Device_usb_oh1_57e_305 and Jit question devs only :)

[memberTwo]

dev: First of all, impressive work

I'm investigating the game<->wiimote and some other jit's stuff for my own knowledge and fun but if I could help... later (who knows? ).
I'm far from the complete understanding of this emu. So, feel free to tell me if my points make sense or not.

I'm posting here because I don't want to bother irc stars live and it gives me some time to think. My english is "noisy" and ... hum... how can i say again... SLOW

But if anyone has some time to correct me:
I think I have figured out that the actual wm (wiimote) emulation wip:

1 - intends to parse wm HID commands (applicative layer) over L2CAP and over ACL, and finally over HCI (OS layers... maybe kernel). I might have misundertood the boring bluetooth spec here, so go ahead: yell at me
2 - the latest masken commit (r438) "seems" (I mean:I dont know where he finds those hci sequences. Really impressive job! ) to have setup the connection and handshake with the hard coded faked-wimote ready for ACL Tx/Rx.
By the way: To masken: I think have found a tiny datalen mistake (not quite sure) in "WII_IPC_HLE_Device_usb_oh1_57e_305::SendEventConn ectionComplete()". I didn't check everywhere.

Code:

--	pConnectionComplete->EventType = 0x03;
--	pConnectionComplete->PayloadLength = 13; // should be 11
++	pConnectionComplete->EventType = HCI_EVENT_CON_COMPL;
++	pConnectionComplete->PayloadLength =

sizeof(hci_con_compl_ep);
3 - if we simulate ACL incoming with something (not sure to have the right format but it doesn't matter yet) like this:

Code:

536: 0 WIIMOTE ( 804ab358 ) : Event: SendEventReadRemoteFeatures
537: 0 WIIMOTE ( 804ab358 ) :   Connection_Handle: 0x0100
538: 0 WIIMOTE ( 804ab358 ) :   features: bc:02:04:38:08:00:00:00
539: 0 WIIMOTE ( 804ab358 ) : USB_IOCTL_CTRLMSG(0x2)
540: 0 WIIMOTE ( 804ab358 ) : HCI_EVENT_ENDPOINT: 0x133e0200
541: 0 CONSOLE ( 804ab358 ) : siim-ote send 11 bytes : 0x0B 0x00 0x13 0x00 0x20 0x00 0x00 0x02 0x00 0x00 0x9D
542: 0 WIIMOTE ( 804ab358 ) : USB_IOCTL_CTRLMSG(0x1)
543: 0 WIIMOTE ( 804ab358 ) : ACL_DATA_ENDPOINT: 0x133e0080 

The ACL incoming is well ack but no func seems to read the ACL buffer. Unless, again, I have missed something with the check-memory-read-breakpoint-system.

If I'm not wrong, at least the "ACL-received-so-push-it-to-HID-Application-stuff" func or something like that is missing and is on the TODO list. Am I right?


Now... hehehe, my question list:

a - Are wiimote (usb) interrupts handled between OSEnableInterrupts and OSDisableInterrupts? If not, where? I need an entry point.

b - Is there an updated "totaldb.dsy" with wpad's API?

c - where did you get all those wii specs (WII_IPC, ...)? If I can ask of course.

d - Just a thought, maybe plugin system is almost similar but : what do you think of a system that catches wellknown PPC asm block (corresponding to a func) that redirects func's args ( Ho ho!!!? Don't know PPC asm but I didn't see lots of PUSH 'n POP ) to the corresponding PC func. Which tweaks wii regs and mem.
My point is: why not bypass lots of syscall and more by catching and redirecting wii's "standards" API on the application side? "OSEnableInterrupts", for example, should be replaced by a short efficient regs tweaker PC func... No?
I want to try that with WPAD's API because, to start with dolphin, wm2wii protocols have been more nuts breaker... so far
Problem: I don't know those API's entry points. If anybody knows where I can find a "pseudo-original" *.elf WITH HIS *.MAP file which embedded wpad's lib, I'll buy the info

e - about jit. Is somebody is actually working on grabbing 2(or 4) successive similar instructions for SSE 128b handling (I mean with 2 or 4 successive load, store and paired instructions with data successive too)? Sounds fun.

