Main Menu
Main Page
Forums
Recent changes
Random page
Help

Databases
GlitchDex
AttackDex
ItemDex

Major Glitches
Trainer escape glitch
Old man trick
Celebi trick
Select glitches (Japan)
SRAM glitch
CoolTrainer♀ corruption
LOL glitch
Rival LOL glitch
Super Glitch
ZZAZZ glitch
Pomeg corruption glitch (Glitzer Popping)
Tweaking
Elite Four door glitch (Japan)
Pokémon merge glitch
Pokémon cloning
Time Capsule exploit
Arbitrary code execution
Coin Case glitch
More

Other Glitch Categories
Glitches by generation
Glitches between two generations
Japan-only/language specific glitches
Music glitches
Natural glitches
Non-core series glitches
Non-Pokémon glitches
Officially acknowledged glitches
Recurring glitches
Dead glitches

References
Pokémon GameShark codes
The Big HEX List
GB programming
Curiosities
Debugging features
Easter eggs
Error traps
Glitch areas
Glitch myths
Non-glitch exploits
Placeholder texts
Pokémon glitch terminology
Unused content and prerelease information

Useful Tools
8F Helper
GBz80 to Items
Old man trick name generator
PATH (Prama's Advanced Tweaking Heaven)
Save file editors
Special stat/Pokémon converter
Trainer escape Trainer Pokémon finder

Affiliates
Legendary Star Blob 2 (Hakuda)
Pokémon Speedruns wiki
PRAMA Initiative
Become an affiliate!

Search Wiki

 

Search Forums

 

Author Topic: Verifying console/emulator behavior with 8F  (Read 2231 times)

0 Members and 1 Guest are viewing this topic.

TheZZAZZGlitch

  • Distinguished Member
  • *
  • Offline Offline
  • Gender: Male
  • Unknown opcode fc at 801a
    • View Profile
Verifying console/emulator behavior with 8F
« on: July 20, 2016, 01:50:32 am »
I planned to do this for a long time. In Gen I, we have a lot of glitches that exploit certain obscure details of the GB hardware or rely on undefined behavior, yet it still isn't exactly clear what behavior is exhibited by certain emulators and the real console. Thankfully, we have an easy way to execute any code we want with 8F. It's a good opportunity to test if everything works exactly as we think it works. I welcome everyone with working 8F setups on VC/console/mobile emulators/other devices to run the following 8F scripts and see if we have 100% accuracy for our glitching purposes.

If my request gets some interest, this table will be filled with data regarding the most important systems.
Also let me know if someone thinks of another relevant test to add.

Last updated 2016-07-22

PlatformUnknownOpcodesInvalidBanksVRAMAccessEchoRAMInvalidStop
Game Boy Color (CGB-001) PASS4PASSPASSPASSPASS
Game Boy Advance SP (AGS-001) PASS4PASSPASSPASSPASS
Game Boy Player PASS4PASSPASSPASSPASS
3DS Virtual Console FAIL5FAIL6PASSPASSFAIL
Stadium 2 GB Tower PASS7PASSFAIL8FAIL9FAIL
bgb 1.4.1 PASS1PASSPASSPASSPASS
VBA-RR v24 svn440 PASS2PASSPASSPASSFAIL
VBA 1.7.2 PASS2FAIL3FAILFAILFAIL
MyOldBoy v1.1.0 FAILPASSPASSPASSFAIL
LameboyDS v0.12 FAILPASSPASSPASSPASS10

1 - the emulator breaks into a debugger every time an undefined opcode is encountered
2 - brings up the infamous message "unknown opcode xx at yyyy"
3 - the result is 127 instead of 124 - this behavior needs to be more thoroughly investigated
4 - the game hangs without any message
5 - unknown opcodes are ignored, most likely because of the emulator hooking them to communicate with the hardware
6 - (probably) always returns 0
7 - displays a message: "The saved data has been corrupted, so it is impossible to CONTINUE. Please reset the game and choose NEW GAME", the save is not corrupted though
8 - (probably) always returns 255 - so VRAM access is enabled not during the V-Blank period, but during the V-Blank interrupt, which changes things dramatically
9 - some other data seems to be stored in the echo RAM area
10 - some corrupted stops work, some not - this is to be expected with undefined behavior

The tests themselves:

UnknownOpcodes

Self-explanatory. This is intended to test whether the target system ignores invalid opcodes, or crashes/halts when they are executed. This behavior could potentially affect any glitches that execute data as code (invalid sound banks, invalid item/move effect pointers).

