CPU power up state: Difference between revisions
From NESdev Wiki
Jump to navigationJump to search
TakuikaNinja (talk | contribs) (Overhaul the layout and add information on save RAM and best practices.) |
TakuikaNinja (talk | contribs) (Link the Stack article.) |
||
| (2 intermediate revisions by the same user not shown) | |||
| Line 1: | Line 1: | ||
Initial tests on the power-up/reset state of the CPU/APU and RAM contents were done using an NTSC front-loading NES from 1988 with a RP2A03G CPU on the NES-CPU-07 board revision. | Initial tests on the power-up/reset state of the CPU/APU and RAM contents were done using an NTSC front-loading NES from 1988 with a RP2A03G CPU on the NES-CPU-07 board revision. | ||
Countless bugs in [[Game bugs|commercial]] and [[Program compatibility|homebrew]] games exist because of a reliance on the | Countless bugs in [[Game bugs|commercial]] and [[Program compatibility|homebrew]] games exist because of a reliance on the initial system state. An NES programmer should not rely on the state of CPU/APU registers and RAM contents not guaranteed at power-up/reset. | ||
== CPU == | == CPU == | ||
| Line 10: | Line 10: | ||
! After Reset | ! After Reset | ||
|- | |- | ||
| A, X, Y || | | A, X, Y || 0 || unchanged | ||
|- | |- | ||
| PC || ($FFFC) || ($FFFC) | | PC || ($FFFC) || ($FFFC) | ||
|- | |- | ||
| S<ref name="reset-stack-push">RESET uses the logic shared with NMI, IRQ, and BRK that would push PC and P. However, like [[Visual6502wiki/6502 BRK and B bit#masking of the stack writes during RESET|some but not all 6502s]], the 2A03 prohibits writes during reset. [https://forums.nesdev.org/viewtopic.php?p=184247#p184247 This test] relies on open bus being precharged by these reads. See [https://www.youtube.com/watch?v=fWqBmmPQP40&t=41m45s 27c3: Reverse Engineering the MOS 6502 CPU (en)] from 41:45 onward for details</ref> || $00 - 3 = $FD || S -= 3 | | [[Stack|S]]<ref name="reset-stack-push">RESET uses the logic shared with NMI, IRQ, and BRK that would push PC and P. However, like [[Visual6502wiki/6502 BRK and B bit#masking of the stack writes during RESET|some but not all 6502s]], the 2A03 prohibits writes during reset. [https://forums.nesdev.org/viewtopic.php?p=184247#p184247 This test] relies on open bus being precharged by these reads. See [https://www.youtube.com/watch?v=fWqBmmPQP40&t=41m45s 27c3: Reverse Engineering the MOS 6502 CPU (en)] from 41:45 onward for details</ref> || $00 - 3 = $FD || S -= 3 | ||
|- | |- | ||
| [[Status flags#C: Carry|C]] || 0 || unchanged | | [[Status flags#C: Carry|C]] || 0 || unchanged | ||
| Line 36: | Line 36: | ||
! After Reset | ! After Reset | ||
|- | |- | ||
| [[APU Pulse|Pulses]] ($4000-$4007) || | | [[APU Pulse|Pulses]] ($4000-$4007) || 0 || unchanged? | ||
|- | |- | ||
| [[APU Triangle|Triangle]] ($4008-$400B) || | | [[APU Triangle|Triangle]] ($4008-$400B) || 0 || unchanged? | ||
|- | |- | ||
| [[APU Triangle|Triangle]] phase || ? || 0 (output = 15) | | [[APU Triangle|Triangle]] phase || ? || 0 (output = 15) | ||
|- | |- | ||
| [[APU Noise|Noise]] ($400C-$400F) || | | [[APU Noise|Noise]] ($400C-$400F) || 0 || unchanged? | ||
|- | |- | ||
