SAD disassembler progress

This is where the BIN Hackers and definition junkies discuss the inner workings of the EEC code and hardware. General tuning questions do not go here. Only technical/hardware-specific/code questions and discussions belong here.

Moderators: cgrey8, EDS50, 2Shaker, Jon 94GT

jsa
Tuning Addict
Posts: 700
Joined: Sat Nov 23, 2013 7:28 pm
Location: 'straya

Re: SAD disassembler progress

Post by jsa » Sat Dec 21, 2019 5:06 pm

Yeah, no code in my calibration data thank you very much.
CARD is the same.
Typical of all bins I have seen except early ones.
Maybe 56k bin size and above?
A9l is a little different.

If you wanted to make a special method to identify and handle the console sub, look for;
* Typically it is the only sub to access x200e
* Code sequence a3,01,00,0d,14 or maybe the 1st 3 bytes and the next 99,2a,15
* 1st entry in the main vector task list

If you wanted to handle the 6 word c006 sequence directly, all examples seem to be identical.
Does ears have 1000 and 1200 preceding those 6?
Cheers

John

95 Escort RS Cosworth - GHAJ0 / ANTI on a COSY box code
Moates QH & BE
ForDiag

jsa
Tuning Addict
Posts: 700
Joined: Sat Nov 23, 2013 7:28 pm
Location: 'straya

Re: SAD disassembler progress

Post by jsa » Sat Dec 21, 2019 5:19 pm

LOL, do think SAD could take an image file input!
Then it could OCR the chip mask detail from an image of eec internals.
Then lookup the address prefix from the handbook.

How about mask switch/s as a user command in dir. User looks inside eec.
Something like;
Mask DA # This one is DUCE mask A
Or maybe take the chip part number/s and decode mask for the user.
Cheers

John

95 Escort RS Cosworth - GHAJ0 / ANTI on a COSY box code
Moates QH & BE
ForDiag

User avatar
tvrfan
Tuning Addict
Posts: 490
Joined: Sat May 14, 2011 11:41 pm
Location: New Zealand

Re: SAD disassembler progress

Post by tvrfan » Sun Dec 22, 2019 2:33 pm

Reserved addresses -

Yep. Did you spot also that many (all?) bins check address 0xd00 first ? This is another clue.

I did have an automatic 'no code between 0xd000 and 0xd009' rule, which works well for all the older bins, and then fails completely for multibins and later single banks, which often have code right up to the 0xffff limit.

Now that I have fixed the test script, I also get some extra pickups for odd addresses like 0x1f10e popping up (which I think is one of the DUCE reserved addresses) in the multibanks, and I see that ears actually has data at 0xe006, but looks like it's called for cal console ?? I didn't think that would work ??

Other multibanks write whole sequences of data to 0x1fffe or similar, which looks like one of the other extra chips, and I think there's code which actually calls one of those 0x1ff.. adrresses too, which implies additional program/ROM inside the chip itself, just like the cal console.

Yes, I need some way to have a preset "suspect' list, but allow it to be modified by the user somehow. There are actually quite a few reserved addresses in the Ford handbook, which have several suboptions as well..................

Procedures by command - - - - (next job for 4.0.4, partly done)

I have made the sizes consistent across the whole command structure, so that printout is now "UY", "SY", "UW" etc. everywhere.
the U is actually redundant, but I take on board your comments about consistency and ease of reading.

The special subrs command is therefore slightly modifed to THIS

1d (func)
F1 32 : UY : SY < : args> for a 1d with unsigned byte in, signed byte out, address in R32 (and ': Y : SY' would work)
F1 34 : SW : SW < : args> for a 1d signed word in. signed word out, address in R34

2d (table)

F2 32 34 : UY < : args> for table with address in R32, columns in R34 and unsigned byte.

and <: args> is optional

It now has exactly same rules as all the other data structures.

And I'm even wondering if (for later) I should change the F1 or F2 to a string like F FUN and F TAB so that you don't need any list to look up.

Also to change the OPT : GCSHF (etc) to individual commands such as

OPFUNC (automatic function names with addresses)
OPSUB ( auto sub names ...)
OP8065
OPPSC (pseudo source code)

to again make it more obvious. (use OP to make it fit in the current 3 letter uniqueness rule, or perhaps just a 'P' or 'Z' or a '+' or something)
TVR, kit cars, classic cars. Ex IT geek, development and databases.
https://github.com/tvrfan/EEC-IV-disassembler

