Author Topic: EEVblog #1144 - Padauk Programmer Reverse Engineering  (Read 391174 times)

0 Members and 1 Guest are viewing this topic.

Offline DDunfield

  • Regular Contributor
  • *
  • Posts: 173
  • Country: ca
Re: EEVblog #1144 - Padauk Programmer Reverse Engineering
« Reply #150 on: November 26, 2018, 07:56:58 pm »
In case anyone else wants to fool with it, I've made my *very Quick and Dirty*/preliminary simulator for the PMC150/PMS150 available on a google drive at the following link:

https://drive.google.com/open?id=1iNK7dmASzDRcld0SGHDq_lqcMhntBvrv

Before you bother downloading it, take note:

Most of you won't like it - the main reason being that I tend to prototype software things with the tools that I am most familiar with and in this case I built it with a compiler I wrote back in the 80's, which builds DOS executables. That means you need a DOS compatible environment. For most modern 64-bit systems, DOSBOX works well, and is available for Windows/Linux/Mac/Android etc. (yeah, I can run PSM150 code on my phone!) - for Windows, I recommend the DOSBOX that I have posted under "DOS wigets" on my site (www.dunfield.com).

It is a very preliminary prototype. It is not optimized in any way.

It does not yet simulate any of the on-chip hardware (timer, interrupts etc). At this time this is for fooling with the instruction set only.

I've confirmed that it understands all the instructions listed in the PMC150/PMS150 manual, however I have not exhaustively tested them. I do not have the Paudak ICE or programmer, so I cannot easily verify the operation of the actual CPU (implementation is a combination of guesswork and "as documented" in the Paudak data sheet). There are most certainly bugs. I will update the simulator as these are found/reported. Please contact me as 'DDunfield' on the EEVBLOG forums.

Refer to the QDS150.TXT file included in the above archive for more information.

Dave
 

Offline js_12345678_55AA

  • Frequent Contributor
  • **
  • Posts: 337
  • Country: ht
Re: EEVblog #1144 - Padauk Programmer Reverse Engineering
« Reply #151 on: November 26, 2018, 10:20:39 pm »
Hi,

I just created a repository on github containing new tools and source code for PDK FPPA controller:

https://github.com/free-pdk/fppa-pdk-tools

depdk : deobfuscate PDK file to binary format
dispdk : disassemble PDK file (the 14 bit instruction set disassembler is already working, only mapped processors are PMx154 variants)
emupdk: simulates PDK (PMx154 is implemented and mapped)

I spent quite some time with the flag solver for OV, AC, CF, ZF. But it is easy to reuse now for all other processor types.
Basic testing was done with most ALU operations so it's looking good.

-> adapting disassembler for 13/16 bit is a simple task
-> adapting emulator for 13 bit should be straight forward, 16 bit needs some understanding of new opcodes

I will focus on interrupt / peripheral emulation and GUI (ncurses).

So if anybody wants to assist, 13/16 bit needs implementation.


JS
Easy PDK programmer and more: https://free-pdk.github.io
 

Offline oPossum

  • Super Contributor
  • ***
  • Posts: 1415
  • Country: us
  • Very dangerous - may attack at any time
Re: EEVblog #1144 - Padauk Programmer Reverse Engineering
« Reply #152 on: November 27, 2018, 06:20:05 pm »
Code: [Select]
0x0040  pmode   n
0x0600  igoto   word
0x0601  icall   word

Not many gaps remaining in the 16 bit instruction set


True, although I would consider calling this PDK_SYM_82A instruction set.

Could you also point out what chips you used for the other instruction sets?

If I counted correctly there are only these instruction set families
.Assembly   ASM_INSTR   SYM_83A
.Assembly   ASM_INSTR   SYM_84B
.Assembly   ASM_INSTR   SYM_85A
.Assembly   ASM_INSTR   SYM_86B
.Assembly   ICE_INSTR   SYM_83A
.Assembly   ICE_INSTR   SYM_86A
.Assembly   INSTRUMENT   SYM_82A
.Assembly   INSTRUMENT   SYM_83A
.Assembly   INSTRUMENT   SYM_86A

I suspect that INSTRUMENT means same for ASM and ICE

Chips settings I have used...

13 bit:  PMS150C
14 bit:  PFS154
16 bit:  PMS234  PMC882  PMC884  PDK82C12  PDK82C13  PDK82S_EV

I think the SYM_8xx designations refer to subsets of the full instruction set that run on specific hardware revs.
 

Offline oPossum

  • Super Contributor
  • ***
  • Posts: 1415
  • Country: us
  • Very dangerous - may attack at any time
Re: EEVblog #1144 - Padauk Programmer Reverse Engineering
« Reply #153 on: November 27, 2018, 06:22:55 pm »
I have a startup file for the pfs154 that doesnt dissasemble correctly using the current sets, I suspect that 85A is still different from the others

Looks like the same 14 bit instruction set to me. What differences did you notice?

Test program
Code: [Select]
.CHIP PFS154
//{{PADAUK_CODE_OPTION
.Code_Option LVR 2.5V
.Code_Option Security Enable // Security 7/8 words Enable
.Code_Option Comparator_Edge All_Edge
.Code_Option LCD2 Disable // At ICE, LCD always disable, PB0 PA0/3/4 are independent pins
.Code_Option Bootup_Time Fast
.Code_Option Drive Normal
//}}PADAUK_CODE_OPTION

goto FPPA0

WORD Stack_FPPA0 [2]

FPPA0:
.ADJUST_IC SYSCLK=IHRC/8, IHRC=16MHz, VDD=5V

SP = Stack_FPPA0;

@@:
wdreset
nop
goto @B

Disassembly
Code: [Select]
000  3001  goto    0x001
001  2F00  mov     a,0x00
002  0182  mov     SP,a
003  3FED  call    0x7ED
004  018B  mov     IHRCR,a
005  3FEE  call    0x7EE
006  019A  mov     BGTR,a
007  2F80  mov     a,0x80
008  019B  mov     MISC_LVR,a
009  2F3C  mov     a,0x3C
00A  0183  mov     CLKCMD,a
00B  3FFE  call    0x7FE
00C  2AFF  ceqsn   a,0xFF
00D  3054  goto    0x054
00E  3FED  call    0x7ED
00F  0B81  mov     M01,a
010  1F91  set1    PAC.6
011  2F09  mov     a,0x09
012  0B80  mov     M00,a
013  1AD0  t1sn    PA.3
014  3013  goto    0x013
015  1F90  set1    PA.6
016  0063  dzsn    a
017  3016  goto    0x016
018  1180  dzsn    M00
019  3016  goto    0x016
01A  1D90  set0    PA.6
01B  18D0  t0sn    PA.3
01C  301B  goto    0x01B
01D  2F01  mov     a,0x01
01E  1950  t0sn    PA.5
01F  2FFF  mov     a,0xFF
020  0C01  add     a,M01
021  018B  mov     IHRCR,a
022  0B81  mov     M01,a
023  1AD0  t1sn    PA.3
024  3023  goto    0x023
025  1B50  t1sn    PA.5
026  304F  goto    0x04F
027  2F04  mov     a,0x04
028  0188  mov     MISC,a
029  18D0  t0sn    PA.3
02A  3029  goto    0x029
02B  2F02  mov     a,0x02
02C  0182  mov     SP,a
02D  1304  clear   M04
02E  1305  clear   M05
02F  2F59  mov     a,0x59
030  0B82  mov     M02,a
031  2F00  mov     a,0x00
032  0B83  mov     M03,a
033  0006  ldsptl
034  0B04  xor     M04,a
035  0007  ldspth
036  0805  add     M05,a
037  1584  sl      M04
038  1685  slc     M05
039  1004  addc    M04
03A  1282  dec     M02
03B  1083  subc    M03
03C  1A40  t1sn    FLAG.1
03D  3033  goto    0x033
03E  1F90  set1    PA.6
03F  1AD0  t1sn    PA.3
040  303F  goto    0x03F
041  1584  sl      M04
042  1685  slc     M05
043  0590  swapc   PA.6
044  18D0  t0sn    PA.3
045  3044  goto    0x044
046  1950  t0sn    PA.5
047  303F  goto    0x03F
048  1D90  set0    PA.6
049  1AD0  t1sn    PA.3
04A  3049  goto    0x049
04B  18D0  t0sn    PA.3
04C  304B  goto    0x04B
04D  1B50  t1sn    PA.5
04E  302B  goto    0x02B
04F  18D0  t0sn    PA.3
050  304F  goto    0x04F
051  1B50  t1sn    PA.5
052  3011  goto    0x011
053  3053  goto    0x053
054  018B  mov     IHRCR,a
055  2F00  mov     a,0x00
056  0182  mov     SP,a
057  0070  wdreset
058  0000  nop
059  3057  goto    0x057
 

Offline oPossum

  • Super Contributor
  • ***
  • Posts: 1415
  • Country: us
  • Very dangerous - may attack at any time
Re: EEVblog #1144 - Padauk Programmer Reverse Engineering
« Reply #154 on: November 27, 2018, 06:51:18 pm »
Updated instruction set encodings. Sorted by opcode. All gaps indicated.

