ShuriZma
/
dolphin
mirror of https://github.com/dolphin-emu/dolphin.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
dolphin/docs/DSP/DSP_UC_3B3B30CA.txt

437 lines
16 KiB
Plaintext
Raw Blame History

/*
ROM functions used:
0x8000 dsp reset
0x8078 wait for CMBH & 0x8000
0x807e wait for DMBH & 0x8000
0x808b dump DRAM/IRAM to mainmem
0x80b5 boot new ucode
0x80bc boot new ucode without ACC clearing by ROM
For the rest, this ucode is just calling the last few instructions
from huge functions in ROM - some kind of obfuscation?
0x81f4
81f4 b51e mulxac'mv $AX0.H, $AX1.L, $ACC1 : $AX1.H, $AC0.M
81f5 9909 asr16'ir $ACC1 : $AR1
81f6 1b7f srri @$AR3, $AC1.M
81f7 812b clr's $ACC0 : @$AR3, $AC1.L
0x8458
8458 b51e mulxac'mv $AX0.H, $AX1.L, $ACC1 : $AX1.H, $AC0.M
8459 9900 asr16 $ACC1
845a 1b7f srri @$AR3, $AC1.M
845b 812b clr's $ACC0 : @$AR3, $AC1.L
0x8723
8723 3300 xorr $AC1.M, $AX1.H
8724 1adf srrd @$AR2, $AC1.M
0x8809
8809 392e orr'sn $AC1.M, $AX0.H : @$AR2, $AC1.L
880a 1b5f srri @$AR2, $AC1.M
0x88e5
88e5 387a orr'l $AC0.M, $AX0.H : $AC1.M, @$AR2
88e6 18dd lrrd $AC1.L, @$AR2
88e7 4c05 add'dr $ACC0, $ACC1 : $AR1
88e8 1b5e srri @$AR2, $AC0.M
88e9 1a5c srr @$AR2, $AC0.L
*/
0000 0000 nop
0001 0000 nop
0002 0000 nop
0003 0000 nop
0004 0000 nop
0005 0000 nop
0006 0000 nop
0007 0000 nop
0008 0000 nop
0009 0000 nop
000a 0000 nop
000b 0000 nop
000c 0000 nop
000d 0021 halt
000e 02ff rti
000f 0021 halt
0010 1306 sbset #0x06
0011 1203 sbclr #0x03
0012 1204 sbclr #0x04
0013 1305 sbset #0x05
0014 0092 00ff lri $CR, #0x00ff
0016 0088 ffff lri $WR0, #0xffff
0018 0089 ffff lri $WR1, #0xffff
001a 008a ffff lri $WR2, #0xffff
001c 008b ffff lri $WR3, #0xffff
001e 8f00 set40
001f 8b00 m0
0020 8c00 clr15
0021 02bf 807e call 0x807e // loop until dsp->cpu mailbox is empty
0023 16fc dcd1 si @DMBH, #0xdcd1
0025 16fd 0000 si @DMBL, #0x0000 // sendmail 0xdcd10000
0027 16fb 0001 si @DIRQ, #0x0001
// wait for cpu mail == 0xabbaxxxx
0029 02bf 8078 call 0x8078 // wait for cpu mail
002b 24ff lrs $AC0.L, @CMBL
002c 0280 abba cmpi $AC0.M, #0xabba
002e 0294 0029 jnz 0x0029
// wait for cpu mail
0030 8e00 set16
0031 02bf 8078 call 0x8078
0033 20ff lrs $AX0.L, @CMBL
0034 0240 0fff andi $AC0.M, #0x0fff
0036 1f5e mrr $AX0.H, $AC0.M
0037 009b 0000 lri $AX1.H, #0x0000 // DSP-dram addr
0039 0099 0020 lri $AX1.L, #0x0020 // length (20 bytes = 10 words, word 9 and 10 are addr where result should DMA'd to in main mem)
003b 0087 0000 lri $IX3, #0x0000 // there will be no ucode/iram upload
003d 0080 0041 lri $AR0, #0x0041 // return addr after dram upload
003f 029f 80bc jmp 0x80bc // DRAM upload !!
// $AX0.H-$AX0.L - CPU(PPC) addr = mail & 0x0fffffff
// upload data from mainmem do dsp dram and jump to 0x41 after that
0041 02bf 008c call 008c_BigCrazyFunction() // <<------------- main crap is here!!!!!!!!!
