switch Cyclone to submodule on it's own git repo

[picodrive.git] / cpu / mz80 / mz80.txt

Multi-Z80 32 Bit emulator\r
Copyright 1996, 1997, 1998, 1999, 2000 - Neil Bradley, All rights reserved\r
\r
			    MZ80 License agreement\r
			    -----------------------\r
\r
(MZ80 Refers to both the assembly code emitted by makez80.c and makez80.c\r
itself)\r
\r
MZ80 May be distributed in unmodified form to any medium.\r
\r
MZ80 May not be sold, or sold as a part of a commercial package without\r
the express written permission of Neil Bradley (neil@synthcom.com). This\r
includes shareware.\r
\r
Modified versions of MZ80 may not be publicly redistributed without author\r
approval (neil@synthcom.com). This includes distributing via a publicly\r
accessible LAN. You may make your own source modifications and distribute\r
MZ80 in source or object form, but if you make modifications to MZ80\r
then it should be noted in the top as a comment in makez80.c.\r
\r
MZ80 Licensing for commercial applications is available. Please email\r
neil@synthcom.com for details.\r
\r
Synthcom Systems, Inc, and Neil Bradley will not be held responsible for\r
any damage done by the use of MZ80. It is purely "as-is".\r
\r
If you use MZ80 in a freeware application, credit in the following text:\r
\r
"Multi-Z80 CPU emulator by Neil Bradley (neil@synthcom.com)"\r
\r
must accompany the freeware application within the application itself or\r
in the documentation.\r
\r
Legal stuff aside:\r
\r
If you find problems with MZ80, please email the author so they can get\r
resolved. If you find a bug and fix it, please also email the author so\r
that those bug fixes can be propogated to the installed base of MZ80\r
users. If you find performance improvements or problems with MZ80, please\r
email the author with your changes/suggestions and they will be rolled in\r
with subsequent releases of MZ80.\r
\r
The whole idea of this emulator is to have the fastest available 32 bit\r
Multi-Z80 emulator for the x86, giving maximum performance.\r
 \r
                         MZ80 Contact information\r
			  -------------------------\r
\r
Author      : Neil Bradley (neil@synthcom.com)\r
Distribution: ftp://ftp.synthcom.com/pub/emulators/cpu/makez80.zip (latest)\r
\r
You can join the cpuemu mailing list on Synthcom for discussion of Neil\r
Bradley's Z80 (and other) CPU emulators. Send a message to \r
"cpuemu-request@synthcom.com" with "subscribe" in the message body. The\r
traffic is fairly low, and is used as a general discussion and announcement\r
for aforementioned emulators.\r
\r
\r
			     MZ80 Documentation\r
			     -------------------\r
\r
MZ80 Is a full featured Z80 emulator coded in 32 bit assembly. It runs well\r
over a hundred games, in addition to it supporting many undocumented Z80\r
instructions required to run some of the Midway MCR games, Galaga, and\r
countless other wonderful Z80 based arcade games.\r
\r
MZ80 Contains a makez80.c program that must be compiled. It is the program\r
that emits the assembly code that NASM will compile. This minimizes the\r
possibility of bugs creeping in to MZ80 for the different addressing modes\r
for each instruction. It requires NASM 0.97 or greater.\r
\r
The goal of MZ80 is to have a high performance Z80 emulator that is capable\r
of running multiple emulations concurrently at full speed, even on lower-end\r
machines (486/33). MZ80 Harnesses the striking similarities of both the Z80\r
and the x86 instruction sets to take advantage of flag handling which greatly\r
reduces the time required to emulate a processor, so no extra time is spent\r
computing things that are already available in the native x86 processor,\r
allowing it to perform leaps and bounds over comparable C based Z80 emulators\r
on the same platform.\r
\r
MZ80 Is designed exclusively for use with NASM, the Netwide Assembler. This\r
gives the ultimate in flexibility, as NASM can emit object files that work\r
with Watcom, Microsoft Visual C++ (4.0-current), DJGPP, Borland C++, and\r