16 bit
Code: [Select]
0x0000  0000_0000_0000_0000  nop
0x0001  0000_0000_0000_0001
0x0002  0000_0000_0000_0010
0x0003  0000_0000_0000_0011
0x0004  0000_0000_0000_0100
0x0005  0000_0000_0000_0101
0x0006  0000_0000_0000_0110
0x0007  0000_0000_0000_0111
0x0008  0000_0000_0000_1000
0x0009  0000_0000_0000_1001
0x000A  0000_0000_0000_1010
0x000B  0000_0000_0000_1011
0x000C  0000_0000_0000_1100
0x000D  0000_0000_0000_1101
0x000E  0000_0000_0000_1110
0x000F  0000_0000_0000_1111
0x0010  0000_0000_0001_0000  addc     a
0x0011  0000_0000_0001_0001  subc     a
0x0012  0000_0000_0001_0010  izsn     a
0x0013  0000_0000_0001_0011  dzsn     a
0x0014  0000_0000_0001_0100
0x0015  0000_0000_0001_0101
0x0016  0000_0000_0001_0110
0x0017  0000_0000_0001_0111  pcadd    a
0x0018  0000_0000_0001_1000  not      a
0x0019  0000_0000_0001_1001  neg      a
0x001A  0000_0000_0001_1010  sr       a
0x001B  0000_0000_0001_1011  sl       a
0x001C  0000_0000_0001_1100  src      a
0x001D  0000_0000_0001_1101  slc      a
0x001E  0000_0000_0001_1110  swap     a
0x001F  0000_0000_0001_1111  delay    a
0x0020  0000_0000_0010_----
0x0030  0000_0000_0011_0000  wdreset
0x0031  0000_0000_0011_0001
0x0032  0000_0000_0011_0010  pushaf
0x0033  0000_0000_0011_0011  popaf
0x0034  0000_0000_0011_0100
0x0035  0000_0000_0011_0101  reset
0x0036  0000_0000_0011_0110  stopsys
0x0037  0000_0000_0011_0111  stopexe
0x0038  0000_0000_0011_1000  engint
0x0039  0000_0000_0011_1001  disgint
0x003A  0000_0000_0011_1010  ret
0x003B  0000_0000_0011_1011  reti
0x003C  0000_0000_0011_1100  mul
0x003D  0000_0000_0011_1101
0x003E  0000_0000_0011_1110
0x003F  0000_0000_0011_1111
0x0040  0000_0000_010k_kkkk  pmode    n
0x0060  0000_0000_0110_tttt  popw     pcN
0x0070  0000_0000_0111_tttt  pushw    pcN
0x0080  0000_0000_10pp_pppp  mov      IO,a
0x00C0  0000_0000_11pp_pppp  mov      a,IO
0x0100  0000_0001_kkkk_kkkk  cneqsn   a,I
0x0200  0000_001w_wwww_www0  stt16    word
0x0201  0000_001w_wwww_www1  ldt16    word
0x0400  0000_010w_wwww_www0  popw     word
0x0401  0000_010w_wwww_www1  pushw    word
0x0600  0000_011w_wwww_www0  igoto    word
0x0601  0000_011w_wwww_www1  icall    word
0x0800  0000_100w_wwww_www0  idxm     index,a
0x0801  0000_100w_wwww_www1  idxm     a,index
0x0A00  0000_101w_wwww_www0  ldtabl   word
0x0A01  0000_101w_wwww_www1  ldtabh   word
0x0C00  0000_110-_----_----
0x0E00  0000_1110_kkkk_kkkk  delay    I
0x0F00  0000_1111_kkkk_kkkk  ret      I
0x1000  0001_0000_00pp_pppp  xor      IO,a
0x1040  0001_0000_01pp_pppp  xor      a,IO
0x1080  0001_0000_1---_----
0x1100 0001_0001_----_----
0x1200 0001_001-_----_----
0x1400 0001_010m_mmmm_mmmm  cneqsn   M,a
0x1600  0001_011m_mmmm_mmmm  cneqsn   a,M
0x1800  0001_1000_kkkk_kkkk  add      a,I
0x1900  0001_1001_kkkk_kkkk  sub      a,I
0x1A00  0001_1010_kkkk_kkkk  ceqsn    a,I
0x1B00  0001_1011_kkkk_kkkk  comp     a,I
0x1C00  0001_1100_kkkk_kkkk  and      a,I
0x1D00  0001_1101_kkkk_kkkk  or       a,I
0x1E00  0001_1110_kkkk_kkkk  xor      a,I
0x1F00  0001_1111_kkkk_kkkk  mov      a,I
0x2000  0010_000b_bbpp_pppp  t0sn     IO.n
0x2200  0010_001b_bbpp_pppp  t1sn     IO.n
0x2400  0010_010b_bbpp_pppp  set0     IO.n
0x2600  0010_011b_bbpp_pppp  set1     IO.n
0x2800  0010_100b_bbpp_pppp  tog      IO.n
0x2A00  0010_101b_bbpp_pppp  wait0    IO.n
0x2C00  0010_110b_bbpp_pppp  wait1    IO.n
0x2E00  0010_111b_bbpp_pppp  swapc    IO.n
0x3000  0011_000m_mmmm_mmmm  nmov     M,a
0x3200  0011_001m_mmmm_mmmm  nmov     a,M
0x3400  0011_010m_mmmm_mmmm  nadd     M,a
0x3600  0011_011m_mmmm_mmmm  nadd     a,M
0x3800  0011_100m_mmmm_mmmm  ceqsn    M,a
0x3A00  0011_101m_mmmm_mmmm  ceqsn    a,M
0x3C00  0011_110m_mmmm_mmmm  comp     M,a
0x3E00  0011_111m_mmmm_mmmm  comp     a,M
0x4000  0100_000m_mmmm_mmmm  add      M,a
0x4200  0100_001m_mmmm_mmmm  add      a,M
0x4400  0100_010m_mmmm_mmmm  sub      M,a
0x4600  0100_011m_mmmm_mmmm  sub      a,M
0x4800  0100_100m_mmmm_mmmm  addc     M,a
0x4A00  0100_101m_mmmm_mmmm  addc     a,M
0x4C00  0100_110m_mmmm_mmmm  subc     M,a
0x4E00  0100_111m_mmmm_mmmm  subc     a,M
0x5000  0101_000m_mmmm_mmmm  and      M,a
0x5200  0101_001m_mmmm_mmmm  and      a,M
0x5400  0101_010m_mmmm_mmmm  or       M,a
0x5600  0101_011m_mmmm_mmmm  or       a,M
0x5800  0101_100m_mmmm_mmmm  xor      M,a
0x5A00  0101_101m_mmmm_mmmm  xor      a,M
0x5C00  0101_110m_mmmm_mmmm  mov      M,a
0x5E00  0101_111m_mmmm_mmmm  mov      a,M
0x6000  0110_000m_mmmm_mmmm  addc     M
0x6200  0110_001m_mmmm_mmmm  subc     M
0x6400  0110_010m_mmmm_mmmm  izsn     M
0x6600  0110_011m_mmmm_mmmm  dzsn     M
0x6800  0110_100m_mmmm_mmmm  inc      M
0x6A00  0110_101m_mmmm_mmmm  dec      M
0x6C00  0110_110m_mmmm_mmmm  clear    M
0x6E00  0110_111m_mmmm_mmmm  xch      M
0x7000  0111_000m_mmmm_mmmm  not      M
0x7200  0111_001m_mmmm_mmmm  neg      M
0x7400  0111_010m_mmmm_mmmm  sr       M
0x7600  0111_011m_mmmm_mmmm  sl       M
0x7800  0111_100m_mmmm_mmmm  src      M
0x7A00  0111_101m_mmmm_mmmm  slc      M
0x7C00  0111_110m_mmmm_mmmm  swap     M
0x7E00  0111_111m_mmmm_mmmm  delay    M
0x8000  1000_bbbm_mmmm_mmmm  t0sn     M.n
0x9000  1001_bbbm_mmmm_mmmm  t1sn     M.n
0xA000  1010_bbbm_mmmm_mmmm  set0     M.n
0xB000  1011_bbbm_mmmm_mmmm  set1     M.n
0xC000  110a_aaaa_aaaa_aaaa  goto     label
0xE000  111a_aaaa_aaaa_aaaa  call     label


