On Fri, 29 Jul 2005 15:25:49 -0700, Edward E. Jaffe wrote: ...snipped... >For example, ,'BC 15,0(0,0)' will definitely go to location zero and >leave no linkage trail in a register. How would you even code (on >purpose or by accident) a BRC or BRCL to branch to location zero?
Here's a manufactured relative branch to low storage (I might miss location 0 but I'll scare it from above at least). So how about: LA R15,LOWRENT+L'LOWRENT Beyond jump instruction's address SRL R15,1 Compute number of halfwords to zero LNR R15,R15 zero is a "backwards jump" STCM R15,B'1111',LOWRENT+2 Alter relative address in instr. LOWRENT BRCL 15,0 Go fly off to (very) low storage (modified) (Granted it may not be exactly zero but the idea s.b. clear now.) That won't necessarily get you there in Amode 64 but will in 24 or 31 bit mode. >Likewise, 'BAS xx,0(0,0)' will definitely go to location zero, but there >will be a linkage register trail. Again, I don't see how you would even >code the equivalent relative instructions BRAS or BRASL to branch there. > >>Having the last successful branch displayed in dumps will help (as long >>as the "branch from on high" isn't followed by a random branch down low >>before the abend strikes; then all bets are off without an itrace). >> > >Agreed re: a wild branch to a branch. In my experience, that's quite >rare. Having the processor remember one branch instead of the last 'n' >branches will probably help with 99% of the hard-to-diagnose wild branch >cases. For the others, you could say we're still one branch closer to >knowing what happened. :-\ > >BTW, what is itrace? Do you mean system trace with branch tracing >enabled? That won't trace the above instructions anyway. It traces only >BALR, BASR, BASSM, BSA, BAKR (when 'r2' is non-zero), BSG, and RP ... >not BC, BRC, BRCL, BAL, BAS, BRAS, or BRASL. By "itrace" I meant a GTF SLIP instruction trace of the offending address space. >>Frequent culprits are the access method GET/PUT routines not being filled >>in (due to OPEN failures that went unchecked) and those cases seem like >>they'll be covered by the 'wild branch' display. (Oh, joy!) >> > >Excellent example! I'm glad you agree. I posted yesterday that there might be a possibility of an EXecuted BRCL jumping to location zero (or a strange place, anyway) if the EXecute target byte was X'C0'. It would need to be more specific (and therefore a little harder to believe) since it would need to be X'C0F4' or else the EXecute register1 contents would need to OR-the byte following X'C0' so that the result was X'F4'. Less likely, sure, but possible -- and devilishly difficult to track. -- Tom Schmidt Madison, WI ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
