Post subject: SMSHawk emulation bugs
MESHUGGAH
Other
Skilled player (1918)
Joined: 11/14/2009
Posts: 1353
Location: 𝔐𝔞𝔤𝑦𝔞𝔯
A picture of the console: https://wiki.dolphin-emu.org/images/2/22/SMS-Console.png 1. Pause button The pause button seems to be game dependent. - In Batman Returns you can spam pause after the 59th frame to effectively reduce the waiting time 1 frame per 2 frames of pressing p (P, empty) User movie #38852237008685032 edit: TwoMbit doesn't have this feature (game loads at same time) - In Zool it only have effect after a game started from the menu. You can use pause on lag frames User movie #38849945715866984 edit: TwoMbit acts same! - In Wonder Boy, you can't use pause on lag frames. 2. Reset button The reset button seems to be game dependent. - In Zoom 909 and Zool it has no use (TwoMbit has a reset button in the file menu and it works, but maybe it's a fake power on?) - In Batman Returns and Wonder Boy (UE) you can't reset on lag frames
PhD in TASing 🎓 speedrun enthusiast ❤🚷🔥 white hat hacker ▓ black box tester ░ censorships and rules...
Post subject: Re: SMSHawk emulation bugs
Alyosha
He/Him
Editor, Emulator Coder, Expert player (3822)
Joined: 11/30/2014
Posts: 2832
Location: US
It took quite a bit of digging, but all of this is actually correct.
1. Pause button The pause button seems to be game dependent. - In Batman Returns you can spam pause after the 59th frame to effectively reduce the waiting time 1 frame per 2 frames of pressing p (P, empty) User movie #38852237008685032 edit: TwoMbit doesn't have this feature (game loads at same time)
To understand what's happening here, you first have to realize that the 'pause' button on SMS is actually tied to a non-maskable interrupt. The routine the game is doing is decrementing a counter at $DFE7. The problem is that the decrement happens once per interrupt. So when you press pause every other frame, you get 2 decrements on frames with the pause (1 for NMI and one for VBlank.) The obvious question is then why doesn't TwoMbit have this effect? Well I'm not 100% sure but if they happened to poll input at vblank, what would happen is that the NMI would happen first and then immediately the Vblank IRQ would happen before the decrement could take place. Actually, with subframe inputs there would be enough time to decrement the counter in only a couple of frames. I'm not sure if this would make the game crash though.
- In Zool it only have effect after a game started from the menu. You can use pause on lag frames User movie #38849945715866984 edit: TwoMbit acts same!
This is because Pause is an NMI and not effected by lag.
- In Wonder Boy, you can't use pause on lag frames.
NMI always happens, but depending on the state of the RAM it could have no effect.
2. Reset button The reset button seems to be game dependent. - In Zoom 909 and Zool it has no use (TwoMbit has a reset button in the file menu and it works, but maybe it's a fake power on?) - In Batman Returns and Wonder Boy (UE) you can't reset on lag frames.
Reset on the other hand, is treated as a normal controller input. So if the controller is not being read, the reset won't work. Strange stuff. I'm not sure what TwoMbit is doing exactly but it seems like it's just doing a power cycle. Here is some great SMS info: https://pastebin.com/raw/eU8E2nKi
Post subject: Re: SMSHawk emulation bugs
Editor, Emulator Coder, Site Developer
Joined: 5/11/2011
Posts: 1108
Location: Murka
Alyosha wrote:
NMI always happens, but depending on the state of the RAM it could have no effect.
Indeed. One simple example would be if the NMI service routine simply set a flag in RAM that would only be acted on when the controllers were read. The lag frame system is a nice TASer's convenience, but the only thing we'd be able to do on SMS is simply disable it entirely.
