A computer system emulation operating system. by Leap, Thomas R.
Lehigh University
Lehigh Preserve
Theses and Dissertations
1-1-1979
A computer system emulation operating system.
Thomas R. Leap
Follow this and additional works at: http://preserve.lehigh.edu/etd
Part of the Computer Sciences Commons
This Thesis is brought to you for free and open access by Lehigh Preserve. It has been accepted for inclusion in Theses and Dissertations by an
authorized administrator of Lehigh Preserve. For more information, please contact preserve@lehigh.edu.
Recommended Citation
Leap, Thomas R., "A computer system emulation operating system." (1979). Theses and Dissertations. Paper 1853.
A COMPUTER SYSTEM EMULATION 
OPERATING SYSTEM 
by 
Thomas R. Leap 
A Thesis 
Presented to the Graduate Committee 
of Lehigh University 
in Candidacy for the Degree of 
Master of Science 
in 
Computer Science 
Lehigh University 
1979 
ProQuest Number: EP76125 
All rights reserved 
INFORMATION TO ALL USERS 
The quality of this reproduction is dependent upon the quality of the copy submitted. 
In the unlikely event that the author did not send a complete manuscript 
and there are missing pages, these will be noted. Also, if material had to be removed, 
a note will indicate the deletion. 
uest 
ProQuest EP76125 
Published by ProQuest LLC (2015). Copyright of the Dissertation is held by the Author. 
All rights reserved. 
This work is protected against unauthorized copying under Title 17, United States Code 
Microform Edition © ProQuest LLC. 
ProQuest LLC. 
789 East Eisenhower Parkway 
P.O. Box 1346 
Ann Arbor, Ml 48106-1346 
CERTIFICATE OF APPROVAL 
This thesis is accepted and approved in partial fulfillment 
of the requirements for the degree of Master of Science. 
(date"}  
Profess($w /in Charge 
Chairman of Department 
ii 
TABLE OF CONTENTS 
Page 
ABSTRACT   .    ■ '   " 1 
1. INTRODUCTION 3 
2. THE PDP-11 6 
3. THE GENERAL OPERATING SYSTEM 8 
3.1 Design of the Operating System 8 
3.2 Process Supervisor 12 
3.3 Timesharing Supervisor 12 
3.4 Memory Allocation Supervisor 13 
3.5 Executive 13 
3.6 Basic Interrupt Routine Structure 14 
3.7 Real Time Clock Handler 15 
3.8 General Trap and Abort Handling 15 
3.9 Input / Output Handling 16 
3.10 Teletype Interrupt Handler 18 
4. THE EMULATION SYSTEM 19 
4.1 Components of the Emmulation System 19 
4.2 Emulation Data Base 19 
4.3 The Emulation Executive 20 
4.A     Emulation Initialization * 20 
4.5 Controlling the Emulation 21 
4.6 Debugging Tools 23 
4.7 Emulation Trap Handler 24 
i i i 
4.8  Memory Management Traps 25 
5. DEVICE EMULATION 27 
5.1  Device Referencing 27 
.,,  5.2  Device Emulation Drivers 28 
5.3 Device Event Timing 29 
5.4 Adding Additional Emulation Devices 30 
5.5 Emulation Example - The Teletype Interface   31 
6. PROBLEMS OF EMULATION 36 
6.1 General Problems with the PDP-11 36 
6.2 Return from Interrupt Handling 37 
7. CONCLUSIONS 44 
7.1 Use of a System Programming Language 44 
7.2 Conclusions on Emulation 45 
7.3 Future Enhancements 47 
Appendix A - References 49 
Appendix B - Operating System Modules 51 
Appendix C - Operating System Command Language 55 
Appendix D - Emulation System Command Language 56 
Appendix E - Operating System Calls 60 
Appendix F - Vita 62 
IV 
ABSTRACT 
The Computer System Emulation Operating System is a 
combination of a basic, general-purpose, timesharing 
operating system and an emulation system. The system is 
used as a software development, testing and debugging tool. 
The gene'ral-purpose operating system was written 
specifically for this purpose because use of an existing 
operating system was impractical. The emulation system was 
added to this operating system. It is probably possible to 
integrate the emulation system into an existing operating 
system, giving the user the combined capabilities of the 
operating system and the emulation system. 
The emulation system creates an environment which 
appears as a stand-alone computer system to any program 
being executed in this environment. The emulation system 
emulates computer hardware peripherals, and the host 
computer itself directly executes the machine instructions. 
This provides the advantage of speed over totally emulating 
both the computer and peripherals of a system, and has 
economic advantages over systems which use special hardware 
o 
to emulate the computer. 
Peripherals existing on the host computer can be used 
by a user program through an interface in the emulation 
system. The interface provides protection to the rest of 
the operating system from erroneous user requests. 
Nonexistent hardware devices can be emulated or simulated 
as necessary by the emulation system. In addition, the 
emulation system provides an array of debugging tools which 
are  not dependent on the resources of the computer syst/ 
under emulation. 
i 
The new features of this emulation system are: 
1. p Total  transparency of  the hardware device 
interface. 
2. Time  suspension  during  hardware  device 
emulation. 
J 
"> 
1. INTRODUCTION 
Many computer controlled systems require specialized 
hardware that may change from system to system. Developing 
and testing software for these systems requires that 
hardware be maintained for this purpose. Maintaining a 
hardware system for each variation may be impractical or 
even impossible. In addition, when developing a new 
software system, the hardware system may available only a 
short time for software testing or may be in development 
itself and not be available at all. 
A possible solution to these problems is to emulate 
the system on another computer. Emulation allows the 
machine instructions of the emulated computer to be 
executed on some other computer [1]. In this way, the 
software testing can begin as soon as the emulator is 
working. If the emulator is programmable, the time 
necessary to modify it for a particular system could be 
relatively short compared to the time needed to build the 
system's hardware. 
There are  several  methods  that  could  be  used  to 
perform  the  emulation  [1].  The simpliest method (though 
not necessarily  the  easiest)  is  to write an emulator 
program on another computer.  However,  if a real-time 
system is emulated  in this  fashion,  the elapsed  time 
consumed to perform a test^beb^mps-^/ery  large [11] .  If the 
3 ' 
system requires some interaction with a user, this type of 
emulation would make the response time of the system very 
slow. 
The speed can be improved by microprogramming another 
computer to emulate the computer desired -[2,10,11,12]. 
This achieves instruction execution at normal processor 
speeds, but requires a user microprogrammable processor to 
perform the emulation. This also requires additional 
software to emulate any nonexistent system hardware 
[11,12]. 
