Small handful of games hitting exception during boot

DaveTCode commented 2 years ago

According to the compatibility runner the following games hit a " The method or operation is not implemented." exception which will either be because they try to execute a coprocessor instruction or an undefined one. In 100% of cases so far this has indicated a cpu bug so that's what I'll assume is happening.

Games failing:

Golden Sun - The Lost Age
Mario Golf - Advance Tour
Mario Tennis - Power Tour
Max Payne

DaveTCode commented 2 years ago

Golden Sun - The Lost Age fails at:


 r0:00000041   r1:030010D0   r2:0300121C   r3:00000001
 r4:00000100   r5:06002438   r6:68736D53   r7:00000000
 r8:00000000   r9:00000000  r10:00000000  r11:0000001F 
r12:00000000  r13:03007EB8  r14:00000B57  r15:0300075A
cpsr: 0000003F ------- Thm System
spsr: 0000003F ------- Thm System
Cycle: 197671
03000756: E8B1   Invalid thumb instruction

Mario Golf fails at:


 r0:00000041   r1:030011E4   r2:00000001   r3:00000001
 r4:00000001   r5:00000002   r6:68736D53   r7:00000000
 r8:00000000   r9:00000000  r10:00000000  r11:0000001F 
r12:0801531D  r13:03007EB4  r14:00000B57  r15:030007DE
cpsr: 0000003F ------- Thm System
spsr: 0000003F ------- Thm System
Cycle: 197418
030007DA: E8B1   Invalid thumb instruction

Mario Tennis fails at:


 r0:00000041   r1:FFFFFF81   r2:00000001   r3:00000001
 r4:030012BE   r5:00000002   r6:68736D53   r7:00000000
 r8:03001324   r9:00000000  r10:00000000  r11:0000001F 
r12:08013EBD  r13:03007EB0  r14:00000B57  r15:0300075E
cpsr: 8000003F N------ Thm System
spsr: 8000003F N------ Thm System
Cycle: 197437
0300075A: E8B1   Invalid thumb instruction

Max Payne fails at:


 r0:03002AF8   r1:00000001   r2:0000000F   r3:00000001
 r4:0000011F   r5:03002BE4   r6:00000000   r7:00000000
 r8:00000000   r9:00000000  r10:00000000  r11:00000000 
r12:00000000  r13:03007EDC  r14:08007B23  r15:0300031E
cpsr: 2000003F --C---- Thm System
spsr: 2000003F --C---- Thm System
Cycle: 1039325
0300031A: E8BD   Invalid thumb instruction

DaveTCode commented 2 years ago

Both E8B1 and E8BD are indeed bad instructions as they have high bits 11101 which doesn't decode to a valid thumb instruction.

DaveTCode commented 2 years ago

Start by looking at Golden Sun as it hits the error nice and early on. Hitting an invalid instruction in RAM means one of 2 things:

The RAM value is wrong
The application should never have got to running that code

Lets first look at how the code ended up there in the first place. Dumping out the state of the core for the previous 100 cycles gives:


 r0:00000000   r1:03001150   r2:00000000   r3:03001150
 r4:00000100   r5:00000B57   r6:03001138   r7:03001100
 r8:00000000   r9:00000000  r10:00000000  r11:0000001F
r12:0801399D  r13:03007EA8  r14:08013A3F  r15:08013AC8
cpsr: 2000003F --C---- Thm System
spsr: 2000003F --C---- Thm System
Cycle: 197577
08013AC4: 683D   LDR #imm/STR #imm

 r0:00000000   r1:03001150   r2:00000000   r3:03001150
 r4:00000100   r5:00000000   r6:03001138   r7:03001100
 r8:00000000   r9:00000000  r10:00000000  r11:0000001F
r12:0801399D  r13:03007EA8  r14:08013A3F  r15:08013ACA
cpsr: 2000003F --C---- Thm System
spsr: 2000003F --C---- Thm System
Cycle: 197583
08013AC6: 7833   LDR #imm/STR #imm

 r0:00000000   r1:03001150   r2:00000000   r3:00000000
 r4:00000100   r5:00000000   r6:03001138   r7:03001100
 r8:00000000   r9:00000000  r10:00000000  r11:0000001F
r12:0801399D  r13:03007EA8  r14:08013A3F  r15:08013ACC
cpsr: 2000003F --C---- Thm System
spsr: 2000003F --C---- Thm System
Cycle: 197586
08013AC8: 469C   MOV R12, R3

