Z80 hacks
The Z80's regular heartbeat of
- instruction fetch
- refresh
- execute
allows for creative interfacing.
breaking the 64k address limit
There are many ways to break the 64k limit of 16 address bits.
- bank switching
- For embedded systems where the program is in ROM,
expand the address with the M1 line
(which distinguishes instruction fetch from data memory read)
thus 64k ROM for code, 64k RAM for data
resulting in separate I (instruction) and D (data) spaces.
- build upon that with an external MMU (memory management module)
using the M1 signal for separate I/D address space
Systems with no DRAM (dynamic memory) can exploit the refresh cycle
- use the R (refresh) register as free output
- true cycle stealing
with memory access during the REFRESH cycle.
Systems with separate I/D can allow data access during instruction fetch
Extend I/O address space from 8 to 16 bits
by avoiding the short IN/OUT instructions.
Additional cleverness:
use upper 8 bits of the address for OUTPUT
thus allowing for 16 bits in ONE CYCLE
undocumented instructions
That is very precarious because it's very chip specific,
perhaps the chip stepping/revision too.
logic analyzer vs hardware emulator
Logic Analyzer:
- great for debugging & reverse engineering
- nonintrusive
- clips onto the CPU
- understands Z80 specific signals
(address, data flow, bus states)
so you can drill down on specific events of interest
- disassambles on the fly
- limited by what signals and events are external to the CPU
In Circuit Emulator
- replaces the CPU
- allows you to peek inside (view registers, internal state)
and poke at memory, alter registers, assert I/O
- debug programs with trace, breakpoints and watchpoints
but beware of Heisenberg Uncertainty (observing the system interferes with timing)
- some were small and affordable
such as the
Nicolet Z80 NICE
