Editing Talk:PS2 Emulation

Jump to navigation Jump to search
Warning: You are not logged in. Your IP address will be publicly visible if you make any edits. If you log in or create an account, your edits will be attributed to your username, along with other benefits.

The edit can be undone. Please check the comparison below to verify that this is what you want to do, and then publish the changes below to finish undoing the edit.

Latest revision Your text
Line 1: Line 1:
== Registers ==
==Regs==


**1040000000 VU1 regs, mapping like on VU0.
**1040000000 VU1 regs, mapping like on VU0.
**1050000000 VU1 micro data  memory (1100C000 on real PS2 and PCSX2 debugger) size 0x4000.
**1050000000 VU1 micro data  memory (1100C000 on real ps2 and pcsx2 debugger) size 0x4000.
**1050004000 VU1 micro data memory mirror (1100C000 on real PS2 and PCSX2 debugger) size 0x4000. Likely mirrored 2 more times on 8000 and c000
**1050004000 VU1 micro data memory mirror (1100C000 on real ps2 and pcsx2 debugger) size 0x4000. Likely mirrored 2 more times on 8000 and c000
**104000C000 emulator place here VU1 constants used in popular operations. Eatan/eexp constants, masks for clamping, etc. Similar array can be found in PCSX2 (mVU_Globals), Dobiestation (atan_const, etc), Play! (GenerateEATAN, etc.)
**104000C000 emulator place here VU1 constants used in popular operations. Eatan/eexp constants, masks for clamping, etc. Similar array can be found in Pcsx2 (mVU_Globals), Dobiestation (atan_const, etc), Play! (GenerateEATAN, etc.)
**1030004000 emulator place here VU0 constants used in popular operations. Like above (vu0 don't have efu so placing there efu constants for eatan/eexp is pointless, but there they are).  
**1030004000 emulator place here VU0 constants used in popular operations. Like above (vu0 don't have efu so placing there efu constants for eatan/eexp is pointless, but there they are).  
--[[User:Kozarovv|Kozarovv]] ([[User talk:Kozarovv|talk]]) 09:37, 5 January 2023 (UTC)
--[[User:Kozarovv|Kozarovv]] ([[User talk:Kozarovv|talk]]) 09:37, 5 January 2023 (UTC)


== Miscellaneous information ==
=Misc info=
 
Some data that eventually need to be posted on main emulation page. All data posted here is obtained from jak tpl (so called v1) emulator. All data is confirmed in code itself, no guessing (unless said otherwise). Time to start releasing that old work to public.
Some data that eventually need to be posted on main emulation page. All data posted here is obtained from jak tpl (so called v1) emulator. All data is confirmed in code itself, no guessing (unless said otherwise). Time to start releasing that old work to public.


Line 24: Line 23:
*Default misc settings used by Jak TPL emu:                                https://pastebin.com/79JCRXkq (ps2_lang is changed later if host system match possible ps2 languages)
*Default misc settings used by Jak TPL emu:                                https://pastebin.com/79JCRXkq (ps2_lang is changed later if host system match possible ps2 languages)


== Miscellaneous information 2 ==
==Misc misc info==
 
*Both settings do the same thing:
*Both settings do the same thing:
  --external-hdd-fix
  --external-hdd-fix
Line 37: Line 35:
  No matter which value is used, 1 is set.
  No matter which value is used, 1 is set.


== ee-native-function ==
==Few popular misunderstandings==
*vu-xgkick-delay take integer between 0-31 (confirmed on both emu and compiler side), and not float (0.5 is invalid, will be truncated to 0 probably)
*Cop2 rounding in pcsx2 is governed by "EE/FPU" rounding setting, not by VU or VU0.
*Cop2 clamping is hardcodded in pcsx2 as far as i know, if no then is likely also governed by EE/FPU setting not VU/VU0
*xx-no-clamping setting is not really no clamping known from pcsx2. This is special mode which can be used regardless of other clamp commands. To compare pcsx2 have similar mode only for FPU (Full), to fully mimic that mode we still need fpu-to-double enabled.


