Editing Talk:PS2 Emulation

Jump to navigation Jump to search
Warning: You are not logged in. Your IP address will be publicly visible if you make any edits. If you log in or create an account, your edits will be attributed to your username, along with other benefits.

The edit can be undone. Please check the comparison below to verify that this is what you want to do, and then publish the changes below to finish undoing the edit.

Latest revision Your text
Line 1,864: Line 1,864:


== Emu Patches ==
== Emu Patches ==
===Remove PCRTC Blur for Netemu===
Adds new config 0x4F (no param) which disables PCRTC blur offset which many games use. Patch additionally changes debug menu entry XOR CSR to NO BLUR setting. XOR CSR from file CONFIG is unaffected and still work as expected. I decided to add this entry in menu because it's nice way to compare how good this setting is when game use blur offset. While games which need XOR CSR have very obvious screen corruptions so there is no need for "live" view for it. New config obviously not work on HEN, but CONFIG files which include 0x4F work fine on HEN, command is just skipped, this keeps configs compatible with all current hacks. Big thanks to mrjaredbeta for testing all of this!
Under the hood code compares DISPLAY1 and DISPLAY2 registers and when DX and DY difference is not greater than 6 it mirrors DISPLAY1 to DISPLAY2. Many checks are added to prevent false detection: PMODE need to have enabled 2 circuits, any of DISPLAY registers can't be all 0's, etc. Detection also works for different DW/DH, for games like Soul Calibur 3. Results really vary per game, many games stays unaffected because they modify OFFSET by GIF 0x18/0x19 commands. Good example of game that is nicely improved is Kingdom Hearts 2.
<br><br>Patch is for Evilnat 4.90 ps2_netemu.elf file.
<br>https://www.mediafire.com/file/s83lt9zkwlyhpc2/No_Blur.ppf/file
<br><br>MD5 before patch is applied:
70D22D79A5BB876B8EA2D0FE55D046C7
MD5 after patch is applied:
0B632F05371215AA6BE2C976924737AE
Preview:
https://ibb.co/9sSjmCm (default netemu)
https://ibb.co/G7t11Nq (No Blur enabled)


===Display current PC/RA values for r5900===
===Display current PC/RA values for r5900===
Line 1,970: Line 1,957:
  B452CCB51348127DAF8A931B621E5E39
  B452CCB51348127DAF8A931B621E5E39
DL: https://www.mediafire.com/file/kpno5mubyy7q9p0/gx_cfg_ext.ppf/file
DL: https://www.mediafire.com/file/kpno5mubyy7q9p0/gx_cfg_ext.ppf/file
==Inject LIBSD into netemu Bios==
This patch improves compatibility with homebrew. Many homebrews still need hex edits and supplying X modules on disc. But this patch takes care of LIBSD at least. For example, Multiloader 1.41 with midi player mod now works out of the box.
Offsets for unpacked elf file.
0x893470: string TBIN --> LIBSD
0x8DC200: Paste LIBSD file here (Ctrl-B in HxD to overwrite old data).
TBIN file which is replaced is not used in PS2 mode, we can safely patch it. Same can be done for other emulators, just need correcting offsets.


== SPE programs dumper ==
== SPE programs dumper ==
Line 1,986: Line 1,966:
== Random ps2_netemu notes ==
== Random ps2_netemu notes ==


