Subject: Beeb games using illegal 6502 opcodes

<< Previous Message	Main Index	Next Message >>
<< Previous Message in Thread	This Month	Next Message in Thread >>
Date   : Mon, 05 Sep 2005 11:07:59 +0100
From   : Richard_Talbot-Watkins@...
Subject: Beeb games using illegal 6502 opcodes

W.Scholten wrote:

> What I'd also be interested in is a list of games that use
> illegal opcodes. Those who make emulators probably already
> have such a list?

OK, let's start a list here.

ZALAGA

Orlando uses illegal opcodes in a number of ways, the most obvious example
being in its sprite plotting routines.

Regular, character-block-aligned sprites are plotted by an unrolled loop,
the core of which looks like this:

LDA (&04),Y
EOR (&0C),Y
STA (&0C),Y
DEY
BEQ end

If the sprite is non-character-block-aligned, it uses this unrolled loop:

; enter with X=&55
INC &04
BEQ adjust
LDA (&AF,X)       ; equivalent to LDA (&04)
EOR (&0C),Y
STA (&0C),Y
DEY
BEQ end

But Zalaga also has routines to horizontally flip the sprites on-the-fly,
and for these it uses illegal opcodes:

; aligned version
; enter with X=&55
LDA (&04),Y
SAX &80           ; ?&80 = A AND X
ALR #&AA          ; AND #&AA; LSR A
ASO &80           ; ASL &80; ORA &80
EOR (&0C),Y
STA (&0C),Y
DEY
BEQ end

; unaligned version
; enter with X=&55
INC &04
BEQ adjust
LDA (&AF,X)       ; equivalent to LDA (&04)
SAX &80           ; ?&80 = A AND X
ALR #&AA          ; AND #&AA; LSR A
ASO &80           ; ASL &80; ORA &80
EOR (&0C),Y
STA (&0C),Y
DEY
BEQ end

The illegal opcodes are being used to swap bits 0,2,4 & 6 with bits 1,3,5 &
7, in a quicker way than would be possible with 'regular' instructions.
Clever stuff.

Orlando also uses opcode &DC (NOP abs) a lot to provide alternate entry
conditions to routines, e.g.

LDA #&10          ; first entry point
EQUB &DC
LDA #&08          ; second entry point
; ** rest of routine **

The &DC opcode hides the LDA #&08 if called from entry point 1, and saves a
branch instruction.  This is mostly a space-saving measure rather than a
speed optimisation.

The third use was in the protection system, where the code apparently tried
to execute an ASCII message positioned at an appropriate point in memory,
whose illegal opcodes actually did something useful.  Nightmare to make
sense of if you're not aware of them though.


So, that's the obvious one to me.

Anyone else add to this list?

Rich


**********************************************************************
This email and any files transmitted with it are confidential and
intended solely for the use of the individual or entity to whom they
are addressed. If you have received this email in error please notify
postmaster@...

This footnote also confirms that this email message has been checked
for all known viruses.

**********************************************************************
Sony Computer Entertainment Europe
<< Previous Message	Main Index	Next Message >>
<< Previous Message in Thread	This Month	Next Message in Thread >>