If the emulation is performed on the same computer 
that is used in the hardware, it would not be necessary to 
emulate the computer. Instead, the software could be 
executed directly and only the nonexistent hardware would 
have to be emulated. Since the largest amount of time in a 
computerized system is probably spent computing and not in 
hardware access, this would greatly reduce the amount of 
computing time necessary for the emulation compared to an 
emulator program and provide execution speed equal to 
microprogrammed emulations. 
The interface between the emulator  programs  and  the 
user  program  should be transparent to allow direct 
execution of the user program without having to modify the 
references made  to the hardware,  this restricts the host 
computer system to one capable of  separating  accesses  to 
4 
the nonexistent hardware from allowable accesses. In 
general, this limits the possible computers on which this 
can be done to those capable of supporting a virtual 
operating system. 
The Digital Equipment Corporation PDP-11 minicomputer 
was chosen for implementing this emulation since it had the 
capability of supporting a virtual operating system. It is 
also widely used as the control processor in many different 
hardware systems. This type of wide use makes th„is 
emulation useful. Many other computers, which are used in 
a similar fashion, do not have the features necessary to 
support the emulation. 
2. THE PDP-11 
The memory management unit of the PDP-11 is the key to 
performing emulations of the kind described in this paper. 
This unit provides for mapping between a 64K byte virtual 
address space and a 256K byte physical address space, as 
well as for memory read and write protection [3], There 
are two sets of eight mapping registers, ca\Lled page 
address registers (PAR's), which map a 16 bit virtual 
address into an 18 bit physical address. There are also 
two execution modes of the processor, called Kernal and 
User. One of the mapping register sets is used in Kernal 
mode and the other in User mode. The execution mode of the 
processor is stored in the processor status word (PSW). 
The three most significant bits of a virtual address are 
used to select which mapping register within a set should 
be used to map the virtual address into the physical 
address. 
There are two sets of eight access and status 
registers, called page* descriptor registers (PDR's), which 
go along with the page address registers. These registers 
are used to describe the size, accessibility (read/write, 
read only, or non-resident), and whether or not a memory 
write access has been made to the page. If an address 
reference should violate a page's accessibility 
information, a memory management abort (or trap) occurs.  A 
trap handling program can then be executed which determines 
what the offending program was trying to do and either kill 
it or attempt a recovery. 
When an interrupt or trap occurs, the PDP-11 
automatically switches to Kernal mode regardless what mode 
it was in previously. Therefore, the interrupt vectors 
will always be read from the Kernal mode's virtual address 
space. Each interrupt vector consists of the address of 
the interrupt routine to be executed and a new PSW. Since 
the execution mode is contained in the PSW, this specifies 
in which address space the interrupt handling routine will 
be found. 
3. THE GENERAL OPERATING SYSTEM 
3.1  DESIGN OF THE OPERATING SYSTEM 
A small, general-purpose operating system was written 
under which the emulation was implemented. This was 
necessary rather than using an existing operating system 
because implementing the emulation requires major 
modifications to the operating system for the necessary 
interfaces. Existing operating systems do not have the 
information available which the emulation programs require 
to do their job and the source programs were not available 
to any existing operating system to allow modifications. 
The Kernal mode of the processor is reserved for 
execution of operating system programs. The operating 
system programs and data area will only be mapped into the 
Kernal mode's virtual address space. Because a user 
program cannot access the memory space where the operating 
system software resides, there is no possibility that the 
user program can corrupt it. 
The hardware devices are only mapped into the virtual 
address space during Kernal mode execution to prevent a 
user program from performing unauthorized hardware 
accesses. Since the mapping registers and PSW will only be 
mapped into the Kernal mode address space, there is no 
chance that a  user program will  be able to change its 
8 
p 
virtual address space  and  gain  access  to  the  hardware 
devices or unauthorized memory space. 
The basic unit of program control in the operating 
system is the process. Either an interrupt or another 
process can cause execution of a process. For each process 
in existence there is a Process Control Block (PCB) which 
contains the information necessary to control and execute 
the process.  This information includes: 
1. The address of the program to be executed. 
2. A memory map of the memory space used  by  the 
process. 
3. Storage space for process execution timers. 
4. A stack for the process. 
5. Foward and backward links to other PCB's. 
At the heart of the operating  system  is  a  process 
supervisor which  initiates  execution of the processes in 
the system.  The supervisor handles both operating  system 
and user task initiation.  The operating system works in an 
event driven mode.  A series of interrupt routines generate 
the processes for the supervisor to execute.  When there is 
no work for a process to perform, it is suspended and will 
not  reach the process supervisor for execution until an 
event occurs which gives it work to do.   By  centralizing 
the  process  execution  initiation in one supervisor, task 
scheduling can easily be done by other routines in an event 
9 
driven manner. 
The emulation system is implemented at the operating 
system level and acts as an interface between the operating 
system programs and the user program in emulation. The 
relationship of the operating system parts is shown in 
Figure 1. 
10 
~^ 
TJ        U 
C  4J   d) 
<TJ   I* «H 
O TJ 
ajQ c 
<U <  to 
U       X 
£-• 
V 
c 
•HEW 
U   (A   (0 
aw 
o 
o 
B       u 
•«-t   .Stf     <D 
H OH 
o »a 
HH   C 
(0 o «0 
a     x 
OS 
A 
NK 
a> 
a vi 
>, a> 
4J  > 
d)  -H 
a> a 
A 
<o e o 
O-HH 
K HO 
0) 
O 
•H (0 
U  > M 
a) a> <D 
J3 a > 
O O va 
A 
en 
Pn 
g 
w 
H 
en 
CO 
o 
S5 
iH       M 
H 
s 3 
M       O 
o 
PM 
M 
W 
CO 
55 
O 
M 
11 
3.2 PROCESS SUPERVISOR 
Processes can be executed at any of sixteen software 
priority levels (the number 16 is due to the 16 bit word 
length of the PDP-11 but could easily be extended). The 
supervisor routine controls the execution of the different 
priority levels. The software priorities are preemptive of 
one another. That is, if a request for execution of a 
priority level higher than the one currently executing 
occurs, the supervisor will interrupt the current priority 
level and begin execution of all higher priorities. All 
information in the general registers necessary to continue 
the interrupted process is saved on that process's stack. 
Any information not pertaining to a specific process, but 
necessary for continuing execution of a priority level, is 
saved on the supervisor's own stack. Saving information in 
this manner allows a process to modify or halt execution of 
another process at a lower priority. 
For each priority level there is a linked list of 
PCB's for processes to be executed at the priority level. 
3.3 TIMESHARING SUPERVISOR 
The timesharing supervisor (TIMSUP) runs as a process 
at a higher software priority than any user jobs being 
timeshared. The priority level at which TIMSUP executes is 
periodically  executed by the supervisor so that TIMSUP can 
if 
12 
J) 
suspend a timeshared job and dispatch another for 
execution. If a running timeshared job ever becomes 
blocked (e.i., due to an input or output request), the next 
process on the list is automatically executed by the 
process supervisor. 
