neo6502 (and maybe other platforms?) - crash in simple loop code

bcampbell commented 5 months ago

I can get a simple helloworld going OK on the neo6502 target, but I hit problems as soon as I start using any variables. Here's program to demonstrate the issue:

// To compile and run on the neo6502 emulator:
// $ mos-neo6502-clang crashy.c -o crashy
// $ neo crashy@0x0800 exec

#include <neo/api.h>

int main(int argc, char* argv[])
{
    neo_graphics_set_defaults(0xff, 0x00, 1, 0, 0);
    neo_graphics_set_color(1);

    /* this works...*/
    neo_graphics_draw_line(0+0,0,300+0,190);
    neo_graphics_draw_line(0+1,0,300+1,190);
    neo_graphics_draw_line(0+2,0,300+2,190);
    neo_graphics_draw_line(0+3,0,300+3,190);

    /* but this crashes the 6502 :-( */
    for (uint8_t i=0; i<4; ++i) {
        neo_graphics_draw_line(0+i,0,300+i,190);
    }
    return 0;
}

It works fine until I try using the loop, and then the emulated 6502 just chokes and dies on it.

I feel like I've had this problem on other targets. I'm pretty sure I hit something similar on the PCEngine target, but at the time I just assumed I'd screwed up memory banking macros... And when I was playing around with Fenix256k support, I think I saw something like this too. In that case it was just missing out one of the crt init routines in the CMakefile or linker scripts (e.g. the one that clears bss memory? Or zeropage data?). Sorry, that's a bit woolly and non-specific. But I do think it might be a wider problem, and my gut feeling is that it'll turn out to be something quite simple...

(For comparison, I've found the c64 and cx16 targets to be rock-solid - I've given them both a good workout with projects well over 1000 LoC).

asiekierka commented 5 months ago

Works fine with -Os, and also appears to have worked fine in an earlier version of the compiler (though I'm not sure from when exactly...).

mysterymath commented 5 months ago

I did some preliminary digging, and something somewhere is issuing a jump to 0x0000. There doesn't seem to be anything obviously amiss in the generated assembly, nor an indirect jump or anything that could get clobbered. I'd suspect some kind of hinky interaction between the SDK and the neo6502 libraries it calls, but I don't really know enough about the debugging features available on the neo6502 emulator (or the target) to do much very effective further digging.

If someone can trace down where in the assembly this example is going awry, I can probably take care of the compiler side of things.

bcampbell commented 5 months ago

Been tinkering. Hope there's something useful here. I hacked the emulator to add a "trace" mode to dump out every instruction executed. (I also added a printf to say when system calls are invoked, but that's not part of the PR)

Here's my revised test program:

// To compile and run on the neo6502 emulator:
// $ mos-neo6502-clang crashy.c -o crashy
// $ neo crashy@0x0800 exec trace

#include <neo/api.h>

int main(int argc, char* argv[])
{
    neo_graphics_set_defaults(0xff, 0x00, 1, 0, 0);
    neo_graphics_set_color(1);

    /* but this crashes the 6502 :-( */
    for (uint8_t i=0; i<4; ++i) {
        neo_graphics_draw_line(0+i,0,300+i,190);
    }
    return 0;
}

Here's the output I get. I can see it perform the first two system calls, but it dies before the first neo_graphics_draw_line() call gets as far as invoking the system call.