* Some members of pcsx2 team think that emulator is heavily based on early pcsx2. After some reversing this seems to be far away from true. But COP2 and VU0 (and only that for now) really are familiar here and there. To the point where i was able to use pcsx2 code to find names/usage of some variables (mVUbranch for example). But VU0/COP2 is for now only part that have obvious pcsx2 similarities. For example, VU1 is different story, and don't even share code with VU0 part of emulator as far as i see.
* Emulator not only patch SPU programs on init, but also patch own PPU code. Which is hard to understand when you can just make changes in source code... eg. 0x1F128 - 0x1F134 in latest emu.
* Emulator not only patch SPU programs on init, but also patch own PPU code. Which is hard to understand when you can just make changes in source code... eg. 0x1F128 - 0x1F134 in latest emu.
* GUI seems to be tied to GIF/GS emulation. That research was inspired by Dolphin progress report, and it seems to be correct. Fe/be (frontend/backend) spus are involved here. Which explain some UI slowdowns on GIF intensive games.
* GUI seems to be tied to GIF/GS emulation. That research was inspired by Dolphin progress report, and it seems to be correct. Fe/be (frontend/backend) spus are involved here. Which explain some UI slowdowns on GIF intensive games.
Line 2,030: Line 2,011:
  Register that handle ACC is taken from different pool (same pool as all vfXX regs when in COP2 mode) with param 32 as reg nr (not real reg, probably part of one of vXX regs).
  Register that handle ACC is taken from different pool (same pool as all vfXX regs when in COP2 mode) with param 32 as reg nr (not real reg, probably part of one of vXX regs).
  Most likely those regs are flushed to memory when COP2 opcode is running, for sure they are flushed when VU0 microprogram is running.
  Most likely those regs are flushed to memory when COP2 opcode is running, for sure they are flushed when VU0 microprogram is running.
=== EE Timers Count Read ===
Emulator have bizarre behavior for EE Tx Count read (0x10000000, 10000800, etc). In specific situation (related to pending edge triggered irq) instead of Count value emulator returns Mode value. This doesn't look like programming error and can be some kind of ps2 undocumented behavior implementation.
=== DataStorage vector hook ===
What normally should work as DataStorage exception handler is hacked into very ugly dispatcher for EE related handlers. This code is used for example to read/write IPU registers. At the time when vector is reached:
* Emulator preserves few registers on custom stack at 0x800000. Registers seems to be little random, but they are not. This code is launched from recompiled mips code.
* srr0 is backed up to r3 register (address where exception occurred + 4, rfid opcode jump to address from that reg) and since now it is also used as argument for next steps.
* srr0 is given new value of 0x2EFCC which is custom "dispatcher", link register changes to 0x28F8C8 which is return from that custom piece of... code.
* rfid is hit, let's go to our newly hooked srr0 with 0x2EFCC address.
* Time to use address preserved in r3. This address going thru few checks, it needs to be in 0x10000000- 0x12FFFFFF range (EE JIT Code).
* From this address emulator get single word, that word is used to figure out what mips code wanted to do. This isn't simple offset but some kind of custom identifier.
* When matching identifier is found, task is performed. Some tasks just jump to function and do what is needed, some continue that hackfest and instead are injected into recompiled code as branches to functions that will perform what game want them to do.
* blr is hit, remember that link register is patched earlier to 0x28F8C8
* This function restores previously backed up regs and set link register to value returned by hook. That's all.
=== Free sapce in config parser ===
Since CELL B.E. is big endian machine is only natural to Sony to use little endian for CONFIG files and byte reverse every single word for them. :) What's more important for us, CELL have special opcodes for situation like that one, lwbrx and stwbrx (load/store word byte reversed indexed). But compiler decided that it will be better to do old fashioned 8 opcodes load/swap by shifts and masks and 'or'. This leaves us a lot of space when implementing new configs, making things nice and clean without need to jump outside of function, etc. This code:
seg020:000000000012EECC        lwzx      r0, r9, r31
seg020:000000000012EED0        srwi      r11, r0, 24
seg020:000000000012EED4        rlwinm    r9, r0, 8,8,15
seg020:000000000012EED8        slwi      r3, r0, 24
seg020:000000000012EEDC        rlwinm    r0, r0, 24,16,23
seg020:000000000012EEE0        or        r3, r3, r9
seg020:000000000012EEE4        or        r0, r0, r11
seg020:000000000012EEE8        or        r3, r3, r0
seg020:000000000012EEEC        clrldi    r3, r3, 32
Can be replaced by simple:
seg020:000000000012EECC        lwbrx    r3, r9, r31
seg020:000000000012EED0        clrldi    r3, r3, 32