MESHUGGAH
Other
Skilled player (1918)
Joined: 11/14/2009
Posts: 1353
Location: 𝔐𝔞𝔤𝑦𝔞𝔯
For future references, many up to date docs can be foun on the internet. According to the Reset and Pause articles, your answers and behaviour seems right (pausing on lag frames, reset button software dependency). According to SMS technology manual's "Overview" part: the reset button is only present on the SMS but Japanese SMS, SMS 2 (a reduced/cheaper version of SMS), SMS 3 (Brazilian version 2006). So it's probable some devs forgot about the reset button. edit: All consoles list here.. Japanese Mark 3 without reset, Japanese SMS with reset, SMS 2 without reset, Brazilian without reset The pause button is present on all console and the Batman Begins is easily reproducible if someone mashes the pause button after the first, blue screen.
PhD in TASing 🎓 speedrun enthusiast ❤🚷🔥 white hat hacker ▓ black box tester ░ censorships and rules...
MESHUGGAH
Other
Skilled player (1918)
Joined: 11/14/2009
Posts: 1353
Location: 𝔐𝔞𝔤𝑦𝔞𝔯
More edge scenario examples for 1. Pausing: - SG-1000 Bank Panic has a very similar pause glitch as SMS Batman Returns (this time it's more of 1 frame reduce per 3 frames with P, emtpy, P) - In SG-1000 Gulkave, pressing pause once after starting the game saves 1 frame (same as Zoom 909) - In SG-1000 Ninja Princess, pressing pause before starting the game (44th frame P in TAStudio) won't let you progress, requiring you to power off the console. edit: similar games with SEGA intro doesn't have lag frames after showing logo, making it easier to compare what makes this bug (seems like game developer oversight) 3. SG-1000 (and II and III) has no visible reset button, but SMSHawk let's you input it. http://segaretro.org/SG-1000_consoles, image with manual: http://segaretro.org/images/1/13/Grandstand_SG-1000_NZ_Photo9.JPG It has no visible effect which should be correct. Tested Zippy Race, Zaxxon, Yamato, Wonder Boy, Super Tank, Ninja Princess, H.E.R.O., Gulkave, Sega Galaga, Ninja Gaiden... However... The reset button first came in the form of SC-3000, the computer version of SG-1000 released in 1983 which able to play SG-1000. So... one could try it out if the reset button has impact. edit2: from the SC-3000 doc, check image from SC-3000 link above edit)
The SC-3000H has a 64-key keyboard, and two gamepad ports. One of the keys is called "RESET" and generates a NMI on the Z80 when pressed.
And according to the wiki page, you can play SG-1000 titles on SMS and SC-3000 (both has reset button).
PhD in TASing 🎓 speedrun enthusiast ❤🚷🔥 white hat hacker ▓ black box tester ░ censorships and rules...
MESHUGGAH
Other
Skilled player (1918)
Joined: 11/14/2009
Posts: 1353
Location: 𝔐𝔞𝔤𝑦𝔞𝔯
Thought I should add my new observations / questions here instead of github for discussion. 1. Some games (mostly ROMs marked with K as Korea from GoodSMS) either skips the BIOS or does something different...? My Hero (UEB) [!].sms shows bios Seishyun Scandal (J) [!].sms shows a SEGA MARK III logo Ttoriui Moheom (K).sms shows some text I've thought it has something with "if region Export then load bios" and "if region Japan skip BIOS". However, Nemesis (K).sms never loads the BIOS. My primary question would be... shouldn't the setting of "Enable BIOS" override Region setting? Or it also depends on being eiher multivison/sg-1000/sc-7000...? 2. For whatever reason when trying to corrupting the memory, seeking in TAStudio is near impossible because it also gets corrupted and I need to resync from more then 1000 frames. Examples: Ys Omen TAS, Kuni-chan no Game Tengoku Part 2. Link to Kuni-chan example movie: User movie #43397617494297324 What you should observe, is that inserting/removing a frame before the L+R (which crashes the game if you have more than 0 speed) corrupts the memory even after seeking back hundreds of frame. 3. Some Games (same as 1, Korean ROMs) start the BIOS, and show a 3 step thingy. Maybe I have a bad BIOS? Power Boggle Boggle (K).sms Loletta no Syouzou (J) [!].sms (note: it's japan) edit: 4. Settings bug?! A. Settings: use BIOS, Auto region, Auto display. B. Checked this ROM that skipped BIOS: Line of Fire (EBK) [!].sms C. I was confused because it's recognized as (E) so it should be Export. I check the settings, BIOS, Auto region, Auto display. Changing it to Export and restarting core (CTRL+R) D. It shows the BIOS fine. I go back to Auto region. CTRL+R. It shows the BIOS? I have no idea how this happened.
