here. So,
we delete this segment. The page table for this segment is
contained within it.
IO_PAGE_TABLES
The page tables referenced by a paged mode iom for ioi_
operations are found in io_page_tables. It is a abs-wired
segment, maintained by ioi_page_table. It starts with a lock and
indexes of the start of free page table lists. The header ends
with the size and in_use flags for each page table. The page
tables themselves are either 64 or 256 words long; each page
table of length N starts at a 0 mod N boundary and does not cross
a page boundary within the segment.
IOI_DATA
ioi_data contains information pertinent to ioi_ (the i/o
interfacer). It holds ioi's data itself (ioi_data), as well as
group channel and device entries for ioi handled devices.
ioi_data contains counts of groups, channels and devices,
reconfiguration lock, some flags, and then the channel, group and
device entries. A channel/device group entry describes a group
of devices available through a channel. It contains a lock,
subsystem identifier, various flags describing the device group,
the number of devices and some counters. A channel table entry
describes the state of a channel. It holds status flags, the
io_manager index for the channel, and a place for detailed
status. A device table entry holds the wired information for an
ioi device. Besides pointers linking it to the group and channel
entries, it contains various status bits, workspace pointer,
ring, process_id and event channels for communication with the
outer ring caller, timeout and other time limits, offsets into
the user's workspace for status storage, and the idcw, pcw, tdcw
and status areas.
IOM_DATA
iom_data describes data in use by io_manager. It starts
with lpw, dcw, scw and status area for stopping arbitrary
channels. This is followed by various meters, such as
invalid_interrupts. Following this, for each iom are various
pieces of state information, on-line, paged mode, etc. It
concludes with more meters and ending with devtab entry indices.
For each device, a status are is followed by various flags
(in_use), channel identification, pcw, lpw and scw, status queue
ptr, and various times and meters.
IOM_MAILBOX
This segment is another hardware known and fixed segment.
It is used for communication with the various ioms. The segment
is split into the imw area, which contains a bit per channel per
iom per interrupt level indicating the presence of an interrupt,
followed by the mailboxes for sending information to the ioms and
receiving status back.
KST (KNOWN SEGMENT TABLE)
The known segment table is a per-process segment that keeps
track of hierarchy segments known in a process. Hardcore
segments do not appear in the kst. The kst effectively provides
the mapping of segment number to pathname for a process. It is
the keeper of the description of segments that are initiated but
not active within a process (as well as those that are active).
The Initializer's kst is initialized by init_root_dir. It starts
with a header providing the limits of the kst, as well as
information such as the number of garbage collections, pointers
to the free list, what rings are pre-linked, the 256k segment
enable flag, a uid hash table, the kst entries and finally a
table of private logical volumes connected to this process. Each
kst entry contains a used list thread, the segment number of the
segment, usage count per ring, uid, access information, various
flags (directory, transparent usage, etc), an inferior count for
directories or the lv index for segments and the pointer to the
containing directory entry. It is this pointer that allows the
name of the segment to be found. Also, the segment number of the
directory entry pointer allows us to find the kst entry for the
containing directory, etc., allowing us to walk up the hierarchy
to find the pathname of a segment.
LVT (LOGICAL VOLUME TABLE)
The logical volume table consists of an array of entries
that describe the various logical volumes. It starts with a
count of entries as well as a maximum count limit. Following
this is a relative pointer to the first entry and a hash table
for hashing lvid (logical volume ids) into lvt entries. The
entries that follow, one per logical volume, contain a relative
pointer to the threaded list of pvt entries for the logical
volume, the lvid, access class info for the volumes and then
various flags like public and read_only. It is initialized by
init_lvt to describe the rlv and maintained by
logical_volume_manager.
NAME_TABLE
The name_table contains a list of all of the various names
by which the segments in the slt (see below) are known. This
table is used by the slt management routines but especially by
the various pre-linkers, who use it to resolve references to
initialization modules. It is generated from template_slt_ and
by the slt management routines, who read in the names from
entries on the system tape.
OC_DATA
oc_data describes data used by ocdcm_ to handle consoles.
It starts with the required lock, version, device counts, etc.
Various flags are kept, such as crash on recovery failure. The
prompt, discard notice are kept here. Status pointers, times,
etc. are followed by information on the process handling message
re-routing. Following this are indices into queues of entries
followed by the queues. An entry exists for priority i/o (syserr
output, which always forces a wait until complete), one for a
pending read, and 8 for queued writes. After this are meters of
obscure use. The segment ends with an entry for each configured
console followed by an entry for each element of a event tracing
queue. Each console entry provides its name, state, type,
channel, status, etc. Each i/o queue entry provides room for the
input or output text, time queued, flags (alert, input/output,
etc), and status.