8F
(Any)
TM27         x201


Code: [Select]
opcode_e3
ret

If the game continues running after executing the script - FAIL
If the system brings up an error message or the game hangs or crashes - PASS

InvalidBanks

This checks how the system handles switching to non-existent ROM banks. This determines the behavior of glitches that cause invalid bank switches - most commonly invalid sound banks or invalid predefined commands.

8F
(Any)
Lemonade     x65
Repel        x32
X Speed      x79
Ultra Ball   x198
Fire Stone   x71
Moon Stone   x35
Water Stone  x201


Code: [Select]
ld a,41
ld e,20
ld b,e
ld c,a
ld (bc),a
add 20
ld b,a
ld a,(bc)
inc hl
ldi (hl),a
ret

The third item's quantity changes to 124 - PASS.
Third item's quantity changes to something other than 124, like 255 or 0 - FAIL.
Remember to reset item 3's quantity if you want to repeat the test.

VRAMAccess

VRAM data can only be read or written during V-Blank, H-Blank, or when the LCD screen is turned off. Otherwise, the write operation will be ignored, and all read operations will return FF. This test checks this behavior. Emulation of VRAM inaccessibility is essential for correct behavior of a lot of popular glitches, including Cooltrainer, Super Glitch, Brock Through Walls and any other glitches that attempt to "search through the entire address space".

8F
(Any)
Lemonade     xAny
Repel        x144
X Speed      x175
PP Up        x35
Moon Stone   x34
TM01         xAny


Code: [Select]
ld a,??
ld e,90
ld b,e
xor a
ld c,a
inc hl
ld a,(bc)
ldi (hl),a
ret

Run the script multiple times in a row and observe the quantity of the third item.
If it changes seemingly randomly between 255 and any other value - PASS
If it never becomes 255, even after trying multiple times - FAIL

EchoRAM

Because of how GB's address line works, RAM addresses $C000~$DDFF are mirrored at $E000~$FDFF. This repeated section of memory is called the echo RAM. Because this feature was hardly used by anyone, several emulators don't support it. This test is intended to verify whether echo RAM is emulated correctly. Emulation of this feature changes the behavior of glitches that cause extensive memory corruption, like Pokemon beyond the sixth slot, or Dokokashira Door Glitch. Also, Coin Case arbitrary code execution won't work without echo RAM emulation.

8F
(Any)
Lemonade     xAny
Repel        x241
X Speed      x44
Fresh Water  x175
TM06         x88
PP Up        x10
Water Stone  x201


Code: [Select]
ld a,00
ld e,f1
ld b,e
inc l
inc a
xor a
adc a,58
ld c,a
ld a,(bc)
ldi (hl),a
ret

Run the script and check the quantity of item 3.
If it changes to the code of the first letter in the player's name - PASS
If it doesn't change, or changes to a wrong value, like FF or 00 - FAIL

InvalidStop

This is to test how the system reacts to invalid STOP opcodes. This behavior could affect some of the non-ACE Coin Case glitches, along with all glitches that execute data as code (invalid sound banks, invalid item/move effect pointers)

8F
(Any)
Full Restore x??
TM01         xAny


Code: [Select]
stop ??
ret

Start with an arbitrary amount of Full Restores.
Run the 8F script. If the game crashes/halts whenever the script is executed - PASS
If not, try running the script with a different amount of Full Restores and repeat the process.
If after several tries the game is still running - FAIL.
« Last Edit: July 21, 2016, 11:59:58 pm by TheZZAZZGlitch »
qÁF qÁF qÁF qÁF qÁF qÁF qÁF qÁF qÁF qÁF qÁF qÁF qÁF qÁF qÁF qÁF qÁF qÁF qÁF qÁF qÁF qÁF qÁF qÁF qÁF qÁF

TheUnReturned

  • A strange guy
  • GCLF Member
  • *
  • Offline Offline
  • Gender: Male
  • Yawns
    • View Profile
Re: Verifying console/emulator behavior with 8F
« Reply #1 on: July 20, 2016, 02:01:59 am »
I planned to do this for a long time. In Gen I, we have a lot of glitches that exploit certain obscure details of the GB hardware or rely on undefined behavior, yet it still isn't exactly clear what behavior is exhibited by certain emulators and the real console. Thankfully, we have an easy way to execute any code we want with 8F. It's a good opportunity to test if everything works exactly as we think it works. I welcome everyone with working 8F setups on VC/console/mobile emulators/other devices to run the following 8F scripts and see if we have 100% accuracy for our glitching purposes.

