PDP-11 architecture
The PDP-11 architecture[1] is an instruction set architecture (ISA) developed by Digital Equipment Corporation (DEC). It is implemented by central processing units (CPUs) and microprocessors used in minicomputers of the same name. It was in wide use during the 1970s, but was eventually replaced by the more powerful VAX-11 architecture in the 1980s.
Memory
Data formats
Sixteen-bit words are stored little-endian (with least significant bytes first). Thirty-two-bit data—supported as extensions to the basic architecture, e.g., floating point in the FPU Instruction Set, double-words in the Extended Instruction Set or long data in the Commercial Instruction Set—are stored in more than one format, including an unusual middle-endian format[2][3] sometimes referred to as "PDP-endian".
Memory management
The PDP-11's 16-bit addresses can address 64 KB. By the time the PDP-11 yielded to the VAX, 8-bit bytes and hexadecimal notation were becoming standard in the industry; however, numeric values on the PDP-11 always use octal notation, and the amount of memory attached to a PDP-11 is always stated as a number of words. The basic logical address space is 32K words, but the high 4K (addresses 1600008 through 1777778) are not populated because input/output registers on the bus responded to addresses in that range. So originally, a fully loaded PDP-11 had 28K words.
The processor reserves low memory addresses for two-word vectors that give a program counter and processor status word with which to begin a service routine. When an I/O device interrupts a program, it places the address of its vector on the bus to indicate which service routine should take control. The lowest vectors are service routines to handle various types of trap. Traps occur on some program errors, such as arithmetic overflow or an attempt to execute an undefined instruction; and also when the program executes an instruction such as BPT, EMT, IOT, or TRAP to request service from the operating system.
Memory expansion
The article PDP-11 describes how the 16-bit logical address space became an insurmountable limitation. During the life of the PDP-11, the following techniques were used to work around the limitation:
- Later-model PDP-11 processors included memory management to support virtual addressing. The physical address space was extended to 18 or 22 bits, hence allowing up to 256 KB or 4 MB of RAM. The logical address space (that is, the address space available at any moment without changing the memory mapping table) remained limited to 16 bits.
- Some models, beginning with the PDP-11/45, can be set to use 32K words (64 KB) as the "instruction space" for program code and a separate 32K words of "data space". Some operating systems—notably Unix since edition V7, and RSX11-M+—rely on this feature.
- Programming techniques, such as overlaying a block of stored instructions or data with another as needed, can conceal paging issues from the application programmer. For example, the Modula-2 compiler produces code under which the run-time system swaps 8 Kb pages into memory as individual procedures receive control. (See the external reference here.)
CPU registers
DEC PDP-11 registers | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
The CPU contains eight general-purpose 16-bit registers (R0 to R7). Register R7 is the program counter (PC). Although any register can be used as a stack pointer, R6 is the stack pointer (SP) used for hardware interrupts and traps.
Addressing modes
Most instructions allocate six bits to specify an operand. Three bits select one of eight addressing modes, and three bits select one of the eight general registers. The use of three-bit groups make octal notation natural.
In the following sections, each item includes an example of how the operand would be written in assembly language for a hypothetical single-operand instruction with symbol OPR. Rn means one of the registers, written R0 through R7. (Rn) signifies the contents of that register.
General register addressing modes
The following eight modes can be applied to any general register. Their effects when applied to R6 (the stack pointer, SP) and R7 (the program counter, PC) are set out separately in the following sections.
Code | Name | Example | Description |
---|---|---|---|
0n | Register | OPR Rn | The operand is in Rn |
1n | Register deferred | OPR (Rn) | Rn contains the address of the operand |
2n | Autoincrement | OPR (Rn)+ | Rn contains the address of the operand, then increment Rn |
3n | Autoincrement deferred | OPR @(Rn)+ | Rn contains the address of the address, then increment Rn by 2 |
4n | Autodecrement | OPR −(Rn) | Decrement Rn, then use it as the address |
5n | Autodecrement deferred | OPR @−(Rn) | Decrement Rn by 2, then use it as the address of the address |
6n | Index | OPR X(Rn) | Rn+X is the address of the operand |
7n | Index deferred | OPR @X(Rn) | Rn+X is the address of the address |
In index and index deferred modes, X is a 16-bit value taken from a second word of the instruction. In double-operand instructions, both operands can use these modes. Such instructions are three words long.
