Disks: The Alto File System This document describes the disk formats used in the Alto File System. It also describes a "disk object," a Bcpl software construct that is used to interface low-level disk drivers with packages that implement higher-level objects, such as streams. The primary focus of the description will be for the "standard" Alto disks: either (1) up to 2 Diablo Model 31 disk drives or (2) one Diablo Model 44 disk drive. The low-level drivers for these disks are called "Bfs" (Basic File System). With minor modifications, the description below applies to the Trident Model T80 and T300 disk drives, when formatted for Alto file system conventions. The differences are flagged with the string [Trident]. Low-level drivers for the Trident disks are called "Tfs." 1. Distribution Relocatable binary files for the BFS are kept in <Alto>BFSBrs.dm. The sources, command files, and test program (described later in this document) are kept in <AltoSource>BFSSources.dm Relocatable binary files for the TFS are kept in <Alto>TFS.dm; sources are kept on <AltoSource>TFSSources.dm. 2. File and Disk Structure This section describes the conventions of the Alto file system. The files AltoFileSys.D and Bfs.D contain Bcpl structure declarations that correspond to this description ([Trident]: See also "Tfs.D"). The unit of transfer between disk and memory, and hence that of the file system, is the disk sector. Each sector has three fields: a 2- word header, an 8-word label, and a 256-word data page. ([Trident]: The fields are a 2-word header, a 10-word label, and a 1024-word data page.) A sector is identified by a disk address; there are two kinds of disk addresses, real and virtual. The hardware deals in real addresses, which have a somewhat arbitrary format. An unfortunate consequence is that the real addresses for all the pages on a disk unit are sparse in the set of 16 bit integers. To correct this defect, virtual addresses have been introduced. They have the property that the pages of a disk unit which holds n pages have virtual addresses 0 ... (n-1). Furthermore, the ordering of pages by virtual address is such that successive pages in the virtual space are usually sequential on the disk. As a result, assigning a sequence of pages to consecutive virtual addresses will ensure that they can be read in as fast as possible. ------------ Copyright Xerox Corporation 1982 Disks & Bfs April 10, 1982 2 2.1. Legal Alto Files An Alto file is a data structure that contains two sorts of information: some is mandatory, and is required for all legal files; the remainder is "hints". Programs that operate on files should endeavor to keep the hints accurate, but should never depend on the accuracy of a hint. A legal Alto file consists of a sequence of pages held together by a doubly-linked list recorded in the label fields. Each label contains the mandatory information: The forward and backward links, recorded as real disk addresses. A page number which gives the position of the page in the file; pages are numbered from 0. A count of the number of characters of data in the page (numchars). This may range from 0 (for a completely empty page) to 512 (for a completely full page). ([Trident]: A full page contains 2048 characters.) A real file id, which is a three-word unique identifier for the file. The user normally deals with virtual file ids (see the discussion of file pointers, below), which are automatically converted into real file ids when a label is needed. Three bits in the file id deserve special mention: Directory: This bit is on if the file is itself a directory file. This information is used by the disk Scavenger when trying to re- build a damaged disk data structure. Random: This bit is currently unused. NoLog: This bit is no longer used, but many existing files are likely to have it set. Leader Page: Page 0 of a file is called the leader page; it contains no file data, but only a collection of file properties, all of which are hints. The structure LD in AltoFileSys.D declares the format of a leader page, which contains the following standard items: The file name, a hint so that the Scavenger can enter this file in a directory if it is not already in one. The times for creation, last read and last write, interpreted as follows: A file's creation date is a stamp generated when the information in the file is created. When a file is copied (without modification), the creation date should be copied with it. When a file is modified in any way (either in-place or as a result of being overwritten by newly-created information), a new creation date should be generated. A file's write date is updated whenever that file is physically written on a given file system. Disks & Bfs April 10, 1982 3 A file's read date is updated whenever that file is physically read from within a given file system. A pointer to the directory in which the file is thought to be entered (zeroes imply the system directory SysDir). A "hint" describing the last page of the file. A "consecutive" bit which is a hint that the pages of the file lie at consecutive virtual disk addresses. The changeSerial field related to version numbering: whenever a new version of a file "foo" is made, the changeSerial field of all other files "foo" (i.e., older versions) is incremented. Thus, a