If my request gets some interest, this table will be filled with data regarding the most important systems.
Also let me know if someone thinks of another relevant test to add.

PlatformUnknownOpcodesInvalidBanksVRAMAccessEchoRAMInvalidStop
??????

The tests themselves:

UnknownOpcodes

Self-explanatory. This is intended to test whether the target system ignores invalid opcodes, or crashes/halts when they are executed. This behavior could potentially affect any glitches that execute data as code (invalid sound banks, invalid item/move effect pointers).

8F
(Any)
TM27         x201


Code: [Select]
opcode_e3
ret

If the game continues running after executing the script - PASS
If the system brings up an error message or the game hangs or crashes - FAIL

InvalidBanks

This checks how the system handles switching to non-existent ROM banks. This determines the behavior of glitches that cause invalid bank switches - most commonly invalid sound banks or invalid predefined commands.

8F
(Any)
Lemonade     x65
Repel        x32
X Speed      x79
Ultra Ball   x198
Fire Stone   x71
Moon Stone   x35
Water Stone  x201


Code: [Select]
ld a,41
ld e,20
ld b,e
ld c,a
ld (bc),a
add 20
ld b,a
ld a,(bc)
inc hl
ldi (hl),a
ret

The third item's quantity changes to 124 - PASS.
Third item's quantity changes to something other than 124, like 255 or 0 - FAIL.
Remember to reset item 3's quantity if you want to repeat the test.

VRAMAccess

VRAM data can only be read or written during V-Blank, H-Blank, or when the LCD screen is turned off. Otherwise, the write operation will be ignored, and all read operations will return FF. This test checks this behavior. Emulation of VRAM inaccessibility is essential for correct behavior of a lot of popular glitches, including Cooltrainer, Super Glitch, Brock Through Walls and any other glitches that attempt to "search through the entire address space".

8F
(Any)
Lemonade     xAny
Repel        x144
X Speed      x175
PP Up        x35
Moon Stone   x34
TM01         xAny


Code: [Select]
ld a,??
ld e,90
ld b,e
xor a
ld c,a
inc hl
ld a,(bc)
ldi (hl),a
ret

Run the script multiple times in a row and observe the quantity of the third item.
If it changes seemingly randomly between 255 and any other value - PASS
If it never becomes 255, even after trying multiple times - FAIL

EchoRAM

Because of how GB's address line works, RAM addresses $C000~$DDFF are mirrored at $E000~$FDFF. This repeated section of memory is called the echo RAM. Because this feature was hardly used by anyone, several emulators don't support it. This test is intended to verify whether echo RAM is emulated correctly. Emulation of this feature changes the behavior of glitches that cause extensive memory corruption, like Pokemon beyond the sixth slot, or Dokokashira Door Glitch. Also, Coin Case arbitrary code execution won't work without echo RAM emulation.

8F
(Any)
Lemonade     xAny
Repel        x241
X Speed      x44
Fresh Water  x175
TM06         x88
PP Up        x10
Water Stone  x201


Code: [Select]
ld a,00
ld e,f1
ld b,e
inc l
inc a
xor a
adc a,58
ld c,a
ld a,(bc)
ldi (hl),a
ret

Run the script and check the quantity of item 3.
If it changes to the code of the first letter in the player's name - PASS
If it doesn't change, or changes to a wrong value, like FF or 00 - FAIL

InvalidStop

This is to test how the system reacts to invalid STOP opcodes. This behavior could affect some of the non-ACE Coin Case glitches, along with all glitches that execute data as code (invalid sound banks, invalid item/move effect pointers)

8F
(Any)
Full Restore x??
TM01         xAny


Code: [Select]
stop ??
ret

Start with an arbitrary amount of Full Restores.
Run the 8F script. If the game crashes/halts whenever the script is executed - PASS
If not, try running the script with a different amount of Full Restores and repeat the process.
If after several tries the game is still running - FAIL.
Whoa, this could expand our understanding on how different glitches work on console
This could open up a loads of possibilities for console-only glitches!
Awesome~
Keep up the good work :D
Always treasure the present
To remain it in the past

Flandre Scarlet

  • Mistress of Scarlet Devil Mansion
  • GCLF Member
  • Offline Offline
  • Role playing as my favorite character is fun
    • View Profile
Re: Verifying console/emulator behavior with 8F
« Reply #2 on: July 20, 2016, 05:44:14 am »
Before I attempt these do you think they could damage one's save file after performing?
I am a fan of Pokemon, Glitches, Touhou, Yugioh, Smash, Mario, Sonic, Kirby, (2D) Metroid, and MORE!
 
