Plus Vectored Interrupt Bug

From CPCWiki - THE Amstrad CPC encyclopedia!
Jump to: navigation, search

Plus Vectored Interrupts

On the Amstrad Plus and GX4000 it is possible to use Z80 Interrupt mode 2 (IM 2). When maskable interrupts are enabled (EI) and the interrupt is acknowledged by the Z80, the ASIC will provide a vector which is put onto the bus.

This vector and Z80 register I are used to form an address:

(I*256)+vector

The Z80 will then read a 2-byte address which is the location of the interrupt handler.

Bit 0 of the vector will be 0. Bits 2..1 are generated by the ASIC based on the interrupt source (one of the DMA channels or raster interrupt). Bits 7..3 are defined by writing a value to the ASIC IVR register (at &6805 in the ASIC registers).

The raster interrupt interrupt comes from the CPC compatible 52-line interrupt OR the Plus programmable line interrupt (PRI at &6800 in the ASIC registers).

Bit 0 of IVR is set to 1 at power-on but the other bits are undefined, so you should either:

  • Set the IVR value by writing to 6805 after unlocking the asic and making the registers visible

e.g.

...
di
call asic_unlock
ld bc,&7fb8
out (c),c
ld a,1
ld (&6805),a
ld a,&40
ld i,a
ld hl,dma0_handler
ld (&4000),hl
ld hl,dma1_handler
ld (&4002),hl
ld hl,dma2_handler
ld (&4006),hl
ld hl,raster_handler
ld (&4008),hl
im 2
ei
...
  • OR, you can repeat the same interrupt function handlers through the entire 256 byte vector range.

e.g.

...
di
ld a,&40
ld i,a
ld hl,dma0_handler
ld (&4000),hl
ld hl,dma1_handler
ld (&4002),hl
ld hl,dma2_handler
ld (&4006),hl
ld hl,raster_handler
ld (&4008),hl
ld hl,&4000
ld de,&400a
ld bc,256-&a
ldir
im 2 
ei
...

See Arnold_V_Specs_Revised for more information.

The Vectored Interrupt Bug

The Vectored interrupts are bugged. Amstrad knew about this and removed information about the IVR register and vectored interrupt from later ASIC specification documents.

Following discussions on cpcwiki involving roudoudou, Longshot, gerald, arnoldemu and dragon the cause of the bug has been identified, through testing and from analysis by gerald with his logic analyzer and a workaround has been identified.

This bug has mostly been seen when using the raster interrupt.

For example, if DMA interrupts are not used and when a raster interrupt is acknowledged sometimes the vector will be 6 (for raster interrupt) or 4 (for dma channel 0 - the lowest priority interrupt).

  • If the instruction at the time of interrupt acknowledge is located in a memory region where A13=0 then the bug happens. The bug is not dependent on RAM or ROM or I register value. The location of the interrupt handler code is also not important. The location of the instruction is important. The bug also doesn't occur with opcodes that don't use memory read/write or don't contain a memory read/write when fetching the opcode. Single byte instructions are fine including HALT. However, it is difficult to code in a way to workaround the issue in this way.
  • If the instruction at the time of interrupt acknowledge is located in a memory region where A13=1 then the bug doesn't happen.
  • If auto-clear DMA interrupts are enabled (IVR bit 0=0), then the bug can also happen with the DMA interrupts.

There are workarounds:

  • Put your code between &2000-&3fff, &6000-&7fff, &a000-&bfff, &e000-&ffff. You can place your I value anywhere and the code for your interrupt handlers can be anywhere. You can make use of RAM and ROM and cart to make this easier
  • Set all interrupt handlers to the same function, do not use auto-clear (DCSR bit 0 = 0) and handle it like IM 1. (For memory reasons IM 2 is often easier to use to control interrupts)

Technical

The bug is related to logic around link LK106 and IC IC116 near the Z80 which relates to the Z80 signals /IORQ, /RESET, A13 and /WAIT, but the exact reason this logic is here is not known.

See [[1]]

Logic analysis by the bug by gerald:

See [[2]]

When a raster interrupt is pending it has been found that the ASIC sees two interrupt acknowledge from the Z80.

With the first, it will auto-clear the raster interrupt, record the information in the DCSR register and output the raster interrupt vector onto the bus.

When it sees the second, because the raster interrupt has been seen and no DMA interrupts are pending, it defaults to the the vector for DMA channel 0.

The logic around the Z80 shortens or lengthens the IORQ based on A13 and that is why the bug doesn't happen when A13=1.