PhD in TASing 🎓 speedrun enthusiast ❤🚷🔥 white hat hacker ▓ black box tester ░ censorships and rules...
Alyosha
He/Him
Editor, Emulator Coder, Expert player (3822)
Joined: 11/30/2014
Posts: 2832
Location: US
1,3,4: I remember seeing something about how Korean stuff is unique, but I haven't gotten a chance to really study it. That and the BIOS stuff I will sort out at some point. They aren't high priority but I'll keep it on my todo list. 2: Man, this one was tough to track down. Subtly wrong savestate bugs like this are always a headache. It's fixed now though, make sure to clear out your greenzones after getting the dev build.
MESHUGGAH
Other
Skilled player (1918)
Joined: 11/14/2009
Posts: 1353
Location: 𝔐𝔞𝔤𝑦𝔞𝔯
Thank you Alyosha for figuring out things :) For the record, I write down my BIOSes for 4.: SMS Export SMS Bios (USA/Export) SMS BIOS 1.3 (USA, Europe) [BIOS] Sega Master System (USA) (v1.3) [ b ].sms 8192 sha1:C315672807D8DDB8D91443729405C766DD95CAE7 SMS Japan SMS Bios (Japan) SMS BIOS 2.1 (Japan) [BIOS] Sega Master System (Japan) (v2.1).sms 8192 sha1:A8C1B39A2E41137835EDA6A5DE6D46DD9FADBAF2 Note that I had [ b ] for USA/Export, this would explain the "3 step thingy" https://i.ytimg.com/vi/vCciHqVhbqQ/maxresdefault.jpg Also note that there's a lot of other BIOSes. No linking.
PhD in TASing 🎓 speedrun enthusiast ❤🚷🔥 white hat hacker ▓ black box tester ░ censorships and rules...
Challenger
He/Him
Skilled player (1689)
Joined: 2/23/2016
Posts: 1062
I noted a bug on Kenseiden: if you pause this game with this boss: https://www.youtube.com/watch?v=yHaPzZppwwA (I tested only him. Probably can be occur with another boss) Since I have the dega emulator, I also tested and the bug doesn't occur.
My homepage --Currently not much motived for TASing as before...-- But I'm still working.
Alyosha
He/Him
Editor, Emulator Coder, Expert player (3822)
Joined: 11/30/2014
Posts: 2832
Location: US
Do you have a movie file? I can make sure nothing is going awry in the emulation. Seems like this one would also be good to test on console as a pretty obivous case.
Challenger
He/Him
Skilled player (1689)
Joined: 2/23/2016
Posts: 1062
Well, I only recorded avi. But I recreated this pause bug. I tested on the other bosses and I found only 3 bosses with this mess: Same boss above (third boss): http://dehacked.2y.net/microstorage.php/info/183134623/Kenseiden-bug-pause-third-boss.bk2 Another boss: http://dehacked.2y.net/microstorage.php/info/1231143950/Kenseiden-bug-pause-another-boss.bk2 And the last boss: http://dehacked.2y.net/microstorage.php/info/346715547/Kenseiden-bug-pause-last-boss.bk2 And the test on third boss on dega 1.16 MAME core: http://dehacked.2y.net/microstorage.php/info/1829523819/Kenseiden-third-boss-dega.mmv I also tested with some other versions of BizHawk [1.11.4 (the most earlier version that I still have), 1.12.0 and 2.2] and the problem is still present.
My homepage --Currently not much motived for TASing as before...-- But I'm still working.