Autoincrementation and autodecrementation of a register is by 1 in byte instructions, by 2 in word instructions, and by 2 whenever a deferred mode is used, since the quantity the register addresses is a (word) pointer.
Program counter addressing modes
When R7 (the program counter) is specified, four of the addressing modes naturally yield useful effects:
Code | Name | Example | Description |
---|---|---|---|
27 | Immediate | OPR #n | The operand is contained in the instruction |
37 | Absolute | OPR @#a | The absolute address is contained in the instruction |
67 | Relative | OPR a | An extra word in the instruction is added to PC+2 to give the address |
77 | Relative deferred | OPR @a | An extra word in the instruction is added to PC+2 to give the address of the address |
The only common use of absolute mode—whose syntax combines immediate and deferred mode—is to specify input/output registers, as the registers for each device have specific memory addresses. Relative mode has a simpler syntax and is more typical for referring to program variables and jump destinations. A program that uses relative mode (and relative deferred mode) exclusively for internal references is position-independent; it contains no assumptions about its own location, so it can be loaded into an arbitrary memory location, or even moved, with no need for its addresses to be adjusted to reflect its location (relocated). In computing such addresses relative to the current location, the processor performed relocation on the fly.
Immediate and absolute modes are merely autoincrement and autoincrement deferred mode, respectively, applied to PC. Whether the auxiliary word is "in the instruction" as the above table says, or is found following an instruction that also increments PC past it, is subjective. As PC always points to words, the autoincrementation is always by 2.
Stack addressing modes
R6, also written SP, is used as a hardware stack for traps and interrupts. A convention enforced by the set of modes the PDP-11 provides is that a stack grows downward—toward lower addresses—as items are pushed onto it. When a mode is applied to SP, or to any register the programmer elects to use as a software stack, the addressing modes have the following effects:
Code | Name | Example | Description |
---|---|---|---|
16 | Deferred | (SP) | The operand is on the top of the stack |
26 | Autoincrement | (SP)+ | The operand is on the top of the stack, then pop it off |
36 | Autoincrement deferred | @(SP)+ | A pointer to the operand is on top of the stack; pop the pointer off |
46 | Autodecrement | −(SP) | Push a value onto the stack |
66 | Indexed | X(SP) | This refers to any item on the stack by its positive distance from the top |
76 | Indexed deferred | @X(SP) | This refers to a value to which a pointer is at the specified location on the stack |
Although software stacks can contain bytes, SP is always a stack of words. Autoincrementation and autodecrementation of SP is always by 2.
Instruction set
The PDP-11 operates on bytes and words. Bytes are specified by a register number—identifying the register's low-order byte—or by a memory location. Words are specified by a register number or by the memory location of the low-order byte, which must be an even number. In most instructions that take operands, bit 15 is set to specify byte addressing, or clear to specify word addressing. In the lists in the following two sections, the assembly-language programmer appended B to the instruction symbol to specify a byte operation; for example, MOV became MOVB.
Double-operand instructions
The high-order four bits specify the operation to be performed (with bit 15 generally selecting word versus byte addressing). Two groups of six bits specify mode and register, as defined above, for each of two operands.
15 | 14 | 12 | 11 | 9 | 8 | 6 | 5 | 3 | 2 | 0 | |||||
B | Opcode | Mode | Source | Mode | Destination |
Opcode | Mnemonic | Effect |
---|---|---|
01 | MOV | Move: dest = src |
11 | MOVB | |
02 | CMP | Compare: compute src − dest, set flags only |
12 | CMPB | |
03 | BIT | Bit test: compute dest & src, set flags only |
13 | BITB | |
04 | BIC | Bit clear: dest &= ~src |
14 | BICB | |
05 | BIS | Bit set, a.k.a. logical OR: dest |= src |
15 | BISB | |
06 | ADD | Add, dest += src |
16 | SUB | Subtract, dest −= src |
The ADD and SUB instructions use word addressing, and have no byte-oriented variations.