program that wishes to be sure that it is using the most recent version of a file can verify that changeSerial=0. If a program keeps an FP as a hint for a file, and is concerned about the relative position of that file in the list of version numbers, it can also keep and verify the changeSerial entry of the file. Version numbers have been deimplemented. These standard items use up about 40 words of the leader page. The remaining space is available for storing other information in blocks which start with a one word header containing type and length fields. A zero terminates the list. The structure FPROP in AltoFileSys.d defines the header format. The only standard use of this facility is to record the logical shape of the disk in the leader page of SysDir. Data: The first data byte of a file is the first byte of page 1. In a legal file with n pages, the label field of page i must contain: A next link with the real disk address of page (i+1), or 0 if i=n-1. A previous link with the real disk address of page (i-1), or 0 if i=0. A page number between 0 and (n-1), inclusive. A numchars word = 512 if i<n-1, and <512 if i=n-1. The last page must not be completely full. ([Trident]: = 2048 if i<n-1, and <2048 if i = n-1.) A real file id which is the same for every page in the file, and different from the real file id of any other file on the disk. A file is addressed by an object called a file pointer (FP), which is declared in AltoFileSys.D. A file pointer contains a virtual file id, and also the virtual address of the leader page of the file. The low- level disk routines construct a real file id from the virtual one when they must deal with a disk label. Since it is possible for the user to read a label from the disk and examine its contents, the drivers also provides a routine which will convert the real file id in the label into a file pointer (of course, the leader address will not be filled in). Note: Real disk address 0 (equal virtual disk address 0) cannot be part of any legal Alto file because the value 0 is reserved to terminate the forward and backward chains in sector labels. However, disk address 0 Disks & Bfs April 10, 1982 4 is used for "booting" the Alto: when the boot key is pressed when no keyboard keys are down, sector 0 is read in as a bootstrap loader. The normal way to make a file the "boot file" is to first create a legal Alto file with the bootstrap loader as the first data page (page 1), and then to copy this page (label and data) into disk sector 0. Thus the label in sector 0 points forward to the remainder of the boot file. 2.2. Legal Alto Disks A legal disk is one on which every page is either part of a legal file, or free, or "permanently bad." A free page has a file id of all ones, and the rest of its label is indeterminate. A permanently bad page has a file id with each of the three words set to -2, and the remainder of the label indeterminate. 2.3. Alto Directory Files A directory is a file for associating string names and FP's. It has the directory bit set in its file id, and has the following format (structure DV declared in AltoFileSys.D). It is a sequence of entries. An entry contains a header and a body. The length field of the header tells how many words there are in the entry, including the header. The interpretation of the body depends on the type, recorded in the header. dvTypeFree=0: free entry. The body is uninterpreted. dvTypeFile=1: file entry. The body consists of a file pointer, followed by a Bcpl string containing the name of the file. The file name must contain only upper and lower case letters, digits, and characters in the string "+-.!$". They must terminate with a period (".") and not be longer than maxLengthFn characters. If there are an odd number of bytes in the name, the "garbage byte" must be 0. The interpretation of exclamation mark (!) is special; if a file name ends with ! followed only by digits (and the mandatory "."), the digits specify a file version number. The main directory is a file with its leader page stored in the disk page with virtual address 1. There is an entry for the main directory in the main directory, with the name SysDir. All other directories can be reached by starting at the main directory. 2.4. Disk Descriptor There is a file called DiskDescriptor entered in the main directory which contains a disk descriptor structure which describes the disk and tells which pages are free. The disk descriptor has two parts: a 16 word header which describes the shape of the disk, and a bit table indexed by virtual disk address. The declaration of the header structure is in AltoFileSys.D. The "defaultVersionsKept" entry in the DiskDescriptor records the number of old versions of files that should be retained by the system. If this entry is 0, no version accounting is done: new files simply replace old ones. Version numbers have been deimplemented. Disks & Bfs April 10, 1982 5 The entry in the disk descriptor named "freePages" is used to maintain a count of free pages on the disk. This is a hint about a hint: it is computed when a disk is opened by counting the bits in the bit table, and then incrementing and decrementing as pages are released and allocated. However the bit table is itself just a collection of hints, as explained below. The bit