14 bit
Code: [Select]
0x0000  00_0000_0000_0000   nop
0x0001  00_0000_0000_0001
0x0002  00_0000_0000_0010
0x0003  00_0000_0000_0011
0x0004  00_0000_0000_0100
0x0005  00_0000_0000_0101
0x0006  00_0000_0000_0110   ldsptl         
0x0007  00_0000_0000_0111   ldspth         
0x0008  00_0000_0000_1---
0x0010  00_0000_0001_----
0x0020  00_0000_001-_----
0x0040  00_0000_010-_----
0x0060  00_0000_0110_0000   addc    a       
0x0061  00_0000_0110_0001   subc    a       
0x0062  00_0000_0110_0010   izsn    a       
0x0063  00_0000_0110_0011   dzsn    a       
0x0064  00_0000_0110_0100
0x0065  00_0000_0110_0101
0x0066  00_0000_0110_0110
0x0067  00_0000_0110_0111   pcadd   a       
0x0068  00_0000_0110_1000   not     a       
0x0069  00_0000_0110_1001   neg     a       
0x006a  00_0000_0110_1010   sr      a       
0x006b  00_0000_0110_1011   sl      a       
0x006c  00_0000_0110_1100   src     a       
0x006d  00_0000_0110_1101   slc     a       
0x006e  00_0000_0110_1110   swap    a       
0x006f  00_0000_0110_1111
0x0070  00_0000_0111_0000   wdreset         
0x0071  00_0000_0111_0001
0x0072  00_0000_0111_0010   pushaf         
0x0073  00_0000_0111_0011   popaf           
0x0074  00_0000_0111_0100
0x0075  00_0000_0111_0101   reset           
0x0076  00_0000_0111_0110   stopsys         
0x0077  00_0000_0111_0111   stopexe         
0x0078  00_0000_0111_1000   engint         
0x0079  00_0000_0111_1001   disgint         
0x007a  00_0000_0111_1010   ret             
0x007b  00_0000_0111_1011   reti           
0x007c  00_0000_0111_1100   mul             
0x007d  00_0000_0111_1101
0x007e  00_0000_0111_1110
0x007f  00_0000_0111_1111
0x0080  00_0000_10--_----
0x00c0  00_0000_11pp_pppp   xor     io,a   
0x0100  00_0001_00--_----
0x0140  00_0001_01--_----
0x0180  00_0001_10pp_pppp   mov     io,a   
0x01c0  00_0001_11pp_pppp   mov     a,io   
0x0200  00_0010_kkkk_kkkk   ret     k       
0x0300  00_0011_0aaa_aaa0   stt16   m       
0x0301  00_0011_0aaa_aaa1   ldt16   m       
0x0380  00_0011_1aaa_aaa0   idxm    m,a     
0x0381  00_0011_1aaa_aaa1   idxm    a,m     
0x0400  00_010b_bbpp_pppp   swapc   io.b   
0x0600  00_0110_0aaa_aaaa   comp    a,m     
0x0680  00_0110 1aaa_aaaa   comp    m,a     
0x0700  00_0111_0aaa_aaaa   nadd    a,m     
0x0780  00_0111_1aaa_aaaa   nadd    m,a     
0x0800  00_1000_0aaa_aaaa   add     m,a     
0x0880  00_1000_1aaa_aaaa   sub     m,a     
0x0900  00_1001_0aaa_aaaa   addc    m,a     
0x0980  00_1001_1aaa_aaaa   subc    m,a     
0x0a00  00_1010_0aaa_aaaa   and     m,a     
0x0a80  00_1010_1aaa_aaaa   or      m,a     
0x0b00  00_1011_0aaa_aaaa   xor     m,a     
0x0b80  00_1011_1aaa_aaaa   mov     m,a     
0x0c00  00_1100_0aaa_aaaa   add     a,m     
0x0c80  00_1100_1aaa_aaaa   sub     a,m     
0x0d00  00_1101_0aaa_aaaa   addc    a,m     
0x0d80  00_1101_1aaa_aaaa   subc    a,m     
0x0e00  00_1110_0aaa_aaaa   and     a,m     
0x0e80  00_1110_1aaa_aaaa   or      a,m     
0x0f00  00_1111_0aaa_aaaa   xor     a,m     
0x0f80  00_1111_1aaa_aaaa   mov     a,m     
0x1000  01_0000_0aaa_aaaa   addc    m       
0x1080  01_0000_1aaa_aaaa   subc    m       
0x1100  01_0001_0aaa_aaaa   izsn    m       
0x1180  01_0001_1aaa_aaaa   dzsn    m       
0x1200  01_0010_0aaa_aaaa   inc     m       
0x1280  01_0010_1aaa_aaaa   dec     m       
0x1300  01_0011_0aaa_aaaa   clear   m       
0x1380  01_0011_1aaa_aaaa   xch     m       
0x1400  01_0100_0aaa_aaaa   not     m       
0x1480  01_0100_1aaa_aaaa   neg     m       
0x1500  01_0101_0aaa_aaaa   sr      m       
0x1580  01_0101_1aaa_aaaa   sl      m       
0x1600  01_0110_0aaa_aaaa   src     m       
0x1680  01_0110_1aaa_aaaa   slc     m       
0x1700  01_0111_0aaa_aaaa   ceqsn   a,m     
0x1780  01_0111_1aaa_aaaa   cneqsn  a,m     
0x1800  01_100b_bbpp_pppp   t0sn    io.b   
0x1a00  01_101b_bbpp_pppp   t1sn    io.b   
0x1c00  01_110b_bbpp_pppp   set0    io.b   
0x1e00  01_111b_bbpp_pppp   set1    io.b   
0x2000  10_000b_bbaa_aaaa   t0sn    m.b     
0x2200  10_001b_bbaa_aaaa   t1sn    m.b     
0x2400  10_010b_bbaa_aaaa   set0    m.b     
0x2600  10_011b_bbaa_aaaa   set1    m.b     
0x2800  10_1000_dddd_dddd   add     a,k     
0x2900  10_1001_dddd_dddd   sub     a,k     
0x2a00  10_1010_dddd_dddd   ceqsn   a,k     
0x2b00  10_1011_dddd_dddd   cneqsn  a,k     
0x2c00  10_1100_dddd_dddd   and     a,k     
0x2d00  10_1101_dddd_dddd   or      a,k     
0x2e00  10_1110_dddd_dddd   xor     a,k     
0x2f00  10_1111_dddd_dddd   mov     a,k     
0x3000  11_0aaa_aaaa_aaaa   goto    k       
0x3800  11_1aaa_aaaa_aaaa   call    k       


13 bit
Code: [Select]
0x0000 0_0000_0000_0000  nop
0x0001 0_0000_0000_0001 
0x0002 0_0000_0000_0010 
0x0003 0_0000_0000_0011 
0x0004 0_0000_0000_0100 
0x0005 0_0000_0000_0101 
0x0006 0_0000_0000_0110 
0x0007 0_0000_0000_0111 
0x0008 0_0000_0000_1000 
0x0009 0_0000_0000_1001 
0x000a 0_0000_0000_1010 
0x000b 0_0000_0000_1011 
0x000c 0_0000_0000_1100 
0x000d 0_0000_0000_1101 
0x000e 0_0000_0000_1110 
0x000f 0_0000_0000_1111 
0x0010 0_0000_0001_0000  addc      a
0x0011 0_0000_0001_0001  subc      a
0x0012 0_0000_0001_0010  izsn      a
0x0013 0_0000_0001_0011  dzsn      a
0x0014 0_0000_0001_0100 
0x0015 0_0000_0001_0101 
0x0016 0_0000_0001_0110 
0x0017 0_0000_0001_0111  pcadd     a
0x0018 0_0000_0001_1000  not       a
0x0019 0_0000_0001_1001  neg       a
0x001a 0_0000_0001_1010  sr        a
0x001b 0_0000_0001_1011  sl        a
0x001c 0_0000_0001_1100  src       a
0x001d 0_0000_0001_1101  slc       a
0x001e 0_0000_0001_1110  swap      a
0x001f 0_0000_0001_1111 
0x0020 0_0000_0010_---- 
0x0030 0_0000_0011_0000  wdreset
0x0031 0_0000_0011_0001 
0x0032 0_0000_0011_0010  pushaf
0x0033 0_0000_0011_0011  popaf
0x0034 0_0000_0011_0100 
0x0035 0_0000_0011_0101  reset
0x0036 0_0000_0011_0110  stopsys
0x0037 0_0000_0011_0111  stopexe
0x0038 0_0000_0011_1000  engint
0x0039 0_0000_0011_1001  disgint
0x003a 0_0000_0011_1010  ret
0x003b 0_0000_0011_1011  reti
0x003c 0_0000_0011_1100 
0x003d 0_0000_0011_1101 
0x003e 0_0000_0011_1110 
0x003f 0_0000_0011_1111 
0x0040 0_0000_010-_---- 
0x0060 0_0000_011p_pppp  xor       io,a
0x0080 0_0000_100p_pppp  mov       io,a
0x00a0 0_0000_101p_pppp  mov       a,io
0x00c0 0_0000_110a_aaa0  stt16     m
0x00c1 0_0000_110a_aaa1  ldt16     m
0x00e0 0_0000_111a_aaa0  idxm      m,a
0x00e1 0_0000_111a_aaa1  idxm      a,m
0x0100 0_0001_dddd_dddd  ret       k
0x0200 0_0010_bbb0_aaaa  t0sn      m.b
0x0210 0_0010_bbb1_aaaa  t1sn      m.b
0x0300 0_0011_bbb0_aaaa  set0      m.b
0x0310 0_0011_bbb1_aaaa  set1      m.b
0x0400 0_0100_00aa_aaaa  add       m,a
0x0440 0_0100_01aa_aaaa  sub       m,a
0x0480 0_0100_10aa_aaaa  addc      m,a
0x04c0 0_0100_11aa_aaaa  subc      m,a
0x0500 0_0101_00aa_aaaa  and       m,a
0x0540 0_0101_01aa_aaaa  or        m,a
0x0580 0_0101_10aa_aaaa  xor       m,a
0x05c0 0_0101_11aa_aaaa  mov       m,a
0x0600 0_0110_00aa_aaaa  add       a,m
0x0640 0_0110_01aa_aaaa  sub       a,m
0x0680 0_0110_10aa_aaaa  addc      a,m
0x06c0 0_0110_11aa_aaaa  subc      a,m
0x0700 0_0111_00aa_aaaa  and       a,m
0x0740 0_0111_01aa_aaaa  or        a,m
0x0780 0_0111_10aa_aaaa  xor       a,m
0x07c0 0_0111_11aa_aaaa  mov       a,m
0x0800 0_1000_00aa_aaaa  addc      m
0x0840 0_1000_01aa_aaaa  subc      m
0x0880 0_1000_10aa_aaaa  izsn      m
0x08c0 0_1000_11aa_aaaa  dzsn      m
0x0900 0_1001_00aa_aaaa  inc       m
0x0940 0_1001_01aa_aaaa  dec       m
0x0980 0_1001_10aa_aaaa  clear     m
0x09c0 0_1001_11aa_aaaa  xch       m
0x0a00 0_1010_00aa_aaaa  not       m
0x0a40 0_1010_01aa_aaaa  neg       m
0x0a80 0_1010_10aa_aaaa  sr        m
0x0ac0 0_1010_11aa_aaaa  sl        m
0x0b00 0_1011_00aa_aaaa  src       m
0x0b40 0_1011_01aa_aaaa  slc       m
0x0b80 0_1011_10aa_aaaa  ceqsn     a,m
0x0bc0 0_1011_11aa_aaaa  cneqsn    a,m
0x0c00 0_1100_bbbp_pppp  t0sn      p.b
0x0d00 0_1101_bbbp_pppp  t1sn      p.b
0x0e00 0_1110_bbbp_pppp  set0      p.b
0x0f00 0_1111_bbbp_pppp  set1      p.b
0x1000 1_0000_dddd_dddd  add       a,k
0x1100 1_0001_dddd_dddd  sub       a,k
0x1200 1_0010_dddd_dddd  ceqsn     a,k
0x1300 1_0011_dddd_dddd  cneqsn    a,k
0x1400 1_0100_dddd_dddd  and       a,k
0x1500 1_0101_dddd_dddd  or        a,k
0x1600 1_0110_dddd_dddd  xor       a,k
0x1700 1_0111_dddd_dddd  mov       a,k
0x1800 1_10aa_aaaa_aaaa  goto      j
0x1c00 1_11aa_aaaa_aaaa  call      j