 r0:00000000   r1:03001150   r2:00000000   r3:00000000
 r4:00000100   r5:00000000   r6:03001138   r7:03001100
 r8:00000000   r9:00000000  r10:00000000  r11:0000001F
r12:00000000  r13:03007EA8  r14:08013A3F  r15:08013ACE
cpsr: 2000003F --C---- Thm System
spsr: 2000003F --C---- Thm System
Cycle: 197587
08013ACA: 062B   MOV Shifted reg

 r0:00000000   r1:03001150   r2:00000000   r3:00000000
 r4:00000100   r5:00000000   r6:03001138   r7:03001100
 r8:00000000   r9:00000000  r10:00000000  r11:0000001F
r12:00000000  r13:03007EA8  r14:08013A3F  r15:08013AD0
cpsr: 4000003F -Z----- Thm System
spsr: 4000003F -Z----- Thm System
Cycle: 197588
08013ACC: 0E1B   MOV Shifted reg

 r0:00000000   r1:03001150   r2:00000000   r3:00000000
 r4:00000100   r5:00000000   r6:03001138   r7:03001100
 r8:00000000   r9:00000000  r10:00000000  r11:0000001F
r12:00000000  r13:03007EA8  r14:08013A3F  r15:08013AD2
cpsr: 4000003F -Z----- Thm System
spsr: 4000003F -Z----- Thm System
Cycle: 197589
08013ACE: 459C   CMP R12, R3

 r0:00000000   r1:03001150   r2:00000000   r3:00000000
 r4:00000100   r5:00000000   r6:03001138   r7:03001100
 r8:00000000   r9:00000000  r10:00000000  r11:0000001F
r12:00000000  r13:03007EA8  r14:08013A3F  r15:08013AD4
cpsr: 6000003F -ZC---- Thm System
spsr: 6000003F -ZC---- Thm System
Cycle: 197590
08013AD0: D013   Conditional branch

 r0:00000000   r1:03001150   r2:00000000   r3:00000000
 r4:00000100   r5:00000000   r6:03001138   r7:03001100
 r8:00000000   r9:00000000  r10:00000000  r11:0000001F
r12:00000000  r13:03007EA8  r14:08013A3F  r15:08013AFE
cpsr: 6000003F -ZC---- Thm System
spsr: 6000003F -ZC---- Thm System
Cycle: 197596
08013AFA: 1C6B   ADD/SUB

 r0:00000000   r1:03001150   r2:00000000   r3:00000001
 r4:00000100   r5:00000000   r6:03001138   r7:03001100
 r8:00000000   r9:00000000  r10:00000000  r11:0000001F
r12:00000000  r13:03007EA8  r14:08013A3F  r15:08013B00
cpsr: 0000003F ------- Thm System
spsr: 0000003F ------- Thm System
Cycle: 197597
08013AFC: 603B   LDR #imm/STR #imm

 r0:00000000   r1:03001150   r2:00000000   r3:00000001
 r4:00000100   r5:00000000   r6:03001138   r7:03001100
 r8:00000000   r9:00000000  r10:00000000  r11:0000001F
r12:00000000  r13:03007EA8  r14:08013A3F  r15:08013B02
cpsr: 0000003F ------- Thm System
spsr: 0000003F ------- Thm System
Cycle: 197599
08013AFE: 4A0A   PC-relative load

 r0:00000000   r1:03001150   r2:030011D4   r3:00000001
 r4:00000100   r5:00000000   r6:03001138   r7:03001100
 r8:00000000   r9:00000000  r10:00000000  r11:0000001F
r12:00000000  r13:03007EA8  r14:08013A3F  r15:08013B04
cpsr: 0000003F ------- Thm System
spsr: 0000003F ------- Thm System
Cycle: 197607
08013B00: 8813   LDRH/STRH

 r0:00000000   r1:03001150   r2:030011D4   r3:00000000
 r4:00000100   r5:00000000   r6:03001138   r7:03001100
 r8:00000000   r9:00000000  r10:00000000  r11:0000001F
r12:00000000  r13:03007EA8  r14:08013A3F  r15:08013B06
cpsr: 0000003F ------- Thm System
spsr: 0000003F ------- Thm System
Cycle: 197613
08013B02: 3301   Move/compare/add/sub #imm