gcc under FreeBSD or Linux. MZ80 Has been tested with each one of these\r
compilers and is known to work properly on each.\r
\r
\r
			    What's in the package\r
			    ---------------------\r
\r
MZ80.TXT               - This text file\r
\r
MAKEZ80.C              - Multi Z80 32 Bit emulator emitter program\r
\r
MZ80.H                 - C Header file for MZ80 functions\r
\r
\r
			  What's new in this release\r
			  --------------------------\r
\r
Revision 3.4:\r
\r
	* Fixed the overflow flag not getting cleared in the SetOverflow()\r
	  routine. It caused strange problems with a handful of Genesis games\r
	* Removed invalid instruction in the C version so that more\r
	  instructions will execute\r
\r
Revision 3.3:\r
\r
	* Undocumented opcodes added to the C emitter\r
	* Bug fix to the C emission that properly handles shared RAM regions\r
	  (I.E. with handlers that are NULL)\r
	* Now using 32 bit registers to do register/memory access. Slight\r
	  speed increase (assembly version only)\r
\r
Revision 3.2:\r
	\r
	* R Register emulation now accurate with a real Z80\r
	* mz80int() Called when interrupts are disabled causes the\r
	  z80intPending flag to be set, and an interrupt will be caused after\r
	  the execution of EI and the next instruction. See "IMPORTANT NOTE\r
	  ABOUT INTERRUPTS" below\r
	* The instruction after EI executes fully before interrupt status is\r
	  checked. (as does a real Z80)\r
\r
\r
Revision 3.1:\r
\r
	* Fixed bug in memory dereference when handler was set to NULL (keeps\r
	  system from crashing or faulting)\r
	* Removed the only stricmp() from the entire file and replaced it\r
	  with strcmp() so that stdlibs without it will compile\r
	* Changed cyclesRemaining > 0 to cyclesRemaining >= 0 to be compatible\r
	  with the ASM core\r
	* Removed additional sub [dwCyclesRemaining], 5 at the beginning of\r
	  mz80exec() (ASM Core only). Increases timing accuracy.\r
	* NMIs And INTs add additional time to dwElapsedTicks as it should\r
	* mz80ReleaseTimeslice() Sets remaining clocks to 0 instead of 1\r
\r
\r
Revision 3.0:\r
\r
	* All instructions validated against a real Z80. Used an ISA card\r
	  with a Z80 on it to validate flag handling, instruction handling,\r
	  timing, and other goodies. The only thing not implemented/emulated\r
	  is flag bit 3 & 5 emulation. Believed to be 100% bug free!\r
	* 80% Speed improvement over version 2.7 of mz80\r
	* z80stb.c Removed. Use -c to emit a C version of mz80! API compatible!\r
	  Note that this is mostly, but not fully, debugged, so consider the\r
	  C version a beta! It's at least healthier than z80stb.c was. The C \r
	  version does not include the undocumented Z80 instructions.\r
	* mz80nmi() No longer trashes registers it uses when using -cs\r
	* IN/OUT Instructions work properly when using -16\r
	* IN A, (xxh) uses A as high 8 bits of I/O fetch address when using -16\r
	* IM 0/IM 1 Description in documentation fixed\r
	* Sizes of all context registers increased to 32 bits - for speed!\r
	* IFF1/IFF2 Now properly emulated\r
	* JR Instruction offset can fetch from $ffff and properly wrap\r
	* LDIR/LDDR Instruction now won't go to completion - instead it will\r
	  run until BC=0 or the # of cycles to execute have expired. These\r
	  instructions used to run to completion - even beyond the # of cycles\r
	  left to execute\r
	* INI/IND/INIR/INDR countdown bug fixed - it was decrementing B twice\r
	  for each IN! Whoops!\r
	* If you specify NULL as a handler address to a memory region, mz80 will\r
	  use vpData as a pointer to where that block of data resides. Quite\r
	  useful for multiprocessor emulations that share the same memory.\r
	* EDI Now keeps track of cycle counting for faster execution\r
	* Modified memory region scanning code to use 32 bit registers instead\r
	  of their 16 bit counterparts\r
	* Get/SetContext() uses rep movsd/movsb. Insignificant overall, but\r
	  why waste the time?\r
	* Debugging routines added. See the "DEBUGGING" section below for more\r
