I finally had a chance to patch the NMOS RMW fix. I had to tap lots of signals on the VIC chip to find the problem, but eventually got it: a missing Dead-Cycle write was failing to clear the Raster Interrupt.The patch turned out to be quite simple in the end -- to replicate the NMOS Dead Cycle write we need to bring R/W low one cycle after the RMW sequence begins. Thankfully, the 65C02 /ML pin circuitry already signals the right moment, so it was easy to drive R/W low at the right time. And after much fuzzing trying to regenerate the right address and data bus values, I gave up and just let bus capacitance handle it. (It does seem a bit lame, but the right signals are already on the bus! Why not just reuse them.)

Ok, so firing up Bubble Bobble, it was great to see the RMW cycles as R-W-W now, with a "1" written to D0 to clear the Raster Interrupt and the /IRQ pin going high immediately thereafter. So cool! And it always amazes me that things can be so totally broken in one instant, and then suddenly start working perfectly in the next ...Time for some game play! Ok, so does this fix all the other games? Unfortunately no! IK+, Impossible Mission and California Games all start fine, but then hang shortly thereafter -- again in a tight IRQ loop.

Clearly more debugging ahead, but getting closer.

Thanks for all the help along the way, and cheers for now,
Drass

_________________
C74-6502 Website: https://c74project.com

Congratulations: another problem solved.

Still some more work to do, but now we know what to look for:
tight IRQ loops caused by IRQ interrupt flags not getting cleared.

Looking forward to seeing the other games fixed, too.

:---

Well, K24 still has to be soldered\tested, but I'm not expecting many (or big) bugs there.
Most of the K24 circuitry is stuff we already had used in the TTL CPU,
and the K24 instruction set already had been implemented in my old M02 CPU.

A lot of the K24 testing already can be done while the TTL CPU still is plugged into the C64.
C64 Kernal + Basic is supposed to work with K24 without any modifications.

It's just that K24 RTI expects a 3 Bytes return address on the stack instead of 2 Bytes,
what causes an incompatibility with monitor programs etc. which start running code by RTI.

Go, Drass, go.

Maybe we need to start TTL6502 association. It is probably obvious what is the requirement to get a membership
Transistor, TTL and CMOS variations are all accepted.

A

That's a good idea.

There always is too much to do, too little time, and too few TTLers.

Not to mention that just building TTL CPUs won't do:
for building an entire computer, we also would have to build TTL peripherals.

Hey, if you happen to have some free time\capacity for building something
like a 20MHz+ TTL implementation of the 6526...

The first post on this thread mentioned building a C64 to host the TTL CPU — man, I had no idea! Three years later working as a team and the CPU is finally shaking out. (Good thing we’re not in a hurry. )

Who knows what amazing TTL computer could come from a team effort.

Go Team C74, go!

_________________
C74-6502 Website: https://c74project.com

I think I found it! Boy, it sure feels right, but I’ve yet to be able to confirm. I wanted to share this for a sanity test now before I go to patch the boards. Here it goes:

The problem in question is that the game IK+ hangs after a few seconds when using the TTL CPU in the C64. At the time of failure, the CPU is caught in a tight IRQ loop, with /IRQ held low. The likely suspect is some side-effect (like the dead-cycle write of an INC instruction) being used to clear the IRQ, and the TTL CPU failing replicate this side-effect correctly. But closer inspection of the code revealed something different: the final execution of the IRQ service routine before the hang uses an invalid vector address, which lands the CPU in no man’s land. That’s why /IRQ goes flat. Tracing the game logic back, I can see that the IRQ vector is changed dynamically, and that it is finally corrupted by, of all things, a lost NMI!

More precisely put, the failure to execute an NMI prevents the reset of a critical variable, one which is used by the game to select the IRQ vector low-byte. A subsequent IRQ then increments this variable beyond its limit, and uses it to set the next IRQ vector incorrectly — with terminal consequences. The root cause is the missed NMI. Here is the critical moment: The capture shows that /NMI goes low while an IRQ is in progress, and it stays low even after the interrupt is cleared and /IRQ returns high. In fact, /NMI never goes high again. The three write cycles of the BRK sequence for the IRQ are clearly evident from R/W, but there is no sign of the NMI being serviced. It sure looks like the NMI interrupt is lost.

Sure enough, a look at the TTL CPU’s internal logic confirms that an NMI will be ignored if it arrives after the fetch of the interrupt vector low-byte, but before the end of the SYNC cycle at the end of the BRK sequence. This is exactly the time at which the NMI happens to arrive in the capture above. In fact, the chances of an NMI hitting this vulnerable window are enhanced in this case by the action of RDY (shown on the capture beginning at the cursor). It happens to go low to pause the CPU exactly during the critical SYNC cycle, extending the window of vulnerability over many cycles.