PHYSICAL_RECORD_BUFFER
The physical_record_buffer is a wired area of memory used
by collection 0's and collection 1's MST tape reading routine for
i/o buffers.
PVT (PHYSICAL VOLUME TABLE)
One of the disk describing tables, the physical volume
table contains an entry for each configured disk drive. It can
in some ways be considered the master disk describing table in as
much as performing i/o to a disk drive requires the pvtx (pvt
index) of the drive (the index number of the entry in the pvt for
that drive). The pvt entry contains the physical and logical
volume id for the drive, various comparatively static flags about
the drive (such as storage_system, being_demounted,
device_inoperative, etc.), information for the volume dumper and
information about the size, fullness, volmaps and stocks (both
record and vtoc) of the drive. This table is allocated by
get_io_segs, and built by init_pvt. The various brothers in a
logical volume are chained together in a list by the
logical_volume_manager so that the vtoc_man can have a set of
disks from which to select a target for a new segment. During
initialization, make_sdw$thread_hcp (for init_root_vols) uses
these threads (before the disk_table is accessed) to form the
list of drives which contain hardcore partitions (those eligible
to contain hardcore segments).
SCAS (SYSTEM CONTROLLER ADDRESSING SEGMENT)
This is a very curious pseudo-segment, built by scas_init
out of page table words generated into scs. It contains one
pseudo-page for each memory controller (and another page for each
individual store other than the lowest). The address of the page
is the base address of the store/controller. This segment makes
references to it of the form n*1024 to form an absolute address
to controller n. Thus, instructions like rscr (read system
controller register) can use this segment (as indeed they do
inside privileged_mode_ut) to reference the desired system con-
troller registers.
SCAVENGER_DATA
scavenger_data contains information of interest to the
volume scavenger. Its header is initialized by
init_scavenger_data. The segment starts with the usual lock and
wait event. Following this is the pointer to the scavenger
process table. Then come the meters. The scavenger process
table, which follows, describes the processes performing
scavenging operations. Each entry contains a process id of a
scavenging process, the pvtx of the drive being scavenged, and
indices of scavenger blocks in use. Scavenger blocks contain
record and overflow blocks used to keep track of pages of a disk
(its claiming vtoce and its state).
SCS (SYSTEM COMMUNICATIONS SEGMENT)
The scs is a hodge-podge of information about configuration
and communication between active elements. It contains informa-
tion about the scus and the cpus. It contains the cow's (connect
operand words) needed to connect to any given cpu/iom, the
interrupt masks used to mask/unmask the system, the various smic
patterns (set memory interrupt cells), instructions to clear
associative memories and the cache, connect and reconfiguration
locks, various trouble flags/messages used for keeping track of
pending communication of faults to bce, cyclic priority switch
settings, port numbers for controllers, configuration data from
the controllers, processor data switch values/masks, controller
sizes, and the scas page table (see scas).
SLT (SEGMENT LOADING TABLE)
One of the most significant initialization data bases, the
slt describes each initialization segment. It is built initially
from template_slt_, an alm program that not only builds the
appropriate slt entries for collection 0 segments, but also
generates the dseg for collection 0. Each entry in the slt
contains: pointers into name_table of the names and the final
storage system pathname (and acl), if any, for the segment;
access modes, rings, etc. for the segment; various flags used
for generation/loading of the segment, such as
abs/init/temp/supervisor segment, wired/paged, etc.; the length
and bit_count, etc. It is maintained by bootload_slt_manager and
slt_manager, who build entries based on information on the MST.
These entries are maintained so that the various pre-linkers
(bootload_linker and pre_link_hc) can find the target segments of
the various references.
SST (SYSTEM SEGMENT TABLE)
The sst (which contains the active segment table) is one of
the most important tables in Multics. It is the keeper of active
segments. Each active segment has an entry describing it (its
aste). The aste contains information used by segment control and
communicated with page control on the state of a segment. The
most important part of the entry is the page table words (ptws)
describing the disk/memory location of each page. There are four
pools of astes of different lengths to hold page tables of four
possible maximum lengths: 4, 16, 64 and 256 ptws. The entries
are threaded into various lists. The free entries of the various
pools are threaded into lists. Active segments have their own
lists. Separate lists are generated for temp and init (supervi-
sor) segs. Aside from these threads, each aste also contains
threads used to link segments to their parents and their trailer
seg entry. Status information includes: the segment's uid, the
current length, maximum length and records used, the pvtx and
vtocx of the segment (which couple with the ptws to find the
pages of the segment), various status bits of more obscure use,
and finally the quota computation information. init_sst origi-
nally builds this table. The page table words are maintained by
page control. The entries themselves are maintained by segment
control.
