SECTION SRB

SIGNIFICANT CHANGES IN THIS RELEASE

This release contains the first installation of Bootload
Multics, also known as the Bootload Command Environment (bce).
Bootload Multics is a new phase of Multics initialization. It
allows the operation of Multics with or without BOS. The ability
to "warm" boot Multics from disk is provided by Bootload Multics;
that is, to boot without the MST mounted on a tape drive.

Bootload Multics provides a new ring zero command level.
The functions of warm booting, dumping and examining memory, and
emergency shutdown are performed from this command level. These
functions may no longer be performed from BOS. Also, automatic
operation is driven from the Bootload Multics command level. The
BOS functions of SAVE/RESTOR, SAVE COPY, CORE SAVE/RESTOR, as
well as a few specialized functions, are not yet available.
Also, printer support is not yet available.

The operation of Bootload Multics is described in detail in
Section 5.5 of the Multics Operator's Handbook, Order Number
AM81. This material must be read prior to attempting a boot of
this release. The presence of Bootload Multics will have no
effect on any user's process or application.

Bootload Multics requires 2455 pages of disk space on the
rpv for its operation, split between the new "bce" and "file"
partitions. These partitions will be automatically created when
this release is booted for the first time; the site, however,
must assure that a sufficient amount of space on the rpv exists.

For a better discussion of the changes involved with
Bootload Multics, refer to Appendix X of this SRB.

This release provides the ability of site maintenance
personal to set "probe" breakpoints in hardcore. When a
breakpoint is encountered, Bootload Multics will be invoked to
allow the analysis of the machine conditions. The breakpoint
conditions may be modified and then Multics restarted.

SRB-1

SECTION SRB-X

BOOTLOAD MULTICS (BCE)

MR11 includes a new phase to initialization known
alternately as Bootload Multics or the Bootload Command
Environment (bce). This release provides the first installment
of bce; future releases will provide further enhancements. The
goal of bce is to allow Multics to be operated without BOS. This
installation provides the basic facilities that a site must have
to run without BOS. Certain facilities present in BOS, used at
some sites, may not be present in this installation of bce; for
these facilities, the site will use BOS, just as in previous
releases.

The intent of this appendix is to describe bce in terms of
its difference from the previous method of operation (i.e. BOS).
This information should be used in conjunction with the
description of bce appearing in the MOH.

_T_H_E _M_S_T

bce, is not, as was BOS, on a separate tape from Multics.
Both bce and Multics originate on the same tape, the Multics
System Tape (MST). bce is an integral part of the Multics
initialization software. It both uses and is used by the Multics
initialization software.

bce/Multics may be booted from BOS or via the IOM boot
function. When booted from BOS, it is not necessary to load
firmware into the various controllers or set the system clocks
from bce, as this will already have been done from BOS. Also,
the configuration description needed by Multics is passed up from
BOS. When booted from the IOM, the firmware loading, clock
setting and config deck preparation are all done from bce.

Once booted, bce has no further use of the MST. Multics
service can be booted directly from bce without the aid of the
MST tape. This is because the needed contents of the MST tape
are saved in a partition of the rpv. This is an important
difference from the previous BOS method of operation. Note,

SRB-X-1

then, that an MST tape is not kept mounted on a tape drive during
periods of auto-reboot-mode operation.

_B_O_O_T_I_N_G

The equivalent of booting BOS is now to boot bce. Under
normal circumstances, bce is booted once within a given series of
boots of Multics service. It serves an equivalent function to
BOS in that it forms a platform from which Multics is booted and
to which Multics crashes or shuts down.

The booting of bce has the same significance as did the
booting of BOS previously, even if bce is booted from BOS. That
is to say that Multics service, although grown from bce, is to be
considered as a separate entity from bce, just as Multics and BOS
were considered separate and distinct entities in the past. When
Multics crashes or shuts down, Multics, as an entity,
relinquishes control of the system; bce, as an entity, takes over
control. bce can then perform emergency shutdown and dumping of
Multics.

bce can be booted from BOS, if BOS will be needed later, or
bce can be booted alone. The actual sequences for booting bce
appear in the Installation Instructions and in the MOH.

The directive "boot" now has two possible meanings. When
used in BOS, it means to boot an MST, thus starting up bce. When
used at the bce "boot" (or "bce_crash") command level, it means
to boot Multics service.

The next two sections provide some comments on the new
booting procedures.

_B_o_o_t_i_n_g _b_c_e _f_r_o_m _B_O_S

When BOS is booted first, and bce is booted from BOS, BOS is
used for those hardware and configuration initialization
functions for which it has always been used. Once bce is booted
from BOS, though, BOS is out of the picture as far as system
operation is concerned. bce/Multics will not return to BOS under
any circumstances unless the operator so directs. For this and
even more fundamental reasons, certain functions, previously
performed by BOS, can no longer be performed at BOS. These
include ABS, BLAST, DUMP, ESD, FDUMP and PATCH.

The process of booting BOS, as well as BOS itself, must
perform certain initialization functions before booting bce.
These are listed below, in order as they are performed.

The IOM INITIALIZE/BOOT function is invoked. The FWLOAD
function of BOS is read into memory in the process.

SRB-X-2

The bootload tape MPC is loaded by answering the prompt,
"Enter tape controller type:".

The other MPCs (disk MPCs as well as other tape and unit
record controllers) are loaded by supplying their types
and channel addresses to the FWLOAD prompts.

BOS is booted (which is irrelevant as far as bce is
concerned).

The config deck is generated or corrected.

bce/Multics is booted.

The BOS BOOT function is used as before to boot the
bce/Multics tape. The booting of Multics will appear as it would
in the past. The only visible difference is that Multics stops
at a new command level it did not have before. This is the bce
(ring-0, if you wish) command level. The bce command level can
be detected by the presence of the bce ready message:

bce (boot) TIME:

The word "boot" is sometimes replaced by other names, depending
on the system state. These are discussed later.

For more details on booting bce from BOS, refer to the MOH.

The normal day-to-day functions previously performed by BOS
will now be performed at this bce command level. The function of
booting Multics service takes place from bce. Also, when Multics
crashes or shuts down, the system will return to bce, instead of
BOS, so that emergency shutdown and dumping can be performed.

_B_o_o_t_i_n_g _b_c_e _f_r_o_m _t_h_e _I_O_M

The IOM INITIALIZE/BOOT function can be used to boot bce.
In this case, all hardware and configuration initialization
functions previously performed by BOS are performed by bce
itself. In most cases, the system requests the performance of
these functions in the correct order. It might be worthwhile,
though, to describe the initialization functions that must be
performed, in order, during the process of booting bce. For more
details, refer to the MOH.

The IOM INITIALIZE/BOOT function is invoked. Collection 0
of bce will be read in as a result.

Firmware is loaded into the bootload tape controller. This
is done by answering the "Enter boot tape MPC model"
query.

SRB-X-3

The bootload disk controller is booted. This is done by
answering the query "Enter RPV data". This also
locates the RPV.

The config deck is generated or corrected. During a cold
boot, the config deck is generated by using the config
deck editor at the "bce (early) TIME:" prompt. For a
normal boot, the config deck is read from the rpv
specified in the previous step and brought up to date,
if necessary, by the config deck editor. When this is
done, enter "bce" to complete the booting of bce. (bce
is not fully booted until it reaches the "boot" state.)

The system clock is set. The time value is requested after
entering "bce" above.

All other disk mpcs are booted, if necessary. This is done
in the load_disk_mpc dialog.

All other controllers are booted. This is done with the
fwload (fw) command at the "bce (boot) TIME:" prompt.

Notice that the same initialization functions are performed
as were previously performed by BOS, but their order is
different. The only function that the operator must explicitly
remember to do is to load the other MPCs at the "bce (boot)
TIME:" prompt.

Once the other mpcs have been loaded, bce can be considered
fully initialized. At this point, the system will be sitting
with the prompt

bce (boot) TIME:

This prompt signifies that the system is at bce command level, a
new (ring-0) command level. In the course of booting Multics,
this may be simply viewed as another command level (along with
the ring-1 and ring-4 command levels) in the process of booting.
However, this command level signifies that bce has control with
the same significance as we used to say that BOS has control in
the past. The function of booting Multics service takes place
from this command level (bce "boot" command level).

_N_O_R_M_A_L _O_P_E_R_A_T_I_O_N _O_F _B_C_E

The types of operations to be performed from bce are a
subset of those previously performed at BOS. (Eventually all
functions BOS performed will be performable from bce.) These
operations include booting Multics service, taking dumps of a
crashed Multics system, and invoking emergency shutdown of
Multics. The commands to perform these basic operations are

SRB-X-4

similar in operation and appearance to their BOS counterparts.
In particular, these equivalences are:

BOOT -> boot
ESD -> esd
FDUMP SHORT -> dump -short
etc.

The invoking of the standard BOS runcoms is replaced by invoking
the corresponding bce exec_coms. Thus:

AUTO -> ec auto star
GOGO -> ec go
RTB -> ec rtb

Other than these standard operations, the commands within
bce differ considerably from BOS. The MOH should be consulted
for the operations of these commands.

The MOH lists the functions currently performed by bce.
Certain other functions such as SAVE/RESTOR must still be
performed from BOS. If such operations are desired (those
performable by BOS but not yet performable by bce), it is
necessary to return to BOS. If bce was booted from BOS, simply
use the bce "bos" request. The BOS GO request will restart bce
where it was. If bce was not booted from BOS, it will be
necessary to boot BOS. Boot BOS only after successfully shutting
down Multics service.

_S_T_A_T_E _O_F _T_H_E _S_Y_S_T_E_M

bce can be in various states. The state of bce can be found
from the bce ready message/prompt:

bce (STATE) TIME:

It also can be found within bce via the bce_state request/active
function.

The "early" state normally appears only once, when booting
bce initially. When bce is in this state, the purpose is to have
the operator generate or correct the config deck, followed by
setting the clock when the system leaves this state (by entering
"bce").

The "boot" state is the normal state of bce. In this state,
Multics service may be booted.

If bce should fail, the "bce_crash" state is entered. When
this occurs, the dying bce is saved and can be dumped (if this is
desired). From the "bce_crash" state, one can enter
"reinitialize" to return to the "boot" state from which one can

SRB-X-5

then boot Multics service. As a short cut, Multics service can
be booted directly from the "bce_crash" state by entering "boot";
this performs a reinitialize and a boot of Multics service
without stopping at the bce "boot" command level.

When Multics crashes, bce is in the "crash" state. This
state exists just so that the operator is reminded that a dead
Multics exists which should be dumped and shut down (esd).

_T_H_E _T_O_E_H_O_L_D _A_N_D _'_E_X_E_C_U_T_I_N_G _S_W_I_T_C_H_E_S_'

BOS has a toehold. The toehold is a small program that was
the main driver when switching between Multics and BOS. It also
held the communication flags between BOS and Multics (the
flagbox). The toehold is located in memory at absolute address
10000 (octal).

bce also has a toehold used in much the same way as the BOS
toehold.

Since the BOS toehold is being kept around for this release
(as the driver for switching between BOS and bce (when BOS is
used)), the bce toehold (used for switching between bce and
Multics) must be at a different location. The bce toehold is at
absolute location 24000 (octal).

Thus, "executing switches" to force a manual return to bce
uses a different switch value than does forcing a return to BOS.
This switch value is "024000717200". When "executing switches"
on a L68 processor, this is the value to enter into the data
switches.

Since the toehold address to crash Multics has changed, the DMP's BOS
command is no longer used. Instead, with FCO PHXXXXX the DMP will except the
BCE command with the octal switch value for the first argument. Foe example,
"BCE 024000717200" entered on the DMP will return the system to BCE level.

The system will warn the operator if the data switches on
any processor are not set to the above value.

_G_E_N_E_R_A_L _O_P_E_R_A_T_I_O_N _O_F _B_C_E

The operation of the bce command level differs both from the
old BOS command usage and the Initializer ring-1 and ring-4
command level usage. The syntax and usage of this bce command
level is much more that of standard Multics command level. (This
is described in the MPM Reference manual and will not be repeated
here.) In particular, active functions and command iteration are
used. exec_com's (version 1) are available. Normally, though,

SRB-X-6

commands are typed simply as a command name followed by a
collection of arguments, separated by spaces.

The commands within bce attempt to resemble their
counterparts (if any) within service Multics. For details of the
execution of any given command, refer to the MOH.

Some things to remember about bce operation follows.

The text editor used to edit bce files (equivalent of BOS
runcoms) is qedx. It bears no resemblance to the BOS EDIT
command. The description of qedx appears in the manual, Commands
and Active Functions. The version of qedx within bce differs
from the standard version in that there is a query if one tries
to exit qedx with unwritten modified buffers.

Config decks are edited with the config_edit (config)
request. The config command in bce bears absolutely no
resemblance to the CONFIG command in BOS. One must remember when
one is in the config deck editor that one is really in qedx.

