Revisiting "Holy Grail" Bugs in Emulation Mar 9, — written by endrift Debugging is not an easy task, and Holy Grail bugs are an exceptionally difficult class of bugs to squash. Discovering the root issue, figuring out the error in logic leading to the issue, and finally stamping out the issue without introducing new issues can be a long and arduous process.

Sometimes one part can be easier than others, and sometimes every step is difficult.

But common to all bugs is the required time, dedication, and ingenuity required. It has been been a few months writing my first two articles on Holy Grail bugs, and it would seem that the articles piqued interest in these bugs, possibly bringing renewed dedication and new insights and dating site bios gba new into the process.

As such, some of the biggest, toughest bugs across multiple systems have click to see more been solved, once and for all. With its complicated sequence of tightly timed IRQs almost always working, but one single misfire being enough to take down the entire game, it seemed like this bug might never be squashed.

After helping author the Pinball Fantasies section in the previous article, I noticed that Lior became very focused on solving the issue once and for all. A few months later, sure enough, he did solve the issue. Not only did it require accurate emulation of video timing and stat IRQ blocking, already two very difficult topics, the process brought to light the fact that Game Boy interrupt timing is far more complex than previously believed.

Gekkio released dating site bios gba new and a test case demonstrating some very peculiar behavior involving how interrupts are processed: the cycle in which an interrupt is triggered is not the same cycle in which the type of interrupt triggered is observed.

Interrupt processing on the Game Boy has three important pieces. The EI and DI instructions enable and disable interrupts globally, adjusting what is known as the IME dating site bios gba new the specific interrupt types that are enabled, known as the IE register; and the list of currently asserted interrupts, known as the IF register. The hypothetical flow for interrupt processing is fairly simple: Check if IME is on—that is, if interrupts are enabled globally.

Jump to the appropriate interrupt vector in memory for that interrupt type. The big revelation here was that steps 2 and 3 do not occur at the same time. If you can manage to assert IF AND IE in one cycle and change one of the values before the interrupt vector jump occurs, strange things happen: If the least significant bit of IF AND IE changes during dispatch the jump is to the interrupt vector specified after the just click for source. This is a hyper-specific edge case that, much like other hyper-specific edge cases, seems to click only one or two games.

In this case, those games are Pinball Fantasies and Pinball Deluxe, which both use the same engine code. Interrupt dispatch should only occur if the IRQ is asserted at the end of an instruction, and this edge case only occurs if the assertion changes mid-dispatch. Lior also discovered that interrupt timing can appear to be delayed by a cycle while halted, but it depends on both the specific model of Game Boy and specific interrupt raised.

While it may sound strange for an interrupt to be delayed by one cycle, the exact reason for such a thing happening is fairly simple. The LR processor used in the Game Boy has two different types of timings: M-cycles, which are the instruction-level clock and occur at quarter of the master clock frequency, and T-states, which occur every master clock cycle and are sometimes referred to as sub-cycles due to the fact that they make up the separate steps taken by instructions.

While an M-cycle can be thought of as the CPU performing one complete task, e. For addition, it may look something like this: Load value in register B into the arithmetic logic unit.

Load value in register C into the ALU. Perform the addition using the ALU.

Store the result of the addition into register A. So clearly if an interrupt is triggered it has to happen on one of these four T-states, right? All a delayed interrupt would mean is that the T-state on which an interrupt request is processed is before the cycle in which that IRQ is asserted. Indeed, different interrupt sources will assert on different T-state.

But again, it seemed to be needed for Pinball Fantasies. With most of that information now verified, Pinball Fantasies now runs in SameBoy.

The same cannot be said of mGBA however, due to the current mess of the video timing implementation. Namely, there are a handful of games that use DMA from invalid memory usually from the address 0 to clear regions of memory.

This seemed sort of sensible, until I noticed that I could not get this same behavior to reproduce on actual hardware, no matter the configuration I used. The behavior was always different. It stands for direct memory access and refers to a piece of hardware that can perform memory transfers without using the main processor.

Each DMA channel can be programmed to do memory copies between addresses with various different start timings.