$ neo crashy@0x0800 exec trace
Load crashy to 800
Warm boot $806
[Beeper] frequency: 44100
[Beeper] format: AUDIO_S16
[Beeper] channels: 1
[Beeper] samples: 512
[Beeper] padding: 0
[Beeper] size: 1024
0806  85 01      sta 01
0808  20 0f 08   jsr 080f
080f  48         pha
0810  18         clc
0811  a5 00      lda 00
0813  69 f9      adc #f9
0815  85 00      sta 00
0817  a5 01      lda 01
0819  69 ff      adc #ff
081b  85 01      sta 01
081d  68         pla
081e  85 06      sta 06
0820  18         clc
0821  a5 00      lda 00
0823  69 05      adc #05
0825  85 04      sta 04
0827  a5 01      lda 01
0829  69 00      adc #00
082b  85 05      sta 05
082d  a9 00      lda #00
082f  92 04      sta (04)
0831  a0 01      ldy #01
0833  91 04      sta (04),y
0835  18         clc
0836  a5 00      lda 00
0838  69 03      adc #03
083a  85 04      sta 04
083c  a5 01      lda 01
083e  69 00      adc #00
0840  85 05      sta 05
0842  a5 06      lda 06
0844  92 04      sta (04)
0846  8a         txa
0847  91 04      sta (04),y
0849  a5 02      lda 02
084b  a6 03      ldx 03
084d  18         clc
084e  48         pha
084f  a5 00      lda 00
0851  69 01      adc #01
0853  85 02      sta 02
0855  a5 01      lda 01
0857  69 00      adc #00
0859  85 03      sta 03
085b  68         pla
085c  92 02      sta (02)
085e  8a         txa
085f  91 02      sta (02),y
0861  20 e0 08   jsr 08e0
08e0  a2 ff      ldx #ff
08e2  8e 04 ff   stx ff04
08e5  9c 05 ff   stz ff05
08e8  a2 01      ldx #01
08ea  8e 06 ff   stx ff06
08ed  9c 07 ff   stz ff07
08f0  9c 08 ff   stz ff08
08f3  20 f7 ff   jsr fff7
fff7  4c 18 fc   jmp fc18
fc18  20 81 fc   jsr fc81
fc81  48         pha
fc82  ad 00 ff   lda ff00
fc85  d0 fb      bne fc82
fc87  68         pla
fc88  60         rts
fc1b  8d 38 fc   sta fc38
fc1e  68         pla
fc1f  8d 45 fc   sta fc45
fc22  68         pla
fc23  8d 46 fc   sta fc46
fc26  20 3c fc   jsr fc3c
fc3c  ee 45 fc   inc fc45
fc3f  d0 03      bne fc44
fc44  ad f6 08   lda 08f6
fc47  60         rts
fc29  48         pha
fc2a  20 3c fc   jsr fc3c
fc3c  ee 45 fc   inc fc45
fc3f  d0 03      bne fc44
fc44  ad f7 08   lda 08f7
fc47  60         rts
fc2d  8d 01 ff   sta ff01
fc30  68         pla
fc31  8d 00 ff   sta ff00
***** DSPHander cmd=5 fn=1      // syscall invoked to the rp2040 mcu:  "graphics / set defaults"
fc34  20 3c fc   jsr fc3c
fc3c  ee 45 fc   inc fc45
fc3f  d0 03      bne fc44
fc44  ad f8 08   lda 08f8
fc47  60         rts
fc37  a9 00      lda #00
fc39  6c 45 fc   jmp (fc45)
08f8  60         rts
0864  20 1d 09   jsr 091d
091d  a2 01      ldx #01
091f  8e 04 ff   stx ff04
0922  20 f7 ff   jsr fff7
fff7  4c 18 fc   jmp fc18
fc18  20 81 fc   jsr fc81
fc81  48         pha
fc82  ad 00 ff   lda ff00
fc85  d0 fb      bne fc82
fc87  68         pla
fc88  60         rts
fc1b  8d 38 fc   sta fc38
fc1e  68         pla
fc1f  8d 45 fc   sta fc45
fc22  68         pla
fc23  8d 46 fc   sta fc46
fc26  20 3c fc   jsr fc3c
fc3c  ee 45 fc   inc fc45
fc3f  d0 03      bne fc44
fc44  ad 25 09   lda 0925
fc47  60         rts
fc29  48         pha
fc2a  20 3c fc   jsr fc3c
fc3c  ee 45 fc   inc fc45
fc3f  d0 03      bne fc44
fc44  ad 26 09   lda 0926
fc47  60         rts
fc2d  8d 01 ff   sta ff01
fc30  68         pla
fc31  8d 00 ff   sta ff00
***** DSPHander cmd=5 fn=64   // syscall invoked to the rp2040 mcu: "graphics / set color"
fc34  20 3c fc   jsr fc3c
fc3c  ee 45 fc   inc fc45
fc3f  d0 03      bne fc44
fc44  ad 27 09   lda 0927
fc47  60         rts
fc37  a9 00      lda #00
fc39  6c 45 fc   jmp (fc45)
0927  60         rts
0867  18         clc
0868  a6 00      ldx 00
086a  86 02      stx 02
086c  a6 01      ldx 01
086e  86 03      stx 03
0870  a9 00      lda #00
0872  92 02      sta (02)
0874  18         clc
0875  a6 00      ldx 00
0877  86 02      stx 02
0879  a6 01      ldx 01
087b  86 03      stx 03
087d  b2 02      lda (02)
087f  85 02      sta 02
0881  a9 00      lda #00
0883  a6 02      ldx 02
0885  e0 04      cpx #04
0887  e9 00      sbc #00
0889  70 02      bvs 088d
088b  80 04      bra 0891
0891  80 00      bra 0893
0893  aa         tax
0894  10 32      bpl 08c8
0896  80 00      bra 0898
0898  18         clc
0899  a6 00      ldx 00
089b  86 02      stx 02
089d  a6 01      ldx 01
089f  86 03      stx 03
08a1  b2 02      lda (02)
08a3  a8         tay
08a4  b2 02      lda (02)
08a6  18         clc
08a7  69 2c      adc #2c
08a9  85 02      sta 02
08ab  a9 00      lda #00
08ad  69 01      adc #01
08af  85 03      sta 03
08b1  a2 00      ldx #00
08b3  98         tya
08b4  20 f9 08   jsr 08f9
08f9  a4 02      ldy 02
08fb  8d 04 ff   sta ff04
08fe  8e 05 ff   stx ff05
0901  9c 06 ff   stz ff06
0904  9c 07 ff   stz ff07
0907  8c 08 ff   sty ff08
090a  a6 03      ldx 03
090c  8e 09 ff   stx ff09
090f  a2 be      ldx #be
0911  8e 0a ff   stx ff0a
0914  9c 0b ff   stz ff0b
0917  20 f7 ff   jsr fff7
fff7  4c 18 00   jmp 0018
0018  00         brk