The bce equivalent of BOS runcoms is version 1 exec_coms.
These have absolutely no resemblance to BOS runcoms. An
important thing to remember when converting BOS runcoms to bce
exec_coms is that, when a BOS runcom invokes another runcom, that
second runcom will never return to the first. In bce, an
exec_com will return to its invoking exec_com. Also, a BOS
runcom that boots service regains control when Multics crashes or
shuts down. In bce, the invoking exec_com (and all exec_coms
which invoked the exec_com that booted service) lose control
whenever a "boot", "esd" or "go" operation are performed. The
exec_com that bce invokes whenever Multics crashes or shuts down
is determined solely by the "bce_command" flagbox variable. It
is this variable (and other flagbox flags) that are manipulated
by the auto exec_com procedures.

Within BOS, functions were aborted by hitting RETURN or EOM
on the operator's console. There was no way to indicate that
this was an accident. Within bce, hitting RETURN or EOM allows
the operator to indicate the intention to abort a function. When
this occurs, the system will ask "Abort?" to which the operator
may answer "no" or "yes" appropriately to abort the current
operation. Other responses are allowed; refer to the MOH for
more details.

SRB-X-7

SECTION II-4

INSTRUCTIONS FOR SITES UPDATING FROM PREVIOUS RELEASE

_S_T_E_P_-_1

II-4-4

SECTION II-5

INSTRUCTIONS FOR SITES INSTALLING FOR THE FIRST TIME

_S_T_E_P_-_3

Mount the Multics System Tape (MST) on Magnetic Tape Handler
(MTH) nn (nn is usually equal to 01). Mount the disk pack
formatted by T&D on the drive selected to be the RPV. Initialize
and boot the MST. Multics will prompt with:

bootload_0: Booting system MR11 generated 11/01/84 0000.0
est Thu.
bootload_0: Enter boot tape MPC model: t500

Normal response to this question should be "t610", "t601", "t500"
or "ipc". The system will boot the bootload tape controller, if
necessary, and continue. At this time, the intention to cold
boot is given. Multics will request the location of the rpv.
Once this is done, the init_vol request loop will be entered to
accept the layout of the rpv.

bootload_0: Booting t500 A 12. with mtc500 rev.u1
firmware.
bootload_0: Booted tape MPC.
0000.1 announce_chwm: 347. pages used of 512. in wired
environment.
0000.2 announce_chwm: 620. words used of 1024. in
int_unpaged_page_tables.
Enter RPV data: query
Enter RPV subsystem base channel, as Icc, or "cold". cold
Booting cold will destroy all data on the RPV.
Are you sure that you want to boot cold? yes
Enter RPV subsystem base channel, as Icc. A22
find_rpv_subsystem: Enter RPV subsystem MPC model: 609
hc_load_mpc: Booting channel A22 with dsc500 Revision j1.
find_rpv_subsystem: Enter RPV disk drive model: 451
find_rpv_subsystem: Enter RPV drive device number: 1
find_rpv_subsystem: RPV is a model 451 drive, number 1 on
MPC A22, and this is a COLD boot.
Is this correct? yes

II-5-1

Default RPV layout: (Respond "end" to use it.)

Average seg length = 2.00
VTOC size = 2792 pages, 13920 vtoces.
27840 paging records.
Constrained by average seg length.
part hc 2792. 2500.
part conf 5292. 4.
part alt 38117. 141.
part bos 37847. 270.
part dump 35847. 2000.
part log 35591. 256.
part file 35336. 255.
part bce 33136. 2200.

These are the default partition assignments. Any changes to the
default partitions or RPV parameters can be redefined by using
the "startover" request in init_vol. The system installer should
review the write-up of init_vol in the MOH prior to the
installation.

Sizes for the various partitions and their locations can be
modified based on the needs of the site.

request: end

init_empty_root: Begin rpv initialization. This will take
some time.
init_empty_root: rpv initialized; 27840 records.
0007.0 find_file_partition: Initializing file partition.
Data not in expected format.
0010.0 load_mst: 627. out of 1048. pages used in disk mst
area.
bce (early) 0010.2:

Build the configuration description as follows:

config
a
.
. (Configuration fields as defined in the MOH.)
.
\f
w
q

Do not enter any part cards at this time, except for those
partitions defined on the rpv. Also, make the root card specify
only the rpv.

Continue booting bce.

II-5-2

bce (early) 0020.0: bce
Current system time is: 01/01/01 0020.1 est Tue.
Is this correct? no
Enter time: 84-11-02 12:00
Current system time is: 11/02/84 1200.0 est Fri.
Is this correct? yes
load_disk_mpcs: Disk mpcs mpca mpcc appear not to be
operating.
Enter disk mpc names to be loaded,
or "none" or "abort" or "all": mpca mpcc
(The operator entered the names of other disk mpcs
to be loaded.)
hc_load_mpc: Booting channel A20 with dsc500 Revision j1.
hc_load_mpc: Booting channel B20 with dsc500 Revision j1.
bce (boot) 1200.5:

At this time, the operator must load firmware into all other
controllers (i.e., not the bootload tape controller nor any disk
controllers). bce is then considered to be fully initialized.

bce (boot) 1200.5 : boot -cold
Do you really wish to boot cold? yes
hdx: reregistered public lv root lvid 727353262340
hdx: Entry is not a branch. cannot make mdcs in lv root
hdx: reregistered pv rpv pvid 727353262301 in lv root
disk_table_: New disk_table created.
Multics MR11 - 11/02/84 1201.0 est Fri.

Ignore the messages prefaced by disk_table_ and hdx.

II-5-3

SECTION HSF-7

MULTICS ENVIRONMENT

Changes to Hardware and Software Formats PLM:

The changes to the Hardware Software Formats PLM are
obviously enough all in the software section, Section 7, "Multics
Environment." Other sections in this manual are incorrect and
out of date but corrections to them do not appear here.

_M_A_I_N _M_E_M_O_R_Y _M_A_P_S

The following paragraphs describe the gross allocation of
main memory during the three distinctly different Multics
operational environments: BOS, bce and service.

In the address charts that follow, the addresses are
absolute octal memory addresses. Whenever an address appears in
brackets ([]), this means that the object described is contained
within the segment listed above it.

_C_o_m_m_o_n _A_r_e_a_s

Certain areas are common between the three modes of
operation; these areas are dictated mostly by hardware
requirements.

FAULT_VECTOR

The fault_vector area holds vectors and its pointers used
for handling interrupts and faults. This area is described
below.

address

HSF-7-1

000000 interrupt vectors
contains interrupt pairs, each containing a scu/tra
pair specifying absolute addressing. The target of the
addresses is in the "its" area.

000100 fault vectors
contains fault pairs, one for each defined fault, each
containing a scu/tra pair specifying absolute
addressing. The target of the addresses is in the
"its" area.

000200 its pointers for fault and interrupt vectors
contains the its pointers that are the targets of the
scu and tra instructions above. Only these its
pointers are normally changed; the scu and tra
instructions remain.

MAILBOXES

The mailbox area holds control areas used to converse with
the ioms and the fnps.

address

001200 IOM imw area
is used to determine which channel of the iom generated
an interrupt.

001400 IOM A mailbox
002000 IOM B mailbox
002400 IOM C mailbox
003000 IOM D mailbox

003400 FNP A mailbox
003700 FNP B mailbox
004200 FNP C mailbox
004500 FNP D mailbox
005000 FNP E mailbox
005300 FNP F mailbox
005600 FNP G mailbox
006100 FNP H mailbox

_B_O_S _E_n_v_i_r_o_n_m_e_n_t

BOS operates in segmented, nonpaged appending mode with
exactly eight defined segments. The eight pointer registers are
loaded with fixed segment numbers and the segment base and bound
values are manipulated according to the requirements of the code.

HSF-7-2

address

000000 fault_vector
000600 padding
001200 mailbox area
006400 padding

007740 ds (descriptor segment)

010000 toehold (BOS)
[010020] flagbox (BOS)
011000 setup

020000 bf (buffer)

022000 com (common variable storage)

031000 pgm (program area)

040000 util (utilities)

060000 rest of BOS memory, unused

The standard pointer register/segment assignments for BOS
are:

pr0 -> ds
pr1 -> pgm
pr2 -> bf
pr3 -> setup
pr4 -> (prog temporary)
pr5 -> flagbox
pr6 -> com
pr7 -> mem (first 256k of mem)

_b_c_e _E_n_v_i_r_o_n_m_e_n_t

The memory layout after the running of collection 0 (the
loading of collection 1, i.e. bce) follows. All segments are
paged with the exception of fault_vector, iom_mailbox and
dn355_mailbox.

address

000000 fault_vector
000600 padding
001200 iom_mailbox
003400 dn355_mailbox
006400 padding

HSF-7-3

010000 bos_toehold
012000 config_deck

024000 bound_bootload_0
[024000] toehold (bootload Multics)
[024000] flagbox (bootload Multics)
[030000] bootload_early_dump
046000 toehold_data

052000 unpaged_page_tables
054000 int_unpaged_page_tables
056000 breakpoint_page

060000 physical_record_buffer

066000 dseg

070000 name_table
100000 slt
104000 lot

106000 wired segments, fabricated segments, all other segments

_S_e_r_v_i_c_e _E_n_v_i_r_o_n_m_e_n_t

The memory layout after the running of make_segs_paged,
collect_free_core and the deletion of init and temp segs is as
follows. All segments are paged except for fault_vector,
iom_mailbox and dn355_mailbox.

address

000000 fault_vector
000600 padding
001200 iom_mailbox
003400 dn355_mailbox
006400 padding

010000 bos_toehold
012000 config_deck

024000 toehold (bootload Multics)
[024000] flagbox (bootload Multics)
030000 paging use
046000 toehold_data

052000 unpaged_page_tables
054000 paging use
056000 breakpoint_page

060000 paging use

HSF-7-4

106000 wired segments, fabricated segments, paging use.
sst_seg is located at the high end of the bootload
memory.

HSF-7-5

SECTION MOH

MULTICS OPERATOR'S HANDBOOK

Global directives:

Change all references to the BOS console, iom, cpu and scu to
refer to the bootload console, iom, cpu and scu.

Change all references to configuration cards to be in lower case
to emphasize that they should be in lower case.

Specific directives follow.

MOH-1

SECTION MOH-1

OPERATOR RESPONSIBILITIES

Change the paragraph describing the responsibility of the
operator to understand BOS to:

The operators must also understand the functions of the
bootload operating system (BOS) and the bootload command
environment (bce), which load Multics and perform various system
software maintenance activities. BOS controls the bootloading of
bce and can provide one type of save of the contents of the
storage system. bce controls the bootloading of Multics service
as well as performing memory dumps. Initially, BOS is contained
on a tape and must be bootloaded from the console into the
system. If a copy of BOS already exists on disk, it can be "warm
booted", preserving the contents of the disk that already
contains BOS. If there is no disk copy of BOS, it must be "cold
booted". bce makes up the first part of the Multics tape and is
usually bootloaded from BOS. bce can be booted from the console,
if necessary, without using BOS but then it cannot utilize the
BOS functions.

Acronym list

bce bootload command environment

_G_L_O_S_S_A_R_Y _O_F _T_E_R_M_S

bce
the bootload command environment; a set of programs within
Multics initialization that perform functions such as
bootloading Multics, dumping main memory and initiating
emergency shutdown of Multics.

bootload
to load a fresh copy of a set of programs. BOS, bce and
Multics can be bootloaded. Bootloads of BOS are "cold" if
they completely re-create BOS' operating environment and

MOH-1-1

"warm" if they assume that some information from previous
bootloads is to be used. Bootloads of bce and Multics are
"cold" if they re-create the file system, "cool" if they
maintain the file system but completely re-create bce's
operating environment and "warm" if they assume that some
information from previous bootloads is used. The period of
time between Multics bootload and shutdown is also spoken of
as a bootload, or service session.

BOS
the bootload operating system; a set of programs that
perform functions such as loading bce and dumping disks.

initializer process
change the reference to BOS to refer to bce

MOH-1-2

SECTION MOH-3

CONFIGURATION

_C_A_L_E_N_D_A_R _C_L_O_C_K

... The BOS time command, or the bce invoked clock setting
function, if BOS is not used, is used to set the clock for the
4MW SCU ...

... if the setting is inaccurate. Use the BOS TIME command, if
BOS is used, and the "clok" config card to check for inaccuracies
in the clock setting.

... For further information, refer to the BOS TIME command in
Section 5 and the bootload sequence in Section 5.5.

change:

_O_b_t_a_i_n_i_n_g _N_u_m_b_e_r _t_o _S_e_t _C_a_l_e_n_d_a_r _C_l_o_c_k

and what follows in the clock setting section to:

_S_e_t_t_i_n_g _C_a_l_e_n_d_a_r _C_l_o_c_k _i_n _4_M_W _S_y_s_t_e_m _C_o_n_t_r_o_l_l_e_r _U_n_i_t _w_i_t_h _B_O_S

1. At the operator console, enter BOS (if not already in
BOS). Make sure the "clok" card is loaded in the
configuration deck, and always type in the time in
local time as indicated on the "clok" card. Issue the
TIME command to BOS.