| [[APU Noise|Noise]] 15-bit LFSR || $0000 (first clock shifts in a 1)<ref>[https://forums.nesdev.org/viewtopic.php?p=172797#p172797 Noise channel init log]</ref> || unchanged? | | [[APU Noise|Noise]] 15-bit LFSR || $0000 (all 0s, first clock shifts in a 1)<ref>[https://forums.nesdev.org/viewtopic.php?p=172797#p172797 Noise channel init log]</ref> || unchanged? | ||
|- | |- | ||
| [[APU DMC|DMC]] flags and rate ($4010)<ref name="ebd">[https://forums.nesdev.org/viewtopic.php? | | [[APU DMC|DMC]] flags and rate ($4010)<ref name="ebd">[https://forums.nesdev.org/viewtopic.php?p=231773#p231773 DMC power-up state manifests as buzzing in Eliminator Boat Duel]</ref> || 0 || unchanged | ||
|- | |- | ||
| [[APU DMC|DMC]] direct load ($4011)<ref name="ebd" /> || | | [[APU DMC|DMC]] direct load ($4011)<ref name="ebd" /> || 0 || [$4011] &= 1 | ||
|- | |- | ||
| [[APU DMC|DMC]] sample address ($4012)<ref name="ebd" /> || | | [[APU DMC|DMC]] sample address ($4012)<ref name="ebd" /> || 0 || unchanged | ||
|- | |- | ||
| [[APU DMC|DMC]] sample length ($4013)<ref name="ebd" /> || | | [[APU DMC|DMC]] sample length ($4013)<ref name="ebd" /> || 0 || unchanged | ||
|- | |- | ||
| [[APU DMC|DMC]] LFSR || | | [[APU DMC|DMC]] LFSR || 0? (revision-dependent?) || ? (revision-dependent?) | ||
|- | |- | ||
| [[APU#Status ($4015) | Status]] ($4015) || | | [[APU#Status ($4015) | Status]] ($4015) || 0 (all channels disabled) || 0 (all channels disabled) | ||
|- | |- | ||
| [[APU Frame Counter|Frame Counter]] ($4017) || | | [[APU Frame Counter|Frame Counter]] ($4017) || 0 (frame IRQ enabled) || unchanged | ||
|- | |- | ||
| [[APU Frame Counter|Frame Counter]] LFSR<ref name="$4017 lfsr">[https://forums.nesdev.org/viewtopic.php?p=214939#p214939 2A03letterless is missing transistor to set frame counter LFSR on reset]</ref> || $7FFF || revision-dependent | | [[APU Frame Counter|Frame Counter]] LFSR<ref name="$4017 lfsr">[https://forums.nesdev.org/viewtopic.php?p=214939#p214939 2A03letterless is missing transistor to set frame counter LFSR on reset]</ref> || $7FFF (all 1s) || revision-dependent | ||
|} | |} | ||
| Line 70: | Line 70: | ||
! After Reset | ! After Reset | ||
|- | |- | ||
| [[APU DMC|DMC]] LFSR || | | [[APU DMC|DMC]] LFSR || 0? || ? | ||
|- | |- | ||
| [[APU Frame Counter|Frame Counter]] LFSR<ref name="$4017 lfsr" /> || $7FFF || unchanged | | [[APU Frame Counter|Frame Counter]] LFSR<ref name="$4017 lfsr" /> || $7FFF (all 1s) || unchanged | ||
|} | |} | ||
| Line 81: | Line 81: | ||
! After Reset | ! After Reset | ||
|- | |- | ||
| [[APU DMC|DMC]] LFSR || | | [[APU DMC|DMC]] LFSR || 0? || ? | ||
|- | |- | ||
| [[APU Frame Counter|Frame Counter]] LFSR<ref name="$4017 lfsr" /> || $7FFF || $7FFF | | [[APU Frame Counter|Frame Counter]] LFSR<ref name="$4017 lfsr" /> || $7FFF (all 1s) || $7FFF (all 1s) | ||
|} | |} | ||
Latest revision as of 23:25, 18 June 2024
Initial tests on the power-up/reset state of the CPU/APU and RAM contents were done using an NTSC front-loading NES from 1988 with a RP2A03G CPU on the NES-CPU-07 board revision.
Countless bugs in commercial and homebrew games exist because of a reliance on the initial system state. An NES programmer should not rely on the state of CPU/APU registers and RAM contents not guaranteed at power-up/reset.
