New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
incorrect order of stack operations #1257
Comments
Thanks Peter. You can see where the implementation has got it wrong (for this edge case)...
|
You can see where the implementation has got it wrong (for this edge
case)...
```
Ah, that makes it clear.
Emulator detector. :-)
|
Wow, that's a nice edge case! Only JSR because it's the only multi-byte instruction that affects the stack. Kinda surprised it hasn't popped up already for obfuscation in a protection routine. I've often wondered how much slower a "microcode" cycle accurate 6502 emulation would be. |
This is neat. My emulated CPU handles it thanks to single-cycle instructions. It may be a little bit slower but it simplifies other things like memory-mapped I/O oddities and timing. |
Wow, that's a nice edge case! Only JSR because it's the only multi-byte
instruction that affects the stack.
Right.
Kinda surprised it hasn't popped up already for obfuscation in a protection
routine.
I was thinking the same thing. If it had been used in protection,
we'd have found it much sooner.
I've often wondered how much slower a "microcode" cycle accurate 6502
emulation would be.
Run MAME and see for yourself. :-)
|
The JSR bug is tested on some of the Apple 2 emulators. The emulator is tested using the following DSK image (jsr_stack.dsk) attached in the ZIP file jsr_stack.zip Here are the results.
On way to fix AppleWin implementation is as follows #define JSR --regs.pc; \
PUSH(regs.pc >> 8) \
PUSH(regs.pc & 0xFF) \
regs.pc = (addr & 0xff) | (*(LPWORD)(mem+regs.pc)) << 8 |
MII https://github.com/buserror/mii_emu also works |
Have tested your emulator. It is having the incorrect order of stack operations too. |
How?
|
It should be landing on $0155, not $1355. It looks like you are fetching the high-order byte in your step 2 instead of your step 5. Also, I believe the discarded read you have in your step 3 should be reading from the stack, the same address you push to in the next step. That normally wouldn't matter but it could cause an issue with memory-mapped hardware. |
I just had a look. It makes sense to generate the code with the Python script. I see the floating bus code I donated 20 years ago is still there unchanged. |
I see the floating bus code I donated 20 years ago is still there
unchanged.
It works so well that it hasn't needed to be changed! :-)
|
…points to ABS16! (#1257) . Add CPU unit-tests
Implemented a fix in commit 40bf9cd. S = 7C155:00 Expect break at 1355, with return address (7D 01) overwriting the JSR opcode at $17B. S = 7E155:00 Expect break at 7D55, with return address (7D 01) overwriting the JSR operand2 at $17D. |
A tester had this code:
with the expected result that the JSR's $13 gets overwritten with $01 before the $13 is fetched, resulting in $155 being executed instead of the current $1355.
Tester followed up with the verified cycles:
So for $017B 20 55 13 JSR $1355
The text was updated successfully, but these errors were encountered: