ccmdm-re/README.md

# mdm isa reversing

It looks quite a lot like the "sensor controller" ISA but the details differ
(more registers, different encoding, no pc-relative branches, fewer insns?).

## disassembler

See `analyze-asm.py`. Needs a few tweaks to be usable as a standalone
disassembler but it works.

## documentation

```
instruction set (as of now):
    registers are 16-bit wide. notation is always "op src, dst".
    memory addressing is in 16-bit word units, never byte indexed.
    RAM/ROM and I/O buses are separate like in the 8080 or Z80.
    basically a babby's first 16bit machine one might find designed
    specifically for a uni course.

    alu reg, reg        alu=or/and/mov/add/sub/cmp
    alu imm, reg        imm is 5bit!

    btst imm, reg       bit test in reg. imm is a bit index
    bclr imm, reg       bit clear in reg

    shift reg, reg      shift=sl0(lsl)/sr0(lsr)/srx(asr)
    shift imm, reg      imm is 4bit

    lmd (reg), reg      load from ROM/RAM space
    lmd imm, reg        imm is 4bit? 7bit?
    lli imm, reg        load long immediate(?), imm is 10bit

    b<cc> abs           branch if conditioncode (eq/ne/mi/pl), abs is absolute addr
    jmp   abs
    jmp  (reg)
    jsr   abs
    loop  abs           loop instruction. r0 = loop counter, branch if r0 != 0

    rts                 return
    wait                wait for interrupt???

    input abs, reg      read from I/O space (absolute address)
    input (reg), reg    read from I/O space (register indirect)
    output reg, abs     write to I/O space
    output reg, (reg)   write to I/O space
    outclr abs          set I/O reg to 0?
    outset abs          set I/O reg to 0xffff??
    outbclr imm, abs    clear bit <imm> of I/O reg <abs>
    outbset imm, abs    set bit of I/O reg

reg encoding: 0XXXX  = rX (X=0..15)
              10000  = pc (alu srcop only)
              others = ?? (alu srcop only)

instruction set encoding maybe:
    instructions are always 16 bits wide

    000a aams ssss dddd     ALU op; a=op, m=mode (src 0=reg/1=imm), s=src, d=dst
        000 or
        001 and
        010 xor?        hypothetical
        011 tst?        hypothetical
        100 mov
        101 add
        110 sub
        111 cmp

    0010 a??? ssss dddd     bit op; a=op, ?=?, s=src(bitind imm), d=dst
         0010 btst
         1010 bclr
           ^ reg/imm? depending on placement, unify with aluop or shiftop
           is there a bset somewhere?

    0011 aaam ssss dddd     shift; a=op, m=reg/imm, s=src(bitind), d=dst
         000  sl0
         100  sr0
         110  srx
            others?

    0100 ccdd dddd dddd     b<cc> d=dstabs
         00 eq
         01 ne
         10 mi
         11 pl
       ^ maybe another cc bit?


    0110 aadd dddd dddd     jmpop; d=abs
         00 jmp
         01 jsr
         10 loop
         11 misc reg-indirect insns (see below)

    0110 1100 0000 dddd     jmp (d=reg)
              ^^^^ other ops?
  ? 0110 1101 ssss dddd ??  input (s=srcreg), d=dst     hypothetical
    0110 1110 dddd ssss     output s=src, (d=dstreg)
    0110 1111 ssss dddd     lmd (s=srcreg), d=dst       no store?

    0111 0000 0000 0000     rts
    0111 0001 0000 0000     wait
              ^^^^ ^^^^ lots of space here for other ops!
    0111 0010 dddd dddd     outclr d=dstabs
    0111 0011 dddd dddd     outset d=dstabs
    0111 1sss ssss dddd     lmd s=srcabs, d=dst         no store?
          ^^^ unsure of these (000 afaics)

    1000 ssss ssss dddd     input s=srcabs, d=dst
    1001 dddd dddd ssss     output s=srcreg, d=dstabs
    1010 dddd dddd ssss     outbclr s=srcbitindimm, d=dstabs
    1011 dddd dddd ssss     outbset s=srcbitindimm, d=dstabs

    11ss ssss ssss dddd     lli s=src(imm), d=dst

pseudo-ops:
    nop = or r0, r0
```
stuff 2023-06-17 15:11:56 +00:00			`# mdm isa reversing`

			`It looks quite a lot like the "sensor controller" ISA but the details differ`
			`(more registers, different encoding, no pc-relative branches, fewer insns?).`

			`## disassembler`

			See `analyze-asm.py`. Needs a few tweaks to be usable as a standalone
			`disassembler but it works.`

