Talk:Synergistic Processing Unit (SPU): Difference between revisions

From PS3 Developer wiki
Jump to navigation Jump to search
mNo edit summary
(added shufb decoder)
Line 64: Line 64:
   
   
  -adrianc
  -adrianc
=shufb mask decoding=
For your convenience:
In [60]: str_shufb(0xC0D0E0F0C0D0E0F8080808080808080)
Out[60]: '12, 13, 14, 15, 12, 13, 14, 15, z, z, z, z, z, z, z, z'
This would work well with IDA Python...
[http://pastie.org/2774108 shufb decoder (Python)]

Revision as of 17:57, 28 October 2011

PPU/SPU bugs/flaws/exploits

There's a bug in the provided malloc function, if there's no heap
SPE mailbox has maximum depth of 4 messages

The depth of 4 messages for the spe in mailbox is not a bug, it's a simple hardware limitation (as you can read in this document: http://publib.boulder.ibm.com/infocenter/ieduasst/stgv1r0/topic/com.ibm.iea.cbe/cbe/1.0/Programming/L3T2H1_40_DevelopingCodeForCellMailboxes.pdf).

Local Storage can be accessed

Well if the spe is in isolation mode only code running on this particular spe can access it's LS.

^Not entirely true, the high segment of the LS is accessible from the other SPEs and the PPE. Shuffle2 10:01, 22 April 2011 (CDT)

need quotation / proper sources / documentation

Cell SPE Task Library

quoted intro:
  " This project contains a thread-safe digital signal processing and computational microtask execution library for the IBM Cell Broadband Engine. It works in Linux and the IBM Cell SDK 2.1 on the Playstation3 and Cell Blade. The project consists not really of a library but of source code and header files that you can include in your Cell program. The license is GNU LGPL.

The SPE program is started once on 1..N SPEs, where it will stay running and waiting for tasks that can be sent to it from your PPU program. The running SPE program(s) can be sent different such computing tasks. Tasks can be single or a chained queue of tasks, for example of different types. The SPE program uses faster mailbox communication, and latencies from task start to end on the PPU side are quite low. There is an additional framework for PPU code that makes accessing the computing SPEs and their tasks threadsafe.

The set of computational tasks (commands) can be easily extended with your own funcs. The code allows more control over processing, DMAs and buffering than the IBM ALF framework.

Another point for this project is to collect a bag of computational tricks and fast DSP funcs, in the form of cut&paste source code snippets that you can can copy into your own SPE programs. These code pieces include very fast sine and cosine calculation, complex multiply accumlate, and others.   "

Location: http://cellspe-tasklib.sourceforge.net/


local store dumping of SPE

LSPWN v0.1
 
spwn.rar (60.96 KB)
 
overview:
this app dumps the local store of an spe to /dev_hdd0/game/LSPWN0ADC/USRDIR/localstore.bin
 
a neat POC for devs, but also a n00b friendly introduction to the spe environment.
 
instructions:
 
1. run the app
2. copy the binary from the hdd using your preferred method
3. disasemble using ida and get a hands on look at the local store
4. ???
5. profit!
 
notes:
- source code forthcoming after some cleanup
- gui in v0.2 release
- support for isolation mode if there is demand
 
greetz: gitbrew, mathieulh, geohot, sonic iso, #ps3secret, uf6667, zerkman
and too many others to mention.
 
 
addendum: contact me, adrianc on efnet or [email protected],
if you wish to donate and help purchase a reference tool for the community.
this has many benefits such as new keys, debugging for all devs, syscon exploits and many more.
your support will not be forgotten.
 
-adrianc

shufb mask decoding

For your convenience:

In [60]: str_shufb(0xC0D0E0F0C0D0E0F8080808080808080)
Out[60]: '12, 13, 14, 15, 12, 13, 14, 15, z, z, z, z, z, z, z, z'

This would work well with IDA Python... shufb decoder (Python)