Author Topic: EEVblog #1144 - Padauk Programmer Reverse Engineering  (Read 391322 times)

0 Members and 4 Guests are viewing this topic.

Offline js_12345678_55AA

  • Frequent Contributor
  • **
  • Posts: 337
  • Country: ht
Re: EEVblog #1144 - Padauk Programmer Reverse Engineering
« Reply #175 on: December 03, 2018, 07:27:53 pm »
Has this been resolved? Do we know if there are encoding differences within the individual 13-Bit / 14-Bit / 16_ Bit instruction sets (apart from differences in the supported subset of instructions)?
In particular: Can we be reasonably sure that the 14-Bit instruction set at https://free-pdk.github.io/PADAUK_FPPA_14_bit_instruction_set.html reflects the actual encoding for the PFS154?

Philipp

I updated the instruction set pages (13,14,16 bit) with all known stuff gathered from the contributors of this forum:

https://free-pdk.github.io/

JS
Easy PDK programmer and more: https://free-pdk.github.io
 
The following users thanked this post: oPossum

Offline oPossum

  • Super Contributor
  • ***
  • Posts: 1415
  • Country: us
  • Very dangerous - may attack at any time
Re: EEVblog #1144 - Padauk Programmer Reverse Engineering
« Reply #176 on: December 03, 2018, 07:43:54 pm »
15 bit instruction set

Used by PMS132K, PMS133, PMS134, PFS173, MCU371

Code: [Select]
0x0000  000_0000_0000_0000  nop
0x0001  000_0000_0000_0001
0x0002  000_0000_0000_001-
0x0004  000_0000_0000_01--
0x0008  000_0000_0000_1---
0x0010  000_0000_0001_----
0x0020  000_0000_001-_----
0x0040  000_0000_010-_----
0x0050  000_0000_0101_----
0x0060  000_0000_0110_0000  addc     a
0x0061  000_0000_0110_0001  subc     a
0x0062  000_0000_0110_0010  izsn     a
0x0063  000_0000_0110_0011  dzsn     a
0x0064  000_0000_0110_0100
0x0065  000_0000_0110_0101
0x0066  000_0000_0110_0110
0x0067  000_0000_0110_0111  pcadd    a
0x0068  000_0000_0110_1000  not      a
0x0069  000_0000_0110_1001  neg      a
0x006A  000_0000_0110_1010  sr       a
0x006B  000_0000_0110_1011  sl       a
0x006C  000_0000_0110_1100  src      a
0x006D  000_0000_0110_1101  slc      a
0x006E  000_0000_0110_1110  swap     a
0x006F  000_0000_0110_1111
0x0070  000_0000_0111_0000  wdreset
0x0071  000_0000_0111_0001
0x0072  000_0000_0111_0010  pushaf
0x0073  000_0000_0111_0011  popaf
0x0074  000_0000_0111_0100
0x0075  000_0000_0111_0101  reset
0x0076  000_0000_0111_0110  stopsys
0x0077  000_0000_0111_0111  stopexe
0x0078  000_0000_0111_1000  engint
0x0079  000_0000_0111_1001  disgint
0x007A  000_0000_0111_1010  ret
0x007B  000_0000_0111_1011  reti
0x007C  000_0000_0111_1100  mul
0x007D  000_0000_0111_1101
0x007E  000_0000_0111_1110
0x007F  000_0000_0111_1110
0x0080  000_0000_1ppp_pppp  xor      a,IO
0x0100  000_0001_0ppp_pppp  mov      IO,a
0x0180  000_0001_1ppp_pppp  mov      a,IO
0x0200  000_0010_kkkk_kkkk  ret      I
0x0300  000_0011_----_----
0x0400  000_0100_----_----
0x0500  000_0101_wwww_www0  ldtabl   word
0x0501  000_0101_wwww_www1  ldtabh   word
0x0600  000_0110_wwww_www0  stt16    word
0x0601  000_0110_wwww_www1  ldt16    word
0x0700  000_0111_wwww_www0  idxm     index,a
0x0701  000_0111_wwww_www1  idxm     a,index
0x0800  000_10--_----_----
0x0C00  000_1100_mmmm_mmmm  comp     a,M
0x0D00  000_1101_mmmm_mmmm  comp     M,a
0x0E00  000_1110_mmmm_mmmm  nadd     a,M
0x0F00  000_1111_mmmm_mmmm  nadd     M,a
0x1000  001_0000_mmmm_mmmm  add      M,a
0x1100  001_0001_mmmm_mmmm  sub      M,a
0x1200  001_0010_mmmm_mmmm  addc     M,a
0x1300  001_0011_mmmm_mmmm  subc     M,a
0x1400  001_0100_mmmm_mmmm  and      M,a
0x1500  001_0101_mmmm_mmmm  or       M,a
0x1600  001_0110_mmmm_mmmm  xor      M,a
0x1700  001_0111_mmmm_mmmm  mov      M,a
0x1800  001_1000_mmmm_mmmm  add      a,M
0x1900  001_1001_mmmm_mmmm  sub      a,M
0x1A00  001_1010_mmmm_mmmm  addc     a,M
0x1B00  001_1011_mmmm_mmmm  subc     a,M
0x1C00  001_1100_mmmm_mmmm  and      a,M
0x1D00  001_1101_mmmm_mmmm  or       a,M
0x1E00  001_1110_mmmm_mmmm  xor      a,M
0x1F00  001_1111_mmmm_mmmm  mov      a,M
0x2000  010_0000_mmmm_mmmm  addc     M
0x2100  010_0001_mmmm_mmmm  subc     M
0x2200  010_0010_mmmm_mmmm  izsn     M
0x2300  010_0011_mmmm_mmmm  dzsn     M
0x2400  010_0100_mmmm_mmmm  inc      M
0x2500  010_0101_mmmm_mmmm  dec      M
0x2600  010_0110_mmmm_mmmm  clear    M
0x2700  010_0111_mmmm_mmmm  xch      M
0x2800  010_1000_mmmm_mmmm  not      M
0x2900  010_1001_mmmm_mmmm  neg      M
0x2A00  010_1010_mmmm_mmmm  sr       M
0x2B00  010_1011_mmmm_mmmm  sl       M
0x2C00  010_1100_mmmm_mmmm  src      M
0x2D00  010_1101_mmmm_mmmm  slc      M
0x2E00  010_1110_mmmm_mmmm  ceqsn    a,M
0x2F00  010_1111_mmmm_mmmm  cneqsn   a,M
0x3000  011_00bb_bppp_pppp  t0sn     IO.n
0x3400  011_01bb_bppp_pppp  t1sn     IO.n
0x3800  011_10bb_bppp_pppp  set0     IO.n
0x3C00  011_11bb_bppp_pppp  set1     IO.n
0x4000  100_00bb_bmmm_mmmm  t0sn     M.n
0x4400  100_01bb_bmmm_mmmm  t1sn     M.n
0x4800  100_10bb_bmmm_mmmm  set0     M.n
0x4C00  100_11bb_bmmm_mmmm  set1     M.n
0x5000  101_0000_kkkk_kkkk  add      a,I
0x5100  101_0001_kkkk_kkkk  sub      a,I
0x5200  101_0010_kkkk_kkkk  ceqsn    a,I
0x5300  101_0011_kkkk_kkkk  cneqsn   a,I
0x5400  101_0100_kkkk_kkkk  and      a,I
0x5500  101_0101_kkkk_kkkk  or       a,I
0x5600  101_0110_kkkk_kkkk  xor      a,I
0x5700  101_0111_kkkk_kkkk  mov      a,I
0x5800  101_10--_----_----
0x5C00  101_11bb_bppp_pppp  swapc    IO.n
0x6000  110_aaaa_aaaa_aaaa  goto     label
0x7000  111_aaaa_aaaa_aaaa  call     label

 

Offline oPossum

  • Super Contributor
  • ***
  • Posts: 1415
  • Country: us
  • Very dangerous - may attack at any time
Re: EEVblog #1144 - Padauk Programmer Reverse Engineering
« Reply #177 on: December 03, 2018, 08:00:00 pm »
Edit: It's actually slightly different from the one posted above, but only single instructions and coherent with the encoding.
Probably the options I chose?

Yes, I think so. Different .ADJUST_IC options and different code size.
 

Offline oPossum

  • Super Contributor
  • ***
  • Posts: 1415
  • Country: us
  • Very dangerous - may attack at any time
Re: EEVblog #1144 - Padauk Programmer Reverse Engineering
« Reply #178 on: December 03, 2018, 08:09:57 pm »
Just a reminder to myself:
the amount of addressable memory is (core size in bits - 3)
16 -> 13 -> 8192 words, Family 83A
15 -> 12 -> 4096 words, Family 86B
14 -> 11 -> 2048 words, Family 85A
13 -> 10 -> 1024 words, Family 84B

Also...

