DISCOVERED: Bug in C128 Memory Management in C64 mode !!

[Gwaltinger]

Hello,

I'm currently programming to let the C64 mode run in RAM Bank 1 and additionally have a piece of C128 software starting at Reset in C128 mode.

The problem is, that the Reset Vector of the C128, which resides at $FFF8/$FFF9 in Bank 1, is not protected. A solution involves switching on the Common Area from $FC00 to $FFFF with help of the MMU so that all writes in that area go to Bank 0 but this destroys the graphic display, because the VIC always only looks in RAM Bank 1.

My idea now was to move the zero Page (by help of register $D507) to $FF00, so that at the same time writes to $FF00-$FFFF would physically go to $0000-$00FF. By additionally switching on the Common area from $0000 to $0400, these writes would go automatically to Bank 0, so the reset vector is secure !

Moving the zero page in 64 mode works perfectly, but strangely only with zero page adresses smaller than $FC00 with the common area on !!!

Moving the zero page e.g. to $FF00 to Bank 1 with the common area from $0000 to $0400 enabled in C64 mode, has the effect that reads from Kernal ROM from $ff00 to $ffff will result in ROM accesses from $AF00 and $AFFF instead !!

Obviously, the C64 mode won't work this way, because it won't find the correct kernal.

Here is a sample code (for the built-in machine monitor)  Start this program with "g 11300" and it will crash because it doesn't find the reset code for C64 mode at $FFFC but instead some Basic ROM. But moving the zeropage to $4000 works without problems  ! (which doesn't help to protect the C128 Reset vector)

A 11300 sei
   lda #$40
   sta $ff00
   lda #$01
   sta $d50a
   sta $d509
   sta $d508
   lda #$ff   'Replace with "lda #$40" and it works !
   sta $d507
   lda #$44
   sta $d506
   lda #$e3
   sta $01
   lda #$2f
   sta $00
   lda #$f7
   sta $d505
   jmp ($fffc)

Anyone can explain why the C128 is accessing $Af00 to $AFFF instead $FF00 to $FFFF in this configuration in C64 mode ? - Can it be avoided somehow ?

Many thanks,

Günther Walter, Vienna.

[megabit]

 
If all you want to do is run C64 mode in Bank 1, try the following program.

LDA #$40                  Ram Bank 1, W/I/O & Kernal
STA $FF00
LDA $D506               Moves 40-col video to bank 1
ORA #$40
STA $D506
JMP $E24B               Jump to GO64

Load the above PGM to common zero page at $03F0. From the built-in monitor type G03F0 and hit return.

There is no way to go back to C128 mode from C64 without pushing the reset button.

Dan…

[Gwaltinger]

Hi,

To make it clearer: I would like to have C64 mode in Bank 1 and at the same time have a C128 program in Bank 0 which should start at Reset...To say, switch nicely between the two back and forth...

I know there would be a solution with RUN/STOP pressed during Reset, and then leaving with "X" and changing $0a00/$0a01 to the program to start. But this not a true solution.

And I know the solution with the common Area set from $FC00 to $FFFF but which does not satisfy me because of VIC graphics when displayed between $E000 and $FFFF beeing disturbed.

Günther

[Hydrophilic]

Wow that is strange!  I discovered if you don't change the bank bytes to 1 (leave $d50a and $d508 as 0), then you can read ROM from FF00~FFFF correctly and boot C64 mode.  However, then RAM swapping fails and so does your protection.

I also tried using RAM Bank 3, but that gives the same $AF00 bug you found.

Congradulations on finding the newest "feature" of the C128.

[Gwaltinger]

Hi Hydrophilic,

I discovered if you don't change the bank bytes to 1 (leave $d50a and $d508 as 0), then you can read ROM from FF00~FFFF correctly and boot C64 mode.  However, then RAM swapping fails and so does your protection.

I tried exactly the same and came to the same conclusions (Zero page movement is ignored if it is not in the same bank).

Another thing I tried (just for interest) was to not set the common area. This would result on C128 mode just an exchange of $0000 with the page defined in $D507. But in 64 mode, it results in accesses to $0000-$00FF as well as to the page defined in $d507 will both go physically to $0000-$00FF. So the page defined in $D507 is not reachable any more.

Günther

[XmikeX]

This is an odd "feature", and interesting enough for a necrobump (sorry) back to active status.

If anyone has any other MMU anomalies to report, please do and please follow-up on them!  (I'm still waiting for someone from that 1997 USENET thread to elucidate the MMU "feature" which supposedly activates Z80 & 8502 simultaneously.)  (!!)  =)

XmX