Thanks for the help.


Masken rev 446 may answer some of my questions, masken rules

---

Last edited by memberTwo; September 6th, 2008 at 20:22.. Reason: clarity :D

[ector]

Masken will have to take care of replying to the wiimote questions

Only doing a partial reply for now...

Quote:

Originally Posted by memberTwo

b - Is there an updated "totaldb.dsy" with wpad's API?

It's easy to make one. Just dump your Zelda TP Wii disc, take the map file from the resulting iso (yes, there is one. nintendo is sloppy), clean it up, load it into dolphin, and create a signature db from it.

But it's not the way we want to do wiimote emulation. We want to do it the real way, since that will ensure that both homebrew and all future games can be handled. Also, it would be a mess, for various reasons.

Quote:

Originally Posted by memberTwo

c - where did you get all those wii specs (WII_IPC, ...)? If I can ask of course.

libogc, wiibrew.org, reverse engineering

Quote:

Originally Posted by memberTwo

d - Just a thought, maybe plugin system is almost similar but : what do you think of a system that catches wellknown PPC asm block (corresponding to a func) that redirects func's args ( Ho ho!!!? Don't know PPC asm but I didn't see lots of PUSH 'n POP ) to the corresponding PC func. Which tweaks wii regs and mem.
My point is: why not bypass lots of syscall and more by catching and redirecting wii's "standards" API on the application side? "OSEnableInterrupts", for example, should be replaced by a short efficient regs tweaker PC func... No?

This kind of optimization is very possible but won't help speed very much since games generally spend most of their time in their own code, not library code. And I've already told you why we don't want to do this for the hardware emulation.

Quote:

Originally Posted by memberTwo

I want to try that with WPAD's API because, to start with dolphin, wm2wii protocols have been more nuts breaker... so far
Problem: I don't know those API's entry points. If anybody knows where I can find a "pseudo-original" *.elf WITH HIS *.MAP file which embedded wpad's lib, I'll buy the info

As said, Zelda TP. I believe the WPAD version in that is a bit old, though.

Quote:

Originally Posted by memberTwo

e - about jit. Is somebody is actually working on grabbing 2(or 4) successive similar instructions for SSE 128b handling (I mean with 2 or 4 successive load, store and paired instructions with data successive too)? Sounds fun.

Fun maybe, but won't gain much speed.

[memberTwo]

Quote:

Originally Posted by ector

But it's not the way we want to do wiimote emulation. We want to do it the real way, since that will ensure that both homebrew and all future games can be handled. Also, it would be a mess, for various reasons.

Ok, I get it. Sorry I had forgotten homebrews and stupidly I had assumed that nintendo locked their dev kit
You're right, you do it the clean and right way. I'll gently read masken's work.

Quote:

Originally Posted by ector

It's easy to make one. Just dump your Zelda TP Wii disc, take the map file from the resulting iso (yes, there is one. nintendo is sloppy), clean it up, load it into dolphin, and create a signature db from it.

Thanks, I'll do it anyway to help me for the disasm clarity.

Quote:

Originally Posted by ector

libogc, wiibrew.org, reverse engineering

Then I have all I need. Thanks.

Quote:

Originally Posted by ector

Fun maybe, but won't gain much speed.

mmh... how can you be so sure about that? Maybe you have some profiling stats that I don't have.
Of course, I agree for short repeated sequences.
In case of a large amount of successive SSE-portable instructions, it should benefit from SEE mem prefetcher without stalling the pipeline. (tricky but possible = fun )
But, again, I need to do some profiling before asserting that and going further (I have seen some features to activate).