Some additional two-operand instructions require a register source operand:
15 | 12 | 11 | 9 | 8 | 6 | 5 | 3 | 2 | 0 | ||||||
0 | 1 | 1 | 1 | Opcode | Register | Mode | Src/Dest |
Where a register pair is used (written below as "(R,R+1)", the first register contains the low-order bits and must be even. The second register contains the high-order bits (or the remainder). An exception is the multiply instruction; R may be odd, but if it is, the high 16 bits of the result are not stored.
Opcode | Mnemonic | Effect |
---|---|---|
070 | MUL | Multiply: (R,R+1) = R × src |
071 | DIV | Divide: Compute (R,R+1) ÷ src; quotient in R, remainder in R+1 |
072 | ASH | Arithmetic shift: R <<= src, shift amount may be −32..31. |
073 | ASHC | Arithmetic shift combined: (R,R+1) <<= src, shift amount may be −32..31. |
074 | XOR | Exclusive or: dest ^= reg (word only) |
075 | (floating-point operations) | |
076 | (system instructions) | |
077 | SOB | Subtract one and branch: Decrement register, if result non-zero, branch backward 0..63 words. |
Single-operand instructions
The high-order nine bits specify the operation to be performed (with bit 15 generally selecting word versus byte addressing). (There are not as many operations as it seems, as most combinations of the high-order four bits are taken by the double-operand instructions.) A single group of six bits specifies mode and register, as defined above, for the single operand.
15 | 11 | 10 | 6 | 5 | 3 | 2 | 0 | ||||||||
B | 0 | 0 | 0 | 1 | Opcode | Mode | Register |
Opcode | Mnemonic | Effect |
---|---|---|
0003 | SWAB | Swap bytes: rotate 8 bits |
004r | (Jump to subroutine) | |
104x | (Emulator trap) | |
0050 | CLR | Clear: dest = 0 |
1050 | CLRB | |
0051 | COM | Complement: dest = ~dest |
1051 | COMB | |
0052 | INC | Increment: dest += 1 |
1052 | INCB | |
0053 | DEC | Decrement: dest −= 1 |
1053 | DECB | |
0054 | NEG | Negate: dest = −dest |
1054 | NEGB | |
0055 | ADC | Add carry: dest += C |
1055 | ADCB | |
0056 | SBC | Subtract carry: dest −= C |
1056 | SBCB | |
0057 | TST | Test: Load src, set flags only |
1057 | TSTB | |
0060 | ROR | Rotate right 1 bit |
1060 | RORB | |
0061 | ROL | Rotate left 1 bit |
1061 | ROLB | |
0062 | ASR | Shift right: dest >>= 1 |
1062 | ASRB | |
0063 | ASL | Shift left: dest <<= 1 |
1063 | ASLB | |
0064 | MARK | Return from subroutine, skip 0..63 instruction words |
1064 | MTPS | Move to status: PS = src |
0065 | MFPI | Move from previous I space: −(SP) = src |
1065 | MFPD | Move from previous D space: −(SP) = src |
0066 | MTPI | Move to previous I space: dest = (SP)+ |
1066 | MTPD | Move to previous D space: dest = (SP)+ |
0067 | SXT | Sign extend: dest = (16 copies of N flag) |
1067 | MFPS | Move from status: dest = PS |
The SWAB instruction—which swaps the high-order and low-order byte of the specified word—does not have two variations for byte- and word-addressing.
Conditional branch instructions
Most Branch instructions take conditional effect based on the state of the condition codes in the PSW. A Branch instruction was typically preceded by a two-operand CMP (compare) or BIT (bit test) or a one-operand TST (test) instruction. Arithmetic and logic instructions also set the condition codes. In contrast to Intel processors in the X86 architecture, MOV instructions set them too, so a Branch instruction could be used to branch depending on whether the value moved was zero or negative.