16 -> 13 -> 8192 words, Family 82A  [PMC882 PDK22C13 PDK22C13A PDK22C58 PDK22C58A PDK82C12 PDK82C13 PDK82S_EV]
 

Offline oPossum

  • Super Contributor
  • ***
  • Posts: 1415
  • Country: us
  • Very dangerous - may attack at any time
Re: EEVblog #1144 - Padauk Programmer Reverse Engineering
« Reply #179 on: December 03, 2018, 08:23:58 pm »
16/15/14/13 bit instruction encoding sorted by 16 bit opcode
Code: [Select]
nop                 0000_0000_0000_0000   000_0000_0000_0000   00_0000_0000_0000   0_0000_0000_0000
ldsptl                                                         00_0000_0000_0110
ldspth                                                         00_0000_0000_0111
addc      a         0000_0000_0001_0000   000_0000_0110_0000   00_0000_0110_0000   0_0000_0001_0000
subc      a         0000_0000_0001_0001   000_0000_0110_0001   00_0000_0110_0001   0_0000_0001_0001
izsn      a         0000_0000_0001_0010   000_0000_0110_0010   00_0000_0110_0010   0_0000_0001_0010
dzsn      a         0000_0000_0001_0011   000_0000_0110_0011   00_0000_0110_0011   0_0000_0001_0011
pcadd     a         0000_0000_0001_0111   000_0000_0110_0111   00_0000_0110_0111   0_0000_0001_0111
not       a         0000_0000_0001_1000   000_0000_0110_1000   00_0000_0110_1000   0_0000_0001_1000
neg       a         0000_0000_0001_1001   000_0000_0110_1001   00_0000_0110_1001   0_0000_0001_1001
sr        a         0000_0000_0001_1010   000_0000_0110_1010   00_0000_0110_1010   0_0000_0001_1010
sl        a         0000_0000_0001_1011   000_0000_0110_1011   00_0000_0110_1011   0_0000_0001_1011
src       a         0000_0000_0001_1100   000_0000_0110_1100   00_0000_0110_1100   0_0000_0001_1100
slc       a         0000_0000_0001_1101   000_0000_0110_1101   00_0000_0110_1101   0_0000_0001_1101
swap      a         0000_0000_0001_1110   000_0000_0110_1110   00_0000_0110_1110   0_0000_0001_1110
delay     a         0000_0000_0001_1111
wdreset             0000_0000_0011_0000   000_0000_0111_0000   00_0000_0111_0000   0_0000_0011_0000
pushaf              0000_0000_0011_0010   000_0000_0111_0010   00_0000_0111_0010   0_0000_0011_0010
popaf               0000_0000_0011_0011   000_0000_0111_0011   00_0000_0111_0011   0_0000_0011_0011
reset               0000_0000_0011_0101   000_0000_0111_0101   00_0000_0111_0101   0_0000_0011_0101
stopsys             0000_0000_0011_0110   000_0000_0111_0110   00_0000_0111_0110   0_0000_0011_0110
stopexe             0000_0000_0011_0111   000_0000_0111_0111   00_0000_0111_0111   0_0000_0011_0111
engint              0000_0000_0011_1000   000_0000_0111_1000   00_0000_0111_1000   0_0000_0011_1000
disgint             0000_0000_0011_1001   000_0000_0111_1001   00_0000_0111_1001   0_0000_0011_1001
ret                 0000_0000_0011_1010   000_0000_0111_1010   00_0000_0111_1010   0_0000_0011_1010
reti                0000_0000_0011_1011   000_0000_0111_1011   00_0000_0111_1011   0_0000_0011_1011
mul                 0000_0000_0011_1100   000_0000_0111_1100   00_0000_0111_1100
pmode     n         0000_0000_010k_kkkk
popw      pcN       0000_0000_0110_tttt
pushw     pcN       0000_0000_0111_tttt
mov       IO,a      0000_0000_10pp_pppp   000_0001_0ppp_pppp   00_0001_10pp_pppp   0_0000_100p_pppp
mov       a,IO      0000_0000_11pp_pppp   000_0001_1ppp_pppp   00_0001_11pp_pppp   0_0000_101p_pppp
cneqsn    a,I       0000_0001_kkkk_kkkk   101_0011_kkkk_kkkk   10_1011_kkkk_kkkk   1_0011_kkkk_kkkk
stt16     word      0000_001w_wwww_www0   000_0110_wwww_www0   00_0011_0www_www0   0_0000_110w_www0
ldt16     word      0000_001w_wwww_www1   000_0110_wwww_www1   00_0011_0www_www1   0_0000_110w_www1
popw      word      0000_010w_wwww_www0
pushw     word      0000_010w_wwww_www1
igoto     word      0000_011w_wwww_www0
icall     word      0000_011w_wwww_www1
idxm      index,a   0000_100w_wwww_www0   000_0111_wwww_www0   00_0011_1www_www0   0_0000_111w_www0
idxm      a,index   0000_100w_wwww_www1   000_0111_wwww_www1   00_0011_1www_www1   0_0000_111w_www1
ldtabl    word      0000_101w_wwww_www0   000_0101_wwww_www0
ldtabh    word      0000_101w_wwww_www1   000_0101_wwww_www1
delay     I         0000_1110_kkkk_kkkk
ret       I         0000_1111_kkkk_kkkk   000_0010_kkkk_kkkk   00_0010_kkkk_kkkk   0_0001_kkkk_kkkk
xor       IO,a      0001_0000_00pp_pppp   000_0000_1ppp_pppp   00_0000_11pp_pppp   0_0000_011p_pppp
xor       a,IO      0001_0000_01pp_pppp
cneqsn    M,a       0001_010m_mmmm_mmmm
cneqsn    a,M       0001_011m_mmmm_mmmm   010_1111_mmmm_mmmm   01_0111_1mmm_mmmm   0_1011_11mm_mmmm
add       a,I       0001_1000_kkkk_kkkk   101_0000_kkkk_kkkk   10_1000_kkkk_kkkk   1_0000_kkkk_kkkk
sub       a,I       0001_1001_kkkk_kkkk   101_0001_kkkk_kkkk   10_1001_kkkk_kkkk   1_0001_kkkk_kkkk
ceqsn     a,I       0001_1010_kkkk_kkkk   101_0010_kkkk_kkkk   10_1010_kkkk_kkkk   1_0010_kkkk_kkkk
comp      a,I       0001_1011_kkkk_kkkk
and       a,I       0001_1100_kkkk_kkkk   101_0100_kkkk_kkkk   10_1100_kkkk_kkkk   1_0100_kkkk_kkkk
or        a,I       0001_1101_kkkk_kkkk   101_0101_kkkk_kkkk   10_1101_kkkk_kkkk   1_0101_kkkk_kkkk