jsa
Tuning Addict
Posts: 700
Joined: Sat Nov 23, 2013 7:28 pm
Location: 'straya

Re: SAD disassembler progress

Post by jsa » Mon Dec 23, 2019 6:00 am

tvrfan wrote:
Sun Dec 22, 2019 2:33 pm
Reserved addresses -

Yep. Did you spot also that many (all?) bins check address 0xd00 first ? This is another clue.
Yes, as per a couple posts up. That operation is my goto, too find console routine quickly.
All that I have seen at least.
I did have an automatic 'no code between 0xd000 and 0xd009' rule, which works well for all the older bins, and then fails completely for multibins and later single banks, which often have code right up to the 0xffff limit.
Yes, indeed.
Console routing addresses need to be handled as secondary to all other code and data.
Now that I have fixed the test script, I also get some extra pickups for odd addresses like 0x1f10e popping up (which I think is one of the DUCE reserved addresses) in the multibanks, and
Handbook page F6 and F7 does not support that theory.
Handbook page H3 has it as a buffer for consoles atc.
I see that ears actually has data at 0xe006, but looks like it's called for cal console ?? I didn't think that would work ??
Went through this with Pym on the other forum. Have a read through. Some theories were discussed.

http://forum.efidynotuning.com/viewtopi ... 1df517bc08

Basically the console must handle the overlap.
Yes, I need some way to have a preset "suspect' list, but allow it to be modified by the user somehow. There are actually quite a few reserved addresses in the Ford handbook, which have several suboptions as well..................
Knowing the chip MASK makes it easier to follow code VS handbook.
Procedures by command - - - - (next job for 4.0.4, partly done)
ok
I have made the sizes consistent across the whole command structure, so that printout is now "UY", "SY", "UW" etc. everywhere.
the U is actually redundant, but I take on board your comments about consistency and ease of reading.

The special subrs command is therefore slightly modifed to THIS

1d (func)
F1 32 : UY : SY < : args> for a 1d with unsigned byte in, signed byte out, address in R32 (and ': Y : SY' would work)
F1 34 : SW : SW < : args> for a 1d signed word in. signed word out, address in R34

2d (table)

F2 32 34 : UY < : args> for table with address in R32, columns in R34 and unsigned byte.

and <: args> is optional

It now has exactly same rules as all the other data structures.
Sounds good
And I'm even wondering if (for later) I should change the F1 or F2 to a string like F FUN and F TAB so that you don't need any list to look up.
Sounds good
Also to change the OPT : GCSHF (etc) to individual commands such as

OPFUNC (automatic function names with addresses)
OPSUB ( auto sub names ...)
OP8065
OPPSC (pseudo source code)

to again make it more obvious. (use OP to make it fit in the current 3 letter uniqueness rule, or perhaps just a 'P' or 'Z' or a '+' or something)
I have been content with letting SAD apply opcodes as it sees fit.
I see the benefit of a more descriptive command set.
Cheers

John

95 Escort RS Cosworth - GHAJ0 / ANTI on a COSY box code
Moates QH & BE
ForDiag

User avatar
tvrfan
Tuning Addict
Posts: 490
Joined: Sat May 14, 2011 11:41 pm
Location: New Zealand

Re: SAD 4.0.3 released

Post by tvrfan » Wed Dec 25, 2019 2:58 pm

Released 4.0.3 to github, main fixes are to allow sub commands to work, and sort out auto names.
Also fixed a few other bugs as found. (see releases doc)

Tested mainly on Linux , with quick test on Win XP to confirm all OK (CARD, A9L,XDT2, etc).

Updated user manual to V4 to reflect command changes.

I await new bugs to be reported !!

Merry Christmas to all tuners....

[EDIT] - add user manual to list
Last edited by tvrfan on Thu Dec 26, 2019 5:53 pm, edited 1 time in total.
TVR, kit cars, classic cars. Ex IT geek, development and databases.
https://github.com/tvrfan/EEC-IV-disassembler

jsa
Tuning Addict
Posts: 700
Joined: Sat Nov 23, 2013 7:28 pm
Location: 'straya

Re: SAD disassembler progress

Post by jsa » Thu Dec 26, 2019 5:00 am

Thank you.

Yeah, hope you all had a great Chrissy as well. # cheers for a better 2020.

I will give 4.0.3 a whirl tomorrow night.
Cheers

John

95 Escort RS Cosworth - GHAJ0 / ANTI on a COSY box code
Moates QH & BE
ForDiag

User avatar
tvrfan
Tuning Addict
Posts: 490
Joined: Sat May 14, 2011 11:41 pm
Location: New Zealand

Re: SAD 4.0.3a released

Post by tvrfan » Thu Dec 26, 2019 7:57 pm

Found two small bugs with subroutine commands already, if defined in .dir file.
Also have fixed bank commands, which now seem OK, but may still be a bug to be found, so still printing with comment at front.

have released update build under 4.0.3 (and commit is labelled "4.0.3a")
TVR, kit cars, classic cars. Ex IT geek, development and databases.
https://github.com/tvrfan/EEC-IV-disassembler

jsa
Tuning Addict
Posts: 700
Joined: Sat Nov 23, 2013 7:28 pm
Location: 'straya

Re: SAD disassembler progress

Post by jsa » Fri Dec 27, 2019 7:41 pm

Did a cold start run of 4.0.3a on CARD.

