Why auto disassembly is tough

This is where the BIN Hackers and definition junkies discuss the inner workings of the EEC code and hardware. General tuning questions do not go here. Only technical/hardware-specific/code questions and discussions belong here.

Moderators: cgrey8, EDS50, 2Shaker, Jon 94GT

Post Reply
User avatar
cgrey8
Administrator
Posts: 10710
Joined: Fri Jun 24, 2005 5:54 am
Location: Acworth, Ga (Metro Atlanta)
Contact:

Re: Why auto disassembly is tough

Post by cgrey8 » Wed Jun 12, 2019 6:58 am

This may be a stupid question, but in that code snippet, I see that interrupts get disabled right before entering the critical section of the sub where stack manipulation is done. But I don't see an explicit re-enabling of the interrupts.
Is that done implicitly by one of the other ops?
Or is it simply part of this sub's job to disable interrupts and return with them still disabled?
...Always Somethin'

89 Ranger Supercab, 331 w/GT40p heads, ported Explorer lower, Crane Powermax 2020 cam, 1.6RRs, FMS Explorer (GT40p) headers, Slot Style MAF, aftermarket T5 'Z-Spec', 8.8" rear w/3.27s, Powertrax Locker, Innovate LC-1, GUFB, Moates QuarterHorse tuned using BE&EA

Member V8-Ranger.com

sailorbob
BIN Hacker
Posts: 1672
Joined: Tue Jul 12, 2005 6:10 am

Re: Why auto disassembly is tough

Post by sailorbob » Wed Jun 12, 2019 8:31 am

The interrupts are not necessarily enabled after the subroutine has finished being executed. The PUSHP instruction saves the PSW register to the stack and bit 15 is the 'interrupt enable' bit. The later POPW instruction restores the PSW register to the condition it was at the point when it was saved to the stack. This means the interrupt enable bit will be set to whatever it was when the subroutine was called.

User avatar
cgrey8
Administrator
Posts: 10710
Joined: Fri Jun 24, 2005 5:54 am
Location: Acworth, Ga (Metro Atlanta)
Contact:

Re: Why auto disassembly is tough

Post by cgrey8 » Wed Jun 12, 2019 11:11 am

Ahh, the enable/disable of interrupts is being "managed" implicitly by virtue of the restoration of PSW. That makes sense now that you say it. But due to my lack of familiarity with the PSW reg, it didn't even occur to me that the Enable/Disable bit lived there.

Thanks for the clarification.
...Always Somethin'

89 Ranger Supercab, 331 w/GT40p heads, ported Explorer lower, Crane Powermax 2020 cam, 1.6RRs, FMS Explorer (GT40p) headers, Slot Style MAF, aftermarket T5 'Z-Spec', 8.8" rear w/3.27s, Powertrax Locker, Innovate LC-1, GUFB, Moates QuarterHorse tuned using BE&EA

Member V8-Ranger.com

sailorbob
BIN Hacker
Posts: 1672
Joined: Tue Jul 12, 2005 6:10 am

Re: Why auto disassembly is tough

Post by sailorbob » Wed Jun 12, 2019 11:56 am

Sorry, I meant POPP not POPW above (that's a different instruction!).

User avatar
tvrfan
Tuning Addict
Posts: 417
Joined: Sat May 14, 2011 11:41 pm
Location: New Zealand

Re: Why auto disassembly is tough

Post by tvrfan » Wed Jun 12, 2019 2:49 pm

Guys,

Just for completeness, it's worth a quick review of the PSW on 8065 CPUs and bank operation.

Whilst the 8065 PSW lower byte contains the various status flags for conditional jumps (zero, negative, etc), the upper byte contains current program bank (which I take to mean 'code bank'), the current RAM bank, and the interrupt enable flag in bit 15.
The 8061 ALSO has the interrupt enable bit in PSW bit 15, but no bank info.

A POPP will therefore restore a previous interrupt enable state from a PUSHP on *ALL* bins.
It doesn't seem to be used in single banks (at least I've not seen one) but it would still be valid.

A long time ago we had a thread on here about how the multibanks kept track of arguments across banks, and now we know for sure.

Also note that the LDB R11, 11 sets the 'data' bank (bottom 4 bits) and the stack bank (where the stack resides) in the top 4 bits.
I don't think the stack bank does anything for EEC-IV bins, on the basis that stack has always to be somewhere in RAM.
The 4 bits are provided would seem like it's for a generic setup where ALL memory is RAM, more like a desktop computer setup.
That would make sense.

The ONLY way to get at the 'code' bank is via the PSW, or set it with a BNK (0x10) prefix as part of a JUMP or CALL instruction.
R11 is readable, so code can get directly at the current 'data' bank.

Also worth noting is that the idea of LDW [STACK + n] is perfectly valid for 8061 too, (stack would be R10), but it looks like the compilers (or people coding) didn't think of it at that time. A9L subroutines which get arguments on behalf of a different subr (0x3695 and for example) would be neater without those extra POPW instructions ......