table contains a "1" corresponding to each virtual disk address that is believed to be occupied by a file, and "0" for free addresses. These values are, however, only hints. Programs that assign new pages should check to be sure that a page thought to be free is indeed so by reading the label and checking to see that it describes a free page. (The WriteDiskPages and CreateDiskFile procedures in the disk object perform this checking for you.) 2.5. Oversights If the Alto file system were to be designed again, several deficiencies could be corrected: Directory entries and label entries should have the same concept of file identifier. Presently, we have filePointers and fileIds. There is no reason why the last page of a file cannot contain 512 bytes. It is unfortunate that the disk controller will not check an entry of 0 in a label, because these values often arise (numChars of the last page, page number of the leader page). Another don't care value should be chosen: not a legal disk address; with enough high order bits so that it will check numChars and page number fields. The value used to terminate the chain of disk addresses stored in the labels should not be a legal disk address. (It should also not be zero, so that it may be checked.) If it is a legal address, and if you try to run the disk at full speed using the trick of pointing page i's label at page i+1's disk address in the command block, the disk will try to read the page at the legal disk address represented by the chain terminator. Only when this results in an error is end of file detected. A terminator of zero has the undesirable property that a seek to track 0 occurs whenever a chain runs into end-of- file. 3. The Disk Object In order to facilitate the interface between various low-level disk drivers and higher-level software, we define a "disk object." A small data structure defines a number of generic operations on a disk -- the structure DSK is defined in "Disks.D." Each procedure takes the disk structure as its first argument: ActOnDiskPages: Used to read and write the data fields of pages of an existing file. WriteDiskPages: Used to read and write data fields of the pages of a file, and to extend the file if needed. Disks & Bfs April 10, 1982 6 DeleteDiskPages: Used to delete pages from the end of a file. CreateDiskFile: Used to create a new disk file, and to build the leader page correctly. AssignDiskPage: Used to find a free disk page and return its virtual disk address. ReleaseDiskPage: Used to release a virtual disk address no longer needed. VirtualDiskDA: Converts a real disk address into a virtual disk address. RealDiskDA: Converts a virtual disk address into a real disk address. InitializeDiskCBZ: Initializes a Command Buffer Zone (CBZ) for managing disk transfers. DoDiskCommand: Queues a Command Buffer (CB) to initiate a one-page transfer. GetDiskCb: Obtains another CB, possibly waiting for an earlier transfer to complete. CloseDisk: Destroys the disk object. In addition, there are several standard data entries in the DSK object: fpSysDir: Pointer to the FP for the directory on the disk. (This always has a constant format -- see discussion above.) fpDiskDescriptor: Pointer to the FP for the file "DiskDescriptor" on the disk. fpWorkingDir: Pointer to the FP to use as the "working directory" on this disk. This is usually the same as fpSysDir. nameWorkingDir: Pointer to a Bcpl string that contains the name of the working directory. lnPageSize: This is the log (base 2) of the number of words in a data page on this disk. driveNumber: This entry identifies the drive number that this DSK structure describes. retryCount: This value gives the number of times the disk routines should retry an operation before declaring it an error. totalErrors: This value gives a cumulative count of the number of disk errors encountered. diskKd: This entry points to a copy of the DiskDescriptor in memory. Because the bit table can get quite large, only the header needs to be in memory. This header can be used, for example, to compute the capacity of the disk. Disks & Bfs April 10, 1982 7 lengthCBZ, lengthCB: The fixed overhead for a CBZ and the number of additional words required per CB. In addition to this standard information, a particular implementation of a disk class may include other information in the structure. 4. Data Structures The following data structures are part of the interface between the user and the disk class routines: pageNumber: as defined in the previous section. The page number is represented by an integer. DAs: a vector indexed by page number in which the ith entry contains the virtual disk address of page i of the file, or one of two special values (which are declared as manifest constants in Disks.D): eofDA: this page is beyond the current end of the file; fillInDA: the address of this page is not known. Note that a particular call on the file system will only reference certain elements of this vector, and the others do not have to exist. Thus, reading page i will cause references only to DAs!i and DAs!