Commented out the report info in the generated msg file.
(It would be better if all non command info in msg had # automatically)

Renamed msg as dir and rerun 4.0.3a

Resultant msg has ~1600 lines of errors and warnings.
Some examples

Code: Select all

Line 108 - args    82e9c 82ea0: O 2 UY: O 2 UY: UY

                                    ^ Illegal Option
.
.
Line 215 - args    843aa 843af: E 3 f0 N : E 3 f0 N : UWN 

                                                      ^ Illegal Option
Line 216 - args    843b6 843bd: UWN : E 3 f0 N : E 3 f0 N : UWN 

                                ^ Illegal Option
.
.
Line 475 - args    8b801 8b804: E 2 f0 N : UWN 

                                           ^ Illegal Option
Line 476 - timer   8ba73 8bba6: UWX N 

                                ^ Illegal Option
.
.
Line 939 - func    8ddd2 8ddf9  "Func_ddd2"  : UW: UW

                                               ^ Illegal Option
Line 940 - func    8ddfa 8de0d  "Func_ddfa"  : UW: UW

                                               ^ Illegal Option
Cheers

John

95 Escort RS Cosworth - GHAJ0 / ANTI on a COSY box code
Moates QH & BE
ForDiag

jsa
Tuning Addict
Posts: 700
Joined: Sat Nov 23, 2013 7:28 pm
Location: 'straya

Re: SAD disassembler progress

Post by jsa » Fri Dec 27, 2019 8:14 pm

In this case Bit 1 is not defined in dir but all others are for RDE.

Output to LST has become less informative.
3.08

Code: Select all

2a40: 91,02,de            orb   Rde,2            B1_Rde = 1;
4.0.3a

Code: Select all

2a40: 91,02,de            orb   Rde,2            Rde |= 2;
Cheers

John

95 Escort RS Cosworth - GHAJ0 / ANTI on a COSY box code
Moates QH & BE
ForDiag

jsa
Tuning Addict
Posts: 700
Joined: Sat Nov 23, 2013 7:28 pm
Location: 'straya

Re: SAD disassembler progress

Post by jsa » Fri Dec 27, 2019 8:20 pm

Further example of less informative output

3.08

Code: Select all

2c1e: 71,fb,d4            an2b  Rd4,fb           B2_Rd4 = 0;
4.0.3a

Code: Select all

2c1e: 71,fb,d4            an2b  Rd4,fb           Rd4 &= fb;
Edit: Applies to XORB as well.
Cheers

John

95 Escort RS Cosworth - GHAJ0 / ANTI on a COSY box code
Moates QH & BE
ForDiag

jsa
Tuning Addict
Posts: 700
Joined: Sat Nov 23, 2013 7:28 pm
Location: 'straya

Re: SAD disassembler progress

Post by jsa » Fri Dec 27, 2019 8:53 pm

Between various versions of SAD the logic for IF statements has been flip flopping like a fish out of water.
Symbols changing back and forth along with goto and continue.

What is driving the changes?

An example of something that is now broken;

3.08

Code: Select all

4002: 33,2c,09            jnb   B3,R2c,400e      if (B3_R2C = 1)  {
4005: 37,d6,04            jnb   B7,Rd6,400c      if (B7_RD6 = 0) goto 400c;
4008: 29,b4               scall 41be             Sub41BE();
400a: 20,02               sjmp  400e             goto 400e;
#
400c: 29,b8               scall 41c6             Sub41c6(); }
#
400e: 39,25,57            jb    B1,R25,4068      if (B1_R25 = 1) return;
4.0.3a

Code: Select all

4002: 33,2c,09            jnb   B3,R2c,400e      if (B3_R2C = 0) return;
4005: 37,d6,04            jnb   B7,Rd6,400c      if (B7_RD6 = 1)  {
4008: 29,b4               scall 41be             Sub41BE();
400a: 20,02               sjmp  400e             return; }
#
400c: 29,b8               scall 41c6             Sub41c6(); }
#
400e: 39,25,57            jb    B1,R25,4068      if (B1_R25 = 1) return;
Cheers

