# **Overview**

The 5600 CPU is a single-core 16-bit computer able to address  $2^{16}$  (65536) bytes of memory. It has 10 16-bit registers - R0 through R7, PC (program counter) and SP (stack pointer), plus two boolean flag registers: Z (zero) and N (negative); its state is represented by a C structure:

```
struct cpu {
   uint8_t<sup>*</sup>ram; /* memory */
    uint16_t R[8]; /* registers */
    uint16_t PC; /* program counter */
   uint16_t SP; \prime* stack pointer */
 int Z; /* zero flag ('bool' is C++) */
 int N; /* negative flag */
};
```
16-bit values are stored in memory in "little-endian" order; you can read and write 16-bit values from memory with the following code:

```
uint16_t load2(struct cpu *c, uint16_t addr) {
    uint16_t data = (c ->memory[addr] | (c ->memory[addr+1] << 8));
     return data; 
}
void store2(struct cpu *c, uint16_t data, uint16_t addr) { 
    c->memory[addr] = data & 0xFF;
    c->memory[addr+1] = (data >> 8) & 0xFF;
}
```
You will implement the following function:

```
int emulate(struct cpu *cpu);
```
which will (a) implement the instruction, and (b) return 0 if the emulation should continue (i.e. a normal instruction) or 1 if the emulation should stop because the executed instruction was HALT.

# **Instruction format**

Basic instructions are 16 bits (2 bytes) with a format that looks like this:



where 'iiii' is a 4-bit instruction code:

- 0001 (1) SET load a value into a register
- 0010 (2) LOAD read from memory into a register
- $\cdot$  0011 (3) STORE store a register into memory
- $\cdot$  0100 (4) MOVE copy one register to another
- $\cdot$  0101 (5) ALU arithmetic and logic operations (add/sub/etc.)
- $\cdot$  0110 (6) JMP ABS jump to an address specified by the instruction
- $\cdot$  0101 (7) JMP\_IND jump to an address in a register ("indirect")
- 1000 (8) CALL (absolute) function call
- 1001 (9) CALL (register indirect) function call

Homework 1 – Program Loading and Context Switching Page 2 of 7

- $1010 (10/0xA)$  RET return
- 1011 (11/0xB) PUSH push a register onto the stack
- 1100 (12/0xC) POP pop a register from stack
- 1101 (13/0xD) IN perform input operation
- 1110 (14/0xE) OUT perform output operation
- 1111 (15/0xF) HALT return 1 from the emulate () function all other instructions return 0

You can read the next instruction and determine the instruction code with this logic:

```
uint16_t insn = load2(cpu, cpu \rightarrow PC);if ((insn & 0xF000) == 0x1000) {
 ; /* SET */
}
else if ((insn & 0xF000) == 0x2000) {
 ; /* LOAD */
\gamma...
```
Although a few of the instructions use all 16 bits, some of them don't need that many; these "don'tcare" bits will be indicated with dots in the figures below. Read the fields from the instruction that you need, and ignore the remaining bits. (they'll probably be zero)

The 5600 CPU is a "load/store" architecture – in most cases you have to read data from memory into a register (with the LOAD instruction) before you can operate on it, and then write it back to memory with the STORE instruction.

You will have to extract bitfields to interpret many of the instructions – for example the arithmetic operation instruction format looks like this:



where 'ooo' is a 3-bit operation code (indicating add/subtract/etc.), and aaa, bbb, and ccc are three register numbers. To extract these you can use the following code:

int op =  $(\text{insn} >> 9) & 7;$ int  $c = (insn \gg 6)$  & 7; int  $b = (insn \gg 3)$  & 7; int  $a =$  insn & 7;

### **SET Instruction (load constant value into register)**

Example:  $SET R1 = 0 \times 1234$ 



This is a 4-byte instruction. It reads a 16-bit integer from addresses PC+2 and PC+3, puts the result into register Ra, and then increments the PC by 4 and returns 0 from emulate()

Homework 1 – Program Loading and Context Switching Page 3 of 7

## **LOAD instruction (read from memory address into register)**

This has multiple variants – it can load a 16-bit word or an 8-bit byte, and can read from an address specified in the instruction, or take its address from a register.

Examples: LOAD R1 <-  $*0x5678$ LOAD.B R2 <- \*0x5678 LOAD R3  $\leq$  \*R5  $LOAD.B R4 < -$  \*R5

**Load from constant address:**



Read 16 bits (if B=0) or 8 bits (if B=1) from the specified address and put the result in register Ra, then increment PC by 4 and returns 0 from emulate()

### **Load from address in register:**



Read 16 bits  $(B=0)$  or 8 bits  $(B=1)$  from the address specified in register Rb, put the result in register Ra, and increment PC by 2 and return 0 from emulate()

Useful code fragment:

int is\_indirect =  $((\text{insn} \& \theta \times 0800) := 0);$ int is\_byte =  $((\text{insn } 8 \ 0 \times 0400) \ \mathsf{!=} 0);$ 

## **STORE instruction (read from memory address into register)**

Again, this instruction has variants which store a 16-bit word or a single byte, and which include a constant address or which take their address from a register.

Examples: STORE R1 -> \*0x5678 STORE.B R2 -> \*0x5678 STORE R3 -> \*R5 STORE.B R4 -> \*R5

It's basically the same as LOAD, but in the opposite direction, incrementing the PC by 4 or 2 when done, and again returning 0 from emulate().