(i+1), so the user can have a two-word vector v to hold these quantities, and pass v-i to the file system as DAs. CAs: a vector indexed by page number in which the ith entry contains the core address to or from which page i should be transfered. The note for DAs applies here also. fp (or filePtr): file pointer, described above. In most cases, the leader page address is not used. action: a magic number which specifies what the disk should do. Possible values are declared as manifest constants in Disks.D: DCreadD: check the header and label, read the data; DCreadLD: check the header, read the label and data; DCreadHLD: read the header, label, and data; DCwriteD: check the header and label, write the data; DCwriteLD: check the header, write the label and data; DCwriteHLD: write the header, label, and data; DCseekOnly: just seek to the specified track DCdoNothing: A particular implementation of the disk class may also make other operations available by defining additional magic numbers. 5. Higher-level Subroutines There are two high-level calls on the basic file system: Disks & Bfs April 10, 1982 8 pageNumber = ActOnDiskPages(disk, CAs, DAs, filePtr, firstPage, lastPage, action, lvNumChars, lastAction, fixedCA, cleanupRoutine, lvErrorRoutine, returnOnCheckError, hintLastPage). Parameters beyond "action" are optional and may be defaulted by omitting them or making them 0. Here firstPage and lastPage are the page numbers of the first and last pages to be acted on (i.e. read or written, in normal use). This routine does the specified action on each page and returns the page number of the last page successfully acted on. This may be less than lastPage if the file turns out to have fewer pages. DAs!firstPage must contain a disk address, but any of DAs!(firstPage+1) through DAs!(lastPage+1) may be fillInDA, in which case it will be replaced with the actual disk address, as determined from the chain when the labels are read. Note that the routine will fill in DAs!(lastPage+1), so this word must exist. The value of the numChars field in the label of the last page acted on will be left in rv lvNumChars. If lastAction is supplied, it will be used as the action for lastPage instead of action. If CAs eq 0, fixedCA is used as the core address for all the data transfers. If cleanupRoutine is supplied, it is called after the successful completion of each disk command, as described below under "Lower-level disk access". (Note: providing a cleanup routine defeats the automatic filling in of disk addresses in DAs). Disk transfers that generate errors are retried several times and then the error routine is called with rv lvErrorRoutine(lvErrorRoutine, cb, errorCode) In other words, lvErrorRoutine is the address of a word which contains the (address of the) routine to be called when there is an error. The errorCode tells what kind of error it was; the standard error codes are tabulated in a later section. The cb is the control block which caused the error; its format depends on the particular implementation of the drivers (Bfs: the structure CB in Bfs.D). The intended use of lvErrorRoutine is this. A disk stream contains a cell A, in a known place in the stream structure, which contains the address of a routine which fields disk errors. The address of A is passed as lvErrorRoutine. When the error routine is called, it gets the address of A as a parameter, and by subtracting the known position of A in the disk stream structure, it can obtain the address of the stream structure, and thus determine which stream caused the error. The default value of returnOnCheckError is false. If returnOnCheckError is true and an error is encountered, ActOnDiskPages will not retry a check error and then report an error. Instead, it will return -(#100+i), where i is the page number of the last page successfully transferred. This feature allows ActOnDiskPages to be used when the user it not sure whether the disk address he has is correct. It is used by the disk stream and directory routines which take hints; they try to read from the page addressed by the hint with returnOnCheckError true, and if they get a normal return they know that the hint was good. On the other hand, if it was not good, they will get the abnormal return just described, and can proceed to try again in a more conservative way. Disks & Bfs April 10, 1982 9 The hintLastPage argument, if supplied, indicates the page number of what the caller believes to be the last page of the file (presumably obtained from the hint in the leader page). If the hint is correct, ActOnDiskPages will ensure that the disk controller does not chain past the end of the file and seek to cylinder zero (as described earlier under "Oversights"). If the hint is incorrect, the operation will still be performed correctly, but perhaps with a loss in performance. Note that the label is not rewritten by DCwriteD, so that the number of characters per page will not change. If you need to change the label, you should use WriteDiskPages unless you know what you are doing. ActOnDiskPages can be used to both read and write a file as long as the length of the file does not have to change. If it does, you must use WriteDiskPages. pageNumber = WriteDiskPages(disk, CAs, DAs, filePtr, firstPage, lastPage, lastAction, lvNumChars, lastNumChars, fixedCA, nil, lvErrorRoutine, nil, hintLastPage). Arguments beyond lastPage are optional and may be defaulted by omitting them or making them 0 (but lastNumChars is not defaulted if it is 0). This routine writes the specified pages from CAs (or from fixedCA if CAs is 0, as for ActOnDiskPages). It fills in DAs entries in the same way as ActOnDiskPages, and also allocates enough new pages to complete the specified write. The numChars field in the label of the last page will be set to lastNumChars (which defaults to 512 [Trident]: 2048). It is generally necessary that DAs!firstPage contain a disk address. The only situation in which it is permissible for DAs!firstPage to contain fillInDA is when firstPage is zero and no pages of the file yet exist on the disk (i.e., when creating page zero of a new file). In most cases, DAs!