John

95 Escort RS Cosworth - GHAJ0 / ANTI on a COSY box code
Moates QH & BE
ForDiag

jsa
Tuning Addict
Posts: 700
Joined: Sat Nov 23, 2013 7:28 pm
Location: 'straya

Re: SAD disassembler progress

Post by jsa » Fri Dec 27, 2019 9:15 pm

4.03a

dir

Code: Select all

STR   52FF 5303 :Y N
lst

Code: Select all

52ff: 2d,2e               scall 502f             502f();
5301: 2f,30               scall 5233             5233();
5303: 32   struct                32
Cheers

John

95 Escort RS Cosworth - GHAJ0 / ANTI on a COSY box code
Moates QH & BE
ForDiag

User avatar
tvrfan
Tuning Addict
Posts: 490
Joined: Sat May 14, 2011 11:41 pm
Location: New Zealand

Re: SAD disassembler progress

Post by tvrfan » Fri Dec 27, 2019 10:31 pm

OK, thanks.

Symbol Names

I had to rewrite some of the analysis code to get emulation to work, and that meant changing where and when things like symbols are sorted, and for indirect and indexed, the code actually has to get the operand data correctly to emulate. SAD just got enough to print before v4.
e.g. for indirects, the value of the operand becomes the contents of the contents of Rx, and indexed [Rx+nn] and so on.

So basically this broke the symbol name address resolution. I thought I had fixed it in 4.0.2.

For bits,

SAD uses the Name = 1, Bx_R32 style only if at least one bit has been defined in that byte or word, so in your example it's doing that because it's not picking up symbols for d4 for some reason, or there aren't any symbols declared.

May be that worked before when it should not have ?? double check that against 3.08 code......................
AHA !! I see 3.08 actually had a bug, but I can see now that really I need a rule.

for example

Code: Select all

213b: b0,bb,04            ldb   R4,Rbb           AD_Cmd = Rbb;
213e: 33,0a,fd            jnb   B3,Ra,213e       if (AD_Ready = 0) goto 213e;
2141: c4,32,04            stb   R4,R32           R32 = AD_Low;
2144: c4,33,05            stb   R5,R33           R33 = AD_High;
2147: 61,c0,ff,32         an2w  R32,ffc0         R32 &= ffc0;
214b: c2,31,32            stw   R32,[R30++]      [R30++] = R32;
should probably NOT print out a load of Bx_32 = 0 flags.............but

Code: Select all

22a5: 71,fa,1a            an2b  R1a,fa           SPK_off_pend = 0;
                                                 SPK_state = 0;
22a8: a0,30,60            ldw   R60,R30          Last_SPK_Off = R30;
should go to Bx_R1a style even if no symbols.....er...let's see............If mask is not contiguous, or is less than half the register ? (3 bits for byte, 7 bits for word ?) this should cover maths type extracts e.g. AND R32 0xf (or 0xf0) ??. I did also have the idea of allowing SYM or WORD with an :F for 'flags word' as well, but not sure if it's worth it, as defining a single bit symbol name makes it go to Bx style.

Illegal options - FOUND
I take note of the # comment suggestion and will do that.
DAMN - the illegal option is because I've managed to drop a 'U' (unsigned) as valid option for args somehow.
I'll check the others as well....possibly because U is a default, or it's a simple typo.

Ifs and gotos

I had logic which said - If there's a conditonal jump over code which has no other jumps out (i.e. a 'simple' IF) then it swops the sense of the If statement and puts curly brackets around it. A return is NOT classed as a jump out. This to try to explain the logic of the code and not to have to chase all the gotos. (I'm still trying to sort out an ELSE detector which works). In 3.08, I put in an extra check where a GOTO jumps to a RET, then that goto is labelled as a return, again to try to make chasing the logic easier.

e.g. when it's correct

Code: Select all

229d: 30,b2,05            jnb   B0,Rb2,22a5      if (HSO_BUSY = 1)  {
22a0: 91,01,1a            orb   R1a,1            SPK_off_pend = 1;
22a3: 20,09               sjmp  22ae             return; }

22a5: 71,fa,1a            an2b  R1a,fa           SPK_off_pend = 0;
                                                 SPK_state = 0;
22a8: a0,30,60            ldw   R60,R30          Last_SPK_Off = R30;
   ClearReqd:
22ab: 71,fb,b4            an2b  Rb4,fb           SPARK_rqd = 0;
22ae: f0                  ret                    return;
However your example in CARD shows a bug where the jump to 400E actually jumps to a conditional to a return, and should NOT be labelled as a return itself. I didn't think I changed that bit of code....OK.