asiekierka commented 5 months ago

fff7  4c 18 00   jmp 0018

That smells like a bug in the Neo6502 kernel, not in LLVM-MOS.

bcampbell commented 5 months ago

fff7  4c 18 00   jmp 0018
That smells like a bug in the Neo6502 kernel, not in LLVM-MOS.

Oh yes! I didn't even notice that!

fff7 is KSendMessage(), and earlier calls have it down as:

fff7  4c 18 fc   jmp fc18

Hmm. I wonder if the real hardware allows writes to the kernal code? The emulator does. I added some extra printfs to dump out memory locations 2, 3 and $fff7-$fff9 and reran the same program, and I can see it blatting over $fff9.

$ neo crashy@0x0800 exec trace
Load crashy to 800
Warm boot $806
[Beeper] frequency: 44100
[Beeper] format: AUDIO_S16
[Beeper] channels: 1
[Beeper] samples: 512
[Beeper] padding: 0
[Beeper] size: 1024
0806  85 01      sta 01       (2=00 3=00 $FFF7=4c $FFF8=18 $FFF9=fc)
0808  20 0f 08   jsr 080f     (2=00 3=00 $FFF7=4c $FFF8=18 $FFF9=fc)
080f  48         pha          (2=00 3=00 $FFF7=4c $FFF8=18 $FFF9=fc)
0810  18         clc          (2=00 3=00 $FFF7=4c $FFF8=18 $FFF9=fc)
0811  a5 00      lda 00       (2=00 3=00 $FFF7=4c $FFF8=18 $FFF9=fc)
0813  69 f9      adc #f9      (2=00 3=00 $FFF7=4c $FFF8=18 $FFF9=fc)
0815  85 00      sta 00       (2=00 3=00 $FFF7=4c $FFF8=18 $FFF9=fc)
0817  a5 01      lda 01       (2=00 3=00 $FFF7=4c $FFF8=18 $FFF9=fc)
0819  69 ff      adc #ff      (2=00 3=00 $FFF7=4c $FFF8=18 $FFF9=fc)
081b  85 01      sta 01       (2=00 3=00 $FFF7=4c $FFF8=18 $FFF9=fc)
081d  68         pla          (2=00 3=00 $FFF7=4c $FFF8=18 $FFF9=fc)
081e  85 06      sta 06       (2=00 3=00 $FFF7=4c $FFF8=18 $FFF9=fc)
0820  18         clc          (2=00 3=00 $FFF7=4c $FFF8=18 $FFF9=fc)
0821  a5 00      lda 00       (2=00 3=00 $FFF7=4c $FFF8=18 $FFF9=fc)
0823  69 05      adc #05      (2=00 3=00 $FFF7=4c $FFF8=18 $FFF9=fc)
0825  85 04      sta 04       (2=00 3=00 $FFF7=4c $FFF8=18 $FFF9=fc)
0827  a5 01      lda 01       (2=00 3=00 $FFF7=4c $FFF8=18 $FFF9=fc)
0829  69 00      adc #00      (2=00 3=00 $FFF7=4c $FFF8=18 $FFF9=fc)
082b  85 05      sta 05       (2=00 3=00 $FFF7=4c $FFF8=18 $FFF9=fc)
082d  a9 00      lda #00      (2=00 3=00 $FFF7=4c $FFF8=18 $FFF9=fc)
082f  92 04      sta (04)     (2=00 3=00 $FFF7=4c $FFF8=18 $FFF9=fc)
0831  a0 01      ldy #01      (2=00 3=00 $FFF7=4c $FFF8=18 $FFF9=fc)
0833  91 04      sta (04),y   (2=00 3=00 $FFF7=4c $FFF8=18 $FFF9=fc)
0835  18         clc          (2=00 3=00 $FFF7=4c $FFF8=18 $FFF9=fc)
0836  a5 00      lda 00       (2=00 3=00 $FFF7=4c $FFF8=18 $FFF9=fc)
0838  69 03      adc #03      (2=00 3=00 $FFF7=4c $FFF8=18 $FFF9=fc)
083a  85 04      sta 04       (2=00 3=00 $FFF7=4c $FFF8=18 $FFF9=fc)
083c  a5 01      lda 01       (2=00 3=00 $FFF7=4c $FFF8=18 $FFF9=fc)
