z80un2, source codes,dokumenty
[ Pobierz całość w formacie PDF ]
Z80 Undocumented Features (in software behaviour)=================================================By Sean Young (sean@msxnet.org)Version 0.3 October 1998This document describes all I know about undocumented features of the Z80.Almost everything is taken from other people's pages, so don't think thisall my own stuff. However, I think there is some new stuff here too; aboutinterrupts and flag affection and some other stuff.All information has a references to where I got it from. It's marked with[number], which refers to the references at the end of this document (5.3).For example, [5] indicates I've figured it out myself by experimenting.As you've probably noticed, I'm no (true) native English speaker. Anycomments, additions, about technical stuff or language is very welcome.You can always find the latest version of this document at:1) Undocumented Opcodes1.1) Prefixes in general1.2) CB Prefix1.3) DD Prefix1.4) FD Prefix1.5) ED Prefix1.6) DDCB Prefix1.7) FDCB Prefix1.8) Combinations of prefixes2) Undocumented Flag affection & operation2.1) Flag register bits2.2) All instructions that affect the flags2.2.1) 8 Bit arthmetic and logical2.2.2) 16 Bit arithmetic2.2.3) BIT instruction2.2.4) Other non-block instructions2.2.5) Memory block instructions2.2.6) I/O block instructions2.3) Undocumented operation2.3.1) DAA2.3.2) I/O Instructions2.3.3) Block instructions3) Interrupts and I register3.1) Non-maskable Interrupts (NMI)3.2) Maskable Interrupts (INT)3.4) Things affecting the IFFs3.5) HALT instruction3.6) Where can interrupts occur?4) Timing and R register4.1) R register and memory refresh4.2) Instruction timings5) Other information5.1) Power on defaults5.2) Errors in official documentation5.3) References and other resources1) Undocumented Opcodes [1]---------------------------There are quite a few undocumented opcodes/instructions to the Z80. Thissection should describe every possible opcode (so you know whatinstruction will be executed, whatever the combination of values is).Check out my Z80 Opcodes list for a complete list of all instructions.1.1) Prefixes in General [1]There are the following prefixes: CBh, EDh. DDh. FDh. DDCBh and FDCBh.Prefixes change the way the following opcodes are interpreted.All instructions without a prefix (without anything like the above beforeit) are documented in the official documentation.1.2) CB Prefix [1]An opcode with a CBh prefix is a rotate, shift or bit test/set/resetinstruction. There are a few instructions missing from the official list,which are usually denoted with SLL (Shift Logical Left). It works likeSLA, for one exception: it sets bit 0 (SLA resets it).CB30 SLL BCB31 SLL CCB32 SLL DCB33 SLL ECB34 SLL HCB35 SLL LCB36 SLL (HL)CB37 SLL A1.3) DD Prefix [1]In general, after a DD prefix the instruction is executed as if the DDweren't there. There are some exceptions:* Any access to HL is treated as an access to IX (except EX DE,HL and EXXand the ED prefixed instructions that use HL).* Any access to (HL) is changed to (IX+d), where d is a signed displacementbyte placed after the main opcode (except JP (HL), which isn't indirectanyways.* Any access to H is treated as an access to IXh (the high byte of IX)Except if (IX+d) is accessed.* Any access to L is treated as an access to IXl (the low byte of IX)Except if (IX+d) is accessed.* A DD prefix before a CB selects a completely different instructionset (see 1.5).So for some examples:Without DD prefix With DD prefixLD H,(HL) LD H,(IX+d)LD H,A LD IXh,ALD L,H LD IXl,IXhJP (HL) JP (IX)LD DE,0 LD DE,0LD HL,0 LD IX,0Note LD IXl,IYh is not possible: only IX or IY is accessed in one instruction.1.3) FD Prefix [1]This prefix has the same effect as the DD prefix, though IY is used instead of IX.1.4) ED Prefix [1]There are a number of undocumented EDxx instructions, of which most areduplicates of documented instructions. Any instruction not listed hasno effect (just like 2 NOP instructions).The complete list except for the block instructions: (* = undocumented)ED40 IN B,(C) ED60 IN H,(C)ED41 OUT (C),B ED61 OUT (C),HED42 SBC HL,BC ED62 SBC HL,HLED43 LD (nn),BC ED63 LD (nn),HLED44 NEG ED64 * NEGED45 RETN ED65 * RETNED46 IM 0 ED66 * IM 0ED47 LD I,A ED67 RRDED48 IN C,(C) ED68 IN L,(C)ED49 OUT (C),C ED69 OUT (C),LED4A ADC HL,BC ED6A ADC HL,HLED4B LD BC,(nn) ED6B LD HL,(nn)ED4C * NEG ED6C * NEGED4D RETI ED6D * RETNED4E * IM 0 ED6E * IM 0ED4F LD R,A ED6F RLDED50 IN D,(C) ED70 * IN (C) / IN F,(C)ED51 OUT (C),D ED71 * OUT (C),0ED52 SBC HL,DE ED72 SBC HL,SPED53 LD (nn),DE ED73 LD (nn),SPED54 * NEG ED74 * NEGED55 * RETN ED75 * RETNED56 IM 1 ED76 * IM 1ED57 LD A,I ED77 * NOPED58 IN E,(C) ED78 IN A,(C)ED59 OUT (C),E ED79 OUT (C),AED5A ADC HL,DE ED7A ADC HL,SPED5B LD DE,(nn) ED7B LD SP,(nn)ED5C * NEG ED7C * NEGED5D * RETN ED7D * RETNED5E IM 2 ED7E * IM 2ED5F LD A,R ED7F * NOPThe ED70 instruction reads from I/O port C, but does not store the result.It just affects the flags like the other IN x,(C) instruction. ED71 simplyouts the value 0 to I/O port C.The ED63 is a duplicate of the 22 instruction (LD (nn),HL) just like theED6B is a duplicate of the 2A instruction. Of course the timings aredifferent. These instructions are listed in the official documentation.According to Gerton Lunter (gerton@math.rug.nl):The instructions ED 4E and ED 6E are IM 0 equivalents: when FF was puton the bus (physically) at interrupt time, the Spectrum continued toexecute normally, whereas when an EF (RST #28) was put on the bus itcrashed, just as it does in that case when the Z80 is in the officialinterrupt mode 0. In IM 1 the Z80 just executes a RST #38 (opcode FF)no matter what is on the bus.[5] All the RETI/RETN instructions are the same, all like the RETNinstruction. So they all, including RETI, copy IFF2 to IFF1. More informationon RETI and RETN and IM x is in the part about Interrupts and I register (3).1.5) DDCB Prefixes [1][5]The undocumented DDCB instructions store the result (if any) of theoperation in one of the seven all-purpose registers, which one depends onthe lower 3 bits of the last byte of the opcode (not operand, so notthe offset).000 B001 C010 D011 E100 H101 L110 (none: documented opcode)111 AThe documented DDCB0106 is RLC (IX+01h). So, clear the lower three bits(DDCB0100) and something is done to register B. The result of the RLC(which is stored in (IX+01h)) is now also stored in register B. Effectively,it does the following:LD B,(IX+01h)RLC BLD (IX+01h),BSo you get double value for money. The result is stored in B and (IX+01h). Themost common notation is: RLC (IX+01h),BI've once seen this notation:RLC (IX+01h)LD B,(IX+01h)That's not correct: B contains the rotated value, even if (IX+01h) points toROM memory.The DDCB SET and RES instructions do the same thing as the shift/rotateinstructions:DDCB10C0 SET 0,(IX+10h),BDDCB10C1 SET 0,(IX+10h),CDDCB10C2 SET 0,(IX+10h),DDDCB10C3 SET 0,(IX+10h),EDDCB10C4 SET 0,(IX+10h),HDDCB10C5 SET 0,(IX+10h),LDDCB10C6 SET 0,(IX+10h)DDCB10C7 SET 0,(IX+10h),ASo the value of (IX+10h) with bit 0 set, is also stored in register A.The DDCB BIT instructions do not store any value; the merely test a bit.That's why the undocumented DDCB BIT instructions are no different fromthe official ones:DDCB d 78 BIT 7,(IX+d)DDCB d 79 BIT 7,(IX+d)DDCB d 7A BIT 7,(IX+d)DDCB d 7B BIT 7,(IX+d)DDCB d 7C BIT 7,(IX+d)DDCB d 7D BIT 7,(IX+d)DDCB d 7E BIT 7,(IX+d) - official oneDDCB d 7F BIT 7,(IX+d)1.6) FDCB Prefixes [1]Same as for the DDCB prefix, though IY is used in stead of IX.1.7) Combinations of Prefixes [5]This part may be of some interest to emulator coders. Here we definewhat happens if strange sequences of prefixes appear in the instructioncycle of the Z80.In general, DD and FD can change the following instruction a bit, (use IX orIY in stead of HL), and ED and CB select a completely different set ofinstructions.EDxx: Any DD or FD prefix before it is ignored, no matter how many. A CBhprefix can't appear before it because CBED is interpreted as SET 5,L;a separate instruction. If the second byte of an EDxx opcode is CB, DD, FDor ED, it has no effect on following instructions:EDFD210000 NOP; LD HL,0FDxx/DDxx: Any DD or FD before the FDxx/DDxx is ignored; in a sequence of DDsand FDs, it is only the last one that counts. The ones before just act likeNOPs. CB before an DD or FD is not poss...
[ Pobierz całość w formacie PDF ]