119 lines
3.7 KiB
Markdown
119 lines
3.7 KiB
Markdown
# mdm isa reversing
|
|
|
|
It looks quite a lot like the "sensor controller" ISA but the details differ
|
|
(more registers, different encoding, no pc-relative branches, fewer insns?).
|
|
|
|
## disassembler
|
|
|
|
See `analyze-asm.py`. Needs a few tweaks to be usable as a standalone
|
|
disassembler but it works.
|
|
|
|
## documentation
|
|
|
|
```
|
|
instruction set (as of now):
|
|
registers are 16-bit wide. notation is always "op src, dst".
|
|
memory addressing is in 16-bit word units, never byte indexed.
|
|
RAM/ROM and I/O buses are separate like in the 8080 or Z80.
|
|
basically a babby's first 16bit machine one might find designed
|
|
specifically for a uni course.
|
|
|
|
alu reg, reg alu=or/and/mov/add/sub/cmp
|
|
alu imm, reg imm is 5bit!
|
|
|
|
btst imm, reg bit test in reg. imm is a bit index
|
|
bclr imm, reg bit clear in reg
|
|
|
|
shift reg, reg shift=sl0(lsl)/sr0(lsr)/srx(asr)
|
|
shift imm, reg imm is 4bit
|
|
|
|
lmd (reg), reg load from ROM/RAM space
|
|
lmd imm, reg imm is 4bit? 7bit?
|
|
lli imm, reg load long immediate(?), imm is 10bit
|
|
|
|
b<cc> abs branch if conditioncode (eq/ne/mi/pl), abs is absolute addr
|
|
jmp abs
|
|
jmp (reg)
|
|
jsr abs
|
|
loop abs loop instruction. r0 = loop counter, branch if r0 != 0
|
|
|
|
rts return
|
|
wait wait for interrupt???
|
|
|
|
input abs, reg read from I/O space (absolute address)
|
|
input (reg), reg read from I/O space (register indirect)
|
|
output reg, abs write to I/O space
|
|
output reg, (reg) write to I/O space
|
|
outclr abs set I/O reg to 0?
|
|
outset abs set I/O reg to 0xffff??
|
|
outbclr imm, abs clear bit <imm> of I/O reg <abs>
|
|
outbset imm, abs set bit of I/O reg
|
|
|
|
reg encoding: 0XXXX = rX (X=0..15)
|
|
10000 = pc (alu srcop only)
|
|
others = ?? (alu srcop only)
|
|
|
|
instruction set encoding maybe:
|
|
instructions are always 16 bits wide
|
|
|
|
000a aams ssss dddd ALU op; a=op, m=mode (src 0=reg/1=imm), s=src, d=dst
|
|
000 or
|
|
001 and
|
|
010 xor? hypothetical
|
|
011 tst? hypothetical
|
|
100 mov
|
|
101 add
|
|
110 sub
|
|
111 cmp
|
|
|
|
0010 a??? ssss dddd bit op; a=op, ?=?, s=src(bitind imm), d=dst
|
|
0010 btst
|
|
1010 bclr
|
|
^ reg/imm? depending on placement, unify with aluop or shiftop
|
|
is there a bset somewhere?
|
|
|
|
0011 aaam ssss dddd shift; a=op, m=reg/imm, s=src(bitind), d=dst
|
|
000 sl0
|
|
100 sr0
|
|
110 srx
|
|
others?
|
|
|
|
0100 ccdd dddd dddd b<cc> d=dstabs
|
|
00 eq
|
|
01 ne
|
|
10 mi
|
|
11 pl
|
|
^ maybe another cc bit?
|
|
|
|
|
|
0110 aadd dddd dddd jmpop; d=abs
|
|
00 jmp
|
|
01 jsr
|
|
10 loop
|
|
11 misc reg-indirect insns (see below)
|
|
|
|
0110 1100 0000 dddd jmp (d=reg)
|
|
^^^^ other ops?
|
|
? 0110 1101 ssss dddd ?? input (s=srcreg), d=dst hypothetical
|
|
0110 1110 dddd ssss output s=src, (d=dstreg)
|
|
0110 1111 ssss dddd lmd (s=srcreg), d=dst no store?
|
|
|
|
0111 0000 0000 0000 rts
|
|
0111 0001 0000 0000 wait
|
|
^^^^ ^^^^ lots of space here for other ops!
|
|
0111 0010 dddd dddd outclr d=dstabs
|
|
0111 0011 dddd dddd outset d=dstabs
|
|
0111 1sss ssss dddd lmd s=srcabs, d=dst no store?
|
|
^^^ unsure of these (000 afaics)
|
|
|
|
1000 ssss ssss dddd input s=srcabs, d=dst
|
|
1001 dddd dddd ssss output s=srcreg, d=dstabs
|
|
1010 dddd dddd ssss outbclr s=srcbitindimm, d=dstabs
|
|
1011 dddd dddd ssss outbset s=srcbitindimm, d=dstabs
|
|
|
|
11ss ssss ssss dddd lli s=src(imm), d=dst
|
|
|
|
pseudo-ops:
|
|
nop = or r0, r0
|
|
```
|