Path: utzoo!utgpu!jarvis.csri.toronto.edu!mailrus!wuarchive!gem.mps.ohio-state.edu!ginosko!uunet!zephyr.ens.tek.com!tekcrl!tekfdi!videovax!bart
From: bart@videovax.tv.tek.com (Bart Massey)
Newsgroups: comp.arch
Subject: Re: Self-modifying code
Message-ID: <5593@videovax.tv.tek.com>
Date: 14 Oct 89 23:29:00 GMT
References: <6481@pt.cs.cmu.edu> <9175@etana.tut.fi> <1619@atanasoff.cs.iastate.edu> <672@sce.carleton.ca>
Reply-To: bart@videovax.tv.tek.com (Bart Massey)
Organization: Tektronix TV Measurement Systems, Beaverton OR
Lines: 43

I can't resist throwing in my favorite example of self-modifying code.  A
friend and I were studying how the stack looks after a panic on a VAX 785
running 4.3BSD UNIX, and noticed that all the registers are saved by
_panic.  OK, we said to ourselves, that makes sense.  Let's look at the
assembly for panic:

	$ adb /vmunix /dev/kmem
	_panic+2,5?ia
	_panic+2:	subl2	$8,sp
	_panic+5:	cvtwl	$100,-4(fp)
	_panic+b:	tstl	_panicstr
	_panic+11:	beql	_panic+19
	_panic+13:	bisl2	$4,-4(fp)
	_panic+17:
	
Hmm, no register saves there -- ah, I know!  The regmask, at _panic, must
be set to all ones using loader magic or a sed script or something.

	_panic?x
	_panic:
	_panic:		0

At this point, we began to _panic :-).  To make a long story short, sure
'nuf, after only a half-day of thinking about it, we tried

	_panic/x
	_panic:
	_panic:		fff

and found in sys/vax/locore.s

	/* trap() and syscall() save r0-r11 in the entry mask (per ../h/reg.h) */
	/* panic() is convenient place to save all for debugging */
	bisw2	$0x0fff,_trap
	bisw2	$0x0fff,_syscall
	bisw2	$0x0fff,_panic

Sigh.  Of course.  Since panic() is written in C, there's no clean way to set
its regmask, perhaps not even with an asm(), so...

					Bart Massey
					..tektronix!videovax.tv.tek.com!bart
					..tektronix!reed.bitnet!bart