SST_NAMES_
The sst_names_ segment contains the names of paged segments
described by the sst. It is initialized by init_sst_name_seg
during collection 2 and maintained by segment control only if the
astk parm appears. It starts with information describing the
four aste pools followed by the paged segment primary names.
STACK_0_DATA
stack_0_data contains information keeping track of the ring
0 stacks (stack_0.nnn) that are shared between processes (one per
eligible process). It is initialized by init_stack_0. It has a
lock used to control threading of a pool of such stacks. Each
entry contains a list thread, a relative pointer to the aste for
the segment, a relative pointer to the apte for the holding
process, and the sdw for the stack. When this stack is given to
a process, this sdw is forced into its dseg; the acl of the stack
is kept as a null acl.
STOCK_SEG
stock_seg contains the record and vtoce stocks, a part of
the reliable storage system. Whenever a new page or vtoce is
needed for a drive, it is obtained from these stocks. The stocks
are filled by pre-withdrawing a number of records or vtoces from
the drive. This mechanism is used so that, upon a crash, it is
guaranteed that any records or vtoces being created were marked
in the record or vtoc maps as in use. This prevents re-used
addresses.
STR_SEG (SYSTEM TRAILER SEGMENT)
The str_seg is a paged segment used by segment control to
perform setfault functions. It is initialized into a list of
free entries by init_str_seg. Each entry contains the usual
backward and forward threads forming a list of trailers for a
given segment (the list itself is found by a relative pointer in
the aste for the segment). When needing to fault a segment, this
list shows all processes containing the segment. The entry shows
the segment number, for a process with this segment active, of
the segment and a relative pointer to the aste for the dseg of
that process (which is where we need to fault the sdw).
SYS_INFO
sys_info is a keeper of all sorts of information about the
state of the system. The most important entries to
initialization are sys_info$initialization_state, which takes on
values of 1, 2, 3 and 4 corresponding to whether we are running
initialization collection 1, 2, 3 or whether we are running
service (beyond collection 3), and sys_info$collection_1_phase,
which takes on values defined in collection_1_phases.incl.pl1
corresponding to running early, re_early, boot, bce_crash, ser-
vice and crash passes through collection 1. Also included are
key things like: the scu keeping the current time, the current
time zone, various limits of the storage system, and some ips
signal names and masks. The variable "max_seg_size" records the
maximum length of a segment. This value is changed during bce
operation to describe the maximum length of a bce paged temp
segment. This allows various Multics routines to work without
overflowing segments. Also in sys_info is "bce_max_seg_size",
this bce maximum segment length. This is available for any user
ring programs who desire to limit the size of objects they
prepare for the bce file system.
SYS_BOOT_INFO
See bootload_info, above.
SYSERR_DATA
The syserr_data segment is part of the syserr logging
mechanism. syserr actually just writes messages into this
segment and not to the paged log to avoid problems of paging
during possible system trouble. It is up to the syserr hproc to
move these messages from syserr_data to the log.
SYSERR_LOG
The paged abs-seg syserr_log, which describes the log
partition of disk, is used to hold the syserr log. It is mapped
onto the log partition by syserr_log_init. The syserr mechanism
involves putting syserr messages into syserr_data (which are
possibly written to the console) and then waking up the syserr
hproc which copies them into the paged partition. This is done
so that page faults are taken by the hproc, not by the syserr
caller who may be in trouble at the time. It starts with a
header providing the length of the segment, a lock, relative
pointers to the first and last messages placed there and also
copied out (by the answering service), the threshold that shows
how full the partition can get before the answering service is
notified to copy out the messages, the event channel for
notification (of the answering service) and the event for
locking. Following this are entries for the various syserr
messages. Each message is threaded with the others; it has a
time stamp, id number, and the text and optional data portions of
the message.
TC_DATA
tc_data contains information for the traffic controller.
The most obvious entry list herein is the list of aptes (active
process table entries). There is one apte for every process.
The apte lists activation information for the process, such as
its dbr, its state (blocked/running/stopped/etc.), various
per-process meters (such as cpu usage), its work class, and other
per-process scheduling parameters. Following the apt is the itt
(inter-process transmission table), maintained by pxss (the
traffic controller) to hold wakeups not yet received by a target
process. The call to hcs_$wakeup (or its pxss equivalent) places
an entry in the itt containing the target process id, the event
channel, the message data, etc. The next call to
hcs_$read_events obtains the events waiting for the target
process. Also present in tc_data is various meters (tcm.incl)
and other flags. Imbeded within this is the wct (work class
table) which keeps track of the status of scheduling into work
classes. tc_init builds these tables (see tc_data_header).
TC_DATA_HEADER
This is a trick initialization segment. tc_data_header is
allocated wired storage by tc_init to hold the real tc_data.
tc_data, originally build just from a cds segment and therefore
just describing the header of tc_data, is copied in. The sdws
for tc_data and tc_data_header are then swapped. As such, the
initialization segment tc_data_header (which describes the read
in tc_data) is deleted, but tc_data (now mapped onto the
allocated tc_data_header area) remains.
