| |
Frostbyte
Registered: Aug 2003 Posts: 167 |
6502 and Phantom Reads
Just learned about an interesting quirk of 6502, phantom reads: https://www.bigmessowires.com/2022/10/23/nmos-6502-phantom-read..
E.g. sta (pointer),y does a phantom read from the address the pointer is pointing to, before actually storing A to (pointer)+y. If the address happens to be something where a read affects the hw state, weird and hard to find bugs may occur.
1) Which opcodes perform a phantom read?
2) Are there any c64 IO registers etc. where a read changes anything in any way?
I'm thinking the answer to 2) is no, as we'd probably talk about the phantom reads more often then. :) But just asking to be sure... |
|
| |
Mixer
Registered: Apr 2008 Posts: 422 |
2. Acknowledging interrupts. |
| |
Frostbyte
Registered: Aug 2003 Posts: 167 |
Ah, of course. :)
About 1), found this, prettyfied from c64doc:
https://codebase64.org/doku.php?id=base:6510_instruction_timing
However this slightly contradicts what's mentioned in the bigmessowires.com article, e.g.
Indirect indexed addressing
Write instructions (STA, SHA)
# address R/W description
--- ----------- --- ------------------------------------------
1 PC R fetch opcode, increment PC
2 PC R fetch pointer address, increment PC
3 pointer R fetch effective address low
4 pointer+1 R fetch effective address high,
add Y to low byte of effective address
5 address+Y* R read from effective address,
fix high byte of effective address
6 address+Y W write to effective address
Notes: The effective address is always fetched from zero page,
i.e. the zero page boundary crossing is not handled.
* The high byte of the effective address may be invalid
at this time, i.e. it may be smaller by $100.
would indicate that the phantom read is from [address+Y] (and that the high byte of the address may be invalid), rather than a read from [address]. Which one is correct?
I'm also not sure in what scenarios "it may be smaller by $100" would happen, is this a known thing or seemingly random? |
| |
Jetboy
Registered: Jul 2006 Posts: 213 |
> I'm also not sure in what scenarios "it may be smaller by $100" would happen, is this a known thing or seemingly random?
Wild guess: When lobyte+y>255 ? |
| |
chatGPZ
Registered: Dec 2001 Posts: 11116 |
Careful with AAY (and probably also codebase) - some ppl copied this info from the 65816 docs - but 65816 behaves different in some details.
<shameless plug>
Instead look at "Unintended memory accesses" in No More Secrets V0.97, which hopefully has those things correct (and provides some more explanation, and example usage).
</shameless plug> |
| |
Frostbyte
Registered: Aug 2003 Posts: 167 |
Ah, I didn't know these (and other cool stuff, it seems) are on No More Secrets in addition to info about the undocumented opcodes, thanks Groepaz!
I became aware of phantom reads when Deater was asking about them in Sizecoding discord. Interestingly, No More Secrets, c64doc nor anything I've found online so far explain his scenario (assuming he has interpreted it correctly):
"Just wasted some time tracking down a weird Atari VCS issue where I was doing a RTS back to address $1EE9 but apparently that causes a phantom read to go out to $1FE9 which on an E7 cartridge does an unexpected bank switch causing "fun" to debug issues"
So this would suggest that an RTS to $1EE9 would cause a phantom read from $1FE9, instead of PC-1 that NMS would suggest. |
| |
Frostbyte
Registered: Aug 2003 Posts: 167 |
Quote: > I'm also not sure in what scenarios "it may be smaller by $100" would happen, is this a known thing or seemingly random?
Wild guess: When lobyte+y>255 ?
indeed this seems to be the case - a dummy read from target address before high byte is incremented, says NMS. :) |
| |
ws
Registered: Apr 2012 Posts: 228 |
Does the phantom read have effects on the flags? Or does "phantom" refer to "without any other effect than a sneaky read of a given memory adress"? |
| |
Frostbyte
Registered: Aug 2003 Posts: 167 |
...and it seems the RTS scenario was misinterpreted, so please ignore what I said about it :) |
| |
chatGPZ
Registered: Dec 2001 Posts: 11116 |
Quote:So this would suggest that an RTS to $1EE9 would cause a phantom read from $1FE9, instead of PC-1 that NMS would suggest.
I'd be surprised if that was true, it doesn't really make sense that it would use a different high byte. And the 6507 is basically the same as the 6502, just in another (smaller) package.
Quote:Does the phantom read have effects on the flags? Or does "phantom" refer to "without any other effect than a sneaky read of a given memory adress"?
No effect other than a read on the bus |