==ee-native-function==
Emulator have set of predefined functions used in popular PS2 SDK libraries. Those function are highly optimized to run natively on x64. <br>
Emulator have set of predefined functions used in popular PS2 SDK libraries. Those function are highly optimized to run natively on x64. <br>
'''--ee-native-function=name,address''' under the hood this is hooking selected address, and replace it with jump to predefined function. Functions available in JAK TPL emu:
'''--ee-native-function=name,address''' under the hood this is hooking selected address, and replace it with jump to predefined function. Functions available in JAK TPL emu:
Line 96: Line 99:
  jr          $ra
  jr          $ra
  addiu        $sp, 0x30
  addiu        $sp, 0x30
This is corner case example as floatdidf convert a 64bit signed integer to IEEE double, and PS2 developers generally had no reason to use doubles (fpu/vu are operating on 32 bit floats). But you can see that whole conversion is practically done in 1 opcode, while ps2 take massive function to do this. Other functions are usually less optimized, but still really worth it.
This is corner case example as floatdidf convert a 64bit signed integer to IEEE double, and PS2 developers generally had no reason to use doubles (fpu/vu are operating on 32 bit floats). But you can see that whole conversion is practically done in 1 opcode, while ps2 take massive function to do this. Other functions are usually less optimized, but still really worth it.


== EE/VU injection ==
==EE/VU injection==
 
"Injections" are special sets of precompiled functions, idea is known better as HLE emulation. Available injections can vary depend on ps2-compiler.self, because that's where lookup for available functions is done. This literally replace code that normally is recompiler, with optimized version when address and hash match. Probably not many games can use this. Good candidates are games that use the same engine as currently released ps2 classics. Many times VU1 programs are reused by the same developer.  
"Injections" are special sets of precompiled functions. This idea is known better as "HLE emulation". Available injections can vary depending on ps2-compiler.self, because that is where the lookup for available functions is done. This literally replaces the code that normally is the recompiler, with optimized version when address and hash match. Probably not many games can use this. Good candidates are games that use the same engine as currently released PS2 classics. Many times VU1 programs are reused by the same developer.
<br>'''VU1'''
<br />
'''VU1'''
*Name + offset in JAK TPL compiler
*Name + offset in JAK TPL compiler
*unk1
*unk1
Line 245: Line 245:
Same goes for "kernel" injections, they are also based on ID + Hash + address. Generally all "injections" should be safe to be enabled by configs. There is really small chance for hash/address(and id) collision. Not to be confused with "native" / "native-patch" !
Same goes for "kernel" injections, they are also based on ID + Hash + address. Generally all "injections" should be safe to be enabled by configs. There is really small chance for hash/address(and id) collision. Not to be confused with "native" / "native-patch" !


= RESEARCH TO DO =
==Fast Accurate MUL Implementation==
While Accurate MUL is implemented as very resource heavy fully fledged soft float operation, there is theoretically less accurate but very fast "accurate MUL" available. Surprisingly this is not copy pasted PS3 implementation (no need to reach Olympus from Lop Nor this time). While this implementation is assumed to be less accurate (than soft floats), result should be the same as with soft floats. r14 and esi are source floats for operation. So, here it comes:
<pre>
mov    edx, r14d
mov    eax, esi
xor    eax, r14d
shr    edx, 23
and    eax, 80000000h
and    edx, 0FFh
jz      mul_end        ; mul by denormal
mov    ecx, 817h
bextr  ecx, esi, ecx  ; esi >> 23 & 0xFF
jz      mul_end        ; mul by denormal
and    r14d, 7FFFFFh
and    esi, 7FFFFFh
add    edx, ecx
or      r14d, 800000h
or      esi, 800000h
imul    rsi, r14
shr    rsi, 23
vcvtsi2ss xmm0, xmm0, rsi
vaddss  xmm0, xmm0, cs:(float)0.5
vmovd  ecx, xmm0
shr    ecx, 23
lea    edx, [rcx+rdx-115h]
cmp    edx, 0FFh
jle    case1
mov    ecx, 7F800000h
mov    esi, 7FFFFFh
jmp    case2
 
case1:
add    ecx, -150
xor    ebx, ebx
shr    esi, cl
mov    ecx, edx
and    esi, 0FF7FFFFFh
shl    ecx, 23
test    edx, edx
cmovle  esi, ebx
cmovle  ecx, ebx
 
