If it was a 6502, I’d be looking for a typical startup sequence like
LDX #$FF
TXS
(Which initialises the stack pointer.) It would be great if there’s something similar in pdp-11 land (Edit, oops, pdp-8), a very common sequence for the first few instructions after reset. Or at least, a very plausible sequence.
Personally, I would now look at words 6, 7, 8 of the ROM-pairs 1-5, 2-6, and 3-7.
Pair 1-5 (=ROM 1) has the same start as my full set 12345678.
words 6-8
00005 2363 S2 | a5, ISZ M163
00006 1204 JD | a6, TAD M4
00007 1030 HX | a7, TAD M30
Pair 2-6 has obviously data at the beginning (ROM 2= 1000 from the full set)
0 4600 &@ | a23, JMS I C0
1 4600 &@ | a24, JMS I C0
2 3600 ^@ | a25, DCA I M0
3 1200 J@ | a26, TAD M0
4 0200 B@ | a27, AND M0
5 2200 R@ | a30, ISZ M0
6 0200 B@ | a31, AND M0
7 1000 H@ | a32, TAD M0
Pair 3-7 seems also wrong
5 0326 CV | a30, AND M126
6 2234 R\ | a31, ISZ M34
7 3474 ; | a32, DCA I M74
To my knowledge everything below address 200 octal (usually) are pointers and the like. Including the auto-index registers at 10-17.
So I’m not sure if words 6-8 suit for being a vector target. And 200 is the usual start address.
I will tomorrow try trace runs, again check for strings etc. Good evening!
At reset, of course, the vector needs to point to ROM, not to RAM which would be presumed uninitialised. We don’t know where in memory the ROM is mapped - and we don’t know if the mapping is dynamic, such that the ROM gets out of the way later.
Perhaps instead of 0006 octal we should read the ROMs in the opposite byte order, and it’s 0600 as the reset vector.
Edit: maybe those FF padding bytes, which for me are unexpectedly at the start of a ROM, are there because that range of addresses is actually mapped to RAM. Maybe in this application, 128 bytes of RAM is enough. Have you check the boards for RAM chips, and if so how much RAM did you find?
I’m currently not that into the PDP-8 (there probably others here, much more knowledgeable on the subject), but here are a few notes on the memory architecture:
Generally, the memory is thought in pages of 128 12-bit words and the architecture is built around bank switching between these pages. With indirect addressing, each instruction can either address the current page, or page zero, depending on the z-bit (in 5th position counting from the highest bit, just after the indirect bit).
However, there is also the optional memory extension controller unit, which provides 3-bit registers for an instruction field and a data field. Here, the data field (DF) selects a 4K bank for any data access, while the instruction field (IF) selects a bank for fetching instruction by indirect addressing. Beginning with the 8/E, this was enhanced to full virtualization, where all I/O instructions, including those setting the IF and DF registers, are trapped by an interrupt. (As a consequence, more than one program can coexist in memory with the illusion of “owning” the entire machine.)
Addresses 8-15 (octal 10-17) in page zero are special, as these are auto-increment registers, incremented prior to access, when used for indirect addressing.
Usually programs start at octal 200, the first address on page 1. A classic program start is a CLA CLL combination, clearing both the accumulator and the link bit (in 6502 terms, think of the carry bit).
What does this mean in practical terms? As the Intersil processor (I do not know much about this one) is rather late in the PDP-8 evolution, memory could be mapped about anywhere, if there is a memory extension controller unit with virtualization. We really should know more about the configuration to draw any conclusions. Also, as there is no stack, there is no requirement for any typical initialization. You just set up registers as required (and you probably want to clear AC and the Link.)
Oh, I made a mistake. I forgot to byte merge the ROMs. I had just merged them, so ROM 5 after ROM 1.
As it’s unlikely that pair 2-6 is at the beginning, I now made a file with 1-5, 2-6, 3-7 and 4-8. (Wrong) strings are now aligned in columns what is the proper way. Pair 4-8 has now one large empty bytes section which is in the file at 6000-6200 what is exactly just page 30 (octal). That might be a (partial) RAM section. As that is 128 words.
I have 3 RAM chips with 256 words each. The standard external RAM cartridge (for saving the dedicated codes) has 256 words. There are no expansions/external Intersil ICs found.
The file has some good looking data patterns but needs more investigation. Not sure if this is exactly the right combination, pairs or bytes could be flipped or bit reversed etc. The file starting like this (many 2340, at 10 is the auto-index reg0), 2340 also appears in the single ROM.
0000 - 2340 7560 3073 7730 0331 2340 0724 1552
0010 - 2340 4662 2340 6355 1221 0411 1077 3052
0020 - 0711 4076 3052 1321 7152 1211 5076 1157
0030 - 2340 2561 4556 2340 7560 0373 7730 6612
0040 - 0331 0613 0031 2340 0724 1552 2340 5262
0050 - 2340 5062 3211 3600 4076 6552 2573 3201
d8tape (D=data, C=constants, L=labels, somehow subroutines are not correctly shown)
D0000, 2340 / ISZ D0140
D0001, 7560 / SMA SZA SNL
C0002,
C0002, 3073 / DCA L0073
L0003,
C0003, 7730 / SPA SZL CLA
D0004, 0331 / AND L0131
D0005, 2340 / ISZ D0140
L0006,
C0006, 0724 / AND I C0124
D0007, 1552 / TAD I D0152
AI0, 2340 / AUTO-INDEX REGISTER ISZ D0140
L0011,
AI1, 4662 / AUTO-INDEX REGISTER JMS I L0062
L0012,
AI2, 2340 / AUTO-INDEX REGISTER ISZ D0140
L0013,
AI3, 6355 / AUTO-INDEX REGISTER 6355
AI4, 1221 / AUTO-INDEX REGISTER TAD D0021
AI5, 0411 / AUTO-INDEX REGISTER AND I L1
AI6, 1077 / AUTO-INDEX REGISTER TAD L0077
DCA L0052 / @@0017=3052
C0020, 0711 / AND I L0111
I searched for strings but without much success.
Disassembly and trace run on emulators gave some hints, but I haven’t checked all data sections.
Starting at 200 is not plausible to me. Starting with an unknown IOT 6312.
Starting at 600 looking like this, note again the 2340. DF32 is originally a hard disk.