(firstPage-1) should have the value which you want written into the backward chain pointer for firstPage, since this value is needed whenever the label for firstPage needs to be rewritten. The only case in which it doesn't need to be rewritten is when the page is already allocated, the next page is not being allocated, and the numChars field is not changing. If lastPage already exists: 1) the old value of the numChars field of its label is left in rv lvNumChars. 2) if lastAction is supplied, it is applied to lastPage instead of DCwriteD. It defaults to DCwriteD. WriteDiskPages handles one special case to help in "renaming" files, i.e. in changing the FP (usually the serial number) of all the pages of a file. To do this, use ActOnDiskPages to read a number of pages of the file into memory and to build a DAs array of valid disk addresses. Then a call to WriteDiskPages with lastAction=-1 will write labels and data for pages firstPage through lastPage (DAs!(firstPage-1) and DAs!(lastPage+1) are of course used in this writing process). The numChars field of the label on the last page is set to lastNumChars. To use this facility, the entire DAs array must be valid, i.e. no entries may be fillInDA. Disks & Bfs April 10, 1982 10 In addition to these two routines, there are two others which provide more specialized services: CreateDiskFile(disk, name, filePtr, dirFilePtr, word1 [0], useOldFp [false], pageBuf[0]) Creates a new disk file and writes its leader page. It returns the serial number and leader disk address in the FP structure filePtr. A newly created file has one data page (page 1) with numChars eq 0. The arguments beyond filePtr are optional, and have the following significance: If dirFilePtr is supplied, it should be a file pointer to the directory which owns the file. This file pointer is written into the leader page, and is used by the disk Scavenger to put the file back into the directory if it becomes lost. It defaults to the root directory, SysDir. The value of word1 is "or"ed into the filePtr>>FP.serialNumber.word1 portion of the file pointer. This allows the directory and random bits to be set in the file id. If useOldFp is true, then filePtr already points to a legal file; the purpose of calling CreateDiskFile is to re-write all the labels of the existing file with the new serial number, and to re- initialize the leader page. The data contents of the original file are lost. Note that this process effectively "deletes" the file described by filePtr when CreateDiskFile is called, and makes a new file; the FP for the new file is returned in filePtr. If pageBuf is supplied, it is written on the leader page of the new file after setting the creation date and directory FP hint (if supplied). If pageBuf is omitted, a minimal leader page is created. DeleteDiskPages(disk, CA, firstDA, filePtr, firstPage, newFp, hintLastPage) Arguments beyond firstPage are optional. Deletes the pages of a file, starting with the page whose number is firstPage and whose disk address is firstDA. CA is a page-sized buffer which is clobbered by the routine. hintLastPage is as described under ActOnDiskPages. If newFp is supplied and nonzero, it (rather than freePageFp) is installed as the FP of the file, and the pages are not deallocated. 6. Allocating Disk Space The disk class also contains routines for allocating space and for converting between virtual and real disk addresses. In most cases, users need not call these routines directly, as the four routines given above (ActOnDiskPages, WriteDiskPages, DeleteDiskPages, CreateDiskFile) manage disk addresses and disk space internally. AssignDiskPage(disk, virtualDA, nil) returns the virtual disk address of the first free page following virtualDA, according to the bit table, Disks & Bfs April 10, 1982 11 and sets the corresponding bit. It does not do any checking that the page is actually free (but WriteDiskPages does). If there are no free pages it returns -1. If it is called with three arguments, it returns true if (virtualDA+1) is available without assigning it. If virtualDA is eofDA, AssignDiskPage makes a free-choice assignment. The disk object remembers the virtual DA of the last page assigned and uses it as the first page to attempt to assign next time AssignDiskPage is called with a virtualDA of eofDA. This means that you can force a file to be created starting at a particular virtual address by means of the following strategy: ReleaseDiskPage(disk, AssignDiskPage(disk, desiredVDA-1)) CreateDiskFile(disk, ...) // or whatever (e.g., OpenFile) ReleaseDiskPage(disk, virtualDA) marks the page as free in the bit table. It does not write anything on the disk (but DeleteDiskPages does). VirtualDiskDA(disk, lvRealDA) returns the virtual disk address, given a real disk address in rv lvRealDA. (The address, lvRealDA, is passed because a real disk address may occupy more than 1 word.) This procedure returns eofDA if the real disk address is zero (end-of-file), and fillInDA if the real disk address does not correspond to a legal virtual disk address in this file system. RealDiskDA(disk, virtualDA, lvRealDA) computes the real disk address and stores it in rv lvRealDA. The function returns true if the virtual disk address is legal, i.e. within the bounds of disk addresses for the given "disk." Otherwise, it returns false. 