Comparison sorted by 16 bit opcode
Code: [Select]
nop                 0000_0000_0000_0000   00_0000_0000_0000   0_0000_0000_0000
ldsptl                                    00_0000_0000_0110
ldspth                                    00_0000_0000_0111
addc      a         0000_0000_0001_0000   00_0000_0110_0000   0_0000_0001_0000
subc      a         0000_0000_0001_0001   00_0000_0110_0001   0_0000_0001_0001
izsn      a         0000_0000_0001_0010   00_0000_0110_0010   0_0000_0001_0010
dzsn      a         0000_0000_0001_0011   00_0000_0110_0011   0_0000_0001_0011
pcadd     a         0000_0000_0001_0111   00_0000_0110_0111   0_0000_0001_0111
not       a         0000_0000_0001_1000   00_0000_0110_1000   0_0000_0001_1000
neg       a         0000_0000_0001_1001   00_0000_0110_1001   0_0000_0001_1001
sr        a         0000_0000_0001_1010   00_0000_0110_1010   0_0000_0001_1010
sl        a         0000_0000_0001_1011   00_0000_0110_1011   0_0000_0001_1011
src       a         0000_0000_0001_1100   00_0000_0110_1100   0_0000_0001_1100
slc       a         0000_0000_0001_1101   00_0000_0110_1101   0_0000_0001_1101
swap      a         0000_0000_0001_1110   00_0000_0110_1110   0_0000_0001_1110
delay     a         0000_0000_0001_1111
wdreset             0000_0000_0011_0000   00_0000_0111_0000   0_0000_0011_0000
pushaf              0000_0000_0011_0010   00_0000_0111_0010   0_0000_0011_0010
popaf               0000_0000_0011_0011   00_0000_0111_0011   0_0000_0011_0011
reset               0000_0000_0011_0101   00_0000_0111_0101   0_0000_0011_0101
stopsys             0000_0000_0011_0110   00_0000_0111_0110   0_0000_0011_0110
stopexe             0000_0000_0011_0111   00_0000_0111_0111   0_0000_0011_0111
engint              0000_0000_0011_1000   00_0000_0111_1000   0_0000_0011_1000
disgint             0000_0000_0011_1001   00_0000_0111_1001   0_0000_0011_1001
ret                 0000_0000_0011_1010   00_0000_0111_1010   0_0000_0011_1010
reti                0000_0000_0011_1011   00_0000_0111_1011   0_0000_0011_1011
mul                 0000_0000_0011_1100   00_0000_0111_1100
pmode     n         0000_0000_010k_kkkk
popw      pcN       0000_0000_0110_tttt
pushw     pcN       0000_0000_0111_tttt
mov       IO,a      0000_0000_10pp_pppp   00_0001_10pp_pppp   0_0000_100p_pppp
mov       a,IO      0000_0000_11pp_pppp   00_0001_11pp_pppp   0_0000_101p_pppp
cneqsn    a,I       0000_0001_kkkk_kkkk   10_1011_kkkk_kkkk   1_0011_kkkk_kkkk
stt16     word      0000_001w_wwww_www0   00_0011_0www_www0   0_0000_110w_www0
ldt16     word      0000_001w_wwww_www1   00_0011_0www_www1   0_0000_110w_www1
popw      word      0000_010w_wwww_www0
pushw     word      0000_010w_wwww_www1
igoto     word      0000_011w_wwww_www0
icall     word      0000_011w_wwww_www1
idxm      index,a   0000_100w_wwww_www0   00_0011_1www_www0   0_0000_111w_www0
idxm      a,index   0000_100w_wwww_www1   00_0011_1www_www1   0_0000_111w_www1
ldtabl    word      0000_101w_wwww_www0
ldtabh    word      0000_101w_wwww_www1
delay     I         0000_1110_kkkk_kkkk
ret       I         0000_1111_kkkk_kkkk   00_0010_kkkk_kkkk   0_0001_kkkk_kkkk
xor       IO,a      0001_0000_00pp_pppp   00_0000_11pp_pppp   0_0000_011p_pppp
xor       a,IO      0001_0000_01pp_pppp
cneqsn    M,a       0001_010m_mmmm_mmmm
cneqsn    a,M       0001_011m_mmmm_mmmm   01_0111_1mmm_mmmm   0_1011_11mm_mmmm
add       a,I       0001_1000_kkkk_kkkk   10_1000_kkkk_kkkk   1_0000_kkkk_kkkk
sub       a,I       0001_1001_kkkk_kkkk   10_1001_kkkk_kkkk   1_0001_kkkk_kkkk
ceqsn     a,I       0001_1010_kkkk_kkkk   10_1010_kkkk_kkkk   1_0010_kkkk_kkkk
comp      a,I       0001_1011_kkkk_kkkk
and       a,I       0001_1100_kkkk_kkkk   10_1100_kkkk_kkkk   1_0100_kkkk_kkkk
or        a,I       0001_1101_kkkk_kkkk   10_1101_kkkk_kkkk   1_0101_kkkk_kkkk
xor       a,I       0001_1110_kkkk_kkkk   10_1110_kkkk_kkkk   1_0110_kkkk_kkkk
mov       a,I       0001_1111_kkkk_kkkk   10_1111_kkkk_kkkk   1_0111_kkkk_kkkk
t0sn      IO.n      0010_000b_bbpp_pppp   01_100b_bbpp_pppp   0_1100_bbbp_pppp
t1sn      IO.n      0010_001b_bbpp_pppp   01_101b_bbpp_pppp   0_1101_bbbp_pppp
set0      IO.n      0010_010b_bbpp_pppp   01_110b_bbpp_pppp   0_1110_bbbp_pppp
set1      IO.n      0010_011b_bbpp_pppp   01_111b_bbpp_pppp   0_1111_bbbp_pppp
tog       IO.n      0010_100b_bbpp_pppp
wait0     IO.n      0010_101b_bbpp_pppp
wait1     IO.n      0010_110b_bbpp_pppp
swapc     IO.n      0010_111b_bbpp_pppp   00_010b_bbpp_pppp
nmov      M,a       0011_000m_mmmm_mmmm
nmov      a,M       0011_001m_mmmm_mmmm
nadd      M,a       0011_010m_mmmm_mmmm   00_0111_1mmm_mmmm
nadd      a,M       0011_011m_mmmm_mmmm   00_0111_0mmm_mmmm
ceqsn     M,a       0011_100m_mmmm_mmmm
ceqsn     a,M       0011_101m_mmmm_mmmm   01_0111_0mmm_mmmm   0_1011_10mm_mmmm
comp      M,a       0011_110m_mmmm_mmmm   00_0110_1mmm_mmmm
comp      a,M       0011_111m_mmmm_mmmm   00_0110_0mmm_mmmm
add       M,a       0100_000m_mmmm_mmmm   00_1000_0mmm_mmmm   0_0100_00mm_mmmm
add       a,M       0100_001m_mmmm_mmmm   00_1100_0mmm_mmmm   0_0110_00mm_mmmm
sub       M,a       0100_010m_mmmm_mmmm   00_1000_1mmm_mmmm   0_0100_01mm_mmmm
sub       a,M       0100_011m_mmmm_mmmm   00_1100_1mmm_mmmm   0_0110_01mm_mmmm
addc      M,a       0100_100m_mmmm_mmmm   00_1001_0mmm_mmmm   0_0100_10mm_mmmm
addc      a,M       0100_101m_mmmm_mmmm   00_1101_0mmm_mmmm   0_0110_10mm_mmmm
subc      M,a       0100_110m_mmmm_mmmm   00_1001_1mmm_mmmm   0_0100_11mm_mmmm
subc      a,M       0100_111m_mmmm_mmmm   00_1101_1mmm_mmmm   0_0110_11mm_mmmm
and       M,a       0101_000m_mmmm_mmmm   00_1010_0mmm_mmmm   0_0101_00mm_mmmm
and       a,M       0101_001m_mmmm_mmmm   00_1110_0mmm_mmmm   0_0111_00mm_mmmm
or        M,a       0101_010m_mmmm_mmmm   00_1010_1mmm_mmmm   0_0101_01mm_mmmm
or        a,M       0101_011m_mmmm_mmmm   00_1110_1mmm_mmmm   0_0111_01mm_mmmm
xor       M,a       0101_100m_mmmm_mmmm   00_1011_0mmm_mmmm   0_0101_10mm_mmmm
xor       a,M       0101_101m_mmmm_mmmm   00_1111_0mmm_mmmm   0_0111_10mm_mmmm
mov       M,a       0101_110m_mmmm_mmmm   00_1011_1mmm_mmmm   0_0101_11mm_mmmm
mov       a,M       0101_111m_mmmm_mmmm   00_1111_1mmm_mmmm   0_0111_11mm_mmmm
addc      M         0110_000m_mmmm_mmmm   01_0000_0mmm_mmmm   0_1000_00mm_mmmm
subc      M         0110_001m_mmmm_mmmm   01_0000_1mmm_mmmm   0_1000_01mm_mmmm
izsn      M         0110_010m_mmmm_mmmm   01_0001_0mmm_mmmm   0_1000_10mm_mmmm
dzsn      M         0110_011m_mmmm_mmmm   01_0001_1mmm_mmmm   0_1000_11mm_mmmm
inc       M         0110_100m_mmmm_mmmm   01_0010_0mmm_mmmm   0_1001_00mm_mmmm
dec       M         0110_101m_mmmm_mmmm   01_0010_1mmm_mmmm   0_1001_01mm_mmmm
clear     M         0110_110m_mmmm_mmmm   01_0011_0mmm_mmmm   0_1001_10mm_mmmm
xch       M         0110_111m_mmmm_mmmm   01_0011_1mmm_mmmm   0_1001_11mm_mmmm
not       M         0111_000m_mmmm_mmmm   01_0100_0mmm_mmmm   0_1010_00mm_mmmm
neg       M         0111_001m_mmmm_mmmm   01_0100_1mmm_mmmm   0_1010_01mm_mmmm
sr        M         0111_010m_mmmm_mmmm   01_0101_0mmm_mmmm   0_1010_10mm_mmmm
sl        M         0111_011m_mmmm_mmmm   01_0101_1mmm_mmmm   0_1010_11mm_mmmm
src       M         0111_100m_mmmm_mmmm   01_0110_0mmm_mmmm   0_1011_00mm_mmmm
slc       M         0111_101m_mmmm_mmmm   01_0110_1mmm_mmmm   0_1011_01mm_mmmm
swap      M         0111_110m_mmmm_mmmm
delay     M         0111_111m_mmmm_mmmm
t0sn      M.n       1000_bbbm_mmmm_mmmm   10_000b_bbmm_mmmm   0_0010_bbb0_mmmm
t1sn      M.n       1001_bbbm_mmmm_mmmm   10_001b_bbmm_mmmm   0_0010_bbb1_mmmm
set0      M.n       1010_bbbm_mmmm_mmmm   10_010b_bbmm_mmmm   0_0011_bbb0_mmmm
set1      M.n       1011_bbbm_mmmm_mmmm   10_011b_bbmm_mmmm   0_0011_bbb1_mmmm
goto      label     110a_aaaa_aaaa_aaaa   11_0aaa_aaaa_aaaa   1_10aa_aaaa_aaaa
call      label     111a_aaaa_aaaa_aaaa   11_1aaa_aaaa_aaaa   1_11aa_aaaa_aaaa