8F is god it can create Pokemon from nothing, 8F is god it can change items into other items, 8F is god it can make infinite items out of 1, 8F is god it can end any battle, 8F is god it can change the world around us, 8F is god it can create music and new games, 8F is god. - Flandre Scarlet 2/23/2016

ISSOtm

  • The French Lord of Laziness (and a huge The Legend Of Zelda fan)
  • Wiki Contributor
  • *
  • Offline Offline
  • Gender: Male
  • Pewter City (B)rocks !
    • View Profile
    • My Little Website
Re: Verifying console/emulator behavior with 8F
« Reply #3 on: July 20, 2016, 06:34:43 am »
None of these tests should have the slightest chance to corrupt save files. There's still the slight chance we missed something, or an unexpected behavior will occur, but that cannot be foreseen. I'm ready to risk my save file, as far as I'm concerned.

I'd also like to point out a useful 8F code for item duplication :
Code: [Select]
8F
Item to dupe x1 <-- And I MEAN x1 !
Poké Ball x43
Revive x4
TM01x (any)

OR
(...)
Revive x201
That gives you 0 items of the second slot. Throw away X items, and you end up with 256-X items. This allows
1. to get x0 item stacks
2. to bypass Missingno item duping (and since I'm using en EU R/B...)


I ran the InvalidBanks test on a EU R/B 3DS VC, and I got 0 Lemonades.

I tried invalid opcode E4 using TM27 x201, and I got nothing. No crash whatsoever.

I also tried :
Code: [Select]
8F
Nugget x255 (It was there at the time, meh)
Full Restore x3 (in case the opcode is 1 byte long in this emulation)
TM01 x01
Stuff
And the game just kept running fine !
To check whether the opcode was 1 or 2 bytes wide, I used the following setup :
Code: [Select]
8F
Revive x4 (shouldn't matter)
Full Restore x1
TM27 x201
Nugget x255
Water Stone x201
Assuming a 1-byte large STOP :
Code: [Select]
stop
ld bc, $C9E4
ld sp, $22FF
ret
This sets SP in ROM, and that has chances to be deadly to the code flow.
However, assuming a 2-byte STOP :
Code: [Select]
stop (absorbs the 01)
ret
(doesn't matter)
Which returns fine (according to the above).
Running 8F had the game continue to run fine. So I assume STOP is 2-bytes wide, unless $22FF is a very lucky stack pointer (*cough cough*).

I will be running VRAM and ERAM tests later.
« Last Edit: July 20, 2016, 07:52:06 am by ISSOtm »
"THOU SHALL NOT PASS !!"  RIVAL's effect, Gandalf.

Proudly glitching Pokémon Red and Yellow on a Black & White GB, Pocket GB, GB Color, GBA SP and new 3DS.

My Twitter (beware, I'm French)
My YouTube (same warning)

Here is an online tool to build 8F setups : GBz80 to Items !

They see me layzin', they ha-tin'...
Heavy contributor of the global augmentation of entropy (my room's is too damn high !)

Wack0

  • Coder, reverser, beta collector [BetaArchive staff]
  • Staff
  • *****
  • Offline Offline
  • Gender: Male
  • cBRH - Doing nothing since 2k7
    • View Profile
Re: Verifying console/emulator behavior with 8F
« Reply #4 on: July 20, 2016, 09:25:16 am »
...wow.

I knew 3DSVC gb emu hooked some invalid opcodes, but ignoring them all? dafuq?

now, i wonder if they actually do something or if they just act as nops.
C H E C K E D . B U I L D S . A R E . A W E S O M E N E S S

BetaArchiveSoftHistory Forumsirc.rol.im #galaxy,#softhistory

Also known as The Distractor.