Hope that explains at least a bit.
TVR, kit cars, classic cars. Ex IT geek, development and databases.
https://github.com/tvrfan/EEC-IV-disassembler

User avatar
tvrfan
Tuning Addict
Posts: 490
Joined: Sat May 14, 2011 11:41 pm
Location: New Zealand

Re: SAD disassembler progress

Post by tvrfan » Sat Dec 28, 2019 12:26 am

jsa wrote:
Fri Dec 27, 2019 9:15 pm
4.03a

dir

Code: Select all

STR   52FF 5303 :Y N
lst

Code: Select all

52ff: 2d,2e               scall 502f             502f();
5301: 2f,30               scall 5233             5233();
5303: 32   struct                32
Oops - default rule is that code ALWAYS supercedes data (as it's possible to get an indexed data pointer into a code area), and I have changed the way the code interacts (emulation again) and It looks like I need to add/check UNLESS BY USER COMMAND.......
TVR, kit cars, classic cars. Ex IT geek, development and databases.
https://github.com/tvrfan/EEC-IV-disassembler

jsa
Tuning Addict
Posts: 700
Joined: Sat Nov 23, 2013 7:28 pm
Location: 'straya

Re: SAD disassembler progress

Post by jsa » Sat Dec 28, 2019 9:50 am

tvrfan wrote:
Fri Dec 27, 2019 10:31 pm
Symbol Names
.
.
So basically this broke the symbol name address resolution. I thought I had fixed it in 4.0.2.
Thanks for the explanation.
No, more work to do on symbol names.
Names for scratch registers over an address range are being ignored.

Code: Select all

SYM   38 7E54 7E79 ".old_val."
SYM   3A 7E54 7E5F ".oldtmr."
SYM   3A 7E6D 7ECD ".oldcnt."
SYM   3A ADA5 AE4C ".flg."           #Y
For bits,

SAD uses the Name = 1, Bx_R32 style only if at least one bit has been defined in that byte or word, so in your example it's doing that because it's not picking up symbols for d4 for some reason, or there aren't any symbols declared.
D4 Bits:0, 3, 4, 5, 6 & 7 have sym defined names
I think ORB and AN2B should be Bx_Rxx by default as the absolute majority are for bit manipulation.
for example

Code: Select all

2147: 61,c0,ff,32         an2w  R32,ffc0         R32 &= ffc0;
should probably NOT print out a load of Bx_32 = 0 flags.......
Agree, not for a word op.
......but

Code: Select all

22a5: 71,fa,1a            an2b  R1a,fa           SPK_off_pend = 0;
                                                 SPK_state = 0;
Agree, print for a byte op, multiple lines if need be.

I have a suspicion that ORB and AN2B as immediate address mode ops are all bit manipulation.
Another thought, ORB and AN2B that operate on the same bit are going to be bit manipulations.
should go to Bx_R1a style even if no symbols.....er...let's see............If mask is not contiguous, or is less than half the register ?
Default should be Bx_Rxx, as it is most useful.
I have oodles of flags with less than 8 bits defined, some are not used, but others are. Some may be defined at a later stage. So I want to see the 5 of 8 for example, regardless.
(3 bits for byte, 7 bits for word ?) this should cover maths type extracts e.g. AND R32 0xf (or 0xf0) ??.
Sets the bar for Bx_Rxx too high.
I did also have the idea of allowing SYM or WORD with an :F for 'flags word' as well, but not sure if it's worth it, as defining a single bit symbol name makes it go to Bx style.
Bx style by default please.
Use address ranges where that style is to be applied in a limited manner.
Sym has a range, default Bx_Rxx does not apply outside of range.

Code: Select all

Sym 32 2345 3456 "Bx_Style"  :B1
Ifs and gotos

I had logic which said - If there's a conditonal jump over code which has no other jumps out (i.e. a 'simple' IF) then it swops the sense of the If statement and puts curly brackets around it. A return is NOT classed as a jump out.
Seems reasonable
This to try to explain the logic of the code and not to have to chase all the gotos. (I'm still trying to sort out an ELSE detector which works). In 3.08, I put in an extra check where a GOTO jumps to a RET, then that goto is labelled as a return, again to try to make chasing the logic easier.
Sounds good.
e.g. when it's correct
Indeed
I have quite a bit of commenting that hinges around the style, so it gets a bit frustrating when the style changes with versions.
However your example in CARD shows a bug where the jump to 400E actually jumps to a conditional to a return, and should NOT be labelled as a return itself. I didn't think I changed that bit of code....OK.
Hope that explains at least a bit.
Thanks for the explanation.
Yeah, broken somewhere after 3.08.
Cheers

John

95 Escort RS Cosworth - GHAJ0 / ANTI on a COSY box code
Moates QH & BE
ForDiag

jsa
Tuning Addict
Posts: 700
Joined: Sat Nov 23, 2013 7:28 pm
Location: 'straya

Re: SAD disassembler progress

Post by jsa » Sat Dec 28, 2019 9:54 am

tvrfan wrote:
Sat Dec 28, 2019 12:26 am
UNLESS BY USER COMMAND.......
Yep, chisel that into marble and drag it up to the top of a mountain, for all to behold.
Cheers

John

95 Escort RS Cosworth - GHAJ0 / ANTI on a COSY box code
Moates QH & BE
ForDiag

User avatar
tvrfan
Tuning Addict
Posts: 490
Joined: Sat May 14, 2011 11:41 pm
Location: New Zealand

Re: SAD disassembler progress

Post by tvrfan » Sat Dec 28, 2019 2:17 pm

thanks again.