Comparison sorted by mnemonic
Code: [Select]
add       a,I       0001_1000_kkkk_kkkk   10_1000_kkkk_kkkk   1_0000_kkkk_kkkk
add       a,M       0100_001m_mmmm_mmmm   00_1100_0mmm_mmmm   0_0110_00mm_mmmm
add       M,a       0100_000m_mmmm_mmmm   00_1000_0mmm_mmmm   0_0100_00mm_mmmm
addc      a         0000_0000_0001_0000   00_0000_0110_0000   0_0000_0001_0000
addc      a,M       0100_101m_mmmm_mmmm   00_1101_0mmm_mmmm   0_0110_10mm_mmmm
addc      M         0110_000m_mmmm_mmmm   01_0000_0mmm_mmmm   0_1000_00mm_mmmm
addc      M,a       0100_100m_mmmm_mmmm   00_1001_0mmm_mmmm   0_0100_10mm_mmmm
and       a,I       0001_1100_kkkk_kkkk   10_1100_kkkk_kkkk   1_0100_kkkk_kkkk
and       a,M       0101_001m_mmmm_mmmm   00_1110_0mmm_mmmm   0_0111_00mm_mmmm
and       M,a       0101_000m_mmmm_mmmm   00_1010_0mmm_mmmm   0_0101_00mm_mmmm
call      label     111a_aaaa_aaaa_aaaa   11_1aaa_aaaa_aaaa   1_11aa_aaaa_aaaa
ceqsn     a,I       0001_1010_kkkk_kkkk   10_1010_kkkk_kkkk   1_0010_kkkk_kkkk
ceqsn     a,M       0011_101m_mmmm_mmmm   01_0111_0mmm_mmmm   0_1011_10mm_mmmm
ceqsn     M,a       0011_100m_mmmm_mmmm
clear     M         0110_110m_mmmm_mmmm   01_0011_0mmm_mmmm   0_1001_10mm_mmmm
cneqsn    a,I       0000_0001_kkkk_kkkk   10_1011_kkkk_kkkk   1_0011_kkkk_kkkk
cneqsn    a,M       0001_011m_mmmm_mmmm   01_0111_1mmm_mmmm   0_1011_11mm_mmmm
cneqsn    M,a       0001_010m_mmmm_mmmm
comp      a,I       0001_1011_kkkk_kkkk
comp      a,M       0011_111m_mmmm_mmmm   00_0110_0mmm_mmmm
comp      M,a       0011_110m_mmmm_mmmm   00_0110_1mmm_mmmm
dec       M         0110_101m_mmmm_mmmm   01_0010_1mmm_mmmm   0_1001_01mm_mmmm
delay     a         0000_0000_0001_1111
delay     I         0000_1110_kkkk_kkkk
delay     M         0111_111m_mmmm_mmmm
disgint             0000_0000_0011_1001   00_0000_0111_1001   0_0000_0011_1001
dzsn      a         0000_0000_0001_0011   00_0000_0110_0011   0_0000_0001_0011
dzsn      M         0110_011m_mmmm_mmmm   01_0001_1mmm_mmmm   0_1000_11mm_mmmm
engint              0000_0000_0011_1000   00_0000_0111_1000   0_0000_0011_1000
goto      label     110a_aaaa_aaaa_aaaa   11_0aaa_aaaa_aaaa   1_10aa_aaaa_aaaa
icall     word      0000_011w_wwww_www1
idxm      a,index   0000_100w_wwww_www1   00_0011_1www_www1   0_0000_111w_www1
idxm      index,a   0000_100w_wwww_www0   00_0011_1www_www0   0_0000_111w_www0
igoto     word      0000_011w_wwww_www0
inc       M         0110_100m_mmmm_mmmm   01_0010_0mmm_mmmm   0_1001_00mm_mmmm
izsn      a         0000_0000_0001_0010   00_0000_0110_0010   0_0000_0001_0010
izsn      M         0110_010m_mmmm_mmmm   01_0001_0mmm_mmmm   0_1000_10mm_mmmm
ldspth                                    00_0000_0000_0111
ldsptl                                    00_0000_0000_0110
ldt16     word      0000_001w_wwww_www1   00_0011_0www_www1   0_0000_110w_www1
ldtabh    word      0000_101w_wwww_www1
ldtabl    word      0000_101w_wwww_www0
mov       a,I       0001_1111_kkkk_kkkk   10_1111_kkkk_kkkk   1_0111_kkkk_kkkk
mov       a,IO      0000_0000_11pp_pppp   00_0001_11pp_pppp   0_0000_101p_pppp
mov       a,M       0101_111m_mmmm_mmmm   00_1111_1mmm_mmmm   0_0111_11mm_mmmm
mov       IO,a      0000_0000_10pp_pppp   00_0001_10pp_pppp   0_0000_100p_pppp
mov       M,a       0101_110m_mmmm_mmmm   00_1011_1mmm_mmmm   0_0101_11mm_mmmm
mul                 0000_0000_0011_1100   00_0000_0111_1100
nadd      a,M       0011_011m_mmmm_mmmm   00_0111_0mmm_mmmm
nadd      M,a       0011_010m_mmmm_mmmm   00_0111_1mmm_mmmm
neg       a         0000_0000_0001_1001   00_0000_0110_1001   0_0000_0001_1001
neg       M         0111_001m_mmmm_mmmm   01_0100_1mmm_mmmm   0_1010_01mm_mmmm
nmov      a,M       0011_001m_mmmm_mmmm
nmov      M,a       0011_000m_mmmm_mmmm
nop                 0000_0000_0000_0000   00_0000_0000_0000   0_0000_0000_0000
not       a         0000_0000_0001_1000   00_0000_0110_1000   0_0000_0001_1000
not       M         0111_000m_mmmm_mmmm   01_0100_0mmm_mmmm   0_1010_00mm_mmmm
or        a,I       0001_1101_kkkk_kkkk   10_1101_kkkk_kkkk   1_0101_kkkk_kkkk
or        a,M       0101_011m_mmmm_mmmm   00_1110_1mmm_mmmm   0_0111_01mm_mmmm
or        M,a       0101_010m_mmmm_mmmm   00_1010_1mmm_mmmm   0_0101_01mm_mmmm
pcadd     a         0000_0000_0001_0111   00_0000_0110_0111   0_0000_0001_0111
pmode     n         0000_0000_010k_kkkk
popaf               0000_0000_0011_0011   00_0000_0111_0011   0_0000_0011_0011
popw      pcN       0000_0000_0110_tttt
popw      word      0000_010w_wwww_www0
pushaf              0000_0000_0011_0010   00_0000_0111_0010   0_0000_0011_0010
pushw     pcN       0000_0000_0111_tttt
pushw     word      0000_010w_wwww_www1
reset               0000_0000_0011_0101   00_0000_0111_0101   0_0000_0011_0101
ret                 0000_0000_0011_1010   00_0000_0111_1010   0_0000_0011_1010
ret       I         0000_1111_kkkk_kkkk   00_0010_kkkk_kkkk   0_0001_kkkk_kkkk
reti                0000_0000_0011_1011   00_0000_0111_1011   0_0000_0011_1011
set0      IO.n      0010_010b_bbpp_pppp   01_110b_bbpp_pppp   0_1110_bbbp_pppp
set0      M.n       1010_bbbm_mmmm_mmmm   10_010b_bbmm_mmmm   0_0011_bbb0_mmmm
set1      IO.n      0010_011b_bbpp_pppp   01_111b_bbpp_pppp   0_1111_bbbp_pppp
set1      M.n       1011_bbbm_mmmm_mmmm   10_011b_bbmm_mmmm   0_0011_bbb1_mmmm
sl        a         0000_0000_0001_1011   00_0000_0110_1011   0_0000_0001_1011
sl        M         0111_011m_mmmm_mmmm   01_0101_1mmm_mmmm   0_1010_11mm_mmmm
slc       a         0000_0000_0001_1101   00_0000_0110_1101   0_0000_0001_1101
slc       M         0111_101m_mmmm_mmmm   01_0110_1mmm_mmmm   0_1011_01mm_mmmm
sr        a         0000_0000_0001_1010   00_0000_0110_1010   0_0000_0001_1010
sr        M         0111_010m_mmmm_mmmm   01_0101_0mmm_mmmm   0_1010_10mm_mmmm
src       a         0000_0000_0001_1100   00_0000_0110_1100   0_0000_0001_1100
src       M         0111_100m_mmmm_mmmm   01_0110_0mmm_mmmm   0_1011_00mm_mmmm
stopexe             0000_0000_0011_0111   00_0000_0111_0111   0_0000_0011_0111
stopsys             0000_0000_0011_0110   00_0000_0111_0110   0_0000_0011_0110
stt16     word      0000_001w_wwww_www0   00_0011_0www_www0   0_0000_110w_www0
sub       a,I       0001_1001_kkkk_kkkk   10_1001_kkkk_kkkk   1_0001_kkkk_kkkk
sub       a,M       0100_011m_mmmm_mmmm   00_1100_1mmm_mmmm   0_0110_01mm_mmmm
sub       M,a       0100_010m_mmmm_mmmm   00_1000_1mmm_mmmm   0_0100_01mm_mmmm
subc      a         0000_0000_0001_0001   00_0000_0110_0001   0_0000_0001_0001
subc      a,M       0100_111m_mmmm_mmmm   00_1101_1mmm_mmmm   0_0110_11mm_mmmm
subc      M         0110_001m_mmmm_mmmm   01_0000_1mmm_mmmm   0_1000_01mm_mmmm
subc      M,a       0100_110m_mmmm_mmmm   00_1001_1mmm_mmmm   0_0100_11mm_mmmm
swap      a         0000_0000_0001_1110   00_0000_0110_1110   0_0000_0001_1110
swap      M         0111_110m_mmmm_mmmm
swapc     IO.n      0010_111b_bbpp_pppp   00_010b_bbpp_pppp
t0sn      IO.n      0010_000b_bbpp_pppp   01_100b_bbpp_pppp   0_1100_bbbp_pppp
t0sn      M.n       1000_bbbm_mmmm_mmmm   10_000b_bbmm_mmmm   0_0010_bbb0_mmmm
t1sn      IO.n      0010_001b_bbpp_pppp   01_101b_bbpp_pppp   0_1101_bbbp_pppp
t1sn      M.n       1001_bbbm_mmmm_mmmm   10_001b_bbmm_mmmm   0_0010_bbb1_mmmm
tog       IO.n      0010_100b_bbpp_pppp
wait0     IO.n      0010_101b_bbpp_pppp
wait1     IO.n      0010_110b_bbpp_pppp
wdreset             0000_0000_0011_0000   00_0000_0111_0000   0_0000_0011_0000
xch       M         0110_111m_mmmm_mmmm   01_0011_1mmm_mmmm   0_1001_11mm_mmmm
xor       a,I       0001_1110_kkkk_kkkk   10_1110_kkkk_kkkk   1_0110_kkkk_kkkk
xor       a,IO      0001_0000_01pp_pppp
xor       a,M       0101_101m_mmmm_mmmm   00_1111_0mmm_mmmm   0_0111_10mm_mmmm
xor       IO,a      0001_0000_00pp_pppp   00_0000_11pp_pppp   0_0000_011p_pppp
xor       M,a       0101_100m_mmmm_mmmm   00_1011_0mmm_mmmm   0_0101_10mm_mmmm