[0600] IRQ,DLY,IE=0,1,0 L/AC:0/0000 MQ:0000 IR:0000 AND 0000 ;AND operand with AC, ZP 0000
[0601] IRQ,DLY,IE=0,1,0 L/AC:0/0000 MQ:0000 IR:0020 AND 0020 ;AND operand with AC, ZP 0020
[0602] IRQ,DLY,IE=0,1,0 L/AC:0/0000 MQ:0000 IR:0311 AND @@11 ;AND operand with AC, Current page @@11
[0603] IRQ,DLY,IE=0,1,0 L/AC:0/0000 MQ:0000 IR:5430 JMP I 0030 ;Jump Indexed ZP 0030
[2340] IRQ,DLY,IE=0,0,0 L/AC:0/0000 MQ:0000 IR:0670 AND I @@70 ;AND operand with AC, Indexed Current page @@70
[2341] IRQ,DLY,IE=0,0,0 L/AC:0/0000 MQ:0000 IR:5230 JMP @@30 ;Jump Current page @@30
[2230] IRQ,DLY,IE=0,0,0 L/AC:0/0000 MQ:0000 IR:0552 AND I 0152 ;AND operand with AC, Indexed ZP 0152
[2231] IRQ,DLY,IE=0,0,0 L/AC:0/0000 MQ:0000 IR:0411 AND I 0011 ;AND operand with AC, Indexed ZP 0011 [Auto pre-inc]
[2232] IRQ,DLY,IE=0,0,0 L/AC:0/0000 MQ:0000 IR:3731 DCA I @@31 ;Deposit AC to memory then clear AC, Indexed Current page @@31
[2233] IRQ,DLY,IE=0,0,0 L/AC:0/0000 MQ:0000 IR:0652 AND I @@52 ;AND operand with AC, Indexed Current page @@52
[2234] IRQ,DLY,IE=0,0,0 L/AC:0/0000 MQ:0000 IR:6611 DCEA ;DF32-D: Clear Disk Extended Address Register
[2235] IRQ,DLY,IE=0,0,0 L/AC:0/0000 MQ:0000 IR:3252 DCA @@52 ;Deposit AC to memory then clear AC, Current page @@52
[2236] IRQ,DLY,IE=0,0,0 L/AC:0/0000 MQ:0000 IR:6711 RWCR ;TM8-E: Read Word Count Register
[2237] IRQ,DLY,IE=0,0,0 L/AC:0/0000 MQ:0000 IR:3252 DCA @@52 ;Deposit AC to memory then clear AC, Current page @@52
[2240] IRQ,DLY,IE=0,0,0 L/AC:0/0000 MQ:0000 IR:6511 ;
[2241] IRQ,DLY,IE=0,0,0 L/AC:0/0000 MQ:0000 IR:1753 TAD I @@53 ;Add operand to AC, Indexed Current page @@53
[2242] IRQ,DLY,IE=0,0,0 L/AC:0/7630 MQ:0000 IR:3073 DCA 0073 ;Deposit AC to memory then clear AC, ZP 0073
Starting at 0 or 6 I got (6 at 6) a short loop
[0000] IRQ,DLY,IE=0,1,0 L/AC:0/0000 MQ:0000 IR:2340 ISZ @@40 ;Increment operand and skip if zero, Current page @@40
[0001] IRQ,DLY,IE=0,1,0 L/AC:0/0000 MQ:0000 IR:7560 SMA SZA SNL;Skip on AC <= 0 or L <> 0
[0003] IRQ,DLY,IE=0,1,0 L/AC:0/0000 MQ:0000 IR:7730 SPA SZL CLA;Skip on AC >= 0 and L = 0, Clear AC
[0005] IRQ,DLY,IE=0,1,0 L/AC:0/0000 MQ:0000 IR:2340 ISZ @@40 ;Increment operand and skip if zero, Current page @@40
[0006] IRQ,DLY,IE=0,1,0 L/AC:0/0000 MQ:0000 IR:0724 AND I @@24 ;AND operand with AC, Indexed Current page @@24
[0007] IRQ,DLY,IE=0,1,0 L/AC:0/0000 MQ:0000 IR:1552 TAD I 0152 ;Add operand to AC, Indexed ZP 0152
[0010] IRQ,DLY,IE=0,1,0 L/AC:0/0074 MQ:0000 IR:2340 ISZ @@40 ;Increment operand and skip if zero, Current page @@40
[0011] IRQ,DLY,IE=0,1,0 L/AC:0/0074 MQ:0000 IR:4662 JMS I @@62 ;Jump to subroutine Indexed Current page @@62
[5040] IRQ,DLY,IE=0,0,0 L/AC:0/0074 MQ:0000 IR:4477 JMS I 0077 ;Jump to subroutine Indexed ZP 0077
[1232] IRQ,DLY,IE=0,0,0 L/AC:0/0074 MQ:0000 IR:4305 JMS @@05 ;Jump to subroutine Current page @@05
[1306] IRQ,DLY,IE=0,0,0 L/AC:0/0074 MQ:0000 IR:6603 DMAR ;DF32-D: Load Disk Memory Address Register and Read
[1307] IRQ,DLY,IE=0,0,0 L/AC:0/0074 MQ:0000 IR:3111 DCA 0111 ;Deposit AC to memory then clear AC, ZP 0111
[1310] IRQ,DLY,IE=0,0,0 L/AC:0/0000 MQ:0000 IR:3564 DCA I 0164 ;Deposit AC to memory then clear AC, Indexed ZP 0164
[1311] IRQ,DLY,IE=0,0,0 L/AC:0/0000 MQ:0000 IR:7013 ;
[1312] IRQ,DLY,IE=0,0,0 L/AC:0/4000 MQ:0000 IR:1464 TAD I 0064 ;Add operand to AC, Indexed ZP 0064
[1313] IRQ,DLY,IE=0,0,0 L/AC:1/0711 MQ:0000 IR:5011 JMP 0011 ;Jump ZP 0011
[0011] IRQ,DLY,IE=0,0,0 L/AC:1/0711 MQ:0000 IR:4662 JMS I @@62 ;Jump to subroutine Indexed Current page @@62
[5040] IRQ,DLY,IE=0,0,0 L/AC:1/0711 MQ:0000 IR:4477 JMS I 0077 ;Jump to subroutine Indexed ZP 0077
Interesting - are they 256x4, so we get 256 words of 12 bit each when combined?
(I just tweaked your markup, to add “text” to the code snippets, to turn off the unhelpful automatic syntax highlighting)
TC5501P 256 words x 4bit.
Ah, that’s why there are 3. 3x4=12 bits.
I found some few more memory locations from the PLC most notably the error stack, but that doesn’t help for my device. But I also have error handling.
External i/o cards from the PLC are between 4000 and 7777. That also matches an instruction. But my device has its own locations like the LCD display.
But interestingly some error codes of my device and the PLC are similar often just add +100.
Both the PLC and my device can be expanded. I have a dip switch. And there are dip switches on the RAM cartridges to use more than one, up to 4 (but that only in the rack).
Validity check (“C(y)” = “contents of mem. addr. y”):
ISZ D0140 … index (increment) C(0140) and skip on positive (incl. zero) C(0140)
SMA SZA SNL… skip on minus AC (sign-bit set), zero AC, or Link not null.