case2:
or      esi, eax
or      esi, ecx
mov    eax, esi
mul_end:
ret
</pre>


=RESEARCH TO DO=
{| cellspacing="0" cellpadding="2" border="1" class="wikitable" style="text-align: center;"
{| cellspacing="0" cellpadding="2" border="1" class="wikitable" style="text-align: center;"
! Name !! Notes
! Name !! Notes
Line 252: Line 301:
| Locating the gs registers || Abysmal.
| Locating the gs registers || Abysmal.
|-
|-
| Trying to reverse-engineer any emulator's executable by using assembly and hxd to improve compatibility || Tedious.
| Trying to reverse-engineer any emulator's executable by using assembly and hxd to improve compatibility || Tedious. / TPC register's instruction 8998B0030000
|-
|-
| Locating the proper CDVD read speed (God of war and Ratchet size matters [Both have affected music]) || IOP and CDVD commands help
| Locating the proper CDVD read speed (God of war and Ratchet size matters [Both have affected music]) || IOP and CDVD commands help
|-
| Fully understand what the vif chunk command thingy does || Too low and your game will freeze at the intro
|-
|-
| Find out what some of the gs commands do and edit their description || Infelicitous!
| Find out what some of the gs commands do and edit their description || Infelicitous!
|-
|-
| Understand the gs lua functions ||  
| Understand the gs lua functions   ||  
|-
| Implement a EE memory patch for ratchet up your arsenal  || Not trivial obviously
|-
|-
|}
|}
 
* GS registers aren't mapped in easy way comparing to other ones. Offsets will vary per emulator, and that's for sure. This is what you get in read mode on JAK emu (not sure if i have v1 or v2 to be honest, is known as ps2emu16):
* GS registers are not mapped in easy way comparing to other ones. Offsets will vary per emulator, and that is for sure. This is what you get in read mode on Jak games emulator (not sure if I have v1 or v2 to be honest, but it is known as ps2emu16):
  gs_reg_SCISSOR_1              0000000001B11800                   
  gs_reg_SCISSOR_1              0000000001B11800                   
  gs_reg_FBA_1                  0000000001B11808                   
  gs_reg_FBA_1                  0000000001B11808                   
Line 324: Line 376:
  hwreg_GS_EXTWRITE            0000000007D89FB8                   
  hwreg_GS_EXTWRITE            0000000007D89FB8                   
  hwreg_GS_BGCOLOR              0000000007D89FC0
  hwreg_GS_BGCOLOR              0000000007D89FC0
But keep in mind that GS regs can be "duplicated" for different emulation stages. GS is jited too, so it should have kind of pipeline too.
But keep in mind that GS regs can be "duplicated" for different emulation stages. GS is jited too, so it should have kind of pipeline too.
"Implement a EE memory patch for ratchet up your arsenal" Game write data using qmtc2/ctc2 and expect VU0 to still run at this point, which is not always true. Mega high vu0 mpg cycles could potentially push it little further. Patching that will be pain just because Ratchet use code overlays. This mean you need to patch game image with the same patch in more than 20 places. Because what you see in PCSX2 debugger / ps2dis will change depend on stage you play now. That's why PS3, and PCSX2 use dynamic JIT patches (PCSX2 use it for different issues tho). --[[User:Kozarovv|Kozarovv]] ([[User talk:Kozarovv|talk]]) 14:20, 27 February 2023 (CET)
"Implement a EE memory patch for ratchet up your arsenal" Game write data using qmtc2/ctc2 and expect VU0 to still run at this point, which is not always true. Mega high vu0 mpg cycles could potentially push it little further. Patching that will be pain just because Ratchet use code overlays. This mean you need to patch game image with the same patch in more than 20 places. Because what you see in pcsx2 debugger / ps2dis will change depend on stage you play now. That's why PS3, and PCSX2 use dynamic jit patches (pcsx2 use it for different issue tho). --[[User:Kozarovv|Kozarovv]] ([[User talk:Kozarovv|talk]]) 14:20, 27 February 2023 (CET)


== no-clamping ==
== no-clamping ==


Sup. Can i know how no-clamping behavior was tested to confirm that "The default emulator's behavior cannot be set by CLI commands."? Because that doesn't sound right, and emulator explicitly set 0 or 1 on init, which is confirmed in emu code. What can happen, is that other clamping settings were changed during test, and that affected result. But looking at code i don't think there is any possibility that something "in between" exist. --[[User:Kozarovv|Kozarovv]] ([[User talk:Kozarovv|talk]]) 09:33, 21 June 2023 (CEST)
Sup. Can i know how no-clamping behavior was tested to confirm that "The default emulator's behavior cannot be set by CLI commands."? Because that doesn't sound right, and emulator explicitly set 0 or 1 on init, which is confirmed in emu code. What can happen, is that other clamping settings were changed during test, and that affected result. But looking at code i don't think there is any possibility that something "in between" exist. --[[User:Kozarovv|Kozarovv]] ([[User talk:Kozarovv|talk]]) 09:33, 21 June 2023 (CEST)