Alyosha
He/Him
Editor, Emulator Coder, Expert player (3822)
Joined: 11/30/2014
Posts: 2832
Location: US
Ok, so once again this behaviour is a consequence of where we choose to process input. What's happening here is that the NMI generated by the pause button is delaying processing of the first IRQ from the scanline interrupt. What's supposed to happen on the first interrupt is the game changes the value that the scanline counter is reloaded to. The intended sequence is:
HINT (at HINT, the counter is reloaded to the value in register 10, currently 0)
IRQ1 (to set register 10 to 173, at the end of the frame.)
HINT (since the counter was reloaded with 0, we get another IRQ)
IRQ2 (do frame stuff, we won't get another IRQ until SL=175)
But, since we get just enough of a delay from NMI, instead what happens is:
NMI
HINT
IRQ1 starts, but doesn't update the counter yet!
HINT (the counter gets reloaded to 0 a second time!)
IRQ1 ends
IRQ2 starts (this is the second IRQ that processes frame stuff.)
HINT (another HINT , but NOW the counter is reloaded to 173)
IRQ2 ends
IRQ3 (the glitchy one, which happens because of the extra counter reload)
So, that's pretty much it. Once again, if we had chosen to process input at VBlank, like most other emulators (and most other BizHawk cores) we would not see this glitch. It's also not something you'd likely ever see on console. You basically have a ~300 CPU cycle window to hit this glitch! :)
Site Admin, Skilled player (1254)
Joined: 4/17/2010
Posts: 11478
Location: Lake Char­gogg­a­gogg­man­chaugg­a­gogg­chau­bun­a­gung­a­maugg
SMS movie should store the hash of firmware used when it was recorded.
Warning: When making decisions, I try to collect as much data as possible before actually deciding. I try to abstract away and see the principles behind real world events and people's opinions. I try to generalize them and turn into something clear and reusable. I hate depending on unpredictable and having to make lottery guesses. Any problem can be solved by systems thinking and acting.
Alyosha
He/Him
Editor, Emulator Coder, Expert player (3822)
Joined: 11/30/2014
Posts: 2832
Location: US
feos wrote:
SMS movie should store the hash of firmware used when it was recorded.
It is stored in the movie header, or do you mean something else? I just added suport for korean BIOS. I'll try to make region choice a little more clear cut as well going forward.
Site Admin, Skilled player (1254)
Joined: 4/17/2010
Posts: 11478
Location: Lake Char­gogg­a­gogg­man­chaugg­a­gogg­chau­bun­a­gung­a­maugg
They key is reporting BIOS mismatch to the user. Usually it's done in the play movie dialog.
Warning: When making decisions, I try to collect as much data as possible before actually deciding. I try to abstract away and see the principles behind real world events and people's opinions. I try to generalize them and turn into something clear and reusable. I hate depending on unpredictable and having to make lottery guesses. Any problem can be solved by systems thinking and acting.
Alyosha
He/Him
Editor, Emulator Coder, Expert player (3822)
Joined: 11/30/2014
Posts: 2832
Location: US
Hmm, ok I'll take a look.
MESHUGGAH
Other
Skilled player (1918)
Joined: 11/14/2009
Posts: 1353
Location: 𝔐𝔞𝔤𝑦𝔞𝔯
(Couldn't find any appropriate thread where this should be posted instead) I saw that http://tasvideos.org/5339S.html uses NTSC (60 fps) because the game is released also in Brazil. While there is http://tasvideos.org/4208S.html using PAL (50 fps) and also identified as an (E) ROM while it's actually also USA in the submission (while I only found an EBK, Europe Brazil Korea). Now the "maybe bug but have no idea": - using NTSC region (for 60 fps) for Aladdin, many frames' input denied but pause (something like 30% randomly) - I probably experienced the same only once in thousands of frames using PAL for Aladdin (and maybe it was a random bug) So... explanation? How am I supposed which region should and allowed to use? User movie #44651887238440612 - NTSC movie with some frames listed where input does nothing edit: more info SMS Aladdin with NTSC: - Input works correctly until starting the game. The 1st cutscene already has the input issue. - Input works correctly in the test mode (Press Up, Right, Down, Left, Up, Right, Down, Left at the title screen to acces a test menu which contains several options, including a level select and music test.) - The input denied frames doesn't seem to have a pattern. edit2: video showing NTSC bug, for example when it polled 5 times/frame (event.oninputpoll) and the next frame only 1 time, the input is denied. Added PAL to see difference. Link to video edit3: this issue doesn't happens with SMS Tom and Jerry, both PAL and NTSC has the same type of polling rate (1, 1, 1, 3 per frames after gameplay started)
PhD in TASing 🎓 speedrun enthusiast ❤🚷🔥 white hat hacker ▓ black box tester ░ censorships and rules...