Yes agree - Anything which is a single bit will always be a single flag set or clear, BUT I'm pretty sure that I've seen AND Rx, 0xF0 done in a calculation, so I don't want to make that part worse.

Or another way is to have a global option to set it on or off (by default that is - SYM anywhere will still always cause Bx_Rn ) for everything.
Yes, it's one of several "what is best?" options, which is not always obvious to me.

The curly brackets - I've found that 'return' bug. My latest version goes back to your original listing.

other -
I've experimented with loops printed as 'while { }' and also '} else {' , both would replace some gotos, but I haven't cracked those reliably yet.
They would make understanding easier, so I really would like to do those, along with automatic data structure analysis (if I can get the injection table sorted out I'll be happy), but yes they would also change comment layout....

for now, will fix up those bugs and make a 4.04.

[a little later...] I just realised that LDX, Rx, n , where n is immediate value and Rx is a flags register, won't get converted into separate flags either.
OK, this will probably only happen in an initialise subroutine, but it should still be fixed if possible.


[later still] Well the best laid plans - can't do the ldx idea becuase THIS happens

Code: Select all

35e1: a1,31,25,ba         ldw   Rba,2531         B0_Rba = 1;
                                                 B4_Rba = 1;
                                                 B5_Rba = 1;
                                                 B8_Rba = 1;
                                                 B10_Rba = 1;
                                                 B13_Rba = 1;
35e5: a0,64,34            ldw   R34,R64          R34 = R64;
35e8: ef,9a,01            call  3785             Sub_3785();
TVR, kit cars, classic cars. Ex IT geek, development and databases.
https://github.com/tvrfan/EEC-IV-disassembler

User avatar
tvrfan
Tuning Addict
Posts: 490
Joined: Sat May 14, 2011 11:41 pm
Location: New Zealand

Re: SAD 4.0.3b released

Post by tvrfan » Sun Dec 29, 2019 3:22 pm

Interim fixes for jsa's reported bugs released to git as 4.03b ....

1. Fix for 'return' being shown for a jump when it should not (and resultant incorrect braces being shown).
2. Change default rules for when individual bit updates are shown (i.e. "Bn_Rx = 0" style), more as 3.08 did.
NB. ONLY applies for AND, OR and XOR opcodes.
3. Fixes for using .msg file as .dir file (option 'U' not being handled, all msg lines now prefixed with #).
4. TEMP - Added comment in front of timer command (it doesn't always work correctly)
5. Fixed range problem with SYMS

1. Cannot reproduce data/code overlap, BUT I can see how it can happen from the SAD code -> to do.
2. Still some command overlap errors (.dir file) to fix up ->to do (it needs better error tracking).
3. Still get errors with cal console handling in a few bins.
TVR, kit cars, classic cars. Ex IT geek, development and databases.
https://github.com/tvrfan/EEC-IV-disassembler

jsa
Tuning Addict
Posts: 700
Joined: Sat Nov 23, 2013 7:28 pm
Location: 'straya

Re: SAD disassembler progress

Post by jsa » Sun Dec 29, 2019 9:46 pm

4.03b

I see you have decided to do bits for AN2W.
This one is flags.

Code: Select all

3bb3: 61,3f,fe,34         an2w  R34,fe3f         B6_R34 = 0;
                                                 B7_R34 = 0;
                                                 B8_R34 = 0;
Preferring B0_R35 rather than B8_R34.
In this case R34 & R35 go on to be treated as bytes.

Code: Select all

Small       Large
R34         R35
3F          FE
0011,1111   1111,1110

B6_R34=0
B7_R34=0
B0_R35=0
Cheers

John

95 Escort RS Cosworth - GHAJ0 / ANTI on a COSY box code
Moates QH & BE
ForDiag

User avatar
tvrfan
Tuning Addict
Posts: 490
Joined: Sat May 14, 2011 11:41 pm
Location: New Zealand

Re: SAD disassembler progress

Post by tvrfan » Sun Dec 29, 2019 10:14 pm

Yes - can change that.