The high-order byte specifies the operation. The low-order byte is an offset relative to the current location of the program counter. The offset is a number of words (so it is multiplied by 2 before being combined with the program counter) and it is a signed number, enabling branches forward and backward in the code.
15 | 11 | 10 | 8 | 7 | 0 | ||||||||||
x | 0 | 0 | 0 | 0 | Opcode | Offset |
Opcode | Mnemonic | Effect |
---|---|---|
0000xx | (System instructions) | |
0004xx | BR | Branch unconditionally |
0010xx | BNE | Branch if not equal (Z=0) |
0014xx | BEQ | Branch if equal (Z=1) |
0020xx | BGE | Branch if greater than or equal (N|V = 0) |
0024xx | BLT | Branch if less than (N|V = 1) |
0030xx | BGT | Branch if greater than (N^V = 1) |
0034xx | BLE | Branch if less than or equal (N^V = 0) |
1000xx | BPL | Branch if plus (N=0) |
1004xx | BMI | Branch if minus (N=1) |
1010xx | BHI | Branch if higher than (C|Z = 0) |
1014xx | BLOS | Branch if lower or same (C|Z = 1) |
1020xx | BVC | Branch if overflow clear (V=0) |
1024xx | BVS | Branch if overflow set (V=1) |
1030xx | BCC | Branch if carry clear (C=0) |
BHIS | Branch if higher or same (C=0) | |
1034xx | BCS | Branch if carry set (C=1) |
BLO | Branch if lower than (C=1) |
An additional conditional branch instruction is SOB (subtract one and branch), which is listed above under 2-operand instructions. The register operand is decremented. If the result is non-zero, the low six bits are taken as an unsigned number of instructions to branch backward.
The limited range of the branch instructions meant that, as code grew, the target addresses of some branches would become unreachable. The programmer would change the one-word BR to the two-word JMP instruction from the next group. As JMP has no conditional forms, the programmer would change BEQ to a BNE that branched around a JMP.
Jump and subroutine instructions
- JMP (jump)
- JSR (jump to subroutine--see below)
- RTS (return from subroutine--see below)
- MARK (support of stack clean-up at return)
- EMT (emulator trap)
- TRAP, BPT (breakpoint trap)
- IOT (input/output trap)
- RTI & RTT (return from interrupt)
The JSR instruction could save any register on the stack. Programs that did not need this feature specified PC as the register (JSR PC,address) and the routine returned using RTS PC. If a routine were called with, for instance, "JSR R4, address", then the old value of R4 would be on the top of the stack and the return address (just after JSR) would be in R4. This let the routine gain access to values coded in-line by specifying (R4)+, or to in-line pointers by specifying @(R4)+. The autoincrementation moved past these data, to the point at which the caller's code resumed. Such a routine would have to specify RTS R4 to return to its caller.
Miscellaneous instructions
- HALT, WAIT (wait for interrupt)
- RESET (reset UNIBUS)
Condition-code operations
- CLC, CLV, CLZ, CLN, CCC (clear relevant condition code)
- SEC, SEV, SEZ, SEN, SCC (set relevant condition code)
The four condition codes in the processor status word (PSW) are
- N indicating a negative value
- Z indicating a zero (equal) condition
- V indicating an overflow condition, and
- C indicating a carry condition.
SCC and CCC respectively set and clear all four condition codes.
Optional instruction sets
- Extended Instruction Set (EIS)
The EIS was an option for 11/35/40 and 11/03, and was standard on newer processors.
- MUL, DIV multiply and divide integer operand to register pair
- ASH, ASHC arithmetic - shift a register or a register pair. For a positive number it will shift left, and right for a negative one.
- Floating Instruction Set (FIS)
The FIS instruction set was an option for the PDP-11/35/40 and 11/03
- FADD, FSUB, FMUL, FDIV only for single-precision operating on stack addressed by register operand
- Floating Point Processor (FPP)
This was the optional floating point processor option for 11/45 and most subsequent models.