	  information. NOTE: The debugging routines are not yet available in\r
	  the C emission.\r
	* Timing done slightly differently now. Mz80 now executes one \r
	  instruction past the timing given on input. For example, mz80exec(0)\r
	  will cause a single instruction to be executed (thusly -ss was\r
	  removed).\r
\r
Revision 2.7:\r
\r
	* Fixed OTIR/OTDR/INIR/INDR instructions so their 16 bit counterparts\r
	  work properly\r
	* Emulation core 30-70% faster overall than 2.6 due to optimization to\r
	  the timing routines\r
	* Replaced word reads/writes with a special word write routine rather\r
	  than the standard calling to read/write byte functions\r
	* z80stb.c (the C equivalent of mz80) compiles properly now\r
	* Fixed OS/2 text/segment issue\r
	* Fixed bug in set/getCPU context that ensures that ES=DS and avoids\r
	  crashes. Caused crashes under OS/2 and other OS's\r
\r
Revision 2.6:\r
\r
	* Emulator core 5-30% faster overall. Some 16 and 8 bit instructions\r
	  sped up when using their 32 bit equivalents.\r
	* Fix to -l so that proper labels without leading and trailing \r
	  underscores so Linux/FreeBSD compiles will work properly\r
	* Single step now executes the # of instructions passed in to z80exec()\r
	  instead of just 1 as it had in prior releases. This is only active\r
	  when the -ss option is used.\r
	* The -nt option was added. This will cause the timing information to\r
	  not be added in, speeding up execution. Warning: Only do this if your\r
	  emulated target does not require instruction timing!\r
	* Updated documentation errors\r
	* C Version of mz80 (mz80.c) that is API compliant is distributed with\r
	  the archive (With kind permission of Edward Massey).\r
\r
Revision 2.5:\r
\r
	* Fixed an unconditional flag being cleared in the ddcbxx instructions.\r
	  It caused Donkey Kong's barrels to not roll.\r
\r
Revision 2.4:\r
\r
	* Fixed improper HALT handling (didn't advance the PTR when it should)\r
	* Fixed SRL (IX+$xx) instruction so that carry wasn't trashed\r
	* Fixed single stepping problems with it giving too much time to \r
	  any given instruction\r
	* Fixed half carry flag handling with 16 bit SBC and ADD instructions\r
	* Fixed DAA emulation so that parity flags weren't getting trashed\r
\r
Revision 2.3:\r
\r
	* Fixed many stack handling bugs\r
	* Timing problems fixed. The prior version was causing massive \r
	  overruns on maximum timeslices with some insutructions.\r
\r
Revision 2.2:\r
\r
	* Fixed a bug in CPI/CPD/CPIR/CPDR that mishandled flags\r
	* All known bugs are out of mz80 now\r
	* Added the -cs option to route all stack operations through the\r
	  handlers (required for games like Galaga)\r
\r
Revision 2.1:\r
\r
	* Fixed a bug in CPI/CPD/CPIR/CPDR that caused intermittent lockups.\r
	  Also fixed a bug that caused erratic behavior in several video games.\r
	* Added INI/IND/INIR/INDR instruction group\r
	* Added OUTI/OUTD/OTIR/OTDR instruction group\r
\r
Revision 1.0:\r
\r
	* First release! The whole thing is new!\r
\r
\r
ASSEMBLING FOR USE WITH WATCOM C/C++\r
------------------------------------\r
\r
Watcom, by default, uses register calling conventions, as does MZ80. To\r
create a proper emulator for Watcom:\r
\r
	makez80 MZ80.asm -x86\r
\r
From here:\r
\r
	nasm -f win32 MZ80.asm\r
\r
Link the MZ80.obj with your Watcom linker.\r
\r
\r
ASSEMBLING FOR USE WITH MICROSOFT VISUAL C++ AND BORLAND C++\r
--------------------------------------------------------------------\r
\r
Visual C++ and Borland C++ use stack calling conventions by default. To\r
create a proper emulator for these compilers:\r
\r
	makez80 MZ80.asm -s -x86\r
\r
For Visual C++ or Borland C++:\r
\r
	nasm -f win32 MZ80.asm\r
\r
Link with your standard Visual C++ or Borland C++.\r
\r
\r
ASSEMBLING FOR USE WITH DJGPP, GCC/FREEBSD, OR GCC/LINUX\r
--------------------------------------------------------------------\r
\r
DJGPP Uses stack calling conventions:\r
\r
	makez80 MZ80.asm -s -x86\r
\r
To assemble:\r
\r
	nasm -f coff MZ80.asm\r