TOEHOLD
The toehold is another area for Multics/bootload Multics
communication. (In particular, the flagbox is contained within
it.) The toehold is a small program capable of getting to
bootload Multics from a crashing/shuting down Multics service.
(Its name is meant to suggest holding on by one's toes, in this
case to bootload Multics.) init_toehold builds a dcw (device
control word) list that, when used by the toehold program, can
write the first 512k of memory (those used by bootload Multics)
out to the bce partition and read in bootload Multics (saved in
the bce partition by init_toehold). The program runs in absolute
mode. It is listed here because it contains the flagbox and the
all important dcw lists.
TTY_AREA
Terminal control blocks (tcb's) are allocated in tty_area.
It is initialized to an area by fnp_init and managed by the
various communication software.
TTY_BUF
The tty_buf segment contains, obviously enough, the tty
buffers used for manipulating data communicated with the fnp. It
contains various meters of characters processed, number of calls
to various operations, echo-negotiation, etc., trace control
information and timer information. Following this is the
tty_trace data, if present, and the tty_buffer_block's, split
into free blocks and blocks with various flags and characters in
chains. The layout of this segment into empty areas is done by
fnp_init.
TTY_TABLES
tty_tables is an area in which tables (conversion and the
like) are allocated. It has the usual lock and lock event. It
is initialized by fnp_init.
UNPAGED_PAGE_TABLES
All permanent non-per-process unpaged segments have their
page tables in unpaged_page_tables. The page table for this
segment is also within it. It is generated initially by
template_slt_ and added to by the various segment creation
routines. The header of unpaged_page_tables contains the abso-
lute address extents of all hardcore segments that contain page
tables; these are unpaged_page_tables, int_unpaged_page_tables
and sst_seg. Dump analyzers look here to resolve absolute
addresses from sdws into virtual addresses of page tables.
VTOC_BUFFER_SEG
vtoc buffers live in the vtoc_buffer_seg. The segment is
allocated and initialized by init_vtoc_man. It starts with the
usual global lock and wait event. Following this are various
parameters of the amount and usage of the vtoc buffers, including
information about the vtoc buffer hash table. Then comes the
vtoc_man meters. Finally comes the hash table, the vtoc buffer
descriptors (pvtx - vtocx info, etc.) and the vtoc buffers
themselves.
WI_LINKAGE (WIRED INIT LINKAGE)
This initialization segment corresponds to area.linker for
wired initialization segments. It is built by the MST loading
routines.
WIRED_HARDCORE_DATA
Another collection of data for hardcore use, this segment
is permanent. It contains the size of a page, the amount to wire
for temp-wiring applications, the history register control flag,
the trap_invalid_masked bit, a flag specifying the need for
contiguous i/o buffers (if a non-paged iom exists), the debg card
options, the fim fault_counters and the bce abort_request flag.
WS_LINKAGE (WIRED SUPERVISOR LINKAGE)
This wired hardcore segment, shared between processes,
corresponds to area.linker for wired hardcore programs. It is
built by the MST loading routines.
�
APPENDIX C
MEMORY LAYOUT
In the memory layout charts below, the starting absolute
address and length for each data area is given (in octal). When
a number appears in brackets ([]), this means that it is really a
part of the segment listed above it.
The memory layout after the running of collection 0 (the
loading of collection 1) follows.
start length contents
----- ------ --------
0 600 fault_vector
1200 2200 iom_mailbox
3400 3000 dn355_mailbox
10000 2000 bos_toehold
12000 10000 config_deck
24000 22000 bound_bootload_0
[24000] [4000] [(bootload Multics) toehold]
[24000] [2000] [flagbox (overlays the toehold)]
[30000] [n] [bootload_early_dump]
46000 4000 toehold_data
52000 2000 unpaged_page_tables
54000 2000 int_unpaged_page_tables
56000 2000 breakpoint_page
60000 6000 physical_record_buffer
66000 2000 dseg
70000 10000 name_table
100000 4000 slt
104000 2000 lot
106000 and up wired segments
fabricated segments
1777777 and down all other segments
The absolute addresses of most of these segments is
arbitrary. Hardware known data bases must be at their proper
places, though; also, the toeholds are placed at addresses known
to operators. Except for these exceptions, the segments may be
moved. Their addresses are contained in bootload_equs.incl.alm.
All programs refering to this include file must be reassembled if
these addresses are changed. Certain interdependencies exist
that one must be aware of. First of all, the toehold is placed
at a 0 mod 4 page address. physical_record_buffer must be the
last of the fixed memory address segments. The length of all
segments is an integral number of pages. The two unpaged page
tables segments must be large enough to meet the demands on them;
refer to announce_chwm. Also, the length given for
bound_bootload_0 must hold the text thereof.