Shane, please stop telling children that there's a Mew outside under the delivery trucks. - Management

Pokémon: arbitrary code execution 1996-2016

Flandre Scarlet

  • Mistress of Scarlet Devil Mansion
  • GCLF Member
  • Offline Offline
  • Role playing as my favorite character is fun
    • View Profile
Re: Verifying console/emulator behavior with 8F
« Reply #5 on: July 20, 2016, 10:44:59 am »
Reporting for US English VC. Tested the opcode and VRAM codes. After opcode nothing happened. VRAM only went to 255 and 0 favoring 255. I use walking in random areas of celadon if that counts for anything.
I am a fan of Pokemon, Glitches, Touhou, Yugioh, Smash, Mario, Sonic, Kirby, (2D) Metroid, and MORE!
 
8F is god it can create Pokemon from nothing, 8F is god it can change items into other items, 8F is god it can make infinite items out of 1, 8F is god it can end any battle, 8F is god it can change the world around us, 8F is god it can create music and new games, 8F is god. - Flandre Scarlet 2/23/2016

Háčky

  • Distinguished Member
  • *
  • Offline Offline
  • Pick which packet as an error?
    • View Profile
Re: Verifying console/emulator behavior with 8F
« Reply #6 on: July 20, 2016, 12:49:09 pm »
A while back, I noticed that echo RAM doesn’t work in GB Tower (in either Pokémon Stadium or Stadium 2). There seemed to be other data at those addresses but I couldn’t tell anything about what it was.

I tried running these tests in Stadium 2:

UnknownOpcodes: Fail (“The saved data has been corrupted, so it is impossible to CONTINUE. Please reset the game and choose NEW GAME.” No, it didn’t actually corrupt my save file.)
InvalidBanks: Pass (124)
VRAMAccess: ? (always 255)
EchoRAM: Fail (30)
InvalidStop: Fail

Torchickens

  • Administrator
  • *****
  • Offline Offline
  • Gender: Female
    • View Profile
Re: Verifying console/emulator behavior with 8F
« Reply #7 on: July 20, 2016, 03:17:45 pm »
This was fun to do! I will try to perform these tests on English Stadium 1's Game Boy Tower soon. I don't know if I have a DMG anymore, it may be hidden at our old house.

When I tried to set up either 8F or ws m in the EU Virtual Console versions, I had my save file destroyed (no message, only the Continue option removed) by accidentally pressing A on an unterminated name glitch item. It also got erased in Yellow when I used ws m in the wrong box by mistake. Both freezes may have been due to a rst $38. On an emulator (VBA v24 svn422), the erased save behaviour doesn't always occur but I wonder whether it is more likely on the VC versions.

Game Boy Color (CGB-001):
UnknownOpcodes - Pass (game locks-up, music hangs)
InvalidBanks -  Pass (item 3's quantity changes to 124)
VRAMAccess - Pass (item 3's quantity changes to either 0 or 255, seemingly randomly)
EchoRAM - Pass (item 3's quantity changed to 225; the index number for "Pk" (the first character of my name) as expected
InvalidStop  - Pass (I used item 3 quantities of 255 and 254. The game froze with a black screen, one time it froze without a black screen/hanged on selection and music lingered with one of these quantities, I believe it may have been 254)

Game Boy Advance SP (AGS-001):
UnknownOpcodes - Pass (game locks-up, music hangs)
InvalidBanks - Pass (item 3's quantity changes to 124)
VRAMAccess - Pass (item 3's quantity changes to either 0 or 255, seemingly randomly)
EchoRAM - Pass (item 3's quantity changed to 225; the index number for "Pk" (the first character of my name) as expected
InvalidStop - Pass (I used item 3 quantities of 255 and 254, and the game froze with a black screen and music lingering)

Game Boy Player (a GameCube peripheral that can play Game Boy games):

UnknownOpcodes - Pass (game locks-up, music hangs)
InvalidBanks - Pass (item 3's quantity changes to 124)
VRAMAccess - Pass (item 3's quantity changes to either 0 or 255, seemingly randomly)
EchoRAM. - Pass (item 3's quantity changed to 225; the index number for "Pk" (the first character of my name) as expected. I thought this would work because giginet's video of the dokokashira door glitch uses a Game Boy Player.
InvalidStop - Pass (I used item 3 quantities of 255 and 254, and the game would freeze either with a black screen or hang with the music lingering. Is the black screen less likely here? Possibly but it could very well be confirmation bias)
« Last Edit: July 21, 2016, 04:53:34 am by Torchickens »
Hello. I actually identify as gender questioning, but nowadays feel more firmly that I identify as female. My sex is male but I like to express myself as female.  She/her pronouns, please.