- full floating point operations on single- or double-precision operands, selected by single/double bit in Floating Point Status Register
- single-precision floating point data format predecessor of IEEE 754 format: sign bit, 8-bit exponent, 23-bit mantissa with hidden bit 24
- Commercial Instruction Set (CIS)
The CIS was implemented by optional microcode in the 11/23/24, and by an add-in module in the 11/44 and in one version of the 11/74. It provided string and decimal instructions used by COBOL and Dibol.
- Access to Processor Status Word (PSW)
The PSW was mapped to memory address 177 776, but instructions found on all but the earliest PDP-11s gave programs more direct access to the register.
- SPL (set priority level)
- MTPS (move to Processor Status)
- MFPS (move from Processor Status)
- Access to other memory spaces
On PDP-11s that provided multiple instruction spaces and data spaces, a set of non-orthogonal Move instructions gave access to other spaces. For example, routines in the operating system that handled run-time service calls would use these instructions to exchange information with the caller.
- MTPD (move to previous data space)
- MTPI (move to previous instruction space)
- MFPD (move from previous data space)
- MFPI (move from previous instruction space)
Inconsistent instructions
Over the life of the PDP-11, subtle differences arose in the implementation of instructions and combinations of addressing modes, though no implementation was regarded as correct. The inconsistencies did not affect ordinary use of the PDP-11.
Speed
PDP-11 processor speed varied by model, memory configuration, op code, and addressing modes. Instruction timing had up to three components, execute/fetch of the instruction itself and access time for the source and the destination. The last two components depended on the addressing mode. For example, on the PDP-11/70 (circa 1975), an instruction of the form ADD x(Rm),y(Rn) had a fetch/execute time of 1.35 microseconds plus source and destination times of 0.6 microseconds each, for a total instruction time of 2.55 microseconds. Any case where addressed memory was not in the cache added 1.02 microseconds. The register-to-register ADD Rm,Rn could execute from the cache in 0.3 microseconds. Floating point was even more complex, since there was some overlap between the CPU and the floating-point processor, but in general, floating point was significantly slower. A single-precision floating add instruction could range from 2.4 to 5.5 microseconds plus time to fetch the operands.[4]
Interrupts
The PDP-11 operated at a priority level from 0 through 7, declared by three bits in the Processor Status Word (PSW).
To request an interrupt, a bus device would assert one of four common bus lines, BR4 through BR7, until the processor responded. Higher numbers indicated greater urgency, perhaps that data might be lost or a desired sector might rotate out of contact with the read/write heads unless the processor responded quickly. The printer's readiness for another character was the lowest priority (BR4), as it would remain ready indefinitely. If the processor were operating at level 5, then BR6 and BR7 would be in order. If the processor were operating at 3 or lower, it would grant any interrupt; if at 7, it would grant none. Bus requests that were not granted were not lost but merely deferred. The device needing service would continue to assert its bus request.
Whenever an interrupt exceeded the processor's priority level, the processor asserted the corresponding bus grant, BG4 through BG7. The bus-grant lines were not common lines but were a daisy chain: The input of each gate was the output of the previous gate in the chain. A gate was on each bus device, and a device physically closer to the processor was earlier in the daisy chain. If the device had made a request, then on sensing its bus-grant input, it could conclude it was in control of the bus, and did not pass the grant signal to the next device on the bus. If the device had not made a request, it propagated its bus-grant input to its bus-grant output, giving the next closest device the chance to reply. (If devices did not occupy adjacent slots to the processor board, "grant continuity cards" inserted into the empty slots propagated the bus-grant line.)
Once in control of the bus, the device dropped its bus request and placed on the bus the memory address of its two-word vector. The processor saved the program counter (PC) and PSW, and loaded new values from the specified vector. For a device at BR6, the new PSW in its vector would typically specify 6 as the new processor priority, so the processor would honor more urgent requests (BR7) during the service routine, but defer requests of the same or lower priority. With the new PC, the processor jumped to the service routine for the interrupting device. That routine operated the device, at least removing the condition that caused the interrupt. The routine ended with the RTI (ReTurn from Interrupt) instruction, which restored PC and PSW as of just before the processor granted the interrupt.