3.4 MEMORY ALLOCATION SUPERVISOR 
The memory allocation supervisor (MEMSUP) handles any 
requests by a job for additional memory. MEMSUP assigns 
memory to jobs from a free memory pool and keeps track of 
what job to which each section of memory is assigned. In 
disk based systems, MEMSUP will handle swapping memory out 
to the disk when necessary and will act as the demand 
paging supervisor. 
3.5 EXECUTIVE 
The Executive program is the normal interface between 
the user (at a teletype terminal) and the operating system. 
The executive interprets and verifies commands from the 
user and produce the proper response in the operating 
system to perform the functions requested. Basically, the 
executive calls other system programs to act on commands. 
Some functions are performed in the executive program 
itself. 
13 
Some of the functions performed by the executive are: 
executing user programs, acting as a debug routine, 
checking system and device status, assigning devices to a 
job, and setting up for and entering emulation mode. 
3.6  INTERRUPT ROUTINE STRUCTURE 
Most interrupt and trap handling routines must have 
the same basic structure. The first thing they must do 
upon entry is save the present real time clock count. This 
must be done to allow proper calculation of process 
execution time. 
Generally, the handler itself only determines which 
process must be executed because of the interrupt, and what 
priority at which it should be executed. The supervisor is 
called to interrupt a currently running process and begin 
execution of a higher priority process. If the process is 
not of a higher priority than the currently executing 
process, the handler returns directly to the executing 
process and lets the supervisor execute the new process 
when its priority level is reached. 
An interrupt handler need only save enough general 
registers to provide space for its own work since the 
supervisor takes care of saving all information necessary 
for the proper continuation of an interrupted process. 
14 
3.7 REAL TIME CLOCK HANDLER 
The real time clock handler (RTCHDL) handles iterupts 
caused by the real time clock. This routine determines 
which priorities get executed at real time intervals. The 
real time clock is set to interrupt at some regular 
interval. Whenever an interrupt occurs, the handler runs 
through a list of counters decrementing each. If any reach 
zero, a priority level is flagged to be executed and the 
supervisor called to supervise its execution. The counter 
is reset after it reaches zero allowing continuous 
interrupts at designated time intervals. 
3.8 GENERAL TRAP AND ABORT HANDLING 
Traps and aborts are processed  in different ways 
depending  on  the  program currently  running  under  the 
operating system.  For example, an editor program might use 
a trap to call an input/output (I/O) operation.  However, a 
trap occuring while in emulation mode should be passed on 
to the program being emulated.  To allow dynamic changes in 
trap handling, the routine to handle a trap or abort while 
a  particular process is executing is specified in a vector 
in the process control block.  There is one vector  in' the 
PCB for each trap or abort that can occur.  In this way, 
changing the handling routine can be done quickly and be 
transparent to both the routine handling the trap and the 
program causing the trap. 
15 
Initially and during normal execution, these vectors 
are set up with . the standard operating system handling 
routines. The emulator trap calls various operating system 
subroutines to perform functions such as I/O and task 
controvl. 
During emulation mode, all vectors are changed to call 
emulation routines to emulate the various traps and aborts 
that occur. 
3.9  INPUT/OUTPUT HANDLING 
The operating system maintains a list of all 
peripheral devices in the system. This list consists of 
the name of the device and a link to a device control 
block. The device control block contains specific 
information about the device necessary for its use. This 
information includes the address of the device interrupt 
handler(s), a set of status flags giving the status of the 
device in relation to the operating system, a set of I/O 
buffers sized specifically for the device, and pointers 
into these buffers. Each device is assigned a device 
control block at operating system initialization time. 
When a device is assigned to a job, a flag is set in 
the device's status information indicating that it is no 
longer available. A bidirectional link is set up between 
the device control block and the job control block so that 
16 
/ 
the user job can reference the device. Another link is 
made from the device control block to the process control 
block using the device so that the device can suspend and 
reactivate the process if necessary. 
There are actually / two types of device drivers: 
emulation system device drivers and standard operating 
system device drivers. The emulation system device drivers 
are discussed later. Standard operating system I/O 
operations are normally done to and from one of the I/O 
buffers in an 8 bit byte mode. Transfering data between 
the buffers and the I/O devices is handled by device 
drivers specifically written for each device. These device 
drivers are interrupt routines which are executed when a 
device interrupt occurs. 
A standard set of routines are used to interface 
between the user programs and the I/O buffers. These 
routines put data bytes into or fetch them from the buffers 
for the user program. They also initiate device action 
when required and suspend a user job when it becomes input 
or output blocked. 
17 
3.10  TELETYPE INTERRUPT HANDLER 
There are two teletype interrupt handlers: one for 
standard operating system I/O operations and one for 
emulation mode I/O. Initially, the standard operating 
system I/O teletype handler is in effect for a teletype. 
This is changed by the emulation system when the user job 
enters emulation mode. 
In standard I/O mode, the interrupt handler takes care 
of all teletype I/O which occurs to and from the teletype. 
The input and output data is buffered and passed on as 
requested, either by an interrupt or by the user program. 
If the teletype is not assigned to a user job, the 
interrupt handler creates a job for it when input data is 
initially received. A default program (normally the 
executive) is automatically executed to handle this data. 
18 
4. THE EMULATION SYSTEM 
4.1 COMPONENTS OF THE EMULATION SYSTEM 
The emulation system is divided into the following 
sections: 
1. Emulation Executive. 
2. Emulation Trap Handler. 
3. Device Emulation Routines. 
All of the sections reference a common emulation data  base 
which is unique to each job under emulation. 
4.2 EMULATION DATA BASE 
When the emulation system is first entered, the 
emulation executive immediately requests 8K of memory 
space. 4K of this memory space is used as the hardware 
device area of the processor being emulated (target 
processor). The other 4K contains various tables and data 
necessary for the emulation process.  These consist of: 
1. A data word indicating the version processor 
being emulated. 
2. The amount of memory in the target processor. 
3. A memory map showing where in physical memory 
the memory of the target processor is located. 
4. Space to save the contents of the target 
processor's general registers (including its 
memory management registers and psw). 
19 
5.  Data space for each hardware device  connected 
to the target processor. 
4.3 THE EMULATION EXECUTIVE 
The emulation executive acts as the interface between 
the user and the the emulation system. The executive is 
used" for three functions: initialization of the target 
processor, controlling the emulation, and as a debugging 
tool. The executive directly accepts and executes commands 
for controlling and debugging a program running in the 
target processor and also accepts commands to specify and 
initialize the target processor. The executive commands 
are detailed in Appendix D. 