xor       a,I       0001_1110_kkkk_kkkk   101_0110_kkkk_kkkk   10_1110_kkkk_kkkk   1_0110_kkkk_kkkk
mov       a,I       0001_1111_kkkk_kkkk   101_0111_kkkk_kkkk   10_1111_kkkk_kkkk   1_0111_kkkk_kkkk
t0sn      IO.n      0010_000b_bbpp_pppp   011_00bb_bppp_pppp   01_100b_bbpp_pppp   0_1100_bbbp_pppp
t1sn      IO.n      0010_001b_bbpp_pppp   011_01bb_bppp_pppp   01_101b_bbpp_pppp   0_1101_bbbp_pppp
set0      IO.n      0010_010b_bbpp_pppp   011_10bb_bppp_pppp   01_110b_bbpp_pppp   0_1110_bbbp_pppp
set1      IO.n      0010_011b_bbpp_pppp   011_11bb_bppp_pppp   01_111b_bbpp_pppp   0_1111_bbbp_pppp
tog       IO.n      0010_100b_bbpp_pppp
wait0     IO.n      0010_101b_bbpp_pppp
wait1     IO.n      0010_110b_bbpp_pppp
swapc     IO.n      0010_111b_bbpp_pppp   101_11bb_bppp_pppp   00_010b_bbpp_pppp
nmov      M,a       0011_000m_mmmm_mmmm
nmov      a,M       0011_001m_mmmm_mmmm
nadd      M,a       0011_010m_mmmm_mmmm   000_1111_mmmm_mmmm   00_0111_1mmm_mmmm
nadd      a,M       0011_011m_mmmm_mmmm   000_1110_mmmm_mmmm   00_0111_0mmm_mmmm
ceqsn     M,a       0011_100m_mmmm_mmmm
ceqsn     a,M       0011_101m_mmmm_mmmm   010_1110_mmmm_mmmm   01_0111_0mmm_mmmm   0_1011_10mm_mmmm
comp      M,a       0011_110m_mmmm_mmmm   000_1101_mmmm_mmmm   00_0110_1mmm_mmmm
comp      a,M       0011_111m_mmmm_mmmm   000_1100_mmmm_mmmm   00_0110_0mmm_mmmm
add       M,a       0100_000m_mmmm_mmmm   001_0000_mmmm_mmmm   00_1000_0mmm_mmmm   0_0100_00mm_mmmm
add       a,M       0100_001m_mmmm_mmmm   001_1000_mmmm_mmmm   00_1100_0mmm_mmmm   0_0110_00mm_mmmm
sub       M,a       0100_010m_mmmm_mmmm   001_0001_mmmm_mmmm   00_1000_1mmm_mmmm   0_0100_01mm_mmmm
sub       a,M       0100_011m_mmmm_mmmm   001_1001_mmmm_mmmm   00_1100_1mmm_mmmm   0_0110_01mm_mmmm
addc      M,a       0100_100m_mmmm_mmmm   001_0010_mmmm_mmmm   00_1001_0mmm_mmmm   0_0100_10mm_mmmm
addc      a,M       0100_101m_mmmm_mmmm   001_1010_mmmm_mmmm   00_1101_0mmm_mmmm   0_0110_10mm_mmmm
subc      M,a       0100_110m_mmmm_mmmm   001_0011_mmmm_mmmm   00_1001_1mmm_mmmm   0_0100_11mm_mmmm
subc      a,M       0100_111m_mmmm_mmmm   001_1011_mmmm_mmmm   00_1101_1mmm_mmmm   0_0110_11mm_mmmm
and       M,a       0101_000m_mmmm_mmmm   001_0100_mmmm_mmmm   00_1010_0mmm_mmmm   0_0101_00mm_mmmm
and       a,M       0101_001m_mmmm_mmmm   001_1100_mmmm_mmmm   00_1110_0mmm_mmmm   0_0111_00mm_mmmm
or        M,a       0101_010m_mmmm_mmmm   001_0101_mmmm_mmmm   00_1010_1mmm_mmmm   0_0101_01mm_mmmm
or        a,M       0101_011m_mmmm_mmmm   001_1101_mmmm_mmmm   00_1110_1mmm_mmmm   0_0111_01mm_mmmm
xor       M,a       0101_100m_mmmm_mmmm   001_0110_mmmm_mmmm   00_1011_0mmm_mmmm   0_0101_10mm_mmmm
xor       a,M       0101_101m_mmmm_mmmm   001_1110_mmmm_mmmm   00_1111_0mmm_mmmm   0_0111_10mm_mmmm
mov       M,a       0101_110m_mmmm_mmmm   001_0111_mmmm_mmmm   00_1011_1mmm_mmmm   0_0101_11mm_mmmm
mov       a,M       0101_111m_mmmm_mmmm   001_1111_mmmm_mmmm   00_1111_1mmm_mmmm   0_0111_11mm_mmmm
addc      M         0110_000m_mmmm_mmmm   010_0000_mmmm_mmmm   01_0000_0mmm_mmmm   0_1000_00mm_mmmm
subc      M         0110_001m_mmmm_mmmm   010_0001_mmmm_mmmm   01_0000_1mmm_mmmm   0_1000_01mm_mmmm
izsn      M         0110_010m_mmmm_mmmm   010_0010_mmmm_mmmm   01_0001_0mmm_mmmm   0_1000_10mm_mmmm
dzsn      M         0110_011m_mmmm_mmmm   010_0011_mmmm_mmmm   01_0001_1mmm_mmmm   0_1000_11mm_mmmm
inc       M         0110_100m_mmmm_mmmm   010_0100_mmmm_mmmm   01_0010_0mmm_mmmm   0_1001_00mm_mmmm
dec       M         0110_101m_mmmm_mmmm   010_0101_mmmm_mmmm   01_0010_1mmm_mmmm   0_1001_01mm_mmmm
clear     M         0110_110m_mmmm_mmmm   010_0110_mmmm_mmmm   01_0011_0mmm_mmmm   0_1001_10mm_mmmm
xch       M         0110_111m_mmmm_mmmm   010_0111_mmmm_mmmm   01_0011_1mmm_mmmm   0_1001_11mm_mmmm
not       M         0111_000m_mmmm_mmmm   010_1000_mmmm_mmmm   01_0100_0mmm_mmmm   0_1010_00mm_mmmm
neg       M         0111_001m_mmmm_mmmm   010_1001_mmmm_mmmm   01_0100_1mmm_mmmm   0_1010_01mm_mmmm
sr        M         0111_010m_mmmm_mmmm   010_1010_mmmm_mmmm   01_0101_0mmm_mmmm   0_1010_10mm_mmmm
sl        M         0111_011m_mmmm_mmmm   010_1011_mmmm_mmmm   01_0101_1mmm_mmmm   0_1010_11mm_mmmm
src       M         0111_100m_mmmm_mmmm   010_1100_mmmm_mmmm   01_0110_0mmm_mmmm   0_1011_00mm_mmmm
slc       M         0111_101m_mmmm_mmmm   010_1101_mmmm_mmmm   01_0110_1mmm_mmmm   0_1011_01mm_mmmm
swap      M         0111_110m_mmmm_mmmm
delay     M         0111_111m_mmmm_mmmm
t0sn      M.n       1000_bbbm_mmmm_mmmm   100_00bb_bmmm_mmmm   10_000b_bbmm_mmmm   0_0010_bbb0_mmmm
t1sn      M.n       1001_bbbm_mmmm_mmmm   100_01bb_bmmm_mmmm   10_001b_bbmm_mmmm   0_0010_bbb1_mmmm
set0      M.n       1010_bbbm_mmmm_mmmm   100_10bb_bmmm_mmmm   10_010b_bbmm_mmmm   0_0011_bbb0_mmmm
set1      M.n       1011_bbbm_mmmm_mmmm   100_11bb_bmmm_mmmm   10_011b_bbmm_mmmm   0_0011_bbb1_mmmm
goto      label     110a_aaaa_aaaa_aaaa   110_aaaa_aaaa_aaaa   11_0aaa_aaaa_aaaa   1_10aa_aaaa_aaaa
call      label     111a_aaaa_aaaa_aaaa   111_aaaa_aaaa_aaaa   11_1aaa_aaaa_aaaa   1_11aa_aaaa_aaaa