0043 02bf 807e call 0x807e // loop until dsp->cpu mailbox is empty
0045 16fc dcd1 si @DMBH, #0xdcd1
0047 16fd 0003 si @DMBL, #0x0003 // sendmail 0xdcd10003 (aka... calc is over, result is in main mem now)
0049 16fb 0001 si @DIRQ, #0x0001
004b 8f00 set40
004c 02bf 8078 call 0x8078
004e 0280 cdd1 cmpi $AC0.M, #0xcdd1
0050 0294 004c jnz 0x004c
0052 26ff lrs $AC0.M, @CMBL
0053 0280 0001 cmpi $AC0.M, #0x0001
0055 0295 005e jz 0x005e // if cpu->dsp mail was 0xcdd10001 -> 005e_PrepareBootUcode()
0057 0280 0002 cmpi $AC0.M, #0x0002
0059 0295 8000 jz 0x8000 // if cpu->dsp mail was 0xcdd10002 -> dsp reset ( jmp to irom(0x8000))
005b 029f 004c jmp 0x004c // wait for next mail from cpu
005d 0021 halt
void 005e_PrepareBootUcode()
{
005e 8e00 set16
005f 02bf 8078 call 0x8078 // wait for cpu mail
0061 24ff lrs $AC0.L, @CMBL
0062 02bf 8078 call 0x8078 // wait for cpu mail
0064 24ff lrs $AC0.L, @CMBL
0065 02bf 8078 call 0x8078 // wait for cpu mail
0067 24ff lrs $AC0.L, @CMBL
0068 02bf 8078 call 0x8078 // wait for cpu mail
006a 00c5 ffff lr $IX1, @CMBL
006c 0240 0fff andi $AC0.M, #0x0fff
006e 1c9e mrr $IX0, $AC0.M
006f 02bf 8078 call 0x8078 // wait for cpu mail
0071 00c7 ffff lr $IX3, @CMBL
0073 02bf 8078 call 0x8078 // wait for cpu mail
0075 00c6 ffff lr $IX2, @CMBL
0077 02bf 8078 call 0x8078 // wait for cpu mail
0079 00c0 ffff lr $AR0, @CMBL
007b 02bf 8078 call 0x8078 // wait for cpu mail
007d 20ff lrs $AX0.L, @CMBL
007e 0240 0fff andi $AC0.M, #0x0fff
0080 1f5e mrr $AX0.H, $AC0.M
0081 02bf 8078 call 0x8078 // wait for cpu mail
0083 21ff lrs $AX1.L, @CMBL
0084 02bf 8078 call 0x8078 // wait for cpu mail
0086 23ff lrs $AX1.H, @CMBL
0087 1205 sbclr #0x05
0088 1206 sbclr #0x06
0089 029f 80b5 jmp 80b5_BootUcode()
008b 0021 halt
}
// does some crazy stuff with data at dram @0x3/0x5/0x6/0x7 with help of some values from drom :)
// result is @0x22,@0x23 and written back to main memory to dmem-0x08:dmem-0x09
void 008c_BigCrazyFunction()
{
008c 8100 clr $ACC0
008d 0081 0010 lri $AR1, #0x0010
008f 1020 loopi #0x20
0090 1b3e srri @$AR1, $AC0.M
0091 00df 1456 lr $AC1.M, @0x1456
0093 0340 ffd0 andi $AC1.M, #0xffd0
0095 8417 clrp'mv : $AX1.L, $AC1.M
0096 0080 0000 lri $AR0, #0x0000
0098 0086 0000 lri $IX2, #0x0000
009a 0082 001f lri $AR2, #0x001f
009c 00de 15f6 lr $AC0.M, @0x15f6
009e 1408 lsl $ACC0, #8
009f 00df 1766 lr $AC1.M, @0x1766
00a1 0340 00ff andi $AC1.M, #0x00ff
00a3 1f5f mrr $AX0.H, $AC1.M
00a4 02bf 88e5 call 0x88e5
88e5 387a orr'l $AC0.M, $AX0.H : $AC1.M, @$AR2
88e6 18dd lrrd $AC1.L, @$AR2
88e7 4c05 add'dr $ACC0, $ACC1 : $AR1
88e8 1b5e srri @$AR2, $AC0.M
88e9 1a5c srr @$AR2, $AC0.L
00a6 1f1c mrr $AX0.L, $AC0.L
00a7 811e clr'mv $ACC0 : $AX1.H, $AC0.M