2. Type the date and time (according to your local time
zone) as follows:

MM DD YY hh mm ss

where:

MOH-3-1

MM is the month
DD is the day
YY is the year
hh is the hour
mm is the minute
ss is the second

When the date and time are typed, press EOM. The
seconds figure can be omitted; if it is, a value of
zero seconds is assumed. Choose a figure that is
slightly (a minute or less) in advance of the current
time, to allow time for the next step to be performed.

3. S is entered on the operator console and EOM is pressed
at the instant when the current time reaches the time
that was typed.

4. R is entered and EOM is pressed to read back the time
to verify correctness.

5. EOM is pressed to exit from the TIME command.

_S_e_t_t_i_n_g _C_a_l_e_n_d_a_r _C_l_o_c_k _i_n _6_0_0_0 _S_y_s_t_e_m _C_o_n_t_r_o_l_l_e_r _w_i_t_h _B_O_S

1. Type: TIME as above

2. Type: MM DD YY hh mm ss as above.

3. A series of numbers in the following form is returned:

NNNNN,NNNNNN NNNNNN TTTTTT TTTTTT MM/DD/YY HH::MM::SS.S

where TTTTTT TTTTTT is the number to be entered in the
switches on the 6000 SC maintenance panel in step 5
below.

4. At the CPU, the STEP CONTROL selector switch on the
maintenance panel is placed in the MEM position.

5. At the SC (which must be in TEST mode), the number
TTTTTT TTTTTT is entered in the upper row of the DATA
switches. All zeroes are entered in the lower row of
the DATA switches.

6. The INITIALIZE and the LOAD CLOCK pushbuttons are
pressed simultaneously, at the instant when the current
time reaches the time that was typed.

7. The STEP CONTROL selector switch on the CPU is turned
to OFF and the STEP pushbutton is pressed.

MOH-3-2

8. R is entered and EOM is pressed to read the time from
the calendar clock and verify correctness.

9. EOM is pressed to exit from the TIME command.

_S_e_t_t_i_n_g _C_a_l_e_n_d_a_r _C_l_o_c_k _i_n _4_M_W _S_y_s_t_e_m _C_o_n_t_r_o_l_l_e_r _U_n_i_t _w_i_t_h_o_u_t _B_O_S

1. When BOS is not used, bce will automatically invoke a
clock setting function after leaving the "early" bce
command level. The operator must ensure that the
"clok" configuration card specifies the correct time
zone. All times entered are to be in local time.

2. The clock setting routine will start by asking a
question of the form:

The current system time is DATE TIME.
Is this correct?

to which the operator should respond accordingly. The
operator may respond with "abort" to return to the
"early" command level.

3. If the operator's answer to the above question is "no",
bce will prompt with:

Enter time:

to which the operator should provide the current local
time. Choose a figure that is slightly (a minute or
less) in advance of the current time, to allow time for
the next step to be performed.

4. After the time is entered, bce will re-prompt with:

The current system time is DATE TIME.
Is this correct?

If this is not correct, the operator should respond
with "no" or "abort" as above. If this is correct, the
operator should answer "yes", pressing EOM at the
instant when the current time reaches the time that was
typed. bce will then continue with its initialization.

_S_e_t_t_i_n_g _C_a_l_e_n_d_a_r _C_l_o_c_k _i_n _6_0_0_0 _S_y_s_t_e_m _C_o_n_t_r_o_l_l_e_r _w_i_t_h_o_u_t _B_O_S

1. After leaving the "early" bce command level, the bce
clock setting function will be invoked.

MOH-3-3

2. bce will ask the correctness of the current time, as
above.

3. The operator may reply "abort" or "yes" as above. If
the operator answers "no", the time will be requested.
It is entered as above. bce will then respond with:

SCU Switches (octal) TTTTTT TTTTTT

4. bce will prompt with:

Enter anything after the switches have been set.

at which time the operator should perform steps 4
though 7 of the BOS instructions. When this is
completed, the operator should enter "y".

5. bce will repeat the question in step 2. This should be
answered appropriately.

MOH-3-4

SECTION MOH-4

I/O DEVICE OPERATION

_U_S_E _O_F _T_H_E _O_P_E_R_A_T_O_R _C_O_N_S_O_L_E

The operator may use the operator console to issue Multics
initializer commands, commands to the daemons, standard Multics
commands, commands to bce when bce is in operation and BOS
commands when BOS is in operation.

MOH-4-1

SECTION MOH-5

BOOTLOAD OPERATING SYSTEM

_B_O_O_T_L_O_A_D _O_P_E_R_A_T_I_N_G _S_Y_S_T_E_M _D_E_S_C_R_I_P_T_I_O_N

remove the reference to initiating an emergency shutdown of
Multics

_S_u_m_m_a_r_y _o_f _B_O_S _c_o_m_m_a_n_d_s

remove ABS, BLAST, DUMP, ESD, FDUMP and PATCH

Name: BOOT

remove the command and keywords fields from the command and
description of their use. Remove the BOOT STAR example from the
notes.

MOH-5-1

SECTION MOH-5.5

BOOTLOAD COMMAND ENVIRONMENT (BCE)

Add a new section describing bce after the section
describing BOS as follows.

_B_C_E _D_E_S_C_R_I_P_T_I_O_N

The bootload command environment comprises a set of programs
for performing functions such as the bootloading of Multics
service, dumping and patching main memory and disks and
initiating an emergency shutdown of Multics service.

bce is contained within the first two collections of modules
on the Multics system tape; it consists of the following major
parts:

1. collection zero routines
a series of programs capable of loading the other bce
programs into memory; this series is also capable of loading
firmware into the bootload tape mpc, if necessary.

2. collection one initialization
a series of programs that are part of Multics initialization
proper that also initialize the bootload command
environment.

3. toehold program
a small program permanently residing in main memory at
absolute location 24000 (octal). It communicates closely
with bce and with service Multics to perform administrative
functions.

4. bootload command utilities
a series of programs to provide the bce command level.

5. bce command programs
a number of programs that perform the operator directed
functions of bce.

MOH-5.5-1

_C_O_N_F_I_G_U_R_A_T_I_O_N _R_E_Q_U_I_R_E_M_E_N_T_S

bce requires the operator console; standard Multics error
recovery is used, however, in case of the failure of the main
console.

bce uses 512k of contiguous low order memory. All of bce's
functions can be performed within this memory.

Two special regions of the rpv are used by bce. These two
special regions have locations recorded in the label of the rpv.
The first is the "file" partition, which contains a simple file
system used by bce to hold bce exec_coms and ascii sources of
configuration files. The second is the "bce" partition, used by
bce to hold the following:

a saved copy of memory used by service Multics when bce is
invoked upon a crash

bce itself and bce command programs

the programs needed to boot service Multics

_L_O_A_D_I_N_G _B_C_E

bce can be loaded in two ways, via BOS or via the operator's
console. When booted via the operator's console (performed if
BOS cannot run on the current hardware configuration), the
facilities of BOS cannot be used.

_L_o_a_d_i_n_g _b_c_e _f_r_o_m _B_O_S

bce can be booted from BOS very easily by entering:

BOOT drive_number

where drive_number is the number of a tape drive on the bootload
tape controller that holds a Multics system tape. The first
message should read:

Booting system SYS_ID generated TIME.

This may be followed by various informative messages, depending
on various parameters in the config deck. The entire Multics
system tape will be read in stages. After this, bce will prompt
with the ready message:

bce (boot) TIME:

MOH-5.5-2

You are now at the normal bce command level.

_L_o_a_d_i_n_g _b_c_e _f_r_o_m _t_h_e _o_p_e_r_a_t_o_r_'_s _c_o_n_s_o_l_e

bce is loaded from a Multics system tape into memory and
into the bce partition as follows:

1. Mount and ready the Multics system tape on a tape drive
appropriate for the density of the tape.

2. Set the tape MPC switches 5, 6, 7 and 8 to the number of the
tape drive on which the system tape is mounted. If the tape
MPC is not wired to be initialized when the INITIALIZE
button is pressed, it must be initialized at the MPC control
panel. The Honeywell field engineer can advise the operator
whether or not the MPC is wired to be initialized when the
INITIALIZE button is pressed (if the reset out line (RSO) is
grounded, then initialization is suppressed).

3. Make sure that the CARD/TAPE switch on the IOM is set to the
TAPE position and that the tape channel number is set
correctly in the IOM switches.

4. At the operator console, press the RESET CONSOLE button.
(This button may not be present on some console models.)

5. For all consoles except the CSU6601, press the INITIALIZE
and then the BOOTLOAD button.

For the CSU6601, after pressing the INITIALIZE button, press
the RETURN key on the keyboard. Wait for the console to
respond with "CONSOLE READY", and then press the BOOTLOAD
button. If the system indicator panel is not present, the
boot sequence from the keyboard is:

esc ctl I return esc ctl B

Alternatively, press the INITIALIZE button and then the
BOOTLOAD button on the IOM to which is attached the tape
MPC.

6. If all goes well, the message:

Booting system SYSID generated TIME.

will appear on the console with an alarm. This will be
followed by the query:

Enter boot tape MPC model:

MOH-5.5-3

This information is requested so that firmware may be loaded
into this MPC. If firmware should not be loaded (or the MPC
does not allow being so loaded), the operator should answer
with "ipc". An answer of "shut" will stop (crash)
initialization at this point. A question mark will list the
valid MPC model names. Otherwise, the MPC model name should
be entered. Acceptable names are:

t500
t601
t610

A message of the form:

Booting MODEL IOM CHANNEL with FWID REVISION firmware.

followed by

Booted tape MPC.

signals successful booting of the boot tape MPC.

7. bce will proceed through various initialization programs,
possibly producing various status messages. The first
collection will be read from the system tape into memory.
After this is done, bce will request the location of the
rpv:

Enter rpv data:

The operator may answer "shut" at this time to abort
booting, typing "help" will provide some explanation and
typing "?" will cause bce to prompt the operator for each
item of information separately. Otherwise, the question
should be answered as:

rpv Icc MPC_model DRIVE_model DRIVE_number

cold Icc MPC_model DRIVE_model DRIVE_number

where:

I
is the IOM number containing the base channel of
the MPC containing rpv

cc
is the channel number on the IOM of the MPC (in
decimal)

MOH-5.5-4

MPC_model
is the model of the disk mpc (in decimal). Valid
models are:

191 400 451 601 603 607 609 611 612

DRIVE_model
is the model number of the drive containing rpv
DRIVE_number
is the number assigned to the drive on the MPC

"cold" is specified only if this is a "cold" boot, that is,
one in which the Multics storage system is either
non-existent or has been destroyed.

When a satisfactory answer is entered, the mpc
described will have firmware loaded into it, if necessary.
Entering "skip" or "skip_load", by itself and before
entering "rpv" or "cold" will suppress this load.

If this is a cold boot, the init_vol loop (described in
Section 7, Initializer Commands) will be entered. At this
time, the attributes of the rpv must be entered.

8. If the previous is successful, bootload Multics will come to
the "early" command level. This command level allows a
subset of the normal bce commands to be entered. The ready
message at this time is:

bce (early) TIME:

The purpose of this command level is to insure that the
config deck (obtained from the "conf" partition on disk) is
good. If this is a cold boot, the config deck will need to
be entered at this time. (The commands to do all of this
are described below.) Reaching the "early" command level,
however, is only part of booting bce. To completely boot
bce, enter "bce".

9. bce will enter its clock setting phase. (See the
description of clock setting in Section 3, Configuration.)

10. Another initialization pass is then run to enable usage of
the peripherals described by the config deck. The various
disk mpcs so described will be tested to see if they appear
to be running. If any are not, the message:

load_disk_mpcs: Disk mpcs NAMES appear not to be
operating.
Enter disk mpc names to be loaded,
or "none" or "abort" or "all":

MOH-5.5-5

The operator is to enter the names (from the set displayed
as NAMES, above) of disk mpcs into which firmware is to be
loaded. The operator should continue to enter names (on
multiple lines, if desired), until all disk mpcs to be used
are loaded. If "abort" is entered, a return is made to the
"early" command level.

11. Initialization will then continue until normal bce command
level is reached, prompting with:

bce (boot) TIME:

The operator should load firmware into all other tape and
unit record controllers at this time, using the bce "fwload"
command. At this time, bce is fully initialized.

_E_r_r_o_r _R_e_c_o_v_e_r_y _D_u_r_i_n_g _b_c_e _B_o_o_t

Several attempts are made to allow for error recovery during
the boot process. The methods depend on the point within the
boot sequence. It is best to describe the recovery by describing
some aspects of the internal operation of the boot sequence.

