[HN Gopher] How MOS 6502 illegal opcodes work ___________________________________________________________________ How MOS 6502 illegal opcodes work Author : hasheddan Score : 135 points Date : 2023-07-26 11:19 UTC (11 hours ago) (HTM) web link (www.pagetable.com) (TXT) w3m dump (www.pagetable.com) | bonzini wrote: | The question is why were the $AD and $AE instructions encoded in | the PLA with don't-care bits (causing both of them to fire for an | xxxxxx11 pattern such as $AF, instead of none)? | wzdd wrote: | It could be related to the fact that if an instruction was not | handled at all the CPU would lock up (search | https://www.righto.com/2016/02/reverse-engineering-arm1-inst... | for "kill"), so rather than add extra logic for illegal | instructions the designers just decided to add undocumented | ones. | | The only problem with this theory is that there are in fact | several opcodes which will make a 6502 lock up... | anticensor wrote: | They could have wired those instructions as a NOP, rather | than aliasing another opcode... | Someone wrote: | They could, but transistors were expensive at the time. Why | spend valuable space making sure all instructions are well | defined? | | On modern CPUs designed for multi-processing and protected | memory, you don't want some instructions to accidentally | cross privilege boundaries (can't have an 'illegal' opcode | accidentally be non-privileged and modify some privileged | processor state), so you have to do some of that. | Transistors also are cheap, so you can afford to. | InitialLastName wrote: | With the don't-care allowable, the "load" nets can be tied | directly to the instruction decoder (i.e. LDA = BIT0, LDX = | BIT1) instead of needing intervening logic (i.e. LDA = BIT0 & | !BIT1, LDX = BIT1 & !BIT0). If you can make the opcode illegal, | you can save two gates (which matter for cost, yield, power and | timing). | bartvk wrote: | This is such a fun website. This guy also wrote something about | recreating Apple I Basic: https://www.pagetable.com/?p=35 | curiousObject wrote: | There's some comments about those funny opcodes from a 2021 post | on hacker news, that includes links to this site and other | interesting sources | | https://news.ycombinator.com/item?id=27402655 | flohofwoe wrote: | If you want to play around with those opcodes on a netlist | simulation of the 6502, may I recommend: | | https://floooh.github.io/visual6502remix/ | | ...which is essentially a WASM version of the famous | visual6502.org with a couple more features (like an integrated | assembler): | | http://www.visual6502.org/JSSim/index.html | | (check out Help => About for credits) | | Unfortunately the assembler I used (ASMX) doesn't seem to support | the illegal opcodes, so you need to enter the opcodes as hex | values directly into the memory tab (the disassembler window | recognizes the opcodes though). | zoky wrote: | What is wrong with me that I see an article about hacking a | microprocessor that was released nearly a decade before I was | born and I go, "Ooooh, gotta check _that_ out!" | shon wrote: | I was just thinking the same thing lol | jordigh wrote: | Nothing. Old tech is fun for many reasons: | | 1) It's still simple enough that you can actually get a full | diagram of the processor and actually have hope of | understanding it. | | 2) It's interesting enough to actually produce good things. | Blockbusters like Super Mario Bros 3 were based on this tech. | The Terminator runs on the 6502. The low-cost CPU was | comparatively as ubiquitous as the Intel architecture is today. | | 3) Limitations breed creativity and ingenuity. When you only | have uint8 as your only data type, the kind of tricks you have | to do to get a simple physics engine working are very | interesting. | | https://www.youtube.com/watch?v=9UP7HImbAlA&t=517s | | So combined with not-too-complicated but complicated-enough-to- | be-useful is basically why old tech is fun. | jonsen wrote: | > ... uint8 as your only data type | | Ahem! uint8 or int8 by the programmers discretions that is. | shagie wrote: | > The low-cost CPU was comparatively as ubiquitous as the | Intel architecture is today. | | And you can still get them today... and they're still in | fairly wide use. https://westerndesigncenter.com | | > The legendary 6502/65816 microprocessors with both 8-bit | and 8/16-bit ISA's keep cranking out the unit volumes in ASIC | and standard microcontroller forms supplied by WDC and WDC's | licensees. Annual volumes in the hundreds (100's) of millions | of units keep adding in a significant way to the estimated | shipped volumes of five (5) to ten (10) billion units. With | 200MHz+ 8-bit W65C02S and 100MHz+ 8/16-bit W65C816S | processors coming on line in ASIC and FPGA forms, we see | these annual volumes continuing for a long, long time. | | > The 6502 is likely the only processor family that has | remained loyal to its ISA over the last 45 years. In addition | it has served the widest spectrum of electronic markets | through those years. For example, it has served and in some | cases created markets for the PC, video game, toy, | communication, industrial control, automotive, life support | embedded in the human body medical devices, outside the body | medical systems, engineering education systems, hobby | systems, and you name it electronic market segments. I might | add the 6502 has served in a highly reliable and successful | way! | | > As added food for thought, the 6502/65816 microprocessors | protect millions of lives annually within embedded heart | defibrillation and pacing systems. We are quite proud of what | our customers and partners have created and continue to | create with the 6502 Embedded Intelligence Technology for the | benefit of mankind! | JohnFen wrote: | Yep!! | | Another fun fact: the most common CPU in use today is the | Z80 (or at least it was a couple of years ago, I haven't | checked since). 