After collection 1 has finished, segments have been made
paged and collection 1 temp segments have been deleted, the
memory layout is as follows.
start length contents
----- ------ --------
0 600 fault_vector
1200 2200 iom_mailbox
3400 3000 dn355_mailbox
10000 2000 bos_toehold
24000 4000 toehold (bootload Multics)
[24000] [2000] [flagbox (overlays the toehold)]
46000 4000 toehold_data
52000 2000 unpaged_page_tables
56000 2000 breakpoint_page
60000 and up paging area
high mem sst_seg
INDEX
A aste pools 3-12, B-10
as_linkage 2-7, 3-20, B-1
aborting bce requests
see bce, aborting requests
B
abs-seg 3-10, 3-13, 3-16,
3-17, 3-18, 3-19, 4-3,
4-5, 4-16, 4-17, 6-8, A-1, bce 1-3, A-1
B-2 aborting requests 3-18, 4-5,
4-11
absolute mode 2-2 alert messages 4-4
area usage 4-2
accept_fs_disk 6-3 command level 4-10, 4-15
bce_crash 3-2
accept_rpv 6-3, 8-4 boot 3-1
crash 3-1
active init linkage early 3-1
see ai_linkage command processing 4-2, 4-9,
4-11
active segment table communication with Multics
see sst B-5
config_deck manipulation
active supervisor linkage 4-17
see as_linkage data B-1
disk accessing 4-3, 4-15
ai_linkage 2-7, 3-20, B-1 error reporting 4-2, 4-8
exec_com 4-8
announce_chwm 3-8 facilities 4-1
file system 3-16, 4-3, 4-16,
appending simulation 4-4 4-17
see also bce_dump and firmware
bce_probe loading 4-9
i/o switches 4-2, 4-7, 4-18,
area.linker B-1
see linkage sections initialization 4-1, 4-18
invocation upon a crash
assume_config_deck 2-7 B-13
bce (cont) bce_exec_com_ 4-8
machine state 5-2
paged programs 3-16 bce_exec_com_input 4-9
partitions
creation 3-6, 3-9, 3-13 bce_fwload 3-16, 4-9
usage 3-16, 4-1, 4-3,
4-16, 4-17 bce_get_flagbox 4-10
probe 4-7, 4-10, 4-11, 4-14,
4-15 bce_get_to_command_level 4-10
current address 4-13,
4-14 bce_inst_length_ 4-10
question asking 4-2, 4-14
ready messages 4-15 bce_listen_ 4-11
reinitialize 4-10
request processing 4-2, 4-6 bce_list_requests_ 4-10
request table 4-15
restrictions 4-3 bce_map_over_requests_ 4-11
temp segments 4-3, 4-17
bce_name_to_segnum_ 4-11
bce_alert 4-4
bce_probe 4-11
bce_alm_die 4-4 see also bce, probe
bce_appending_simulation 4-4, bce_probe_data 4-14
4-8, 4-14
bce_query 4-14
bce_check_abort 4-5
bce_ready 4-15
bce_command_processor_ 4-6
bce_relocate_instruction_
bce_console_io 4-6 4-15
bce_continue 4-7 bce_request_table_ 4-15
bce_crash bce command level bce_severity 4-15
see bce, command level,
bce_crash bce_shutdown_state 4-15
bce_data 4-7, B-1 boot
cold 3-13, 6-4, 6-7, A-1
bce_die 4-7 cool A-2
from bce 4-10
bce_display_instruction_ 4-7 from BOS 2-1
from disk A-6
bce_display_scu_ 4-7 from iom 2-1
from tape A-2
bce_dump 4-7 initial A-1
warm A-6
bce_error 4-8
boot bce command level
bce_esd 4-8 see bce, command level, boot
bce_execute_command_ 4-9
bootload command environment boot_rpv_subsystem 3-8
see bce
boot_tape_io 3-8
bootload command environment
data BOS
see bce_data getting to from bce 4-7
presence of 2-7
bootload Multics 1-1, A-1
bound_bootload_0 2-1, 8-1
bootload_0 2-3
breakpoints 3-15, 3-16, 3-17,
bootload_1 3-8 4-12, 4-14, 5-2
see also breakpoint_page
bootload_abs_mode 2-2
breakpoint_page 2-7, 3-9,
bootload_console 2-4 3-16, 3-17, 3-18, A-5
see also breakpoints
bootload_disk_post 4-15
bootload_dseg 2-4, 8-1 C
bootload_early_dump 2-5
central processor
bootload_error 2-5 see cpu
bootload_faults 2-5 channel table entry 7-2, B-6
bootload_file_partition 4-16, chantab B-3
4-17
clock
bootload_flagbox 2-6 setting 3-12
bootload_formline 2-6 cold boot
see boot, cold
bootload_fs_ 4-16