→ Hum, we skip on positive C(0140), but we also do not skip, just to skip again? Also, if we did not skip on ISZ before, AC must be negative at this point and the other conditions are just decorative.
DCA L0073 … deposit and clear AC (we get there only, if D0140 was zero or positive – ???)
SPA SZL CLA … skip on AC positive, skip on zero Link, and clear AC
Mind that CLA is not in the same group as the skip instructions – is this a disassembly error?
AND L0131 … AND this with C(0131) –> mind that AC is set to zero (by CLA or DCA), if we end up here, so this will result in zero…
I’m not convinced…
(But it could be all data, anyway.)
Edit: Oops, AC is not modified by ISZ on the PDP-8 (I always confuse with the PDP-1, which keeps the result of an increment in AC), as is the Link.
However, even with this put into consideration, I’m not convinced that this should be part of a sensible program.
I’m not a PDP-8 expert, but to me that makes sense.
I don’t think that 7730 is a disassembly error. It’s just one of the combined opcodes. All emulators and tools have it that way. What do you mean with the validy check?
I still have to check WINEIGHT (incl 6120 mode) and the Mac emu. And other ROM combinations. (But there are few plausible ones).
I’m also not sure about the vector at 7777. I was pretty sure, that the IRQ reset vector is at 0 (7777+1). But here 2340 is also at the auto-index registers and so a vector anyway (if the file is correct).
Some emulators lagging one word and obviously printing the disassembly after execution. Sometimes the PC (program counter) is lagging especially when having undocumented 6xxx IOTs or combined or unimplemented opcodes 7xxx.
Usually emulators overriding unknown instructions. The beginning words are usually pointers.
ISZ D0140 (d8tape) D0140 means page 40 as shown on the trace run (pdp8emu).
2340 ISZ @@40 ;Increment operand and skip if zero, Current page @@40.
So I think that could happen:
Page 40 (-1=3F) is the end of the final page (=7777).
It reads the end of the ROM backwards until it finds 0000, that is right before page 36. So it reads pages 36+37 (256 words, 7400-7777) copying to “harddisk” probably RAM.
The emulator missing the hardware would have an end endless loop. So I have to manually set L=0 and set PC to 12 to continue.
Then there are 2x64 (dec) words read from pages 21+11 and copied to page 31(-1) what is exactly the empty bytes section. And the amount of 128 words is also correct.
The memory contents are not written, I have to check on other emulators.
I have to again continue manually at PC 112.
Later there are reads from pages 56+11 also to page 31.
Then I’m stuck. There are 2 IOTs. Then continue at 114 but I always end up in that loop.
That’s quite promising! Finding a bit of very plausible code is useful as it says the ROM decode is good. If the pdp-8 has absolute jumps or calls then perhaps you can find code which calls this code. Or, in any case, look at the code which precedes that code.
The PDP8 has conditional and unconditional jumps. But this is at the beginning and there are always jumps/resets to 0 or to the auto-index registers.
d8tape can show code and data sections and subroutines but that often don’t work properly although 2 passes.
Btw the 23 40 on the single ROM are 2 hex values. Maybe a coincidence.
It’s all very time consuming. Later code segments would also be of interest. Most is probably data anyway.
I’m not sure if my assumptions and the ROM combination is correct. But indeed some locations and length are plausible.
You are right: There are actually two CLA instructions! Once in the operate group (07200), which is the one I expected, and once in the skip group (07600), which is the one in question, to be combined with any skip instructions.
(These are the PDP-8 oddities: it may be just a 3-bit instruction set, yet, there are two opcodes for the same instruction… I totally forgot about this. Sorry for the false alarm!)
Regarding the the “validity check”: does it makes sense as a program, would we have coded it that way? While it may be executable, I still think it’s an odd way to implement things.
(E.g., I’d typically expect a jump instruction after ISZ, in order to form a count-up loop, maybe a NOP to use it as a normal increment, regardless of the incremented value, but not another skip, skipping to yet another conditional skip. Even if we do not care about the potential skip in ISZ, this seems to be quite error-prone and difficult to maintain. — As far as I can see, we increment D0140, then, if either D0140 is now zero, or AC contains a positive value and there was no overflow, we deposit AC in L0073, by this also clearing AC. Otherwise, we’re AND-ing AC, after resetting it, with L0131? Notably, the two skip instructions match complementary, but, still, I can’t see what the AND instruction is for, since AC — as I understand it — will be set to zero before this, by CLA. It’s really this CLA in that combined instruction, which makes me question the code…)
Weird code might be clever code, but I agree that it’s too early to say that this ROM combination is correct. 2 or 3 values could be coincidence. I will check some other combinations first.
Emu WINEIGHT obviously has a bug. The first jump instruction is already wrong (both 6120 and PDP8 mode). Not sure why (extended memory)? The MAC OS9 Emu is of course better. I don’t have Mac OS 10. For the first time I encountered a memory window, I think by MAC tab Window. It’s often greyed out but it will pop up with the CPU window. Although GUI, I never liked this emu under MacOS9 emu under WIN. No fullscreen, unless I change the WIN resolution.
There’s even a 6 bit “ASCII”, 8 bit and OS8 8 bit conversion shown of 4 words, so very good searching for strings. Window is fixed in width.
I even had values after 7777, but probably remains from an earlier papertape I’ve tried.
My device has an internal RAM check. That is probably the very first thing happening after power-up. I think there’s no ROM check.
Most functions have to be initiated by the user via keys, so it’s unclear what other things are happening without pressing keys. There’s just a dot on the LCD. And there’s a regularly communication with the PLC, so my device has to check if one is attached (and sending signals). Not sure how this is done. And maybe also check if a cartridge is present and the dip switches of that and its own.
If this code is correct, I have to emulate the hard disk acting as RAM. Maybe SIMH is better, but I first try other ROM combinations.
Check the Intersil docs, I think they may of had a few changes vs the PDP8/e. I know I/O may not be exactly the same. I think stack opertations were added (io device) on the later
version on the chip. Remenber too the Intersil chip does the front panel as hardware trap.
Ben.
Yes, thanks, the Intersil is a bit different. There are 6 600x IOT opcodes. But none of my recent ROM combinations have any of those near the beginning of a run. Some more special opcodes are in the source of bindump (6120 tools). This Control panel service routine is interesting. It’s (starting) at 7777 of the ROM. Maybe only for memory larger than 4K.
So at 7777 must be 6000. The PC is stored at 0000 of the “panel memory”.
At 7777 I have 0006 (pair 4-8). Would be 6000 when bit reversed! Maybe that’s the reason for bit reversal of the 6120. I will check this. There are some more Intersil specials like extended memory, octal debugging tool etc but I don’t have any of these Intersil ICs.