6502s are not rare. In both cases, they may | go by different part numbers these days, of course. | | Where I work, I'm currently working on a system that uses 6 | Z80s. | LeonenTheDK wrote: | That's fascinating, are you able to share anything about | that system, or what those 6 Z80s are doing within it? | JohnFen wrote: | I need to be a bit vague, but they're being used in an | industrial control application to control machinery. Each | CPU is in charge of a different step in the process. They | collectively operate as a single system that also feeds | data into a deep learning system used to direct the | operations a little further down the line. | | Z80s are used here because they're tiny, inexpensive, | readily available from multiple manufacturers, and are | extremely reliable. A more modern CPU would be more | expensive and harder to guarantee behavior in. | kabdib wrote: | "Are those Z-80s cache-coherent?" is not a thought I ever | expected to have. | JohnFen wrote: | lol! There isn't a whole lot of shared data that brings | up the issue of cache coherency, but there is some | (mostly around the communications with other equipment) | and yes, they are. | vardump wrote: | Most importantly, Futurama's Bender runs on a 6502. | stergios wrote: | As does the Cyberdyne Systems Model 101 , aka The | Terminator! | BearOso wrote: | Bender's head runs on a MOS 6502. His ass appears to run on | an AMD Athlon II. | systems_glitch wrote: | #1 is the main reason I hack on old stuff, #3 is also | present. | | The 6502 in particular is a nice choice since they're still | made and available (Mouser carries them), there's a zillion | vintage things that use them if you want something actually | old, there's hobbyist kits/preassembled if you want something | new, and it's a super easy CPU to interface to, especially | for trivial cases. | JohnFen wrote: | Not a thing. This CPU was from back in the era when this stuff | was still _fun_. | daneel_w wrote: | The stable ones are thoroughly used in C-64 software these days. | A more detailed matrix with extra information can be found here: | http://www.oxyron.de/html/opcodes02.html | qawwads wrote: | > illegal | | Seriously, stop using that word for things that aren't actually | illegal. | JohnFen wrote: | It's been a technical term since forever. I don't really see | anything wrong with it, outside of it maybe confusing | laypeople. | daneel_w wrote: | Undocumented is a better term for the MOS 6502 in my opinion, | because these opcodes aren't invalid, they can't be trapped | and they don't throw an exception. | cdcarter wrote: | The 6502 was reimplemented in fresh silicon several times | by different manufacturers, its more "undefined" than | "undocumented". Some clones use them as actual new opcodes | specific to that manufacturer. Some might do what the MOS | chip did. Some might throw the processor into an | unrecoverable state. | monkpit wrote: | Is an illegal opcode something that was intentionally added to | the instruction set but was disabled by the manufacturer? | | Or is it a side effect of calling an undefined operation? | [deleted] | zoky wrote: | It can be both. Anything not officially defined in the spec is | an illegal opcode. | | Intel had a couple of opcodes that were clearly supposed to | have been functional, but didn't make any sense to use--I | believe one such opcode popped the code segment register, which | would have effectively served as a "jump to random memory" | instruction as it would run the next instruction per the IP | register but in a totally different part of memory, so it | didn't make any sense to document it as there was no use for | it. And they had at least one other instruction introduced as a | copyright trap, which they obviously wouldn't document. And | there were a few more that were undocumented but were aliases | of other instructions due to the way the 8086 handled bit | masking. | hota_mazi wrote: | Yup, that's POP CS, 0x0f. | | Since it made no sense to use, it became the way 286 and | later processors used to indicate multibyte opcodes. | | When a 286 is running the code, encountering a 0x0f means | that the following opcode is multibyte, while on an 8088, all | opcodes are single bytes. | cesarb wrote: | > while on an 8088, all opcodes are single bytes. | | According to a recent article on undocumented 8086/8088 | opcodes (https://www.righto.com/2023/07/undocumented-8086-i | nstruction...), there are some two-byte opcodes: "For most | of the 8086 instructions, the first byte specifies the | instruction. However, the 8086 has a few instructions where | the second byte specifies the instruction: the reg field of | the ModR/M byte provides an opcode extension that selects | the instruction." | daneel_w wrote: | The latter. The instructions aren't disabled in the MOS 6502, | but their function is unplanned and hence _undocumented_ which | is a better term. ___________________________________________________________________ (page generated 2023-07-26 23:00 UTC)