Alyosha
He/Him
Editor, Emulator Coder, Expert player (3822)
Joined: 11/30/2014
Posts: 2832
Location: US
https://segaretro.org/ Sega Retro is an excellent resource for this kind of thing. It gives a lot of valuable information about which titles are released where as well as a lot of other neat facts. I'll look at that specific case when I have more time.
fsvgm777
She/Her
Senior Publisher, Player (226)
Joined: 5/28/2009
Posts: 1214
Location: Luxembourg
Alyosha wrote:
I just added suport for korean BIOS. I'll try to make region choice a little more clear cut as well going forward.
Not sure if it's intentional, but I don't seem to be able to access the Korean BIOS in any way on the latest interim builds?
Steam Community page - Bluesky profile Oh, I'm just a concerned observer.
Alyosha
He/Him
Editor, Emulator Coder, Expert player (3822)
Joined: 11/30/2014
Posts: 2832
Location: US
fsvgm777 wrote:
Alyosha wrote:
I just added suport for korean BIOS. I'll try to make region choice a little more clear cut as well going forward.
Not sure if it's intentional, but I don't seem to be able to access the Korean BIOS in any way on the latest interim builds?
Make sure you have 'Region' set to auto. This will(should) then automatically boot with Korean bios for games recognized as korean ROMs in the game db. EDIT: Regarding Aladdin, it appears to be only a EU ROM. The game doesn't appear to have been released in the US. It does have a Korean release, but I'm not sure if the ROM is any different (I can't find a specifically korean one.)
MESHUGGAH
Other
Skilled player (1918)
Joined: 11/14/2009
Posts: 1353
Location: 𝔐𝔞𝔤𝑦𝔞𝔯
I can somewhat confirm that Aladdin is Export only. This is how I try now to check regions for other SMS games: - Region settings should reflect what the ROM has in it's headers ($4 SMS Export in this case for all ROMs I've found) - Using event.oninputpoll (which I guess implemented differently for each core), the 5 polls must be avoided, as this should only appear when you used wrong settings So even though many sites says Aladdin was released to other regions and ROM names has their flags, it seems to be inaccurate. edit: some examples of the bad settings: ONLY PAL! (5 polls (instead of 1-3) or 3 polls (instead of 1-2) when used in NTSC) Aladdin, Alien 3, Air Rescue CAN BE NTSC (1st level gameplay has same polling rate albeit being Europe) Alien Storm, Tom and Jerry edit: Some new informations: - There are SMS games with only PAL while GG with NTSC, example: Ariel, Asterix and the Great Mision - There are GG games with only PAL (but there is no display type change for GG so it's 60fps), example: Asterix and the Secret Mission - Bram Stroker's Dracula SMS E (PAL) but GG has both regions - I couldn't find anywhere about Game Gear being region dependent, yet I found many different regions for most of the Game Gear games edit3: TASes published using the erroneous setting (NTSC for a Europe ROM resulting in fluctuating input poll which makes input denied): [2920] SMS Danan: The Jungle Fighter by Aqfaq in 07:18.15 - SMS Export, only European (with Brazil) ROM found, has input denied issue when using NTSC edit4: So it seems that if a game has a constant half rate gameplay, there won't be input denied issue. Some movies that uses European ROM but plays on 60hz listed below [2271] SMS Astérix by Johnnypoiro in 26:20.57 - SMS Export, only European (with Brazil) ROM found, 1.0, however there is no input deny in 1st level because every even frame is lag frame [2834] SMS Batman