<br>It is based on a test I did on Sly Cooper 2. If VU1 Clamping was set to 1 or 0, the game crashes. If left empty, game works fine. --[[User:Scalerize|Scalerize]] ([[User talk:Scalerize|talk]]) 14:58, 21 June 2023 (CEST)
<br>It is based on a test I did on Sly Cooper 2. If VU1 Clamping was set to 1 or 0, the game crashes. If left empty, game works fine. --[[User:Scalerize|Scalerize]] ([[User talk:Scalerize|talk]]) 14:58, 21 June 2023 (CEST)
Line 340: Line 393:
So, after taking some time to think about it, I had remembered that the game would crash right after the first pyramid fmv at the press start screen. But yeah, leave as it is. You have the upper hand in removing/adding anything you like --[[User:Scalerize|Scalerize]] ([[User talk:Scalerize|talk]]) 17:19, 21 June 2023 (CEST)
So, after taking some time to think about it, I had remembered that the game would crash right after the first pyramid fmv at the press start screen. But yeah, leave as it is. You have the upper hand in removing/adding anything you like --[[User:Scalerize|Scalerize]] ([[User talk:Scalerize|talk]]) 17:19, 21 June 2023 (CEST)


== Configuration table with IDs from Jak games emulator ==
== Config table with IDs from Jak emu ==


Here is a table from Jak games emulator. This is how the PS2 emulator config parser sees data from CLI. Please do not edit typos, etc as this is exactly how it is in the emulator. I am leaving it here, so that the main page can be slowly updated with data from the table if needed. The PS2 emulator translates commands to ID, then uses ID in the jump table in its parser to apply configuration. ID is not guaranteed to be the same between emulators, but I have not tested that. Comments match ID too. UNK value is not critical for anything, but it is used for something, and it is part of the original table. This table is missing a few commands which are parsed outside of the main configuration routine.
Table from Jak emulator, this is how emulator config parser see data from cli. Please don't edit typos, etc. This is how it is in emulator. I'm leaving it here, so main page can be slowly updated with data from table if needed. Emulator translate commands to ID, then use ID in jump table in parser to apply cfg. ID is not guaranteed to be the same between emulators, but i didn't tested that. Comments match id too. Script for ida to dump this info will be posted soon. UNK value is not critical for anything, but it is used for something, and it is part of original table. This table is missing few commands which are parsed outside of main cfg routine.


  |============================================================================================================|
  |============================================================================================================|
Line 721: Line 774:
  | 362 | 0x1    | --pmc-measure-frames            | frames(int)                                              |
  | 362 | 0x1    | --pmc-measure-frames            | frames(int)                                              |
  |============================================================================================================|
  |============================================================================================================|
Note: Few commands is accidentally read with = , for example --elf-symbols=. Commands like this possibly expect == to be used. Anyway, good for us all of those cmds are meaningless.
Note: Few commands is accidentally read with = , for example --elf-symbols=. Commands like this possibly expect == to be used. Anyway, good for us all of those cmds are meaningless.


=== PS2 Emulator Configuration Table Dumper IDA PRO Script ===
===Script===
 
IDA Script to dump this info, should find all by itself. Should... Tested on jak emu, and rogue emu. Keep in mind that it will dump only to ida output window, to dump it to file you need to modify it by yourself. Script will separate fields by comma. Output will be ID, UNK, COMMMAND, COMMENT. Next commas are eventually from config comment itself.
IDA Script to dump this information. It should find all by itself. Should... Tested on Jak games emulator, and Rogue Galaxy emulator. Keep in mind that it will dump only to IDA PRO output window. To dump it to file, you need to modify this script by yourself. Script will separate fields by comma. Output will be ID, UNK, COMMMAND, COMMENT. Next commas are eventually from config comment itself.
 
<source lang="py">
  import idc
  import idc
  import idaapi
  import idaapi
Line 760: Line 809:
             addr += 0x18
             addr += 0x18
  dump()
  dump()
</source>
==Fatal Fury Modding==
 
'''It seems modifying the eboot.bin of any emulator using HXD allows using commands without adding them to the CLI. Potentially, we could locate VU0's jit-sync and modify it to fix many issues, while changing the values of other commands to suit our needs. This is a to-do in the future. Considering it needs a lot of researching, I'm not sure when and if to work on it. --[[User:Scalerize|Scalerize]] ([[User talk:Scalerize|talk]]) 19:10, 29 June 2024 (CEST)'''
== Fatal Fury Battle Archives Vol. 2 Modding ==
 
'''It seems that modifying the eboot.bin of any emulator using HxD allows us to use commands without adding them to the CLI. Potentially, we could locate VU0's jit-sync and modify it to fix many issues, while changing the values of other commands to suit our needs. This is a to-do in the future. Considering it needs a lot of researching, I am not sure when and if to work on it. It is filled with what Stayhye calls "speculation".'''
 