			`## documentation`

			```
			`instruction set (as of now):`
			`registers are 16-bit wide. notation is always "op src, dst".`
			`memory addressing is in 16-bit word units, never byte indexed.`
			`RAM/ROM and I/O buses are separate like in the 8080 or Z80.`
			`basically a babby's first 16bit machine one might find designed`
			`specifically for a uni course.`

			`alu reg, reg alu=or/and/mov/add/sub/cmp`
			`alu imm, reg imm is 5bit!`

			`btst imm, reg bit test in reg. imm is a bit index`
			`bclr imm, reg bit clear in reg`

			`shift reg, reg shift=sl0(lsl)/sr0(lsr)/srx(asr)`
			`shift imm, reg imm is 4bit`

			`lmd (reg), reg load from ROM/RAM space`
			`lmd imm, reg imm is 4bit? 7bit?`
			`lli imm, reg load long immediate(?), imm is 10bit`

			`b<cc> abs branch if conditioncode (eq/ne/mi/pl), abs is absolute addr`
			`jmp abs`
			`jmp (reg)`
			`jsr abs`
			`loop abs loop instruction. r0 = loop counter, branch if r0 != 0`

			`rts return`
			`wait wait for interrupt???`

			`input abs, reg read from I/O space (absolute address)`
fix a few bugs, make a very rudimentary assembler 2023-06-17 16:55:20 +00:00			`input (reg), reg read from I/O space (register indirect)`
stuff 2023-06-17 15:11:56 +00:00			`output reg, abs write to I/O space`
fix a few bugs, make a very rudimentary assembler 2023-06-17 16:55:20 +00:00			`output reg, (reg) write to I/O space`
stuff 2023-06-17 15:11:56 +00:00			`outclr abs set I/O reg to 0?`
			`outset abs set I/O reg to 0xffff??`
			`outbclr imm, abs clear bit <imm> of I/O reg <abs>`
			`outbset imm, abs set bit of I/O reg`

			`reg encoding: 0XXXX = rX (X=0..15)`
			`10000 = pc (alu srcop only)`
			`others = ?? (alu srcop only)`

			`instruction set encoding maybe:`
			`instructions are always 16 bits wide`

			`000a aams ssss dddd ALU op; a=op, m=mode (src 0=reg/1=imm), s=src, d=dst`
			`000 or`
			`001 and`
			`010 xor? hypothetical`
			`011 tst? hypothetical`
			`100 mov`
			`101 add`
			`110 sub`
			`111 cmp`

			`0010 a??? ssss dddd bit op; a=op, ?=?, s=src(bitind imm), d=dst`
			`0010 btst`
			`1010 bclr`
			`^ reg/imm? depending on placement, unify with aluop or shiftop`
			`is there a bset somewhere?`

			`0011 aaam ssss dddd shift; a=op, m=reg/imm, s=src(bitind), d=dst`
			`000 sl0`
			`100 sr0`
			`110 srx`
			`others?`

			`0100 ccdd dddd dddd b<cc> d=dstabs`
			`00 eq`
			`01 ne`
			`10 mi`
			`11 pl`
			`^ maybe another cc bit?`


			`0110 aadd dddd dddd jmpop; d=abs`
			`00 jmp`
			`01 jsr`
			`10 loop`
			`11 misc reg-indirect insns (see below)`

			`0110 1100 0000 dddd jmp (d=reg)`
			`^^^^ other ops?`
			`? 0110 1101 ssss dddd ?? input (s=srcreg), d=dst hypothetical`
fix a few bugs, make a very rudimentary assembler 2023-06-17 16:55:20 +00:00			`0110 1110 dddd ssss output s=src, (d=dstreg)`
stuff 2023-06-17 15:11:56 +00:00			`0110 1111 ssss dddd lmd (s=srcreg), d=dst no store?`

			`0111 0000 0000 0000 rts`
			`0111 0001 0000 0000 wait`
			`^^^^ ^^^^ lots of space here for other ops!`
			`0111 0010 dddd dddd outclr d=dstabs`
			`0111 0011 dddd dddd outset d=dstabs`
			`0111 1sss ssss dddd lmd s=srcabs, d=dst no store?`
			`^^^ unsure of these (000 afaics)`

			`1000 ssss ssss dddd input s=srcabs, d=dst`
			`1001 dddd dddd ssss output s=srcreg, d=dstabs`
			`1010 dddd dddd ssss outbclr s=srcbitindimm, d=dstabs`
			`1011 dddd dddd ssss outbset s=srcbitindimm, d=dstabs`

			`11ss ssss ssss dddd lli s=src(imm), d=dst`

			`pseudo-ops:`
			`nop = or r0, r0`
			```