Difference between revisions of "6502 opcodes for hackers"

Revision as of 20:18, 29 June 2025

6502 Opcodes for Hackers is a reference guide for experienced programmers. It focuses on the practical application of both standard and stable non-standard NMOS 6502 opcodes, including common tricks and non-obvious behaviors. It intentionally omits highly unstable opcodes to provide a focused, practical resource.

Opcode Matrix

This table provides a complete overview of the NMOS 6502 opcode map. Each mnemonic links to its detailed description below.

Legend:

• Blue: Standard Opcodes
• Green: Stable Illegal Opcodes
• Yellow: Semi-Stable Illegal Opcodes (use with caution)
• Red: Unstable/Unreliable Opcodes (details not included below)

Standard Opcodes

This section covers the official, documented NMOS 6502 opcodes.

ADC (ADd with Carry)

Adds memory and the Carry flag to the accumulator. To perform an 8-bit addition, a preceding `CLC` is required. The `V` flag detects signed overflow, and the `D` flag enables BCD arithmetic. Affects Flags: N, V, Z, C

AND (bitwise AND with accumulator)

Performs a bitwise AND between the accumulator and a memory value. Primarily used to mask (clear) bits. Affects Flags: N, Z

ASL (Arithmetic Shift Left)

Shifts an operand left by one bit. Bit 0 is cleared to 0, and the old bit 7 is shifted into the Carry flag. Affects Flags: N, Z, C

Branch Instructions

Branch instructions alter program flow based on the state of a specific flag. All use relative addressing, taking a signed 8-bit offset. A branch costs 2 cycles if not taken, 3 if taken within the same page, and 4 if the destination crosses a page boundary. To create an unconditional branch (`BRA`), branch on a flag with a known state. The `V` flag is a good candidate, as it is unaffected by most operations: `CLV` followed by `BVC` will always branch. Affects Flags: none

BIT (test BITS)

Performs a non-destructive `AND` between the accumulator and memory to set the Z flag, without altering any registers. It also copies bit 7 and bit 6 of the memory operand directly to the N and V flags, respectively. This makes it an essential tool for polling I/O registers. Affects Flags: N, V, Z

BRK (BReaK)

Forces a software interrupt. It pushes PC+2 and the processor status (with the B flag set) to the stack, then jumps via the IRQ vector ($FFFE). An `RTI` returns to the address of `BRK + 2`, allowing it to replace a 2-byte instruction for debugging purposes. Affects Flags: B

Compare Instructions

These instructions perform a non-destructive subtraction (`Register - Memory`) to set the N, Z, and C flags. They are fundamental for conditional logic and comparisons.

• C flag: Set if `Register >= Memory` (no borrow).
• Z flag: Set if `Register == Memory`.
• N flag: Set to bit 7 of the subtraction result.

CMP (CoMPare accumulator)

Affects Flags: N, Z, C

CPX (ComPare X register)

Affects Flags: N, Z, C

CPY (ComPare Y register)

Affects Flags: N, Z, C

Decrement & Increment Instructions

These modify a register or memory location by one. Register operations are 1-byte, 2-cycle instructions. Memory operations are read-modify-write and take longer.

DEC (DECrement memory)

Affects Flags: N, Z

DEX (DEcrement X register)

Affects Flags: N, Z

DEY (DEcrement Y register)

Affects Flags: N, Z

INC (INCrement memory)

Affects Flags: N, Z

INX (INcrement X register)

Affects Flags: N, Z

INY (INcrement Y register)

Affects Flags: N, Z

EOR (bitwise Exclusive OR)

Performs a bitwise XOR between the accumulator and memory. Useful for flipping specific bits or for simple checksum calculations. Affects Flags: N, Z

Flag Instructions

These single-byte, 2-cycle instructions directly manipulate the processor status flags. It is critical to use `CLD` on startup, as the power-on state of the D flag is undefined. Affects Flags: as noted

JMP (JuMP)

Unconditionally transfers program control to a new location. The indirect mode has an infamous hardware bug: if the low byte of the indirect vector is $FF (e.g., `JMP ($30FF)`), the high byte of the jump address is fetched from `$3000`, not `$3100`. Affects Flags: none

JSR (Jump to SubRoutine)

Pushes the return address (the address of the last byte of the `JSR` instruction) onto the stack and jumps to a new location. Paired with `RTS` for standard subroutine calls. Affects Flags: none

Load Instructions

Load instructions copy a byte from memory into a register, setting the N and Z flags based on the value loaded. Note the addressing mode asymmetries: `LDX` has a `Zero Page,Y` mode while `LDY` has an `Absolute,X` mode, but not vice-versa.

