MOS Technology 6502 - Bugs and Quirks

Bugs and Quirks

• The earliest revisions of the 6502, such as those shipped with some KIM-1 computers, had a severe bug in the ROR (rotate right memory or accumulator) instruction. The operation of ROR in these chips is effectively an ASL instruction that does not update the carry status bit. MOS left the instruction out of chip documentation entirely because of the defect, promising that ROR would appear on 6502 chips starting in 1976. The vast majority of 6502 chips in existence today do not exhibit this bug.

• The original 6502 and its NMOS derivatives are noted for having a variety of undocumented instructions, which vary from one chip manufacturer to the next. The 6502's instruction decoding is implemented in a hardwired logic array (similar to a programmable logic array) which is only defined for 151 of the 256 available opcodes. The remaining 105 trigger strange and occasionally hard-to-predict actions (e.g., immediately crashing the processor, performing two valid instructions consecutively, performing strange mixtures of two instructions, or simply doing nothing at all). Eastern House Software developed the "Trap65", a device that plugged between the processor and its socket to convert (trap) unimplemented opcodes into BRK (software interrupt) instructions. Some programmers utilized this feature to extend the 6502's instruction set by providing functionality for the unimplemented opcodes with specially written software intercepted at the BRK instruction's 0xFFFE vector. All of the undefined opcodes have been replaced by NOP instructions in the 65C02 CMOS version, although with varying byte sizes and execution times. In the 65C816, all 256 opcodes perform defined operations.

• The 6502's memory indirect jump instruction, JMP (
  ), is partially broken. If

  is hex xxFF (i.e., any word ending in FF), the processor will not jump to the address stored in xxFF and xxFF+1 as expected, but rather the one defined by xxFF and xx00. This defect continued through the entire NMOS line, but was corrected in the CMOS derivatives.

• The NMOS 6502's indexed addressing across page boundaries will do an extra read of invalid address. This can cause issues by accessing hardware that acts on a read (e.g., clearing timer or IRQ flags, sending an I/O handshake, etc.). This defect continued through the entire NMOS line, but was fixed in the CMOS derivatives, in which the processor does an extra read of the last instruction byte.

• The 6502's read-modify-write instructions perform one read and two write cycles. First the unmodified data that was read is written back, and then the modified data is written. This characteristic may cause issues by twice accessing hardware that acts on a write. This anomaly continued through the entire NMOS line, but was fixed in the CMOS derivatives, in which the processor will do two reads and one write cycle. Good programming practice will generally avoid executing read/modify/write instructions on hardware registers.

• The N (result negative), V (sign bit overflow) and Z (result zero) status flags are not valid when performing arithmetic operations while the processor is in BCD mode, as these flags reflect the binary, not BCD, result. This limitation was removed in the CMOS derivatives. Therefore, this feature may be used to cleanly distinguish CMOS from NMOS CPU versions without using any illegal opcodes.

• If the processor happens to be in BCD mode when a hardware interrupt occurs it will not revert to binary mode. This quirk could result in hard-to-solve bugs in the interrupt service routine if it fails to clear BCD mode before performing any arithmetic operations. For example, the Commodore 64's kernel did not correctly handle this processor characteristic, requiring that IRQs be disabled or revectored during BCD math operations. This issue was addressed in the CMOS derivatives as well.

• The 6502 instruction set includes BRK (opcode $00), which is technically a software interrupt (similar in spirit to the SWI mnemonic of the 6800 and ARM processors). BRK is most often used to interrupt program execution and start a machine code monitor for testing and debugging during software development. It could also be used to route program execution using a simple jump table (analogous to the manner in which the 8086 and derivatives handle software interrupts by number). Unfortunately, if a hardware interrupt occurs at the same time the processor is fetching a BRK instruction, the NMOS version of the processor will fail to execute BRK and instead proceed as if only a hardware interrupt had occurred. This fault was corrected in the CMOS implementation of the processor.

• When executing JSR (jump to subroutine) and RTS (return from subroutine) instructions, the return address pushed to the stack by JSR is that of the last byte of the JSR operand (that is, the most significant byte of the subroutine address), rather than the address of the following instruction. This is because the actual copy (from program counter to stack and then vice-versa) takes place before the automatic increment of the program counter that occurs at the end of every instruction. This characteristic would go unnoticed unless the code examined the return address in order to retrieve parameters in the code stream (a 6502 programming idiom documented in the ProDOS 8 Technical Reference Manual). It remains a characteristic of 6502 derivatives to this day.