#### **Store to constant address:**



#### **Store to address from register:**



### **MOVE – copy one register to another**

This has a different layout than the other instructions, because it allows you to specify any of the 8 general-purpose registers (R0 through R7) using values 0-7, or use 8 to specify the stack pointer. (if either register field is in the range 9-15, it's an error)



Copy the value in Rs (or SP, if ssss==8) into Rd (or SP, if dddd==8), then increment PC by 2. You can assume  $0 \le S$ ,  $D \le 8$ . Again, return 0 from emulate().

### **Arithmetic / logical operations**

Most of these take 2 source registers and put their result in a third register.



Where the operation code (ooo) is one of:

- $000$ : ADD Ra + Rb -> Rc
- $001$ : SUB Ra Rb -> Rc
- $\cdot$  010: AND Ra & Rb -> Rc
- $011:$  OR Ra | Rb -> Rb
- $\cdot$  100: XOR Ra  $\land$  Rb -> Rc
- $\cdot$  101: SHIFTR Ra  $\gt$  Rb  $\cdot$  Rb ("shift right")
- 110: CMP Ra Rb ("compare": compute Ra Rb, discard the result but set N and Z)
- $\cdot$  111: TEST Ra (set Z, N according to value in Ra)

All operations are done on 16-bit values in registers R0 through R7. When the operation is done, set the N and Z flags appropriately, put the result in the output register (except for TEST and CMP), and increment the PC by 2. Again, return 0 from emulate().

**NOTE** – since we're using 2s-complement arithmetic, a value is negative if its high-order bit is one. Thus:

Homework 1 – Program Loading and Context Switching Page 5 of 7

 $uint16_t val = cpu->R[a] - cpu->R[b];$ int is\_negative = (val &  $0 \times 8000$ ) != 0;

More useful code fragments:

```
if ((insn & 0x0E00) == 0x0000) /* ADD */
if ((\text{insn } & 0 \times 0) = 0 \times 0200) /* SUB */
if ((insn & 0x0E00) == 0x0400) /* AND */
if ((insn & 0x0E00) == 0x0600) /* OR */
if ((insn & 0x0E00) == 0x0800) /* XOR */
if ((insn & 0x0E00) == 0x0A00) /* SHIFT right */
if ((insn & 0x0E00) == 0x0C00) /* CMP */
if ((\text{insn } & 0 \times 0) = 0 \times 0 = 00) /* TEST */
```
### **JMP - jump to address**

Examples: JMP 0x1234 JMP\_NZ R3

There are two forms of this instruction, taking an explicit address (4 bytes) or taking an address from a register. In addition the jump can be conditional, jumping to the given address only if the specified condition is true.

#### Conditions:

- 000 : JMP (unconditional)
- $001$ : JMP  $Z$  (jump if zero, i.e. Z true)
- 010 : JMP\_NZ (jump if non-zero, i.e. Z false)
- $011$ : JMP LT (jump less than, i.e. N true)
- 100 : JMP  $GT$  (jump greater than, i.e. N false and Z false)
- 101 : JMP LE (jump less or equal, i.e. N true or Z true)
- $\cdot$  110 : JMP GE (jump greater or equal, i.e. N false)
- 111 : illegal instruction

#### **Jump to explicit address:**



If condition is true, set PC to address specified in bytes 3 and 4 of instruction; otherwise increment PC by 4. Again, return 0 from emulate().

### **Jump to register address:**



If condition is true, set PC to value of Ra; otherwise increment PC by 2. Again, return 0 from emulate().

### **CALL – jump and push return address**

Like JMP, this comes in 2-byte and 4-byte variants, taking the address from a register or specifying it explicitly. Unlike JMP, there is no conditional version. It pushes the address of the next instruction ("return address") onto the stack and then jumps to the indicated address.

#### **Specified address:**



- Decrement the SP register by 2
- Store the 16-bit value (PC+4) to the address in SP
- Read a 16-bit value from bytes 3 and 4 of the instruction and set the PC register to that value.
- Return 0 from emulate()

#### **Address in register:**



- Decrement the SP register by 2
- Store the 16-bit value  $(PC+2)$  to the address in SP
- Set the PC register to the16-bit value in register Ra.
- Return 0 from emulate()

### **RET – pop return address and jump to it**



- Load a 16-bit value from the address in register SP and set PC to that value.
- Increment SP by 2.
- return 0 from emulate()

### **PUSH, POP – push a register to stack or pop from it**



#### **PUSH Ra:**

- Decrement SP by 2
- Store 16-bit value in register Ra to address in SP
- Return 0 from emulate()



#### **POP Ra:**

- Read 16-bit value from address in SP, store in register Ra
- Increment SP by 2
- Return 0 from emulate()

#### **Input/Output instructions**



#### **IN Ra:**

Read an 8-bit character from the terminal and put it in register Ra, using the following code:

 $cpu->R[a] = fgetc(stdin);$ 

Increment PC by 2, return 0 from emulate().



#### **OUT Ra:**

Take the 8-bit value in the lower 8 bits of Ra and output it to the terminal, using the following code:

```
fputc(cpu->R[a], stdout)
```
Increment PC by 2, return 0 from emulate().

### **HALT**

Returns 1 from the emulate() function, indicating that the emulation should halt.