CPU
| Register | At Power | After Reset |
|---|---|---|
| A, X, Y | 0 | unchanged |
| PC | ($FFFC) | ($FFFC) |
| S[1] | $00 - 3 = $FD | S -= 3 |
| C | 0 | unchanged |
| Z | 0 | unchanged |
| I | 1 | 1 |
| D | 0 | unchanged |
| V | 0 | unchanged |
| N | 0 | unchanged |
APU
| Register | At Power | After Reset |
|---|---|---|
| Pulses ($4000-$4007) | 0 | unchanged? |
| Triangle ($4008-$400B) | 0 | unchanged? |
| Triangle phase | ? | 0 (output = 15) |
| Noise ($400C-$400F) | 0 | unchanged? |
| Noise 15-bit LFSR | $0000 (all 0s, first clock shifts in a 1)[2] | unchanged? |
| DMC flags and rate ($4010)[3] | 0 | unchanged |
| DMC direct load ($4011)[3] | 0 | [$4011] &= 1 |
| DMC sample address ($4012)[3] | 0 | unchanged |
| DMC sample length ($4013)[3] | 0 | unchanged |
| DMC LFSR | 0? (revision-dependent?) | ? (revision-dependent?) |
| Status ($4015) | 0 (all channels disabled) | 0 (all channels disabled) |
| Frame Counter ($4017) | 0 (frame IRQ enabled) | unchanged |
| Frame Counter LFSR[4] | $7FFF (all 1s) | revision-dependent |
Revision-dependent Register Values
| Register | At Power | After Reset |
|---|---|---|
| DMC LFSR | 0? | ? |
| Frame Counter LFSR[4] | $7FFF (all 1s) | unchanged |
| Register | At Power | After Reset |
|---|---|---|
| DMC LFSR | 0? | ? |
| Frame Counter LFSR[4] | $7FFF (all 1s) | $7FFF (all 1s) |
RAM contents
Internal RAM ($0000-$07FF) and cartridge RAM (usually $6000–$7FFF, depends on mapper) have an unreliable state on power-up and is unchanged after a reset. Some machines may have consistent RAM contents at power-up, but others may not. Emulators often implement a consistent RAM startup state (e.g. all $00 or $FF, or a particular pattern), and flashcarts may partially or fully initialize RAM before starting a program.
Battery-backed save RAM and other types of SRAM/NVRAM have an unreliable state on the first power-up and is generally unchanged after subsequent resets and power-ups. However, there is an added chance of data corruption due to loss of power or other external factors (bugs, cheats, etc). Emulators and flashcarts may initialize save files with a consistent state (much like other sections of RAM) and persist this data without corruption after closing or reloading a game.
Because of these factors, an NES programmer must be careful not to blindly trust the initial contents of RAM.
Best practices
- Configure the emulator so it provides a random system state and random RAM contents on power-up.
- Mesen provides a set of such emulation options recommended for developers, along with a debugger setting to break execution on all reads from uninitialized RAM.
- Refer to the init code article when setting up the reset handler. The sample implementation is a good point to start from.
- If you are using an audio driver, make sure to call its initialization routine in the reset handler before playing any sound.
- If some RAM state is intended to persist across resets, ensure that the checks used to do so are robust against random initial RAM contents. (e.g. unique multi-byte signatures, checksum calculations, etc)
- Validate any data read from potentially unreliable sources before using it. For example, the stats of an RPG character could be checked against valid ranges when loading them from a save.
See also
References
- ↑ RESET uses the logic shared with NMI, IRQ, and BRK that would push PC and P. However, like some but not all 6502s, the 2A03 prohibits writes during reset. This test relies on open bus being precharged by these reads. See 27c3: Reverse Engineering the MOS 6502 CPU (en) from 41:45 onward for details
- ↑ Noise channel init log
- ↑ 3.0 3.1 3.2 3.3 DMC power-up state manifests as buzzing in Eliminator Boat Duel
- ↑ 4.0 4.1 4.2 2A03letterless is missing transistor to set frame counter LFSR on reset