 r0:00000000   r1:03001150   r2:030011D4   r3:00000001
 r4:00000100   r5:00000000   r6:03001138   r7:03001100
 r8:00000000   r9:00000000  r10:00000000  r11:0000001F
r12:00000000  r13:03007EA8  r14:08013A3F  r15:08013B08
cpsr: 0000003F ------- Thm System
spsr: 0000003F ------- Thm System
Cycle: 197614
08013B04: 8013   LDRH/STRH

 r0:00000000   r1:03001150   r2:030011D4   r3:00000001
 r4:00000100   r5:00000000   r6:03001138   r7:03001100
 r8:00000000   r9:00000000  r10:00000000  r11:0000001F
r12:00000000  r13:03007EA8  r14:08013A3F  r15:08013B0A
cpsr: 0000003F ------- Thm System
spsr: 0000003F ------- Thm System
Cycle: 197616
08013B06: 4A09   PC-relative load

 r0:00000000   r1:03001150   r2:0300121C   r3:00000001
 r4:00000100   r5:00000000   r6:03001138   r7:03001100
 r8:00000000   r9:00000000  r10:00000000  r11:0000001F
r12:00000000  r13:03007EA8  r14:08013A3F  r15:08013B0C
cpsr: 0000003F ------- Thm System
spsr: 0000003F ------- Thm System
Cycle: 197624
08013B08: 4B01   PC-relative load

 r0:00000000   r1:03001150   r2:0300121C   r3:00000001
 r4:00000100   r5:00000000   r6:03001138   r7:03001100
 r8:00000000   r9:00000000  r10:00000000  r11:0000001F
r12:00000000  r13:03007EA8  r14:08013A3F  r15:08013B0E
cpsr: 0000003F ------- Thm System
spsr: 0000003F ------- Thm System
Cycle: 197635
08013B0A: 8013   LDRH/STRH

 r0:00000000   r1:03001150   r2:0300121C   r3:00000001
 r4:00000100   r5:00000000   r6:03001138   r7:03001100
 r8:00000000   r9:00000000  r10:00000000  r11:0000001F
r12:00000000  r13:03007EA8  r14:08013A3F  r15:08013B10
cpsr: 0000003F ------- Thm System
spsr: 0000003F ------- Thm System
Cycle: 197640
08013B0C: BDE0   PUSH/POP registers

 r0:00000000   r1:03001150   r2:0300121C   r3:00000001
 r4:00000100   r5:00000B57   r6:68736D53   r7:00000000
 r8:00000000   r9:00000000  r10:00000000  r11:0000001F
r12:00000000  r13:03007EB8  r14:08013A3F  r15:030001C1
cpsr: 0000003F ------- Thm System
spsr: 0000003F ------- Thm System
Cycle: 197648
030001BD: 46AE   MOV LR, R5

 r0:00000000   r1:03001150   r2:0300121C   r3:00000001
 r4:00000100   r5:00000B57   r6:68736D53   r7:00000000
 r8:00000000   r9:00000000  r10:00000000  r11:0000001F
r12:00000000  r13:03007EB8  r14:00000B57  r15:030001C3
cpsr: 0000003F ------- Thm System
spsr: 0000003F ------- Thm System
Cycle: 197649
030001BF: 4778   BX PC

 r0:00000000   r1:03001150   r2:0300121C   r3:00000001
 r4:00000100   r5:00000B57   r6:68736D53   r7:00000000
 r8:00000000   r9:00000000  r10:00000000  r11:0000001F
r12:00000000  r13:03007EB8  r14:00000B57  r15:030001C6
cpsr: 0000003F ------- Thm System
spsr: 0000003F ------- Thm System
Cycle: 197652
030001C2: E10F   Unconditional branch

 r0:00000000   r1:03001150   r2:0300121C   r3:00000001
 r4:00000100   r5:00000B57   r6:68736D53   r7:00000000
 r8:00000000   r9:00000000  r10:00000000  r11:0000001F
r12:00000000  r13:03007EB8  r14:00000B57  r15:030003E8
cpsr: 0000003F ------- Thm System
spsr: 0000003F ------- Thm System
Cycle: 197655
030003E4: 00E0   MOV Shifted reg

 r0:00000800   r1:03001150   r2:0300121C   r3:00000001
 r4:00000100   r5:00000B57   r6:68736D53   r7:00000000
 r8:00000000   r9:00000000  r10:00000000  r11:0000001F
r12:00000000  r13:03007EB8  r14:00000B57  r15:030003EA
cpsr: 0000003F ------- Thm System
spsr: 0000003F ------- Thm System
Cycle: 197656
030003E6: 1895   ADD/SUB