083e  69 00      adc #00      (2=00 3=00 $FFF7=4c $FFF8=18 $FFF9=fc)
0840  85 05      sta 05       (2=00 3=00 $FFF7=4c $FFF8=18 $FFF9=fc)
0842  a5 06      lda 06       (2=00 3=00 $FFF7=4c $FFF8=18 $FFF9=fc)
0844  92 04      sta (04)     (2=00 3=00 $FFF7=4c $FFF8=18 $FFF9=fc)
0846  8a         txa          (2=00 3=00 $FFF7=4c $FFF8=18 $FFF9=fc)
0847  91 04      sta (04),y   (2=00 3=00 $FFF7=4c $FFF8=18 $FFF9=fc)
0849  a5 02      lda 02       (2=00 3=00 $FFF7=4c $FFF8=18 $FFF9=fc)
084b  a6 03      ldx 03       (2=00 3=00 $FFF7=4c $FFF8=18 $FFF9=fc)
084d  18         clc          (2=00 3=00 $FFF7=4c $FFF8=18 $FFF9=fc)
084e  48         pha          (2=00 3=00 $FFF7=4c $FFF8=18 $FFF9=fc)
084f  a5 00      lda 00       (2=00 3=00 $FFF7=4c $FFF8=18 $FFF9=fc)
0851  69 01      adc #01      (2=00 3=00 $FFF7=4c $FFF8=18 $FFF9=fc)
0853  85 02      sta 02       (2=00 3=00 $FFF7=4c $FFF8=18 $FFF9=fc)
0855  a5 01      lda 01       (2=fa 3=00 $FFF7=4c $FFF8=18 $FFF9=fc)
0857  69 00      adc #00      (2=fa 3=00 $FFF7=4c $FFF8=18 $FFF9=fc)
0859  85 03      sta 03       (2=fa 3=00 $FFF7=4c $FFF8=18 $FFF9=fc)
085b  68         pla          (2=fa 3=ff $FFF7=4c $FFF8=18 $FFF9=fc)
085c  92 02      sta (02)     (2=fa 3=ff $FFF7=4c $FFF8=18 $FFF9=fc)
085e  8a         txa          (2=fa 3=ff $FFF7=4c $FFF8=18 $FFF9=fc)
085f  91 02      sta (02),y   (2=fa 3=ff $FFF7=4c $FFF8=18 $FFF9=fc)
0861  20 e0 08   jsr 08e0     (2=fa 3=ff $FFF7=4c $FFF8=18 $FFF9=fc)
08e0  a2 ff      ldx #ff      (2=fa 3=ff $FFF7=4c $FFF8=18 $FFF9=fc)
08e2  8e 04 ff   stx ff04     (2=fa 3=ff $FFF7=4c $FFF8=18 $FFF9=fc)
08e5  9c 05 ff   stz ff05     (2=fa 3=ff $FFF7=4c $FFF8=18 $FFF9=fc)
08e8  a2 01      ldx #01      (2=fa 3=ff $FFF7=4c $FFF8=18 $FFF9=fc)
08ea  8e 06 ff   stx ff06     (2=fa 3=ff $FFF7=4c $FFF8=18 $FFF9=fc)
08ed  9c 07 ff   stz ff07     (2=fa 3=ff $FFF7=4c $FFF8=18 $FFF9=fc)
08f0  9c 08 ff   stz ff08     (2=fa 3=ff $FFF7=4c $FFF8=18 $FFF9=fc)
08f3  20 f7 ff   jsr fff7     (2=fa 3=ff $FFF7=4c $FFF8=18 $FFF9=fc)
fff7  4c 18 fc   jmp fc18     (2=fa 3=ff $FFF7=4c $FFF8=18 $FFF9=fc)
fc18  20 81 fc   jsr fc81     (2=fa 3=ff $FFF7=4c $FFF8=18 $FFF9=fc)
fc81  48         pha          (2=fa 3=ff $FFF7=4c $FFF8=18 $FFF9=fc)
fc82  ad 00 ff   lda ff00     (2=fa 3=ff $FFF7=4c $FFF8=18 $FFF9=fc)
fc85  d0 fb      bne fc82     (2=fa 3=ff $FFF7=4c $FFF8=18 $FFF9=fc)
fc87  68         pla          (2=fa 3=ff $FFF7=4c $FFF8=18 $FFF9=fc)
fc88  60         rts          (2=fa 3=ff $FFF7=4c $FFF8=18 $FFF9=fc)
fc1b  8d 38 fc   sta fc38     (2=fa 3=ff $FFF7=4c $FFF8=18 $FFF9=fc)
fc1e  68         pla          (2=fa 3=ff $FFF7=4c $FFF8=18 $FFF9=fc)
fc1f  8d 45 fc   sta fc45     (2=fa 3=ff $FFF7=4c $FFF8=18 $FFF9=fc)