Currently for a word op, it will show bits 0-15, and it always has (3.08 too).

For a SYM name however, because B8 R34 = B0 R35, it internally stores those sym names as byte addresses with 0-7 as bit number.
There is an extra check to convert it. That then shows the same SYM name for both word and byte opcodes.

Can do the same convert to get B0_R35.

OK, will build that in.... it's more consistent I guess.
TVR, kit cars, classic cars. Ex IT geek, development and databases.
https://github.com/tvrfan/EEC-IV-disassembler

jsa
Tuning Addict
Posts: 700
Joined: Sat Nov 23, 2013 7:28 pm
Location: 'straya

Re: SAD disassembler progress

Post by jsa » Sun Dec 29, 2019 10:17 pm

This str command in dir gives error in message and failed decode in lst

Code: Select all

#Line 3494 - str  5402 5441 : R 0 UWX N : O 3 UYX : D 2c5 UYX N : R 0 UWX N  # 4.03b

#                                ^ Illegal Option
Edit: Names not being applied with 3.08 stlye syntax
Cheers

John

95 Escort RS Cosworth - GHAJ0 / ANTI on a COSY box code
Moates QH & BE
ForDiag

jsa
Tuning Addict
Posts: 700
Joined: Sat Nov 23, 2013 7:28 pm
Location: 'straya

Re: SAD disassembler progress

Post by jsa » Sun Dec 29, 2019 10:32 pm

4.03b MSG

Code: Select all

rbase 58 190
My DIR (has no rbase 58)

Code: Select all

SYM   58 5721 572B ".tmp_name."
resultant LST, 1st commandment voilated

Code: Select all

5729: d1,03               jleu  572e             if (R58 > 68)  {
EDIT: fixed by
tvrfan wrote:
Sun Dec 29, 2019 10:47 pm
John, I did do an in between release, and realised syms were still broken.
Can you download latest SAD now and double check that sym issue ??? Thanks.
Last edited by jsa on Sun Dec 29, 2019 10:56 pm, edited 1 time in total.
Cheers

John

95 Escort RS Cosworth - GHAJ0 / ANTI on a COSY box code
Moates QH & BE
ForDiag

jsa
Tuning Addict
Posts: 700
Joined: Sat Nov 23, 2013 7:28 pm
Location: 'straya

Re: SAD disassembler progress

Post by jsa » Sun Dec 29, 2019 10:37 pm

XORB

One to ponder

Code: Select all

57d2: b1,06,5a            ldb   R5a,6            R5a = 6;
.
.
57de: 95,10,5a            xorb  R5a,10           B4_R5a ^= 1; }                    # xor 6,10=dec16 
EDIT removed cryptic bin note
Last edited by jsa on Sun Dec 29, 2019 10:50 pm, edited 1 time in total.
Cheers

John

95 Escort RS Cosworth - GHAJ0 / ANTI on a COSY box code
Moates QH & BE
ForDiag

User avatar
tvrfan
Tuning Addict
Posts: 490
Joined: Sat May 14, 2011 11:41 pm
Location: New Zealand

Re: SAD disassembler progress

Post by tvrfan » Sun Dec 29, 2019 10:47 pm

Not surprised, what the hell is "R 0" ???? That's not in my syntax anywhere !! I need to go check that !!

And just a reminder for the bits ops - those opcodes support indirect and indexed as well.

It's perfectly legal to do R32 &= [R34]; and R32 &= [R34 + 6]; (ouch!!, but say in the injection table or something, it may happen)
and SAD can ONLY do the Bx_Rn style in immediate opcodes where the 'mask' value is a fixed value, as in ORW R32, 0xfeff;

John, I did do an in between release, and realised syms were still broken.
Can you download latest SAD now and double check that sym issue ??? Thanks.

and 57de XORB R5a, 10 ; IS bit 4 = 0001 0000

if R5a was still 6, it would indeed go to 16, but it's NOT a direct result of the xorb.
Last edited by tvrfan on Sun Dec 29, 2019 10:51 pm, edited 2 times in total.
TVR, kit cars, classic cars. Ex IT geek, development and databases.
https://github.com/tvrfan/EEC-IV-disassembler

jsa
Tuning Addict
Posts: 700
Joined: Sat Nov 23, 2013 7:28 pm
Location: 'straya

Re: SAD disassembler progress

Post by jsa » Sun Dec 29, 2019 10:47 pm

name in DIR ignored

Code: Select all

Sub 6BDF "Sub6BDF_My Name"
Cheers

John

95 Escort RS Cosworth - GHAJ0 / ANTI on a COSY box code
Moates QH & BE
ForDiag

User avatar
tvrfan
Tuning Addict
Posts: 490
Joined: Sat May 14, 2011 11:41 pm
Location: New Zealand