LDA (LoaD Accumulator)

Affects Flags: N, Z

LDX (LoaD X register)

Affects Flags: N, Z

LDY (LoaD Y register)

Affects Flags: N, Z

LSR (Logical Shift Right)

Shifts an operand right by one bit. Bit 7 is cleared to 0, and the old bit 0 is shifted into the Carry flag. Affects Flags: N, Z, C

NOP (No OPeration)

The official NOP wastes 2 cycles and does nothing else. Many illegal opcodes also function as NOPs with different cycle and byte counts; some still perform memory reads, which can be useful for I/O timing or acknowledging interrupts without altering registers. Affects Flags: none

ORA (bitwise OR with Accumulator)

Performs a bitwise OR between the accumulator and a memory value. Primarily used to set bits. Affects Flags: N, Z

Register Instructions

These 1-byte, 2-cycle instructions transfer data between registers. `TXS` is unique in that it does not affect any flags. Affects Flags: N, Z (except TXS)

ROL (ROtate Left)

Rotates an operand left by one bit. The old bit 7 is moved to the Carry flag, and the old Carry flag is moved into bit 0. Affects Flags: N, Z, C

ROR (ROtate Right)

Rotates an operand right by one bit. The old bit 0 is moved to the Carry flag, and the old Carry flag is moved into bit 7. Affects Flags: N, Z, C

RTI (ReTurn from Interrupt)

Restores the processor state after an interrupt by pulling the processor status register and program counter from the stack. Affects Flags: all

RTS (ReTurn from Subroutine)

Returns from a subroutine by pulling the program counter from the stack and incrementing it. Can be used to implement powerful jump tables by pushing crafted return addresses onto the stack. Affects Flags: none

SBC (SuBtract with Carry)

Subtracts memory and an inverted Carry flag (borrow) from the accumulator. To perform an 8-bit subtraction, a preceding `SEC` (to indicate "no borrow") is required. The `D` flag enables BCD arithmetic. Affects Flags: N, V, Z, C

Stack Instructions

These instructions interact with the hardware stack located at page one ($0100-$01FF). The 6502 stack pointer grows downwards. Affects Flags: all (for PLP) or none

Store Instructions

Store instructions copy the content of a register to memory. They do not affect any flags. Note the addressing mode asymmetries, particularly the absence of accumulator-relative addressing and the presence of `STX zp,Y` and `STY zp,X`.

STA (STore Accumulator)

Affects Flags: none

STX (STore X register)

Affects Flags: none

STY (STore Y register)

Affects Flags: none

Stable & Semi-Stable Illegal Opcodes

This section details non-standard opcodes that are generally stable on NMOS 6502 and its direct variants. They often combine two standard operations into one, saving bytes and/or cycles. "Semi-stable" opcodes are marked and should be used with an understanding of their specific quirks, which are detailed in their descriptions.

SLO (ASO)

Function: ` {addr} = {addr} * 2`, then `A = A OR {addr}` (ASL followed by ORA)
Performs an `ASL` on a memory location, then `ORA`s the new value with the accumulator. Useful for multi-byte shifts where the result must be combined into a register. Affects Flags: N, Z, C

Example: A 24-bit shift where the high byte is also needed in A.

; Assuming A is zero before this sequence:
  SLO data+2    ; Shifts data+2, A now holds the result
  ROL data+1
  ROL data+0
; This saves an LDA instruction compared to the standard ASL/ROL sequence.

RLA

Function: `{addr} = ROL {addr}`, then `A = A AND {addr}` (ROL followed by AND)
Performs a `ROL` on memory, then `AND`s the new value with the accumulator. Excellent for scrolling effects where a rotated tile needs to be masked by a background. Affects Flags: N, Z, C

Example: Combining a sliding sprite with a background mask.

; Standard method (16 bytes, 18 cycles):
  ROL scroll_gfx
  LDA scroll_gfx
  AND background_mask
  STA screen_ram
; Faster method (12 bytes, 14 cycles):
  LDA background_mask
  RLA scroll_gfx       ; shift left and combine in one go
  STA screen_ram

SRE (LSE)

Function: `{addr} = LSR {addr}`, then `A = A EOR {addr}` (LSR followed by EOR)
Performs an `LSR` on memory, then `EOR`s the new value with the accumulator. Affects Flags: N, Z, C

RRA

Function: `{addr} = ROR {addr}`, then `A = A ADC {addr}` (ROR followed by ADC)
Performs a `ROR` on memory, then adds the new value with carry to the accumulator. Inherits the decimal mode dependency from `ADC`. Affects Flags: N, V, Z, C

SAX (AXS)

Function: `{addr} = A & X`
Stores the result of a bitwise `AND` between the A and X registers into memory. The A and X registers themselves are not modified, and no flags are affected. Affects Flags: none

LAX

Function: `A, X = {addr}`
Loads both the A and X registers with the same value from memory. Saves a byte and cycles over a standard `LDA`/`TAX` pair. Affects Flags: N, Z

DCP (DCM)

Function: `{addr} = {addr} - 1`, then `A CMP {addr}` (DEC followed by CMP)
Decrements a memory location, then compares the new value with the accumulator. Excellent for loop counters. Affects Flags: N, Z, C

ISC (ISB, INS)

Function: `{addr} = {addr} + 1`, then `A = A SBC {addr}` (INC followed by SBC)
Increments a memory location, then subtracts the new value from the accumulator. Inherits decimal mode dependency from `SBC`. Affects Flags: N, V, Z, C

Example: A loop that counts up to a value in A.

