Since nobody else has replied...
n6 wrote:
1. after how many PPU cycles is the actual read made in an opcode (is it same for all read opcodes)
Each CPU cycle performs either 1 read or 1 write. LDA $2002 is 4 cycles, and therefore performs 4 reads (1 to read the opcode, 1 for the low byte of address, 1 for high byte of address, and one read from the assembled address ($2002)). So in the case of LDA absolute -- the actual $2002 read is the very last read performed (on the 4th cycle of the instruction).
This doc:
http://nesdev.com/6502_cpu.txt lays out which reads/writes are performed and when for every instruction (even "illegal" ones). As well as other things the CPU is doing during that time. (Scroll down 75% of the way through the doc)
Quote:
2. My solution for test 8 in the vbl_timing was to in my "Read PPU Status" I check if ppu-clock equals to 89341 then suppress the flag!
is this a hack?
I wouldn't call it a hack. It's a special case scenario. There's really no other way to emulate it other than to check for a reads on a specific cycle and change the behavior accordingly.
Quote:
3. when is vblank-flag actually set?
Immediately at the start of VBlank.
Code:
|--idle scanline--| |-- VBlank --|
336-337-338-339-340-000-001-002-003-004
^
|
$2002.7 goes high
I.E., on cycle 340 it would be clear, and on 0 it would be set
Quote:
isnt that exactly at the time as NMI is called (if enabled)
NMI is triggered by $2002.7 going high when $2000.7 is high (and vice versa) -- so yes. Although there is a slight (~2 CPU cycle) delay between when the NMI is triggered and when the NMI handler is invoked. I'm still a little fuzzy on the details of why. Byuu explained it all in this thread:
http://nesdev.com/bbs/viewtopic.php?t=1695
In that thread we were speaking about IRQs, but the same thing seems to happen for NMIs as well.