Shop OBEX P1 Docs P2 Docs Learn Events
A little PASM puzzle — Parallax Forums

A little PASM puzzle

jazzedjazzed Posts: 11,803
edited 2009-08-22 16:57 in Propeller 1
Anyone (other than kuroneko [noparse]:)[/noparse] care to reverse engineer the purpose of this PASM code?

long $a0bfee07, $a4bc0e07, $08bc0df7, $e87c0c02
long $08bc0df7, $ec7c0c04, $00000000, $a3837ffe


Hope some of the young ones or newbies give this a shot. I know the answer since I wrote it.
Just consider this a friendly challenge.

▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔
--Steve


Propalyzer: Propeller PC Logic Analyzer
http://forums.parallax.com/showthread.php?p=788230

Comments

  • AleAle Posts: 2,363
    edited 2009-08-22 05:43
    I suppose I'm out of the loop too ?

    ▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔
    Visit some of my articles at Propeller Wiki:
    MATH on the propeller propeller.wikispaces.com/MATH
    pPropQL: propeller.wikispaces.com/pPropQL
    pPropQL020: propeller.wikispaces.com/pPropQL020
    OMU for the pPropQL/020 propeller.wikispaces.com/OMU
  • jazzedjazzed Posts: 11,803
    edited 2009-08-22 08:07
    Ale said...
    I suppose I'm out of the loop too ?
    If that is your choice [noparse]:)[/noparse] I know of about 8 people who visit this forum with the chops to easily reverse engineer the code block. Kuroneko and hippy are the only ones who have clearly demonstrated their "chops" for this type of thing as far as I know. This is a somewhat low complexity example, so if it is a "cake-walk" then show me or just offer clues. I thought given the nature of some recent posts that a puzzle might bring something fresh and interesting to the forum. It is not my intention to insult anyone [noparse]:)[/noparse]

    ▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔
    --Steve


    Propalyzer: Propeller PC Logic Analyzer
    http://forums.parallax.com/showthread.php?p=788230
  • kuronekokuroneko Posts: 3,623
    edited 2009-08-22 08:53 
    long $a4bfee06, $08bc0bf7, $e87c0a01, $08bc0bf7
long $ec7c0a03, $00000000, $5c7c8001
  • dMajodMajo Posts: 855
    edited 2009-08-22 11:38
    ·Just a guess from a newbie (actually without hardware to test - done on paper)

                                                       opcod  ZCRI CON  DEST      SRC
        1: mov      reg(503)[noparse][[/noparse]dirb],reg(7)  WR      101000 0010 1111 111110111 000000111 // write 0 to dirb
        2: neg      reg(7),reg(7)          WR      101001 0010 1111 000000111 000000111 // reg(7) becames -1
        3: rdlong   reg(6),reg(503)        WR      000010 0010 1111 000000110 111110111 // copy current System clock frequency (hub long 0) to reg(6)
        4: tjnz     reg(6),jmp:#2          NR      111010 0001 1111 000000110 000000010 // tests reg(6) and jumps line 2 if not 0
        5: rdlong   reg(6),reg(503)        WR      000010 0010 1111 000000110 111110111 // copy again first long from hub to reg(6)
  first 6: tjz      reg(6),jmp:#4          NR      111011 0001 1111 000000110 000000100 // changed by lines 3 and 5 (perhaps 80_000_000)
    new 6: wrword   reg(90),#0             WR      000001 0011 0001 001011010 000000000 // copy loword from reg(90) to hub word(0)
  first 7: wrbyte   reg(0),reg(0)          NR      000000 0000 0000 000000000 000000000 // changed by line 2
    new 7: waitvid  reg(511),#511          wz,wc   111111 1111 1111 111111111 111111111 // froze the cog because video/counters not configured
        8: mov      reg(447),reg(510)[noparse][[/noparse]VCFG]wz,wc   101000 1110 0000 110111111 111111110

      503:DIRB                                                                          // after line 1 is 0

    PS. I am already teasing of me (because is acomplete non sense what I have written) so, please, you gurus, be polite cry.gif

    BTW: What are CON bits for?

    ▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔
    · Propeller Object Exchange (last Publications / Updates)

    Post Edited (dMajo) : 8/22/2009 11:51:08 AM GMT
  • kuronekokuroneko Posts: 3,623
    edited 2009-08-22 12:32
    dMajo said...
    BTW: What are CON bits for?
    They are for conditional execution (e.g. always, never, if_equal etc), e.g. if instruction N sets the flags (WC/WZ) you can make execution of subsequent instructions dependent on those flag settings, e.g.

    label           rdlong  target, source
                tjnz    target, #label


    is equivalent (except for timing) to

    label           rdlong  target, source wz
        if_nz   jmp     #label


    As for your disassembly, addressing starts at cog address 0 which means dirb isn't loaded with $00000000 but $A3837FFE. As it's used as a hub address in a rdlong the effective (long) address value is $7FFC ...

    Post Edited (kuroneko) : 8/22/2009 12:46:34 PM GMT
  • jazzedjazzed Posts: 11,803
    edited 2009-08-22 15:45
    kuroneko said...
    long $a4bfee06, $08bc0bf7, $e87c0a01, $08bc0bf7
long $ec7c0a03, $00000000, $5c7c8001

    Indeed [noparse]:)[/noparse] 8 instructions to 7.
    Too bad I need 2 more registers anyway and only dirb/outb are available besides the normal registers.

    @dMajo,

    Excellent attempt. No laughing allowed. The neg instruction is a little difficult to know at first.
    There is a tool (or two) to do the disassembly. Ale's emulator will do it ... it is a good tool.

    Here's the original source with comments.

    '----------------------------------------------------------------------
' 8 instructios + dirb + outb
' usr1/2 can be anything after startup ...
:usr1 mov      dirb,    :insa   ' 0 save :insa to dirb
:usr2 neg      :insa,   :insa   ' 1 convert :insa to a "jmp #2"
:wait rdlong   :inst,   dirb    ' 2 wait for instruction to be non-zero
      tjnz     :inst,   #:wait  ' 3 wait while inst still set
:geti rdlong   :inst,   dirb    ' 4 get instruction
      tjz      :inst,   #:geti  ' 5 wait while inst is zero - delay slot for SMC
:inst nop                       ' 6 the instruction to execute
:insa long     $a3837ffe        ' 7 Changes to "jmp #2" by the neg :insa, :insa



    The stub is a PASM "stepper" which can be used to make a COG "do anything" that COGs can do
    without regular PASM. This would be good for debugging PASM code with read, write, flag check, etc....
    One could also use it as something of an in-line PASM engine. The LMM approach would be faster.
    Here's an example of using the stub to get the COG's Carry flag state.

    pub getc  | n
'' the getc method changes and executes stub register 0 & 1 instructions to get the COG's C flag state 
  repeat n from 0 to (@gclast-@gccode)/4
    run(long[noparse][[/noparse]@gccode+(n*4)])
  return long[noparse][[/noparse]DATA]

dat
org  0         ' build a get carry flag instruction
gccode         mov      USR1,   #0              ' clear flag variable       
               muxc     USR1,   #1              ' get carry bit
               movd     USR2,   #USR1           ' set destination
               movs     USR2,   #outb           ' src location is in outb        
               movi     USR2,   #MWRLONG        ' wrlong - write to hub long[noparse][[/noparse]data] for caller to read 
gclast         long     JMPUSR2                 ' run instruction       

var
  long  INSA
  long  DATA

con
  MRDLONG       = %000_010_001
  MWRLONG       = %000_010_000
  USR1          = 0
  USR2          = 1
  JMPUSR2       = $5c7c0001
    
pub run(minst)
  long[noparse][[/noparse]INSA]~                  ' tell stub we're ready
  long[noparse][[/noparse]INSA] := minst          ' set instruction


    Some initialization like setting INSA/DATA, etc... is done before one can call getc.
    This example will change to make it possible to get rid of the first stub instruction.

    ▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔
    --Steve


    Propalyzer: Propeller PC Logic Analyzer
    http://forums.parallax.com/showthread.php?p=788230
  • Bill HenningBill Henning Posts: 6,445
    edited 2009-08-22 16:57
    Nice work... can't wait for your PASM debugger [noparse]:)[/noparse]
    jazzed said...
    kuroneko said...
    long $a4bfee06, $08bc0bf7, $e87c0a01, $08bc0bf7
long $ec7c0a03, $00000000, $5c7c8001

    Indeed [noparse]:)[/noparse] 8 instructions to 7.
    Too bad I need 2 more registers anyway and only dirb/outb are available besides the normal registers.

    @dMajo,

    Excellent attempt. No laughing allowed. The neg instruction is a little difficult to know at first.
    There is a tool (or two) to do the disassembly. Ale's emulator will do it ... it is a good tool.

    Here's the original source with comments.

    '----------------------------------------------------------------------
' 8 instructios + dirb + outb
' usr1/2 can be anything after startup ...
:usr1 mov      dirb,    :insa   ' 0 save :insa to dirb
:usr2 neg      :insa,   :insa   ' 1 convert :insa to a "jmp #2"
:wait rdlong   :inst,   dirb    ' 2 wait for instruction to be non-zero
      tjnz     :inst,   #:wait  ' 3 wait while inst still set
:geti rdlong   :inst,   dirb    ' 4 get instruction
      tjz      :inst,   #:geti  ' 5 wait while inst is zero - delay slot for SMC
:inst nop                       ' 6 the instruction to execute
:insa long     $a3837ffe        ' 7 Changes to "jmp #2" by the neg :insa, :insa



    The stub is a PASM "stepper" which can be used to make a COG "do anything" that COGs can do
    without regular PASM. This would be good for debugging PASM code with read, write, flag check, etc....
    One could also use it as something of an in-line PASM engine. The LMM approach would be faster.
    Here's an example of using the stub to get the COG's Carry flag state.

    pub getc  | n
'' the getc method changes and executes stub register 0 & 1 instructions to get the COG's C flag state 
  repeat n from 0 to (@gclast-@gccode)/4
    run(long[noparse][[/noparse]@gccode+(n*4)])
  return long[noparse][[/noparse]DATA]

dat
org  0         ' build a get carry flag instruction
gccode         mov      USR1,   #0              ' clear flag variable       
               muxc     USR1,   #1              ' get carry bit
               movd     USR2,   #USR1           ' set destination
               movs     USR2,   #outb           ' src location is in outb        
               movi     USR2,   #MWRLONG        ' wrlong - write to hub long[noparse][[/noparse]data] for caller to read 
gclast         long     JMPUSR2                 ' run instruction       

var
  long  INSA
  long  DATA

con
  MRDLONG       = %000_010_001
  MWRLONG       = %000_010_000
  USR1          = 0
  USR2          = 1
  JMPUSR2       = $5c7c0001
    
pub run(minst)
  long[noparse][[/noparse]INSA]~                  ' tell stub we're ready
  long[noparse][[/noparse]INSA] := minst          ' set instruction


    Some initialization like setting INSA/DATA, etc... is done before one can call getc.
    This example will change to make it possible to get rid of the first stub instruction.
    ▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔
    Please use mikronauts _at_ gmail _dot_ com to contact me off-forum, my PM is almost totally full
    Morpheus & Mem+dual Prop SBC w/ 512KB kit $119.95, 2MB memory IO board kit $89.95, both kits $189.95
    www.mikronauts.com - my site 6.250MHz custom Crystals for running Propellers at 100MHz
    Las - Large model assembler for the Propeller Largos - a feature full nano operating system for the Propeller
  • CounterRotatingPropsCounterRotatingProps Posts: 1,132
    edited 2009-08-22 16:57
    Cool Steve - please do more of your puzzles ! Maybe some of our other PASM Guru's could too?

    I'm happy that I at least guessed the direction to go in trying to figure it out your puzzle - but was way over my PASM decompiler (the neural on that is).

    In case you don't notice, please look at this:
    http://forums.parallax.com/showthread.php?p=833731

    thanks
    - H

    ▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔


    Post Edited (CounterRotatingProps) : 8/22/2009 5:36:16 PM GMT
Sign In or Register to comment.