CPU power up state: Difference between revisions
(→At power-up: since I bothered to write a test to determine the LFSR cold boot state...) |
TakuikaNinja (talk | contribs) m (Highlight the fact that APU frame counter IRQs are enabled at power-up.) |
||
(17 intermediate revisions by 5 users not shown) | |||
Line 1: | Line 1: | ||
Initial tests on the power-up/reset state of the CPU/APU and RAM contents were done using an NTSC front-loading NES from 1988 with a RP2A03G CPU on the NES-CPU-07 board revision. | |||
Countless bugs in [[Game bugs|commercial]] and [[Program compatibility|homebrew]] games exist because of a reliance on the initial system state. An NES programmer should not rely on the state of CPU/APU registers and RAM contents not guaranteed at power-up/reset. | |||
== CPU == | |||
: | {| class="wikitable" | ||
|+ Initial [[CPU registers| CPU Register]] Values | |||
! Register | |||
! At Power | |||
! After Reset | |||
|- | |||
| A, X, Y || 0 || unchanged | |||
|- | |||
| PC || ($FFFC) || ($FFFC) | |||
|- | |||
| [[Stack|S]]<ref name="reset-stack-push">RESET uses the logic shared with NMI, IRQ, and BRK that would push PC and P. However, like [[Visual6502wiki/6502 BRK and B bit#masking of the stack writes during RESET|some but not all 6502s]], the 2A03 prohibits writes during reset. [https://forums.nesdev.org/viewtopic.php?p=184247#p184247 This test] relies on open bus being precharged by these reads. See [https://www.youtube.com/watch?v=fWqBmmPQP40&t=41m45s 27c3: Reverse Engineering the MOS 6502 CPU (en)] from 41:45 onward for details</ref> || $00 - 3 = $FD || S -= 3 | |||
|- | |||
| [[Status flags#C: Carry|C]] || 0 || unchanged | |||
|- | |||
| [[Status flags#Z: Zero|Z]] || 0 || unchanged | |||
|- | |||
| [[Status flags#I: Interrupt Disable|I]] || 1 || 1 | |||
|- | |||
| [[Status flags#D: Decimal|D]] || 0 || unchanged | |||
|- | |||
| [[Status flags#V: Overflow|V]] || 0 || unchanged | |||
|- | |||
| [[Status flags#N: Negative|N]] || 0 || unchanged | |||
|} | |||
==After | == APU == | ||
: | {| class="wikitable" | ||
|+ Initial [[APU]] Register Values | |||
! Register | |||
! At Power | |||
:APU | ! After Reset | ||
|- | |||
| [[APU Pulse|Pulses]] ($4000-$4007) || 0 || unchanged? | |||
|- | |||
| [[APU Triangle|Triangle]] ($4008-$400B) || 0 || unchanged? | |||
|- | |||
| [[APU Triangle|Triangle]] phase || ? || 0 (output = 15) | |||
|- | |||
| [[APU Noise|Noise]] ($400C-$400F) || 0 || unchanged? | |||
|- | |||
| [[APU Noise|Noise]] 15-bit LFSR || $0000 (all 0s, first clock shifts in a 1)<ref>[https://forums.nesdev.org/viewtopic.php?p=172797#p172797 Noise channel init log]</ref> || unchanged? | |||
|- | |||
| [[APU DMC|DMC]] flags and rate ($4010)<ref name="ebd">[https://forums.nesdev.org/viewtopic.php?p=231773#p231773 DMC power-up state manifests as buzzing in Eliminator Boat Duel]</ref> || 0 || unchanged | |||
|- | |||
| [[APU DMC|DMC]] direct load ($4011)<ref name="ebd" /> || 0 || [$4011] &= 1 | |||
|- | |||
| [[APU DMC|DMC]] sample address ($4012)<ref name="ebd" /> || 0 || unchanged | |||
|- | |||
| [[APU DMC|DMC]] sample length ($4013)<ref name="ebd" /> || 0 || unchanged | |||
|- | |||
| [[APU DMC|DMC]] LFSR || 0? (revision-dependent?) || ? (revision-dependent?) | |||
|- | |||
| [[APU#Status ($4015) | Status]] ($4015) || 0 (all channels disabled) || 0 (all channels disabled) | |||
|- | |||
| [[APU Frame Counter|Frame Counter]] ($4017) || 0 ('''frame IRQ enabled''') || unchanged | |||
|- | |||
