CPU power up state

From NESdev Wiki
Revision as of 03:52, 3 June 2024 by TakuikaNinja (talk | contribs) (Fix typo for "initial")
Jump to navigationJump to search

Initial tests on the power-up/reset state of the CPU/APU and RAM contents were done using an NTSC front-loading NES from 1988 with a RP2A03G CPU on the NES-CPU-07 board revision.

Countless bugs in commercial and homebrew games exist because of a reliance on the initial system state. An NES programmer should not rely on the state of CPU/APU registers and RAM contents not guaranteed at power-up/reset.

CPU

Initial CPU Register Values
Register At Power After Reset
A, X, Y $00 unchanged
PC ($FFFC) ($FFFC)
S[1] $00 - 3 = $FD S -= 3
C 0 unchanged
Z 0 unchanged
I 1 1
D 0 unchanged
V 0 unchanged
N 0 unchanged

APU

Initial APU Register Values
Register At Power After Reset
Pulses ($4000-$4007) $00 unchanged?
Triangle ($4008-$400B) $00 unchanged?
Triangle phase ? 0 (output = 15)
Noise ($400C-$400F) $00 unchanged?
Noise 15-bit LFSR $0000 (first clock shifts in a 1)[2] unchanged?
DMC flags and rate ($4010)[3] $00 unchanged
DMC direct load ($4011)[3] $00 [$4011] &= 1
DMC sample address ($4012)[3] $00 unchanged
DMC sample length ($4013)[3] $00 unchanged
DMC LFSR $00? (revision-dependent?) ? (revision-dependent?)
Status ($4015) $00 (all channels disabled) $00 (all channels disabled)
Frame Counter ($4017) $00 (frame IRQ enabled) unchanged
Frame Counter LFSR[4] $7FFF revision-dependent

Revision-dependent Register Values

2A03 letterless
Register At Power After Reset
DMC LFSR $00? ?
Frame Counter LFSR[4] $7FFF unchanged
2A03E, 2A03G, 2A07, various clones
Register At Power After Reset
DMC LFSR $00? ?
Frame Counter LFSR[4] $7FFF $7FFF

RAM contents

Internal RAM ($0000-$07FF) and cartridge RAM (usually $6000–$7FFF, depends on mapper) have an unreliable state on power-up and is unchanged after a reset. Some machines may have consistent RAM contents at power-up, but others may not. Emulators often implement a consistent RAM startup state (e.g. all $00 or $FF, or a particular pattern), and flashcarts may partially or fully initialize RAM before starting a program.

Battery-backed save RAM and other types of SRAM/NVRAM have an unreliable state on the first power-up and is generally unchanged after subsequent resets and power-ups. However, there is an added chance of data corruption due to loss of power or other external factors (bugs, cheats, etc). Emulators and flashcarts may initialize save files with a consistent state (much like other sections of RAM) and persist this data without corruption after closing or reloading a game.

Because of these factors, an NES programmer must be careful not to blindly trust the initial contents of RAM.

Best practices

  • Configure the emulator so it provides a random system state and random RAM contents on power-up.
    • Mesen provides a set of such emulation options recommended for developers, along with a debugger setting to break execution on all reads from uninitialized RAM.
  • Refer to the init code article when setting up the reset handler. The sample implementation is a good point to start from.
    • If you are using an audio driver, make sure to call its initialization routine in the reset handler before playing any sound.
  • If some RAM state is intended to persist across resets, ensure that the checks used to do so are robust against random initial RAM contents. (e.g. unique multi-byte signatures, checksum calculations, etc)
  • Validate any data read from potentially unreliable sources before using it. For example, the stats of an RPG character could be checked against valid ranges when loading them from a save.

See also

References

  1. RESET uses the logic shared with NMI, IRQ, and BRK that would push PC and P. However, like some but not all 6502s, the 2A03 prohibits writes during reset. This test relies on open bus being precharged by these reads. See 27c3: Reverse Engineering the MOS 6502 CPU (en) from 41:45 onward for details
  2. Noise channel init log
  3. 3.0 3.1 3.2 3.3 Eliminator Boat Duel
  4. 4.0 4.1 4.2 2A03letterless is missing transistor to set frame counter LFSR on reset