Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Software breakpoints get hit twice if the ISR executed directly after the breakpoint instruction #2551

Closed
bigfarts opened this issue Jun 11, 2022 · 2 comments
Closed

Software breakpoints get hit twice if the ISR executed directly after the breakpoint instruction #2551

bigfarts opened this issue Jun 11, 2022 · 2 comments
Milestone
mGBA 0.10.3

Comments

@bigfarts
Copy link
Contributor

bigfarts commented Jun 11, 2022
edited

I'm not sure if this is an mGBA issue or an issue in MEGA_EXE3_BLA3XE, but sometimes, if the ISR is triggered after a software breakpoint, it can return control to the same PC and re-execute the same instruction, causing the breakpoint handler to execute twice.

See this Gist for tracing: https://gist.github.com/bigfarts/edc75b8c207cbf76c98e336cfa2948ef

To reproduce this, enter a battle using the patched MEGA_EXE3_BLA3XE ROM (replace 0x0000643E with EF BE, should be 04 1C originally) and sometimes you can get this trace where ThumbStep will run 0x0000643E twice:

trace ThumbStep: pc = 08006440, lr = 08008829, opcode = beef
trace ThumbStep: pc = 03005f2e, lr = 03005f00, opcode = 4770
trace ThumbStep: pc = 08006440, lr = 08008829, opcode = beef
trace ThumbStep: pc = 08006440, lr = 08008829, opcode = 1c04
trace end

Weirdly enough though, this doesn't seem to happen in BN4, 5, or 6.
@bigfarts
Copy link
Contributor Author

The interrupt in question being fired looks like it's hblank, which isn't enabled in BN456 which explains why I haven't seen it there.

I'm not 100% sure on this (this doesn't explain why the instruction gets double executed) but here is my working theory:

  • Software breakpoint is triggered, entering the breakpoint handler and ARMRunFake replaces the CPU prefetch,
  • If the software breakpoint causes cycles to exceed the cycles for the next event, the hblank ISR routine is entered and the PC + prefetch are clobbered,
  • When we return, we never see the effects of the ARMRunFake in the breakpoint handler since the ISR ate it.

@bigfarts bigfarts changed the title Software breakpoints sometimes get hit twice in Mega Man Battle Network 3 Blue (MEGA_EXE3_BLA3XE) Software breakpoints get hit twice if the ISR executed directly after the breakpoint instruction Jun 11, 2022
@bigfarts
Copy link
Contributor Author

bigfarts commented Jun 12, 2022
edited

I've managed to somewhat work around this issue by issuing a step in the breakpoint handler:

  1. bkpt16 IRQ handler is entered,
  2. set prefetch with ARMRunFake,
  3. breakpoint handler is called (pc may be moved in the handler, so ARMRunFake is called before the handler is called),
  4. core->step is called to run the next instruction directly without being interrupted by the ISR (processEvents is not called)

I don't know if this is correct, but it seems to do the right thing!

@endrift endrift added this to the mGBA 0.10.1 milestone Jun 16, 2022
@endrift endrift modified the milestones: mGBA 0.10.1, mGBA 0.10.2 Nov 28, 2022
@endrift endrift modified the milestones: mGBA 0.10.2, mGBA 0.10.3 Mar 25, 2023
endrift added a commit that referenced this issue Jul 11, 2023
@endrift
ARM: Fake bpkt instruction should take no cycles (fixes #2551)
afb614a
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
mGBA 0.10.3
Development

No branches or pull requests
2 participants
@endrift @bigfarts