# mdm isa reversing

It looks quite a lot like the "sensor controller" ISA but the details differ
(more registers, different encoding, no pc-relative branches, fewer insns?).

## disassembler

See `analyze-asm.py`. Needs a few tweaks to be usable as a standalone
disassembler but it works.

## documentation

```
instruction set (as of now):
    registers are 16-bit wide. notation is always "op src, dst".
    memory addressing is in 16-bit word units, never byte indexed.
    RAM/ROM and I/O buses are separate like in the 8080 or Z80.
    basically a babby's first 16bit machine one might find designed
    specifically for a uni course.

    alu reg, reg        alu=or/and/mov/add/sub/cmp
    alu imm, reg        imm is 5bit!

    btst imm, reg       bit test in reg. imm is a bit index
    bclr imm, reg       bit clear in reg

    shift reg, reg      shift=sl0(lsl)/sr0(lsr)/srx(asr)
    shift imm, reg      imm is 4bit

    lmd (reg), reg      load from ROM/RAM space
    lmd imm, reg        imm is 4bit? 7bit?
    lli imm, reg        load long immediate(?), imm is 10bit

    b<cc> abs           branch if conditioncode (eq/ne/mi/pl), abs is absolute addr
    jmp   abs
    jmp  (reg)
    jsr   abs
    loop  abs           loop instruction. r0 = loop counter, branch if r0 != 0

    rts                 return
    wait                wait for interrupt???

    input abs, reg      read from I/O space (absolute address)
    input (reg), reg    read from I/O space (register indirect)
    output reg, abs     write to I/O space
    output reg, (reg)   write to I/O space
    outclr abs          set I/O reg to 0?
    outset abs          set I/O reg to 0xffff??
    outbclr imm, abs    clear bit <imm> of I/O reg <abs>
    outbset imm, abs    set bit of I/O reg

reg encoding: 0XXXX  = rX (X=0..15)
              10000  = pc (alu srcop only)
              others = ?? (alu srcop only)

instruction set encoding maybe:
    instructions are always 16 bits wide

    000a aams ssss dddd     ALU op; a=op, m=mode (src 0=reg/1=imm), s=src, d=dst
        000 or
        001 and
        010 xor?        hypothetical
        011 tst?        hypothetical
        100 mov
        101 add
        110 sub
        111 cmp

    0010 a??? ssss dddd     bit op; a=op, ?=?, s=src(bitind imm), d=dst
         0010 btst
         1010 bclr
           ^ reg/imm? depending on placement, unify with aluop or shiftop
           is there a bset somewhere?

    0011 aaam ssss dddd     shift; a=op, m=reg/imm, s=src(bitind), d=dst
         000  sl0
         100  sr0
         110  srx
            others?

    0100 ccdd dddd dddd     b<cc> d=dstabs
         00 eq
         01 ne
         10 mi
         11 pl
       ^ maybe another cc bit?


    0110 aadd dddd dddd     jmpop; d=abs
         00 jmp
         01 jsr
         10 loop
         11 misc reg-indirect insns (see below)

    0110 1100 0000 dddd     jmp (d=reg)
              ^^^^ other ops?
  ? 0110 1101 ssss dddd ??  input (s=srcreg), d=dst     hypothetical
    0110 1110 dddd ssss     output s=src, (d=dstreg)
    0110 1111 ssss dddd     lmd (s=srcreg), d=dst       no store?

    0111 0000 0000 0000     rts
    0111 0001 0000 0000     wait
              ^^^^ ^^^^ lots of space here for other ops!
    0111 0010 dddd dddd     outclr d=dstabs
    0111 0011 dddd dddd     outset d=dstabs
    0111 1sss ssss dddd     lmd s=srcabs, d=dst         no store?
          ^^^ unsure of these (000 afaics)

    1000 ssss ssss dddd     input s=srcabs, d=dst
    1001 dddd dddd ssss     output s=srcreg, d=dstabs
    1010 dddd dddd ssss     outbclr s=srcbitindimm, d=dstabs
    1011 dddd dddd ssss     outbset s=srcbitindimm, d=dstabs

    11ss ssss ssss dddd     lli s=src(imm), d=dst

pseudo-ops:
    nop = or r0, r0
```