7. Lower-level Disk Access The transfer routines described previously have the property that all disk activity occurs during calls to the routines; the routines wait for the requested disk transfers to complete before returning. Consequently, disk transfers cannot conveniently be overlapped with computation, and the number of pages transferred consecutively at full disk speed is generally limited by the number of buffers that a caller is able to supply in a single call. It is also possible to use the disk routines at a lower level in order to overlap transfers with computation and to transfer pages at the full speed of the disk (assuming the file is consecutively allocated on the disk and the amount of computation per page is kept relatively small). The necessary generic disk operations and other information are available to permit callers to operate the low-level disk routines in a device-independent fashion for most applications. This level makes used of a Command Block Zone (CBZ), part of whose structure is public and defined in Disks.d, and the rest of which is private to the implementation. The general idea is that a CBZ is set up with empty disk command blocks in it. A free block is obtained from the CBZ with GetDiskCb and sent to the disk with DoDiskCommand. When it is sent to the disk, it is also put on the queue which GetDiskCb uses, but GetDiskCb waits until the disk is done with the command before returning it, and also checks for errors. Disks & Bfs April 10, 1982 12 If you plan to use these routines, read the code for ActOnDiskPages to find out how they are intended to be called. An example of use of these routines in a disk-independent fashion (i.e., using only the public definitions in Disks.d) may be found in the DiskStreamsScan module of the Operating System. Only in unusual applications should it be necessary to make use of the implementation-dependent information in Bfs.d or Tfs.d. InitializeDiskCBZ(disk, cbz, firstPage, length, retry, lvErrorRoutine). CBZ is the address of a block of length words which can be used to store CBs. It takes at least three CBs to run the disk at full speed; the disk object contains the values DSK.lengthCBZ (fixed overhead) and DSK.lengthCB (size of each command block) which may be used to compute the required length (that is, length should be at least lengthCBZ+3*lengthCB). FirstPage is used to initialize the currentPage field of the cbz. Retry is a label used for an error return, as described below. lvErrorRoutine is an error routine for unrecoverable errors, described below; it defaults to a routine that simply invokes SysErr. The arguments after firstPage can be omitted if an existing CBZ is being reinitialized, and they will remain unchanged from the previous initialization. cb = GetDiskCb(disk, cbz, dontClear[false], returnIfNoCB[false]) returns the next CB for the CBZ. If the next CB is empty (i.e., it has never been passed to DoDiskCommand), GetDiskCb simply zeroes it and returns it. However, if the next CB is still on the disk command queue, GetDiskCb waits until the disk has finished with it. Before returning a CB, GetDiskCb checks for errors, and handles them as described below. If there is no error, GetDiskCb updates the nextDA and currentNumChars cells in the CBZ, then calls cbz>>CBZ.cleanupRoutine(disk, cb, cbz). Next, unless dontClear is true, the CB is zeroed. Finally, the CB is returned as the value of GetDiskCb. If returnIfNoCB is true, GetDiskCb returns zero if there are no CBs in the CBZ or the next CB is still on the disk command queue. If the next CB has suffered an error, then GetDiskCb instead takes the following actions. First it increments cbz>>CBZ.errorCount. If this number is ge the value disk>>DSK.retryCount, GetDiskCb calls the error routine which was passed to InitializeDiskCBZ; the way this is done is explained in the description of ActOnDiskPages above. (If the error routine returns, GetDiskCb will proceed as if an error hadn't occurred.) Otherwise, after doing a restore on the disk if errorCount ge disk>>DSK.retryCount/2, it reinitializes the CBZ with firstPage equal to the page with the error, and returns to cbz>>CBZ.retry (which was initialized by InitializeDiskCBZ) instead of returning normally. The idea is that the code following the retry label will retry all the incomplete commands, starting with the one whose page number is cbz>>CBZ.currentPage and whose disk address is cbz>>CBZ.errorDA. DoDiskCommand(disk, cb, CA, DA, filePtr, pageNumber, action, nextCb) Constructs a disk command in cb with data address CA, virtual disk address DA, serial and version number taken from the virtual file id in