EmbeddedRelated.com
Forums
   Forums    More Forums    comp.arch.embedded  

undocumented PIC16 opcodes

Started by bruno gavand June 28, 2007
Reply by mc July 2, 20072007-07-02
> Your warning is right, but I'm sure nobody would be foolish enough to use 
> them (if they do something).
> Just consider my question as pure curiosity.


Yes... it's a way of learning something about how the PIC works, and also 
(perhaps) of distinguishing different versions of the same chip.
Reply by mc July 2, 20072007-07-02
"Rolf Blom" <all.spam@round.bin> wrote in message 
news:f6b1ru$mq6$1@news.al.sw.ericsson.se...


> I remember one time a (non-PIC) cpu was acting funny, due to an
> undocumented opcode that got into a corrupted binary.
> The opcode caused the cpu to start excercising its address bus in a
> sequential pattern, and the only way out was reset.
> (A watchdog was in the design, but disabled during initial testing).
>
> This undocumented opcode was intended for factory testing of the die.


Familiar 68HC11 phenomenon.  I got it once by accidentally assembling an 
'HC11 program with an 'HC12 assembler.  Same assembly language, different 
opcodes!
Reply by mc July 2, 20072007-07-02
"BrunoG" <noreply@micro-examples.com> wrote in message 
news:46890733$0$25947$ba4acef3@news.orange.fr...


> Your warning is right, but I'm sure nobody would be foolish enough to use 
> them (if they do something).
> Just consider my question as pure curiosity.


Come to think of it, how are you going to find out what they do?  How much 
of the state of a PIC can you read out?
Reply by Spehro Pefhany July 2, 20072007-07-02
On Mon, 2 Jul 2007 11:43:41 -0400, the renowned "mc"
<look@www.ai.uga.edu.for.address> wrote:


>"BrunoG" <noreply@micro-examples.com> wrote in message 
>news:46890733$0$25947$ba4acef3@news.orange.fr...
>
>> Your warning is right, but I'm sure nobody would be foolish enough to use 
>> them (if they do something).
>> Just consider my question as pure curiosity.
>
>Come to think of it, how are you going to find out what they do?  How much 
>of the state of a PIC can you read out?


Some of the PIC16 series (later/more powerful chips) have IS debugging
hardware on-chip which will allow you to read out the current state.
Of course that doesn't directly tell you what the instruction did...  


Best regards, 
Spehro Pefhany
-- 
"it's the network..."                          "The Journey is the reward"
speff@interlog.com             Info for manufacturers: http://www.trexon.com
Embedded software/hardware/analog  Info for designers:  http://www.speff.com
Reply by Marra July 2, 20072007-07-02
On 28 Jun, 23:21, "bruno gavand" <bgav...@club-internet.fr> wrote:

> Hi,
>
> I listed 119 undocumented PIC16 opcodes here :http://www.micro-examples.com/public/microex-navig/doc/087-pic16-secr...
>
> Does anybody here ever tried one of them ?
>
> Thanks,
>
> Bruno


I used to work with a bloke that worked on the first PIC when it was
still a TTL breadboard.
I dont remember him ever telling me about undocumented opcodes.
Reply by Neil July 4, 20072007-07-04
"Rolf Blom" <all.spam@round.bin> wrote in message 
news:f6b1ru$mq6$1@news.al.sw.ericsson.se...

> I remember one time a (non-PIC) cpu was acting funny, due to an
> undocumented opcode that got into a corrupted binary.
> The opcode caused the cpu to start excercising its address bus in a
> sequential pattern, and the only way out was reset.
> (A watchdog was in the design, but disabled during initial testing).
> This undocumented opcode was intended for factory testing of the die.
> /Rolf

This is why some flight control computers have exra circuits to detect 
invalid opcodes being presented to the cpu, and cause a power down type 
reset to keep the cpu working (sort of).  Only discovered by chance, but 
confirmed by manufacturer as test opcode causing cpu to go into endless 
(ignoring non-maskable interrupt) loop cycling address bus.
Neil
Reply by Paul Keinanen July 4, 20072007-07-04
On Wed, 04 Jul 2007 21:12:07 GMT, "Neil" <neil@chatfield.me.uk> wrote:


>"Rolf Blom" <all.spam@round.bin> wrote in message 
>news:f6b1ru$mq6$1@news.al.sw.ericsson.se...
>> I remember one time a (non-PIC) cpu was acting funny, due to an
>> undocumented opcode that got into a corrupted binary.
>> The opcode caused the cpu to start excercising its address bus in a
>> sequential pattern, and the only way out was reset.
>> (A watchdog was in the design, but disabled during initial testing).
>> This undocumented opcode was intended for factory testing of the die.
>> /Rolf
>This is why some flight control computers have exra circuits to detect 
>invalid opcodes being presented to the cpu, and cause a power down type 
>reset to keep the cpu working (sort of).  Only discovered by chance, but 
>confirmed by manufacturer as test opcode causing cpu to go into endless 
>(ignoring non-maskable interrupt) loop cycling address bus.
>Neil 


In the 1970's, practically any microcoded minicomputer had the concept
of reserved instruction trap.

The PDP-11/70 mini was used for routing airline traffic long after the
"best before" date of that system, since the replacements failed
miserably :-).

Paul
You might also like... (promoted content)
Check out Memfault's New Sandbox!
Check out Memfault's New Sandbox!
Check out Memfault's New Sandbox!