[sdiy] 68k (was Re: Analysis of the TB-303 CPU timing)

Rainer Buchty rainer at buchty.net
Tue Mar 21 14:42:10 CET 2017

Hi Brian,

On Mon, 20 Mar 2017, Brian Willoughby wrote:

> It's often possible for multiple encodings to end up meaning the same 
> thing. This is possible both for RISC architectures, where specific 
> opcode bit fields are dedicated to specific functions, and also for 
> irregular architectures like the i86.

Well, for RISC I'm not so sure, as it has a (usually) uniform decoding 
like [condition] [operation] [op 3] [op 1/2 or address/value]. 
So assuming a truly orthogonal instruction set architecture, there's 
probably not too much unexpected behavior there.

But, yes, by exploiting the underlying decoder logic, depending on the 
architecture, undocumented features can be used (like the plenty of 
illegal opcodes on the 6502, exploiting the rather minimal decoder 
design, or the undocumented behavior on the Z80).

6809, in term, is rather boring in terms of illegal opcodes it seems, 
with only few usable commands (size-mismatched TFR/EXG, illegal register 
transfers resulting in a byte-wise shorter but cycle-wise longer way of 
initializing a register with all-1, reset command).

> When I see ENTER and LEAVE, I assume 68000, which is a CISC design.

80186 in this very case, but definitely CISC, yes.

(68k calls it LINK/UNLK. Haven't seen it used in the 68k synth OS I've 
probed so far, though my experience there is limited to Ensoniq VFX and 
TS-10/12 and therefore not particularly broad.)

> One of the driving motivations behind adding such opcodes as ENTER and 
> LEAVE was to take advantage of high-level language compilers. Thus, 
> I'd say it's a safe bet that these synths were coded in C.

Yes, it definitely smells like an early compiler with insufficient 
optimization. In any case, it makes procedures/functions nicely visible 
(and particularly easy to read as official documentation has leaked from 
Casio, which ~20 years ago was available from some FTP servers).

> I'm fairly certain that all of the Ensoniq synths/samplers were based 
> on the 68000 processor.

The DOC-based stuff (Mirage, SDP1, ESQ1, SQ80 and modules thereof) is 

68k was used with the DOC-II/OTIS/OTTO-based machines (EPS, VFX and 
beyond). Particularly the menu system is a "short vector" hell of 
partial string references, requiring a really capable disassembler 
(which I haven't found yet for 68k, see below).

> By the way, as part of my BSEE degree, I wrote a 68000 emulator in 
> 1987-1988 that could run emulations of various hardware platforms that 
> were based around that chip. I'm sure I've forgotten a lot of 68000 
> magic since then. The emulator included ROM, RAM, and UART peripheral 
> emulation, too, so as to fully emulate the hardware platforms. It 
> would have been a massive effort to emulate the DOC or ESP chips from 
> Ensoniq, so I never simulated a real-time audio synthesizer based on 
> the 68000. That emulator development served as the background 
> experience for many disassemblers since.

Cool thing!

You'll find DOC, DOC-II/OTIS/OTTO, and ESP emulations in the MAME source 
these days.

But while we're at it: do you (or anyone else on this list) know a 
*decent* 68k disassembler that

- allows defining structures,

- can deal with short vectors (i.e. only the lower 16-bit stored in
   memory, so any label file would need to supply the upper 8/16 bits
   for proper resolving), both for immediates and data in memory,

- preferrably intermixed (i.e. structs involving data and vectors), and

- does not preassign LineA/LineF?

Rainer (changing the subject to not hijack the TB303 thread)

More information about the Synth-diy mailing list