16/15/14/13 bit instruction encoding sorted by mnemonic
Code: [Select]
add       a,I       0001_1000_kkkk_kkkk   101_0000_kkkk_kkkk   10_1000_kkkk_kkkk   1_0000_kkkk_kkkk
add       a,M       0100_001m_mmmm_mmmm   001_1000_mmmm_mmmm   00_1100_0mmm_mmmm   0_0110_00mm_mmmm
add       M,a       0100_000m_mmmm_mmmm   001_0000_mmmm_mmmm   00_1000_0mmm_mmmm   0_0100_00mm_mmmm
addc      a         0000_0000_0001_0000   000_0000_0110_0000   00_0000_0110_0000   0_0000_0001_0000
addc      a,M       0100_101m_mmmm_mmmm   001_1010_mmmm_mmmm   00_1101_0mmm_mmmm   0_0110_10mm_mmmm
addc      M         0110_000m_mmmm_mmmm   010_0000_mmmm_mmmm   01_0000_0mmm_mmmm   0_1000_00mm_mmmm
addc      M,a       0100_100m_mmmm_mmmm   001_0010_mmmm_mmmm   00_1001_0mmm_mmmm   0_0100_10mm_mmmm
and       a,I       0001_1100_kkkk_kkkk   101_0100_kkkk_kkkk   10_1100_kkkk_kkkk   1_0100_kkkk_kkkk
and       a,M       0101_001m_mmmm_mmmm   001_1100_mmmm_mmmm   00_1110_0mmm_mmmm   0_0111_00mm_mmmm
and       M,a       0101_000m_mmmm_mmmm   001_0100_mmmm_mmmm   00_1010_0mmm_mmmm   0_0101_00mm_mmmm
call      label     111a_aaaa_aaaa_aaaa   111_aaaa_aaaa_aaaa   11_1aaa_aaaa_aaaa   1_11aa_aaaa_aaaa
ceqsn     a,I       0001_1010_kkkk_kkkk   101_0010_kkkk_kkkk   10_1010_kkkk_kkkk   1_0010_kkkk_kkkk
ceqsn     a,M       0011_101m_mmmm_mmmm   010_1110_mmmm_mmmm   01_0111_0mmm_mmmm   0_1011_10mm_mmmm
ceqsn     M,a       0011_100m_mmmm_mmmm
clear     M         0110_110m_mmmm_mmmm   010_0110_mmmm_mmmm   01_0011_0mmm_mmmm   0_1001_10mm_mmmm
cneqsn    a,I       0000_0001_kkkk_kkkk   101_0011_kkkk_kkkk   10_1011_kkkk_kkkk   1_0011_kkkk_kkkk
cneqsn    a,M       0001_011m_mmmm_mmmm   010_1111_mmmm_mmmm   01_0111_1mmm_mmmm   0_1011_11mm_mmmm
cneqsn    M,a       0001_010m_mmmm_mmmm
comp      a,I       0001_1011_kkkk_kkkk
comp      a,M       0011_111m_mmmm_mmmm   000_1100_mmmm_mmmm   00_0110_0mmm_mmmm
comp      M,a       0011_110m_mmmm_mmmm   000_1101_mmmm_mmmm   00_0110_1mmm_mmmm
dec       M         0110_101m_mmmm_mmmm   010_0101_mmmm_mmmm   01_0010_1mmm_mmmm   0_1001_01mm_mmmm
delay     a         0000_0000_0001_1111
delay     I         0000_1110_kkkk_kkkk
delay     M         0111_111m_mmmm_mmmm
disgint             0000_0000_0011_1001   000_0000_0111_1001   00_0000_0111_1001   0_0000_0011_1001
dzsn      a         0000_0000_0001_0011   000_0000_0110_0011   00_0000_0110_0011   0_0000_0001_0011
dzsn      M         0110_011m_mmmm_mmmm   010_0011_mmmm_mmmm   01_0001_1mmm_mmmm   0_1000_11mm_mmmm
engint              0000_0000_0011_1000   000_0000_0111_1000   00_0000_0111_1000   0_0000_0011_1000
goto      label     110a_aaaa_aaaa_aaaa   110_aaaa_aaaa_aaaa   11_0aaa_aaaa_aaaa   1_10aa_aaaa_aaaa
icall     word      0000_011w_wwww_www1
idxm      a,index   0000_100w_wwww_www1   000_0111_wwww_www1   00_0011_1www_www1   0_0000_111w_www1
idxm      index,a   0000_100w_wwww_www0   000_0111_wwww_www0   00_0011_1www_www0   0_0000_111w_www0
igoto     word      0000_011w_wwww_www0
inc       M         0110_100m_mmmm_mmmm   010_0100_mmmm_mmmm   01_0010_0mmm_mmmm   0_1001_00mm_mmmm
izsn      a         0000_0000_0001_0010   000_0000_0110_0010   00_0000_0110_0010   0_0000_0001_0010
izsn      M         0110_010m_mmmm_mmmm   010_0010_mmmm_mmmm   01_0001_0mmm_mmmm   0_1000_10mm_mmmm
ldspth                                                         00_0000_0000_0111
ldsptl                                                         00_0000_0000_0110
ldt16     word      0000_001w_wwww_www1   000_0110_wwww_www1   00_0011_0www_www1   0_0000_110w_www1
ldtabh    word      0000_101w_wwww_www1   000_0101_wwww_www1
ldtabl    word      0000_101w_wwww_www0   000_0101_wwww_www0
mov       a,I       0001_1111_kkkk_kkkk   101_0111_kkkk_kkkk   10_1111_kkkk_kkkk   1_0111_kkkk_kkkk
mov       a,IO      0000_0000_11pp_pppp   000_0001_1ppp_pppp   00_0001_11pp_pppp   0_0000_101p_pppp
mov       a,M       0101_111m_mmmm_mmmm   001_1111_mmmm_mmmm   00_1111_1mmm_mmmm   0_0111_11mm_mmmm
mov       IO,a      0000_0000_10pp_pppp   000_0001_0ppp_pppp   00_0001_10pp_pppp   0_0000_100p_pppp
mov       M,a       0101_110m_mmmm_mmmm   001_0111_mmmm_mmmm   00_1011_1mmm_mmmm   0_0101_11mm_mmmm
mul                 0000_0000_0011_1100   000_0000_0111_1100   00_0000_0111_1100
nadd      a,M       0011_011m_mmmm_mmmm   000_1110_mmmm_mmmm   00_0111_0mmm_mmmm
nadd      M,a       0011_010m_mmmm_mmmm   000_1111_mmmm_mmmm   00_0111_1mmm_mmmm
neg       a         0000_0000_0001_1001   000_0000_0110_1001   00_0000_0110_1001   0_0000_0001_1001
neg       M         0111_001m_mmmm_mmmm   010_1001_mmmm_mmmm   01_0100_1mmm_mmmm   0_1010_01mm_mmmm
nmov      a,M       0011_001m_mmmm_mmmm
nmov      M,a       0011_000m_mmmm_mmmm
nop                 0000_0000_0000_0000   000_0000_0000_0000   00_0000_0000_0000   0_0000_0000_0000
not       a         0000_0000_0001_1000   000_0000_0110_1000   00_0000_0110_1000   0_0000_0001_1000
not       M         0111_000m_mmmm_mmmm   010_1000_mmmm_mmmm   01_0100_0mmm_mmmm   0_1010_00mm_mmmm
or        a,I       0001_1101_kkkk_kkkk   101_0101_kkkk_kkkk   10_1101_kkkk_kkkk   1_0101_kkkk_kkkk
or        a,M       0101_011m_mmmm_mmmm   001_1101_mmmm_mmmm   00_1110_1mmm_mmmm   0_0111_01mm_mmmm
or        M,a       0101_010m_mmmm_mmmm   001_0101_mmmm_mmmm   00_1010_1mmm_mmmm   0_0101_01mm_mmmm
pcadd     a         0000_0000_0001_0111   000_0000_0110_0111   00_0000_0110_0111   0_0000_0001_0111
pmode     n         0000_0000_010k_kkkk
popaf               0000_0000_0011_0011   000_0000_0111_0011   00_0000_0111_0011   0_0000_0011_0011
popw      pcN       0000_0000_0110_tttt
popw      word      0000_010w_wwww_www0
pushaf              0000_0000_0011_0010   000_0000_0111_0010   00_0000_0111_0010   0_0000_0011_0010
pushw     pcN       0000_0000_0111_tttt
pushw     word      0000_010w_wwww_www1
reset               0000_0000_0011_0101   000_0000_0111_0101   00_0000_0111_0101   0_0000_0011_0101
ret                 0000_0000_0011_1010   000_0000_0111_1010   00_0000_0111_1010   0_0000_0011_1010
ret       I         0000_1111_kkkk_kkkk   000_0010_kkkk_kkkk   00_0010_kkkk_kkkk   0_0001_kkkk_kkkk
reti                0000_0000_0011_1011   000_0000_0111_1011   00_0000_0111_1011   0_0000_0011_1011
set0      IO.n      0010_010b_bbpp_pppp   011_10bb_bppp_pppp   01_110b_bbpp_pppp   0_1110_bbbp_pppp
set0      M.n       1010_bbbm_mmmm_mmmm   100_10bb_bmmm_mmmm   10_010b_bbmm_mmmm   0_0011_bbb0_mmmm
set1      IO.n      0010_011b_bbpp_pppp   011_11bb_bppp_pppp   01_111b_bbpp_pppp   0_1111_bbbp_pppp
set1      M.n       1011_bbbm_mmmm_mmmm   100_11bb_bmmm_mmmm   10_011b_bbmm_mmmm   0_0011_bbb1_mmmm
sl        a         0000_0000_0001_1011   000_0000_0110_1011   00_0000_0110_1011   0_0000_0001_1011
sl        M         0111_011m_mmmm_mmmm   010_1011_mmmm_mmmm   01_0101_1mmm_mmmm   0_1010_11mm_mmmm
slc       a         0000_0000_0001_1101   000_0000_0110_1101   00_0000_0110_1101   0_0000_0001_1101
slc       M         0111_101m_mmmm_mmmm   010_1101_mmmm_mmmm   01_0110_1mmm_mmmm   0_1011_01mm_mmmm
sr        a         0000_0000_0001_1010   000_0000_0110_1010   00_0000_0110_1010   0_0000_0001_1010
sr        M         0111_010m_mmmm_mmmm   010_1010_mmmm_mmmm   01_0101_0mmm_mmmm   0_1010_10mm_mmmm
src       a         0000_0000_0001_1100   000_0000_0110_1100   00_0000_0110_1100   0_0000_0001_1100
src       M         0111_100m_mmmm_mmmm   010_1100_mmmm_mmmm   01_0110_0mmm_mmmm   0_1011_00mm_mmmm
stopexe             0000_0000_0011_0111   000_0000_0111_0111   00_0000_0111_0111   0_0000_0011_0111
stopsys             0000_0000_0011_0110   000_0000_0111_0110   00_0000_0111_0110   0_0000_0011_0110
stt16     word      0000_001w_wwww_www0   000_0110_wwww_www0   00_0011_0www_www0   0_0000_110w_www0
sub       a,I       0001_1001_kkkk_kkkk   101_0001_kkkk_kkkk   10_1001_kkkk_kkkk   1_0001_kkkk_kkkk
sub       a,M       0100_011m_mmmm_mmmm   001_1001_mmmm_mmmm   00_1100_1mmm_mmmm   0_0110_01mm_mmmm
sub       M,a       0100_010m_mmmm_mmmm   001_0001_mmmm_mmmm   00_1000_1mmm_mmmm   0_0100_01mm_mmmm
subc      a         0000_0000_0001_0001   000_0000_0110_0001   00_0000_0110_0001   0_0000_0001_0001
subc      a,M       0100_111m_mmmm_mmmm   001_1011_mmmm_mmmm   00_1101_1mmm_mmmm   0_0110_11mm_mmmm
subc      M         0110_001m_mmmm_mmmm   010_0001_mmmm_mmmm   01_0000_1mmm_mmmm   0_1000_01mm_mmmm
subc      M,a       0100_110m_mmmm_mmmm   001_0011_mmmm_mmmm   00_1001_1mmm_mmmm   0_0100_11mm_mmmm
swap      a         0000_0000_0001_1110   000_0000_0110_1110   00_0000_0110_1110   0_0000_0001_1110
swap      M         0111_110m_mmmm_mmmm
swapc     IO.n      0010_111b_bbpp_pppp   101_11bb_bppp_pppp   00_010b_bbpp_pppp
t0sn      IO.n      0010_000b_bbpp_pppp   011_00bb_bppp_pppp   01_100b_bbpp_pppp   0_1100_bbbp_pppp
t0sn      M.n       1000_bbbm_mmmm_mmmm   100_00bb_bmmm_mmmm   10_000b_bbmm_mmmm   0_0010_bbb0_mmmm
t1sn      IO.n      0010_001b_bbpp_pppp   011_01bb_bppp_pppp   01_101b_bbpp_pppp   0_1101_bbbp_pppp
t1sn      M.n       1001_bbbm_mmmm_mmmm   100_01bb_bmmm_mmmm   10_001b_bbmm_mmmm   0_0010_bbb1_mmmm
tog       IO.n      0010_100b_bbpp_pppp
wait0     IO.n      0010_101b_bbpp_pppp
wait1     IO.n      0010_110b_bbpp_pppp
wdreset             0000_0000_0011_0000   000_0000_0111_0000   00_0000_0111_0000   0_0000_0011_0000
xch       M         0110_111m_mmmm_mmmm   010_0111_mmmm_mmmm   01_0011_1mmm_mmmm   0_1001_11mm_mmmm
xor       a,I       0001_1110_kkkk_kkkk   101_0110_kkkk_kkkk   10_1110_kkkk_kkkk   1_0110_kkkk_kkkk
xor       a,IO      0001_0000_01pp_pppp
xor       a,M       0101_101m_mmmm_mmmm   001_1110_mmmm_mmmm   00_1111_0mmm_mmmm   0_0111_10mm_mmmm
xor       IO,a      0001_0000_00pp_pppp   000_0000_1ppp_pppp   00_0000_11pp_pppp   0_0000_011p_pppp
xor       M,a       0101_100m_mmmm_mmmm   001_0110_mmmm_mmmm   00_1011_0mmm_mmmm   0_0101_10mm_mmmm