Re: SAD disassembler progress

Post by tvrfan » Sun Dec 29, 2019 10:53 pm

Ah, I see,

Code: Select all

57d2: b1,06,5a            ldb   R5a,6            R5a = 6;
57d5: 71,f7,ea            an2b  Rea,f7           B3_Rea = 0;
57d8: 36,de,06            jnb   B6,Rde,57e1      if (B6_Rde = 1)  {
57db: 91,08,ea            orb   Rea,8            B3_Rea = 1;
57de: 95,10,5a            xorb  R5a,10           B4_R5a ^= 1; }
That ldb could be shown in the flags style too................hmmm.... I need to work on that a little, as my attempt before failed spectacularly...
TVR, kit cars, classic cars. Ex IT geek, development and databases.
https://github.com/tvrfan/EEC-IV-disassembler

jsa
Tuning Addict
Posts: 700
Joined: Sat Nov 23, 2013 7:28 pm
Location: 'straya

Re: SAD disassembler progress

Post by jsa » Sun Dec 29, 2019 11:12 pm

tvrfan wrote:
Sun Dec 29, 2019 10:47 pm
Not surprised, what the hell is "R 0" ???? That's not in my syntax anywhere !! I need to go check that !!
Thinking about it more, that might be a result of 4.03 taking my 3.08 cmd syntax and appending some 4.03 syntax then putting it to MSG as a hybrid mess that should not be copied back to DIR as 4.03 syntax.

John, I did do an in between release, and realised syms were still broken.
Can you download latest SAD now and double check that sym issue ??? Thanks.
Sneaky, ok that fixed ranged R58.
and 57de XORB R5a, 10 ; IS bit 4 = 0001 0000

if R5a was still 6, it would indeed go to 16, but it's NOT a direct result of the xorb.
Yeah, deleted my dodgy cryptic BIN number.
I have a note in cmt obviously that the result is dec16 as opposed to a simple B4 change.
Cheers

John

95 Escort RS Cosworth - GHAJ0 / ANTI on a COSY box code
Moates QH & BE
ForDiag

jsa
Tuning Addict
Posts: 700
Joined: Sat Nov 23, 2013 7:28 pm
Location: 'straya

Re: SAD disassembler progress

Post by jsa » Sun Dec 29, 2019 11:19 pm

4.03b2

DIR, names of bits applied incorrectly
2 named bits for R47 only

Code: Select all

SYM   47 "Name_0"      :T +0     
SYM   47 "Name_1"      :T +1    
LST

Code: Select all

5859: 3d,47,02            jb    B5,R47,585e      if (B5_Name_0 = 0)
Last edited by jsa on Sun Dec 29, 2019 11:27 pm, edited 1 time in total.
Cheers

John

95 Escort RS Cosworth - GHAJ0 / ANTI on a COSY box code
Moates QH & BE
ForDiag

User avatar
tvrfan
Tuning Addict
Posts: 490
Joined: Sat May 14, 2011 11:41 pm
Location: New Zealand

Re: SAD disassembler progress

Post by tvrfan » Sun Dec 29, 2019 11:24 pm

Yep, I spotted that bit issue on something else - I've screwed up a 'whole name' (byte or word) versus a 'bit name' storage somewhere.....

back soon.

Hey, and thanks again for being my tester - these are all well spotted, and I'm too close to see some of the stuff you are seeing... Great stuff.

I didn't even think of feeding back the .msgs file , even though that's what it's for !! (duh....)
TVR, kit cars, classic cars. Ex IT geek, development and databases.
https://github.com/tvrfan/EEC-IV-disassembler

jsa
Tuning Addict
Posts: 700
Joined: Sat Nov 23, 2013 7:28 pm
Location: 'straya

Re: SAD disassembler progress

Post by jsa » Sun Dec 29, 2019 11:24 pm

another to ponder

Code: Select all

5905: 71,7f,4d            an2b  R4d,7f           B7_R4d = 0;                       # B7 Clear 0
5908: 35,4d,03            jnb   B5,R4d,590e      if (B5_R4d = 1)  {
590b: 91,80,4d            orb   R4d,80           B7_R4d = 1; }                     # B7 Set 1   
590e: b0,0b,4c            ldb   R4c,Rb           R4c = HSI_Sample;
5911: 85,00,20,4c         xrw   R4c,2000         B13_R4c ^= 1;
Cheers

John

95 Escort RS Cosworth - GHAJ0 / ANTI on a COSY box code
Moates QH & BE
ForDiag

Post Reply

Who is online

Users browsing this forum: No registered users and 1 guest