This is an old revision of the document!
Apple //c and IIc Plus Firmware Bugs
Memory Expansion Firmware
The memory expansion firmware has the following code to test the size of the memory expansion card, if installed:
numbanks equ $03bb ; screen hole - $c0
sizetemp equ $0478 ; screen hole shared
addrl equ $bff8 ; slinky address reg for indirect use
addrm equ $bff9 ; real registers are from $c0c0-$c0c3
addrh equ $bffa ; ..
data equ $bffb ; slinky data reg
; at entry x is expected to have $c8 (slot * $10 + $88)
; and y is expected to contain $c4 (slot $Cn)
testsize equ *
lda #0 ; zero address reg l/m
sta addrl,x
sta addrm,x
lda #$10 ; start at 1 meg and go down
sec
tsloop sbc #1 ; move down a bank
sta addrh,x
lda data,x ; save existing data
pha
dec addrl,x ; fix address (undo auto-increment)
lda #$a5 ; common apple check byte
sta data,x ; store it
dec addrl,x ; fix...
eor data,x ; 0 if the data is there
dec addrl,x ; fix...
cmp #1 ; C = 0 if data okay
pla
sta data,x ; restore data
lda addrh,x ; <-- SEE COMMENTS BELOW
and #$0f ; only lower nibble valid
beq tsnoram ; no RAM somehow!
bcs tsloop ; loop until we find a bank
adc #1 ; C = 0 from compare
tsnoram sta numbanks,y
lsr a
sta sizetemp ; sizetemp = upper byte of block count
rts
If you note the code starting at the indicated line, you can see that the code grabs the high byte of the Slinky address register and uses the low nibble directly as a counter value.
The problem is that when there is no memory expansion card installed, there is no register, and the value there is floating bus. The only reason the code gets out of the loop is because the floating bus happens to usually have a bunch of bytes streaming by that have 0 in the low byte.
That being said, the current MAME does not float the bus for $C0C0-$C0CF. This results in ROM $03 hanging when the card is first accessed, and, due to changes in in ROM $04, hang at boot for ROM $04.