== RSX workload on the netemu ==
== RSX workload on the netemu ==
Line 2,093: Line 2,044:
  ld        r0, -0x6BF0(r0) # load to r0 from address 0xFFFFFFFFFFFF9410, no matter what r0 actually is at the moment.
  ld        r0, -0x6BF0(r0) # load to r0 from address 0xFFFFFFFFFFFF9410, no matter what r0 actually is at the moment.
  ld        r4, 0x3008(r0) # load to r4 from address 0x3008, no matter what r0 actually is at the moment.
  ld        r4, 0x3008(r0) # load to r4 from address 0x3008, no matter what r0 actually is at the moment.
== Communication with Graphics Synthesizer in ps2_gxemu ==
Communication from emu level is done with rw to special addresses of what seems to be RSX ports.
Emu includes thin translation layer that intercept rw operations to GS privilaged registers.
Emulator to write or read GS register first need to write register number that we want to access. To do that we use one of two exposed 32 bit ports, separate for reads and writes.
To write GS register first write 64 bit data to write buffer. Separate for lower 32 bit (0xA000304C) and upper (0xA0003048) part of GS write. GS regs are 64 bit while RSX operate on 32 ports.
Finally write translated register number to 0xA0003040. This write starts transfer to GS. To ensure everything went ok emulator performs 32 bit read from 0xA0003000 and check if bit 1 is active.
This operation is performed in loop up to 1000 times until bit 1 is not 0, if that is not the case in mentioned 1000 loops panic is called.
To read GS register first write translated register number to 0xA0003050, then wait for bit 1 of 0xA0003000 to be active. Emulator wait up to 1000 read loops if GS didn't answered in that time emu panic.
Now when bit 1 is not 0, data can be read from 0xA0003058 for upper 32 bits and 0xA000305C for lower 32 bits.
Emulator translate almost all reads to CSR. Only SIGLBLID is readable beside CSR. This is real PS2 GS behavior. Although there is unused runtime that allow read any register. Behavior in that case is unknown.
0x00 = PMODE
0x01 = SMODE1
0x02 = SMODE2
0x03 = SRFSH
0x04 = SYNCH1
0x05 = SYNCH2
0x06 = SYNCV
0x07 = DISPFB1
0x08 = DISPLAY1
0x09 = DISPFB2
0x0A = DISPLAY2
0x0B = EXTBUF
0x0C = EXTDATA
0x0D = EXTWRITE
0x0E = BDCOLOR
0x40 = CSR
0x41 = IMR
0x44 = BUSDIR
0x48 = SIGLBLID


== ps2_gxemu external bios/rom loading. ==
== ps2_gxemu external bios/rom loading. ==
Line 3,344: Line 3,260:
It is definitely a performance improvement for many titles. In theory, easy to implement (force 0x3 TRXDIR value for every 0x1 write instead). The point is, per-game patches are superior and more robust.<br>
It is definitely a performance improvement for many titles. In theory, easy to implement (force 0x3 TRXDIR value for every 0x1 write instead). The point is, per-game patches are superior and more robust.<br>
* '''Disable PCRTC blur.'''<br>
* '''Disable PCRTC blur.'''<br>
PCRTC merge circuits are mostly used for pathetic blurry anti-aliasing. Looks awful on modern TV screens (ToCA 3 is unreadable completely). Blending settings are controlled through the PMODE privileged register. Partially implemented here: [[Talk:PS2_Emulation#Remove_PCRTC_Blur_for_Netemu|Link]]
PCRTC merge circuits are mostly used for pathetic blurry anti-aliasing. Looks awful on modern TV screens (ToCA 3 is unreadable completely). Blending settings are controlled through the PMODE privileged register.
 


===Discussion===
===Discussion===
Please note that all contributions to PS3 Developer wiki are considered to be released under the GNU Free Documentation License 1.2 (see PS3 Developer wiki:Copyrights for details). If you do not want your writing to be edited mercilessly and redistributed at will, then do not submit it here.
You are also promising us that you wrote this yourself, or copied it from a public domain or similar free resource. Do not submit copyrighted work without permission!

To protect the wiki against automated edit spam, we kindly ask you to solve the following hCaptcha:

Cancel Editing help (opens in new window)

Templates used on this page:

Retrieved from "http://www.psdevwiki.com/ps3/Talk:PS2_Emulation"