From mboxrd@z Thu Jan  1 00:00:00 1970
X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on inbox.vuxu.org
X-Spam-Level: 
X-Spam-Status: No, score=-1.0 required=5.0 tests=MAILING_LIST_MULTI,
	T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.4
Received: (qmail 9633 invoked from network); 8 Jun 2023 03:32:10 -0000
Received: from minnie.tuhs.org (50.116.15.146)
  by inbox.vuxu.org with ESMTPUTF8; 8 Jun 2023 03:32:10 -0000
Received: from minnie.tuhs.org (localhost [IPv6:::1])
	by minnie.tuhs.org (Postfix) with ESMTP id 5692D425DD;
	Thu,  8 Jun 2023 13:32:05 +1000 (AEST)
Received: from mail.ultimate.com (mail.ultimate.com [IPv6:2607:fc50:0:15::100])
	by minnie.tuhs.org (Postfix) with ESMTPS id 6A593425DD
	for <tuhs@tuhs.org>; Thu,  8 Jun 2023 13:31:57 +1000 (AEST)
Received: from ultimate.com (localhost [127.0.0.1])
	by mail.ultimate.com (8.17.1/8.17.1) with ESMTPS id 3583Vr0a057547
	(version=TLSv1.3 cipher=TLS_AES_256_GCM_SHA384 bits=256 verify=NO);
	Wed, 7 Jun 2023 23:31:53 -0400 (EDT)
	(envelope-from phil@ultimate.com)
Received: (from phil@localhost)
	by ultimate.com (8.17.1/8.17.1/Submit) id 3583Vrw7057546;
	Wed, 7 Jun 2023 23:31:53 -0400 (EDT)
	(envelope-from phil)
From: Phil Budne <phil@ultimate.com>
Message-Id: <202306080331.3583Vrw7057546@ultimate.com>
Date: Wed, 07 Jun 2023 23:31:53 -0400
To: tuhs@tuhs.org
References: <1e651370-3ada-e211-c277-409d6563500d@f4grx.net>
 <EB675D9F-B739-4542-A981-6E594327EA38@humeweb.com>
 <I_q24DGoCcxqXBOm0bf0XCCXM77jn9grTan1ZiU6BebeJ08b9YJA_-hjd78d4pUEbYiBxqgKxDApytka_HQQfLJvHSoTd00EebtRzxJ5z7M=@protonmail.com>
In-Reply-To: <I_q24DGoCcxqXBOm0bf0XCCXM77jn9grTan1ZiU6BebeJ08b9YJA_-hjd78d4pUEbYiBxqgKxDApytka_HQQfLJvHSoTd00EebtRzxJ5z7M=@protonmail.com>
User-Agent: Heirloom mailx 12.4 7/29/08
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Message-ID-Hash: X5PMDACHR76LKNGUMRTRFKMUCJNUL5OI
X-Message-ID-Hash: X5PMDACHR76LKNGUMRTRFKMUCJNUL5OI
X-MailFrom: phil@ultimate.com
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
X-Mailman-Version: 3.3.6b1
Precedence: list
Subject: [TUHS] Re: Software written in B
List-Id: The Unix Heritage Society mailing list <tuhs.tuhs.org>
Archived-At: <https://www.tuhs.org/mailman3/hyperkitty/list/tuhs@tuhs.org/message/X5PMDACHR76LKNGUMRTRFKMUCJNUL5OI/>
List-Archive: <https://www.tuhs.org/mailman3/hyperkitty/list/tuhs@tuhs.org/>
List-Help: <mailto:tuhs-request@tuhs.org?subject=help>
List-Owner: <mailto:tuhs-owner@tuhs.org>
List-Post: <mailto:tuhs@tuhs.org>
List-Subscribe: <mailto:tuhs-join@tuhs.org>
List-Unsubscribe: <mailto:tuhs-leave@tuhs.org>

An unpleasant aspect of B on the PDP-11 seemed to be that data
addresses were stored as "word addresses" (divided by two).  Addresses
"fix ups" were done before starting any user or other run-time code.

I wrote a comment about this at
https://github.com/philbudne/pdp11-B/blob/pb/source/brt/brt1.s#L67

(which is my reconstruction of the brt files).  Alas, I didn't note
the origin of the SCJ recollection of DMR's hack.

B code from "libb" (disassembled by Angelo Papenhoff?) shows the
initial branch:

http://squoze.net/B/libb/printf.s
http://squoze.net/B/libb/printn.s

Although neither file has any fixups.

The signature I would expect from binary B code of this era would be
that the generated code from each source file starts with a branch (or
jmp) around the contents of the file, to a "jsr r5, chain" followed by
a zero terminated list of addresses (which I guessed were addresses of
address words that needed to be fixed up).

I would expect the code at "chain" to loop through the words
referenced by (r5)+ "fixing" them, and finally returning using "rts r5",
something like the code I wrote at
https://github.com/philbudne/pdp11-B/blob/pb/source/brt/brt1.s#L102

chain:	mov	(r5)+,r0	// fetch pointer pointer
	beq	1f		// quit on zero word
	asr	(r0)		// adjust the referenced word
	br	chain

1:	rts	r5		// return to end of file, fall into next

If the utilities you mention were in fact written in B (which would
offer us the chance to recover the actual code used in brt1 and brt2)

Which looks VERY MUCH like what you describe:
> This "signature" I refer to being a few properties of the a.out files and initial flow of the entry compared with other binaries of known source code origin.  First, these are all magic number 405(8) binaries, so V1 era a.out.  Second, in each case, the initial branch is to a jump vector which then performs a r5-relative subroutine call followed by a halt in the case of fallthrough.  In other words:
>
>     br  _start  / 405(8)
>     ...
> _start:
>     jmp innerstart    / some faraway place
>     ...
> innerstart:
>     jsr r5,main    / always 004567 000042
>     halt
>     ...
> main:
>     inc somevalue   / always 005267 000136 or 005267 000140
>     ...

The fact that the jsr r5 always points to a small, fixed address is
likely because it points to B runtime code loaded at the start of
memory, which doesn't exactly match what's described in section 10.0
in https://www.bell-labs.com/usr/dmr/www/kbman.html:

	ld object /etc/brt1 -lb /etc/bilib /etc/brt2

The initial jmp is the file prologue emitted by the B compiler,
and the code at "innerstart" the epilogue, that I would expect
to be "jsr r5, chain"

I believe the "halt" is a literal zero word (terminating the fixup
list) and not a halt instruction, and that the chain routine (auto)
increments r5, until it sees a zero word, and then returns
(likely via "rts r5") to the word after the zero word.