The Mac emulator replaces the word at 7777 with 5370 (JMP 7770). I don’t know why. With empty bytes at the end this is wrong. Maybe with relocation or if the empty sections are replaced.
I’ve tested some more ROM combinations. Only few are plausible, not mixing with the empty bytes. All codes when starting at 0. 200 or vector 7777 make less sense. Still no strings.
5-1, 6-2, 7-3, 8-4. (7777: 0600) swapped ROM in pairs, previously pairs were 1-5, 2-6, 3-7, 4-8. 2340->4023. Also quite plausible. At least all not running into the auto-index. All end up in full loops shown.
[0000] IRQ,DLY,IE=0,1,0 L/AC:0/0000 MQ:0000 IR:4023 JMS 0023 ;Jump to subroutine ZP 0023
[0024] IRQ,DLY,IE=0,0,0 L/AC:0/0000 MQ:0000 IR:5271 JMP @@71 ;Jump Current page @@71
[0071] IRQ,DLY,IE=0,0,0 L/AC:0/0000 MQ:0000 IR:1077 TAD 0077 ;Add operand to AC, ZP 0077
[0072] IRQ,DLY,IE=0,0,0 L/AC:0/3112 MQ:0000 IR:7650 SNA CLA ;Skip on AC <> 0, Clear AC
[0074] IRQ,DLY,IE=0,0,0 L/AC:0/0000 MQ:0000 IR:5235 JMP @@35 ;Jump Current page @@35
[0035] IRQ,DLY,IE=0,0,0 L/AC:0/0000 MQ:0000 IR:7303 CLL CLA IAC BSW;Clear L, set AC to 0100
[0036] IRQ,DLY,IE=0,0,0 L/AC:0/0100 MQ:0000 IR:3077 DCA 0077 ;Deposit AC to memory then clear AC, ZP 0077
[0037] IRQ,DLY,IE=0,0,0 L/AC:0/0000 MQ:0000 IR:1266 TAD @@66 ;Add operand to AC, Current page @@66
[0040] IRQ,DLY,IE=0,0,0 L/AC:0/0005 MQ:0000 IR:3103 DCA 0103 ;Deposit AC to memory then clear AC, ZP 0103
[0041] IRQ,DLY,IE=0,0,0 L/AC:0/0000 MQ:0000 IR:1306 TAD @@06 ;Add operand to AC, Current page @@06
[0042] IRQ,DLY,IE=0,0,0 L/AC:0/3360 MQ:0000 IR:3100 DCA 0100 ;Deposit AC to memory then clear AC, ZP 0100
[0043] IRQ,DLY,IE=0,0,0 L/AC:0/0000 MQ:0000 IR:4023 JMS 0023 ;Jump to subroutine ZP 0023
[0024] IRQ,DLY,IE=0,0,0 L/AC:0/0000 MQ:0000 IR:5271 JMP @@71 ;Jump Current page @@71
starting at 600 vector at 7777
[0600] IRQ,DLY,IE=0,1,0 L/AC:0/0000 MQ:0000 IR:0000 AND 0000 ;AND operand with AC, ZP 0000
[0601] IRQ,DLY,IE=0,1,0 L/AC:0/0000 MQ:0000 IR:2000 ISZ 0000 ;Increment operand and skip if zero, ZP 0000
[0602] IRQ,DLY,IE=0,1,0 L/AC:0/0000 MQ:0000 IR:1103 TAD 0103 ;Add operand to AC, ZP 0103
[0603] IRQ,DLY,IE=0,1,0 L/AC:0/0062 MQ:0000 IR:3054 DCA 0054 ;Deposit AC to memory then clear AC, ZP 0054
[0604] IRQ,DLY,IE=0,1,0 L/AC:0/0000 MQ:0000 IR:1104 TAD 0104 ;Add operand to AC, ZP 0104
[0605] IRQ,DLY,IE=0,1,0 L/AC:0/7770 MQ:0000 IR:3133 DCA 0133 ;Deposit AC to memory then clear AC, ZP 0133
[0606] IRQ,DLY,IE=0,1,0 L/AC:0/0000 MQ:0000 IR:1105 TAD 0105 ;Add operand to AC, ZP 0105
[0607] IRQ,DLY,IE=0,1,0 L/AC:0/5673 MQ:0000 IR:7650 SNA CLA ;Skip on AC <> 0, Clear AC
[0611] IRQ,DLY,IE=0,1,0 L/AC:0/0000 MQ:0000 IR:7327 STL CLA IAC RTL;Set L, Set AC to 0001, Rotate AC & L left twice
[0612] IRQ,DLY,IE=0,1,0 L/AC:0/0006 MQ:0000 IR:0103 AND 0103 ;AND operand with AC, ZP 0103
[0613] IRQ,DLY,IE=0,1,0 L/AC:0/0002 MQ:0000 IR:7650 SNA CLA ;Skip on AC <> 0, Clear AC
[0615] IRQ,DLY,IE=0,1,0 L/AC:0/0000 MQ:0000 IR:1310 TAD @@10 ;Add operand to AC, Current page @@10
[0616] IRQ,DLY,IE=0,1,0 L/AC:0/1000 MQ:0000 IR:3060 DCA 0060 ;Deposit AC to memory then clear AC, ZP 0060
[0617] IRQ,DLY,IE=0,1,0 L/AC:0/0000 MQ:0000 IR:1054 TAD 0054 ;Add operand to AC, ZP 0054
[0620] IRQ,DLY,IE=0,1,0 L/AC:0/0062 MQ:0000 IR:1304 TAD @@04 ;Add operand to AC, Current page @@04
[0621] IRQ,DLY,IE=0,1,0 L/AC:1/0053 MQ:0000 IR:7640 SZA CLA ;Skip on AC = 0, Clear AC
[0622] IRQ,DLY,IE=0,1,0 L/AC:1/0000 MQ:0000 IR:5263 JMP @@63 ;Jump Current page @@63