<br>Eboot MD5: 7fc9af268802b36ef299c3ee0448de7b
{| class="wikitable"
{| class="wikitable"
|-
|-
! Fatal Fury Battle Archives Vol. 2 Eboot !!  !!  !! !! !!
! Fatal Fury Eboot !!  !!  !! !! !!
|-
|-
| || '''Offset (Eboot)''' || '''Value type''' || '''Normal value''' || '''Modified value''' || '''Notes'''
| || '''Offset (Eboot)''' || '''Value type''' || '''Normal value''' || '''Modified value''' || '''Notes'''
|-
|-
| '''Counters speed''' || 50FE1 || 4 Bytes || 294912000 || Can be modified as needed for as long as the value fits 4 bytes. ||
| '''EE Something (Delta counter?)''' || 50FE1 || 4 Bytes || 294912000 || Can be modified as needed for as long as the value fits 4 bytes. ||
|-
| '''EE Clock (Cycle scalar)''' || 50FE5 || 4 Bytes || 0x00010000 || Can be modified as needed for as long as the value fits 4 bytes. || It's converting decimals into hex?<br>0.1 -->0x19000000<br>0.19 --> 0x3000000<br>0.2 -->0x33000000<br>0.5 --> 0x80000000<br>0.98 --> 0xFA000000<br>0.987 --> 0xFC000000<br>0.996 --> 0xFE000000<br>0.999 --> 0xFF000000
|-
| '''IOP Clock (Cycle scalar)''' || 510EB  || 4 Bytes || 0x80000000 || Can be modified as needed for as long as the value fits 4 bytes. ||
|-
| '''VU0 mpg cycles''' || 4DE410  || 8x 2 bytes || 100 (dec) || ||  
|-
|-
| '''VU1 mpg cycles''' || 4DE420  || 8x 2 bytes || 100 (dec) || ||  
| '''EE Clock (Cycle scalar)''' || 50FE5 || 4 Bytes || 256 || Can be modified as needed for as long as the value fits 4 bytes. ||
|-
|-
| (?) || 5105B || 4 Bytes || 10000 || ||
| '''Context switch cycles''' (?) || 5105B || 4 Bytes || 10000 || ||
|-style="background-color:#7698FF"
|-style="background-color:#7698FF"
|  Binary or 1 byte??? ||  || ||  || ||  
|  Binary or 1 byte??? ||  || ||  || ||  
Line 794: Line 832:
|-
|-
| '''VU0-di-bits''' || 5110A || 1 Byte || 0x26 || 0x06 ||
| '''VU0-di-bits''' || 5110A || 1 Byte || 0x26 || 0x06 ||
|-style="background-color:#7698FF"
| Completely unknown ||  || ||  || ||
|-
| ? || 51142 || 2 bytes? || 0x8 ||  || ||
|-
| ? || 51139 || 2 bytes? || 0x2 ||  || ||
|-
| ? || 510F5 || 2 bytes? || 0x7D ||  || ||
|-
| ? || 51114 || 2 bytes? || 0x3628 ||  || Modifying creates an insane amount of sps
|-
| ? || 5127E || 2 bytes? ||  0x8005 ||  ||
|-
| ? || 51109 || 2 bytes? ||  0xCB26 ||  ||
|-
| ? || 4DEF60 || 8x 2 bytes || 1098907648(dec) || || Seems to have something to do with VU0
|-
| ? || 51194 || 4bytes? || 00A00000 || || Controls screen size
|-
| ? || 50FD3 || 4bytes || 70000000 || || --vif-thread-chunk-size??
|-
| Framelimiter? || 59C318 || 0x3 || ||
|-
|-
|}
|}
Please note that all contributions to PS4 Developer wiki are considered to be released under the GNU Free Documentation License 1.2 (see PS4 Developer wiki:Copyrights for details). If you do not want your writing to be edited mercilessly and redistributed at will, then do not submit it here.
You are also promising us that you wrote this yourself, or copied it from a public domain or similar free resource. Do not submit copyrighted work without permission!

To protect the wiki against automated edit spam, we kindly ask you to solve the following hCaptcha:

Cancel Editing help (opens in new window)