a.out magic numbers (was Referencing through a null pointer)

[Dennis L. Mumaugh]

In article <1988May6.165741.633 at utzoo.uucp> henry at utzoo.uucp (Henry Spencer) writes:
>> >Actually, no.  The a.out header was not part of the actual core image, so
>> >the first instruction of the program was first;
>> 
>> Was this always so?
>
>Perhaps not.  It can't be a coincidence that the magic number is a branch
>around the rest of the header.  This may have been aimed at things like
>standalone diagnostics rather than normal Unix programs, though.  I know
>that it wasn't in the core image in V7 or V6, and I'm fairly sure that it
>wasn't in V5, but that's as far back as my experience goes.  Dennis?


The magic number was used  in  the  V6  and  V7  bootstraps.  The
bootstrap  looked it its first word and if it was 407 then copied
itself over  the  a.out  header.  It  could  do  so  because  the
assembly lagnuage was written as PIC -- position independent code
-- which was easy to do on a PDP-11.  The kernel for  V6  and  V7
loaded  an executable by reading in the first ##n words and using
them.  Thus no unix program had the 407 in its address space.  In
V6  for loading /unix there was no need to remove the 407 because
the bootstrap loader did the removal  by  the  same  code  as  it
removed  its  own  407  header.  In V7 the standalone boot loader
mimiced UNIX and ignored it.

BTW the V6 boot loader didn't stop  with  the  program  but  also
loaded  the  relocation  information  and  the symbol table; this
would trash the  loader  for  /unix  with  too  many  drivers  or
symbols.  V7  used  the  a.out header and didn't load symbols and
relocation.

As for the origin of 407 it IS a br .+10. and  was  designed  for
just  that  purpose: to jump over the header.  But it worked ONLY
on PIC.  I can't recall when Ken or Dennis said it stopped  being
used in executables.
-- 
=Dennis L. Mumaugh
 Lisle, IL       ...!{ihnp4,cbosgd,lll-crg}!cuuxb!dlm