 

Offline DocBen

  • Regular Contributor
  • *
  • Posts: 111
  • Country: de
Re: EEVblog #1144 - Padauk Programmer Reverse Engineering
« Reply #180 on: December 03, 2018, 08:30:32 pm »

On the second day, wrt. completeness of implementation of the C standard, this has now far surpassed Mini-C.


Well done! Seems to be doing its job.

Code: [Select]
unsigned int a = 15;
unsigned int b = 23;
unsigned int c;

void
main( void ) {
while (c < a * b) {
c += a;
}
}

Weird: The compiler doesnt seem to realize that a*b will always be constant (even if I declare both variables as const and they land in the const segment).
Is that an optimization step?

Code: [Select]
...
_main:
; test.c: 7: while (c < a * b) {
00101$:
mov a, _a+0
mov __mulint_PARM_1+0, a
mov a, _a+1
mov __mulint_PARM_1+1, a
mov a, _b+0
mov __mulint_PARM_2+0, a
mov a, _b+1
mov __mulint_PARM_2+1, a
call __mulint
mov _main_sloc0_1_0+0, a
mov a, p
mov _main_sloc0_1_0+1, a
mov a, _c+0
sub a, _main_sloc0_1_0+0
mov a, _c+1
subc a, _main_sloc0_1_0+1
mov a, #0x00
slc a
mov _main_sloc1_1_0+0, a
mov a, _main_sloc1_1_0+0
cneqsn a, #0x00
goto 00104$
; test.c: 8: c += a;
mov a, _c+0
add a, _a+0
mov _c+0, a
mov a, _c+1
addc a, _a+1
mov _c+1, a
goto 00101$
00104$:
; test.c: 10: }
ret
...
__xinit__a:
.dw #0x000f
__xinit__b:
.dw #0x0017

Although init code seems to be missing and I get lot of this:

Code: [Select]
test.asm:60: Error: <a> machine specific addressing or addressing mode error
test.asm:61: Error: <a> machine specific addressing or addressing mode error
test.asm:62: Error: <a> machine specific addressing or addressing mode error
test.asm:63: Error: <a> machine specific addressing or addressing mode error
test.asm:64: Error: <a> machine specific addressing or addressing mode error
test.asm:65: Error: <a> machine specific addressing or addressing mode error
test.asm:66: Error: <a> machine specific addressing or addressing mode error
test.asm:67: Error: <a> machine specific addressing or addressing mode error
test.asm:69: Error: <a> machine specific addressing or addressing mode error
test.asm:70: Error: <a> machine specific addressing or addressing mode error
test.asm:71: Error: <a> machine specific addressing or addressing mode error
test.asm:72: Error: <a> machine specific addressing or addressing mode error
test.asm:74: Error: <a> machine specific addressing or addressing mode error
test.asm:75: Error: <o> .org in REL area or directive / mnemonic error
test.asm:76: Error: <a> machine specific addressing or addressing mode error
test.asm:77: Error: <o> .org in REL area or directive / mnemonic error
test.asm:78: Error: <a> machine specific addressing or addressing mode error
test.asm:79: Error: <a> machine specific addressing or addressing mode error
test.asm:80: Error: <o> .org in REL area or directive / mnemonic error
test.asm:81: Error: <q> missing or improper operators, terminators, or delimiters
test.asm:83: Error: <a> machine specific addressing or addressing mode error
test.asm:85: Error: <a> machine specific addressing or addressing mode error
test.asm:86: Error: <a> machine specific addressing or addressing mode error
test.asm:87: Error: <o> .org in REL area or directive / mnemonic error
test.asm:88: Error: <a> machine specific addressing or addressing mode error
test.asm:89: Error: <q> missing or improper operators, terminators, or delimiters
removing test.rel
« Last Edit: December 03, 2018, 08:47:57 pm by DocBen »
 

Offline oPossum

  • Super Contributor
  • ***
  • Posts: 1415
  • Country: us
  • Very dangerous - may attack at any time
Re: EEVblog #1144 - Padauk Programmer Reverse Engineering
« Reply #181 on: December 04, 2018, 04:14:49 am »
PFS173 startup code

Edit: fixed disassembler bug that caused IO addresses > 63 to be incorrect, and all bit addresses to be incorrect

Code: [Select]
PDK version: 20
PDK data size:  3072 words
Free data size: 3040 words
MCU: PFS173 [ID: 0x2AA2]
Compiler version: 0.84
15 bit core
0000  5700  mov       a, 0x00
0001  0102  mov       SP, a
0002  7BED  call      0x0BED
0003  010B  mov       IHRCR, a
0004  7BEE  call      0x0BEE
0005  0163  mov       BGTR, a
0006  5770  mov       a, 0x70
0007  0128  mov       MISC_LVR, a
0008  573C  mov       a, 0x3C
0009  0103  mov       CLKCMD, a
000A  57F9  mov       a, 0xF9
000B  010D  mov       PADIER, a
000C  57FF  mov       a, 0xFF
000D  010E  mov       PBDIER, a
000E  570F  mov       a, 0x0F
000F  010F  mov       PCDIER, a
0010  5700  mov       a, 0x00
0011  0167  mov       ROP, a
0012  7BFE  call      0x0BFE
0013  52FF  ceqsn     a, 0xFF
0014  6059  goto      0x0059
0015  7BED  call      0x0BED
0016  1701  mov       M1, a
0017  3F11  set1      PAC.6
0018  5709  mov       a, 0x09
0019  1700  mov       M0, a
001A  3590  t1sn      PA.3
001B  601A  goto      0x001A
001C  3F10  set1      PA.6
001D  0063  dzsn      a
001E  601D  goto      0x001D
001F  2300  dzsn      M0
0020  601D  goto      0x001D
0021  3B10  set0      PA.6
0022  3190  t0sn      PA.3
0023  6022  goto      0x0022
0024  5701  mov       a, 0x01
0025  3290  t0sn      PA.5
0026  57FF  mov       a, 0xFF
0027  1801  add       a, M1
0028  010B  mov       IHRCR, a
0029  1701  mov       M1, a
002A  3590  t1sn      PA.3
002B  602A  goto      0x002A
002C  3690  t1sn      PA.5
002D  6054  goto      0x0054
002E  5704  mov       a, 0x04
002F  0126  mov       MISC, a
0030  3190  t0sn      PA.3
0031  6030  goto      0x0030
0032  2604  clear     M4
0033  2605  clear     M5
0034  575A  mov       a, 0x5A
0035  1702  mov       M2, a
0036  5700  mov       a, 0x00
0037  1703  mov       M3, a
0038  0502  ldtabl    M2
0039  1604  xor       M4, a
003A  0503  ldtabh    M2
003B  1005  add       M5, a
003C  2B04  sl        M4
003D  2D05  slc       M5
003E  2004  addc      M4
003F  2502  dec       M2
0040  2103  subc      M3
0041  3480  t1sn      FLAG.C
0042  6038  goto      0x0038
0043  3F10  set1      PA.6
0044  3590  t1sn      PA.3
0045  6044  goto      0x0044
0046  2B04  sl        M4
0047  2D05  slc       M5
0048  5F10  swapc     PA.6
0049  3190  t0sn      PA.3
004A  6049  goto      0x0049
004B  3290  t0sn      PA.5
004C  6044  goto      0x0044
004D  3B10  set0      PA.6
004E  3590  t1sn      PA.3
004F  604E  goto      0x004E
0050  3190  t0sn      PA.3
0051  6050  goto      0x0050
0052  3690  t1sn      PA.5
0053  6032  goto      0x0032
0054  3190  t0sn      PA.3
0055  6054  goto      0x0054
0056  3690  t1sn      PA.5
0057  6018  goto      0x0018
0058  6058  goto      0x0058
0059  010B  mov       IHRCR, a
005A  605A  goto      0x005A
005B  7FFF  call      0x0FFF
005C  7FFF  call      0x0FFF
005D  7FFF  call      0x0FFF
005E  7FFF  call      0x0FFF
005F  7FFF  call      0x0FFF
0060  7FFF  call      0x0FFF
...
0BE0  7FFF  call      0x0FFF
0BE1  7FFF  call      0x0FFF
0BE2  7FFF  call      0x0FFF
0BE3  7FFF  call      0x0FFF
0BE4  7FFF  call      0x0FFF
0BE5  7FFF  call      0x0FFF
0BE6  7FFF  call      0x0FFF
0BE7  7FFF  call      0x0FFF
0BE8  7FFF  call      0x0FFF
0BE9  7FFF  call      0x0FFF
0BEA  7FFF  call      0x0FFF
0BEB  7FFF  call      0x0FFF
0BEC  7FFF  call      0x0FFF
0BED  7FFF  call      0x0FFF
0BEE  7FFF  call      0x0FFF
0BEF  3FFE  set1      io.126.7
0BF0  7FFF  call      0x0FFF
0BF1  7FFF  call      0x0FFF
0BF2  7FFF  call      0x0FFF
0BF3  7FFF  call      0x0FFF
0BF4  7FFF  call      0x0FFF
0BF5  7FFF  call      0x0FFF
0BF6  7FFF  call      0x0FFF
0BF7  7FFF  call      0x0FFF
0BF8  0000  nop
0BF9  0000  nop
0BFA  7FFF  call      0x0FFF
0BFB  7FFF  call      0x0FFF
0BFC  7FFF  call      0x0FFF
0BFD  7FFF  call      0x0FFF
0BFE  7FFF  call      0x0FFF
0BFF  7AFC  call      0x0AFC
« Last Edit: December 05, 2018, 03:41:04 am by oPossum »
 
The following users thanked this post: DocBen

Offline DocBen

  • Regular Contributor
  • *
  • Posts: 111
  • Country: de
Re: EEVblog #1144 - Padauk Programmer Reverse Engineering
« Reply #182 on: December 04, 2018, 07:16:17 am »
Now that the software side seems on track, how about some hardware engineering?

It should be possible to program the chips with xFFF so they stay fresh and useable.
Just for a quick peek at what the programmer does.
We should now be able to distinguish between the programming phase and the bit-banged calibration.
Maybe start with the PFS154 (dont have a programmer, I do have an arduino ;)? I have some of those and I suspect that reprogrammable chips are most interesting at this stage.

Or maybe analyse the bitstream from the Cypress chip to the FPGA on the ICE so we can understand what chip is being used?
Or even simpler: take the FPGA out and see whether the ICE even notices ;)

Anyone?
« Last Edit: December 04, 2018, 09:45:11 am by DocBen »
 

Offline spth

  • Regular Contributor
  • *
  • Posts: 163
  • Country: de
Re: EEVblog #1144 - Padauk Programmer Reverse Engineering
« Reply #183 on: December 04, 2018, 09:58:45 am »
Although init code seems to be missing and I get lot of this:

Code: [Select]
test.asm:60: Error: <a> machine specific addressing or addressing mode error
[…]

You can compile to asm using -S to avoid those error messages (without -S, SDCC tries to invoke an Assembler, which currently happens to be one for STM8).