Edit:
Oh boy!
The jit is far more advanced than I tought. +2 for you guys!
I didn't find where the jit is relaunch in the run loop. I can see it in the init -> generate() that must ret after a first bunch of block code compiling, then the compiledblocks execution. But not where jit is recalled... Is it doing it just once??? ... and save all the compiled code in ram? Is that small? Is that fast?
Is it some kind of JOD (Just Once Doh)?

---

Last edited by memberTwo; September 7th, 2008 at 21:32.. Reason: jit impression

[memberTwo]

Well, I'm correcting myself ... and my modest analysis could be useful for others that put their nose in the jit.

So, no... my first impression was wrong. It's really a dynamic jit with a twisted (but efficient) dispatcher system.
I didn't went far in asm details but this is what I guess now:
The dispatcher is a sort of lower layer with some kind of asm trailer that dispatch either towards jit (compilation), or towards execution of compiled code, or towards some sort of interrupts handler, or towards other debug stuff.

I like that, but It seems that the separation of compilation from execution in 2 threads is quite forbidden that way... mmmh... To be continued...

edit1: Yup, I would have bet. Compiled blocks ends at branches or machine state regirter (MSR) inst... wtf! "HLE" again. Well it's time for me to look for what "HLE" is
edit2: 30 second later -> done

---

Last edited by memberTwo; September 8th, 2008 at 11:56..

[memberTwo]

Ok, as I said before, here is a first shot "in block time" profiling log.
This use QueryPerformanceCounter and should be precise enough.
- winXP
- rev 438 mod
- DualCore OFF (veeeery slow with DC ON...? don't know why yet)
- dx9 (may be buggy but faster for me)
edit: have a nv8800 though... but ogl plugin as strange behaviour (stalling mostly) maybe due to my old nv cuda driver or debugfast-core/release-plugin mess.

Log sample:

Code:

origAddr	blkName     	percent  	timePercent	blkCodeSize
8024a7e0	zz_024a7e0_	2.664685	1.654765	379
803122fc	PSMTXConcat	1.974137	0.657005	1384
80312c44	zz_0312c44_	1.244663	0.536351	790
8024a118	zz_024a0e4_	1.184304	1.609532	202
8024a804	zz_024a7e0_	1.184304	1.647143	203
80043e1c	zz_0043e1c_	1.173435	1.636826	305
8024a134	zz_024a0e4_	0.888209	1.629823	228
8032e490	zz_032e490_	0.886025	0.837060	394
8032e4dc	zz_032e4dc_	0.886024	0.832883	399
8024bb88	zz_024ba84_	0.844207	1.150830	232
802f3890	zz_02f381c_	0.750335	0.161675	2067
8024e3a8	zz_024e394_	0.726268	0.415304	363
802dd5d0	zz_02dd564_	0.701797	0.086313	4257
802f38c4	zz_02f381c_	0.684969	0.167834	1676
8032a2a8	zz_032a2a8_	0.673025	0.102152	1959
8024bae8	zz_024ba84_	0.633021	1.183807	206
8024a14c	zz_024a0e4_	0.592152	1.616739	212
8024a128	zz_024a0e4_	0.592152	1.618135	212
80043e2c	zz_0043e1c_	0.586707	1.587549	144
8024a140	zz_024a0e4_	0.581565	1.605705	169
800a5180	zz_00a5078_	0.572185	0.783339	232
800a511c	zz_00a5078_	0.569950	0.793107	242
802dd468	zz_02dd3fc_	0.517114	0.075610	2211
8024e3e0	zz_024e394_	0.495370	0.430624	364

mmh... Some blocks are several times slower than "expected"

TODO:
1) clean up my mess -> done
2) post src. -> done
3) figure out how tortoise makes patches and post one -> done
4) coffee, deep breath, think... optimization on mind...

1st file: From the boot of Zelda WW (PAL) until the boat appears.
2nd: From the boot of Zelda WW (PAL) until "PRESS START" (a bit after).

Attached Files

	ZWW_profile.7z (496.8 KB, 3 views)
	timeProfiling.7z (2.1 KB, 3 views)

---

Last edited by memberTwo; September 12th, 2008 at 08:27..