Thank you TMTRAINER for my avatar and Aeriixion for the cute sprite! :) Roelof also made different variations of the sprite (which I animated).

Contact:

Email Youtube Twitter
Skype: Torchickens
Bulbapedia Starfy Wiki

Beyond all philosophies are the things that go best for you; what makes you feel content. It's important to always follow your heart, so unless you feel perfectly happy about it don't just follow something because it is popular, fits a style or is conventional. Sometimes you may reach a point you're not sure who you are, but as things settle I'm convinced things do work out in time.

ISSOtm

  • The French Lord of Laziness (and a huge The Legend Of Zelda fan)
  • Wiki Contributor
  • *
  • Offline Offline
  • Gender: Male
  • Pewter City (B)rocks !
    • View Profile
    • My Little Website
Re: Verifying console/emulator behavior with 8F
« Reply #8 on: July 20, 2016, 04:49:49 pm »
Torchickens, for the Invalidstop test, could you please also try with item #3 quantity being 3 ? Because FF causes a rst 38h (which always crashes), and FE uses the following byte as an operand. 3 is inc bc, so it would properly return.

Also, gbdev wiki points out the invalid opcodes hang the GB's CPU when executed, so the emulation crahsing should probabbly marked as PASS, no ?
« Last Edit: July 20, 2016, 04:51:22 pm by ISSOtm »
"THOU SHALL NOT PASS !!"  RIVAL's effect, Gandalf.

Proudly glitching Pokémon Red and Yellow on a Black & White GB, Pocket GB, GB Color, GBA SP and new 3DS.

My Twitter (beware, I'm French)
My YouTube (same warning)

Here is an online tool to build 8F setups : GBz80 to Items !

They see me layzin', they ha-tin'...
Heavy contributor of the global augmentation of entropy (my room's is too damn high !)

naf102

  • GCLF Member
  • Offline Offline
  • Gender: Male
  • I think I'm suffering from experience underflow...
    • View Profile
Re: Verifying console/emulator behavior with 8F
« Reply #9 on: July 20, 2016, 06:49:09 pm »
I tested MyOldBoy (an Android GameBoy emulator):

UnknownOpCodes- Pass (game continues to function)
InvalidBanks- Pass (Item 3's (Lemonade) quantity changes to 124)
VRAM Access- Pass (Item 3's quantity (Lemonade) changes to 255)
EchoRAM-  Pass (Item 3's quantity changes to 129 (which is 81, which is the letter B and my Trainer's  name is BIG M)
InvalidStop-  Failure (No matter how many Full Restores I had in inventory (first I tried 97, then 43, then 143 then 267) the game would not stop running)

« Last Edit: July 20, 2016, 06:57:51 pm by naf102 »
I have TM87 because I'm so HM02

Yeniaul

  • Guest
Re: Verifying console/emulator behavior with 8F
« Reply #10 on: July 20, 2016, 07:05:52 pm »
LameboyDS:
UnknownOpCodes: PASS
InvalidBanks: PASS
EchoRAM: PASS
VRAMAccess: PASS
InvalidStop: PASS...? (Some invalid stops work, some don't. Um...?)
Seems to pass with flying colors. The InvalidStop test kinda passed... some worked right, some didn't.
Odd, but okay.
« Last Edit: July 20, 2016, 07:13:26 pm by Yeniaul »

TheZZAZZGlitch

  • Distinguished Member
  • *
  • Offline Offline
  • Gender: Male
  • Unknown opcode fc at 801a
    • View Profile
Re: Verifying console/emulator behavior with 8F
« Reply #11 on: July 20, 2016, 11:53:43 pm »
Thank you for all of your responses! I updated the table with all the information you submitted.

I originally didn't know undefined opcodes actually hang the CPU, I expected something similar to the behavior of 6502, where invalid opcodes actually do something - sometimes useful, sometimes not.
Therefore, I will now consider the test to be passed if the game doesn't keep running after executing an invalid instruction, since that's the behavior on real hardware. I updated the test accordingly.

Already we see that some of the glitches will be version exclusive - most importantly, 3DS VC seems to have pretty inaccurate emulation (although most of this stuff is undefined behavior, so they have the right to format my SD card if I try to do this). Some random facts as of now:
- The "MISSINGNO. is trying to learn effect" is 4 times less likely to be seen on 3DS VC.
- Coin Case ACE will not work on Stadium 2's GB Tower.
- 3DS VC most likely ignores invalid opcodes, which means that some crashing glitch items could potentially be more useful there.