If a bus request were made in error and no device responded to the bus grant, the processor timed out and performed a trap that would suggest bad hardware.
MACRO-11 assembly language
MACRO-11 is the assembly language for the PDP-11. It is the successor to PAL-11 (Program Assembler Loader), an earlier version of the PDP-11 assembly language without macro facilities. MACRO-11 was supported on all DEC PDP-11 operating systems. PDP-11 Unix systems also include an assembler (called "as"), structurally similar to MACRO-11 but with different syntax and fewer features.
Myth of PDP-11 influence on programing languages
A (false) folk myth is that the instruction set architecture of the PDP-11 influenced the idiomatic use of the B programming language. The PDP-11's increment and decrement addressing modes correspond to the −−i
and i++
constructs in C. If i
and j
were both register variables, an expression such as *(−−i) = *(j++)
could be compiled to a single machine instruction. Dennis Ritchie unambiguously contradicts this folk myth, noting that the PDP-11 did not yet exist at the time of B's creation. He notes however that these addressing modes may have been suggested by the auto-increment cells of the PDP-7, though the implementation of B did not utilize this hardware feature.[5] The C programming language did however take advantage of several low level PDP-11 dependent programming features, resulting in the propagation of these features into new processors.[6]
Notes
- ↑ "PDP-11 Processor Handbook" (PDF). DEC. Retrieved 13 November 2015.
- ↑ pdp11/05/10/35/40, Chapter 7.
- ↑ pdp11/04/34a/44/60/70, page 421.
- ↑ DEC PDP-11/70 Processor Handbook, 1975, Appendix C, Instruction Timing
- ↑ Dennis M. Ritchie (March 1993). "The Development of the C Language". ACM SIGPLAN Notices 28 (3): 201–208. doi:10.1145/155360.155580.
People often guess that they were created to use the auto-increment and auto-decrement address modes provided by the DEC PDP-11 on which C and Unix first became popular. This is historically impossible, since there was no PDP-11 when B was developed. The PDP-7, however, did have a few `auto-increment' memory cells, with the property that an indirect memory reference through them incremented the cell. This feature probably suggested such operators to Thompson; the generalization to make them both prefix and postfix was his own. Indeed, the auto-increment cells were not used directly in implementation of the operators, and a stronger motivation for the innovation was probably his observation that the translation of ++x was smaller than that of x=x+1.
- ↑ Bakyo, John. "DEC PDP-11, benchmark for the first 16/32 bit generation. (1970)" in Great Microprocessors of the Past and Present (V 13.4.0), Section Three, Part I. Accessed 2011-03-04
References
- pdp11 processor handbook - pdp11/05/10/35/40. Digital Equipment Corporation. 1973.
- pdp11 processor handbook - pdp11/04/34a/44/60/70. Digital Equipment Corporation. 1979.
Further reading
- Eckhouse, jr., Richard H.; Morris, L. Robert (1979). Microcomputer Systems Organization, Programming and Applications (PDP-11). Englewood Cliffs, New Jersey: Prentice-Hall. ISBN 0-13-583914-9.
- Michael Singer, PDP-11. Assembler Language Programming and Machine Organization, John Wiley & Sons, NY: 1980.
External links
- PDP-11 Processor Handbook (Gordon Bell's 1969 edition )
- Preserving the PDP-11 Series of 16-bit minicomputers
- Gordon Bell and Bill Strecker's 1975 paper, What We Learned From the PDP-11
- Ersatz-11, a PDP-11 emulator
- Further papers and links on Gordon Bell's site.
- The Fuzzball
- On LSI-11, RT-11, Megabytes of Memory and Modula-2/VRS by Günter Dotzel, ModulaWare.com - An article on Modula-2 compiler/linker synergy to overcome the PDP/LSI-11 address space limitations, published in DEC PROFESSIONAL, The Magazine for DEC Users, Professional Press, Spring House, PA. U.S.A., January 1986.