What is arbitrary code execution (ACE) and how does it affect speedrunning?
There has been a lot of records being set in The Legend of Zelda: Ocarina of Time within the last couple of weeks or so. A lot of these records keep stating that "ACE" is the reason for this. I have read that "ACE" stands for Arbitrary Code Execution, but why is ACE all of sudden now setting incredible records?
From an article I've read ACE can be described as...
This means that the game can be forced to load and execute a save file name as if it is game code — so using a save file name that is game code can access parts of the game left over from its development and testing.
So basically within a series of in-game inputs, you can use a filename in order to run some development code left over?
Best Answer
I'm not 100% sure about the inner workings of various assemblers and processors, but I'm attempting as best as I can to explain, how I understand it
Let's say the machine instructions to perform a map transition / warp is some value, for example AC.
Let's say, this instruction takes a value to decide where to warp the player. For example, the final boss room has value C8.
So if you tell your game to call the routine to execute AC C8, it knows that it should teleport the player to the final boss.
Now, assume you have some inventory mechanism that saves items by their id. A bomb has id C8 and a stick has id AC.
Assume the data for the inventory is laid out sequentially, so having a stick first and then a bomb is represented as AC C8 as well.
Now "all you need to do" is to trick the program into jumping to a wrong location while it tries to execute some kind of action. This is usually done by the "program counter" which points to the address of the instruction to execute.
If you manage to manipulate the program counter to point to the start of your inventory instead of the address it normally should point to, the program will now read the data from your inventory, but treats it as executable code instead. So since your inventory contains "stick, bomb" the data that will be read is AC C8, which causes the program to warp you to the boss room now.
I think something like this is usually achieved by corrupting parts of the memory or somthing similar. The section of memory that is corrupted contains "nonsensical" data now, but can still be executed.
I'd say, a good example of how all of this can be exploited is shown here: How to beat Pokemon Yellow in 0:00
Pictures about "What is arbitrary code execution (ACE) and how does it affect speedrunning?"
What is arbitrary code execution speedrun?
Arbitrary code execution allows speedrunners to force the game to load filenames as game code. Runners also used ACE to complete the game in under 13 minutes by warping to the end credits, load items into treasure chests, or change their physical positions.What is arbitrary code execution in games?
Arbitrary code execution is an advanced glitch present in various Pok\xe9mon games that, when performed, allows the player to theoretically run any code they desire on the console.What is ace in Speedrunning?
Arbitrary Code Execution (ACE) In speedrunning ACE stands for arbitrary code execution and means to use a series of inputs and in-game actions to manipulate the code of the game to produce an unintended outcome.How does ACE work in Ocarina of Time?
Arbitrary Code Execution (ACE) is now possible in OoT. For the uninitiated, ACE essentially means that you can craft your own assembly instructions, allowing for total control of the game.45sec SMW Credits Warp Explained
Sources: Stack Exchange - This article follows the attribution requirements of Stack Exchange and is licensed under CC BY-SA 3.0.
Images: Lukas, hitesh choudhary, Jonas Svidras, Negative Space