When booted from the switches, bce will pass through
collection 0 initialization, whose objective is to read in
collection 1 (bce proper). A config deck is synthesized from the
knowledge of the hardware found during this pass and through
questions to the operator. A first pass is made through
collection 1 to find the rpv and to read in the config deck last
saved in the "conf" partition on disk. If an error should occur
before this point (most likely a hardware or software failure),
the early dump facility is invoked (see below). Otherwise, this
environment (memory and the synthesized config deck) is saved on
disk. The "early" command level is then entered. The operator
must then make sure the config deck (read from disk) is correct.
The operator then enters "bce" to actually boot bce.
Initialization continues with a second pass through collection 1.
If this pass fails (most likely either a hardware problem or an
error in the config deck), the saved environment will be restored
and the operator returned to the "early" command level. The
operator then retries the boot. Eventually this will succeed and
bce will come to the "boot" command level, having saved this new
environment and config deck.

When bce is booted from BOS, collection 0 is still run to
read in collection 1. In this case, though, the config deck need
not be synthesized; the config deck used by BOS is used. The
first pass through collection 1 will be the "boot" phase. If an
error should occur during this first pass, the early dump
facility will be invoked. BOS can be manually entered at this
time, if desired. If the pass is successful, this environment

MOH-5.5-6

(memory and the config deck) is saved to disk. The "boot"
command level is entered.

Once at the "boot" command level, the operator may perform
whatever bce functions are desired. "boot" is then entered to
boot Multics service. Another pass through collection 1 is made
to set up for Multics service. If an error occurs during this
pass (most likely hardware or a bad config deck), the environment
saved above is restored and the operator is returned to the
"bce_crash" command level. Also, if a bce utility should fail or
should encounter a breakpoint, this environment is restored and
"bce_crash" level entered. At this time, the operator may enter
"crash" level commands to examine the failed image (or to debug
bce), or "boot" level commands may be used to fix the config deck
(if necessary) and to retry the boot of Multics service.

An important thing to remember about coming to the
"bce_crash" or returning to the "early" command levels is that
they use an environment and config deck declared safe on a
previous initialization pass. As such, not all devices listed in
the "current" config deck (the one visible with the config deck
editor) may be accessible at this level. Generally speaking, to
access all devices, it is necessary for the config deck to be
correct and for an initialization pass (the "boot" pass) to be
made. If in doubt, entering "reinitialize" will run another
initialization pass.

Once the "service" pass of collection 1 completes, any
further failures of initialization or of Multics itself returns
to the "crash" command level, used for examining the crash. At
this time, the config deck as used by Multics is used. This is
done to take into account any reconfigurations performed by
Multics service. At the "crash" level, a dump should be taken
and an emergency shutdown performed.

_S_t_a_t_e_s _o_f _b_c_e

The previous sections described the various bce states,
"early", "boot", "bce_crash" and "crash". As an aid, the
relationship between these states will be shown through the
diagram below.

The lines marked with the letter "s" indicate the path
followed when an action is successful. The "c" lines indicate
when an action fails or a crash occurs in the given state. The
names in quotes are commands (or abbreviations of commands)
entered at the given commmand level.

MOH-5.5-7

IOM Boot/Init
s cccccccc
s c c
V c c
*********************** V
* early command level *<cccc
*********************** A
A s c c
c s-"bce"-c c
c s cccccc>c<ccccccccccccccccccccccccc<ccccccc
c V A c
c ssssssss>s<sssss<ssssssssssssss c c
c A s A s c c
c-"reinit"-s s s-"go" s-"reinit"-c c
c s V s s c c
********************** *************************** c
* boot command level *cccc>* bce_crash command level *cccc c
********************** *************************** c c
A s c A c s A c c
s s-"boot"-c c c-"boot"-s c c c
s s ccccc>c<ccccc s ccccccccc c
s s s c
s sssssssssssss>s<sssssssssssssss c
s V c
s ************* c
s * (service) *<sssss c
s ************* s c
s s c s c
s s-"shut" c s-"esd" c
ssssssssssssss<sss c s c
A c s-"go" c
s V s c
s *********************** c
s * crash command level * c
s *********************** c
s s c c
s s-"reinit"-c c
ssssssssssss cccccccccccccccccccccccc

_C_o_n_f_i_g _D_e_c_k _a_n_d _D_e_v_i_c_e _A_c_c_e_s_s_i_b_i_l_i_t_y

During Multics service, the set of devices that are
accessible (to the system as a whole) are precisely those
described by the config deck. The config deck is kept up to date
with the state of the devices. However, the real state of
devices and their accessibility is described by various control
tables within Multics. One of the main purposes of bootload
Multics is to set up these control tables. Since bootload
Multics allows arbitrary text editing upon the config deck, it
follows that the state of the control tables may not match that

MOH-5.5-8

of the config deck. This section describes some of these
subtleties.

When at "early" command level, the control tables describe
only those hardware units truly known, the bootload tape drive,
the rpv, the bootload processor, etc. At the "early" command
level, the operator is to make sure that the config deck
describes all hardware units. These units are not accessible at
this time, however.

Attempting a boot to "boot" command level builds control
tables describing all of these hardware units. If this boot
succeeds, all of these units are accessible from bootload
Multics. If it fails, bce returns to "early" command level with
only the initial hardware units accessible.

At the "boot" command level, the operator may again change
the config deck. Any units added, for example, will not be
accessible at this time, since the control tables do not describe
them. However, if the operator boots Multics service, Multics
will be able to access them all, since Multics boot will build
control tables for them all. If this boot fails, bce will return
to the "bce_crash" command level, with these new changes not
described in the control tables (but visible in the config deck).

Any changes made to the config deck will be reflected in the
control tables in only one of two ways. The first is to boot to
the next command level, or to Multics service. If the config
deck is correct, the devices become accessible. The other method
is to enter "reinitialize" which runs a new initialization pass
and returns to the "boot" command level. If this succeeds, the
devices become accessible. If it fails, bce returns to
"bce_crash" level, without the changes having been affected.

The process of coming to the bce "boot" command level
(whether via the "bce" command at the "early" command level or
the "reinitialize" command elsewhere) has certain significant
elements within it; in particular, the disk mpc's have firmware
loaded into them. Editing the config deck at the "boot" command
level in such a way as to change the state or number of the
mpc's, iom's, etc., may cause the booting of Multics service to
fail. Because of this, attempting to boot service after having
modified the config deck at the "boot" command level causes the
"boot" command to query the operator as to whether a
"reinitialization" should first be performed. A reinitialization
should be performed if the modifications made to the config deck
were not of a trivila nature. If in doubt, "reinitialize".

MOH-5.5-9

_B_C_E _F_I_L_E _S_Y_S_T_E_M _M_A_I_N_T_E_N_A_N_C_E

The bce file system generally maintains itself. The
contents of this file system, and its files, and any changes to
them, are maintained from bootload to bootload. However, it is
sometimes necessary to manually manipulate the file system (other
than by creating files).

Objects in the bce file system come into it within one of
three ways. First of all, the operator may enter a file with the
bce "qedx" command. Second, site administrators may use the
bootload_fs command to extract a copy of the bce file system
during Multics service, add new files, and replace the bce file
system with this new copy. Third, any files found within
collection 1.2 of the MST (Multics system tape) will be added to
the file system. (They will have the same names in the bce file
system as they did on the tape, overwriting any file with the
same name already present; however, any .ascii suffix will be
removed for compatibility with old releases.) Honeywell supplied
bce exec_com's come into the file system in this way. The site
is free to add any config deck sources or exec_com's that they
choose to the MST.

Since the bce file system is not impervious to damage, it is
recommended that sites do one of two things to protect the files
within it. One practice is to keep a copy of the bce file system
on line, so that an administrator may insert it if damage is
found. The other practice is to keep a copy of the needed
exec_com's and config deck sources on the MST, by locally
modifying >ldd>info>hardcore.header (and hardcore.search) and
generating a local copy of the MST.

If a problem is detected with the bce file system, the
operator should use the init_files bce request to reset the file
system. This request, however, will delete any files present
therein. These files can only be restored by rebooting, if the
files were present on the MST, or by rewriting the file system
from service.

_B_O_O_T_L_O_A_D _M_U_L_T_I_C_S _T_O_E_H_O_L_D

The bootload Multics toehold is a program that resides in
main memory. The toehold communicates very closely with the
control program in the manner described below.

When Multics is running, the toehold may be invoked by
manually forcing the processor to execute an XED 24000 (octal)
interrupt inhibited instruction. The CPU must be in TEST mode
when the XED instruction is executed. The toehold saves the
processor registers and the 512k of low memory. It then reads in

MOH-5.5-10

a saved copy of bootload Multics from the rpv and transfers
control to it. Bootload Multics then enters its command level
with a prompt of:

bce (crash) TIME:

The toehold is also invoked as a result of the "go" or
"continue" commands issued within bce. In this instance, the
toehold restores the memory image that it had previously saved
and restarts the program that was originally running.

The toehold contains a flagbox of bits that may be ON or OFF
and which can be read and set both by bce and Multics.

To enter bce manually, set the processor STEP switch to MEM,
enter 024000717200 (XED 24000 interrupt inhibited) in the
instruction switches (data switches), set the EXECUTE switch to
the EXECUTE SWITCHES position. Then, press the EXECUTE button,
set the STEP switch to OFF and press the STEP button. bce is
entered.

If your site has a DPS 8 system, the procedure for executing
switches will be different. Refer to Appendix M, "DPS 8
Operating Procedures", for details.

_E_M_E_R_G_E_N_C_Y _S_H_U_T_D_O_W_N _F_R_O_M _S_W_I_T_C_H_E_S

The emergency shutdown facility of Multics, normally
performed from bce, can be invoked directly from the processor
switches. This is normally done only if the system should be in
a hung state and it is not possible to return to, or operate bce.
(This may occur, for example, if no consoles are operative.) To
invoke this facility, execute a XED 24002 interrupt inhibited
instruction. This is done in a manner similar to that for
invoking bce manually from the switches (described in the
previous section), but with a data switch value of 024002717200.

_T_H_E _E_A_R_L_Y _D_U_M_P _F_A_C_I_L_I_T_Y

The early dump facility is a primitive facility within bce
that is capable of saving an image of memory to tape upon a
system failure early within initialization. It is invoked
automatically whenever a hardware or software error is detected
prior to the establishment of the bootload Multics toehold. It
can also be entered manually, during other bce initialization
phases, by executing the early dump entry to the toehold. This
is done in a manner similar to forcing a manual return to bce,
except that the value entered into the data switches is
024004717200 (XED 24004 interrupt inhibited).

MOH-5.5-11

Once entered, the early dump facility may print a flagbox
message and then prompt with:

Enter tape drive number for memory dump:

to which the operator should provide the drive number on the
bootload tape controller on which a tape is mounted for writing.
Memory will be dumped onto this tape at a density of 1600. After
performing the dump, bce will disable itself. If bce was booted
from BOS, BOS may be entered manually at this time.

The tape written by this facility can be read by the
read_early_dump_tape (redt) command, described in the System
Maintainer's Guide.

_B_C_E _C_O_M_M_A_N_D _L_A_N_G_U_A_G_E

The command language used within bce is the normal Multics
command language (actually the ssu_ request language), not to be
confused with the command language used at the Initializer's ring
1 and ring 4 command levels. (Refer to MPM AG91 - Reference for
a description of Multics command/subsystem language.) Full
support for active functions, iteration sets, etc. is provided.

Commands to bce are obtained from the bootload console,
using standard typing conventions. It is also possible for bce
commands to be placed into exec_com's. exec_com's are ascii
files containing commands and possible input to commands. They
are edited within bce via the "qedx" command and placed into
operation with the "exec_com" command.

Also, a command may be placed in the flagbox within bce or
Multics for bce to execute whenever Multics crashes or shuts
down.

Whenever at bce command level, bce responds with:

bce (boot) TIME:

(or "early" or "bce_crash" or "crash", depending on the
circumstances). Some commands have sub-requests to them, such as
qedx and probe. The conventions for request lines entered for
such commands varies from command to command.

_A_B_O_R_T_I_N_G _B_C_E _C_O_M_M_A_N_D_S

Whenever the REQUEST button is pushed on the console (or the
RETURN key on the CSU6601) when such a request was not solicited
by bce, the bce abort routine is entered. This routine allows

MOH-5.5-12

bce operations to be aborted to various extents. When called,
the abort function prompts (on the console) with:

Abort?

to which various answers may be given. If the REQEUST button was
hit accidentally, the operator may enter "no" or "n" to return to
the interrupted operation. Answering "yes" or "y" aborts the
immediate operation. If this operation was a sub-request, only
this sub-request is aborted. Otherwise, the command in question
is aborted, returning either to the exec_com which called it, if
one was present, or to bce command level. Answering "r", "req"
or "request" is equivalent to "yes". An answer of "command",
"com" or "c" aborts the current command, regardless of whether a
sub-request was in execution or not. Finally, an answer of "all"
or "a" aborts anything in execution, returning to bce command
level.