[0663] IRQ,DLY,IE=0,0,0 L/AC:1/0000 MQ:0000 IR:1133 TAD 0133 ;Add operand to AC, ZP 0133
[0664] IRQ,DLY,IE=0,0,0 L/AC:1/7770 MQ:0000 IR:7106 CLL RTL ;Clear L, Rotate AC & L left twice
[0665] IRQ,DLY,IE=0,0,0 L/AC:1/7741 MQ:0000 IR:7006 RTL ;Rotate AC & L left twice
[0666] IRQ,DLY,IE=0,0,0 L/AC:1/7607 MQ:0000 IR:0035 AND 0035 ;AND operand with AC, ZP 0035
[0667] IRQ,DLY,IE=0,0,0 L/AC:1/7203 MQ:0000 IR:3055 DCA 0055 ;Deposit AC to memory then clear AC, ZP 0055
[0670] IRQ,DLY,IE=0,0,0 L/AC:1/0000 MQ:0000 IR:1133 TAD 0133 ;Add operand to AC, ZP 0133
[0671] IRQ,DLY,IE=0,0,0 L/AC:1/7770 MQ:0000 IR:7002 BSW ;Byte Swap AC
[0672] IRQ,DLY,IE=0,0,0 L/AC:1/7077 MQ:0000 IR:7112 CLL RTR ;Clear L, Rotate AC & L right twice
[0673] IRQ,DLY,IE=0,0,0 L/AC:1/5617 MQ:0000 IR:7012 RTR ;Rotate AC & L right twice
[0674] IRQ,DLY,IE=0,0,0 L/AC:1/7343 MQ:0000 IR:7010 RAR ;Rotate AC & L right
[0675] IRQ,DLY,IE=0,0,0 L/AC:1/7561 MQ:0000 IR:0311 AND @@11 ;AND operand with AC, Current page @@11
[0676] IRQ,DLY,IE=0,0,0 L/AC:1/3560 MQ:0000 IR:7421 MQL ;Load MQ from AC then clear AC
[0677] IRQ,DLY,IE=0,0,0 L/AC:1/0000 MQ:3560 IR:1133 TAD 0133 ;Add operand to AC, ZP 0133
[0700] IRQ,DLY,IE=0,0,0 L/AC:1/7770 MQ:3560 IR:0035 AND 0035 ;AND operand with AC, ZP 0035
[0701] IRQ,DLY,IE=0,0,0 L/AC:1/7300 MQ:3560 IR:7501 MQA ;OR MQ with AC
[0702] IRQ,DLY,IE=0,0,0 L/AC:1/7760 MQ:3560 IR:3052 DCA 0052 ;Deposit AC to memory then clear AC, ZP 0052
[0703] IRQ,DLY,IE=0,0,0 L/AC:1/0000 MQ:3560 IR:5020 JMP 0020 ;Jump ZP 0020
[0020] IRQ,DLY,IE=0,0,0 L/AC:1/0000 MQ:3560 IR:1107 TAD 0107 ;Add operand to AC, ZP 0107
[0021] IRQ,DLY,IE=0,0,0 L/AC:1/5612 MQ:3560 IR:7640 SZA CLA ;Skip on AC = 0, Clear AC
[0022] IRQ,DLY,IE=0,0,0 L/AC:1/0000 MQ:3560 IR:5230 JMP @@30 ;Jump Current page @@30
[0030] IRQ,DLY,IE=0,0,0 L/AC:1/0000 MQ:3560 IR:4023 JMS 0023 ;Jump to subroutine ZP 0023
[0024] IRQ,DLY,IE=0,0,0 L/AC:1/0000 MQ:3560 IR:5271 JMP @@71 ;Jump Current page @@71
[0071] IRQ,DLY,IE=0,0,0 L/AC:1/0000 MQ:3560 IR:1077 TAD 0077 ;Add operand to AC, ZP 0077
[0072] IRQ,DLY,IE=0,0,0 L/AC:1/3112 MQ:3560 IR:7650 SNA CLA ;Skip on AC <> 0, Clear AC
[0074] IRQ,DLY,IE=0,0,0 L/AC:1/0000 MQ:3560 IR:5235 JMP @@35 ;Jump Current page @@35
[0035] IRQ,DLY,IE=0,0,0 L/AC:1/0000 MQ:3560 IR:7303 CLL CLA IAC BSW;Clear L, set AC to 0100
[0036] IRQ,DLY,IE=0,0,0 L/AC:0/0100 MQ:3560 IR:3077 DCA 0077 ;Deposit AC to memory then clear AC, ZP 0077
[0037] IRQ,DLY,IE=0,0,0 L/AC:0/0000 MQ:3560 IR:1266 TAD @@66 ;Add operand to AC, Current page @@66
[0040] IRQ,DLY,IE=0,0,0 L/AC:0/0005 MQ:3560 IR:3103 DCA 0103 ;Deposit AC to memory then clear AC, ZP 0103
[0041] IRQ,DLY,IE=0,0,0 L/AC:0/0000 MQ:3560 IR:1306 TAD @@06 ;Add operand to AC, Current page @@06
[0042] IRQ,DLY,IE=0,0,0 L/AC:0/3360 MQ:3560 IR:3100 DCA 0100 ;Deposit AC to memory then clear AC, ZP 0100
[0043] IRQ,DLY,IE=0,0,0 L/AC:0/0000 MQ:3560 IR:4023 JMS 0023 ;Jump to subroutine ZP 0023
[0024] IRQ,DLY,IE=0,0,0 L/AC:0/0000 MQ:3560 IR:5271 JMP @@71 ;Jump Current page @@71
[0071] IRQ,DLY,IE=0,0,0 L/AC:0/0000 MQ:3560 IR:1077 TAD 0077 ;Add operand to AC, ZP 0077
Having empty bytes at the beginning is very unlikely but having these at the end is better (although not having a vector then at 7777). 4-8, 3-7, 2-6, 1-5 has no plausible code.
(4-8, 3-7, 2-6, 1-5 (words reversed, empty bytes at end), HLT and illegal opcode 7755, looks more like data than opcodes.)
8-4, 7-3, 6-2, 5-1 (words reversed), undocumented IOT 6230. 6230, 6130, 6030 5230, 1130 are more likely data.