filePtr, page number taken from pageNumber, and disk command specified by action. The nextCb argument is optional; if supplied and nonzero, DoDiskCommand will "chain" the current CB's label address to nextCb, in such a way that the DL.next word will fall into nextCb>>CB.diskAddress. DoDiskCommand expects the cb to be zeroed, except that the following Disks & Bfs April 10, 1982 13 fields may be preset; if they are zero the indicated default is supplied: labelAddress lv cb>>CB.label numChars 0 If DA eq fillInDA, the real disk address in the command is not set (the caller should have either set it explicitly or passed the CB as the nextCb argument for a previous command). Actions are checked for legality. The public cells in the CBZ most likely to be of interest are the following: client: information of the caller's choosing (e.g., a pointer to a related higher-level data structure such as a stream.) cleanupRoutine: the cleanup routine called by GetDiskCb (defaulted to Noop by InitializeDiskCBZ). currentPage: set to the firstPage argument of InitializeDiskCBZ and not touched by the other routines. (Note, however, that GetDiskCb calls InitializeDiskCBZ when a retry is about to occur, so when control arrives at the retry label, currentPage will be set to the page number of the command that suffered the error.) errorDA: set by GetDiskCb to the virtual disk address of the command that suffered an error. nextDA: set by GetDiskCb to the virtual disk address of the page following the one whose CB is being returned. (This information is obtained from the next pointer in the current page's label. Note that errorDA and nextDA are actually the same cell, but they are used in non-conflicting circumstances.) currentNumChars: set by GetDiskCb to the numChars of the page whose CB is being returned. head: points to the first CB on GetDiskCb's queue; contains zero if the queue is empty. 8. Error Codes The following errors are generated by the BFS. Similar errors are generated by other instances of a disk object. 1101 unrecoverable disk error 1102 disk full 1103 bad disk action 1104 control block queues fouled up 1105 attempt to create a file without creation ability 1106 can't create an essential file during NewDisk 1107 bit table problem during NewDisk 1108 attempt to access nonexistant bit table page Disks & Bfs April 10, 1982 14 9. Implementation -- Bfs The implementation expects a structure BFSDSK to be passed as the "disk" argument to the routines. The initial portion of this structure is the standard DSK structure followed by a copy of the DiskDescriptor header and finally some private instance data for the disk in use. (Note: The Alto operating system maintains a static sysDisk that points to such a structure for disk drive 0.) Bfs ("Basic File System") is the name for a package of routines that implement the disk class for the standard Alto disks (either Diablo Model 31 drives or a single Diablo Model 44 drive). The definitions (in addition to those in AltoFileSys.D and Disks.D) are contained in Bfs.D. The code comes in two "levels:" a "base" for reading and writing existing files (implements ActOnDiskPages, RealDiskDA and VirtualDiskDA only); and a "write" level for creating, deleting, lengthening and shortening files (implements WriteDiskPages, CreateDiskFile, DeleteDiskPages, AssignDiskPage, ReleaseDiskPage). The source files BfsBase.Bcpl, Dvec.Bcpl and BfsMl.Asm comprise the base level; files BfsWrite.Bcpl BfsCreate.bcpl, BfsClose.bcpl, and BfsDDMgr.bcpl implement the write level. BfsMakeFpFromLabel(fp, la) constructs a virtual file id in the file pointer fp from the real file id in the label la. disk = BFSInit(diskZone, allocate[false], driveNumber[0], ddMgr[0], freshDisk[false], tempZone[diskZone]) returns a disk object for driveNumber or zero. The permanent data structures for the disk are allocated from diskZone; temporary free storage needed during the initialization process is allocated from tempZone. If allocate is true, the machinery for allocating and deallocating disk space is enabled. If it is enabled, a small DDMgr object and a 256 word buffer will be extracted from diskZone in order to buffer the bit table. A single DDMgr, created by calling 'ddMgr = CreateDDMgr(zone)', can manage both disks. If freshDisk is true, BFSInit does not attempt to open and read the DiskDescriptor file. This operation is essential for creating a virgin file system. success = BFSNewDisk(zone, driveNum[0], nDisks[number spinning], nTracks[physical size], dirLen[3000], nSectors[physical size]) creates a virgin Alto file system on the specified drive and returns true if successful. The zone must be capable of supplying about 1000 words of storage. The logical size of the file system may be different from the physical size of driveNum: it may span both disks (a 'double-disk file system'), or it may occupy fewer tracks (a model 44 used as a model 31). The length in words of SysDir, the master directory, is specified by dirLen. Some machines that emulate Altos implement 14 sectors per track. BFSExtendDisk(zone, disk, nDisks, nTracks) extends (i.e. adds pages to) the filesystem on 'disk'. Presumably 'nDisks' or 'nTracks' or both is bigger than the corresponding parameters currently in disk. A single model 31 may be extended to a double model 31 or a single model 44 or a double model 44, and a single model 44 may be extended to a double model 44. The zone must be capable of supplying about 750 words of storage. 