4.4 EMULATION INITIALIZATION 
When initializing an emulation, the user must define 
the target processor. This processor can be any one of the 
PDP-11 series processors (however, several have not been 
implemented). Next, the amount of memory the target 
processor has is specified. The requested memory is 
fetched from the pool of available memory space by calling 
the memory supervisor. The physical address of the 
requested memory is entered in the memory map of the target 
processor. 
20 
The initialization program assumes a standard set of 
peripheral devices to be emulated depending on the target 
processor sellected and set up an available device table. 
User defined peripherals can be added to this set at 
initialization time. This is done by adding to the list of 
standard devices the address(es) through which the device 
is referenced and the address(es) of the routine(s) which 
will emulate the device. Standard devices can also be 
removed at this time. 
All processors are emulated as though they have memory 
management capability. For the processors which do not 
have this capability, the memory management unit is 
initially turned off and the memory management registers 
are not put in the available device table. This makes it 
impossible to turn on and use the memory management 
capability. 
4.5  CONTROLLING THE EMULATION 
Once the target processor has been defined, there are 
two ways of controlling execution of its program. Either 
the debug commands can be used from the executive, or a 
front panel simulator program can be executed. From the 
front panel simulator, all the functions of the PDP-11 
front panel can be performed. 
21 
In several versions of the PDP-11, there is really no 
front panel to the processor. That is, the computer is 
simply a "black box" with only an on/off switch. The 
operations normally controlled by switches on the front 
panel of other version processors are performed on the 
console teletype using a micro-pTrogrammed monitor routine. 
In this case, the front panel simulator program acts 
exactly like the front panel simulator program. This makes 
the user's teletype appear as though it were the console 
teletype on a stand-alone computer. 
When execution of the user program is actually begun, 
the trap vector routine addresses in the PCB are modified 
so that the emulation mode trap handlers are executed if a 
trap condition occurs. This allows emulation of the trap 
condition and is discussed further later. When a condition 
occurs which causes termination of emulation mode, the trap 
vector addresses in the PCB are restored to their normal 
contents. 
The emulation can be stopped at any time from the 
console teletype by typing an escape, control-C sequence. 
This is synonymous to pressing the halt switch ' on the 
computer except that the emulation executive is entered 
rather than stopping the processor. Also, when emulation 
is halted, time for the target processor also stops. 
Therefore, if the emulation  is continued,  there  is no 
22 
indication that the halt ever occurred. 
4.6  DEBUGGING TOOLS 
i 
One of the greatest advantages of the emulation 
operating system is in the area of run-time debugging 
tools. While an emulation is running, the debugging 
programs can suspend time and interrupt an emulation 
without changing the outcome of that emulation. Debug 
routines do not require any of the target processor's 
resources. Thus, when emulating a small processor with 
only a small amount of memory and limited peripherals, full 
advantage can be taken of the host machine's resources for 
debugging programs. 
The debug routine command language and functions are 
patterned after the Intel Corporation's "ICE80" in circuit 
emulator and debugging program[6] and the Digital Equipment 
Corporation's DDT debugging program[7]. The standard debug 
routine has commands to allow: 
1. Starting and stopping at any point in the user 
program. 
2. Setting and removing multiple breakpoints. 
3. Stepping through the program and dumping any 
register or memory location at each step or at 
multiples of steps. 
4. Examining and modifying locations and 
registers while the emulation is halted. 
23 
5.  Write protection of memory space as though  it 
were in read only memory. 
4.7  EMULATION TRAP HANDLER 
Traps which occur during emulation of a user program 
fall into two categories: traps that should be passed on 
to the user program and traps caused by references to the 
peripheral devices. All traps (and aborts) that occur 
which don't fall into the last category are assumed to be 
in the first. For these traps, the trap vector contents 
are fetched from the target processor's memory and the trap 
is emulated. The subroutine which handles this, the trap 
emulator subroutine, consists of an entry point for each 
trap that can occur and a common body. The entry point is 
generally entered via the trap vector specified in the PCB. 
Each entry point puts the address of its interrupt vector 
in a common register and jumps to the common body where the 
trap is actually emulated. Of course, the condition 
causing the trap is checked first to make sure that an 
illegal condition has not occurred in the user job. 
24 
4.8  MEMORY MANAGEMENT TRAPS 
In the PDP-11, peripheral devices are referenced 
through the memory address space as though they were memory 
locations. This address space is normally set up as both 
read and write protected so that any reference by the user 
program will cause a memory management trap. 
The memory management trap handler will determine if 
the reference was to a peripheral device, a memory 
management violation of the target processor's memory 
management hardware, or a reference to memory not existing 
in the target processor. This is done by first checking 
the target processor's set of memory management registers 
(if memory management is turned on) to see if a memory 
management violation occurred. If not, the physical page 
address of the violating reference is checked to see if it 
is in the memory space or in the peripheral address space. 
For memory management violations and nonexistent memory 
references, the appropriate trap is emulated. If the 
reference is to the peripheral address space, the physical 
address referenced is calculated so that the specific 
device referenced can be determined. 
25 
The physical address is calculated by fetching the 
instruction and its operands and then calculating in order 
each address referenced until the violation is found. Any 
modifications that occurred to the general registers are 
determined during this process and the registers are 
returned to their original values so that the instruction 
can be re-executed. 
Once the address is found, a table of peripheral 
device addresses is searched to find which device was 
referenced. If the address is not found in the table, a 
nonexistent memory trap is emulated. Otherwise, the table 
gives the address of the device emulation routine for the 
peripheral device at that address. 
26 
5. DEVICE EMULATION 
5.1  DEVICE REFERENCING 
There are two stages to emulating a reference to a 
peripheral device. The first is setting up for and 
executing the instruction which makes the reference. The 
second stage is processing the results of the reference. 
In emulating a reference to a device., the contents of 
the device's command/status registers are loaded into a 
block of memory which is mapped into the target processor's 
peripheral device address space. Read and write protection 
is removed from this space and the referencing instruction 
is executed. The trace bit is set in the host processor so 
that upon completion of this instruction, a trace trap will 
occur and the emulation routine can take over again. The 
target processor's peripheral device memory is then checked 
for changes to the emulation device's registers. Any 
changes may be interpreted as commands to the device and 
may signal an action in the device which must be emulated. 
Modifications might mean that the device's register 
contents must be updated. In any case, the results are 
processed and any furthar emulation is performed and the 
user program is continued. 
27 
Emulation subroutines for the following hardware 
devices are initially implemented: 
1. Processor status word. 
2. Real time clock. 
3. Teletype interface. 
5.2  DEVICE EMULATION DRIVERS 
There are actually two types of emulation device 
drivers. The first type is for a peripheral device which 
exists on the system and can be dedicated to the user job. 
In this case, the driver becomes as transparent as possible 
to the user program. The driver's responsibilities are to 
protect the rest of the system from the user program and to 
allow the user program to access the device as if it were 
actually connected to the target processor. 
