[Search for users] [Overall Top Noters] [List of all Conferences] [Download this site]

Conference noted::hackers_v1

Title:	-={ H A C K E R S }=-
Notice:	Write locked - see NOTED::HACKERS
Moderator:	DIEHRD::MORRIS

Created:	Thu Feb 20 1986
Last Modified:	Mon Aug 03 1992
Last Successful Update:	Fri Jun 06 1997
Number of topics:	680
Total number of notes:	5456

203.0. "Self Modifying Code" by KLOV02::BROWN () Fri Jan 31 1986 15:08

   How about this as a method of doing a once-only loop ?

_sb:

Program Follows :-


	.Psect Data,Rd

Hello:	.Ascid /Hello.../
Goodbye:.Ascid /Goodbye !/

	.Psect Code,Rd,Wrt,Exe

;Start:
	.Entry Start,^M< >

	Moval	X,R0
	Addl	#1,R0
	Moval	Label1,R1
	Moval	Label2,R2
	Subl3	R1,R2,R3
	Movw	R3,(R0) ; Overwrite "Brw    Label1" with "Brw    Label2"

X:	Brw 	Label1
	
Label1:	
	Pushal	Hello
	Calls	#1,G^Lib$put_output ; Write "HELLO" on the screen
	Brw 	X

Label2:
	Pushal	Goodbye
	Calls	#1,G^Lib$put_output ; Write "GOODBYE" on the screen

	$Exit_s	#1

	.END	Start

T.R	Title	User	Personal Name	Date	Lines
203.1		SPEEDY::BRETT		`Fri Jan 31 1986 18:34`	6
	Its illegal, and its execution is unpredictable, because an REI is not executed between modifying and executing the instruction stream. RTFM. /Bevin
203.2		THEBAY::MTHOMAS		`Fri Jan 31 1986 22:45`	3
	Ok. How about for a PDP: MOV -(PC), -(PC) Or is that considered self duplicating?
203.3		STAR::CALLAS		`Sat Feb 01 1986 15:20`	21
	Here's another example of why you shouldn't do self-modifying code: error:: .word 0 clrb 10$ nop nop nop nop nop 10$: movl #1,r0 ret .end error If you run this on a 730,750,or MicroVAX I, you will get a reserved operand fault. If you run it on any other VAX (including Scorpio & Nautilus), it will return "correctly." If there were only 2 nops there, it would work on a 750. Jon
203.4		TRON::WARWICK		`Mon Feb 03 1986 04:28`	6
	RE:.3 - Is that something to do with the instruction pre-fetch (he guessed, wildly) ? Trev
203.5		STAR::CALLAS		`Mon Feb 03 1986 18:00`	3
	Precisely. Jon
203.6	More complex than you think	RANI::LEICHTERJ	Jerry Leichter	`Wed Feb 26 1986 09:34`	7
	BTW, every once in a while, this will produce a reserved instruction trap on ANY VAX. (All you need is for an interrupt to occur between the modifi- cation and the execution of the instruction.) It's actually possible to use this to count the number of interrupts in a given time interval in user-mode code. -- Jerry
203.7	RTFM	PAUPER::AUGERI	Mike Augeri	`Wed Feb 26 1986 17:15`	5
	RE: 203.1 What manual and page are you referring to? Mike
203.8		ULTRA::PRIBORSKY	Tony Priborsky	`Thu Feb 27 1986 08:24`	1
	Re: .7: DEC STD 032, the VAX Architecture Standard.
203.9	Not on everyones shelf...	TLE::BRETT		`Fri Feb 28 1986 15:49`	17
	DEC STD 032, Vax Architecture Std, section 8.3 The VAX arch. encourages ... separation of ... procedure (instructions) and writeable data. Native mode procedures may not write data which is to be subsequently executed as an instruction without an intervening REI instruction being executed... If no REI...the instructions are executed are UNPREDICTABLE. Actually I was feeling hacked off the day I put response .1 in, and the RTFM was uncalled for. It is a rather obscure reference. /Bevin
203.10	The REI seems peculiar	PAUPER::AUGERI	Mike Augeri	`Tue Mar 04 1986 10:34`	13
	The REI reference was the one that I couldn't understand. Doing an REI without an exception or interrupt having occurred seemed suspicious. Since the PC and PSL are popped from the stack when they were never pushed, it seems to me that the stack will be corrupted. How is this avoided? I ran the program from the debugger in single-step mode and it did what it was "supposed" to do. However, running it normally produced the once-only loop. It looked to me like the problem was associated with the instruction look-ahead in the processor. Isn't this really what is being exercised here? Mike
203.11		PASTIS::MONAHAN		`Tue Mar 04 1986 11:15`	12
	Running the debugger in single step mode you get an REI for every instruction in the programme under test (at least one, that is). The philosophy, I think, is that the architecture should allow a particular implementation to do an indefinate amount of instruction stream prefetch or caching, but should still allow things like image activation or swapping to work. These always do an REI to get to the code that is new in memory, so the REI is guaranteed to flush any such buffers, but it is the only guaranteed way. Dave
203.12	Hack it...	TLE::BRETT		`Tue Mar 04 1986 17:14`	5
	You just write code to push a valid PSL/PC on the stack before you do the REI... /Bevin
203.13		CLT::GILBERT	Juggler of Noterdom	`Wed Mar 05 1986 21:57`	13
	That's what VAX Sort/Merge V4 does. It builds a few little routines that are executed via JSB linkages. To ensure that the instructions get there, it does an REI. There was an interesting bug on the 11/750s (?) that this code turned up. If the byte following a one-byte instruction wasn't readable (that is, the the one-byte instruction was the last byte on a page, and the next page was protected), it produced an ACCVIO. So Sort/Merge pads the generated routines will an extra byte. BTW - does anyone know whether BASIC (which does 'dynamic linking') executes an REI before executing the generated code?
203.14	Hey, BASIC ain't no turkey	CLT::HOBDAY	VAX BASIC V3 draws PICTURES	`Thu Mar 06 1986 00:52`	7
	Yep, sure does. Here is the code: MOVPSL -(SP) ;MEET ARCHITECTURAL SPEC FOR CALLING CODE PUSHAB B^30$ ;CONTINUE IN LINE REI ;CONTINUE AT NEXT INSTRUCTION 30$: CALLS #0,(R3) ;CALL THE USER PROGRAM IN MEMORY