\r
Link with your standard DJGPP linker. The same holds true for GCC under\r
FreeBSD or Linux. If you're using GCC, use the -l option to generate "plain"\r
labels so that gcc's linker will properly link things.\r
\r
\r
MAKEZ80 COMMAND LINE OPTIONS\r
----------------------------\r
\r
-s	- Use stack calling conventions (DJGPP, MSVC, Borland, etc...)\r
\r
-cs	- Force all stack operations to go through the Read/Write memory handlers.\r
	  This slows things down, but is useful when needed.\r
\r
-16	- Treat all I/O input and output as 16 bit (BC)\r
\r
-l	- Create 'plain' labels - ones without leading and trailing underscores\r
\r
-nt	- Do not generate timing code - this speeds the emulator up, but the\r
	  downside is that no timing info is available.\r
\r
-c	- Emit a C mz80 emulator (API Compatible with the assembly version - \r
	  handy for porters!)\r
\r
-x86	- Emit an assembly (x86) mz80 emulator\r
\r
-os2	- Generate OS/2 compatible segmentation\r
\r
\r
IMPORTANT NOTE ABOUT INTERRUPTS\r
-------------------------------\r
\r
A minor change was made between the 3.1 and 3.2 versions of makez80 in the\r
way that interrupts were handled.\r
\r
On a real Z80, the !INT line is a level triggered interrupt, meaning that if\r
the interrupt line is held low, the Z80 will continue to take interrupts \r
immediately after the instruction after the EI instruction is executed until\r
the interrupt line is high again.\r
\r
In 3.1, if an interrupt came in and interrupts were disabled, the interrupt\r
would never be "latched" for later execution. The Z80 does not have any\r
internal latching capabilities, however external hardware often does hold\r
the interrupt line low until the interrupt is executed, in effect, a latch.\r
\r
I've only found one video game so far that requires the "raising/lowering"\r
of the interrupt line (Ataxx). In the games that I've tried, it has improved\r
performance, in some cases drastically, and in others not at all. This can\r
be accounted for by interrupts being taken now, where they were being dropped\r
in prior mz80 releases.\r
\r
mz80 Emulates the most commonly used scenario. Now when mz80int() is executed\r
and a nonzero value is returned (indicating interrupts were disabled), it\r
will set z80intPending, and the interrupt will be taken after execution of\r
one instruction beyond the EI instruction.\r
\r
So now, if mz80int() returns a nonzero value, that means an interrupt is\r
latched. If clearing this latch is desired or the old behavior of 3.1 is \r
desired, make a call to the mz80ClearPendingInterrupt() call. It's a 2 \r
instruction call that has extremely small overhead and will not affect \r
performance in any measurable way.\r
\r
In any case, MZ80 will now execute one instruction after EI regardless of\r
how much time is available to avoid the possibility of an interrupt request\r
coming in directly after the EI instruction. \r
\r
\r
STEPS TO EMULATION\r
------------------\r
\r
NOTE: -16 Is a command line option that will treat all I/O as 16 bit. That\r
is, in an instruction like "IN AL, (C)", the addressed passed to the I/O\r
handler will be BC instead of just C. Bear this in mind when considering your\r
emulated platform.\r
\r
There are a few steps you want to go through to get proper emulation, and a\r
few guidelines must be followed.\r
\r
1) Create a MZ80CONTEXT\r
\r
2) Create your virtual 64K memory space using whatever means of obtaining\r
   memory you need to do.\r
\r
3) Set mz80Base in your context to be the base of your 64K memory space\r
\r
4) Load up your image to be emulated within that 64K address space.\r
\r
5) Set z80IoRead and z80IoWrite to their appropriate structure arrays. Here's\r
   an example:\r
\r
struct z80PortRead ReadPorts[] =\r
{\r
	{0x10,	0x1f,	SoundChip1Read},\r
	{0x20,	0x2f,	SoundChip2Read}\r
	{(UINT32) -1,     (UINT32) -1, NULL}\r
};\r
\r
When an IN instruction occurs, mz80 will probe this table looking for a\r
handler to the address of the "IN" instruction. If it is found in the list,\r