fc22  68         pla          (2=fa 3=ff $FFF7=4c $FFF8=18 $FFF9=fc)
fc23  8d 46 fc   sta fc46     (2=fa 3=ff $FFF7=4c $FFF8=18 $FFF9=fc)
fc26  20 3c fc   jsr fc3c     (2=fa 3=ff $FFF7=4c $FFF8=18 $FFF9=fc)
fc3c  ee 45 fc   inc fc45     (2=fa 3=ff $FFF7=4c $FFF8=18 $FFF9=fc)
fc3f  d0 03      bne fc44     (2=fa 3=ff $FFF7=4c $FFF8=18 $FFF9=fc)
fc44  ad f6 08   lda 08f6     (2=fa 3=ff $FFF7=4c $FFF8=18 $FFF9=fc)
fc47  60         rts          (2=fa 3=ff $FFF7=4c $FFF8=18 $FFF9=fc)
fc29  48         pha          (2=fa 3=ff $FFF7=4c $FFF8=18 $FFF9=fc)
fc2a  20 3c fc   jsr fc3c     (2=fa 3=ff $FFF7=4c $FFF8=18 $FFF9=fc)
fc3c  ee 45 fc   inc fc45     (2=fa 3=ff $FFF7=4c $FFF8=18 $FFF9=fc)
fc3f  d0 03      bne fc44     (2=fa 3=ff $FFF7=4c $FFF8=18 $FFF9=fc)
fc44  ad f7 08   lda 08f7     (2=fa 3=ff $FFF7=4c $FFF8=18 $FFF9=fc)
fc47  60         rts          (2=fa 3=ff $FFF7=4c $FFF8=18 $FFF9=fc)
fc2d  8d 01 ff   sta ff01     (2=fa 3=ff $FFF7=4c $FFF8=18 $FFF9=fc)
fc30  68         pla          (2=fa 3=ff $FFF7=4c $FFF8=18 $FFF9=fc)
fc31  8d 00 ff   sta ff00     (2=fa 3=ff $FFF7=4c $FFF8=18 $FFF9=fc)
***** DSPHander cmd=5 fn=1
fc34  20 3c fc   jsr fc3c     (2=fa 3=ff $FFF7=4c $FFF8=18 $FFF9=fc)
fc3c  ee 45 fc   inc fc45     (2=fa 3=ff $FFF7=4c $FFF8=18 $FFF9=fc)
fc3f  d0 03      bne fc44     (2=fa 3=ff $FFF7=4c $FFF8=18 $FFF9=fc)
fc44  ad f8 08   lda 08f8     (2=fa 3=ff $FFF7=4c $FFF8=18 $FFF9=fc)
fc47  60         rts          (2=fa 3=ff $FFF7=4c $FFF8=18 $FFF9=fc)
fc37  a9 00      lda #00      (2=fa 3=ff $FFF7=4c $FFF8=18 $FFF9=fc)
fc39  6c 45 fc   jmp (fc45)   (2=fa 3=ff $FFF7=4c $FFF8=18 $FFF9=fc)
08f8  60         rts          (2=fa 3=ff $FFF7=4c $FFF8=18 $FFF9=fc)
0864  20 1d 09   jsr 091d     (2=fa 3=ff $FFF7=4c $FFF8=18 $FFF9=fc)
091d  a2 01      ldx #01      (2=fa 3=ff $FFF7=4c $FFF8=18 $FFF9=fc)
091f  8e 04 ff   stx ff04     (2=fa 3=ff $FFF7=4c $FFF8=18 $FFF9=fc)
0922  20 f7 ff   jsr fff7     (2=fa 3=ff $FFF7=4c $FFF8=18 $FFF9=fc)
fff7  4c 18 fc   jmp fc18     (2=fa 3=ff $FFF7=4c $FFF8=18 $FFF9=fc)
fc18  20 81 fc   jsr fc81     (2=fa 3=ff $FFF7=4c $FFF8=18 $FFF9=fc)
fc81  48         pha          (2=fa 3=ff $FFF7=4c $FFF8=18 $FFF9=fc)
fc82  ad 00 ff   lda ff00     (2=fa 3=ff $FFF7=4c $FFF8=18 $FFF9=fc)
fc85  d0 fb      bne fc82     (2=fa 3=ff $FFF7=4c $FFF8=18 $FFF9=fc)
fc87  68         pla          (2=fa 3=ff $FFF7=4c $FFF8=18 $FFF9=fc)
fc88  60         rts          (2=fa 3=ff $FFF7=4c $FFF8=18 $FFF9=fc)
fc1b  8d 38 fc   sta fc38     (2=fa 3=ff $FFF7=4c $FFF8=18 $FFF9=fc)
fc1e  68         pla          (2=fa 3=ff $FFF7=4c $FFF8=18 $FFF9=fc)
fc1f  8d 45 fc   sta fc45     (2=fa 3=ff $FFF7=4c $FFF8=18 $FFF9=fc)
fc22  68         pla          (2=fa 3=ff $FFF7=4c $FFF8=18 $FFF9=fc)