Hope that helps !!
TVR, kit cars, classic cars. Ex IT geek, development and databases.
https://github.com/tvrfan/EEC-IV-disassembler

jsa
Tuning Addict
Posts: 604
Joined: Sat Nov 23, 2013 7:28 pm
Location: 'straya

Re: Why auto disassembly is tough

Post by jsa » Tue Sep 10, 2019 2:53 am

tvrfan wrote:
Fri Apr 13, 2018 7:37 pm

BUT also have in the background the idea that you can declare data types and they would be tracked/transferable.....
- i.e Types
Plain Word, Byte, Flags (word,byte) Nothing. perhaps signed/unsigned ?

IOtime (word/byte. long?) autoconvert to millisecs, but would require clock speed, unless I can spot a way to get it from code. (Timers subroutine?)
How about the default for HLOS ISC is 160Hz.

0x6C7 at 15MHz is 160Hz.
Read about it in the handbook, page F10.
Cheers

John

95 Escort RS Cosworth - GHAJ0 / ANTI on a COSY box code
Moates QH & BE
ForDiag

jsa
Tuning Addict
Posts: 604
Joined: Sat Nov 23, 2013 7:28 pm
Location: 'straya

Re: Why auto disassembly is tough

Post by jsa » Sun Oct 06, 2019 6:14 pm

@tvrfan,

Is there a way to apply multiple offsets to a single argument?

Code: Select all

Argument 3 offset 1 of 3
sub 4069 "SUB4069"   : W N : Y N D 17C : Y

Looking to apply 3 offsets to Argument 3
sub 4069 "SUB4069"   : W N : Y N D3 17C DCFE DD4F : Y
Cheers

John

95 Escort RS Cosworth - GHAJ0 / ANTI on a COSY box code
Moates QH & BE
ForDiag

User avatar
tvrfan
Tuning Addict
Posts: 417
Joined: Sat May 14, 2011 11:41 pm
Location: New Zealand

Re: Why auto disassembly is tough

Post by tvrfan » Fri Oct 18, 2019 2:50 pm

No.

It seems a bit weird to me, in fact. Where is the code ? I'll have a look.

Andy.
TVR, kit cars, classic cars. Ex IT geek, development and databases.
https://github.com/tvrfan/EEC-IV-disassembler

jsa
Tuning Addict
Posts: 604
Joined: Sat Nov 23, 2013 7:28 pm
Location: 'straya

Re: Why auto disassembly is tough

Post by jsa » Fri Oct 18, 2019 3:28 pm

L4069 in CARD
Cheers

John

95 Escort RS Cosworth - GHAJ0 / ANTI on a COSY box code
Moates QH & BE
ForDiag

User avatar
tvrfan
Tuning Addict
Posts: 417
Joined: Sat May 14, 2011 11:41 pm
Location: New Zealand

Re: Why auto disassembly is tough

Post by tvrfan » Fri Oct 18, 2019 7:33 pm

Right - Yep, some complex addressing there indeed ............

OK. I never expected more than one offset (or special attribute etc.) per argument, so it was coded that way.

Hmmm..... I need to see if I can work out what it's doing.
have you cracked it ?? Any help appreciated !

Andy.
TVR, kit cars, classic cars. Ex IT geek, development and databases.
https://github.com/tvrfan/EEC-IV-disassembler

jsa
Tuning Addict
Posts: 604
Joined: Sat Nov 23, 2013 7:28 pm
Location: 'straya

Re: Why auto disassembly is tough

Post by jsa » Sat Oct 19, 2019 7:02 am

It is one of a number of convoluted Subs with args that handle 3 digit fault codes.

The majority of it matches with LHBH1.

Looking at L3980 for a call of 4069.
Arg byte 1&2, 0x327, are the fault code number
Arg byte 3, 0x3C, is the offset that leads to;
C327FIL
C327LVL
C327UP
KAM address for the fault code flag
and a KAM byte I have yet to prove the purpose of.
Arg byte 4, 0x4, leads to RAM Address for the fault code flag, and determines if hysteresis is applied.

Code: Select all

406B take Arg 1
406E take arg 2
4076 Set a fault flag

40FA take arg 3
40FD take arg 4

4102 Continue B7_arg 4 clear
4105 - 4113 derive a Bit number
4116 Arg3 + 17C CxxxFil address 1B8
411F Arg3+Rbase+1AA  CxxxLvl address DD3A
4128 Arg3+Rbase+1FB CxxxUp address DD8B

413A Set at L4076 to set a fault flag

4144 B7_Arg4 clear do hysteresis
4152 From arg4 Bit number 4 is selected for clearing
4154 From Arg4 via L4105-L4113 RAM Flags byte is selected B4_1D4

4170 Jumped here for clear a fault
4170 again B4_1D4

417A-4181 Again B4 derived from Arg4
4184-418A Derive KAM Flags from Arg3. So B4_75F
4194 Derive KAM byte address from Arg3 79F

419C compare LVL<FIL

41A7 Update FIL
Cheers

John

95 Escort RS Cosworth - GHAJ0 / ANTI on a COSY box code
Moates QH & BE
ForDiag

Post Reply

Who is online

Users browsing this forum: No registered users and 2 guests