[HN Gopher] How MOS 6502 illegal opcodes work
___________________________________________________________________
How MOS 6502 illegal opcodes work
Author : hasheddan
Score : 135 points
Date : 2023-07-26 11:19 UTC (11 hours ago)
(HTM) web link (www.pagetable.com)
(TXT) w3m dump (www.pagetable.com)
| bonzini wrote:
| The question is why were the $AD and $AE instructions encoded in
| the PLA with don't-care bits (causing both of them to fire for an
| xxxxxx11 pattern such as $AF, instead of none)?
| wzdd wrote:
| It could be related to the fact that if an instruction was not
| handled at all the CPU would lock up (search
| https://www.righto.com/2016/02/reverse-engineering-arm1-inst...
| for "kill"), so rather than add extra logic for illegal
| instructions the designers just decided to add undocumented
| ones.
|
| The only problem with this theory is that there are in fact
| several opcodes which will make a 6502 lock up...
| anticensor wrote:
| They could have wired those instructions as a NOP, rather
| than aliasing another opcode...
| Someone wrote:
| They could, but transistors were expensive at the time. Why
| spend valuable space making sure all instructions are well
| defined?
|
| On modern CPUs designed for multi-processing and protected
| memory, you don't want some instructions to accidentally
| cross privilege boundaries (can't have an 'illegal' opcode
| accidentally be non-privileged and modify some privileged
| processor state), so you have to do some of that.
| Transistors also are cheap, so you can afford to.
| InitialLastName wrote:
| With the don't-care allowable, the "load" nets can be tied
| directly to the instruction decoder (i.e. LDA = BIT0, LDX =
| BIT1) instead of needing intervening logic (i.e. LDA = BIT0 &
| !BIT1, LDX = BIT1 & !BIT0). If you can make the opcode illegal,
| you can save two gates (which matter for cost, yield, power and
| timing).
| bartvk wrote:
| This is such a fun website. This guy also wrote something about
| recreating Apple I Basic: https://www.pagetable.com/?p=35
| curiousObject wrote:
| There's some comments about those funny opcodes from a 2021 post
| on hacker news, that includes links to this site and other
| interesting sources
|
| https://news.ycombinator.com/item?id=27402655
| flohofwoe wrote:
| If you want to play around with those opcodes on a netlist
| simulation of the 6502, may I recommend:
|
| https://floooh.github.io/visual6502remix/
|
| ...which is essentially a WASM version of the famous
| visual6502.org with a couple more features (like an integrated
| assembler):
|
| http://www.visual6502.org/JSSim/index.html
|
| (check out Help => About for credits)
|
| Unfortunately the assembler I used (ASMX) doesn't seem to support
| the illegal opcodes, so you need to enter the opcodes as hex
| values directly into the memory tab (the disassembler window
| recognizes the opcodes though).
| zoky wrote:
| What is wrong with me that I see an article about hacking a
| microprocessor that was released nearly a decade before I was
| born and I go, "Ooooh, gotta check _that_ out!"
| shon wrote:
| I was just thinking the same thing lol
| jordigh wrote:
| Nothing. Old tech is fun for many reasons:
|
| 1) It's still simple enough that you can actually get a full
| diagram of the processor and actually have hope of
| understanding it.
|
| 2) It's interesting enough to actually produce good things.
| Blockbusters like Super Mario Bros 3 were based on this tech.
| The Terminator runs on the 6502. The low-cost CPU was
| comparatively as ubiquitous as the Intel architecture is today.
|
| 3) Limitations breed creativity and ingenuity. When you only
| have uint8 as your only data type, the kind of tricks you have
| to do to get a simple physics engine working are very
| interesting.
|
| https://www.youtube.com/watch?v=9UP7HImbAlA&t=517s
|
| So combined with not-too-complicated but complicated-enough-to-
| be-useful is basically why old tech is fun.
| jonsen wrote:
| > ... uint8 as your only data type
|
| Ahem! uint8 or int8 by the programmers discretions that is.
| shagie wrote:
| > The low-cost CPU was comparatively as ubiquitous as the
| Intel architecture is today.
|
| And you can still get them today... and they're still in
| fairly wide use. https://westerndesigncenter.com
|
| > The legendary 6502/65816 microprocessors with both 8-bit
| and 8/16-bit ISA's keep cranking out the unit volumes in ASIC
| and standard microcontroller forms supplied by WDC and WDC's
| licensees. Annual volumes in the hundreds (100's) of millions
| of units keep adding in a significant way to the estimated
| shipped volumes of five (5) to ten (10) billion units. With
| 200MHz+ 8-bit W65C02S and 100MHz+ 8/16-bit W65C816S
| processors coming on line in ASIC and FPGA forms, we see
| these annual volumes continuing for a long, long time.
|
| > The 6502 is likely the only processor family that has
| remained loyal to its ISA over the last 45 years. In addition
| it has served the widest spectrum of electronic markets
| through those years. For example, it has served and in some
| cases created markets for the PC, video game, toy,
| communication, industrial control, automotive, life support
| embedded in the human body medical devices, outside the body
| medical systems, engineering education systems, hobby
| systems, and you name it electronic market segments. I might
| add the 6502 has served in a highly reliable and successful
| way!