collection 1-1, A-2
bootload_fs_cmds_ 4-16
collection 0 1-2, 2-1
bootload_info B-1 console support 2-4
data B-1
bootload_io 2-6 error handling 2-5
input/output 2-6
bootload_linker 2-7 interrupts 2-6
main driver 2-3
bootload_loader 2-7, 8-1 programming in 2-2
bootload_qedx 4-16 collection 1 1-2, 3-1
bce_crash pass 3-2, 3-7
bootload_slt_manager 2-7 boot pass
sequence 3-2
bootload_tape_fw 2-8 bootload Multics pass 3-1
crash pass 3-1, 3-7
bootload_tape_label 2-1, 8-1 early pass 3-1
collection 1 (cont) core_map 3-14, 3-17, 8-3, B-2
early pass
sequence 3-5 cow
passes summary 3-1 see connect operand words
re_early pass 3-2, 3-7
see also bce cpu
service pass 3-1 data B-9
sequence 3-4 initialization of data 3-20
shut pass 3-1, 3-7 starting 6-9, 7-2
collection 2 1-3 crash A-2
loading 3-20 early in initialization 5-1
pre-linking 3-18 handler 3-1, 3-3
sequence 6-1 handling 1-4, 5-1
image
collection 3 1-3, 7-1 access 4-4
restarting 4-7, 5-2
collection_1_phase B-11 machine state 5-1
memory saving 5-1
collect_free_core 3-9 memory state B-13
memory swapping B-13
conditions
signalling 3-15 crash bce command level
see bce, command level,
configuration crash
data
see config_deck and scs create_root_dir 6-4
config_deck 3-10, B-2 create_root_vtoce 6-4
changes to 4-10
editing 4-17 create_rpv_partition 3-9
initial generation 3-12
setup 3-5 cte
see channel table entry
config_deck_data_ 4-16
config_deck_edit_ 3-10, 4-17 D
connect operand words 3-20
data
console about active segments B-10
collection 0 2-4 about bce B-1
driver about bootload tape B-1
see ocdcm_ about collection 0 B-1
locating 2-4 about configuration
see config_deck and scs
contiguous A-2 about core frames B-2
about cpus B-9
cool boot about hardcore segments
see boot, cool B-10
about processes B-12
core high water mark 3-8 about rpv B-2
about storage system B-11
data (cont) disk_data B-3
about system controllers
B-9 disk_emergency 9-5
about system state B-11
disk_post_queue_seg B-3
data bases B-1
disk_reader 3-9
dbm_man 6-4
disk_seg 3-11, B-3
dbm_seg 6-4, B-2
dm_journal_seg_ 6-6, B-4
dbr B-4
dn355_data B-4
deactivate_for_demount 9-4
dn355_mailbox 6-5, B-4
deciduous segments
see segments, deciduous dseg 2-8, 3-17, A-3, B-4
delete_segs 3-9 dte
see device table entry
demount_pv 9-5
dump
deposit A-3 early 2-5, A-3
to disk 4-7, A-3
descriptor segment to tape A-3
see dseg
dumper bit map seg
descriptor segment base see dbm_seg
register
see dbr
E
device table entry 7-2, B-6
devtab B-3 early bce command level
see bce, command level,
directory early
locking B-3
early initialization
dir_lock_init 6-4, 8-5 dumps 2-5
see initialization, early
dir_lock_seg 6-4, B-3
emergency shutdown 4-8
disk see shutdown, emergency
accessing 3-19, A-1, B-8
i/o posting B-3 emergency_shutdown 9-5
storage system
acceptance 6-3 errors
demounting 9-5 handling
in bce 3-14
disk queue B-3 in collection 0 2-5
reporting
disktab B-3 bce 4-8
syserr B-12
errors (cont) G
see also failures
esd gates
see shutdown, emergency initialization 6-6
linkages 8-6
establish_config_deck 3-10
getuid 6-5, 8-4
establish_temp_segs 4-8, 4-17
get_io_segs 3-11
F get_main 3-11, 8-2
group table entry 7-2, B-6
failures
of boot initialization 3-2 gte
of Multics A-2 see group table entry
of service initialization
3-2
see also errors H
fast connect code 3-18
hardcore A-3, A-5
fault_vector 2-5 address space 6-1
see also vectors
hardcore partition
fill_vol_extents_ 3-10 accessing 3-13
allocation from 3-17, 6-3
fim 5-2 amount of utilization 6-3
locating 3-13