Ok, so what to do. Obviously we need to close the window, but this raises the obvious question: how does the NMOS 6502 react to overlapping IRQ and NMI events? Dieter shared with me some fascinating info on visual6502.org in that regard. In particular, three points stand out:

1. A “late” NMI, one which arrives after the BRK sequence has begun but before the interrupt vector low-byte has been fetched, hijacks the IRQ. In this case, the NMI vector is followed, and the IRQ will execute after the NMI is completed.
2. A “later” NMI, one which arrives after the fetch of the vector low-byte but before the ISR has started, will interrupt the second instruction of the ISR.
3. A “lost” NMI, one which arrives less than a 1/2 cycle before the fetch of the vector low-byte, is ignored and the NMI is lost.

The TTL CPU already reproduces #1 above — an NMI arriving before the fetch of the vector low-byte will hijack an IRQ already in progress. That’s great, but unfortunately, the other two behaviours are not correct. The problem is that the TTL CPU clears the internal flags for all pending interrupts at the end of the BRK sequence. Admittedly, that’s a bit of a blunt instrument, but pretty much ok for /IRQ and /RES. Both these signals are level-sensitive and will simply be captured once again as soon as the BRK sequence completes.

Of course that’s not true for NMI, which is edge-sensitive. In that case, the pending interrupt flag must not be cleared unless the NMI interrupt is actually being serviced. Now, we know NMI will hijack the interrupt if it arrives before the vector low-byte fetch, so we can be sure we are indeed clearing only a serviced NMI if the flags are cleared immediately after the low-byte fetch (i.e. upon the fall of PHI2 in that cycle). The internal pending-interrupt flags are used only to generate the correct vector low-byte address, so we don’t really need them once that job is done. The fix therefore should not break anything, so far as I can tell, and deal with the problem.

But even with that, a small window still remains while the internal flags are actually being cleared. A low-going ~15ns pulse is used to clear the internal flip-flops, and an NMI will be lost if it is received exactly within that 15ns window. Now this is no worse than the NMOS 6502, which reportedly loses NMIs that land within a 1/2 cycle of the vector low-byte fetch. Just to confirm, I left the IK+ game running in the opening animation sequence for an extended period — something I had not done to this point. If in fact the 6510 in the C64 loses NMI interrupts, then it should be only a matter of time before it too hangs, right?

Well, lo and behold, yes — indeed the game hangs after a few minutes with NMI stuck low. I repeated the tests several times just to be sure, with the same result every time. Wow, turns out the bug was always there! It’s just that the TTL CPU’s longer vulnerability window makes it more likely to occur. Man o’ man, I would not have guessed that! (Strangely enough, the problem does not seem to resurface during game play, which looks very much like the opening animation. This might also just be only a mater of time, however.)

So, now, with this change, the behaviour of the TTL CPU in this respect should match the 6510 with only two exceptions:

1. the “Lost NMI” window is 15ns after the vector low-byte fetch, rather than a 1/2 cycle before it; and
2. a “Later NMI” will interrupt the first instruction of the ISR that follows it, rather than the second.

At this stage, I can only hope that both these incompatibilities will turn out to be benign ... (Yes, hope springs eternal ).

Alright, so the next step is to look for yet another patch to the existing boards to try to fix this problem. In the meantime, I would appreciate a sanity test here. The specifics of 6502 interrupt handling are a bit tricky, to say the least, and it would not surprise me to learn that I’ve botched this up. Does the behavior described above seem correct? Is it the same on the 65C02? Many thanks in advance for any comments.

Cheers for now,
Drass

_________________
C74-6502 Website: https://c74project.com

> Now this is no worse than the NMOS 6502, which reportedly loses NMIs that land within a 1/2 cycle of the vector low-byte fetch...

Checking the wiki page on this subject, it looks like an NMI would only be lost if it's a short pulse. In the usual 6502 system design, NMI would remain low until the interrupting device is serviced - it doesn't get lost, but it is deferred for a few cycles while the IRQ is taken.

Wiki:
http://visual6502.org/wiki/index.php?ti ... t_Handling

Simulation with short NMI pulse (from that page):
http://visual6502.org/JSSim/expert.html ... =0014&d=78

Simulation with extended NMI pulse (just adjusted one parameter):
http://visual6502.org/JSSim/expert.html ... =0014&d=78

Thanks for the clarification BigEd. That’s so interesting!

Reading the Wiki carefully, it seems that in order for the NMI to be lost, it must be a pulse shorter than 2.5 cycles AND arrive within a 1/2 cycle before the low-byte fetch. That suggests NMI is sampled on the rise of PHI2, and sampling is inhibited during the two-cycle vector fetch. A “later” NMI which persists just misses the start of the SYNC cycle that follows, and then interrupts the *second* instruction of the ISR. Excellent.