_B_C_E _C_O_M_M_A_N_D_S

The current set of bce commands and active functions is
listed below. Various commands are valid only at certain command
levels; the valid levels for each command is provided in the
description of the command.

bce also includes most of the standard active functions; in
particular, the standard arithmetic, character, boolean and
comparison active functions are included. The current list
includes:

after, af and
before, be bool
ceil collate
collate9 copy_characters, cpch
date_time_after, dtaf date_time_before, dtbe
date_time_equal, dteq date_time_valid, dtv
decat divide
equal floor
greater high
high9 index
length, ln less
low lower_case, lowercase
ltrim max
min minus
mod nequal
ngreater nless
not or
plus query
quotient response
reverse reverse_after, rvaf
reverse_before, rvbe reverse_decat, rvdecat

MOH-5.5-13

reverse_index, rvindex reverse_search, rvsrh
reverse_verify, rvverify rtrim
search, srh substr
time_after, taf time_before, tbe
time_equal, teq times
trunc upper_case, uppercase
verify

_S_u_m_m_a_r_y _o_f _b_c_e _c_o_m_m_a_n_d_s

alert
Write an alert message on the console.

bce
Complete the booting of bce.

bce_state, bces
Returns the current state (command level) of bce.

boot
Boot Multics.

bos
Return to bos, if present.

config_edit, config
Enter the config deck editor.

continue, go
Restart the interrupted Multics image.

delete, dl
Delete a bootload file.

die
Abort bce.

dump
Create a dump of Multics in the dump partition.

emergency_shutdown, esd
Perform an emergency shutdown of Multics.

exec_com, ec
Execute a file of bootload Multics commands.

fwload, fw
Load firmware into an mpc.

get_flagbox, gfb
Get the value of a flagbox variable.

MOH-5.5-14

init_files
Initialize the bootload file system.

list, ls
List bootload files.

list_requests, lr
List bootload requests.

print, pr
Print a bootload file.

probe, pb
Examine/modify the Multics image.

qedx, qx
Edit bootload text file.

reinitialize
Re-perform Multics initialization.

rename, rn
Rename a bootload file.

set_flagbox, sfb
Set the value of a flagbox variable.

severity
Returns the severity of a bce request.

shutdown_state, sds
Returns the shutdown state of the storage system.

MOH-5.5-15

Name: alert

The bce alert command writes a message on the operator
console with an audible alarm. This is useful in auto exec_coms
to inform the operator that the system has crashed. This command
is valid at all bce command levels.

Usage

alert The system has crashed!!!

MOH-5.5-16

Name: bce

The bce bce command causes bce to complete its
initialization. It is valid only at the "early" command level.

Usage

bce

MOH-5.5-17

Name: bce_state, bces

The bce bce_state returns the name of the current bce state
(command level). Possible results are "early", "boot",
"bce_crash" and "crash".

Usage

bce_state

MOH-5.5-18

Name: boot

The bce boot command causes the next phase of initialization
to proceed. It is used at the "boot" or "bce_crash" command
levels to boot Multics service. It is not valid at the "crash"
or "early" command levels. The command can also supply certain
parameters that will apply to the bootload of Multics.

Usage

boot {command} {keywords} {-cold} {-time}

where:

1. command is one of the following ring 1 command abbreviations:

star startup
mult multics
salv salvage_dirs
stan standard

2. keywords can be one or more of the following:

nodt
recreates the disk table; renames and ignores the
existing one.

nolv
recreates the logical volume registration directory
(>lv); renames and ignores the existing one.

rlvs
performs a volume salvage of the rpv (root physical
volume), a directory salvage of all directories used in
initialization and a volume salvage of all other member
volumes of the rlv (root logical volume).

rpvs
performs a volume salvage of the rpv and a directory
salvage of all directories used in initialization.

3. -cold
specifies that the root dir is to be re-created, thus
destroying the old file system hierarchy. This option
should only be used when a cold boot of bce was also
performed. The operator will be queried as to whether
bce should continue.

4. -time
specifies that the time should be set before performing
the next phase of initialization.

MOH-5.5-19

Notes

The boot command will query the operator if the "-cold"
argument is used. Also, if the config deck was modified at this
command level, the operator will be queried as to whether a boot
should be performed without a "reinitialize" having been
performed. Either of these queries can be avoided by using the
"-force" ("-fc") control argument.

MOH-5.5-20

Name: bos

The bce bos command causes bce to return to BOS, if bce was
booted from BOS. BOS may return to bce with the use of the BOS
"CONTIN" or "GO" commands. This command is valid at all bce
command levels.

Usage

bos

MOH-5.5-21

Name: config_edit, config

The bce config command enters the config deck editor. This
editor is identical in function to the qedx text editor, except
that buffer 0 contains an ascii source form of the config deck.
This command is not valid at the "crash" command level.

Usage

config_edit {file_name}

Notes

If a file_name is supplied on the command line, the
specified file is read into the config deck without entering the
config deck editor.

If not supplied a file_name, upon entry, the current config
deck (that found in the "conf" partition on the rpv) is read into
buffer 0. It is converted to a labeled ascii form which is an
expanded form of that used in the configuration card description
section. Arbitrary text editing operations may be performed upon
this buffer, as well as any other. Performing a "w" (write)
request upon buffer 0 writes the edited buffer back into the
config deck.

A read or write with a file name is allowed within any
buffer. Reads or writes without a file name in any buffer but 0
follow the usual qedx conventions. A read or write without a
file name in buffer 0 refers to the active config deck. A
conversion from/to binary will be performed by such a read/write.

In the labeled form, each field, except for the card name,
may be optionally preceded by a label. Labeled fields may appear
in any order. The interpretation of a card in labeled form is
that all labeled fields are placed into their proper places; any
unlabeled fields then fill in the missing spaces. Thus,

iom -state on -port 1 a nsa

becomes

iom a 1 nsa on

in its standard form.

The various labeled forms appear in Section 6 (Configuration
Description). If a card is to be entered whose format has been
locally changed or of a otherwise unknown format or type, a "."
may be placed in front of the card name to avoid errors during

MOH-5.5-22

parsing of the card. Such a card may not have any labeled
fields.

The operator should keep in mind the discussion in "Config
Deck and Device Accessibility", above for details on the
implications of this command. Note that a modification performed
to the config deck at the "boot" command level should be followed
by the "reinitialize" command. The operator will be queried if a
boot is attempted without a "reinitialize" having been performed.

MOH-5.5-23

Name: continue, go

When Multics is interrupted as the result of a manual return
to bce or as the result of encountering a bce probe breakpoint,
the machine image is saved. The bce continue command restores
the machine image and continues running the interrupted activity
(usually Multics). This command is valid at the "bce_crash" and
"crash" command levels.

Usage

continue

MOH-5.5-24

Name: delete, dl

The bce delete command deletes files within the bce file
system (not the Multics storage system). The star convention is
allowed. This command is valid at all bce command levels.

Usage

delete star_name {... star_names}

MOH-5.5-25

Name: die

The bce die command aborts all bce activities. It wipes out
the bce toehold, preventing any returns to bce, manual or
otherwise. It should be used only when it is desired to
absolutely kill off any remnants of bce. This command is valid
at all bce command levels.

Usage

die

Note

The die command queries the operator as to whether bce
should really be killed off. This query may be avoided by using
the "-force" ("-fc") control argument.

MOH-5.5-26

Name: dump

The bce dump command produces a diagnostic dump of system
memory and tables after a hardware or software failure, for later
analysis. The dump is produced by copying binary images of
segments and directories into the dump partition of the disk
described by the part dump config card. Arguments to the dump
command specify which processes are to be examined and which
segments from these processes are to be dumped. (See "Notes" for
a general purpose command line.) This command is valid at all
bce command levels.

Usage

dump {macro_keyword}
{-process_group segment_option {...segment_options}}
{-force | -fc} {-dump #} {-crash} {-bce}

where:

1. macro_keyword
specifies one of the following default group of processes
and segments to dump.

-brief, -bf is equivalent to -run hc pp dir
-short is equivalent to -run hc pp dir -elig hc
-long, -lg is equivalent to -all wrt

2. process_group
specifies a group of processes to be considered for dumping.
The segments that get dumped for processes in this group are
specified by segment options that follow the process group
keyword. Allowed groups are:

-running, -run
processes running on a processor (apte.state = running
or stopped)

-initializer, -inzr
the initializer process (first apte entry)

-eligible, -elig
all running and eligible processes (processes being
considered for running)

-all
all processes

3. segment option
specifies a class of segments to be dumped for the group of
processes specified by the process group keyword. Segment
classes are:

MOH-5.5-27

directories, dir
directory segments (aste.dirsw = "1"b)

hardcore, hc
the pds, kst, dseg and ring 0 stack for the
process(es). If a process is running, this also dumps
the prds for the processor in question.

modifying_dirs, moddir
directory segments (aste.dirsw = "1"b) which were being
modified at the time of the crash (dir.modify ^= "0"b)

per_process, pp
the segments contained within the process directory of
the process(es) (aste.per_process = "1"b)

stacks, stk
all stack segments in the process(es) not already
dumped by the hc or pp keywords.

writeable, wrt
all segments to which the process(es) have write
access. This keyword produces a very large dump.

Writable ring zero segments (system data bases) other
than directories are dumped regardless of what keywords are
specified.

Prefixing a segment option with a circumflex (^)
reverts an earlier occurence of the given segment option.
Thus, one can turn use a macro_keyword and turn off a
specific segment option within it.

4. crash or bce
specifies what bce should dump. The default is to dump the
saved Multics image. A dump of bce itself (the dumper) can
be made by specifying -bce.

Notes

For general purpose dump analysis, the command line:

dump -run hc pp dir -elig hc stk -inzr hc stk

should give the user all of the useful processes and segments (to
produce a smaller dump, remove the "dir" keyword). For
simplicity and to remove the possibility of operator error, this
command line should be placed into a bce exec_com, either by
itself or in a site supplied crash exec_com.

The dump command examines the active process table entries
(apte) within the specified image. For each entry, the criterion

MOH-5.5-28

specified through the keywords is used to decide if any segments
from this process are to be dumped. If any segments are to be
dumped, the segment options are applied to each segment active
within that process to decide whether or not they should be
dumped. As each process is dumped, dump will produce an output
line showing the apte number and the dbr value for the process.
After scanning all apte entries, if the process in control when
Multics crashed was not one of the processes dumped, it is dumped
with a status line showing an apte number of zero. This process
is dumped with the running and initializer segment options.

Within the dump partition is kept a counter and a valid
flag. When a dump is placed into the partition, the valid flag
is set. It is reset when the dump is copied out during Multics
service (by the copy_dump exec command). If the dump in the
partition has not been copied, dump will query the operator if it
should be overwritten. This query can be avoided by specifying
the "-force" ("-fc") control argument to the dump command.

Dumps are assigned dump numbers sequentially by default.
The dump number may be changed to a desired value with the -dump
control argument.

The dump command provides a severity indicator, indicating
the successful of its operation. This indicator may be obtained
with the severity command/active function. The interpretation of
the severity status is:

0 - the dump was successfully generated.
1 - dump was aborted because the partition contained an old
dump.
2 - dump was entered but never completed.
3 - dump was never called.

MOH-5.5-29

Name: emergency_shutdown, esd

The bce esd command starts an emergency shutdown of Multics.
It is only valid at the "crash" command level. It should be used
whenever the system crashes to prevent storage system damage.
Performing an emergency shutdown destroys the saved crash image
and should therefore only be done after a dump is taken.

Usage

esd

MOH-5.5-30

Name: exec_com, ec

The bce exec_com command invokes a bce exec_com. An
exec_com is an ascii file consisting of a series of commands to
invoke. bce uses exec_com version 1, described in AG92 (Commands
and Active Functions). This command is valid at all bce command
levels. This may also be used as an active function, as
described in AG92.

Usage

exec_com ec_name {ec_arguments}

Notes

Executing a "boot", "bce", "continue", "emergency_shutdown",
"reinitialize" or "die" command within an exec_com will cause the
exec_com to finish execution, in as much as that control will be
taken away from bce. When control does return to bce, this
exec_com will not continue from this point of interruption.

MOH-5.5-31

Name: fwload, fw

The bce fwload command loads firmware into the specified
mpcs. It scans the config deck to determine the location of the
mpcs and the type of peripherals involved to determine the
firmware and overlays needed. This command is not valid at the
bce "early" command level.

Usage

fwload mpc_name {... mpc_names}

Note:

This command cannot load firmware into active disk mpcs.
This can only be done in response to the load_disk_mpc query
during an initialization pass. To force loading firmware into a
disk mpc, stop the mpc and then enter "reinitialize".

MOH-5.5-32

Name: get_flagbox, gfb

The bce get_flagbox command is used to determine the values
of various variables maintained in the bce flagbox. These
variables are also accessible from Multics service and therefore
allow a small method of communication between bce and Multics
service. This command is valid at all bce command levels. It
also works as an active function.