; Instead of INC counter / LDA counter / CMP #END_VALUE
  LDA #END_VALUE
  SEC
loop:
  ISC counter   ; INC counter, then SBC counter. Z will be set when they match.
  BNE loop

ANC

Function: `A = A & #{imm}`, then `C = N`
Performs a standard `AND` immediate, but also copies the resulting N flag (bit 7 of A) into the C flag. This is an excellent way to perform a mask and a bit test in a single, 2-cycle instruction. Affects Flags: N, Z, C

Example: Test bit 7 and branch, without needing to preserve the Carry flag.

; Instead of PHP / AND #$80 / BEQ ... PLP
  ANC #$80      ; Sets C=1 if bit 7 is set, N=1 if bit 7 is set, Z=0 if bit 7 is set.
  BCC bit_is_clear

ALR (ASR)

Function: `A = (A & #{imm}) / 2` (AND immediate followed by LSR A)
Performs an `AND` immediate, then performs a logical shift right on the accumulator. Affects Flags: N, Z, C

ARR

Function: `A = (A & #{imm})`, then a complex `ROR`-like operation.
Performs an `AND` immediate, then rotates the accumulator right. Warning: Flag calculation is unusual and decimal mode dependent. After the `AND`, V is set by `(A bit 6) EOR (A bit 7)`. During the rotate, C is set from the original A bit 6, and the new bit 7 is set from the original C flag. Bit 0 is lost. Due to its complexity, it is rarely used. Affects Flags: N, V, Z, C

SBX (AXS)

Function: `X = (A & X) - #{imm}`
Calculates `A & X`, then subtracts an immediate value from this temporary result, storing the final value in X. Flags are set as if from a `CMP` instruction (`(A & X) >= imm` sets the Carry). Does not respect decimal mode and is not affected by the initial state of the Carry flag. Affects Flags: N, Z, C

Example: A faster decrement of X by a constant value.

; Standard method (8 cycles, 5 bytes):
  TXA
  SEC
  SBC #$10
  TAX
; Faster method (4 cycles, 3 bytes):
  TXA         ; A and X are now equal, so (A & X) = X.
  SBX #$10    ; C flag state before this instruction is irrelevant.

'Unstable High Byte' Opcodes

The following opcodes are semi-stable. They combine a load or store operation with a bitwise `AND`, but their behavior can be unreliable under specific hardware conditions. Warning:

1. Page Boundary Crossing: If the effective address calculation (`address + index`) crosses a page boundary, the result can be unpredictable. Avoid crossing page boundaries with these instructions.
2. Hardware Dependency: The `AND` operation part of the instruction may fail if the CPU's RDY line is pulled low during a specific cycle (e.g., by sprite DMA). This makes the instruction behave like a standard store (`STA`/`STX`/`STY`). To mitigate this, one can use a target address where the high byte is `$FE`, so the `AND` with `(HighByte+1)` becomes an `AND` with `$FF`, which has no effect.

SHA (AXA, AHX)

(Semi-Stable) Function: `{addr} = A & X & (HighByte({addr}) + 1)`
Stores the result of `A AND X AND (High Byte of target address + 1)` into memory. See warnings above. Affects Flags: none

SHX (SXA)

(Semi-Stable) Function: `{addr} = X & (HighByte({addr}) + 1)`
Stores the result of `X AND (High Byte of target address + 1)` into memory. See warnings above. Affects Flags: none

SHY (SYA)

(Semi-Stable) Function: `{addr} = Y & (HighByte({addr}) + 1)`
Stores the result of `Y AND (High Byte of target address + 1)` into memory. See warnings above. Affects Flags: none

LAS

(Semi-Stable) Function: `A, X, S = {addr} & S`
Loads memory, `AND`s it with the Stack Pointer, and loads the result into A, X, and the Stack Pointer. See warnings above. Affects Flags: N, Z

TAS (SHS)

(Semi-Stable) Function: `S = A & X`, then `{addr} = S & (HighByte({addr}) + 1)`
Calculates `A & X` and puts the result in the Stack Pointer. Then it `AND`s this new S value with `(High Byte of target address + 1)` and stores the result in memory. See warnings above. Affects Flags: none

Attribution

This document was derived by combining information from the following sources:

• http://www.6502.org/tutorials/6502opcodes.html
• https://www.esocop.org/docs/MOS6510UnintendedOpcodes-20152412.pdf
• https://www.masswerk.at/6502/6502_instruction_set.html