[sebhc] Rather serious H8/PAM-8 design flaw.

Dave Dunfield dave04a at dunfield.com
Thu May 27 05:34:20 CDT 2004

Previous message: [sebhc] Emulator fixes / additions
Next message: [sebhc] Emulator future? + request for tools
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

>>--- how does it get back to PAM-8?
>On the next clock interrupt.  PAM8's service routine checks to see if it's 
>in user mode (mon led is out), and if so, it checks to see if the 
>interrupted opcode is a halt, or if the RTM key combination is being 
>pressed.  In either case, it beeps and returns to monitor mode.  Remember, 
>PAM8 itself is designed to be a debugger!

This is a rather serious design flaw!

After interrupting ANY instruction (including HLT), the PC is advanced to the
byte afterward .. this means that to "examine" the instruction, PAM-8 has to
backup the stacked PC by one byte, and look for a $76 (HLT opcode).

Problem is - there's lots of mylti-byte instructions which end with $76.
Eg:

   LDA  $76xx    <= Or STA
   LHLD $76xx    <= Or SHLD
   MVI  A,$76    <= Or any register
   CPI  $76
   ANI  $76      <= Or ORI, XRI
   LXI  H,$76xx  <= Any register
   JMP  $76xx    <= Any Jxx inst
   CALL $76xx    <= Any Cxx inst

PAM-8 has no way of knowing that the instruction just interrupted was HLT
or a multi-byte instruction ending with $76

Try this program on your real H8 (or the emulator - but It does happen
on the real H8 also - I have verified this):

       ORG     $2040
loop:  MVI     A,$75
       JMP     LOOP

As expected, it runs "forever".

Now, change the second line to: MVI A,$76

Volia - the program will immediately exit to PAM-8 - in fact, you CANNOT
keep it running with interrupts enabled.

Any code which occupies the $76xx block of memory is almost certain to have
Jxx and/or Cxx instructions ending with $76 - If there's any data stored in
that page, there is very likely to be LDA/STA/LHLD/SHLD/LXI instructions
which end in $76. Plus - even in non-$76xx blocks, there are plenty of
immediate instructions which might end in $76 for any program of significant
complexity.

This is basically a time-bomb waiting to go off - if an interrupt happens at
just the right time in a program containing ANY instruction ending with $76,
PAM-8 will halt the program and re-enter the monitor.

Wow!

Regards,
Dave
-- 
dave04a (at)    Dave Dunfield
dunfield (dot)  Firmware development services & tools: www.dunfield.com
com             Vintage computing equipment collector.
                http://www.parse.com/~ddunfield/museum/index.html

--
Delivered by the SEBHC Mailing List

Previous message: [sebhc] Emulator fixes / additions
Next message: [sebhc] Emulator future? + request for tools
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the Sebhc mailing list