| [[APU Frame Counter|Frame Counter]] LFSR<ref name="$4017 lfsr">[https://forums.nesdev.org/viewtopic.php?p=214939#p214939 2A03letterless is missing transistor to set frame counter LFSR on reset]</ref> || $7FFF (all 1s) || revision-dependent | |||
|} | |||
=== Revision-dependent Register Values === | |||
{| class="wikitable" | |||
|+ 2A03 letterless | |||
! Register | |||
! At Power | |||
! After Reset | |||
|- | |||
| [[APU DMC|DMC]] LFSR || 0? || ? | |||
|- | |||
| [[APU Frame Counter|Frame Counter]] LFSR<ref name="$4017 lfsr" /> || $7FFF (all 1s) || unchanged | |||
|} | |||
{| class="wikitable" | |||
|+ 2A03E, 2A03G, 2A07, various clones | |||
! Register | |||
! At Power | |||
! After Reset | |||
|- | |||
| [[APU DMC|DMC]] LFSR || 0? || ? | |||
|- | |||
| [[APU Frame Counter|Frame Counter]] LFSR<ref name="$4017 lfsr" /> || $7FFF (all 1s) || $7FFF (all 1s) | |||
|} | |||
== RAM contents == | |||
Internal RAM ($0000-$07FF) and cartridge RAM (usually $6000–$7FFF, depends on mapper) have an unreliable state on power-up and is unchanged after a reset. Some machines may have consistent RAM contents at power-up, but others may not. Emulators often implement a consistent RAM startup state (e.g. all $00 or $FF, or a particular pattern), and [[Flashcart | flashcarts]] may partially or fully initialize RAM before starting a program. | |||
Battery-backed save RAM and other types of SRAM/NVRAM have an unreliable state on the first power-up and is generally unchanged after subsequent resets and power-ups. However, there is an added chance of data corruption due to loss of power or other external factors (bugs, cheats, etc). Emulators and flashcarts may initialize save files with a consistent state (much like other sections of RAM) and persist this data without corruption after closing or reloading a game. | |||
Because of these factors, an NES programmer must be careful not to blindly trust the initial contents of RAM. | |||
== Best practices == | |||
*Configure the emulator so it provides a random system state and random RAM contents on power-up. | |||
**[https://www.mesen.ca/ Mesen] provides a set of such emulation options recommended for developers, along with a debugger setting to break execution on all reads from uninitialized RAM. | |||
*Refer to the [[Init code|init code]] article when setting up the reset handler. The sample implementation is a good point to start from. | |||
**If you are using an [[Audio drivers|audio driver]], make sure to call its initialization routine in the reset handler before playing any sound. | |||
*If some RAM state is intended to persist across resets, ensure that the checks used to do so are robust against random initial RAM contents. (e.g. unique multi-byte signatures, checksum calculations, etc) | |||
*Validate any data read from potentially unreliable sources before using it. For example, the stats of an RPG character could be checked against valid ranges when loading them from a save. | |||
== See also == | == See also == | ||
*[[PPU power up state]] | *[[PPU power up state]] | ||
== | |||
== References == | |||
<references /> |
Latest revision as of 03:33, 30 September 2024
Initial tests on the power-up/reset state of the CPU/APU and RAM contents were done using an NTSC front-loading NES from 1988 with a RP2A03G CPU on the NES-CPU-07 board revision.
Countless bugs in commercial and homebrew games exist because of a reliance on the initial system state. An NES programmer should not rely on the state of CPU/APU registers and RAM contents not guaranteed at power-up/reset.