it's up to the handler to return the proper value. Otherwise, a value of\r
0ffh is returned internally if no handler for that I/O address is found. In\r
the case above, SoundChip1Read is called when the I/O address is between 0x10-\r
0x1f. A similar structure is used for I/O writes as well (OUT):\r
\r
struct z80PortWrite WritePorts[] =\r
{\r
	{0x20,	0x2f,	SoundChip2Write},\r
	{0x30,	0x36,	VideoCtrlWrite},\r
	{(UINT32) -1, 	(UINT32) -1, NULL}\r
}\r
\r
Of course, this does the opposite that the z80PortRead struct, and instead\r
looks for a handler to hand some data to. If it doesn't find an appropriate\r
handler, nothing happens.\r
\r
6) Set mz80MemoryRead & mz80MemoryWrite to their appropriate structure\r
   arrays. Here is an example:\r
\r
struct MemoryWriteByte GameWrite[] =\r
{\r
	{0x3000, 0x3fff,  VideoWrite},\r
	{0x4000, 0x4fff,  SpriteWrite},\r
	{(UINT32) -1,     (UINT32) -1, NULL}\r
};\r
\r
The above example says that any time a write occurs in the 0x3000-0x3fff\r
range, call the VideoWrite routine. The same holds true for the SpriteWrite\r
region as well.\r
\r
NOTE: When your write handler is called, it is passed the address of the\r
write and the data that is to be written to it. If your handler doesn't\r
write the data to the virtual image, the mz80 internal code will not.\r
\r
NOTE: These routines will *NOT* be called when execution asks for these\r
addresses. It will only call them when a particular instruction uses the\r
memory at these locations.\r
\r
If you wish for a region to be RAM, just leave it out of your memory region\r
exception list. The WriteMemoryByte routine will treat it as read/write\r
RAM and will write to mz80Base + addr directly.\r
\r
If you wish to protect ROM regions (not often necessary), create a range that\r
encompasses the ROM image, and have it call a routine that does nothing. This\r
will prevent data from being written back onto the ROM image.\r
\r
Leave your last entry in the table as shown above, with a null handler and\r
0xffffffff-0xffffffff as your read address. Even though the Z80 only\r
addresses 64K of space, the read/write handlers are defined as 32 bit so\r
the compiler won't pass junk in the upper 16 bits of the address lines. Not\r
only that, it allows orthoganality for future CPU emulators that may use\r
these upper bits.\r
\r
You can do a mz80GetContext() if you'd like to read the current context of\r
the registers. Note that by the time your handler gets called, the program\r
counter will be pointing to the *NEXT* instruction.\r
\r
struct MemoryReadByte GameRead[] =\r
{\r
	{0x2000,        0x200f,         ReadHandler},\r
	{(UINT32) -1,     (UINT32) -1,  NULL}\r
};\r
\r
Same story here. If you have a special handler for an attempted read at a\r
particular address, place its range in this table and create a handler\r
routine for it.   \r
\r
If you don't define a handler for a particular region, then the ReadMemoryByte\r
in mz80.ASM will actually read the value out of mz80Base + the offset \r
required to complete the instruction.\r
\r
7) Set the intAddr and nmiAddr to the addresses where you want mz80 to start\r
   executing when an interrupt or NMI happens. Take a look at the section\r
   entitled "INTERRUPTS" below for more information on this.\r
\r
8) Call mz80SetContext() on your Z80 context\r
\r
9) Call mz80Reset(). This will prime the program counter and cause a virtual\r
   CPU-wide reset.\r
\r
10) Once you have those defined, you're ready to begin emulation. There's some\r
    sort of main loop that you'll want. Maybe something like:\r
\r
	while (hit == 0)\r
	{\r
		if (lastSec != (UINT32) time(0))\r
		{\r
			diff = (mz80clockticks - prior) / 3000000;\r
			printf("%ld Clockticks, %ld frames, %ld Times original speed\n", MZ80clockticks - prior, frames, diff);\r
			frames = 0;\r
			prior = mz80clockticks;\r
			lastSec = time(0);\r
			if (kbhit())\r
			{\r
				getch();\r
				hit = 1;\r
			}\r
		}\r
\r
		/* 9000 Cycles per NMI (~3 milliseconds @ 3MHZ) */\r
\r