 

Offline DocBen

  • Regular Contributor
  • *
  • Posts: 111
  • Country: de
Re: EEVblog #1144 - Padauk Programmer Reverse Engineering
« Reply #155 on: November 27, 2018, 07:18:11 pm »
Thanks for the code. I seem to have an endianess problem somewhere.
I am using linux, but the IDE doesnt work with wine.
So I used windows to make and convert the file. Somehow bytes got swapped  :palm:
 

Offline spth

  • Regular Contributor
  • *
  • Posts: 163
  • Country: de
Re: EEVblog #1144 - Padauk Programmer Reverse Engineering
« Reply #156 on: November 27, 2018, 07:49:57 pm »
[…]
If I counted correctly there are only these instruction set families
.Assembly   ASM_INSTR   SYM_83A
.Assembly   ASM_INSTR   SYM_84B
.Assembly   ASM_INSTR   SYM_85A
.Assembly   ASM_INSTR   SYM_86B
.Assembly   ICE_INSTR   SYM_83A
.Assembly   ICE_INSTR   SYM_86A
.Assembly   INSTRUMENT   SYM_82A
.Assembly   INSTRUMENT   SYM_83A
.Assembly   INSTRUMENT   SYM_86A

I suspect that INSTRUMENT means same for ASM and ICE

I had noticed those SYM_ whatever things in the files before, but didn't see their relation to the instruction sets. ASM_INSTR SYM_85A is found in files for devices both with (e.g. PMS130) and without (e.g. PFS154) the mul instruction. ASM_INSTR SYM_83A is found in files for devices with pushw (e.g. PMC884) without pushw (e.g. PMS232).

Philipp
 
The following users thanked this post: oPossum

Offline westfw

  • Super Contributor
  • ***
  • Posts: 4196
  • Country: us
Re: EEVblog #1144 - Padauk Programmer Reverse Engineering
« Reply #157 on: November 28, 2018, 09:04:54 am »
(Wow.   I just want to throw in a compliment.  This has been REALLY IMPRESSIVE!  Great work; excellent collaboration!)
 

Offline DocBen

  • Regular Contributor
  • *
  • Posts: 111
  • Country: de
Re: EEVblog #1144 - Padauk Programmer Reverse Engineering
« Reply #158 on: November 28, 2018, 08:47:40 pm »
Maybe the Symbol Files have to be seen in conjuction with the inc files.
SYM_85A does not include the mul instruction.
The inc file for the pfs154 doesnt have anything related to mul and the ide complains that "mul not be supported at pfs154"

The inc file for the pms130 does have to registers defined
   MULOP      IO_RW      0x08
   MULRH      IO_RO      0x09
for the multiplication.

I couldnt find the device ids in the symbol files so that must be stored somewhere else.

So I guess the symbol files are templates for the ide that then get modified for the specific ic.

Edit: if I change the SYM in the INC file, instructions missing in the other family are no longer recognized. (syntax error)
« Last Edit: November 28, 2018, 08:50:24 pm by DocBen »
 

Offline js_12345678_55AA

  • Frequent Contributor
  • **
  • Posts: 337
  • Country: ht
Re: EEVblog #1144 - Padauk Programmer Reverse Engineering
« Reply #159 on: November 30, 2018, 12:21:26 pm »
For all the people interested in ordering PADAUK parts and tools.