0 = BFSClose(disk, dontFree[false]) destroys the disk object in an Disks & Bfs April 10, 1982 15 orderly way. If dontFree is true, the ddMgr for the disk is not destroyed; presumably it is still in use by the other disk. (Note that this procedure is the one invoked by the CloseDisk generic operation.) BFSWriteDiskDescriptor(disk) insures that any important state saved in memory is correctly written on the disk. virtualDA = BFSFindHole(disk, nPages) attempts to find a contiguous hole nPages long in disk. It returns the virtual disk address of the first page of a hole if successful, else -1. BFSTryDisk(drive, track, sector[0]) returns true if a seek command to the specified track on the specified drive is successful. Note that the drive argument can contain an imbedded partition number. Seeks to track zero will fail if the drive is not on line. Seeks to track BFS31NTracks+1 will fail if the drive is a model 31. 10. Implementation -- Tfs Operation and implementation of the Trident T80 disks is described in separate documentation under the heading "TFS/TFU" in Alto Subsystems documentation. 11. BFSTest BFSTest is the test and utility program for the Basic File System. It performs many of the same functions as TFU (in fact much of its code is lifted from TFU), except that commands which are better provided by other subsystems such as the Executive (copy, rename, delete, etc.) are omitted. It has a conventional command scanner and implements the following commands. ERASE formats one or more disks as an Alto file system. It asks you to specify the number of disks, cylinders and sectors. Any sectors marked "incorrigable" (by the CERTIFY command, below) are not included in the file system and will never again cause trouble unless the disk is erased with DiEx. The OS erase command also preserves this bad spot information. EXERCISE creates, deletes, reads, writes and positions files the same way that normal programs do, and checks the results which normal programs do not do. These high-level operations cause patterns of disk commands which are quite different from those generated by lower-level tests such as DiEx. Exercise assumes that a file system exists on DP0 (and perhaps extends on to DP1). It creates as many test files (named Test.001, Test.002, ...) as will fit in the file system, filling each file with a carefully chosen test pattern. When it is done, it deletes all of its files. One 'pass' consists of stepping through the test files, performing a randomly chosen operation on the file, and checking the results. The duration and throughness of a pass depends on the amount of free space on the disks. Disks & Bfs April 10, 1982 16 Ideally, the disk(s) under test have just been erased with the ERASE command, below. While running, exercise looks for commands from the keyboard. The current commands are: Q Quit Delete all test files and stop. S StopOnError Wait until a character is typed. All test files are 100 pages long. Each page of a file has the page number in its first and last words and a data pattern in the middle 254 words. The data pattern is constant throughout a file, consisting of a single one-bit in a word of zeros or a single zero-bit in a word of ones. Files are read and written with ReadBlock and WriteBlock using buffers whose lengths are not multiples of the page size. The operations are: Write Write the entire file with the data pattern. Read Read the entire file checking the data pattern. Delete Delete the file, create it again and then write it. Copy Copy the file to some other randomly chosen file. If both disks are being tested, one third of the time pick a destination file on the other disk. Position Position to twenty randomly chosen pages in the file. Check that the first word of the page is indeed the page number. One third of the time dirty the stream by writing the page number in the last word of the page. CERTIFY tests one or more disks for bad spots and marks such pages "incorrigable" so that they will not be included in subsequent file systems. Ideally, a disk should be certified before being used. Certify can be stopped at any time by hitting any key. A bad spot is any sector which gives three or more checksum errors. If the Scavenger encounters a bad spot, it will also mark the sector incorrigable. Alto and Dorado disks almost never have bad spots; but Dolphin disks typically have a few, so CERTIFYing is a must for trouble-free operation. Note that bad spot information will be lost if a certified pack is written by COPYDISK or DIEX. CREATEFILE attempts to create a contiguous file of a specified size. If it can't, it creates a file with a minimum number of page runs. PARTITION allows you to set the disk partition on which BFSTest will operate. This command is only available on Dolphins and Dorados. A thorough, high-level "acceptance test" for the disk subsystem of an Alto or Alto-emulating machine (i.e. a Dolphin or Dorado) consists of at least 100 passes of CERTIFY with less than 5 bad spots (any bad spots on cylinder 0 are unacceptable), followed by ERASE, followed by at least 10 passes of EXERCISE with no errors.