fc23  8d 46 fc   sta fc46     (2=fa 3=ff $FFF7=4c $FFF8=18 $FFF9=fc)
fc26  20 3c fc   jsr fc3c     (2=fa 3=ff $FFF7=4c $FFF8=18 $FFF9=fc)
fc3c  ee 45 fc   inc fc45     (2=fa 3=ff $FFF7=4c $FFF8=18 $FFF9=fc)
fc3f  d0 03      bne fc44     (2=fa 3=ff $FFF7=4c $FFF8=18 $FFF9=fc)
fc44  ad 25 09   lda 0925     (2=fa 3=ff $FFF7=4c $FFF8=18 $FFF9=fc)
fc47  60         rts          (2=fa 3=ff $FFF7=4c $FFF8=18 $FFF9=fc)
fc29  48         pha          (2=fa 3=ff $FFF7=4c $FFF8=18 $FFF9=fc)
fc2a  20 3c fc   jsr fc3c     (2=fa 3=ff $FFF7=4c $FFF8=18 $FFF9=fc)
fc3c  ee 45 fc   inc fc45     (2=fa 3=ff $FFF7=4c $FFF8=18 $FFF9=fc)
fc3f  d0 03      bne fc44     (2=fa 3=ff $FFF7=4c $FFF8=18 $FFF9=fc)
fc44  ad 26 09   lda 0926     (2=fa 3=ff $FFF7=4c $FFF8=18 $FFF9=fc)
fc47  60         rts          (2=fa 3=ff $FFF7=4c $FFF8=18 $FFF9=fc)
fc2d  8d 01 ff   sta ff01     (2=fa 3=ff $FFF7=4c $FFF8=18 $FFF9=fc)
fc30  68         pla          (2=fa 3=ff $FFF7=4c $FFF8=18 $FFF9=fc)
fc31  8d 00 ff   sta ff00     (2=fa 3=ff $FFF7=4c $FFF8=18 $FFF9=fc)
***** DSPHander cmd=5 fn=64
fc34  20 3c fc   jsr fc3c     (2=fa 3=ff $FFF7=4c $FFF8=18 $FFF9=fc)
fc3c  ee 45 fc   inc fc45     (2=fa 3=ff $FFF7=4c $FFF8=18 $FFF9=fc)
fc3f  d0 03      bne fc44     (2=fa 3=ff $FFF7=4c $FFF8=18 $FFF9=fc)
fc44  ad 27 09   lda 0927     (2=fa 3=ff $FFF7=4c $FFF8=18 $FFF9=fc)
fc47  60         rts          (2=fa 3=ff $FFF7=4c $FFF8=18 $FFF9=fc)
fc37  a9 00      lda #00      (2=fa 3=ff $FFF7=4c $FFF8=18 $FFF9=fc)
fc39  6c 45 fc   jmp (fc45)   (2=fa 3=ff $FFF7=4c $FFF8=18 $FFF9=fc)
0927  60         rts          (2=fa 3=ff $FFF7=4c $FFF8=18 $FFF9=fc)
0867  18         clc          (2=fa 3=ff $FFF7=4c $FFF8=18 $FFF9=fc)
0868  a6 00      ldx 00       (2=fa 3=ff $FFF7=4c $FFF8=18 $FFF9=fc)
086a  86 02      stx 02       (2=fa 3=ff $FFF7=4c $FFF8=18 $FFF9=fc)
086c  a6 01      ldx 01       (2=f9 3=ff $FFF7=4c $FFF8=18 $FFF9=fc)
086e  86 03      stx 03       (2=f9 3=ff $FFF7=4c $FFF8=18 $FFF9=fc)
0870  a9 00      lda #00      (2=f9 3=ff $FFF7=4c $FFF8=18 $FFF9=fc)
0872  92 02      sta (02)     (2=f9 3=ff $FFF7=4c $FFF8=18 $FFF9=fc)      // BLATBLATBLATBLATBLAT!!!!!
0874  18         clc          (2=f9 3=ff $FFF7=4c $FFF8=18 $FFF9=00)
0875  a6 00      ldx 00       (2=f9 3=ff $FFF7=4c $FFF8=18 $FFF9=00)
0877  86 02      stx 02       (2=f9 3=ff $FFF7=4c $FFF8=18 $FFF9=00)
0879  a6 01      ldx 01       (2=f9 3=ff $FFF7=4c $FFF8=18 $FFF9=00)
087b  86 03      stx 03       (2=f9 3=ff $FFF7=4c $FFF8=18 $FFF9=00)
087d  b2 02      lda (02)     (2=f9 3=ff $FFF7=4c $FFF8=18 $FFF9=00)
087f  85 02      sta 02       (2=f9 3=ff $FFF7=4c $FFF8=18 $FFF9=00)
0881  a9 00      lda #00      (2=00 3=ff $FFF7=4c $FFF8=18 $FFF9=00)
0883  a6 02      ldx 02       (2=00 3=ff $FFF7=4c $FFF8=18 $FFF9=00)