I ordered some stuff from lcsc.com with standard shipping. Payment was done using Paypal, delivery cost was around 7 USD. After 15 days my order arrived without any problems (direct shipping from China to my place).


Here is a list of ICs and tools from PADAUK I use.

Please consider to use the AFFILIATE LINKS from below when you order from lcsc.com. This will give me some credits there and I can order more PADAUK parts to investigate.

THANK YOU!

---

ICs I use:

Flash based ICs (1000 erase/write cycles possible):
PFS154-S08  (14 bit opcodes)
PFS154-S14 (14 bit opcodes)

OTP ICs (One Time Programmable):
PMS154B-S14 (14 bit opcodes)
PMS150C-S08 (13 bit opcodes)

---

My Programmer: PDK 3S-P-002 !!!OLD VERSION, DOES NOT SUPPORT PFS154 Flash based IC!!!!

Alternative Programmer: PDK 5S-P-003

My ICE: PDK 5S-I-S01 !!! SUPPORTS ALL SINGLE CORE VARIANTS!!!

Alternative ICE: PDK 3S-I-003 !!!OLD PRODUCT, ONLY FOR SOME MULTICORE VARIANTS!!!

---

Have fun,

JS
« Last Edit: November 30, 2018, 10:18:30 pm by js_12345678_55AA »
Easy PDK programmer and more: https://free-pdk.github.io
 

Offline spth

  • Regular Contributor
  • *
  • Posts: 163
  • Country: de
Re: EEVblog #1144 - Padauk Programmer Reverse Engineering
« Reply #160 on: November 30, 2018, 03:56:21 pm »
Do we have any idea if the Padauk Programmer supports on-target debugging in any way?

Philipp
 

Offline js_12345678_55AA

  • Frequent Contributor
  • **
  • Posts: 337
  • Country: ht
Re: EEVblog #1144 - Padauk Programmer Reverse Engineering
« Reply #161 on: November 30, 2018, 04:49:27 pm »
Do we have any idea if the Padauk Programmer supports on-target debugging in any way?

Philipp

Hi,

the programmer is just for writing to the IC. Usually the IDE inserts some "INIT-CODE" for IC testing and calibrating clock. This init code steals some valuable code space. It uses bit bang protocol on 3 IO pins to communicate with WRITER.

-> WRITER can not debug anything from your user program.
-> PADAUK CPU do not have any debug features (e.g. breakpoints) built in

Your best choice is to use the ICE. Then you get breakpoints and memory inspection from the IDE directly.

JS
Easy PDK programmer and more: https://free-pdk.github.io
 

Offline oPossum

  • Super Contributor
  • ***
  • Posts: 1415
  • Country: us
  • Very dangerous - may attack at any time
Re: EEVblog #1144 - Padauk Programmer Reverse Engineering
« Reply #162 on: December 01, 2018, 12:51:12 am »
Disassembler for all Padauk MCUs.

Usage: pdisasm pdk [io_symbols [mem_symbols]]

To show instruction set: pdisasm 13 | 14 | 16 | all
 

Offline DocBen

  • Regular Contributor
  • *
  • Posts: 111
  • Country: de
Re: EEVblog #1144 - Padauk Programmer Reverse Engineering
« Reply #163 on: December 01, 2018, 10:32:01 am »
Disassembler for all Padauk MCUs.

Usage: pdisasm pdk [io_symbols [mem_symbols]]

To show instruction set: pdisasm 13 | 14 | 16 | all


Great job!
I've modified it so that it compiles under linux (none of those ms dependencies any more and a Makefile), hope thats ok (+ some whitespace changes)
You can look at the attached patch files to see what I did.
just 'make' it.
 
The following users thanked this post: oPossum

Offline DocBen

  • Regular Contributor
  • *
  • Posts: 111
  • Country: de
Re: EEVblog #1144 - Padauk Programmer Reverse Engineering
« Reply #164 on: December 01, 2018, 12:35:31 pm »
I've modified main so that it will load the io symbols automagically, because that was irritating me to no end ;)

Code: [Select]
--- original/padauk_disasm.cpp 2018-12-01 11:25:20.595205297 +0100
+++ padauk_disasm.cpp 2018-12-01 13:31:07.148535905 +0100
@@ -1,11 +1,11 @@
-
-#include "stdafx.h"
+#include <string.h>
+#include <stdlib.h>
 #include "pdk.h"
 #include "disasm.h"
 
 
-int main(int argc, char **argv)
-{
+int
+main(int argc, char **argv) {
  if (argc < 2) {
  printf("Usage: pdisasm pdk [ io_symbols [ mem_symbols] ]\n");
  return 0;
@@ -30,10 +30,17 @@
  auto d = CPadaukDisasm::New(pdk.bits);
  if (!d) { printf("Unsupported core (%i bits)\n", pdk.bits);  return -2; }
 
- if (argc > 2) d->io_symbols.ReadFile(argv[2]);
+ if (argc > 2) {
+ d->io_symbols.ReadFile(argv[2]);
+ } else {
+ char fname[17] = {};
+ sprintf(fname, "sym_io_%d.txt", pdk.bits);
+ d->io_symbols.ReadFile(fname);
+ }
+
  if (argc > 3) d->mem_symbols.ReadFile(argv[3]);
 
  d->disasm(pdk);
  }
-    return 0;
+ return 0;
 }
 

Offline DocBen

  • Regular Contributor
  • *
  • Posts: 111
  • Country: de
Re: EEVblog #1144 - Padauk Programmer Reverse Engineering
« Reply #165 on: December 01, 2018, 12:57:14 pm »
Here is the precompiled ready to run binary and support files for linux. I use Ubuntu 18.04 LTS so should be fine for any current distribution ( I hope ;)

small_possum is the same but with debug symbols stripped so its only about 45k in size ready to run.
« Last Edit: December 01, 2018, 01:06:16 pm by DocBen »
 

Offline spth

  • Regular Contributor
  • *
  • Posts: 163
  • Country: de
Re: EEVblog #1144 - Padauk Programmer Reverse Engineering
« Reply #166 on: December 02, 2018, 04:40:25 pm »
Today, I made a first step to inefficently compiling a small subset of C to Padauk asm code. The current version is very restricted and generates very inefficient code; it is untested.

There is no assembler / linker support, so the resulting .asm file has to be assembled in other ways.

Particularly noticeable restrictions:

* The only data types supported are the basic integer types. No pointers, arrays, struct, union, float, etc.
* Functions cannot have parameters.
* Functions can return at most 1 byte (i.e. only void, bool, char, signed char, unsigned char are allowed).
* Bitwise operations and shifts are no supported.
* Multiplicative operators are not supported.
* Functions are not reentrant.

Code in svn at https://svn.code.sf.net/p/sdcc/code/branches/pdk/sdcc, use -mpdk14 to target Padauk (despite the name, the set of instructions emitted is part of the common subset of the Padauk instruction sets).

Philipp

P.S.: The only allowed comparisons are for equality, i.e. == and !=, while <,<=, >, >= don't work. Fortunately, most attempts to use non-supported functionality result in compile-time errors.
« Last Edit: December 02, 2018, 04:46:01 pm by spth »
 

Offline spth

  • Regular Contributor
  • *
  • Posts: 163
  • Country: de
Re: EEVblog #1144 - Padauk Programmer Reverse Engineering
« Reply #167 on: December 03, 2018, 08:44:39 am »
I have a startup file for the pfs154 that doesnt dissasemble correctly using the current sets, I suspect that 85A is still different from the others

Has this been resolved? Do we know if there are encoding differences within the individual 13-Bit / 14-Bit / 16_ Bit instruction sets (apart from differences in the supported subset of instructions)?

In particular: Can we be reasonably sure that the 14-Bit instruction set at https://free-pdk.github.io/PADAUK_FPPA_14_bit_instruction_set.html reflects the actual encoding for the PFS154?

Philipp
 

Offline DocBen

  • Regular Contributor
  • *
  • Posts: 111
  • Country: de
Re: EEVblog #1144 - Padauk Programmer Reverse Engineering
« Reply #168 on: December 03, 2018, 12:53:43 pm »
I have a startup file for the pfs154 that doesnt dissasemble correctly using the current sets, I suspect that 85A is still different from the others

Has this been resolved? Do we know if there are encoding differences within the individual 13-Bit / 14-Bit / 16_ Bit instruction sets (apart from differences in the supported subset of instructions)?

In particular: Can we be reasonably sure that the 14-Bit instruction set at https://free-pdk.github.io/PADAUK_FPPA_14_bit_instruction_set.html reflects the actual encoding for the PFS154?