Unfortunately, replicating this requires more logic than I have on the board. But I think I can get away with sampling on the fall of PHI2 and inhibiting sampling only while the internal interrupt-pending flags are being reset. If NMI goes low during that time, the transition will be picked up once sampling resumes. That should close the window entirely, and have the TTL CPU respond to any NMI pulse across the fall of PHI2 (minus a nominal setup time). It yields different interrupt latency, but the hope is it won’t matter.

Of course, I am now wondering what’s behind the IK+ crash with the 6510 installed? Certainly NMI stays low for more than 2.5 cycles, so perhaps there is some other gremlin in the works. It would be quite something if the fix addresses the lost NMI, and the TTL CPU then replicates the remaining IK+ crash. Can’t wait to find out.

Ok, time to make the patch and see what happens!

_________________
C74-6502 Website: https://c74project.com

Yup, that was it! After the patch, the game runs! And if you wait long enough ...The game crashes exactly in the same way as with the 6510 installed ... amazing. (Btw, how cool would it be to fix that bug after all these years. )

But either way, I’m super happy with the fix. Just for fun, below is a capture showing an NMI hijacking an IRQ already in progress. Interestingly, RDY happens to go low just before the three write cycles of the BRK routine, and the TTL CPU finishes the writes before pausing, just as the vector low-byte is being fetched (/FCP.AD goes low). The byte that gets fetched eventually is the NMI vector. Very cool!

Ok, now for the bad news: the 15ns “Lost NMI” window remains. The fix for that part didn’t work. Turns out I really do need an extra flip-flop to properly fix the thing, so that will have to wait for the next rev of the boards.

In the meantime, Impossible Mission still hangs, so the hunt continues!

Cheers for now,
Drass

_________________
C74-6502 Website: https://c74project.com

A leap forward - and bug-compatible!

Drass,

Did you post the logisim file(s) somewhere in this huge thread ?

If not, could you do so ?

I'm curious how your circuit compares to Warren's Microcoded CPU https://minnie.tuhs.org//Programs/UcodeCPU/index.html

Sure did.

http://forum.6502.org/viewtopic.php?f=4&t=3493&start=150#p47678

I’m not sure if the zip file worked out, so please let me know if you have any question/issues. More than happy to help.

One note: it’s been quite some time since I’ve updated the model. I know I left it in a consistent state, but it may not have some of the more recent tweaks. I hope it helps.

Cheers,
Drass.

_________________
C74-6502 Website: https://c74project.com

Lol, right after my previous post in this thread.

Senility / laziness is a terrible thing

Thanks.

Mike

Thanks BigEd!

Having looked at it more closely, I can now confirm that the “Lost NMI” 15ns window does not exist in the TTL CPU after all. Turns out the window only occurs during phase2 and is always over by the time the NMI pin is sampled on the fall of PHI2. The two events never overlap and NMI transitions are always properly detected regardless of when they arrive.

Ok, glad that’s worked out ... time to move on to the next bug!

_________________
C74-6502 Website: https://c74project.com

Alrighty then ... the boards are getting harder and harder to patch, with jumpers chris-crossing each other and ICs repurposed here and there. And yet there is more: turns out Impossible Mission also suffered from a “Lost NMI”.

I didn’t know whether to feel dismayed or grateful at this point. Truth be told, these bugs would have been nearly impossible to find were it not for these two games (IK+ and Impossible Mission). In each, the code hangs within a few seconds of start, and the Analyzer shows the problematic interaction between IRQ, NMI and RDY just before the breakdown very clearly. Nice!

In the end, the solution here was to inhibit sampling of the NMI pin at the beginning of the vector low-byte fetch, and to resume only once the final SYNC cycle of the BRK sequence is finished. In this way, a “Late NMI” is safely deferred until after BRK completes. The NMI will then interrupt the sercond SYNC of the ISR in progress (just as happens with the NMOS 6502).

Here now is the patch:And with that, Impossible Mission came to life!

Differences in the TTL CPU to the NMOS 6502 handling of NMI are now as follows:

1. NMI is sampled on the fall of PHI2 (rather than the rise of PHI2 for the NMOS 6502),
2. A “Late NMI” arriving after the vector low-byte fetch must persist past the completion of the final SYNC cycle in the BRK sequence, or it will be lost. This means the minimum pulse width for a “Late NMI” is 4 cycles (rather than 2.5 cycles for the NMOS 6502).

I don’t think I can get a closer match to the NMOS 6502 behaviour without adding more ICs to the boards. Here’s hoping that won’t be necessary. By way of recap, the compatibility changes we have so far are as follows:

• Implemented NMOS 6502 RDY to pause only on Read cycles
• Verified the behaviour of all Dead Cycles for both NMOS and CMOS microcode
• Implemented the RWW sequence for NMOS RMW instructions
• Fixed the sampling of NMI to more closely reflect the NMOS 6502 behaviour.

And somehow I have a feeling this might not be the last of it. More testing ahead!

_________________
C74-6502 Website: https://c74project.com