Returns by mamuuuut in 01:38.24 - SMS Export, only European (with Brazil) ROM found, however there is no input deny in 1st level because every even frame is lag frame [2985] SMS Cheese Cat-Astrophe Starring Speedy Gonzales by Mephistus & Really_Tall in 13:07.26 - SMS Export, only European (with Brazil) ROM found, however there is no input deny in 1st level because every even frame is lag frame edit5: TwoMbit tests: - from readme: "- there are a few pal games which have glitches playing with us/jp region selected. These are no emulation bugs. It behaves the same at a real system." - also note TwoMbit has option to select between SMS1 and SMS2 unit - there's 3 region settings: Japan, Europe, USA (and Auto) - since there's no frame stepping, I couldn't test the input denied issue - Game Gear games seems to be always 60hz final edit: According to many sites of sega gamers, these are my conclusions: - GG is always 60hz - SMS1 and SMS2 only differs from the VDP and one minimal change - Brazilian SMS is supposed to be PAL-M, 60hz, however some people commented on having 50hz... This will be a task for someone to track down. This might be an inaccurate fact! - There are carts that don't fit into other region's unit - There are PAL games that has glitches when playing in a NTSC system Some of the known issues from internet of PAL on NTSC (PM me for links or more entries):
Addams Family, The 
Alien 3
Back to the Future Part II
Back to the Future Part III 
Battlemaniacs 
Bart vs. the Space Mutants
Bram Stoker's Dracula 
California Games II 
Cosmic Spacehead 
Desert Strike 
Excellent Dizzy Collection, The 
Fantastic Dizzy 
Home Alone 
Micro Machines 
Operation Wolf 
Predator 2 
Quest for the Shaven Yak 
RoboCop 3 
Sensible Soccer 
Shadow Dancer - The Secret of Shinobi 
Shadow of the Beast 
Sonic Blast 
Sonic The Hedgehog 2 
Space Harrier (some versions) 
Street Fighter II 
Super Smash TV 
Taito Chase H.Q. 
The Newzealand Story 
The Simpsons Bart vs the Space Mutants 
Xenon 2
Now I can post my question in the Ask a Judge thread regarding 60hz for PAL games on SMS.
PhD in TASing 🎓 speedrun enthusiast ❤🚷🔥 white hat hacker ▓ black box tester ░ censorships and rules...
Challenger
He/Him
Skilled player (1689)
Joined: 2/23/2016
Posts: 1062
I forget to mention for a year, but on the japanese version rom of Wonder Boy in Monster Land, when choosing FM sound, instead of playing this sound, it plays PSG ("normal") sound instead. This is also present in the previous versions of BizHawk.
My homepage --Currently not much motived for TASing as before...-- But I'm still working.
Alyosha
He/Him
Editor, Emulator Coder, Expert player (3822)
Joined: 11/30/2014
Posts: 2832
Location: US
Can't find the (J) version. What's the hash? With that I can add it to the DB.
Challenger
He/Him
Skilled player (1689)
Joined: 2/23/2016
Posts: 1062
Alyosha wrote:
Can't find the (J) version. What's the hash? With that I can add it to the DB.
The (J) version has a different name: Super Wonder Boy - Monster World. And the rom I have is: "Super Wonder Boy - Monster World (J) (V1.0) [!].sms" This game is compatible with FM sound (like several other SMS games released on Japan), but regardless if the FM is enabled or not, it plays the "normal" sound instead [unlike the dega emulator, and the (UE) rom version].
My homepage --Currently not much motived for TASing as before...-- But I'm still working.
Alyosha
He/Him
Editor, Emulator Coder, Expert player (3822)
Joined: 11/30/2014
Posts: 2832
Location: US
Ah, ok it's fixed.