6502 CPU 仿真
现在是周末,所以我通过写一个爱好项目来放松整个星期的编程。
昨天写了一个MOS 6502 CPU模拟器的框架,寄存器、堆栈、内存和所有的操作码都实现了。 (链接到下面的源代码)
我可以在我编写的调试器中手动运行一系列操作,但我想加载一个 NES rom 并将程序计数器指向其指令,我认为这将是最快的方法找到有缺陷的操作码。
我编写了一个快速 NES ROM 加载程序,并将 ROM 组加载到 CPU 内存中。
问题是我不知道操作码是如何编码的。 我知道操作码本身遵循每个操作码一个字节的模式,该模式唯一标识操作码
0 - BRK
1 - ORA (D,X)
2 - COP b
等
但是我不确定应该在哪里找到操作码参数。 是紧接着的字节吗? 在绝对内存中,我想它可能不是一个字节而是一个短字节。
有谁熟悉这个CPU的内存型号吗?
编辑:我意识到这可能是在黑暗中拍摄的,但我希望这里潜伏着一些老派的苹果和 Commodore 黑客。
编辑:感谢大家的帮助。 在我实施适当的更改以调整每个操作后,CPU 可以加载并运行《马里奥兄弟》。 它除了循环等待 Start 之外什么也不做,但这是一个好兆头:)
我上传了源代码:
https://archive.codeplex.com/?p=cpu6502
如果有人想知道模拟器是如何工作的,那么它很容易理解。 至少没有优化,但话又说回来,我正在模拟一个在 2.4ghz 机器上以 2mhz 运行的 CPU :)
It's the weekend, so I relax from spending all week programming by writing a hobby project.
I wrote the framework of a MOS 6502 CPU emulator yesterday, the registers, stack, memory and all the opcodes are implemented. (Link to source below)
I can manually run a series of operations in the debugger I wrote, but I'd like to load a NES rom and just point the program counter at its instructions, I figured that this would be the fastest way to find flawed opcodes.
I wrote a quick NES rom loader and loaded the ROM banks into the CPU memory.
The problem is that I don't know how the opcodes are encoded. I know that the opcodes themselves follow a pattern of one byte per opcode that uniquely identifies the opcode,
0 - BRK
1 - ORA (D,X)
2 - COP b
etc
However I'm not sure where I'm supposed to find the opcode argument. Is it the the byte directly following? In absolute memory, I suppose it might not be a byte but a short.
Is anyone familiar with this CPU's memory model?
EDIT: I realize that this is probably shot in the dark, but I was hoping there were some oldschool Apple and Commodore hackers lurking here.
EDIT: Thanks for your help everyone. After I implemented the proper changes to align each operation the CPU can load and run Mario Brothers. It doesn't do anything but loop waiting for Start, but its a good sign :)
I uploaded the source:
https://archive.codeplex.com/?p=cpu6502
If anyone has ever wondered how an emulator works, its pretty easy to follow. Not optimized in the least, but then again, I'm emulating a CPU that runs at 2mhz on a 2.4ghz machine :)
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(7)
6502有不同的寻址模式,同一条指令根据其寻址模式有几种不同的操作码。 请查看以下链接,其中描述了 6502 从内存或直接从 ROM 检索数据的不同方式。
http://obelisk.me.uk/6502/addressing.html#IMM
The 6502 has different addressing modes, the same instruction has several different opcodes depending on it's addressing mode. Take a look at the following links which describes the different ways a 6502 can retrieve data from memory, or directly out of ROM.
http://obelisk.me.uk/6502/addressing.html#IMM
Apple II ROM 包含一个反汇编器,我想这就是它的名字,它会以良好的格式向您显示十六进制操作码和 3 字符操作码以及操作数。
因此,考虑到可用内存很少,他们设法将整个 6502 指令集的操作数字节数(始终为 0、1 或 2)的 3 字符操作码塞入一个非常小的空间,因为实际上没有那么多。
如果你能找到一个苹果II ROM,你就可以从那里剪切和粘贴......
The apple II roms included a dissassembler, I think that's what it was called, and it would show you in a nice format the hex opcodes and the 3 character opcode and the operands.
So given how little memory was available, they managed to shove in the operand byte count (always 0, 1 or 2) the 3 character opcode for the entire 6502 instruction set into a really small space, because there's really not that much of it.
If you can dig up an apple II rom, you can just cut and paste from there...
这更好 - 6502 指令集矩阵:
https://www.masswerk.at/6502/6502_instruction_set .html
This is better - 6502 Instruction Set matrix:
https://www.masswerk.at/6502/6502_instruction_set.html
操作码占一个字节,操作数在后面的字节中。 例如,请查看此处的字节大小列。
The opcode takes one byte, and the operands are in the following bytes. Check out the byte size column here, for instance.
如果您查看诸如 http://www.atarimax.com/jindroush 之类的参考文献。 atari.org/aopc.html,您将看到每个操作码都有一个指定的编码:
十六进制是您的 1 字节操作码。 紧随其后的是其参数的 LEN 字节。 请查阅参考资料以了解这些参数是什么。 TIM 数据对于仿真器很重要 - 它是执行该指令所需的时钟周期数。 您将需要这个来确保您的时间正确。
这些值(LEN、TIM)未编码在操作码本身中。 您需要将此数据存储在程序加载器/执行器中。 这只是一个大的查找表。 或者您可以定义一种迷你语言来对数据和阅读器进行编码。
If you look into references like http://www.atarimax.com/jindroush.atari.org/aopc.html, you will see that each opcode has an encoding specified as:
The HEX is your 1-byte opcode. Immediately following it is LEN bytes of its argument. Consult the reference to see what those arguments are. The TIM data is important for emulators - it is the number of clock cycles this instruction takes to execute. You will need this to get your timing correct.
These values (LEN, TIM) are not encoded in the opcode itself. You need to store this data in your program loader/executer. It's just a big lookup table. Or you can define a mini-language to encode the data and reader.
这本书可能会有所帮助:http://www.atariarchives.org/mlb/
另外,请尝试检查任何其他 6502 aseembler/模拟器/调试器都可以查看汇编如何编码为机器语言。
This book might help: http://www.atariarchives.org/mlb/
Also, try examing any other 6502 aseembler/simulator/debugger out there to see how Assembly gets coded as Machine Language.
6502 手册位于网络上的各个历史站点上。 KIM-1 随他们一起发货。 也许其中的内容比您需要知道的更多。
The 6502 manuals are on the Web, at various history sites. The KIM-1 shipped with them. Maybe more in them than you need to know.