Usage

gfb flagbox_variable

where flagbox_variable is one of the following:

N
where N is from 1 to 36. The returned value is the Nth
flagbox flag. These flags have true or false values.
Some of them are named and can be refered to by their
names, as listed below.

auto_reboot
(also flag 1) Used by the auto bce exec_com. Refer to
Appendix I (Continuous Operation Exec_coms) for more
details.

booting
(also flag 2) Used by the auto bce exec_com.

rebooted
(also flag 4) Used by the auto bce exec_com.

unattended
(also flag 5) Used by the auto bce exec_com.

bce_command
a command that is invoked by bce whenever it reaches a
command level. The result is a character string,
quoted. This command may be set so that bce can be set
to automatically boot Multics upon a crash, etc. Refer
to Appendix I for more details.

ssenb
a flag set by Multics service indicated whether or not
the storage system was enabled at the time of a crash.
A value of true indicates that an emergency shutdown
needs to be performed (or did not succeed).

call_bce
indicates that bce was called through a program calling
call_bce. This may be the result of the operator
having entering the bce command.

MOH-5.5-33

shut
indicates that Multics successfully shutdown. If
neither shut nor call_bce is set, Multics either
encountered a breakpoint, crashed or was manually
brought to bce.

manual_crash
indicates that bce was invoked manually, either by the
operator manually forcing a return to bce (XED 24000)
or by hitting the EXECUTE FAULT button.

MOH-5.5-34

Name: init_files

The bce init_files command wipes out all files in the bce
file system in a way independent of the (possibly damaged) state
of the bce file system. It is to be used only if a problem is
encountered with the bce file system. Refer to the section on
bce file system maintenance for more details. This command is
valid at all bce command levels.

Usage

init_files

Note

init_files will query the operator as to whether the bce
file system is to be cleared. This query may be avoided by using
the "-force" ("-fc") control argument.

MOH-5.5-35

Name: list, ls

The bce list command lists the names of bce files matching a
set of star names. It is valid at all bce command levels. It
can also be used as an active function to return the set of
names. When used as a command, providing no star names will list
the names of all bce files.

Usage

list {star_names}

MOH-5.5-36

Name: list_requests, lr

The bce list_requests request lists all requests valid at
the current command level.

Usage

list_requests

MOH-5.5-37

Name: print, pr

The bce print command prints the contents of a file in the
bce file system. This command is valid at all bce command
levels.

Usage

pr file_name

MOH-5.5-38

Name: probe, pb

The bce probe command is used to examine, patch and
generally debug Multics hardcore, bce itself as well as providing
a general memory and disk patch/dump facility. Its requests have
a fair resemblance to those of Multics probe. It can be used at
all bce command levels.

Usage

pb {control_arguments}

where valid control arguments are:

-bce to examine bce itself

-crash to examine the saved crash image

-break to examine the active breakpoint

The default, when invoked at the "boot" command level is to
examine bce, when invoked automatically upon encountering a
breakpoint is to examine the breakpoint and otherwise is to
examine the crash image.

Notes

bce probe reads request lines from the bootload console.
Multiple requests may appear on one line separated by
semi-colons. The syntax of these requests varies from request to
request. The recognized requests are listed below. Various
other aspects of bce probe are described in the following
sections.

ADDRESSES

Several requests in bce probe take an address describing
what should be displayed, modified, etc. These addresses can
take many forms, depending on what is desired. Valid address
forms are:

N
specifies absolute memory location N. N may describe
any location in all of memory. N is specified in
octal.

M|N
specifies the virtual location N in segment M. The
interpretation of this virtual address depends on the

MOH-5.5-39

address space being examined; refer to the "dbr" and
"proc" requests. Both N and M are octal values.

NAME|N
specifies the virtual location N in the hardcore
segment with the specified NAME. This interpretation
is also subject to the address space being examined. N
is specified in octal.

.{+|-N}
specifies the last location referenced (of any address
type) optionally offset by the value N. N is an octal
value.

reg(NAME)
specifies the named register in the crash image. This
address is not valid when examining the live bce.
Valid registers are:

prN (N = 0 to 7)
xN (N = 0 to 7)
a, q, e
t, ralr
fault, ext_fault, mode, cache
dbr, bar

disk(DRIVE_NAME,RECORD_NUM,OFFSET)
refers to a specific page of a disk drive. The drive
name is in the standard form, dska_04, for example.
Both RECORD_NUM and OFFSET (within the page) are octal
values.

PROBE REQUESTS

before, b {ADDRESS}
sets a breakpoint before the specified address. If no
address is specified, "." is assumed. Refer to
Appendix O for more details about hardcore breakpoints.

continue, c
continues the saved image. It is the same as exiting
probe and entering "continue".

dbr VALUE1 {VALUE2}
sets the dbr (descriptor base register) value used in
the appending simulation used to access virtual
addresses in the Multics image. If VALUE2 is omitted,
the second word of the dbr value is obtained from the
dbr in effect when Multics crashed. Both VALUE1 and
VALUE2 are octal values.

MOH-5.5-40

display, ds ADDRESS {MODE {LENGTH}}
displays a set of locations in a specified mode. If
LENGTH is omitted, a value of 1 is assumed. For
virtual addresses, a LENGTH of "*" may be specified to
display to the end of the segment. If MODE is omitted,
octal is assumed. Valid modes are:

a - ascii characters d - decimal words i - instruction
format o - octal words (default) p - symbolic pointer
(double words)

The locations are displayed four to a line in the
desired format. The value of "." after this request
finishes is the first location displayed.

let, l ADDRESS = VALUE {... VALUE}
modifies a series of locations starting at the address
specified. Each value is converted to a number of
words and catenated together to form the new value.
Valid values are:

"STRING"
a quoted string of characters. To place a quote
character into the string, it must be doubled.

N
a decimal number

No
an octal number

Nb
a binary number

M|N
a pointer to segment M offset N (double word)

NAME|N
a pointer to the named hardcore segment offset N
(double word)

list_requests, lr
lists the valid bce probe requests.

mc ADDRESS {-long | -lg}
displays, in interpreted form, the scu data found
within the machine conditions at the specified address.
Specifying "-long" also dumps the machine registers
from the machine conditions.

name SEGNO
displays the name of the hardcore segment with segment
number SEGNO.

MOH-5.5-41

proc N
changes the address space used by the appending
simulation for displaying virtual addresses to the Nth
process in the active process table. A value of 1
specifies the Initializer's process.

quit, q
exits probe.

reset, r {ADDRESS}
resets the breakpoint at the specified address. If
address is not specified, the currently active
breakpoint (if so existing) is reset. Refer to
Appendix N for more details of hardcore breakpoints.

segno NAME
displays the segment number of the named hardcore
segment.

stack, sk ADDRESS
displays a stack trace starting at the given address.
If the word offset of the address is 0, the address is
assumed to refer to a stack header. Otherwise it is
assumed to refer to a stack frame. For each frame, the
stack frame offset, entry pointer, return pointer and
argument pointer is displayed.

status, st {SEGNO|NAME}
displays a list of breakpoints set. If no argument is
supplied, all segments with breakpoints set are
displayed. If a SEGNO or NAME (of a hardcore segment)
is provided, then all breakpoints within that segment
are displayed.

MOH-5.5-42

Name: qedx, qx

The bce qedx command invokes the qedx text editor to edit a
bce file system file. All requests of the standard Multics qedx
editor are supported except for the "e" request. This command is
valid at all bce command levels.

Usage: qedx {-control_args} {macro_file} {macro_args}

Notes

Refer to the description of the qedx command in AG92
(Commands and Active Functions).

MOH-5.5-43

Name: reinitialize

The bce reinitialize command causes bce to perform a new
initialization pass, thereby reflecting any changes to the config
deck made since the last such pass. This command returns the
operator to "boot" command level. It is valid at the "boot",
"bce_crash" and "crash" command levels. When used at the "crash"
command level, the operator is asked whether to continue, thereby
destroying the saved Multics image. This query may be avoided by
using the "-force" ("-fc") control argument. The "-time"
argument allows the setting of the clock before reinitializing.

Usage

reinitialize {-time}

MOH-5.5-44

Name: rename, rn

The bce rename command renames files in the bce file system.
The star and equal conventions are used. This command is valid
at all bce command levels.

Usage

rename STAR_NAME EQUAL_NAME {... STAR_NAME EQUAL_NAME}

MOH-5.5-45

Name: set_flagbox, sfb

The bce set_flagbox command changes the values of various
flagbox variables. When used as an active function, it also
returns the previous value of the variable. It is valid at all
bce command levels.

Usage

set_flagbox VARIABLE VALUE

where

VARIABLE
is a valid flagbox variable, as listed above under
get_flagbox.

VALUE
is either a character string (for the bce_command
variable) or the string "true" or "false" for other
flagbox variables.

MOH-5.5-46

Name: severity

The bce severity command returns the severity, or extent of
completion, of a preceding bce command. This command is valid at
all bce command levels. Currently, the dump command provides
such a severity status. Future bce commands may also. This
command may also be used as an active function.

Usage

severity PROG_NAME

MOH-5.5-47

Name: shutdown_state, sds

The bce shutdown_state command returns the state of
completion fo the shutdown of Multics service. It does this by
examining the shutdown_state flag in the label of the rpv. This
request is valid at all bce command levels. It may also be
invoked as an active function.

Usage

shutdown_state

Notes

The interpretation of the shutdown states follows.

0 - Normal Multics shutdown (no esd)
1 - esd part 1 started (memory flush of modified pages
of segments)
2 - esd part 1 completed
3 - shutdown or esd completed with lock errors
4 - shutdown or esd completed with no errors
other - shutdown completed with errors, or not completed for
one or more disk errors

MOH-5.5-48

SECTION MOH-6

MULTICS CONFIGURATION DESCRIPTION

Besides changing config cards to appear in lower case, most
config cards now have a labeled form. Add to each applicable
config card description a new entry labeled:

Labeled format

with the appearance listed below.

Name: chnl

Labeled format

chnl -subsys device_name -iom iom1 -chn chn1 -nchan nchan1
{... -iom iom4 -chn chn4 -nchan nchan4}

Name: clok

Labeled format

clok -delta delta -zone zone -boot_delta boot_delta

Name: cpu

Labeled format

cpu -tag tag -port port -state state -type type -model model
{-cache cache_size -exp_port exp_port}

Name: iom

Labeled format

iom -tag tag -port port -model model -state state

Name: mem

Labeled format

MOH-6-1

mem -port port -size size -state state

Name: mpc

Labeled format

mpc -ctlr ctlr_name -model ctlr_model -iom iom1 -chn chn1
-nchan nchan1 {... -iom iom4 -chn chn4 -nchan nchan4}

Name: part

Labeled format

part -part partname -subsys subsystem -drive drive

Name: prph

Labeled format

prph -device ccuN -iom iom# -chn channel# -model model#

prph -subsys dskN -iom iom# -chn channel# -nchan nchan
-model model1 -number d1 {-model model2 -number
d2...-model model5 -number d5}

prph -device fnpN -iom iom# -chn channel# -state state

prph -device opcN -iom iom# -chn channel# -model model# -ll
line_length -state state

prph -device prtN -iom iom# -chn channel# -model model#
-train train# -ll line_length

prph -device punN -iom iom# -chn channel# -model model#

prph -device rdrN -iom iom# -chn channel# -model model#

prph -subsys tapN -iom iom# -chn channel# -nchan nchan
-model model1 -number d1 {-model model2 -number
d2...-model model5 -number d5}

Name: root

Labeled format

root -subsys subsystem1 -drive drive1 {... -subsys
subsystemN -drive driveN}

Name: schd

Labeled format

MOH-6-2

schd -wsf wsf -tefirst tefirst -telast telast -timax timax
{-mine mine {-maxe maxe {-maxmaxe maxmaxe}}}

Name: sst

Labeled format

sst -4k sst1 -16k sst2 -64k sst3 -256k sst4

Name: tcd

Labeled format

tcd -apt apt -itt itt

Name: udsk

Labeled format

udsk -subsys subsystem -nchan nchan {-drive drive1 -number
count1 ... -drive drive6 -number count6}

MOH-6-3

SECTION MOH-7

INITIALIZER COMMANDS

_O_v_e_r_a_l_l _S_y_s_t_e_m _C_o_n_t_r_o_l

change the BOS command to bce

_C_O_M_M_A_N_D _D_E_S_C_R_I_P_T_I_O_N_S

delete the BOS command and replace it with:

Name: bce

The bce command causes bce to be entered. All Multics
operation is suspended. When the system is in trouble, it is
sometimes necessary to enter bce to use the dump or probe
commands. This command may be issued in ring 1 or ring 4.

Usage

bce

causes the system to enter bce. Type:

! go

on the bootload console to cause Multics to be restarted.

(The notes pertaining to the BOS command also pertain to the bce
command.)

Name: cripple

replace references to BOS with bce.

MOH-7-1

Name: init_vol

add to the description of the default partitions the partitions
"file" of length 255 and "bce" of length 2200, both added to the
high end of the disk.

Name: message

The message command invokes the Multics qedx editor to edit
the file message_of_the_day, which most (but not all) users print
out automatically when they log in.

Usage

message

to edit the message. Editing requests may then be entered.
Usage of qedx is described in MPM Commands and Active Functions,
Order No. AG92.

MOH-7-2

SECTION MOH-8

SYSTEM STARTUP AND SHUTDOWN

Replace the entire section "Overview of System Startup) with the
following. Keep the sub-section entitled "Bringing up Multics
(Step by Step)" but change its title to "Bringing up Multics from
BOS (Step by Step)".

