Editing PS2 Emulation

Jump to navigation Jump to search
Warning: You are not logged in. Your IP address will be publicly visible if you make any edits. If you log in or create an account, your edits will be attributed to your username, along with other benefits.

The edit can be undone. Please check the comparison below to verify that this is what you want to do, and then publish the changes below to finish undoing the edit.

Latest revision Your text
Line 520: Line 520:
| ee_ram        ||  0x100000000 || 0x64000E000000 || 0x2000000( 32 MB) || 0x0000000000000001  0000000000000000 || 0x3C00000 - 0x4000000, 0x8000000 - 0x9C00000
| ee_ram        ||  0x100000000 || 0x64000E000000 || 0x2000000( 32 MB) || 0x0000000000000001  0000000000000000 || 0x3C00000 - 0x4000000, 0x8000000 - 0x9C00000
|-                                                                                                                   
|-                                                                                                                   
| ee_jit_code  ||  0xD00000000 || 0x680024000000 || 0x3000000( 48 MB) || 0x8000000000000001  0000000000000003 || 0xBC00000 - 0xEC00000
| ee_jit_code  ||  0xD00000000 || 0x680024000000 || 0x3000000( 48 MB) || 0x8000000000000001  0000000000000003 || 0xBC00000 - 0xEB00000
|-                                                                                                                   
|-                                                                                                                   
| vu0_jit_code  ||  0xD08000000 || 0x580000800000 ||  0x400000(  4 MB) || 0x8000000000000001  0000000000000003 || 0x900000 - 0xC00000
| vu0_jit_code  ||  0xD08000000 || 0x580000800000 ||  0x400000(  4 MB) || 0x8000000000000001  0000000000000003 || 0x900000 - 0xC00000
Line 1,920: Line 1,920:
| Unmapped write only EE memory (confirmed only for SIF) || Reads/Writes to 0x2000000+ shouldn't throw bus error on dma transfers. Write should be performed as successful, memory should stay unchanged. Reads should return 0. || Games developed by In Utero, while creating initial save file, send DMA where address is EE stack pointer. At the time of transfer start $sp is too high, and requested transfer size make MADR overflow above 0x2000000 at some point. This is game bug, and happen also on real hardware. Fixed by config.
| Unmapped write only EE memory (confirmed only for SIF) || Reads/Writes to 0x2000000+ shouldn't throw bus error on dma transfers. Write should be performed as successful, memory should stay unchanged. Reads should return 0. || Games developed by In Utero, while creating initial save file, send DMA where address is EE stack pointer. At the time of transfer start $sp is too high, and requested transfer size make MADR overflow above 0x2000000 at some point. This is game bug, and happen also on real hardware. Fixed by config.
|-
|-
| VIF bugs || There is no correct timing, and queuing for some VIF commands like MSCAL, MSCNT. || Snowblind Engine games, Paradox games (Backyard Wrestling, Mortal Kombat: Shaolin Monks). Probably more.  
| VIF bugs || There is no correct timing, and queuing for some VIF commands like MSCAL. || Snowblind Engine games. Probably more.  
|-
|-
| XGKick is instant || Some games expect to XGKick happen few cycles in future, on PS3 is done instant. Fixed by config 0x07 which delay XGKick by selected value || WRC series, Wakeboarding Unleashed, TriAce games, World of Outlaws - Sprint Cars, Ty - The Tazmanian Tiger, dot Hack - G.U. series, and more
| XGKick is instant || Some games expect to XGKick happen few cycles in future, on PS3 is done instant. Fixed by config 0x07 which delay XGKick by selected value || WRC series, Wakeboarding Unleashed, TriAce games, World of Outlaws - Sprint Cars, Ty - The Tazmanian Tiger, dot Hack - G.U. series, and more
Line 1,935: Line 1,935:
|-
|-
| Not updated status flag when VDIV/VSQRT/VRSQRT is done on COP2 || Potential bad flag state can cause a lot of issues that are not related on first sight || Yanya Caballista (already patched by custom config)
| Not updated status flag when VDIV/VSQRT/VRSQRT is done on COP2 || Potential bad flag state can cause a lot of issues that are not related on first sight || Yanya Caballista (already patched by custom config)
|-
| VU0 recompiled microprogram hash collisions || To know that emulator don't need to recompile VU0 block, during recompilation every block is hashed. When matching hash is found, emulator use associated block instead of recompiling code again. This hash is calculated from first 4 opcodes of VU0 code in block, which is way too little to ensure unique hash for similar blocks on the same address. When collision happen emulator run totally different code than the one that should be recompiled. || Dawn of Mana, MGS3, Torus Scooby-Doo games, R-Racing Evolution, any games using cmd 0x12 subcmd 1.
