Hi,
  I've used the algorithm that I extracted from the NetBSD locore.s
file (which I posted in last post) for finding the fault address.
I think this algorithm gives faulty addresses.  This is only from
experimental data as I dont have any references which go into
enough detail.  Why do I suspect this?

I load up a process on the cpu, initially its root table is all
invalid but the OS knows about which pages go where.  The program
then faults when it is first run.. 3 faults.. stack, data and
text pages.  The text and data stack have the DF bit set in
SSW so the data fault address is used.  These seem ok.  The text
fault however doesnt have this bit set.  The exception frame
format is 0x0b and so I grab the "stage B address".  This reports
a fault address of 0x1024.  The actual fault address is 0x1020
(the entry point of the program) which is correctly reported
in the "data fault address" storage in the frame.

(This is not done from NetBSD btw.. I'm just using NetBSD as
a reference)

So.  It appears to me that "data fault address" storage is
always correct and should be used and that the "stage B
address" is close but incorrect.  This would normally be
ok when the fault address isn't near the top of a page.
When it is at the top of a page this would give you weird errrors.
(The GVP 16 bit bug comes to mind).

So.  Is the BSD locore.s handler indeed correct?  Can someone
explain why I get this weird behavior?

                           Thanks.

                             Tim N.