Philipp
 
The following users thanked this post: DocBen

Offline DocBen

  • Regular Contributor
  • *
  • Posts: 111
  • Country: de
Re: EEVblog #1144 - Padauk Programmer Reverse Engineering
« Reply #184 on: December 04, 2018, 12:51:04 pm »
Ok, with that the error messages are now

Code: [Select]


Nice  :)
 

Offline FrankBuss

  • Supporter
  • ****
  • Posts: 2365
  • Country: de
    • Frank Buss
Re: EEVblog #1144 - Padauk Programmer Reverse Engineering
« Reply #185 on: December 04, 2018, 12:54:14 pm »
Now that the software side seems on track, how about some hardware engineering?

It should be possible to program the chips with xFFF so they stay fresh and useable.
Just for a quick peek at what the programmer does.
We should now be able to distinguish between the programming phase and the bit-banged calibration.

Currently I'm designing a 4 channel (optionally 8 channel) ADC with at least 10 MHz sample rate and 1 GB RAM:

https://www.eevblog.com/forum/projects/4-channel-adc-10-mhz-8-bit-design/

Parts are ordered, I just need to layout it and order the PCB, then write the software for the DE10 Nano for it. Might need a few weeks, but then I can sample a full programming cycle with all pins in parallel. This should make it much easier to reverse engineer the exact protocol and to reproduce it. The software should be no problem, I've done this before.
So Long, and Thanks for All the Fish
Electronics, hiking, retro-computing, electronic music etc.: https://www.youtube.com/c/FrankBussProgrammer
 
The following users thanked this post: DocBen

Offline DocBen

  • Regular Contributor
  • *
  • Posts: 111
  • Country: de
Re: EEVblog #1144 - Padauk Programmer Reverse Engineering
« Reply #186 on: December 04, 2018, 01:38:17 pm »
I ran the regression tests in sdcc/src/regression and most of them seem to run fine.
Sometimes there are "FATAL Compiler Internal Error" that are specfic to the pdk14 backend

find -iname \*\.c -exec sh -c "echo {} ; sdcc -S -mpdk14 {}" \;

Code: [Select]
./switch1.c
./rotate6.c
./rotate6.c:86: warning 94: comparison is always true due to limited range of data type
./rotate6.c:84: warning 158: overflow in implicit constant conversion
./rotate6.c:121: warning 158: overflow in implicit constant conversion
./compare3.c
./compare3.c:151: warning 94: comparison is always false due to limited range of data type
./compare3.c:152: warning 126: unreachable code
./compare3.c:152: warning 126: unreachable code
./compare3.c:152: warning 126: unreachable code
./compare3.c:152: warning 126: unreachable code
./compare3.c:173: warning 94: comparison is always false due to limited range of data type
./compare3.c:174: warning 126: unreachable code
./compare3.c:174: warning 126: unreachable code
./compare3.c:174: warning 126: unreachable code
./compare3.c:174: warning 126: unreachable code
./rotate1.c
./compare7.c
In file included from ./compare7.c:2:
./picregs.h:6:25: fatal error: pic14regs.h: No such file or directory
compilation terminated.
./picregs.h:1: warning 190: ISO C forbids an empty source file
./compare5.c
./compare5.c:219: warning 94: comparison is always false due to limited range of data type
./compare5.c:220: warning 126: unreachable code
./compare5.c:220: warning 126: unreachable code
./compare5.c:220: warning 126: unreachable code
./compare5.c:220: warning 126: unreachable code
./compare5.c:242: warning 94: comparison is always false due to limited range of data type
./compare5.c:271: warning 94: comparison is always false due to limited range of data type
./compare5.c:243: warning 126: unreachable code
./compare5.c:243: warning 126: unreachable code
./compare5.c:243: warning 126: unreachable code
./compare5.c:243: warning 126: unreachable code
./compare5.c:272: warning 126: unreachable code
./compare5.c:272: warning 126: unreachable code
./compare5.c:272: warning 126: unreachable code
./compare5.c:272: warning 126: unreachable code
./compare6.c
Backtrace:
sdcc(+0xa4bce)[0x55b8eaabbbce]
sdcc(+0x1d73a7)[0x55b8eabee3a7]
sdcc(+0x1d7946)[0x55b8eabee946]
sdcc(+0x1d9c1e)[0x55b8eabf0c1e]
sdcc(+0x1d671e)[0x55b8eabed71e]
sdcc(+0x3c35c)[0x55b8eaa5335c]
sdcc(+0x568b0)[0x55b8eaa6d8b0]
sdcc(+0x1fe9f)[0x55b8eaa36e9f]
sdcc(+0x1be86)[0x55b8eaa32e86]
/lib/x86_64-linux-gnu/libc.so.6(__libc_start_main+0xe7)[0x7fde56ffdb97]
sdcc(+0x1d7aa)[0x55b8eaa347aa]
./compare6.c:165: error 9: FATAL Compiler Internal Error in file 'gen.c' line number '265' : code generator internal error
Contact Author with source code
Caught signal 11: SIGSEGV
./bool2.c
./nestfor.c
In file included from ./nestfor.c:2:
./picregs.h:6:25: fatal error: pic14regs.h: No such file or directory
compilation terminated.
./picregs.h:1: warning 190: ISO C forbids an empty source file
./pcodeopt.c
./struct1.c
./compare8.c
In file included from ./compare8.c:2:
./picregs.h:6:25: fatal error: pic14regs.h: No such file or directory
compilation terminated.
./picregs.h:1: warning 190: ISO C forbids an empty source file
./rotate3.c
./ptrarg.c
./add3.c
./add3.c:64: warning 94: comparison is always true due to limited range of data type
./rotate2.c
./call1.c
./bool1.c
./compare4.c
./compare4.c:63: warning 94: comparison is always false due to limited range of data type
./compare4.c:64: warning 126: unreachable code
./compare4.c:64: warning 126: unreachable code
./compare4.c:64: warning 126: unreachable code
./compare4.c:64: warning 126: unreachable code
./compare4.c:93: warning 94: comparison is always false due to limited range of data type
./compare4.c:94: warning 126: unreachable code
./compare4.c:94: warning 126: unreachable code
./compare4.c:94: warning 126: unreachable code
./compare4.c:94: warning 126: unreachable code
./compare4.c:250: warning 94: comparison is always true due to limited range of data type
./compare4.c:294: warning 158: overflow in implicit constant conversion
./compare4.c:304: warning 158: overflow in implicit constant conversion
./compare4.c:313: warning 158: overflow in implicit constant conversion
./rotate4.c
./rotate4.c:30: error 9: FATAL Compiler Internal Error in file 'gen.c' line number '1520' : Unimplemented iCode
Contact Author with source code
./add2.c
./compare10.c
In file included from ./compare10.c:2:
./picregs.h:6:25: fatal error: pic14regs.h: No such file or directory
compilation terminated.
./picregs.h:1: warning 190: ISO C forbids an empty source file
./inline.c
In file included from ./inline.c:2:
./picregs.h:6:25: fatal error: pic14regs.h: No such file or directory
compilation terminated.
./picregs.h:1: warning 190: ISO C forbids an empty source file
./rotate5.c
./rotate5.c:179: warning 158: overflow in implicit constant conversion
./rotate5.c:205: warning 158: overflow in implicit constant conversion
./rotate5.c:206: warning 158: overflow in implicit constant conversion
./rotate5.c:209: warning 158: overflow in implicit constant conversion
./rotate5.c:210: warning 158: overflow in implicit constant conversion
./rotate5.c:213: warning 158: overflow in implicit constant conversion
./rotate5.c:216: warning 158: overflow in implicit constant conversion
./rotate5.c:219: warning 158: overflow in implicit constant conversion
./rotate5.c:222: warning 158: overflow in implicit constant conversion
./rotate5.c:225: warning 158: overflow in implicit constant conversion
./rotate5.c:228: warning 158: overflow in implicit constant conversion
./rotate5.c:229: warning 158: overflow in implicit constant conversion
./bool3.c
./string1.c
In file included from ./string1.c:2:
./picregs.h:6:25: fatal error: pic14regs.h: No such file or directory
compilation terminated.
./picregs.h:1: warning 190: ISO C forbids an empty source file
./xor.c
./compare.c
./compare9.c
In file included from ./compare9.c:2:
./picregs.h:6:25: fatal error: pic14regs.h: No such file or directory
compilation terminated.
./picregs.h:1: warning 190: ISO C forbids an empty source file
./for.c
./for.c:37: error 226: no type specifier for '(cast)'
./add4.c
./add.c
./pointer1.c
./and1.c
./and2.c
./b.c
./ptrfunc.c
./ptrfunc.c:47: error 9: FATAL Compiler Internal Error in file 'gen.c' line number '516' : Unimplemented call through function pointer
Contact Author with source code
./compare2.c
./mult1.c
./sub.c
./rotate7.c
./rotate7.c:206: warning 158: overflow in implicit constant conversion
./rotate7.c:212: warning 158: overflow in implicit constant conversion
./rotate7.c:218: warning 158: overflow in implicit constant conversion
./rotate7.c:224: warning 158: overflow in implicit constant conversion
./rotate7.c:230: warning 158: overflow in implicit constant conversion
./rotate7.c:236: warning 158: overflow in implicit constant conversion
./rotate7.c:242: warning 158: overflow in implicit constant conversion
./rotate7.c:248: warning 158: overflow in implicit constant conversion
./rotate7.c:254: warning 158: overflow in implicit constant conversion
./rotate7.c:260: warning 158: overflow in implicit constant conversion
./rotate7.c:266: warning 158: overflow in implicit constant conversion
./rotate7.c:272: warning 158: overflow in implicit constant conversion
./rotate7.c:278: warning 158: overflow in implicit constant conversion
./rotate7.c:284: warning 158: overflow in implicit constant conversion
./rotate7.c:290: warning 158: overflow in implicit constant conversion
./rotate7.c:297: warning 158: overflow in implicit constant conversion
./rotate7.c:303: warning 158: overflow in implicit constant conversion
./rotate7.c:309: warning 158: overflow in implicit constant conversion
./rotate7.c:315: warning 158: overflow in implicit constant conversion
./rotate7.c:321: warning 158: overflow in implicit constant conversion
./rotate7.c:327: warning 158: overflow in implicit constant conversion
./rotate7.c:333: warning 158: overflow in implicit constant conversion
./rotate7.c:339: warning 158: overflow in implicit constant conversion
./rotate7.c:345: warning 158: overflow in implicit constant conversion
./rotate7.c:351: warning 158: overflow in implicit constant conversion
./rotate7.c:357: warning 158: overflow in implicit constant conversion
./rotate7.c:363: warning 158: overflow in implicit constant conversion
./rotate7.c:369: warning 158: overflow in implicit constant conversion
./rotate7.c:375: warning 158: overflow in implicit constant conversion
./rotate7.c:381: warning 158: overflow in implicit constant conversion
./init0.c
./init0.c:43: error 9: FATAL Compiler Internal Error in file 'gen.c' line number '516' : Unimplemented call through function pointer
Contact Author with source code
./while.c
./empty.c
./arrays.c
./or1.c
./sub2.c
./sub2.c:162: warning 158: overflow in implicit constant conversion
./configword.c
In file included from ./configword.c:2:
./picregs.h:6:25: fatal error: pic14regs.h: No such file or directory
compilation terminated.
./picregs.h:1: warning 190: ISO C forbids an empty source file
./bank1.c
./bank1.c:20: error 9: FATAL Compiler Internal Error in file 'SDCCmem.c' line number '385' : code generator internal error
Contact Author with source code
Caught signal 11: SIGSEGV