		dwResult = mz80exec(9000);\r
		mz80clockticks += mz80GetElapsedTicks(TRUE);\r
		mz80nmi();\r
\r
		/* If the result is not 0x80000000, it's an address where\r
		   an invalid instruction was hit. */\r
\r
		if (0x80000000 != dwResult)\r
		{\r
			mz80GetContext(&sCpu1);\r
			printf("Invalid instruction at %.2x\n", sCpu1.MZ80pc);\r
			exit(1);\r
		}\r
	}\r
\r
Call mz80exec() With the # of virtual CPU cycles you'd like mz80 to\r
execute. Be sure to use the mz80GetElapsedTicks() call *AFTER* execution to\r
see how many virtual CPU cycles it actually executed. For example, if you tell\r
mz80 to execute 500 virtual CPU cycles, it will execute slightly more. Anything\r
from 500 to 524 (24 cycles being the longest any 1 instruction takes in the\r
Z80).\r
\r
Use the mz80GetElapsedTicks() call for more accurate cycle counting. Of course,\r
this is only if you have *NOT* included the -nt option.\r
\r
If you pass FALSE to the mz80GetElapsedTicks() function, the internal CPU \r
elapsed tick clock will not be reset. The elapsed tick counter is something \r
that continues to increase every emulated instruction, and like an odometer,\r
will keep counting unless you pass TRUE to mz80GetElapsedTicks(), of which \r
case it will return you the current value of the elapsed ticks and set it to \r
0 when complete.\r
\r
NOTE: The bigger value you pass to mz80exec, the greater benefit you get out\r
of the virtual registers persisting within the emulator, and it will run\r
faster. Pass in a value that is large enough to take advantage of it, but\r
not so often that you can't handle nmi or int's properly.\r
\r
If you wish to create a virtual NMI, call mz80nmi(), and it will be taken\r
the next time you call mz80exec, or alternately if you have a handler call\r
mz80nmi/mz80int(), the interrupt will be taken upon return. Note that \r
mz80nmi() doesn't actually execute any code - it only primes the emulator to\r
begin executing NMI/INT code.\r
\r
NOTE: mz80int() is defined with a UINT32 as a formal parameter. Depending \r
upon what interrupt mode you're executing in (described later), it may or may\r
not take a value.\r
\r
NMI's can interrupt interrupts, but not the other way around - just like a\r
real Z80. If your program is already in an interrupt, another one will not be\r
taken. The same holds true for an NMI - Just like a real Z80!\r
\r
\r
MUTLI-PROCESSOR NOTES\r
---------------------\r
\r
Doing multi processor support is a bit trickier, but is still fairly straight-\r
forward.\r
\r
For each processor to be emulated, go through steps 1-7 above - giving each\r
CPU its own memory space, register storage, and read/write handlers.\r
\r
\r
EXECUTION OF MULTI-CPUS:\r
-------------------------\r
\r
When you're ready to execute a given CPU, do the following:\r
\r
	mz80SetContext(contextPointer);\r
\r
This will load up all information saved before into the emulator and ready it\r
for execution. Then execute step 7 above to do your virtual NMI's, interrupts,\r
etc... All CPU state information is saved within a context.\r
\r
When the execution cycle is complete, do the following to save the updated\r
context away for later:\r
\r
	mz80GetContext(contextPointer);\r
\r
Give each virtual processor a slice of time to execute. Don't make the values\r
too small or it will spend its time swapping contexts. While this in itself\r
isn't particularly CPU expensive, the more time you spend executing the better.\r
mz80 Keeps all of the Z80 register in native x86 register (including most\r
of the flags, HL, BC, and A). If no context swap is needed, then you get the\r
added advantage of the register storage. For example, let's say you were \r
running two Z80s - one at 2.0MHZ and one at 3.0MHZ. An example like this \r
might be desirable:\r
\r
	mz80SetContext(cpu1Context);	// Set CPU #1's information\r
	mz80exec(2000);		// 2000 Instructions for 2.0MHZ CPU\r
	mz80GetContext(cpu1Context);	// Get CPU #1's state info\r
\r
	mz80SetContext(cpu2Context);	// Set CPU #2's state information\r