Also, superscript inside tables looks weird.
qÁF qÁF qÁF qÁF qÁF qÁF qÁF qÁF qÁF qÁF qÁF qÁF qÁF qÁF qÁF qÁF qÁF qÁF qÁF qÁF qÁF qÁF qÁF qÁF qÁF qÁF

Yeniaul

  • Guest
Re: Verifying console/emulator behavior with 8F
« Reply #12 on: July 21, 2016, 12:07:47 am »
I originally didn't know undefined opcodes actually hang the CPU, I expected something similar to the behavior of 6502, where invalid opcodes actually do something - sometimes useful, sometimes not.
Therefore, I will now consider the test to be passed if the game doesn't keep running after executing an invalid instruction, since that's the behavior on real hardware.
LameboyDS DID NOT hang with unknown opcodes, it will hop over the instruction and continue. Should probably update that in the table if it's still labeled PASS. :P whoops

And it's LameboyDS version 0.12 if I remember correctly... pretty good for an infant port, right?
« Last Edit: July 21, 2016, 12:14:07 am by Yeniaul »

ISSOtm

  • The French Lord of Laziness (and a huge The Legend Of Zelda fan)
  • Wiki Contributor
  • *
  • Offline Offline
  • Gender: Male
  • Pewter City (B)rocks !
    • View Profile
    • My Little Website
Re: Verifying console/emulator behavior with 8F
« Reply #13 on: July 21, 2016, 07:02:05 am »
After some item index decrementation (man, I threw that TM06 when I beat Koga a year ago ><), I tested Echo RAM on the Virtual Console, and realized I am on a EU version, so I had to get 5 more TM06. Dumb me.
Code: [Select]
8F
Super Ball x?6
Lemonade x254
Repel x241
X Speed x44
Fresh Water x175
TM06 x93
PP Up x10
Water Stone x201
Stuff
This gave me 136 Lemonades. My trainer's named ISSOtm, so I guess this is a PASS.


I wanted to give a shot to the Gambatte emulator, so I launched BizHawk on a US Red ROM. Here are the results :
  • Invalid opcode E3 : crash. PASS
  • Invalid banks : 124. PASS
  • VRAM Access : Always 255 Lemonades. I guess that PASSes ?
  • The Echo RAM test yielded 88 ($58) Lemonades, although I know ('cause of Coin Case TASes) Echo RAM is properly emulated in BizHawk ? I must have screwed something somewhere. Anyways, PASS
  • The STOP opcode had the game run fine. It was two bytes large, but didn't crash. I label this as PASS, and I'll explain why below.

GBDevWiki's description of the STOP instruction is
" stop           10 00        ? ---- low power standby mode (VERY low power)"
Actually, STOP behaves like a HALT (do nothing until an interrupt occurs), but this actually disables the LCD driver and enters very low power mode.
This setup (starting from item #3) should do the job of really testing the opcode :
Code: [Select]
Poké Ball x243
Full Restore x255
Super Ball x251
TM01 x(any)

Code :
inc b
di
stop
inc bc
ei
ret
If the game hangs, the opcode is correctly interpreted -> PASS.
If the game continues, the opcode isn't interpreted correctly -> FAIL.
If the game crashes (in a rst 38h style), the opcode isn't the correct length.
Try again, this time with only 1 .
« Last Edit: July 21, 2016, 07:01:29 pm by ISSOtm »
"THOU SHALL NOT PASS !!"  RIVAL's effect, Gandalf.

Proudly glitching Pokémon Red and Yellow on a Black & White GB, Pocket GB, GB Color, GBA SP and new 3DS.

My Twitter (beware, I'm French)
My YouTube (same warning)

Here is an online tool to build 8F setups : GBz80 to Items !

They see me layzin', they ha-tin'...
Heavy contributor of the global augmentation of entropy (my room's is too damn high !)

naf102

  • GCLF Member
  • Offline Offline
  • Gender: Male
  • I think I'm suffering from experience underflow...
    • View Profile
Re: Verifying console/emulator behavior with 8F
« Reply #14 on: July 21, 2016, 03:56:24 pm »
Oh and by the way, the version of My OldBoy I tested was v 1.1.0.
I have TM87 because I'm so HM02