0885  e0 04      cpx #04      (2=00 3=ff $FFF7=4c $FFF8=18 $FFF9=00)
0887  e9 00      sbc #00      (2=00 3=ff $FFF7=4c $FFF8=18 $FFF9=00)
0889  70 02      bvs 088d     (2=00 3=ff $FFF7=4c $FFF8=18 $FFF9=00)
088b  80 04      bra 0891     (2=00 3=ff $FFF7=4c $FFF8=18 $FFF9=00)
0891  80 00      bra 0893     (2=00 3=ff $FFF7=4c $FFF8=18 $FFF9=00)
0893  aa         tax          (2=00 3=ff $FFF7=4c $FFF8=18 $FFF9=00)
0894  10 32      bpl 08c8     (2=00 3=ff $FFF7=4c $FFF8=18 $FFF9=00)
0896  80 00      bra 0898     (2=00 3=ff $FFF7=4c $FFF8=18 $FFF9=00)
0898  18         clc          (2=00 3=ff $FFF7=4c $FFF8=18 $FFF9=00)
0899  a6 00      ldx 00       (2=00 3=ff $FFF7=4c $FFF8=18 $FFF9=00)
089b  86 02      stx 02       (2=00 3=ff $FFF7=4c $FFF8=18 $FFF9=00)
089d  a6 01      ldx 01       (2=f9 3=ff $FFF7=4c $FFF8=18 $FFF9=00)
089f  86 03      stx 03       (2=f9 3=ff $FFF7=4c $FFF8=18 $FFF9=00)
08a1  b2 02      lda (02)     (2=f9 3=ff $FFF7=4c $FFF8=18 $FFF9=00)
08a3  a8         tay          (2=f9 3=ff $FFF7=4c $FFF8=18 $FFF9=00)
08a4  b2 02      lda (02)     (2=f9 3=ff $FFF7=4c $FFF8=18 $FFF9=00)
08a6  18         clc          (2=f9 3=ff $FFF7=4c $FFF8=18 $FFF9=00)
08a7  69 2c      adc #2c      (2=f9 3=ff $FFF7=4c $FFF8=18 $FFF9=00)
08a9  85 02      sta 02       (2=f9 3=ff $FFF7=4c $FFF8=18 $FFF9=00)
08ab  a9 00      lda #00      (2=2c 3=ff $FFF7=4c $FFF8=18 $FFF9=00)
08ad  69 01      adc #01      (2=2c 3=ff $FFF7=4c $FFF8=18 $FFF9=00)
08af  85 03      sta 03       (2=2c 3=ff $FFF7=4c $FFF8=18 $FFF9=00)
08b1  a2 00      ldx #00      (2=2c 3=01 $FFF7=4c $FFF8=18 $FFF9=00)
08b3  98         tya          (2=2c 3=01 $FFF7=4c $FFF8=18 $FFF9=00)
08b4  20 f9 08   jsr 08f9     (2=2c 3=01 $FFF7=4c $FFF8=18 $FFF9=00)
08f9  a4 02      ldy 02       (2=2c 3=01 $FFF7=4c $FFF8=18 $FFF9=00)
08fb  8d 04 ff   sta ff04     (2=2c 3=01 $FFF7=4c $FFF8=18 $FFF9=00)
08fe  8e 05 ff   stx ff05     (2=2c 3=01 $FFF7=4c $FFF8=18 $FFF9=00)
0901  9c 06 ff   stz ff06     (2=2c 3=01 $FFF7=4c $FFF8=18 $FFF9=00)
0904  9c 07 ff   stz ff07     (2=2c 3=01 $FFF7=4c $FFF8=18 $FFF9=00)
0907  8c 08 ff   sty ff08     (2=2c 3=01 $FFF7=4c $FFF8=18 $FFF9=00)
090a  a6 03      ldx 03       (2=2c 3=01 $FFF7=4c $FFF8=18 $FFF9=00)
090c  8e 09 ff   stx ff09     (2=2c 3=01 $FFF7=4c $FFF8=18 $FFF9=00)
090f  a2 be      ldx #be      (2=2c 3=01 $FFF7=4c $FFF8=18 $FFF9=00)
0911  8e 0a ff   stx ff0a     (2=2c 3=01 $FFF7=4c $FFF8=18 $FFF9=00)
0914  9c 0b ff   stz ff0b     (2=2c 3=01 $FFF7=4c $FFF8=18 $FFF9=00)
0917  20 f7 ff   jsr fff7     (2=2c 3=01 $FFF7=4c $FFF8=18 $FFF9=00)
fff7  4c 18 00   jmp 0018     (2=2c 3=01 $FFF7=4c $FFF8=18 $FFF9=00)
0018  00         brk          (2=2c 3=01 $FFF7=4c $FFF8=18 $FFF9=00)