	mz80exec(3000);		// 3000 Instructions for 3.0MHZ CPU\r
	mz80GetContext(cpu2Context);	// Get CPU #2's state information\r
\r
This isn't entirely realistic, but if you keep the instruction or timing\r
ratios between the emulated CPUs even, then timing is a bit more accurate.\r
\r
NOTE: If you need to make a particular CPU give up its own time cycle because\r
of a memory read/write, simply trap a particular address (say, a write to a\r
slave processor) and call mz80ReleaseTimeslice(). It will not execute any \r
further instructions, and will give up its timeslice. Put this in your \r
read/write memory trap.\r
\r
NOTE: You are responsible for "holding back" the processor emulator from\r
running too fast.\r
\r
\r
INTERRUPTS\r
----------\r
\r
The Z80 has three interrupt modes: IM 0 - IM 2. Each act differently. Here's\r
a description of each:\r
\r
IM 0\r
\r
This mode will cause the Z80 to be able to pull a "single byte instruction"\r
off the bus when an interrupt occurs. Since we're not doing bus cycle\r
emulation, it acts identically to mode 1 (described below). The formal\r
parameter to mz80int() is ignored. There is really no point in actually \r
emulating the instruction execution since any instruction that would be\r
executed would be a branch instruction!\r
\r
IM 1\r
\r
This mode is the "default" mode that the Z80 (and mz80 for that matter) comes\r
up in. When you call mz80reset(), the interrupt address is set to 38h and\r
the NMI address is set to 66h. So when you're in IM 1 and mz80int() is\r
called, the formal parameter is ignored and the z80intAddr/z80nmiAddr values\r
are appropriately loaded into the program counter.\r
\r
IM 2\r
\r
This mode causes the Z80 to read the upper 8 bits from the current value\r
of the "I" register, and the lower 8 bits from the value passed into mz80int().\r
So, if I contained 35h, and you did an mz80int(0x64), then an interrupt at\r
address 3564h would be taken. Simple!\r
\r
\r
OTHER GOODIES\r
-------------\r
\r
MZ80 Has a nice feature for allowing the same handler to handle different\r
data regions on a single handler. Here's an example:\r
\r
struct PokeyDataStruct Pokey1;\r
struct PokeyDataStruct Pokey2;\r
\r
struct MemoryWriteByte GameWrite[] =\r
{\r
	{0x1000, 0x100f,  PokeyHandler, Pokey1},\r
	{0x1010, 0x101f,  PokeyHandler, Pokey2},\r
	{(UINT32) -1,     (UINT32) -1, NULL}\r
};\r
\r
void PokeyHandler(UINT32 dwAddr, UINT8 bData, struct sMemoryWriteByte *psMem)\r
{\r
	struct PokeyDataStruct *psPokey = psMem->pUserArea;\r
\r
	// Do stuff with psPokey here....\r
}\r
\r
This passes in the pointer to the sMemoryWriteByte structure that caused\r
the handler to be called. The pUserArea is a user defined address that can\r
be anything. It is not necessary to fill it in with anything or even\r
initialize it if the handler doesn't actually use it.\r
\r
This allows a single handler to handle multiple data references. This is\r
particularly useful when handling sound chip emulation, where there might\r
be more than one of a given device. Sure beats having multiple unique\r
handlers that are identical with the exception of the data area where it\r
writes! This allows a good deal of flexibility.\r
\r
The same construct holds for MemoryReadByte, z80PortRead, and z80PortWrite,\r
so all can take advantage of this feature.\r
\r
\r
SHARED MEMORY FEATURES\r
----------------------\r
\r
MZ80 Also has another useful feature for dealing with shared memory regions:\r
\r
UINT8 bSharedRAM[0x100];\r
\r
struct MemoryWriteByte Processor1[] = \r
{\r
	{0x1000, 0x10ff, NULL, bSharedRAM},\r
	{(UINT32) -1, (UINT32) -1, NULL}\r
};\r
\r
struct MemoryWriteByte Processor2[] = \r
{\r
	{0x1000, 0x10ff, NULL, bSharedRAM},\r
	{(UINT32) -1, (UINT32) -1, NULL}\r
};\r
\r
If the handler address is NULL, mz80 will look at the pUserArea field as a\r
pointer to RAM to read from/write to. This comes in extremely handy when you\r
have an emulation that requires two or more processors writing to the same\r
memory block. And it's lots faster than creating a handler that writes to\r