find -iname \*\.c -exec sh -c "echo {} ; sdcc -S -mmcs51 {}" \;

Code: [Select]
./switch1.c
./rotate6.c
./rotate6.c:86: warning 94: comparison is always true due to limited range of data type
./rotate6.c:84: warning 158: overflow in implicit constant conversion
./rotate6.c:121: warning 158: overflow in implicit constant conversion
./compare3.c
./compare3.c:151: warning 94: comparison is always false due to limited range of data type
./compare3.c:152: warning 126: unreachable code
./compare3.c:152: warning 126: unreachable code
./compare3.c:152: warning 126: unreachable code
./compare3.c:152: warning 126: unreachable code
./compare3.c:173: warning 94: comparison is always false due to limited range of data type
./compare3.c:174: warning 126: unreachable code
./compare3.c:174: warning 126: unreachable code
./compare3.c:174: warning 126: unreachable code
./compare3.c:174: warning 126: unreachable code
./rotate1.c
./compare7.c
In file included from ./compare7.c:2:
./picregs.h:6:25: fatal error: pic14regs.h: No such file or directory
compilation terminated.
./picregs.h:1: warning 190: ISO C forbids an empty source file
./compare5.c
./compare5.c:219: warning 94: comparison is always false due to limited range of data type
./compare5.c:220: warning 126: unreachable code
./compare5.c:220: warning 126: unreachable code
./compare5.c:220: warning 126: unreachable code
./compare5.c:220: warning 126: unreachable code
./compare5.c:242: warning 94: comparison is always false due to limited range of data type
./compare5.c:271: warning 94: comparison is always false due to limited range of data type
./compare5.c:243: warning 126: unreachable code
./compare5.c:243: warning 126: unreachable code
./compare5.c:243: warning 126: unreachable code
./compare5.c:243: warning 126: unreachable code
./compare5.c:272: warning 126: unreachable code
./compare5.c:272: warning 126: unreachable code
./compare5.c:272: warning 126: unreachable code
./compare5.c:272: warning 126: unreachable code
./compare6.c
./bool2.c
./nestfor.c
In file included from ./nestfor.c:2:
./picregs.h:6:25: fatal error: pic14regs.h: No such file or directory
compilation terminated.
./picregs.h:1: warning 190: ISO C forbids an empty source file
./pcodeopt.c
./struct1.c
./compare8.c
In file included from ./compare8.c:2:
./picregs.h:6:25: fatal error: pic14regs.h: No such file or directory
compilation terminated.
./picregs.h:1: warning 190: ISO C forbids an empty source file
./rotate3.c
./ptrarg.c
./add3.c
./add3.c:64: warning 94: comparison is always true due to limited range of data type
./rotate2.c
./call1.c
./bool1.c
./compare4.c
./compare4.c:63: warning 94: comparison is always false due to limited range of data type
./compare4.c:64: warning 126: unreachable code
./compare4.c:64: warning 126: unreachable code
./compare4.c:64: warning 126: unreachable code
./compare4.c:64: warning 126: unreachable code
./compare4.c:93: warning 94: comparison is always false due to limited range of data type
./compare4.c:94: warning 126: unreachable code
./compare4.c:94: warning 126: unreachable code
./compare4.c:94: warning 126: unreachable code
./compare4.c:94: warning 126: unreachable code
./compare4.c:250: warning 94: comparison is always true due to limited range of data type
./compare4.c:294: warning 158: overflow in implicit constant conversion
./compare4.c:304: warning 158: overflow in implicit constant conversion
./compare4.c:313: warning 158: overflow in implicit constant conversion
./rotate4.c
./add2.c
./compare10.c
In file included from ./compare10.c:2:
./picregs.h:6:25: fatal error: pic14regs.h: No such file or directory
compilation terminated.
./picregs.h:1: warning 190: ISO C forbids an empty source file
./inline.c
In file included from ./inline.c:2:
./picregs.h:6:25: fatal error: pic14regs.h: No such file or directory
compilation terminated.
./picregs.h:1: warning 190: ISO C forbids an empty source file
./rotate5.c
./rotate5.c:179: warning 158: overflow in implicit constant conversion
./rotate5.c:205: warning 158: overflow in implicit constant conversion
./rotate5.c:206: warning 158: overflow in implicit constant conversion
./rotate5.c:209: warning 158: overflow in implicit constant conversion
./rotate5.c:210: warning 158: overflow in implicit constant conversion
./rotate5.c:213: warning 158: overflow in implicit constant conversion
./rotate5.c:216: warning 158: overflow in implicit constant conversion
./rotate5.c:219: warning 158: overflow in implicit constant conversion
./rotate5.c:222: warning 158: overflow in implicit constant conversion
./rotate5.c:225: warning 158: overflow in implicit constant conversion
./rotate5.c:228: warning 158: overflow in implicit constant conversion
./rotate5.c:229: warning 158: overflow in implicit constant conversion
./bool3.c
./string1.c
In file included from ./string1.c:2:
./picregs.h:6:25: fatal error: pic14regs.h: No such file or directory
compilation terminated.
./picregs.h:1: warning 190: ISO C forbids an empty source file
./xor.c
./compare.c
./compare9.c
In file included from ./compare9.c:2:
./picregs.h:6:25: fatal error: pic14regs.h: No such file or directory
compilation terminated.
./picregs.h:1: warning 190: ISO C forbids an empty source file
./for.c
./for.c:37: error 226: no type specifier for '(cast)'
./add4.c
./add.c
./pointer1.c
./and1.c
./and2.c
./b.c
./ptrfunc.c
./compare2.c
./mult1.c
./sub.c
./rotate7.c
./rotate7.c:206: warning 158: overflow in implicit constant conversion
./rotate7.c:212: warning 158: overflow in implicit constant conversion
./rotate7.c:218: warning 158: overflow in implicit constant conversion
./rotate7.c:224: warning 158: overflow in implicit constant conversion
./rotate7.c:230: warning 158: overflow in implicit constant conversion
./rotate7.c:236: warning 158: overflow in implicit constant conversion
./rotate7.c:242: warning 158: overflow in implicit constant conversion
./rotate7.c:248: warning 158: overflow in implicit constant conversion
./rotate7.c:254: warning 158: overflow in implicit constant conversion
./rotate7.c:260: warning 158: overflow in implicit constant conversion
./rotate7.c:266: warning 158: overflow in implicit constant conversion
./rotate7.c:272: warning 158: overflow in implicit constant conversion
./rotate7.c:278: warning 158: overflow in implicit constant conversion
./rotate7.c:284: warning 158: overflow in implicit constant conversion
./rotate7.c:290: warning 158: overflow in implicit constant conversion
./rotate7.c:297: warning 158: overflow in implicit constant conversion
./rotate7.c:303: warning 158: overflow in implicit constant conversion
./rotate7.c:309: warning 158: overflow in implicit constant conversion
./rotate7.c:315: warning 158: overflow in implicit constant conversion
./rotate7.c:321: warning 158: overflow in implicit constant conversion
./rotate7.c:327: warning 158: overflow in implicit constant conversion
./rotate7.c:333: warning 158: overflow in implicit constant conversion
./rotate7.c:339: warning 158: overflow in implicit constant conversion
./rotate7.c:345: warning 158: overflow in implicit constant conversion
./rotate7.c:351: warning 158: overflow in implicit constant conversion
./rotate7.c:357: warning 158: overflow in implicit constant conversion
./rotate7.c:363: warning 158: overflow in implicit constant conversion
./rotate7.c:369: warning 158: overflow in implicit constant conversion
./rotate7.c:375: warning 158: overflow in implicit constant conversion
./rotate7.c:381: warning 158: overflow in implicit constant conversion
./init0.c
./while.c
./empty.c
./arrays.c
./or1.c
./sub2.c
./sub2.c:162: warning 158: overflow in implicit constant conversion
./configword.c
In file included from ./configword.c:2:
./picregs.h:6:25: fatal error: pic14regs.h: No such file or directory
compilation terminated.
./picregs.h:1: warning 190: ISO C forbids an empty source file
./bank1.c
 

Offline DocBen

  • Regular Contributor
  • *
  • Posts: 111
  • Country: de
Re: EEVblog #1144 - Padauk Programmer Reverse Engineering
« Reply #187 on: December 04, 2018, 03:08:49 pm »
Might need a few weeks, but then I can sample a full programming cycle with all pins in parallel.