|-
|-
| In corner cases emu select wrong block flags pipeline state (both VU0/EEonBE and VU1/VRC affected). || This can cause various issues, mostly SPS, missing graphic, specific slowdowns, etc. Issue seems to occur when branch/jump delay slot have opcode important for flags calculation. Theory is that cached microprogram don't include modified flags state from delay slot instruction. So when already recompiled program is fetched from pool, it will miss one cycle in fmac flags pipeline. This can be crucial in games that rely on it. || Tales of Legendia and Klonoa 2 set sticky flag bits to 0 and branch with sub.xyzw in delay slot (expecting that sub change status flag), Tamsoft engine games set sticky bits to 0 in branch delay slot, this was most ridiculous bug, because problematic branch was pointing to next opcode after delay slot, removing branch was enough. True Crime: NY is only known game where VU0 is affected by this bug. more..
| In corner cases emu select wrong block flags pipeline state (both VU0/EEonBE and VU1/VRC affected). || This can cause various issues, mostly SPS, missing graphic, specific slowdowns, etc. Issue seems to occur when branch/jump delay slot have opcode important for flags calculation. Theory is that cached microprogram don't include modified flags state from delay slot instruction. So when already recompiled program is fetched from pool, it will miss one cycle in fmac flags pipeline. This can be crucial in games that rely on it. || Tales of Legendia and Klonoa 2 set sticky flag bits to 0 and branch with sub.xyzw in delay slot (expecting that sub change status flag), Tamsoft engine games set sticky bits to 0 in branch delay slot, this was most ridiculous bug, because problematic branch was pointing to next opcode after delay slot, removing branch was enough. True Crime: NY is only known game where VU0 is affected by this bug. more..
Line 1,949: Line 1,947:
|-
|-
| IOP SIF0/1 DMA IRQs can be disabled (masked), which is not true on real hardware. || IOP interrupts 0x2A and 0x2B should always trigger. Fixed by patches to IOP code. Ps2_emu seems to be unfacted, probably handled on real hw in CXD9208GP. || Knockout Kings 2001, DOA2: Hardcore.
| IOP SIF0/1 DMA IRQs can be disabled (masked), which is not true on real hardware. || IOP interrupts 0x2A and 0x2B should always trigger. Fixed by patches to IOP code. Ps2_emu seems to be unfacted, probably handled on real hw in CXD9208GP. || Knockout Kings 2001, DOA2: Hardcore.
|-
| Break opcode unsupported (NET) || On netemu r5900 BREAK opcode with reason code 0 causes instant lv1 panic at recompilation stage. Any non 0 reason code generates PowerPC primary opcode 6 with 16 bits of reason code from r5900 BREAK. Which in simple words make 32 bit opcode 0x1800XXXX. According to available documentation this will just cause PPC Program exception, finally triggering lv1 panic. Not to mention that 16 bits is not enough to hold r5900 20 bit BREAK reason code... || Can affect every single game, but it's known to be hit in Sims 2: Castaway.
|-
| Break opcode partially unsupported (GX/SOFT) || On gxemu and softemu r5900 BREAK opcode with reason code 0 is handled correctly, recompiler emit jump to kernel exception handler, do events check, etc. Any non 0 reason code generates PowerPC primary opcode 6 with 16 bits of reason code from r5900 BREAK. Which in simple words make 32 bit opcode 0x1800XXXX. According to available documentation this will just cause PPC Program exception, finally triggering lv1 panic. Not to mention that 16 bits is not enough to hold r5900 20 bit BREAK reason code... || Can affect every single game.
|}
|}
===Software emulation bugs===
===Software emulation bugs===
Please note that all contributions to PS3 Developer wiki are considered to be released under the GNU Free Documentation License 1.2 (see PS3 Developer wiki:Copyrights for details). If you do not want your writing to be edited mercilessly and redistributed at will, then do not submit it here.
You are also promising us that you wrote this yourself, or copied it from a public domain or similar free resource. Do not submit copyrighted work without permission!

To protect the wiki against automated edit spam, we kindly ask you to solve the following hCaptcha:

Cancel Editing help (opens in new window)