[0000] IRQ,DLY,IE=0,1,0 L/AC:0/0000 MQ:0000 IR:7657 CLA SAM ;Clear AC, Subtract AC from MQ
[0001] IRQ,DLY,IE=0,1,0 L/AC:0/0000 MQ:0000 IR:0004 AND 0004 ;AND operand with AC, ZP 0004
[0002] IRQ,DLY,IE=0,1,0 L/AC:0/0000 MQ:0000 IR:7435 MQL ASR ;Arithmetic shift right
[0003] IRQ,DLY,IE=0,1,0 L/AC:0/0000 MQ:0000 IR:2050 ISZ 0050 ;Increment operand and skip if zero, ZP 0050
[0004] IRQ,DLY,IE=0,1,0 L/AC:0/0000 MQ:0000 IR:6230 ;
[0005] IRQ,DLY,IE=0,1,0 L/AC:0/0000 MQ:0000 IR:6130 CLZE ;DK8-EC: Clear Clock Enable Register per AC
[0006] IRQ,DLY,IE=0,1,0 L/AC:0/0000 MQ:0000 IR:6030 KCF ;KL8-E: Clear Keyboard Flag
[0007] IRQ,DLY,IE=0,1,0 L/AC:0/0000 MQ:0000 IR:5230 JMP @@30 ;Jump Current page @@30
[0030] IRQ,DLY,IE=0,0,0 L/AC:0/0000 MQ:0000 IR:1130 TAD 0130 ;Add operand to AC, ZP 0130
[0031] IRQ,DLY,IE=0,0,0 L/AC:0/3111 MQ:0000 IR:1014 TAD 0014 ;Add operand to AC, ZP 0014
[0032] IRQ,DLY,IE=0,0,0 L/AC:0/4125 MQ:0000 IR:1030 TAD 0030 ;Add operand to AC, ZP 0030
[0033] IRQ,DLY,IE=0,0,0 L/AC:0/5255 MQ:0000 IR:1714 TAD I @@14 ;Add operand to AC, Indexed Current page @@14
[0034] IRQ,DLY,IE=0,0,0 L/AC:1/3616 MQ:0000 IR:2050 ISZ 0050 ;Increment operand and skip if zero, ZP 0050
[0035] IRQ,DLY,IE=0,0,0 L/AC:1/3616 MQ:0000 IR:3753 DCA I @@53 ;Deposit AC to memory then clear AC, Indexed Current page @@53
[0036] IRQ,DLY,IE=0,0,0 L/AC:1/0000 MQ:0000 IR:1320 TAD @@20 ;Add operand to AC, Current page @@20
[0037] IRQ,DLY,IE=0,0,0 L/AC:1/4170 MQ:0000 IR:1134 TAD 0134 ;Add operand to AC, ZP 0134
[0040] IRQ,DLY,IE=0,0,0 L/AC:0/2601 MQ:0000 IR:1014 TAD 0014 ;Add operand to AC, ZP 0014
[0041] IRQ,DLY,IE=0,0,0 L/AC:0/3615 MQ:0000 IR:1330 TAD @@30 ;Add operand to AC, Current page @@30
[0042] IRQ,DLY,IE=0,0,0 L/AC:0/6726 MQ:0000 IR:1714 TAD I @@14 ;Add operand to AC, Indexed Current page @@14
[0043] IRQ,DLY,IE=0,0,0 L/AC:1/5267 MQ:0000 IR:1130 TAD 0130 ;Add operand to AC, ZP 0130
[0044] IRQ,DLY,IE=0,0,0 L/AC:0/0400 MQ:0000 IR:1714 TAD I @@14 ;Add operand to AC, Indexed Current page @@14
[0045] IRQ,DLY,IE=0,0,0 L/AC:0/6741 MQ:0000 IR:1030 TAD 0030 ;Add operand to AC, ZP 0030
[0046] IRQ,DLY,IE=0,0,0 L/AC:1/0071 MQ:0000 IR:1714 TAD I @@14 ;Add operand to AC, Indexed Current page @@14
[0047] IRQ,DLY,IE=0,0,0 L/AC:1/6432 MQ:0000 IR:7707 ACL DVI ;Load MQ into AC, Divide
[0050] IRQ,DLY,IE=0,0,0 L/AC:1/0000 MQ:0000 IR:0110 AND 0110 ;AND operand with AC, ZP 0110
[0051] IRQ,DLY,IE=0,0,0 L/AC:1/0000 MQ:0000 IR:4777 JMS I @@77 ;Jump to subroutine Indexed Current page @@77
[2714] IRQ,DLY,IE=0,0,0 L/AC:1/0000 MQ:0000 IR:1077 TAD 0077 ;Add operand to AC, ZP 0077
[2715] IRQ,DLY,IE=0,0,0 L/AC:1/3430 MQ:0000 IR:5512 JMP I 0112 ;Jump Indexed ZP 0112
[3111] IRQ,DLY,IE=0,0,0 L/AC:1/3430 MQ:0000 IR:4076 JMS 0076 ;Jump to subroutine ZP 0076
[0077] IRQ,DLY,IE=0,0,0 L/AC:1/3430 MQ:0000 IR:3430 DCA I 0030 ;Deposit AC to memory then clear AC, Indexed ZP 0030
[0100] IRQ,DLY,IE=0,0,0 L/AC:1/0000 MQ:0000 IR:3013 DCA 0013 ;Deposit AC to memory then clear AC, ZP 0013
[0101] IRQ,DLY,IE=0,0,0 L/AC:1/0000 MQ:0000 IR:5531 JMP I 0131 ;Jump Indexed ZP 0131
[0753] IRQ,DLY,IE=0,0,0 L/AC:1/0000 MQ:0000 IR:3154 DCA 0154 ;Deposit AC to memory then clear AC, ZP 0154
[0754] IRQ,DLY,IE=0,0,0 L/AC:1/0000 MQ:0000 IR:4630 JMS I @@30 ;Jump to subroutine Indexed Current page @@30
[1051] IRQ,DLY,IE=0,0,0 L/AC:1/0000 MQ:0000 IR:3211 DCA @@11 ;Deposit AC to memory then clear AC, Current page @@11
[1052] IRQ,DLY,IE=0,0,0 L/AC:1/0000 MQ:0000 IR:3753 DCA I @@53 ;Deposit AC to memory then clear AC, Indexed Current page @@53
I feel this was quite useful to anyone following along, because they are raw bytes and anyone can try reordering bits or bytes or grouping in various ways.
Maybe if you could do the same again, but share 16 bytes from the end of each ROM, and then 16 bytes from the beginning of each?
1 top line 0000, bottom 03f0
13 3D 18 3F 03 13 07 0D 13 26 13 33 0A 04 08 18
05 3D 08 08 2C 2C 2D 08 2A 30 31 32 10 3C 00 3E
2
26 00 26 00 1E 00 0A 00 02 00 12 00 02 00 08 00
3D 30 1D 03 38 20 2D 2E 3A 38 04 28 3E 3F 2E 29
3
24 16 08 3C 3C 15 15 13 22 16 03 16 12 1C 1C 3C
2F 00 31 07 28 28 28 28 28 28 1E 2C 3D 1E 3B 10
4
FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF
0F 01 03 0F 11 01 1C 04 3C 1B 0B 0F 03 24 35 00
5
20 30 3B 18 19 20 14 2A 20 32 20 2D 11 09 3F 2A
3B 0B 18 0C 18 08 18 0C 18 18 18 18 28 1D 04 2F
6
1C 04 0A 04 18 0A 26 28 18 08 1A 2C 1A 08 1A 34
1B 1A 08 01 0B 3E 2B 2F 3F 00 09 3E 2F 2F 1C 1E
7
3B 09 3F 0B 0B 01 19 20 33 09 19 09 0B 19 0D 18
1D 22 1D 14 0B 0B 0B 0B 0B 0B 19 0B 21 11 2B 28
8
FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF
10 3B 01 0C 3C 3D 34 09 2F 09 19 20 3A 3F 07 06
There are dozens of plausible combinations. I had almost checked them all.