_O_V_E_R_V_I_E_W _O_F _S_Y_S_T_E_M _S_T_A_R_T_U_P

There are several steps to bringing up Multics service:

o Configure the system. The drive rpv must be mounted.

o Bootload BOS. This step is optional.

o Mount the RLV (if not already mounted) and all logical
volumes required at the site for starting.

o Boot bce from the current Multics system tape.

o Boot service Multics from bce.

o Start up the answering service and log in the daemons
to perform backup, input/output, and any other
specialized procedures (such as network interaction).

_B_o_o_t_l_o_a_d_i_n_g

A BOS bootload is the process of loading the programs that
make up the essential parts of BOS. BOS is used to bootload bce.
See "Loading BOS" in Section 5 for details on bootloading BOS.
It is not necessary to bootload BOS to bootload bce. However, if
BOS is not bootloaded, the functions of BOS may not be used in
conjunction with bce.

MOH-8-1

A bce/Multics bootload is the process of loading in the
programs that make up the Bootload Command Environment, who in
turn build up from themselves the Multics operating system. The
bootloading process loads the programs into memory, links them so
that they may refer to one another, and sets up any necessary
data bases. Whenever BOS is booted, bce must be re-booted. Any
number of service Multics boots may be made from a single bce
boot.

The programs on a Multics system tape are divide into
several collections. The first program on the tape, imbedded
within the tape label, is called bootload_tape_label. It reads
in the next set of programs, collection 0. Collection 0 is
responsible for reading in collection 0.5, used to boot firmware
into the bootload tape controller. Collection 0 then reads in
collection 1 and links the programs therein. This operation
allows programs written in PL/I to be used. Collection 1
contains the necessary programs to enable paging, as well as to
start up bce. Collection 1 uses collections 1.2, which contains
canned bce exec_coms and files and collection 1.5, which contains
some of the bce programs. bce also reads collections 2 and 3,
needed to bootload Multics service, onto disk.

When bce is finished, collection 2 is run to initialize and
set up the Multics storage system and the environment to do
reloads and other system startup activities. These programs (the
reloader) are found in collection 3.

_B_r_i_n_g_i_n_g _u_p _M_u_l_t_i_c_s _w_i_t_h _B_O_S _(_S_t_e_p _b_y _S_t_e_p_)

(was Bringing Up Multics (Step by Step))

o Bootload bce by typing:

BOOT N

(where N is the tape drive on which the Multics tape
[MST] is mounted).

o When bce responds with:

bce (boot) TIME:

bootload Multics service by typing:

boot star

or by invoking the continuous operation exec_com:

ec auto star

MOH-8-2

_B_r_i_n_g_i_n_g _u_p _M_u_l_t_i_c_s _w_i_t_h_o_u_t _B_O_S _(_S_t_e_p _b_y _S_t_e_p_)

To bring up Multics, proceed as follows:

o If not already in bce:

Configure the system hardware (see Section 3).

Mount the Multics system tape on a convenient tape
drive. Set the switches on the tape MPC to indicate
the tape drive, as described in "Bootloading bce from
the Operator's Console" in Section 5.5.

Boot bce from tape as described in Section 5.5.

o bce types the ready message:

bce (early) TIME:

This time may not be correct since the time zone is not
necessarily known at this time.

o Make sure the config deck is correct. Enter or modify
it if necessary.

o Enter

bce

to proceed to bce "boot" command level. This step will
check the validity of the clock. If the clock is not
valid, follow the steps described in Section 3
(Calendar Clock). This step also loads firmware into
all disk mpcs (except for the bootload disk mpc).

o Load firmware into all controllers, except for disk
mpcs and the bootload tape controllers (who have
already been loaded in the bce bootload sequence).

o Mount all required disk volumes.

o Press the INITIALIZE AND CLEAR pushbutton on the
processor configuration panel for all CPUs except the
one on which you are running.

o Bootload Multics service by typing:

boot star

or by invoking the continuous operation exec_com:

ec auto star

MOH-8-3

o After Multics types an introductory message and
requests a command, press the REQUEST button at the
operator console.

o Operate the initializer process as outlined in the
following paragraphs.

_A_d_m_i_n_i_s_t_r_a_t_i_v_e _R_i_n_g _C_o_m_m_a_n_d_s

...If a ring 1 command was specified in the boot command,
this command is executed automatically. For example, typing:

boot star

executes the star (startup) command in ring 1....

_S_A_M_P_L_E _S_T_A_R_T_U_P _S_E_Q_U_E_N_C_E

! ec auto star

_U_N_A_T_T_E_N_D_E_D _A_N_D _A_U_T_O_M_A_T_I_C _M_O_D_E_S

Change all references to the BOOT command to refer to the boot
command and all references to the AUTO runcom to refer to the
auto exec_com.

MOH-8-4

SECTION MOH-10

RECOVERY FROM SYSTEM FAILURE

_S_Y_M_P_T_O_M_S _O_F _S_Y_S_T_E_M _F_A_I_L_U_R_E

o The system returns to bce without operator intervention.

_R_e_t_u_r_n_i_n_g _t_o _b_c_e

If the system loops or crashes and does not return to bce,
the operator presses the EXECUTE button to force the system to
return to bce. This can be done in one of two ways.

1. Usually bce is entered by causing an execute fault.
For this to occur, the EXECUTE SWITCHES switch must be
down when the EXECUTE button is pushed. (This switch
may have been left in the up position.) DO NOT put the
processor in STEP when using the execute fault. An
execute fault must be used to force a return to bce
when two or more cpus are in use.

2. bce can also be entered by executing the instruction
pair located at octal location 24000 in memory. In
this case, the 24000 is set in switches 0-17 and an
interrupt-inhibited execute double (XED) instruction is
set in switches 18-35 (the octal value of the switches
should be 024000717200). If the EXECUTE SWITCHES
switch is in the up position when the EXECUTE button is
pressed, the XED is executed; the processor should be
in STEP when the button is pushed. bce should be
entered with an XED only in cases noted below, or as a
last resort. This method does not stop any additional
CPUs. If, as a last resort, this method is used when
more than one CPU is running, all CPUs other than the
bootload CPU should be put into STEP, and the forced
execution performed on the bootload CPU.

MOH-10-1

If your site has a DPS 8 system, the procedures for
executing switches and placing a CPU in step will be different.
Refer to Appendix M, "DPS 8 Operating Procedures", for details.
(The procedure for executing fault will be the same.)

_I_O_M _A_l_a_r_m

change all references to BOS to bce.

_R_e_c_o_v_e_r_y _a_f_t_e_r _a _S_y_s_t_e_m _F_a_i_l_u_r_e

change all references to BOS to bce.

Change as follows:

...There are 36 switches set up in the bce toehold for
intercommunication between Multics and bce. These switches are
set either by the bce set_flagbox command or the Multics
privileged command, set_flagbox (described in Appendix I). One
of these switches means "automatic reboot mode is on". When the
system is running in automatic mode and returns to bce, the
flagbox bce_command variable is set to a command that tests the
"crashed" indicators to discover whether the system failed or
shut down normally. If the test indicates a system failure,
automatic recovery procedures begin. These procedures are
described under "Recovery Procedures" below.

RECOVERY PROCEDURES

Automatic recovery procedures do the following:

o Take a dump (using the bce dump command). (See section
5.5 for description of this command.)

o Perform emergency shutdown (esd).

o Bring up the system again (boot). Required salvaging
is done automatically as the system is brought up....

RECOVERY FAILURE

change:

o System loop or failure to return to bce.
In this case, the operator enters bce via XED 24000.

MOH-10-2

bce senses this manual intervention and does not
perform the automatic operation specified in the
flagbox bce_command. The operator may invoke automatic
recovery by entering:

ec rtb

o The system_start_up.ec never finished.
In this case, the booting flag is still on. The
exec_coms take a dump and do an emergency shutdown, but
abort automatic mode.

o The auto_reboot flag is off.
Automatic mode may be turned off by the set_flagbox
command executed while Multics is running. As such,
the exec_coms print a message and exit after
recovering.

o Some disk volume cannot be accepted.
In this case, the initializer process has typed a
message and inhibited automatic startup. The system
waits at operator command level in ring 1 or ring 4,
depending on where the error is detected.

o dump failed.
In this case, the operator may choose to try again
(type "ec rtb") or to try an emergency shutdown. If
the dump failed because the previous copy_dump was not
successful (or not reached), and if the dump partition
is still full, the dump partition may be saved on tape
by BOS. This allows the new dump to be taken without
losing the old one. See "Saving the DUMP Partition"
later in this section.

o Explicit call to bce.
If bce is entered as a result of a call to
hphcs_$call_bce, the system assumes this is due to
operator intervention. The exec_coms print a message
and await console input. The operator is queried as to
whether automatic recovery should be performed.

o Lock error during shutdown.
If errors are encountered during an attempted shutdown,
the exec_coms print a message and await console input.

o Reboot loop.
If the system attempts to reboot itself repeatedly,
this may be a sign of some system problem that does not
prevent answering service startup but crashes the
system later. The standard system_start_up.ec does not
reboot the system twice without operator intervention,
because automatic mode gets turned off. If this plan
seems to be too conservative for certain installations,

MOH-10-3

the system_start_up.ec can be modified to take other
action.

_S_a_v_i_n_g _t_h_e _D_u_m_p _P_a_r_t_i_t_i_o_n

add a line specifying that bce must first return to BOS before
BOS can perform the dump. Also, BOS must perform a "go" to
restart bce.

_F_a_i_l_u_r_e_s _t_h_a_t _d_o _n_o_t _c_r_a_s_h

remove the reference to the BLAST command. Also change
references to BOS to bce.

Change subsequent references to BOS to bce within the chapter
except for references to the BOS save and restore commands. Make
all bce command names lowercase.

MOH-10-4

SECTION MOH-12

STORAGE SYSTEM MAINTENANCE OPERATIONS

_H_O_W _T_O _M_O_V_E _A _P_A_C_K

change:

...If any BOS runcoms or bce exec_coms name specific
drives...

...Load bce and Multics using BOOT.

MOH-12-1

SECTION MOH-A

SUMMARY OF OPERATOR COMMANDS

...Commands used within the bootload operating system (BOS)
or the bootload command environment (bce) are not included in
this list; for these see Section 5, "Bootload Operating System",
Section 5.5, "Bootload Command Environment", and the summaries in
Appendices C and N.

In the summary, change the bos command to be named bce and to
refer to bce.

MOH-A-1

SECTION MOH-B

SUMMARY OF INITIALIZER COMMANDS

Change the bos command to be named bce and change references to
BOS to bce.

MOH-B-1

SECTION MOH-C

SUMMARY OF BOS COMMANDS

Delete the ABS, BLAST, DUMP, ESD, FDUMP and PATCH commands.

MOH-C-1

SECTION MOH-H

OPERATOR'S STARTUP CHECKLIST OF SWITCH SETTINGS

_P_R_O_C_E_S_S_O_R _U_N_I_T _(_M_A_I_N_T_E_N_A_N_C_E _P_A_N_E_L_) _S_W_I_T_C_H_E_S

DATA SWITCHES Set to XED - Location 24000 (024000 717200)

MOH-H-1

SECTION MOH-I

CONTINUOUS OPERATION EXEC_COMS

This appendix describes the bce exec_coms supplied with the
system to implement automatic recovery after system crashes. The
operator usually types only the two command lines:

ec auto star
to initiate system bootload, with automatic restart if
a crash occurs.

ec go
to restart automatic operation after a manual return to
bce.

Descriptions of the get_flagbox and set_flagbox commands are
included at the end of this section.

_F_L_A_G _U_S_A_G_E

Several flags and indicators coordinate the bce and Multics
modes of operation. The bce and Multics get_flagbox and
set_flagbox commands are used to examine and set, respectively,
flags in the toehold. Four flags have preassigned meanings and
are known by keywords in these commands:

1. auto_reboot
TRUE if the system is to attempt to reboot itself after
it has crashed.

2. booting
TRUE during bootload. It is turned off at the end of
part 3 of system_start_up.ec, when bootload is over.
This flag prevents the system from looping to reboot if
it crashes before coming up.

3. rebooted
TRUE if the system has rebooted as a result of
automatic operation.

MOH-I-1

4. unattended
TRUE if the system is not attended by an operator.

In addition, the "call_bce" and "shut" flags may be examined to
determine the mode of bce entry. The "ssenb" flag may also be
tested to see if the storage system has been enabled.

_E_X_E_C__C_O_M_S

auto.ec starts automatic operation.

&command_line off
&- automatic reboot ec for bce
&- Keith Loepere, January 1984.
&-
&if [equal [bce_state] "early"] &then &goto cant_boot
&if [equal [bce_state] "crash"] &then &goto cant_boot
&print Begin auto boot.
set_flagbox bce_command ""
set_flagbox auto_reboot true
set_flagbox booting true
&input_line off
&attach
config_edit
gp/^cpu/
gp/^iom/
gp/^mem/
q
&detach
set_flagbox bce_command "exec_com rtb"
boot &rf1
&- wont return
&label cant_boot
&print The system cannot be booted from this bce state.
&quit

rtb.ec
determines what operations to perform upon a return to bce.

