Date : Mon, 15 Aug 1994 14:05:34 WET DST
From : Bonfield James <jkb@...>
Subject: Re: Late-night problemo!
Stephen writes:
>> Beeb) and then (via the instruction at &F17B) does a JSR &8003. This
>> causes my emulator to report a non-existent instruction - opcode &1F.
>
>I have a feeling 8003 is the service entry point ( I wish I had my Adv User
>Guide on me) so the 1F is for the language entry point to jump forward to
>8022. Hideous I know.
It's forward 8023 not 8022, which is of course the magic number everyone knows
:-)
The language entry for BASIC is:
CMP #&01
BEQ &8023
It doesn't have a service entry, and so 8003 should never be executed. The OS
firstly looks for the copyright string
LDY &8007
LDA &8000,Y
to determine valid roms. Then once it's found a rom, it copies &8006 to &2A1,Y
(Y == bank number). I think this byte includes the type of ROM (bottom 4
bits?) which determine whether it's basic. Type 0 is the BASIC rom:
daff: ad 06 80, A=00, X=0b, Y=10, S=ff, P=37 ; LDA &8006
db02: 9d a1 02, A=60, X=0b, Y=10, S=ff, P=35 ; STA &02A1,X
db05: 29 8f d0, A=60, X=0b, Y=10, S=ff, P=35 ; AND #&8F
db07: d0 03 8e, A=00, X=0b, Y=10, S=ff, P=37 ; BNE &DB0C
db09: 8e 4b 02, A=00, X=0b, Y=10, S=ff, P=37 ; STX &024B
It then wipes memory (amongst other things); calls the service entry with a
startup codes (0f, ff, 01, 02, fe I think) for all service type roms; does
startup message; 32K bit derived from sysvia hacking and result stored in 28D;
even more service startups (03, 0f); then hunts for BASIC:
dbca: bd a1 02, A=00, X=0b, Y=08, S=ff, P=34 ; LDA &02A1,X
dbcd: 2a 30 16, A=60, X=0b, Y=08, S=ff, P=34 ; ROL A
dbce: 30 16 ca, A=c0, X=0b, Y=08, S=ff, P=b4 ; BMI &DBE6
All this was gleaned from outputting assmebly during startup - an invaluable
debugging aid.
>If you look at the 6502 instruciton set it is grouped into 1, 2 and 3 byte
>instructions. If there is an unknown instruction in a 3 byte group the
>program counter will increment by three, skipping the next two bytes,
>similarly for 2 byte instructions. James B's *MEM command handles this very
>nicely. Watch out for this everyone! If you are not handling this 'feature'
>(which you won't need to 99.9% of the time) you won't have a true emulation.
Thank you Stephen for dropping me in this one ;-). I'd like to take this
opertunity to announce that currently I treat them all as 1 byte NOPs because
I haven't yet been bothered to wade through my *MEM sources to find the
correct lengths yet. I agree though that true emulation should support these
correct lengths. Indeed I have seen programs that use it!
>Plus, is anyone emulating the bugs in the 6502. There is one about indirect
>addressing on page boundaries I think. If anyone would like to elaborate on
This is to do with JMP (&10FF). This fetches from &10FF and &1000 instead of
&10FF and &1100. It's a real pain if an assembly program just happens to be
aligned to do this; but a pretty rare (and unlucky) occurance.
I thought I emulated this, but just looked and I don't. Trivial to fix though
as the non indexed indirect addressing mode is only ever used for JMP anyway,
so I'll just code it buggily :)
>anything I've said please do, I'm guessing mostly on the Basic Rom stuff. I
>know James B knows a lot in this area.
Well, I wouldn't go that far! Basically all I can suggest is adding a
disassemble-as-you-go option to your emulator. Then run this and see what it
does. Using this method helped me enormously, as can be seen above.
James