How likely is it to have ROM 2 at the beginning? If so then 2-1. Same for ROM 3.
It’s not even known for sure if there are 4 pairs. First I made no pairs, then 2 then 4.
I have now also checked splitted ROMs, so 8 pairs, so one pair within each ROM. No plausible code (on 1-8).
Bit reversal gave other results than hoped. 00 06 although same in HEX and octal didn’t result in 6000 octal.
I now have to assume that I’ve just got 2 bad dumps.
The main PLC has 4 pairs. The first pair share the year at 1776. So pair one is obviously 1-2. The rest 3-4, 5-6, 7-8.
On my device I have empty bytes at the beginning of ROM 4, so already at the beginning of pair 2 (2000-2177).
This is the beginning run of that combination. Note that at 0 is vector 2346 wich is refferred at 11 (auto-index) and then continues at 2347.
But soon it runs into the empty section. This time I haven’t put there NOPs but only changed the 2nd half of the word (FF) to 00, so I know at least what kind of instruction I have.
So it’s probably (almost) impossible to reconstruct a proper run without knowing the right instructions there.
At 7777 is 5006. Has a jump to 0 after the 4th instruction. starting at 5005 would seem a plausible start, but also jumps to 0.
Maybe I can find data or some code in later ROMs with the help of d8tape.
[5005] IRQ,DLY,IE=0,1,0 L/AC:0/0000 MQ:0000 IR:7352 CLL CLA CMA RTR;Clear L, Set AC to 7777, rotate AC & L right twice
[5006] IRQ,DLY,IE=0,1,0 L/AC:1/5777 MQ:0000 IR:3105 DCA 0105 ;Deposit AC to memory then clear AC, ZP 0105
[5007] IRQ,DLY,IE=0,1,0 L/AC:1/0000 MQ:0000 IR:5050 JMP 0050 ;Jump ZP 0050
[0050] IRQ,DLY,IE=0,0,0 L/AC:1/0000 MQ:0000 IR:2312 ISZ @@12 ;Increment operand and skip if zero, Current page @@12
[0051] IRQ,DLY,IE=0,0,0 L/AC:1/0000 MQ:0000 IR:5000 JMP 0000 ;Jump ZP 0000
[0000] IRQ,DLY,IE=0,1,0 L/AC:0/0000 MQ:0000 IR:2346 ISZ @@46 ;Increment operand and skip if zero, Current page @@46
[0001] IRQ,DLY,IE=0,1,0 L/AC:0/0000 MQ:0000 IR:7500 SMA ;Skip on AC < 0
[0002] IRQ,DLY,IE=0,1,0 L/AC:0/0000 MQ:0000 IR:3046 DCA 0046 ;Deposit AC to memory then clear AC, ZP 0046
[0003] IRQ,DLY,IE=0,1,0 L/AC:0/0000 MQ:0000 IR:7700 SMA CLA ;Skip on AC < 0, Clear AC
[0004] IRQ,DLY,IE=0,1,0 L/AC:0/0000 MQ:0000 IR:0336 AND @@36 ;AND operand with AC, Current page @@36
[0005] IRQ,DLY,IE=0,1,0 L/AC:0/0000 MQ:0000 IR:2300 ISZ @@00 ;Increment operand and skip if zero, Current page @@00
[0006] IRQ,DLY,IE=0,1,0 L/AC:0/0000 MQ:0000 IR:0712 AND I @@12 ;AND operand with AC, Indexed Current page @@12
[0007] IRQ,DLY,IE=0,1,0 L/AC:0/0000 MQ:0000 IR:1500 TAD I 0100 ;Add operand to AC, Indexed ZP 0100
[0010] IRQ,DLY,IE=0,1,0 L/AC:0/1150 MQ:0000 IR:2302 ISZ @@02 ;Increment operand and skip if zero, Current page @@02
[0011] IRQ,DLY,IE=0,1,0 L/AC:0/1150 MQ:0000 IR:4600 JMS I @@00 ;Jump to subroutine Indexed Current page @@00
[2347] IRQ,DLY,IE=0,0,0 L/AC:0/1150 MQ:0000 IR:0640 AND I @@40 ;AND operand with AC, Indexed Current page @@40
[2350] IRQ,DLY,IE=0,0,0 L/AC:0/0110 MQ:0000 IR:0665 AND I @@65 ;AND operand with AC, Indexed Current page @@65
[2351] IRQ,DLY,IE=0,0,0 L/AC:0/0000 MQ:0000 IR:0320 AND @@20 ;AND operand with AC, Current page @@20
[2352] IRQ,DLY,IE=0,0,0 L/AC:0/0000 MQ:0000 IR:1070 TAD 0070 ;Add operand to AC, ZP 0070
[2353] IRQ,DLY,IE=0,0,0 L/AC:0/1440 MQ:0000 IR:2075 ISZ 0075 ;Increment operand and skip if zero, ZP 0075
[2354] IRQ,DLY,IE=0,0,0 L/AC:0/1440 MQ:0000 IR:0357 AND @@57 ;AND operand with AC, Current page @@57
[2355] IRQ,DLY,IE=0,0,0 L/AC:0/0000 MQ:0000 IR:1700 TAD I @@00 ;Add operand to AC, Indexed Current page @@00
[2356] IRQ,DLY,IE=0,0,0 L/AC:0/7476 MQ:0000 IR:0442 AND I 0042 ;AND operand with AC, Indexed ZP 0042
[2357] IRQ,DLY,IE=0,0,0 L/AC:0/0036 MQ:0000 IR:2036 ISZ 0036 ;Increment operand and skip if zero, ZP 0036
[2360] IRQ,DLY,IE=0,0,0 L/AC:0/0036 MQ:0000 IR:2363 ISZ @@63 ;Increment operand and skip if zero, Current page @@63
[2361] IRQ,DLY,IE=0,0,0 L/AC:0/0036 MQ:0000 IR:7136 STL ;Set L
[2362] IRQ,DLY,IE=0,0,0 L/AC:1/2336 MQ:0000 IR:2423 ISZ I 0023 ;Increment operand and skip if zero, Indexed ZP 0023
[2363] IRQ,DLY,IE=0,0,0 L/AC:1/2336 MQ:0000 IR:2616 ISZ I @@16 ;Increment operand and skip if zero, Indexed Current page @@16
[2364] IRQ,DLY,IE=0,0,0 L/AC:1/2336 MQ:0000 IR:3421 DCA I 0021 ;Deposit AC to memory then clear AC, Indexed ZP 0021
[2365] IRQ,DLY,IE=0,0,0 L/AC:1/0000 MQ:0000 IR:1500 TAD I 0100 ;Add operand to AC, Indexed ZP 0100
[2366] IRQ,DLY,IE=0,0,0 L/AC:1/1150 MQ:0000 IR:1651 TAD I @@51 ;Add operand to AC, Indexed Current page @@51
[2367] IRQ,DLY,IE=0,0,0 L/AC:1/7536 MQ:0000 IR:1115 TAD 0115 ;Add operand to AC, ZP 0115
[2370] IRQ,DLY,IE=0,0,0 L/AC:0/6136 MQ:0000 IR:4740 JMS I @@40 ;Jump to subroutine Indexed Current page @@40
wrong instructions 26xx
[2001] IRQ,DLY,IE=0,0,0 L/AC:0/6136 MQ:0000 IR:2600 ISZ I @@00 ;Increment operand and skip if zero, Indexed Current page @@00
[2002] IRQ,DLY,IE=0,0,0 L/AC:0/6136 MQ:0000 IR:1000 TAD 0000 ;Add operand to AC, ZP 0000
[2003] IRQ,DLY,IE=0,0,0 L/AC:1/0504 MQ:0000 IR:7400 NOP ;No Operation
[2004] IRQ,DLY,IE=0,0,0 L/AC:1/0504 MQ:0000 IR:7400 NOP ;No Operation
[2005] IRQ,DLY,IE=0,0,0 L/AC:1/0504 MQ:0000 IR:2500 ISZ I 0100 ;Increment operand and skip if zero, Indexed ZP 0100
[2006] IRQ,DLY,IE=0,0,0 L/AC:1/0504 MQ:0000 IR:2500 ISZ I 0100 ;Increment operand and skip if zero, Indexed ZP 0100
[2007] IRQ,DLY,IE=0,0,0 L/AC:1/0504 MQ:0000 IR:2300 ISZ @@00 ;Increment operand and skip if zero, Current page @@00