mysterymath commented 5 months ago

Interesting, the "BLAT" is a write to the current top of the C stack (the stack pointer is stored in zero page locations 0 and 1). Somehow the stack pointer ended up pointing at 0xfff9, which isn't correct. It does look like it's being initialized to 0xf600 at program start, which seems fine.

mysterymath commented 5 months ago

Actually, not it's not, it says it's warm booting to 0x806, not 0x800. That would cut off the start of the stack pointer initialization, which would lead to it pointing somewhere invalid. I think that's the root cause here.

mysterymath commented 5 months ago

From the emulator docs, it looks like it does default to 0x806 as the start address. We'd need to make that the case in our linker scripts if that's a hard constrain.

@asiekierka , do you know anything about how programs are expected to be loaded on the neo6502? Is this an emulator-only thing?

asiekierka commented 5 months ago

I followed their cc65 example, which uses test -f hello.neo && ../../bin/neo hello.neo@800 cold to launch the generated executable and doesn't make any concessions for warm boots.

mysterymath commented 5 months ago

Alright, in that case I'm going to close this one as Working As Intended; the crasher example does work under that command line.

bcampbell commented 5 months ago

Oops, sorry for the false alarm! Thanks so much for tracking down the issue!

llvm-mos / llvm-mos-sdk

neo6502 (and maybe other platforms?) - crash in simple loop code #330