The second type of emulation device driver is used 
when the device does not exist on the system or is not 
available to be dedicated to the user job. In this case, 
the expected responses of the device are simulated. This 
type of driver has the advantage of being able to produce 
automatic test sequences of device actions. 
28 
Some I/O devices will only have one or the other  type 
of driver depending on whether the device is ever available 
to a user program for emulation.  Other devices may have 
both  types of drivers with the second type used to produce 
fixed test conditions.  A user is allowed (when  legal)  to 
i' 
switch  between the two types of emulation drivers whenever 
necessary. 
5.3  DEVICE EVENT TIMING 
Any command or reference to a peripheral device may 
trigger an event to occur some period of time after the 
reference was made. To handle this, an entry is made in a 
time queue. When an event is triggered for occurrence at a 
later time, an entry is placed in this queue with the 
expiration time of when the event should occur. This queue 
is scanned at 10 millisecond intervals to see if an entry 
in the queue has expired. If an entry has expired, the 
emulation routine for that entry's device is executed. At 
this time, a status bit can be changed in one of the 
device's registers or an interrupt can be generated in the 
target processor. 
The expiration time of each queue  entry  is checked 
against the time spent executing instructions in the target 
processor and not the host processor.  Whenever execution 
of  instructions  in the target processor is suspended, the 
execution time clock for the target processor  is frozen. 
29 
In this way, a pseudo realtime is kept for the target 
processor and device emulation events are tied to this 
time. 
Since the timed event queue is scanned every 10 
milliseconds, device events may not occur at the precise 
time at which they occur in a real system. However, they 
should be close enough to produce accurate emulations since 
peripheral device event timing is normally timed 
independently of the execution cycle time of the processor. 
5.4  ADDING ADDITIONAL DEVICE EMULATION ROUTINES 
At present, additional device emulation routines must 
be added at the operating system level. The additions are 
made by making entries in four tables. These tables 
contain some the addresses of routines to handle device 
initialization, reset emulation, timing, and referencing. 
The initialization table contains a list of routines 
to execute which initialize each device for emulation. The 
reset table contains a list of routines to execute when the 
target processor performs a reset. The device timing table 
consists of a list of timers for each device which requires 
some form of event timing and the address of a routine to 
be executed when the timer expires. The device reference 
table consists of an entry for each address through which 
the device is referenced and the address for the  routine 
30 
which will process the reference. The entries in the 
device reference table must be sorted by reference address 
since the emulation system performs a binary search on the 
table when a hardware device is referenced. 
5.5  EMULATION EXAMPLE - TELETYPE INTERFACE 
The teletype interface actually consists of two 
separate devices: the input keyboard and the output 
teletype. Both of these are very similar to each other. 
Therefore, only the emulation routine for the input 
keyboard is described in detail. 
There are two registers associated with the input 
keyboard which are accessible to a program. They are the 
command/status register and the keyboard input data 
buffer[4]. Whenever a character is received from the 
keyboard, it is stored in the data buffer and a bit is set 
in the command/status register flagging the new character. 
When the program reads the data buffer, the new character 
flag is cleared. New Characters can be received at a 
minimum interval which depends on the baud rate of the 
interface (aproximately 100 milliseconds at 110 baud). 
31 
The interface has two modes of operation: interrupt 
mode and polled mode. The mode is selected by setting or 
clearing a bit in the command/status register. In polled 
mode, the program must continually test the new character 
status bit to see if a new character is received. In 
interrupt mode, an interrupt is generated whenever a new 
character is received. 
The emulation routine for the teletype keyboard 
interface consists of three routines: a routine to handle 
references to the command/status register, a routine to 
handle references to the data buffer, and a new character 
generation routine which is executed upon expiration of an 
entry in the timed event queue. Memory locations are 
assigned in the emulation data base to hold the pseudo 
teletype's registers. 
The command/status register acts, for the most part, 
like a read/write memory location. Modifications and 
accesses to this register do not cause or trigger any 
direct hardware responses. When this register is 
referenced, the emulation routine unlocks access to the I/O 
page and puts the contents of the register in the 
appropriate location in this page. The access is then 
allowed to take place. After the accessing instruction is 
finished, the register's location in the I/O page is 
checked for modifications to the interrupt/polled mode bit. 
32 
Any change in this bit is transferred to the pseudo 
register. The I/O page is then access protected and the 
program is continued. 
The data buffer is a read only register. Any write 
references to this register are ignored. Upon reference, 
the I/O page is unlocked to allow the reference and the 
data buffer's contents are copied into the appropriate 
location in the I/O page. When the instruction is 
complete, the I/O page is access protected and the new 
character ready bit in the command/status register is 
cleared indicating that the present character was read. If 
the data buffer is read again before a new character is 
received, the previous character is repeated. 
The timed event queue is used to time when a new 
character is or could be received. An entry is made in the 
timed event queue when the emulation is begun. When the 
entry expires, a new character generation routine is 
executed. This routine checks the user's teletype input 
buffer for a new character. If one is not present, the 
character generation routine is de-activated until the user 
types a character and the teletype interrupt handler 
receives it. At that time, the character generation 
routine is activated. The new character received bit is 
set in the status/command register. If the interrupt mode 
is selected,  an  interrupt  is emulated  for the target 
33 
processor. The new character generation routine is then 
requeued for execution in one minimum character time 
length. If the new character received bit vhad not been 
cleared when the next character is generated, an overrun 
error bit is set in the data buffer flagging the condition 
to the target processor. 
The difference between the keyboard input routines and 
the teletype output routines is that in teletype output 
emulation the data buffer is an output data buffer. The 
new character ready status bit indicates that a new 
character can be transmitted. When the data buffer is 
referenced, the character written into it is sent to the 
user's console teletype output buffer for printing. Each 
time a new character is sent, the output ready status bit 
is cleared and a timed entry is made. This will cause this 
bit to be cleared and an interrupt generated (if in 
interrupt mode) when the time expires. 
If the output buffer becomes full, the whole process, 
including execution of the emulation, is suspended until 
the real output device can catch up. Because the process 
can be suspended like this, any baud rate teletype 
interface can be emulated regardless of the speed of the 
user's teletype. 
34 
There are several other status and command bits 
defined and used in most teletype interfaces. Their 
functions exceed the basic teletype operating functions and 
they remain unimplemented. 