CPU
Register | At Power | After Reset |
---|---|---|
A, X, Y | 0 | unchanged |
PC | ($FFFC) | ($FFFC) |
S[1] | $00 - 3 = $FD | S -= 3 |
C | 0 | unchanged |
Z | 0 | unchanged |
I | 1 | 1 |
D | 0 | unchanged |
V | 0 | unchanged |
N | 0 | unchanged |
APU
Register | At Power | After Reset |
---|---|---|
Pulses ($4000-$4007) | 0 | unchanged? |
Triangle ($4008-$400B) | 0 | unchanged? |
Triangle phase | ? | 0 (output = 15) |
Noise ($400C-$400F) | 0 | unchanged? |
Noise 15-bit LFSR | $0000 (all 0s, first clock shifts in a 1)[2] | unchanged? |
DMC flags and rate ($4010)[3] | 0 | unchanged |
DMC direct load ($4011)[3] | 0 | [$4011] &= 1 |
DMC sample address ($4012)[3] | 0 | unchanged |
DMC sample length ($4013)[3] | 0 | unchanged |
DMC LFSR | 0? (revision-dependent?) | ? (revision-dependent?) |
Status ($4015) | 0 (all channels disabled) | 0 (all channels disabled) |
Frame Counter ($4017) | 0 (frame IRQ enabled) | unchanged |
Frame Counter LFSR[4] | $7FFF (all 1s) | revision-dependent |
Revision-dependent Register Values
Register | At Power | After Reset |
---|---|---|
DMC LFSR | 0? | ? |
Frame Counter LFSR[4] | $7FFF (all 1s) | unchanged |
Register | At Power | After Reset |
---|---|---|
DMC LFSR | 0? | ? |
Frame Counter LFSR[4] | $7FFF (all 1s) | $7FFF (all 1s) |
RAM contents
Internal RAM ($0000-$07FF) and cartridge RAM (usually $6000–$7FFF, depends on mapper) have an unreliable state on power-up and is unchanged after a reset. Some machines may have consistent RAM contents at power-up, but others may not. Emulators often implement a consistent RAM startup state (e.g. all $00 or $FF, or a particular pattern), and flashcarts may partially or fully initialize RAM before starting a program.
Battery-backed save RAM and other types of SRAM/NVRAM have an unreliable state on the first power-up and is generally unchanged after subsequent resets and power-ups. However, there is an added chance of data corruption due to loss of power or other external factors (bugs, cheats, etc). Emulators and flashcarts may initialize save files with a consistent state (much like other sections of RAM) and persist this data without corruption after closing or reloading a game.
Because of these factors, an NES programmer must be careful not to blindly trust the initial contents of RAM.
Best practices
- Configure the emulator so it provides a random system state and random RAM contents on power-up.
- Mesen provides a set of such emulation options recommended for developers, along with a debugger setting to break execution on all reads from uninitialized RAM.
- Refer to the init code article when setting up the reset handler. The sample implementation is a good point to start from.
- If you are using an audio driver, make sure to call its initialization routine in the reset handler before playing any sound.
- If some RAM state is intended to persist across resets, ensure that the checks used to do so are robust against random initial RAM contents. (e.g. unique multi-byte signatures, checksum calculations, etc)
- Validate any data read from potentially unreliable sources before using it. For example, the stats of an RPG character could be checked against valid ranges when loading them from a save.
See also
References
- ↑ RESET uses the logic shared with NMI, IRQ, and BRK that would push PC and P. However, like some but not all 6502s, the 2A03 prohibits writes during reset. This test relies on open bus being precharged by these reads. See 27c3: Reverse Engineering the MOS 6502 CPU (en) from 41:45 onward for details
- ↑ Noise channel init log
- ↑ 3.0 3.1 3.2 3.3 DMC power-up state manifests as buzzing in Eliminator Boat Duel
- ↑ 4.0 4.1 4.2 2A03letterless is missing transistor to set frame counter LFSR on reset