Hi All,
Okay, I'm attempting to disassemble some code for a NEC UPD77115A.
DatasheetInstruction Reference ManualI can't find a disassembler, so I'm writing my own. Here's the output I have so far...
0200: 2C002000 jmp 0x0240
0201: 00000000 nop
0202: 00000000 nop
0203: 00000000 nop
0204: 00000000 nop
0205: 26000000 iret
0206: 00000000 nop
0207: 00000000 nop
0208: 00000000 nop
0209: 26000000 iret
020A: 00000000 nop
020B: 00000000 nop
020C: 00000000 nop
020D: 26000000 iret
020E: 00000000 nop
020F: 00000000 nop
0210: 00000000 nop
0211: 26000000 iret
0212: 00000000 nop
0213: 00000000 nop
0214: 00000000 nop
0215: 26000000 iret
0216: 00000000 nop
0217: 00000000 nop
0218: 00000000 nop
0219: 26000000 iret
021A: 00000000 nop
021B: 00000000 nop
021C: 2C036000 jmp 0x08DC
021D: 26000000 iret
021E: 00000000 nop
021F: 00000000 nop
0220: 2C032100 jmp 0x0862
0221: 26000000 iret
0222: 00000000 nop
0223: 00000000 nop
0224: 2C031F00 jmp 0x0862
0225: 26000000 iret
0226: 00000000 nop
0227: 00000000 nop
0228: 2C032D00 jmp 0x0882
0229: 26000000 iret
022A: 00000000 nop
022B: 00000000 nop
022C: 2C034780 jmp 0x08BB
022D: 26000000 iret
022E: 00000000 nop
022F: 00000000 nop
0230: 2C00ED00 jmp 0x040A
0231: 26000000 iret
0232: 00000000 nop
0233: 00000000 nop
0234: 2C00FD80 jmp 0x042F
0235: 26000000 iret
0236: 00000000 nop
0237: 00000000 nop
0238: 2C034A00 jmp 0x08CC
0239: 26000000 iret
023A: 00000000 nop
023B: 00000000 nop
023C: 2C030900 jmp 0x084E
023D: 26000000 iret
023E: 00000000 nop
023F: 00000000 nop
0240: 61000000 clr(r0)
0241: 38013007 r0l = 0x3007
0242: 48103805 X[0x3805] = r0h
0243: 38010004 r0l = 0x0004
0244: 48103804 X[0x3804] = r0h
So, what looks like a fairly sensible 64 word vector area (see datasheet page 21/22), and the reset vector @ 0x0200 jumps to address 0x0240 where there's also some sensible looking initialisation code.
However here's where I'm running into problems. The code clears r0 (40 bits), then sets the
low 16 bits to immediate value 0x3007.
Then we have instruction 0x48103805 which decodes to X[0x3805] =
r0h, at least as far as I can tell from the Instruction Reference Manual.
Surely that should be X[0x3805] =
r0l as we've justed loaded the
low 16 bits?
Even more so since we go on to load the 16 bit immediate value 0x0004 to r0l (thus overwriting the previous value without apparently using it).
Similarly for the subsequent initialisation of address X[0x3804].
The confussion for me is in reading the instruction table in Fig A-4 (Load/Store Instruction Format 2/2) on page 128 of the Instruction Reference Manual.
0x48103805 decodes as...
010010b reg=000b suf=001b xy=0b 00b d=0b direct=0x3805
But how to interpret the suf+d column? And what is the meaning of "d"? Direction???
I has assumed rows of the table are for increassing suf vales 0..7 (as for example how reg bits are presumably encoded). So suf=001b decodes as *dp = regh.
But that doesn't seem right, because as discussed above we might be expecting *dp = regl, which should perhaps be encoded as suf=000b.
Similar problems exist for interpreting many other instruction formats, since there's no indication of the individual field bit codings.
Have I missed something? Clues anyone? Things that would help...
- Better instruction reference manual
- Existing disassembler
- Existing assembler
Hoping there's someone who's woroked with this flavour of DSP chip in the past and can offer some insight.
Cheers, Stuart.