[2010] IRQ,DLY,IE=0,0,0 L/AC:1/0504 MQ:0000 IR:4200 JMS @@00 ;Jump to subroutine Current page @@00
[2001] IRQ,DLY,IE=0,0,0 L/AC:1/0504 MQ:0000 IR:2600 ISZ I @@00 ;Increment operand and skip if zero, Indexed Current page @@00
loop
After a pause, I’ve started again reading my manuals.
The printouts /data exports are printed in 7 Bit ASCII with parity mark, (so bit 8 is always 1, LSB ?) Before that, an octal checksum is calculated, (at least) 6 digits, with preceding 4x0.
At the end of each line there’s an CR and LF. ASCII: 0D 0A. I’ve converted this to octal= 1512. I found this word (once) in my original, unpaired file (ROM 1-8). Before and after that are related control codes. All the printable characters (/D, /L /S) I previously found, stored in sixbit.
When importing data, someone can can add a title and comments after the /. That may not include a colon unless before a valid checksum.
The TTY can also print an U and I think one more single character when fixing code via TTY.
After the export to paper tape, there are 32 or 64 empty lines added and in slowest baud setting some more.
So again, my very first ROM combination might be right.
There are 2 tools from site so-much-stuff, I mentioned before, that can adding or removing the mark parity (2mark, 2asc). I tried them and hoped to maybe find the mnemonics, but no success. Maybe I have to convert with another tool before like 3to4, 4to3 or else.
The PDP-8 code is still very hard to read. There are many subroutines. And combined instructions. 6031 and 6032 (IOT teletype instructions are combined 6033 and I have 6133 what is obviously the same for another device). Emulating is also difficult (IRQ without having the hardware).
The printouts, I’ve mentioned here
I did some big progress.
I noticed that some values of some single ROM locations are overwritten in an emulator run.
I noticed this some time ago but only on one or 2 locations and thought that it’s a bug, one location was after 7777. I always wondered about the RAM mapping.
Neverless from where I start my ROM, I will soon run into address 6312 as it’s auto indexed at 15 (4523=JMS I 0123) and at 0123 there’s the 6311(+1).
I first noticed on the online emu that (next to the Mac emu) the MB/MD registers are shown (unlike the pdp8emu and Wineight) that when reaching 6374 (lags 1) there are values read into MB/MD starting with 2352 onwards step 1 (when starting from 2375). Same on the MacOs. 3 instruction later is an IRQ (6000) and the values are moved.
But the values differ when I start from 0. I first had values starting at 4041 downwards until 4026 or 4025. Then switching to 0025 down to 0002 then upwards, I checked until 0102.
On the pdp8emu I noticed that after one loop there are ROM values replaced only at following locations: 0, 13, 20, 23, 44, 77, 125, 146, 163, 173 and 175. I have mainly checked locations below 200.
Then I’ve checked these locations after every single step (starting from different adresses).
The value at 0 changed after 1 loop to 6401. That could be the return adress after the subroutine.
There are often jumps to a subroutine at 0, but there’s always +1 added, so it continues at 1 and 0 is free for a vector or else. And I still think the start vector is at 0 (7777+1).
It’s strange, especially as adress 13 is an auto index register and that would be changed directly when starting from most adresses.
Most values are just incremented, others only change once (as far as checking is possible). 0 just once. 13 once to 1160. 77 once from 6120 to 20. 173 once from 7477 to 4770.
Another aspect are the IOTs (in/out transfer) of the PDP-8 (instructions starting with 6) are already very difficult to understand.
There’s an incomplete list showing most of the 77 possible devices (digit 2+3) here
PiDP-8/I Software: IOT Device Assignments
but some are unknown and others are for costumer use (never used by DEC).
To make things worse, the Intersil 6100 has a completely different system. Except that the first digit/3 bits is 6. It can use priority vectored hardware IRQs. The 6120 is again different and can use up to 11 6121 ICs. The instructions are more like the PDP-8. The DecMate (6120) is also different, good source is the ROM diassembly.
Usually there’s at least one, but often at least 2 ICs (DIL 40). One is called PIE, eg 6101 (Parallel Interface Elements). That has 4 registers, most notably a vector register with 10+2 bits.
Another IC is a 6402/6403 UART mainly for Teletype. That can transfer 5, 6, 7 or 8 bits. (I think I had 8 or 7 +stop bit). Up to 31 PIEs can be daisy chained together.
I haven’t found any more 40 DILs on my Festo device, but it could be hidden somewhere, or sit on an additional card, or be implemented as discrete logics or as software.
At least I found instructions for both on my (unpaired) ROM like 6340, 6014 etc. The 6102 IC would have 6275 instead of 6014.
“Ordinary” IOT instructions are already not all implemented in emulators, but these 6100s IOTs definitely not. Not even on WINEIGHT. I have added many devices, most as printer outputs and used the device addresses that appear on my code, but there isn’t any output. Some devices are used as input like keys or TTY input. But after power up, there would only a transfer from ROM to RAM make sense. A RAM or ROM check would look different, same for CRC check. Would all check every location.
I think, I have to check all this with other, paired ROM combinations.