35 
6. PROBLEMS OF EMULATION 
6.1  GENERAL PROBLEMS WITH EMULATION IN THE PDP-11 
There are some problems which occur in trying to 
recover from memory management traps in the PDP-11 series 
of computers. First, the memory protection hardware is not 
ideal for recovering from page faults and memory protection 
violations. Upon an abort, the offending instruction must 
be analyzed to determine what memory location was being 
referenced. This is complicated by the fact that the 
general registers may have been modified by the instruction 
before the trap occurred. In the PDP-11/45 or larger 
processors, there is a memory management register which 
tells which registers have been modified and to what 
extent. This allows them to quickly and accurately be 
restored to their original values. But in the PDP-11/40 
and smaller processors, the instruction must be analyzed to 
determine these modifications and the extent of the 
modification cannot always be determined accurately. 
Since a single instruction can make up to seven memory 
references, determining which reference caused an abort can 
be very time consuming. It is unfortunate that the PDP-11 
does not simply save the address causing an abort. 
36 
Since the integrity of the operating system must be 
maintained, not all instructions can be executable by a 
user program in the PDP-11 user mode of execution. Some 
instructions (such as the HALT) generate traps which can be 
handled by the operating system. However, other 
instructions are treated as no-operation instructions and 
their true effect cannot be perfectly emulated (these are 
the RESET and WAIT instructions). Furthermore, some 
instructions partially execute (such as the Return Form 
Interrupt (RTI) instruction which will not properly modify 
the PSW in some cases). 
6.2  RETURN FROM INTERRUPT HANDLING 
The RTI instruction in the PDP-11 restores the PSW and 
the program counter (PC) with values saved on the stack at 
the time of an interrupt. The PSW contains the following 
information: 
1. Arithmetic status bits. 
2. Trace trap command bit. 
3. Processor priority  (used  for  locking  out 
interrupts of different priority levels). 
4. Previous execution mode (user or kernal). 
5. Current execution mode (user or kernal). 
37 
Of the information in the PSW, only the arithmetic 
status bits can be changed by an RTI instruction executed 
in user mode. All other bits will remain unchanged 
throughout the instruction. These bits may only be changed 
while executing in user mode if they are changed by a 
direct reference to the PSW such as a move instruction. Of 
course, to do this, the PSW must be mapped into memory and 
its address space unprotected. This is to allow protection 
of an operating system from a user program. If a user 
program could switch execution modes, it could possibly 
gain uncontrolled access to the operating system and other 
memory space not assigned to its job. If a user program 
could change the processor priority, it could lock out all 
interrupts. This would give it unlimited use of computing 
time since no periodic interrupts would occur for the 
operating system to check the user program's resource 
usage. 
This protection is provided by: 
(1) Not allowing the user program to directly 
reference the PSW. This can be done either by not mapping 
the PSW into the virtual address space or by 
write-protecting the virtual address space in which the PSW 
appears. During emulation, the real PSW is never mapped 
into the user program's virtual address space. 
(2) Not allowing an RTI  instruction to modify the 
38 
processor priorities or execution modes when the processor 
is running in user mode. Unfortunatly, an RTI instruction 
can still be executed. However, when the RTI attempts to 
load a PSW (from the user program's stack), any changes to 
this information are ignored. Otherwise, the instruction 
will execute as normal with no flag, trap, or abort to 
indicate that a change to the PSW was made. 
In emulation mode, any direct reference to the PSW can 
be handled since a memory protection abort occurs when the 
reference is attempted and the reference can be emulated. 
However, if a user program attempts to modify the PSW using 
an RTI instruction, the operating system will not know 
about it and thus will be unable to emulate the proper 
results. 
To show the seriousness of this problem, suppose that 
during an emulation an interrupt is emulated for the user 
program. In doing this, the current user PSW and return 
address will be saved on the user's stack. A new PSW and 
PC are picked up from the interrupt vector locations and 
used to continue execution. It is quite common for this 
new PSW to set the processor priority to some high value, 
locking out further interrupts during interrupt handling. 
The operating system will not actually put this new PSW in 
the host processor's PSW, but will put it in the target 
processor's PSW.  If any further  interrupts  occurred  for 
39 
the target processor, its PSW would be checked. Since 
interrupts are locked out, the new interrupts would be held 
off until the target processor's priority is lowered, 
probably by an RTI instruction. 
In the meantime, the user program's interrupt handling 
routine executes to completion and performs an RTI 
instruction to return from the emulated interrupt. The 
return is performed properly. An exception is where kernal 
and user modes are being emulated. A mode change may not 
have been made causing the program to continue execution in 
the wrong virtual address space. Also, the operating 
system does not know that the old PSW should be restored. 
Since there is no indication that an RTI was executed ' or 
that it attempted to modify the PSW, the interrupts remain 
forever locked out (or until an explicit modification of 
the PSW is performed). 
There are two approaches to correcting this situation: 
one using hardware and the other using software. In the 
hardware method, the hardware is modified so that an RTI 
instruction is noticeable to the operating system if 
executed in the user mode. This could probably be done by 
modifying the processor's microprogram. Unfortunately, 
this is very difficult and is beyond the scope of this 
project. 
40 
The use of a hardware breakpoint has been tried. This 
involves the addition of a peripheral device which causes 
an interrupt whenever a desired memory location (the PSW in 
this case) is referenced on the UNIBUS ( the PDP-11 memory 
bus)[3]. This worked well for catching explicit references 
to the PSW which appear on the UNIBUS, but did not work at 
all for catching references to the PSW caused by the RTI 
instruction. This is because the PSW is actually an 
internal register to the processor and its address never 
appears on the UNIBUS during execution of an RTI 
instruction. 
This leaves the software methods, none of which are 
ideal.  These methods include: 
(1) Replacing all RTI instructions with TRAP 
instructions which generate a trap whenever the TRAP 
instruction is encountered. The operating system can then 
emulate the RTI instruction. 
(2) Enabling the trace trap to causes an interrupt 
after each instruction and check for any RTI instructions 
before executing them. When one is found, it can then be 
emulated. 
(3) Putting a fake return address on the user's stack 
when an interrupt is emulated. This causes an RTI 
instruction to abort upon execution.  The operating  system 
41 
can then take over and emulate the RTI instruction. 
There are problems with each of these methods but at 
least they make emulation possible. With method (1), the 
user program must be modified at assembly time to replace 
the RTI instructions with TRAP instructions or the user 
must specify where they are before beginning emulation. To 
prevent actual TRAP instructions from being interpreted as 
RTI instructions, a list of the addresses of all RTI 
instructions must kept and checked whenever a TRAP 
instruction was executed. This begins to fail if ah RTI 
instruction is ever dynamically moved by a program. 
With method (2), the emulation can still remain 
transparent to the user program and some problems with 
other instructions can be cured (such as with the WAIT 
instruction). However, this method drastically slows down 
the execution of the user program by spending much more 
time in the operating system testing for an RTI than is 
spent executing the user program. 
Method (3) appears to be the fastest and simplest from 
a user point of view.  It remains fairly transparent to the 
user program without affecting execution  time very much. 
However,  if  the user program should ever modify or change 
the return address, this method will not catch the  change. 