 r0:00000800   r1:03001150   r2:0300121C   r3:00000001
 r4:00000100   r5:06002438   r6:68736D53   r7:00000000
 r8:00000000   r9:00000000  r10:00000000  r11:0000001F
r12:00000000  r13:03007EB8  r14:00000B57  r15:030003EC
cpsr: 0000003F ------- Thm System
spsr: 0000003F ------- Thm System
Cycle: 197657
030003E8: 8195   LDRH/STRH

 r0:00000800   r1:03001150   r2:0300121C   r3:00000001
 r4:00000100   r5:06002438   r6:68736D53   r7:00000000
 r8:00000000   r9:00000000  r10:00000000  r11:0000001F
r12:00000000  r13:03007EB8  r14:00000B57  r15:030003EE
cpsr: 0000003F ------- Thm System
spsr: 0000003F ------- Thm System
Cycle: 197659
030003EA: E0C9   Unconditional branch

 r0:00000800   r1:03001150   r2:0300121C   r3:00000001
 r4:00000100   r5:06002438   r6:68736D53   r7:00000000
 r8:00000000   r9:00000000  r10:00000000  r11:0000001F
r12:00000000  r13:03007EB8  r14:00000B57  r15:03000584
cpsr: 0000003F ------- Thm System
spsr: 0000003F ------- Thm System
Cycle: 197662
03000580: 39A1   Move/compare/add/sub #imm

 r0:00000800   r1:030010AF   r2:0300121C   r3:00000001
 r4:00000100   r5:06002438   r6:68736D53   r7:00000000
 r8:00000000   r9:00000000  r10:00000000  r11:0000001F
r12:00000000  r13:03007EB8  r14:00000B57  r15:03000586
cpsr: 2000003F --C---- Thm System
spsr: 2000003F --C---- Thm System
Cycle: 197663
03000582: E072   Unconditional branch

 r0:00000800   r1:030010AF   r2:0300121C   r3:00000001
 r4:00000100   r5:06002438   r6:68736D53   r7:00000000
 r8:00000000   r9:00000000  r10:00000000  r11:0000001F
r12:00000000  r13:03007EB8  r14:00000B57  r15:0300066E
cpsr: 2000003F --C---- Thm System
spsr: 2000003F --C---- Thm System
Cycle: 197666
0300066A: 2041   Move/compare/add/sub #imm

 r0:00000041   r1:030010AF   r2:0300121C   r3:00000001
 r4:00000100   r5:06002438   r6:68736D53   r7:00000000
 r8:00000000   r9:00000000  r10:00000000  r11:0000001F
r12:00000000  r13:03007EB8  r14:00000B57  r15:03000670
cpsr: 2000003F --C---- Thm System
spsr: 2000003F --C---- Thm System
Cycle: 197667
0300066C: 3121   Move/compare/add/sub #imm

 r0:00000041   r1:030010D0   r2:0300121C   r3:00000001
 r4:00000100   r5:06002438   r6:68736D53   r7:00000000
 r8:00000000   r9:00000000  r10:00000000  r11:0000001F
r12:00000000  r13:03007EB8  r14:00000B57  r15:03000672
cpsr: 0000003F ------- Thm System
spsr: 0000003F ------- Thm System
Cycle: 197668
0300066E: E072   Unconditional branch

 r0:00000041   r1:030010D0   r2:0300121C   r3:00000001
 r4:00000100   r5:06002438   r6:68736D53   r7:00000000
 r8:00000000   r9:00000000  r10:00000000  r11:0000001F
r12:00000000  r13:03007EB8  r14:00000B57  r15:0300075A
cpsr: 0000003F ------- Thm System
spsr: 0000003F ------- Thm System
Cycle: 197671
03000756: E8B1   Invalid thumb instruction

DaveTCode commented 2 years ago

In other words, we ended up running code in RAM from a POP instruction at 0x08013B0C. Massive red flag is that the next instruction is ostensibly 030001BD which is mis-aligned!

I've had problems with writing to R[15] not always getting aligned to a thumb/arm boundary before and that's what's happening here. LDM which includes R[15] is not masking R[15] properly. Should be an easy fix :) - if a bit stupid

DaveTCode / GBADotnet

Small handful of games hitting exception during boot #45