find_file_partition 4-17 usage 6-8, 8-2, A-2, A-4
find_rpv_subsystem 3-10 hardcore segments
creation 8-1
firmware numbering 6-8, 8-5
loading
general mpcs 3-11 hc_load_mpc 3-11
in bce 4-9
into boot tape controller hproc 6-10, A-3
2-8
non-bootload disk mpcs
3-3, 3-16 I
rpv disk mpc 3-6, 3-8
location 4-9
for boot tape mpc 2-3 idle loop 6-7
naming 2-3
idle process 6-9, 6-10, 8-6
flagbox B-5
management 2-6, 4-7, 4-10 init segments 3-9
see segments, init
fnp_init 6-4
initialization A-3
fsout_vol 9-6 bce 4-1, 4-18
initialization (cont) init_proc 7-1
boot failure 3-2
directory control 6-1, 8-4 init_processor 6-6, 8-7
disk control 3-3
early A-3 init_pvt 3-13, 8-3
file system 1-3
gates 6-6 init_root_dir 6-7, 8-5
linking of A-4
page control 1-2, 3-3, 8-3 init_root_vols 3-13, 8-4
pl/1 environment 1-2
rpv 3-14 init_scavenger_data 6-7
scu 3-13
segment control 6-1, 8-4 init_scu 3-13
service failure 3-2
storage system 6-1 init_sst 3-14, 8-3
summary 1-1
traffic control 3-21, 6-1, init_sst_name_seg 6-7
8-6
init_stack_0 6-7
initialization_state B-11
init_str_seg 6-8, 8-4
initializer 3-15
init_sys_var 6-8
initializer stack
see stack, initialization init_toehold 5-1, 5-2, B-13
initialize_faults 3-15, 6-9 init_volmap_seg 6-8
initialize_faults_data 3-15 init_vol_header 3-14
initial_error_handler 3-14 init_vtoc_man 6-9, 8-4
init_aste_pools 3-12 input/output
in collection 0 2-6
init_bce 4-18
inter-process transmission
init_branches 6-5, A-2 table
see itt
init_clocks 3-12
interrupt vectors
init_dm_journal_seg 6-6 see vectors, interrupt
init_early_config 3-12 interrupts
collection 0 2-6
init_empty_root 3-12
int_unpaged_page_tables
init_hardcore_gates 6-6 see segments, unpaged
init_hc_part 3-13 inzr_stk0
see stack, initialization
init_lvt 6-6, 8-4
ioi_ 7-2
init_partitions 3-13, 8-4
ioi_data 3-11, B-6 locking
directories 6-4
ioi_init 7-2
logical channel table
ioi_page_table 7-2 see lct
iom_data 3-11, 3-16, B-6 logical volume table
see lvt
iom_data_init 3-16
lvt 6-6, 8-4, A-4, B-7
iom_mailbox B-7
io_page_tables M
see page tables, paged mode
iom
mailboxes
itt B-12 datanets B-4
iom 3-16, B-7
K make_sdw 3-16, 3-21, 8-2
make_segs_paged 3-17, A-5,
known segment table B-6
see kst
memory
kst 6-9, 8-5, A-4, B-7 accessing A-1
allocation 3-11
kst_util 6-9 allocation from slt 3-3,
3-11, 8-2
extent of usage 3-9
L freeing 3-9, 3-17
layout A-2
after collection 0 C-1
lct B-4 after make_segs_paged C-2
announcing 3-8
linkage sections 2-7, 3-20, placement 3-17
B-1, B-14, B-15 required placement C-1
hardcore gates finding 6-6 paging use 3-9
requirements for bootload
linking 3-4
see pre-linking
move_non_perm_wired_segs 3-17
loading
of collection 0 2-1 MST 3-16, 3-20, A-4
of collection 1 2-7 disk reading 3-9
of collection 2 3-20 tape reading 3-8, 3-21
of collection 3 7-2
multi-programming 6-10
load_disk_mpcs 3-16
Multics system tape
load_mst 3-16 see MST
load_system 7-2
N physical volume table
see pvt
name_table 2-8, B-8 physical_record_buffer B-8
nondeciduous segments pl1 environment
see segments, nondeciduous setup 3-8
prds_init 3-18
O
pre-linking 2-1, A-4
initialization A-4
ocdcm_ 3-18, 4-6 of collection 0 2-1
data B-8 of collection 1 2-7
of collection 2 3-18
oc_data B-8
see also ocdcm_, data pre-withdrawing B-11
pre_link_hc 3-18
P
probe
see bce, probe 4-7
page table word
see ptw ptw A-4
page table word associative ptwam A-4, A-5
memory
see ptwam pvt 3-11, 3-13, 8-3, A-4, B-8
page tables
absolute to virtual R
addresses B-14
active segments B-10
paged mode iom 7-2, B-6 read_disk 3-19, 8-3
scas B-9