Also, since the return address put on the user stack is not 
the real one, this method is not completely transparent  to 
42 
the user program. 
Because of the drawbacks of each method, all should be 
implemented and the user be allowed to specify which should 
be used prior to starting an emulation. 
43 
7. CONCLUSIONS 
7.1  USE OF A SYSTEM PROGRAMMING LANGUAGE 
An original design goal of the operating system had 
been to program as much of the system as possible in a high 
level language. Several were examined (C [8], Pascal [9], 
BLISS [5]). BLISS was found to be the best suited because 
it offers the best control of subroutine linkages. 
In the end, only a few modules were programmed in 
BLISS due to the restrictions put on the program structure 
by the capabilities of BLISS. 
Structured programming languages, especially those 
without GOTO statement capability, are lacking when used 
for programming the lower level operating system functions. 
This is due to the structure of the computer in which the 
operating system is running. The many interrupt vectors of 
the processor appear as many entry points to a single 
program (in this case, the operating system). Present 
structured programming languages are designed for only one 
entry point and one exit point to each program. 
In  the  emulation operating   system,   where  some 
operating system functions are run as processes, there must 
be multiple tasks with multiple stacks.   BLISS  does  not 
allow direct manipulation of the stack pointer.  Thus, the 
system programs which perform task changing  could  not be 
44 
written in BLISS. 
7.2  CONCLUSIONS ON EMULATION 
The operating system and emulation system have been 
implemented and proven to be possible on the PDP-11 
minicomputer. There are some problems with the PDP-11 
implementation, but they have been overcome with some 
compromises which are considered acceptable. The main 
problem is in the handling of the return from interrupt 
instruction. While the compromise solution does not 
ideally correct the problem, it does allow the user to 
decide what trade-offs are preferable. A possible ideal 
solution to this problem does exist through the 
implementation of a small PDP-11 microprogram modification 
which would modify the handling of the return from 
interrupt instruction. 
The emulation system provides a fairly accurate 
emulation of the PDP-11 series processors using any of the 
larger PDP-11 processors as host to emulate itself or 
smaller processors. The emulation is provided in a 
multi-user mode where several users can simultaneously be 
in different stages of program development, debug, or 
testing on a timeshared basis. 
45 
The emulation system can be used to provide a long and 
complicated, but fixed test sequence of hardware input to 
the target processor. This ability provides an excellent 
environment for easily debugging difficult software 
problems which occur. Additional error detection can be 
added to the emulation system without drastically changing 
the target processor's environment. Also, the ability to 
essentially freeze time makes tracing problems much 
simpler. 
The main design goals of the emulation system are 
transparency,, combining direct processor execution of the 
user program with nonexistent hardware emulation, and the 
availability of a large array of software debugging tools 
which do not use the target machines resources. All of 
these were achieved. Since the system has not as yet been 
put into practical use other than testing it with 
demonstration programs, it is impossible to determine how 
well it will perform in a working environment. However, 
system should perform extremely well, especially in the 
areas of debugging tools and program testing. 
I/O emulation has previously been described by Mallach 
[10], Allred [11], and Tucker [12], The main difference 
between I/O device emulation in the emulation system and 
I/O emulation described by these authors is the complete 
transparency to the user program along with complete 
46 
emulation of nonexistent devices. Also, there appear to be 
no references in existing literature to suspending time 
during I/O device emulation. 
7.3  FUTURE ENHANCEMENTS 
The operating system is presently a complete and 
usable package. How ever, it is rather minimal and some 
additions to both the operating system and the emulation 
system are desirable. 
The operating system was only developed to a point 
where it could support the emulation system and was 
neglected otherwise. The main enhancements to the 
operating system that would be helpfull are: 
1. Additional device drivers for devices such as 
magnetic tape and disks. 
2. A file structure. 
3. A file handling system. 
4. Program development tools such as: compilers, 
assemblers and editors. 
Additions to the emulation system which are desirable 
include: 
1. A method for loading and saving user programs. 
This should use a high speed device such as 
magnetic tape or disk. 
2. Symbolic referencing  capability for program 
47 
debugging. 
3. The capability to add device emulation 
routines at the user level rather than at the 
operating system level. 
4. Emulation routines for more of the common 
hardware devices and for more of the PDP-11 
series processors. 
5. A high level interface between the emulation 
routines and the user. This would provide a 
common interface protocol and make adding 
emulation routines easier. 
48 
Appendix A 
REFERENCES 
1. Schneidewind, N. F., "Emulation - Tool for Software 
Development," Proceedings, AFIPS, 1978 Joint Computer 
Conference, Vol. 47 pp. 367-372. 
2. Goldberg, J., Cooperband, A., Gallenson, L., "PRIM 
System - A Framework for Emulation-Based Debugging 
Tools," Proceedings, AFIPS, 1978 Joint Computer 
Conference, Vol. 47, pp. 373-377. 
3. "PDP-11/04/34/45/55/60 Processor Handbook," Digital 
Equipment Corporation, Maynard, Mass., 1978. 
4. "PDP-11 Peripherals Handbook," Digital Equipment 
Corporation, Maynard, Mass., 1976. 
5. "BLISS-11 Programmer's Manual," Digital Equipment 
Corporation, Maynard, Mass., 1974. 
6. "In-Circuit Emulator/80 Operator's Manual," Intel 
Corporation, Santa Clara, Ca., 1976. 
7. "DDT-10 Programmer's Reference Manual," Digital 
Equipment Corporation, Maynard, Mass., 1974. 
49 
8. Ritchie, R."'M.r "C Reference Manual," Bell Telephone 
Laboratories, Murray Hill, New Jersey. 
9. Jensen, K., and Wirth, N., "Pascal User Manual and 
Report," Second Edition, 1974, Springer-Verlag, New 
York. 
10. Allred, G. R., "System/370 Integrated  Emulation Under^ 
OS  and DOS,"  Proceedings,  AFIPS,  1971 Spring Joint 
Computer Conference, pp. 163-168. 
11. Mallach, E. G., "Emulator Architecture," Computer, 
August 1975, pp. 24-32. 
12. Tucker, S. G., "Emulation of Large Systems," 
Communications of the ACM, Vol. 8, Dec. 1965, 
pp. 753-761. 