Philipp


Just checked again. Yes.
Startup code for the PFS154 (dissassembled with opossum on linux):

Code: [Select]
PDK version: 20
PDK data size:  2048 words
Free data size: 2016 words
MCU: PFS154 [ID: 0x2AA1]
Compiler version: 0.83B17
14 bit core
0000  0070  wdreset   
0001  2F00  mov       a, 0x00
0002  0182  mov       SP, a
0003  3FED  call      0x07ED
0004  018B  mov       IHRCR, a
0005  3FEE  call      0x07EE
0006  019A  mov       BGTR, a
0007  2F20  mov       a, 0x20
0008  019B  mov       MISC_LVR, a
0009  2F34  mov       a, 0x34
000A  0183  mov       CLKCMD, a
000B  3FFE  call      0x07FE
000C  2AFF  ceqsn     a, 0xFF
000D  3054  goto      0x0054
000E  3FED  call      0x07ED
000F  0B81  mov       M1, a
0010  1F91  set1      PAC.6
0011  2F20  mov       a, 0x20
0012  0B80  mov       M0, a
0013  1AD0  t1sn      PA.3
0014  3013  goto      0x0013
0015  1F90  set1      PA.6
0016  0063  dzsn      a
0017  3016  goto      0x0016
0018  1180  dzsn      M0
0019  3016  goto      0x0016
001A  1D90  set0      PA.6
001B  18D0  t0sn      PA.3
001C  301B  goto      0x001B
001D  2F01  mov       a, 0x01
001E  1950  t0sn      PA.5
001F  2FFF  mov       a, 0xFF
0020  0C01  add       a, M1
0021  018B  mov       IHRCR, a
0022  0B81  mov       M1, a
0023  1AD0  t1sn      PA.3
0024  3023  goto      0x0023
0025  1B50  t1sn      PA.5
0026  304F  goto      0x004F
0027  2F04  mov       a, 0x04
0028  0188  mov       MISC, a
0029  18D0  t0sn      PA.3
002A  3029  goto      0x0029
002B  2F02  mov       a, 0x02
002C  0182  mov       SP, a
002D  1304  clear     M4
002E  1305  clear     M5
002F  2F5E  mov       a, 0x5E
0030  0B82  mov       M2, a
0031  2F00  mov       a, 0x00
0032  0B83  mov       M3, a
0033  0006  ldsptl   
0034  0B04  xor       M4, a
0035  0007  ldspth   
0036  0805  add       M5, a
0037  1584  sl        M4
0038  1685  slc       M5
0039  1004  addc      M4
003A  1282  dec       M2
003B  1083  subc      M3
003C  1A40  t1sn      FLAG.C
003D  3033  goto      0x0033
003E  1F90  set1      PA.6
003F  1AD0  t1sn      PA.3
0040  303F  goto      0x003F
0041  1584  sl        M4
0042  1685  slc       M5
0043  0590  swapc     PA.6
0044  18D0  t0sn      PA.3
0045  3044  goto      0x0044
0046  1950  t0sn      PA.5
0047  303F  goto      0x003F
0048  1D90  set0      PA.6
0049  1AD0  t1sn      PA.3
004A  3049  goto      0x0049
004B  18D0  t0sn      PA.3
004C  304B  goto      0x004B
004D  1B50  t1sn      PA.5
004E  302B  goto      0x002B
004F  18D0  t0sn      PA.3
0050  304F  goto      0x004F
0051  1B50  t1sn      PA.5
0052  3011  goto      0x0011
0053  3053  goto      0x0053
0054  018B  mov       IHRCR, a
0055  0000  nop       // here a nop/wdreset pattern starts so that I can recognize my code
0056  0070  wdreset   
0057  0000  nop       
0058  0070  wdreset   
0059  0000  nop       
005A  0070  wdreset   
005B  0000  nop       
005C  0070  wdreset   
005D  0000  nop       
005E  3055  goto      0x0055 
....    // all other locations are 3FFF
07EF  1FFE  set1      GPCC.7
07F0  3FFF  call      0x07FF
07F1  3FFF  call      0x07FF
07F2  3FFF  call      0x07FF
07F3  3FFF  call      0x07FF
07F4  3FFF  call      0x07FF
07F5  3FFF  call      0x07FF
07F6  3FFF  call      0x07FF
07F7  3FFF  call      0x07FF
07F8  0000  nop       
07F9  0000  nop       
07FA  3FFF  call      0x07FF
07FB  3FFF  call      0x07FF
07FC  3FFF  call      0x07FF
07FD  3FFF  call      0x07FF
07FE  3FFF  call      0x07FF
07FF  3DFD  call      0x05FD

Edit: It's actually slightly different from the one posted above, but only single instructions and coherent with the encoding.
Probably the options I chose?
« Last Edit: December 03, 2018, 01:08:17 pm by DocBen »
 

Offline DocBen

  • Regular Contributor
  • *
  • Posts: 111
  • Country: de
Re: EEVblog #1144 - Padauk Programmer Reverse Engineering
« Reply #169 on: December 03, 2018, 01:19:38 pm »
I think the only family missing is for these chips:

grep -Rlsi SYM_86B

PMS134.INC
MCU371.INC
PMS132K.INC
PMS133.INC
PFS173.INC

---

The differences I can spot are minimal: 86B also includes the NMOV instruction but lacks the (explicit?) description of LDSPTL/LDSPTH but instead has LDTABL/LDTABH.
Also the order of the instructions in the symbol file is slightly different.

The datasheet claims that the pfs173 has 89 instructions (I count 88) while the pfs154 has 82.

The actual devices are thus slightly different: the PFS154 misses the NADD and COMP instructions as per datasheet. Dont know if the IDE will accept them anyway. And LDSPTL/LDSPTH is in the Symbol file but not documented.
« Last Edit: December 03, 2018, 02:00:02 pm by DocBen »
 
The following users thanked this post: oPossum

Offline DocBen

  • Regular Contributor
  • *
  • Posts: 111
  • Country: de
Re: EEVblog #1144 - Padauk Programmer Reverse Engineering
« Reply #170 on: December 03, 2018, 02:05:20 pm »
And trying to dissassemble the PFS173 startup code we get this:

PDK version: 20
PDK data size:  3072 words
Free data size: 3040 words
MCU: PFS173 [ID: 0x2AA2]
Compiler version: 0.83B17
15 bit core
Unsupported core (15 bits)

So I was almost right: there is a different encoding (but not for the pfs154) :-DD
« Last Edit: December 03, 2018, 02:07:51 pm by DocBen »
 
The following users thanked this post: oPossum

Offline spth

  • Regular Contributor
  • *
  • Posts: 163
  • Country: de
Re: EEVblog #1144 - Padauk Programmer Reverse Engineering
« Reply #171 on: December 03, 2018, 02:15:02 pm »
So the 15-Bit encoding actually exists. Interesting. I hope it gets documented, too.

Philipp
 

Offline DocBen

  • Regular Contributor
  • *
  • Posts: 111
  • Country: de
Re: EEVblog #1144 - Padauk Programmer Reverse Engineering
« Reply #172 on: December 03, 2018, 03:00:07 pm »
Just noticed a small error I made in the linux sources that cuts off the first three bits of the printed opcode.
Corrected source below (also includes startupcode for pfs154 and 173) and precompiled binary.

Just a reminder to myself:
the amount of addressable memory is (core size in bits - 3)
16 -> 13 -> 8192 words, Family 83A
15 -> 12 -> 4096 words, Family 86B
14 -> 11 -> 2048 words, Family 85A
13 -> 10 -> 1024 words, Family 84B
« Last Edit: December 03, 2018, 07:16:38 pm by DocBen »
 

Offline oPossum

  • Super Contributor
  • ***
  • Posts: 1415
  • Country: us
  • Very dangerous - may attack at any time
Re: EEVblog #1144 - Padauk Programmer Reverse Engineering
« Reply #173 on: December 03, 2018, 03:16:20 pm »
15 bit instruction set confirmed. I thought it existed but the chips with 4 kW memory used the 16 bit instruction set, so I stopped looking.
Working on complete decode and updated disassembler.

Code: [Select]
6000   goto  0x0000
6FFF   goto  0x0FFF
7000   call  0x0000
7FFF   call  0x0FFF

12 bit program address
Probably 8 bit memory address.
IO address TBD.

 
The following users thanked this post: DocBen

Offline spth

  • Regular Contributor
  • *
  • Posts: 163
  • Country: de
Re: EEVblog #1144 - Padauk Programmer Reverse Engineering
« Reply #174 on: December 03, 2018, 07:17:57 pm »
Today, I made a first step to inefficently compiling a small subset of C to Padauk asm code. The current version is very restricted and generates very inefficient code; it is untested.

There is no assembler / linker support, so the resulting .asm file has to be assembled in other ways.

[…]

Code in svn at https://svn.code.sf.net/p/sdcc/code/branches/pdk/sdcc, use -mpdk14 to target Padauk (despite the name, the set of instructions emitted is part of the common subset of the Padauk instruction sets).

On the second day, wrt. completeness of implementation of the C standard, this has now far surpassed Mini-C.

Noticeable remaining restrictions:

* Variables can only reside in RAM, not in code space
* Global and static variables are not initialized.
* No floating-point or bit-fields.
* Functions can return at most 2 bytes (i.e. no long or long long).
* Multiplicative operators are not supported.
* Functions are not reentrant.
* No support for variable arguments.
* No standard library.
* struct / union cannot be assigned, passed as arguments or returned.
* No compoundliterals.
* No access to I/O from C.

There is no glue to connect this to assembler / linker yet, so the only useable output is asm code.
The generated asm code is still very inefficient. I will look into improving that a bit soon.

Philipp
 
The following users thanked this post: oPossum, DocBen, js_12345678_55AA


Share me

Digg  Facebook  SlashDot  Delicious  Technorati  Twitter  Google  Yahoo
Smf