* This program examines 6502 bugs!
* Please read text after program first.

icmd	equ	$342
ibuf	equ	$344
ilen	equ	$348
ciomain	equ	$e456

	org	$8000
	dta	h(*)		Buggy jump fetches this byte...
	lda	#$ff		... and jumps to this location
	jmp	cont

start	lda	#11		Clear screen
	ldx	<clstxt
	ldy	#1
	jsr	callio

* Check ADC bug
	sed
	lda	#$99		BCD 99+01=00
	add	#1
	cld
	beq	*+4		Z flag set: no bug
	lda	#$ff
	ldx	<adctxt
	jsr	print

* Check BRK bug
	sei			Disable IRQs
	inc	^4e		Disable NMIs
	mva	#$fe	^31	Disable ROM
	mwa	#nmi	$fffa	Set my NMI vector
	mwa	#irq	$fffe	Set my IRQ vector
	lsr	^4e		Enable VBLKI
irq	brk			BRK interrupt - infinite loop, so...
nmi	inc	^31		NMI always occurs on BRK
	cli
	pla
	pla
	sub	<irq
	beq	*+4		Return adr points BRK: no bug
	lda	#$ff
	ldx	<brktxt
	jsr	print

* Check JMP bug
	jmp	(jmpptr)	You'll receive a warning from X-Asm here!
cont	ldx	<jmptxt
	jsr	print
	jmp	*		Halt CPU

* Print results (A=$ff:bug or 0:no_bug,  X=<cmdtxt)
print	pha			Save A
	lda	#11		CIO write command
	ldy	#3		Print 3 letters
	jsr	callio
	ldx	<nobtxt
	pla			Restore A
	beq	*+4		A=0:  X=<nobtxt
	ldx	<bugtxt		A<>0: X=<bugtxt
	lda	#9		CIO write_to_eol command
	ldy	#$ff		Limit of printed characters

callio	sta	icmd		Call "E:" CIO: A-cmd X-<buf Y-len
	stx	ibuf
	mva	>*	ibuf+1
	sty	ilen
	mvx	#0	ilen+1	Channel 0, length<256
	jmp	ciomain

clstxt	dta	b(125)		Clear screen control code
adctxt	dta	c'ADC'
brktxt	dta	c'BRK'
jmptxt	dta	c'JMP'
bugtxt	dta	c' bug detected!',b($9b)
nobtxt	dta	c' bug NOT detected.',b($9b)

	ert	*>*|$ff		Program should fit on one page
	org	*|$ff
jmpptr	dta	a(jmp1)

jmp1	lda	#0		JMP bug not detected
	jmp	cont

	run	start
	end

The program above checks 3 bugs:
- 'ADC bug'
Flags N,V,Z are not properly set after ADC or SBC in decimal mode.
You can't rely on these flags after BCD operation.
- 'BRK bug'
If an interrupt occurs on a BRK, it is executed with BRK-like values on stack.
This means a BRK is simply passed-by if a NMI occurs.
Beware of using BRK with other interrupts.
- 'JMP bug' - JMP ($xxff) fetches address from $xxff and $xx00.
X-Asm 2.0 warns you of using such a jump.

All these bugs are supposedly fixed in CMOS chips.

===