&command_line off
&- ec to handle returning to bce
&- Keith Loepere, January 1984.
&-
&if [not [get_flagbox call_bce]] &then &goto non_call_entry
&-
&print bce invoked via hphcs_$call_bce.
&-
&if [not [query "Should normal recovery procedures be used?"]] &then &goto abort_auto_mode
&-
&label non_call_entry
&-

MOH-I-2

&- look at the state of things
&-
&if [not [get_flagbox ssenb]] &then &goto ss_not_enabled
&-
&- storage system enabled; take a dump and esd
&-
exec_com dump
&-
&if [nequal [severity dump] 0] &then &goto dump_okay
&-
&print Dump failed.
&goto abort_auto_mode
&-
&label dump_okay
&-
emergency_shutdown
&- return from above is back at rtb
&-
&label ss_not_enabled
&-
&- Is everything okay?
&-
&if [nequal [shutdown_state] 4] &then &goto okay_shutdown
&-
&if [nequal [shutdown_state] 3] &then &print Shutdown with locks set.
&else &print Error during shutdown.
&goto abort_auto_mode
&-
&label okay_shutdown
&-
&- normal shutdown - see if we should reboot
&-
&if [not [get_flagbox unattended]] &then &goto abort_auto_mode
&if [not [get_flagbox auto_reboot]] &then &goto abort_auto_mode
&if [get_flagbox booting] &then &goto system_cant_boot
&-
set_flagbox rebooted true
&-
&- inform a.s. that we are doing an automatic reboot
&-
exec_com auto star
&quit
&-
&label system_cant_boot
&-
&print System crashed during boot.
&-
&label abort_auto_mode
&-
set_flagbox bce_command ""
set_flagbox auto_reboot false
set_flagbox rebooted false
&quit

MOH-I-3

dump.ec
performs a standard dump.

&command_line off
&- standard bce dump defaults
&- Keith Loepere, January 1984.
&-
dump -run hc pp moddir -elig hc stk -inzr hc stk &rf1
&quit

go.ec
restarts automatic operation after a manual return to bce.

&command_line off
&-
&- restart auto operation after manual bce entry
&- Keith Loepere, January 1984.
&-
set_flagbox auto_reboot true
set_flagbox rebooted false
set_flagbox booting false
set_flagbox bce_command "exec_com rtb"
go
&quit

MOH-I-4

SECTION MOH-M

DPS 8 OPERATING PROCEDURES

Change all references to the BOS whatever to the bootload
whatever.

EXECUTING SWITCHES

2. Having typed "VIP", you will receive the CPU CMD prompt.
When you see this, type "CO DATA 024000717200" followed by "EX2".

3. When the system has returned to bce, you'll see the bce ready
message displayed on the system bootload console.

PLACING A CPU IN STEP

5. Having typed "VIP", you will receive the CPU CMD prompt.
When you see this, type "CO DATA 024000717200" followed by "EX2".

6. When the system has returned to bce, you'll see the bce ready
message displayed on the system bootload console.

VIP MODE COMMANDS (UNT CMD PROMPT)

Delete the BOS command.

MOH-M-1

SECTION MOH-N

SUMMARY OF BCE COMMANDS

The Multics bootload command environment is described in
detail in Section 5.5. All of the commands available to bce are
summarized in this appendix for quick reference. This summary is
formatted so that it can be removed from the manual for use as
reference cards or for machine-room posting.

alert

Usage: alert message

writes a message on the operator console with an audible
alarm.

bce

Usage: bce

casues bce to complete its initialization.

bce_state, bces

Usage: bce_state

returns the name of the current bce state.

boot

Usage: boot {command} {keywords} {-cold} {-time}

causes bce to boot Multics service.

Valid commands: star, mult, stan, salv

Valid keywords: nodt, nolv, rlvs, rpvs

MOH-N-1

bos

Usage: bos

causes bce to return to BOS.

config_edit, config

Usage: config_edit {file_name}

enters the config deck editor.

continue, go

Usage: go

restores the machine image and continues running the
interrupted activity.

delete, dl

Usage: delete star_names

deletes files within the bce file system.

die

Usage: die {-force | -fc}

aborts all bce activities.

dump

Usage: dump {macro_keyword} {-process_group segment_option
{...segment_options}} {-force | -fc} {-dump #} {-crash}
{-bce}

produces a diagnostic dump of system memory and tables into
the dump partition.

Valid macro_keywords: -brief, -short, -long

Valid process_groups: -running, -initializer, -eligible,
-all

Valid segment options: directories, hardcore,
modifying_dirs, per_process, stacks, writeable

MOH-N-2

emergency_shutdown, esd

Usage: emergency_shutdown

starts an emergency shutdown of Multics.

exec_com, ec

Usage: exec_com ec_name {ec_arguments}

invokes a bce exec_com.

fwload, fw

Usage: fwload mpc_names

loads firmware into the specified mpcs.

get_flagbox, gfb

Usage: get_flagbox variable

determines the value of a variable maintained in the bce
flagbox.

init_files

Usage: init_files {-force | -fc}

wipes out all files in the bce file system.

list, ls

Usage: list {star_names}

lists the names of bce files matching a set of star names.

list_requests, lr

Usage: list_requests

lists all requests valid at the current command level.

print, pr

Usage: print file_name

MOH-N-3

prints the contents of a file in the bce file system.

probe, pb

Usage: probe {-break | -bce | -crash}

used to examine, patch and generally debug Multics hardcore
and bce itself.

Allowed requests:

before, b {ADDRESS}

sets a breakpoint before the specified address.

continue, c

continues the saved image.

dbr VALUE1 {VALUE2}

sets the dbr value used in the appending simulation.

display, ds ADDRESS {MODE {LENGTH}}

displays a set of locations in a specified mode.

let, l ADDRESS = VALUE {... VALUE}

modifies a series of locations.

list_requests, lr

lists the valid bce probe requests.

mc ADDRESS {-lg}

displays machine conditions.

name SEGNO

displays the name of the hardcore segment with segment
number SEGNO.

proc N
changes the address space used by the appending
simulation to the Nth process in the active process
table.

quit, q

exits probe.

MOH-N-4

reset, r {ADDRESS}

resets the breakpoint at the specified address.

segno NAME

displays the segment number of the named hardcore
segment.

stack, sk ADDRESS

displays a stack trace starting at the given address.

status, st {SEGNO|NAME}

displays a list of breakpoints set.

qedx, qx

Usage: qedx {-control_args} {macro_file} {macro_args}

invokes the qedx text editor to edit a bce file.

reinitialize

Usage: reinitialize {-force | -fc} {-time}

causes bce to perform a new initialization pass.

rename, rn

Usage: rename star_name equal_name {... star_name
equal_name}

renames files in the bce file system.

set_flagbox, sfb

Usage: set_flagbox variable value

changes the value of a flagbox variable.

severity

Usage: severity prog_name

returns the severity, or extent of completion, of a
preceding bce command.

MOH-N-5

shutdown_state, sds

Usage: shutdown_state

returns the state of completion of the shutdown of Multics
service.

MOH-N-6

SECTION MOH-O

HARDCORE BREAKPOINTS

The hardcore breakpoint facility is a collection of
facilities within Multics and bce that allow probe style
breakpoints to be set at most bce and hardcore instructions.
They may be used largely as they are within normal Multics probe
but with a few caveats.

_B_R_E_A_K_P_O_I_N_T _M_E_C_H_A_N_I_S_M

This section describes the mechanism by which hardcore
breakpoints is implemented. This is largely for academic
interest; however, a understanding of the mechanism will prevent
the user from setting a breakpoint in an incorrect path; in
particular, breakpoints may not be set in the breakpoint
handler's path.

When a hardcore breakpoint is set at an instruction, the
instruction at that location is relocated to the end of the
segment containing it. Its addressing is changed to reflect its
new location. The original location is replaced with a transfer
instruction to a breakpoint block at the end of the segment which
executes a "drl -1" instruction. This causes the breakpoint to
happen. If the breakpoint handler returns without changing the
breakpoint, the next instruction in the block will be executed.
This is the relocated original instruction. After this, a
transfer is made back to the correct place in the original
program. It should be noted that the instruction moved cannot be
the second or later words of an eis multi-word instruction.

Derail faults are handled in fim. A "drl -1" instruction is
special cased to be a breakpoint. fim makes a call to
pmut$bce_and_return to implement the call to bce. Any program in
this path (this part of fim, pmut, connect handling in stopping
other processors, etc.) cannot have a breakpoint placed therein.
Also, the special casing of a "drl -1" to be a breakpoint only
applies for derails in ring 0. Thus, breakpoints should not be
set in segments that will be executed in other rings.

MOH-O-1

When bce is invoked via the toehold, it notices that a
breakpoint was the cause of the return to bce and invokes bce
probe directly. Probe is free to perform a continue operation
which eventually returns to pmut, restarts other processors,
returns to fim who restarts the breakpointed operation.

Breakpoints may be set within bce also. However, they
should be set only at the "boot" command level. When set at the
"early" command level, a breakpoint will cause a return to the
"early" command level. Also, a breakpoint set at the "crash"
level is useless since, upon a breakpoint/crash of the "crash"
command level, the toehold purposely does not save the crash
image to avoid overwriting the Multics image already saved.

_B_C_E _P_R_O_B_E _B_R_E_A_K_P_O_I_N_T _O_P_E_R_A_T_I_O_N_S

This section describes bce probe support of breakpoints.

_B_r_e_a_k_p_o_i_n_t _r_e_q_u_e_s_t_s

before, b {address}
sets a breakpoint to be executed before executing the
instruction at the specified address. If no address is
specified, "." is assumed. The address must be a
virtual address. The breakpoint is added to the list
of breakpoints for the segment. Up to 120 breakpoints
may be set per hardcore segment; however, all wired
hardcore segments share the same breakpoint area so
only 120 breakpoints in total may be set in wired
segments.

continue, c
continue from a breakpoint. Multics is restarted.

reset, r {address}
resets a given breakpoint; that is to say, Multics will
no longer break when the instruction is encountered.
The breakpoint causing the return to bce can be reset
by not specifying an address.

status, st {name|segno}
either lists all segments with breakpoints set in them
(if no name or segno is specified) or lists all offsets
within a single segment at which a breakpoint is set.

MOH-O-2

_B_r_e_a_k_p_o_i_n_t _r_e_f_e_r_e_n_c_e_s

When a breakpoint causes a return to bce, bce does not
execute the bce_command in the flagbox. Instead, it enters probe
directly. Probe will assume a default of "-break". Probe may be
exited at this time. This does not effect a return to Multics
however, only a return to bce ("crash" or "bce_crash") command
level. Probe may also be entered with the control argument
"-break" to force examining the breakpoint conditions. The only
difference between "-break" and "-crash" for probe is the machine
conditions to use. "-crash" uses registers contained within the
toehold when the toehold was invoked. These registers are mostly
interesting when bce is manually entered. "-break" uses the
registers at the time of the breakpoint; these were saved by the
breakpoint handler. The registers will show the register
contents at the time of the breakpoint; however, the instruction
counter will show the relocated instruction, not its original
location.

MOH-O-3

-----------------------------------------------------------

Historical Background

This edition of the Multics software materials and documentation is provided and donated
to Massachusetts Institute of Technology by Group BULL including BULL HN Information Systems Inc.
as a contribution to computer science knowledge.
This donation is made also to give evidence of the common contributions of Massachusetts Institute of Technology,
Bell Laboratories, General Electric, Honeywell Information Systems Inc., Honeywell BULL Inc., Groupe BULL
and BULL HN Information Systems Inc. to the development of this operating system.
Multics development was initiated by Massachusetts Institute of Technology Project MAC (1963-1970),
renamed the MIT Laboratory for Computer Science and Artificial Intelligence in the mid 1970s, under the leadership
of Professor Fernando Jose Corbato. Users consider that Multics provided the best software architecture
for managing computer hardware properly and for executing programs. Many subsequent operating systems
incorporated Multics principles.
Multics was distributed in 1975 to 2000 by Group Bull in Europe , and in the U.S. by Bull HN Information Systems Inc.,
as successor in interest by change in name only to Honeywell Bull Inc. and Honeywell Information Systems Inc. .

-----------------------------------------------------------

Permission to use, copy, modify, and distribute these programs and their documentation for any purpose and without
fee is hereby granted,provided that the below copyright notice and historical background appear in all copies
and that both the copyright notice and historical background and this permission notice appear in supporting
documentation, and that the names of MIT, HIS, BULL or BULL HN not be used in advertising or publicity pertaining
to distribution of the programs without specific prior written permission.
Copyright 1972 by Massachusetts Institute of Technology and Honeywell Information Systems Inc.
Copyright 2006 by BULL HN Information Systems Inc.
Copyright 2006 by Bull SAS
All Rights Reserved