Yeah, I was rather hoping someone would be in for something quick & dirty   :-DD
(Just so you get me right I think its great and well worth it in the long run, but to keep things moving something more light weight might be what we need right now)

My theory (as pointed out by others as well and assuming the chip is reasonably akin to something like the old pics is that:

The first voltage spike + shoulder selects a programming mode of some sort.
Then you would send a short command/address and maybe some data.

Code: [Select]
         |\
         |  \
         |   \______   _______
         |          | |       |
         |          |_|       | .........

         |- select -||-----command / data-----   
             mode

My hope is that no very long duration is needed for signal analysis but just the very few first cycles.
That would be enough to start getting an arduino to do the same and see what happens  :popcorn:
« Last Edit: December 04, 2018, 03:31:17 pm by DocBen »
 

Offline DocBen

  • Regular Contributor
  • *
  • Posts: 111
  • Country: de
Re: EEVblog #1144 - Padauk Programmer Reverse Engineering
« Reply #188 on: December 04, 2018, 04:26:09 pm »
A good starting point to see what I mean might be this datasheet for old PIC16C7XX OTPs
(although the padauks will probably behave differently I guess its reasonable to assume for now that their approach is similar)

http://ww1.microchip.com/downloads/en/DeviceDoc/30298d.pdf
 

Offline spth

  • Regular Contributor
  • *
  • Posts: 163
  • Country: de
Re: EEVblog #1144 - Padauk Programmer Reverse Engineering
« Reply #189 on: December 04, 2018, 08:03:34 pm »
The remark "Please notice that bit 0 should be kept 0 due to program counter is 16 bits" in the datasheets seems odd to me. Any idea, what this could be about? Would anything break if I place the stack at an odd address? Do push / pop / call / ret require the stack pointer to be aligned?

Philipp
 

Offline DocBen

  • Regular Contributor
  • *
  • Posts: 111
  • Country: de
Re: EEVblog #1144 - Padauk Programmer Reverse Engineering
« Reply #190 on: December 04, 2018, 08:42:37 pm »
The remark "Please notice that bit 0 should be kept 0 due to program counter is 16 bits" in the datasheets seems odd to me. Any idea, what this could be about? Would anything break if I place the stack at an odd address? Do push / pop / call / ret require the stack pointer to be aligned?

Philipp


Well it says "should be" not "must be". Hard to tell without an actual device or the ICE.

Depends on how they implemented the actual logic.
If it just takes the MSBs and toggles the last bit, then placing it an odd address will give you the byte in front of it.
Could make sense if you dont want to add the one. Probably makes sense because it saves space on the die (you'd have to do some arithmetic to get the result right otherwise)

consider this: you place sp at 0x3f then sp+1 is 0x40
You need to add an 7 bit adder for that (if I counted that right) thats significantly more computationally intensive (ie more die space) than toggle bit 0. Can all be done, by utilising the ALU for example but then speed is an issue, so I guess they dont.

looking at the datasheets again they might actually do a single cycle 16-bit access ie. ignore the lowest bit entirely
« Last Edit: December 04, 2018, 08:58:19 pm by DocBen »
 

Offline oPossum

  • Super Contributor
  • ***
  • Posts: 1415
  • Country: us
  • Very dangerous - may attack at any time
Re: EEVblog #1144 - Padauk Programmer Reverse Engineering
« Reply #191 on: December 04, 2018, 11:44:36 pm »
I interpret this to mean that the RAM is word accessible only on word boundaries. Bit 0 of SP must be 0 to ensure word alignment. This implies that push/pop af will use a word of stack instead of a byte.
 

Offline ali_asadzadeh

  • Super Contributor
  • ***
  • Posts: 1896
  • Country: ca
Re: EEVblog #1144 - Padauk Programmer Reverse Engineering
« Reply #192 on: December 05, 2018, 05:54:09 am »
I think if you could revers the programmer too, it would be like heaven! ;) ;)

Guys Thanks for the great work and collaboration. :) :-+ :-+ :-+
ASiDesigner, Stands for Application specific intelligent devices
I'm a Digital Expert from 8-bits to 64-bits
 

Offline DocBen

  • Regular Contributor
  • *
  • Posts: 111
  • Country: de
Re: EEVblog #1144 - Padauk Programmer Reverse Engineering
« Reply #193 on: December 05, 2018, 07:01:41 am »
I interpret this to mean that the RAM is word accessible only on word boundaries. Bit 0 of SP must be 0 to ensure word alignment. This implies that push/pop af will use a word of stack instead of a byte.

pushaf/popaf always use a word hence the +2

Result:        [sp] ← {flag, ACC};
sp ← sp + 2 ;

I guess they optimized this for call/ret which need 16/15/14/13 bit and not just a byte.
And other instructions then just use the same mechanism that is already in place.
 

Offline spth

  • Regular Contributor
  • *
  • Posts: 163
  • Country: de
Re: EEVblog #1144 - Padauk Programmer Reverse Engineering
« Reply #194 on: December 05, 2018, 08:20:13 am »
Another question on push af  would be which one of a and f goes into the lower address.

Philipp
 

Offline DocBen

  • Regular Contributor
  • *
  • Posts: 111
  • Country: de
Re: EEVblog #1144 - Padauk Programmer Reverse Engineering
« Reply #195 on: December 05, 2018, 09:04:03 am »
Another question on push af  would be which one of a and f goes into the lower address.

Philipp


Doesnt really matter does it?

If you implement pushaf and popaf symetrically for an emulator there will be no difference.
A isn't used as return value (thats the whole point of pushing it).
Unless youre trying to expicitly modify A or the flags on the stack there is absolutely no difference. They are designed to be atomic operations.
 

Offline spth

  • Regular Contributor
  • *
  • Posts: 163
  • Country: de
Re: EEVblog #1144 - Padauk Programmer Reverse Engineering
« Reply #196 on: December 05, 2018, 09:12:54 am »
Another question on push af  would be which one of a and f goes into the lower address.

Philipp


Doesnt really matter does it?

If you implement pushaf and popaf symetrically for an emulator there will be no difference.
A isn't used as return value (thats the whole point of pushing it).
Unless youre trying to expicitly modify A or the flags on the stack there is absolutely no difference. They are designed to be atomic operations.

It matters: Pushing data on the stack has its uses. E.g. for a call via a function pointer:

Code: [Select]
pushw #retlabel
pushw funcptr
ret
retlabel:

To emulate one pushw (which is not available on most devices) 8 instructions are generated by SDCC (p is a pseudoregister in RAM):

Code: [Select]
ld a, sp
ld p, a
push af
ld a, op0
idxm p, a
inc p
ld a, op1
idxm p, a

That could obviously be brought down to 6 or 7 (depending on which byte a goes in on push af).

Philipp
 

Offline oPossum

  • Super Contributor
  • ***
  • Posts: 1415
  • Country: us
  • Very dangerous - may attack at any time
Re: EEVblog #1144 - Padauk Programmer Reverse Engineering
« Reply #197 on: December 05, 2018, 10:06:57 am »
Updated disassembler with 15 bit instruction set support.

Linux and Windows binaries included.
« Last Edit: December 05, 2018, 11:48:14 pm by oPossum »
 
The following users thanked this post: DocBen

Offline DocBen

  • Regular Contributor
  • *
  • Posts: 111
  • Country: de
Re: EEVblog #1144 - Padauk Programmer Reverse Engineering
« Reply #198 on: December 05, 2018, 10:16:51 am »

That could obviously be brought down to 6 or 7 (depending on which byte a goes in on push af).

Philipp

I dont quite understand why there is pushaf at all (I assume ld = mov)


Code: [Select]
mov a, sp;                  a = sp
mov p, a;                 p = a
push af    // a is already overwritten by sp so why save it? shouldn't this be the first instruction?
mov a, op0;               a = op0
idxm p, a;                  [p] = a
inc p;                          p += 1
mov a, op1;               a = op1
idxm p, a;                  [p] = a

I would imagine that something like this would be appropriate:

Code: [Select]
pushaf
mov a, sp
mov p, a
mov a, op0
idxm p, a
inc a
mov a, op1
idxm p, a
add sp, 2

Still dont see why the order in which a and flags are pushed would change this
« Last Edit: December 05, 2018, 10:23:39 am by DocBen »
 

Offline DocBen

  • Regular Contributor
  • *
  • Posts: 111
  • Country: de
Re: EEVblog #1144 - Padauk Programmer Reverse Engineering
« Reply #199 on: December 05, 2018, 10:19:55 am »
You could also write something shorter like this. Still if you implement this symmetrically for pop there is no problem whatsoever even if the real hardware would behave differently.

edit: check the sp calculations on this chip sp grows up not down. Also what happens when an interrupt occurs and sp is increased by one?

Code: [Select]
pushaf
mov a, op0
idxm sp, a
inc sp
mov a, op1
idxm sp, a
inc sp



Code: [Select]
dec sp
idxm a, sp
mov op1, a
dec sp
idxm a, sp
mov op0, a
popaf
« Last Edit: December 05, 2018, 10:29:26 am by DocBen »
 


Share me

Digg  Facebook  SlashDot  Delicious  Technorati  Twitter  Google  Yahoo
Smf