see also unpaged page tables read_disk_label 3-19, 8-4
unpaged segments
see segments, unpaged read_early_dump_tape 2-5
paging real_initializer 3-19
of bce segments 3-16, 4-1
of initialization segments reinitialize 4-10
3-17
reload 7-1
partition A-4
see bce, partitions request table
see hardcore partition see bce, request table
pathname associative memory ring 1 command level 7-1
6-7
root dir
physical volume activation 6-7
see disk creation 6-4, 6-7
root physical volume segments (cont)
see rpv hardcore
data B-10
rpv A-5 permanent
initialization 3-12 numbering 8-5
layout 3-10 hierarchy
locating 3-10 numbering 8-5
init 3-9, A-3
numbering 8-5
S nondeciduous A-4
numbering
fixed 8-5
safe_config_deck 3-3 outer ring B-7
synchronized 6-6, B-4
salvaging 6-3, 6-5, 6-8 temp 3-9, A-5
numbering 8-5
save_handler_mc 5-2 unpaged A-5, B-6, B-14
scas 3-20, A-5, B-9 segment_loader 3-20
scas_init 3-20 setfault B-11
scavenger 9-6 shutdown 9-1, 9-6, A-5
emergency 4-8, 9-3, 9-5,
scavenger_data 6-7, B-9 A-3
part 1 9-2
scs 3-20, A-5, B-9 normal 9-7
scs_and_clock_init 3-20 shutdown_file_system 9-7
scu shutdown_state 9-6
data B-9
initialization of data 3-20 slt 2-7, 2-8, 3-21, A-5, B-8,
register access B-9 B-10
memory allocation from
sdw 2-4, 8-2, A-5, B-4 see memory, allocation
creation 3-16 from slt
segment descriptor word slt_manager 3-21
see sdw
sst 3-14, 3-17, 8-3, 8-4,
segment descriptor word B-10
associative memory
see sdwam sst_names_ 6-7, B-10
segment loading table stack
see slt collection 0 2-2
initialization B-5
segments ring 0 6-7, B-11
activation information B-7 segment numbering 8-5
deactivation 9-4 shutdown 9-4, 9-6, 9-7, B-5
deciduous 6-5, 8-3, 8-6,
9-4, A-2 stack_0_data B-11
start_cpu 6-9, 8-7 sys_info$bce_max_seg_size
4-17
stocks 3-11, 8-4, 9-6, B-8,
B-11
T
stock_seg B-11
stop on switches 3-20 tape_reader 3-21
str_seg 6-8, B-11 tcb B-13
supervisor tc_data 3-21, B-12
see hardcore
tc_data_header B-13
switches
i/o tc_init 3-21, 6-10, 7-2, 8-6
see bce, i/o switches
tc_shutdown 9-7
switch_shutdown_file_system
9-7 temp segments 3-9
see segments, temp
synchronized segments
see segments, synchronized template_slt_ 2-8, 8-1, B-5,
B-6, B-8, B-10, B-14
syserr_data B-12
terminal control blocks
syserr_log 6-9, B-12 see tcb
syserr_log_init 6-9 toehold 2-5, 5-1, 8-1, B-13
entry points 5-1
system communications segment
see scs traffic control
data B-12
system controller initialization
see scu see initialization,
traffic control
system controller addressing shutdown 9-7
segment
see scas tty_area 6-4, B-13
system segment table tty_buf 6-4, B-13
see sst
tty_tables 6-5, B-14
system trailer segment
see str_seg
U
system_type 2-7
sys_boot_info B-1 uid 6-5, 8-4, A-5
sys_info B-11 unique identifier
see uid
unpaged page tables 2-7, 2-8, warm boot
3-8, 3-11, 8-2 see boot, warm
unpaged segments wired A-6
see segments, unpaged
wired init linkage
see wi_linkage
V
wired supervisor linkage
see ws_linkage
vectors
fault B-5 wired_hardcore_data B-14
initialization 3-15
collection 2 6-9 wired_shutdown 9-7
interrupt B-5
see also fault_vector withdraw A-6
setup 2-5
wi_linkage 2-7, 3-20, B-14
volmap_seg 6-8
ws_linkage 2-7, 3-20, B-15
volume table of contents
see vtoc
vtoc A-6
accessing 6-8
updating 9-5, 9-6
vtoce A-6
accessing 6-3, 6-9, 8-4
buffers 6-9, 9-7, B-14
creation
deciduous segments 6-5,
8-3
initial 3-14
root dir 6-4
deactivation 9-5
dumper bit B-3
scavenger B-9
specifying number 3-13
stock 9-6, B-8, B-11
updating 6-8, 9-1, 9-4
updating for partition
creation 3-9
vtoc_buffer_seg B-14
W
wakeups B-12