a common area as well.\r
\r
\r
DEBUGGING\r
---------\r
\r
Several new functions have been added to mz80 that assist the emulator\r
author by providing a standard set of functions for register access:\r
\r
UINT8 mz80SetRegisterValue(void *pContext, UINT32 dwRegister, UINT32 dwValue)\r
\r
This allows setting of any register within the Z80. The register field can be\r
one of the following values (defined in mz80.h):\r
\r
	CPUREG_PC\r
	CPUREG_Z80_AF\r
	CPUREG_Z80_BC\r
	CPUREG_Z80_DE\r
	CPUREG_Z80_HL\r
	CPUREG_Z80_AFPRIME\r
	CPUREG_Z80_BCPRIME\r
	CPUREG_Z80_DEPRIME\r
	CPUREG_Z80_HLPRIME\r
	CPUREG_Z80_IX\r
	CPUREG_Z80_IY\r
	CPUREG_Z80_SP\r
	CPUREG_Z80_I\r
	CPUREG_Z80_R\r
	CPUREG_Z80_A\r
	CPUREG_Z80_B\r
	CPUREG_Z80_C\r
	CPUREG_Z80_D\r
	CPUREG_Z80_E\r
	CPUREG_Z80_H\r
	CPUREG_Z80_L\r
	CPUREG_Z80_F\r
	CPUREG_Z80_CARRY\r
	CPUREG_Z80_NEGATIVE\r
	CPUREG_Z80_PARITY\r
	CPUREG_Z80_OVERFLOW\r
	CPUREG_Z80_HALFCARRY\r
	CPUREG_Z80_ZERO\r
	CPUREG_Z80_SIGN\r
	CPUREG_Z80_IFF1\r
	CPUREG_Z80_IFF2\r
\r
Each individual register's value can be set, including the flags at the end.\r
The only valid values for the flags are 1 and 0. Setting these will\r
automatically adjust the "F" register. \r
\r
If pContext is NULL, then the registers in the currently active context are\r
changed. If pContext points to a non-NULL area, that area is assumed to be\r
a CONTEXTMZ80 structure where the new register value will be written.\r
\r
If mz80SetRegisterValue() returns a nonzero value, either the register value\r
or register is out of range or invalid.\r
\r
\r
UINT32 mz80GetRegisterValue(void *pContext, UINT32 dwRegister)\r
\r
This returns the value of the register given on input (listed above as\r
CPUREG_Z80_xxxxx). Flag values will be 1 or 0.\r
\r
If pContext is NULL, then the registers in the currently active context are\r
read. If pContext points to a non-NULL area, that area is assumed to be\r
a CONTEXTMZ80 structure from which register values are pulled.\r
\r
\r
UINT32 mz80GetRegisterTextValue(void *pContext, UINT32 dwRegister, \r
				 UINT8 *pbTextArea)\r
\r
This returns the textual representation of the value of a given register.\r
It is a text printable string that can be used in sprintf() statements and\r
the like. This function is useful because different representations for\r
registers (like flags) can be a group of 8 flag bytes instead of a single\r
value.\r
\r
On entry, pContext being set to NULL indicates that mz80 should get the\r
register value from the currently active context. Otherwise, it is assumed\r
to be pointing to a CONTEXTMZ80 structure, which contains the value of the\r
registers to be read.\r
\r
pbTextArea points to a buffer where the value text can be written. This points\r
to a user supplied buffer.\r
\r
On exit, if any nonzero value is encountered, either the register # is out\r
of range or pbTextArea is NULL.\r
\r
\r
UINT8 *mz80GetRegisterName(UINT32 dwRegister)\r
\r
This returns a pointer to the textual name of the register passed in. NULL\r
Is returned if the register index (CPUREG_Z80_xxxx table described above) is\r
out of range. DO NOT MODIFY THE TEXT! It is static data.\r
\r
\r
FINAL NOTES\r
-----------\r
\r
I have debugged MZ80.ASM to the best of my abilities. There might still be\r
a few bugs floating around in it, but I'm not aware of any. I've validated\r
all instructions (That I could) against a custom built Z80 on an ISA card\r
(that fits in a PC) so I'm quite confident that it works just like a real\r
Z80. \r
\r
If you see any problems, please point them out to me, as I am eager to make\r
mz80 the best emulator that I can. \r
\r
If you have questions, comments, etc... about mz80, please don't hesitate\r
to send me an email. And if you use mz80 in your emulator, I'd love to take\r
a look at your work. If you have special needs, or need implementation\r
specific hints, feel free to email me, Neil Bradley (neil@synthcom.com). I\r
will do my best to help you.\r
\r
Enjoy!\r
\r
Neil Bradley\r
neil@synthcom.com\r
\r
\r