|
| > As added food for thought, the 6502/65816 microprocessors
| protect millions of lives annually within embedded heart
| defibrillation and pacing systems. We are quite proud of what
| our customers and partners have created and continue to
| create with the 6502 Embedded Intelligence Technology for the
| benefit of mankind!
| JohnFen wrote:
| Yep!!
|
| Another fun fact: the most common CPU in use today is the
| Z80 (or at least it was a couple of years ago, I haven't
| checked since). 6502s are not rare. In both cases, they may
| go by different part numbers these days, of course.
|
| Where I work, I'm currently working on a system that uses 6
| Z80s.
| LeonenTheDK wrote:
| That's fascinating, are you able to share anything about
| that system, or what those 6 Z80s are doing within it?
| JohnFen wrote:
| I need to be a bit vague, but they're being used in an
| industrial control application to control machinery. Each
| CPU is in charge of a different step in the process. They
| collectively operate as a single system that also feeds
| data into a deep learning system used to direct the
| operations a little further down the line.
|
| Z80s are used here because they're tiny, inexpensive,
| readily available from multiple manufacturers, and are
| extremely reliable. A more modern CPU would be more
| expensive and harder to guarantee behavior in.
| kabdib wrote:
| "Are those Z-80s cache-coherent?" is not a thought I ever
| expected to have.
| JohnFen wrote:
| lol! There isn't a whole lot of shared data that brings
| up the issue of cache coherency, but there is some
| (mostly around the communications with other equipment)
| and yes, they are.
| vardump wrote:
| Most importantly, Futurama's Bender runs on a 6502.
| stergios wrote:
| As does the Cyberdyne Systems Model 101 , aka The
| Terminator!
| BearOso wrote:
| Bender's head runs on a MOS 6502. His ass appears to run on
| an AMD Athlon II.
| systems_glitch wrote:
| #1 is the main reason I hack on old stuff, #3 is also
| present.
|
| The 6502 in particular is a nice choice since they're still
| made and available (Mouser carries them), there's a zillion
| vintage things that use them if you want something actually
| old, there's hobbyist kits/preassembled if you want something
| new, and it's a super easy CPU to interface to, especially
| for trivial cases.
| JohnFen wrote:
| Not a thing. This CPU was from back in the era when this stuff
| was still _fun_.
| daneel_w wrote:
| The stable ones are thoroughly used in C-64 software these days.
| A more detailed matrix with extra information can be found here:
| http://www.oxyron.de/html/opcodes02.html
| qawwads wrote:
| > illegal
|
| Seriously, stop using that word for things that aren't actually
| illegal.
| JohnFen wrote:
| It's been a technical term since forever. I don't really see
| anything wrong with it, outside of it maybe confusing
| laypeople.
| daneel_w wrote:
| Undocumented is a better term for the MOS 6502 in my opinion,
| because these opcodes aren't invalid, they can't be trapped
| and they don't throw an exception.
| cdcarter wrote:
| The 6502 was reimplemented in fresh silicon several times
| by different manufacturers, its more "undefined" than
| "undocumented". Some clones use them as actual new opcodes
| specific to that manufacturer. Some might do what the MOS
| chip did. Some might throw the processor into an
| unrecoverable state.
| monkpit wrote:
| Is an illegal opcode something that was intentionally added to
| the instruction set but was disabled by the manufacturer?
|
| Or is it a side effect of calling an undefined operation?
| [deleted]
| zoky wrote:
| It can be both. Anything not officially defined in the spec is
| an illegal opcode.
|
| Intel had a couple of opcodes that were clearly supposed to
| have been functional, but didn't make any sense to use--I
| believe one such opcode popped the code segment register, which
| would have effectively served as a "jump to random memory"
| instruction as it would run the next instruction per the IP
| register but in a totally different part of memory, so it
| didn't make any sense to document it as there was no use for
| it. And they had at least one other instruction introduced as a
| copyright trap, which they obviously wouldn't document. And
| there were a few more that were undocumented but were aliases
| of other instructions due to the way the 8086 handled bit
| masking.
| hota_mazi wrote:
| Yup, that's POP CS, 0x0f.
|
| Since it made no sense to use, it became the way 286 and
| later processors used to indicate multibyte opcodes.
|
| When a 286 is running the code, encountering a 0x0f means
| that the following opcode is multibyte, while on an 8088, all
| opcodes are single bytes.
| cesarb wrote:
| > while on an 8088, all opcodes are single bytes.
|
| According to a recent article on undocumented 8086/8088
| opcodes (https://www.righto.com/2023/07/undocumented-8086-i
| nstruction...), there are some two-byte opcodes: "For most
| of the 8086 instructions, the first byte specifies the
| instruction. However, the 8086 has a few instructions where
| the second byte specifies the instruction: the reg field of
| the ModR/M byte provides an opcode extension that selects
| the instruction."
| daneel_w wrote:
| The latter. The instructions aren't disabled in the MOS 6502,
| but their function is unplanned and hence _undocumented_ which
| is a better term.
___________________________________________________________________
(page generated 2023-07-26 23:00 UTC)