50 
Appendix B 
OPERATING SYSTEM MODULES 
Name   Subroutine Function / Contents 
CHOPIT 
EMUDTA 
EMULAT 
EMUMMA 
EMUMON 
EMURTN 
Operating system initialization 
supervisor and background wait routine 
Emulation data base - defines storage 
for the target processors registers 
Emulation data base - contains data 
common to all jobs in emulation, mainly 
device tables and the instruction 
lookup table 
Emulation memory trap and abort handler 
emulates  traps and determines which 
emulation routine  should be  executed 
for an I/O reference 
Contains the emulation executive and 
initialization routines 
Contains the emulation routines for the 
PSW and memory management hardware 
51 
EXEC 
INITAL 
MEMINT 
PCBINT 
JTBINT 
RTCHDL 
TTYDVR 
MEMNAG 
ODT 
PARSE 
SAVREG 
The operating system executive program 
Contains initialization subroutines 
MMGINT     Memory menagement initialization 
Memory initialization subroutine 
SUPINT     Supervisor initialization 
Process control block initialization 
Job table initialization 
Real time clock handler 
Console teletype input and output 
driver 
General abort and trap handling 
A simple general memory display and 
modification program available as an 
executive command 
The general command parsing subroutine 
A set of general register save and 
restore subroutines 
52 
SUPER The general system supervisor program 
SYSTBL Contains  system  tables  and  data 
definitions 
SYSUB1 System subroutine module 1 
EMTHDL Operating system emulator trap handler 
GETJCB Get a free job control block 
THREAD Thread PCB on list 
UNTHRD Unthread PCB from list 
NEWJOB New job setup subroutine 
SETEXC Process setup for  executive execution 
subroutine 
INCHW Character input subroutine 
OUTCHR     Character output subroutine 
OUTSTR     Character string output subroutine 
WAITSK     Task suspension subroutine 
MEMFCH The memory supervisor subroutine 
53 
SYSUB2 System subroutine module 2 
GETPCB Get a free PCB subroutine 
INTPCB PCB initialization subroutine 
TTYEMU Teletype emulation routines 
TTYINT Teletype initialization routine 
ZTOP Defines the top of the operating system 
programs in memory and contains a patch 
area 
o 
54 
Appendix C 
OPERATING SYSTEM COMMAND LANGUAGE 
EMULATE -  Enter the emulation system. 
LOGIN -    Log into a user job. 
LOGOUT -   Log out of a user job. 
ODT - Enter the Octal Debug program. 
STATUS -   Gives the status of the user job. 
55 
Appendix D 
EMULATION SYSTEM COMMAND LANGUAGE 
CHANGE MEMORY n=n(fn) - Change the contents of the target 
processor's memory at the address specified at 
the left of the equal sign to the value at the 
right. If multiple values are given (separated 
by commas), sequential memory locations are 
changed. 
CHANGE RO [or Rl,...,R7,PC,SP,R16,PSW]=nnn - Change the 
contents of the register specified to the value 
given to the right of the equal sign. 
CONTINUE (nnn) - Continues emulation from where it last 
stopped (as specified in R7). If an address, 
nnn, is specified, the value nnn is loaded into 
R7 before emulation is continued. 
DISPLAY MEMORY nnn(-nnn) -  Display  the contents  of  the 
location specified.   If  a range is given by 
listing two address separated by commas,  the 
contents of all  locations between are also 
displayed. 
56 
DISPLAY ALL - Displays the contents of all  the general 
purpose registers and the PSW. 
DISPLAY RO  [or  Rl,...,R7fSPfPC,R16,PSW]  - Displays  the 
contents of the single register specified. 
EXIT - 
LOAD - 
PANEL - 
RESET - 
Exits from the emulation system and returns to 
the operating system executive. 
Loads the absolute loader program into the top 
of the emulation processor's memory. -This 
version of the absolute loader will read paper 
tape from the user's teletype when executed. 
Enters the front panel emulation mode. In this 
mode the user's teletype acts exactly like the 
console teletype on a stand-alone PDP-11 
system. 
Performs a processor reset which resets the 
processor and all of the emulation I/O devices. 
SELECT DEFAULT - Selects the default processor for 
emulation along with its maximum amount of 
memory and a default I/O set. Current defaults 
are: PDP-11/03, 16K memory, and a real time 
clock and console teletype as the I/O devices. 
57 
SELECT MEMORY nnn - Selects and assigns the amount of 
memory specified in thousands of words as nnn 
to the processor being emulated. If more 
memory is requested than the selected processor 
can have, its maximum is assigned. If the 
operating system runs out of available memory, 
the maximum available ammount is assigned. 
SELECT PROCESSOR [PDP-11/]nn - Selects the version 
processor to be emulated. 
SELECT (NO) SEARCH - Turns on (or off) the search for 
return from interrupt (RTI) instructions during 
emulation. If this search is not selected arid 
RTI instructions are not marked, they will not 
be executed properly during emulation. 
START nnn - Start emulation starting at address nnn. A 
processor reset is performed first. 
STATUS - Prints the status of the emulation system 
including the processor being emulated, the 
amount of memory on the processor, and the 
total amount of CPU time used by the user's 
job. 
58 
TIME - Prints the amount of time that the emulated 
processor has actually spent executing since 
the last reset.  This is the pseudo real time. 
59 
Appendix E 
OPERATING SYSTEM CALLS 
The operating system calls are program calls to 
operating system functions. These are used by support 
programs and user programs not running under emulation. 
They give these programs access, to the I/O devices, 
operating system resources (such as additional memory), and 
operating system information (such as job execution times). 
These calls are made using the emulator trap instruction. 
The information byte in the instruction is used by the 
operating system to determine which system call is being 
made. Each system call may or may not require additional 
information which would be passed in the general registers 
or would follow the emulator trap instruction. 
TRAP      DISCRIPTION OF USE 
EMT 0    Halt task 
EMT 1    Suspend task 
60 
EMT 2 Input a character. If no character is 
ready, the task is suspended until one is. 
The character is returned in RO. 
EMT 3 Output a character. The character is put 
into the output buffer and printed by the 
teletype interrupt routine. The character 
is passed in RO. If the buffer is full, the 
task is suspended until there is room for it 
in the buffer. 
EMT 5    Assign 4K of memory space to the job. 
EMT 8 Output a string of characters terminated by 
a null character. The string address is 
passed in Rl. 
EMT 9 Convert a binary number to ASCII and output 
it. The number to be output is passed in RO 
and the base it is to be output in is passed 
in Rl. 
61 
Appendix F 
VITA 
Thomas R. Leap was born on July 19, 1953 in Albany, 
New York, the son of H. Paul and Bernyce Leap. He is 
married to the former Marjorie Walker of" Summit Hill, 
Pennsylvania. 
He attended Elizabethtown College, Elizabethtown, 
Pennsylvania and received his B.S. degree in physics in 
1974. Since then, he has been employed full-time by 
Frederick Electronics Corporation in Frederick, Maryland. 
During the period of 1976 to 1978, he was on leave to do 
graduate study at Lehigh University. At Frederick 
Electronics, his experience has been primarily in the 
development of software for stored program controlled telex 
switching systems. 
The author is a member of Sigma Pi Sigma and the 
Institute of Electrical and Electronics Engineers. 
62 