00a8 191e lrri $AC0.M, @$AR0
00a9 1478 lsr $ACC0, #-8
00aa 1ffc mrr $AC1.M, $AC0.L
00ab 1f5e mrr $AX0.H, $AC0.M
00ac 02bf 8809 call 0x8809
8809 392e orr'sn $AC1.M, $AX0.H : @$AR2, $AC1.L
880a 1b5f srri @$AR2, $AC1.M
00ae 02bf 8723 call 0x8723
8723 3300 xorr $AC1.M, $AX1.H
8724 1adf srrd @$AR2, $AC1.M
00b0 0006 dar $AR2
00b1 8106 clr'dr $ACC0 : $AR2
00b2 00de 166c lr $AC0.M, @0x166c
00b4 1404 lsl $ACC0, #4
00b5 0240 ff00 andi $AC0.M, #0xff00
00b7 00df 1231 lr $AC1.M, @0x1231
00b9 1578 lsr $ACC1, #-8
00ba 0340 00ff andi $AC1.M, #0x00ff
00bc 1f5f mrr $AX0.H, $AC1.M
00bd 02bf 88e5 call 0x88e5
88e5 387a orr'l $AC0.M, $AX0.H : $AC1.M, @$AR2
88e6 18dd lrrd $AC1.L, @$AR2
88e7 4c05 add'dr $ACC0, $ACC1 : $AR1
88e8 1b5e srri @$AR2, $AC0.M
88e9 1a5c srr @$AR2, $AC0.L
00bf 1f1c mrr $AX0.L, $AC0.L
00c0 811e clr'mv $ACC0 : $AX1.H, $AC0.M
00c1 191e lrri $AC0.M, @$AR0
00c2 1478 lsr $ACC0, #-8
00c3 1ffc mrr $AC1.M, $AC0.L
00c4 1f5e mrr $AX0.H, $AC0.M
00c5 02bf 8809 call 0x8809
8809 392e orr'sn $AC1.M, $AX0.H : @$AR2, $AC1.L
880a 1b5f srri @$AR2, $AC1.M
00c7 02bf 8723 call 0x8723
8723 3300 xorr $AC1.M, $AX1.H
8724 1adf srrd @$AR2, $AC1.M
00c9 8100 clr $ACC0
00ca 8900 clr $ACC1
00cb 00d1 0005 lr $AC1.H, @0x0005
00cd 9900 asr16 $ACC1
00ce 8200 cmp
00cf 0295 00e5 jz 0x00e5
00d1 0291 00f3 jl 0x00f3
00d3 0082 0010 lri $AR2, #0x0010
00d5 0086 0001 lri $IX2, #0x0001
00d7 00d0 171b lr $AC0.H, @0x171b
00d9 9100 asr16 $ACC0
00da 7d00 neg $ACC1
00db 4d00 add $ACC1, $ACC0
00dc 1501 lsl $ACC1, #1
00dd 1f5f mrr $AX0.H, $AC1.M
00de 00df 0003 lr $AC1.M, @0x0003
00e0 1504 lsl $ACC1, #4
00e1 02bf 8809 call 0x8809
8809 392e orr'sn $AC1.M, $AX0.H : @$AR2, $AC1.L
880a 1b5f srri @$AR2, $AC1.M
00e3 029f 0102 jmp 0x0102
:
00e5 0082 0011 lri $AR2, #0x0011
00e7 00df 0003 lr $AC1.M, @0x0003
00e9 1501 lsl $ACC1, #1
00ea 1f5f mrr $AX0.H, $AC1.M
00eb 00de 1043 lr $AC0.M, @0x1043
00ed 0240 fff0 andi $AC0.M, #0xfff0
00ef 02bf 88e5 call 0x88e5
88e5 387a orr'l $AC0.M, $AX0.H : $AC1.M, @$AR2
88e6 18dd lrrd $AC1.L, @$AR2
88e7 4c05 add'dr $ACC0, $ACC1 : $AR1
88e8 1b5e srri @$AR2, $AC0.M
88e9 1a5c srr @$AR2, $AC0.L
00f1 029f 0102 jmp 0x0102
:
00f3 0082 0010 lri $AR2, #0x0010
00f5 0086 0001 lri $IX2, #0x0001
00f7 00d0 1285 lr $AC0.H, @0x1285
00f9 9100 asr16 $ACC0
00fa 4d00 add $ACC1, $ACC0
00fb 1501 lsl $ACC1, #1
00fc 00de 0003 lr $AC0.M, @0x0003
00fe 1404 lsl $ACC0, #4
00ff 1f5e mrr $AX0.H, $AC0.M
0100 02bf 8809 call 0x8809
8809 392e orr'sn $AC1.M, $AX0.H : @$AR2, $AC1.L
880a 1b5f srri @$AR2, $AC1.M
:
0102 0083 0013 lri $AR3, #0x0013
0104 1b7e srri @$AR3, $AC0.M
0105 8923 clr's $ACC1 : @$AR3, $AC0.L
0106 0083 0013 lri $AR3, #0x0013
0108 00df 0007 lr $AC1.M, @0x0007
010a 00de 11b8 lr $AC0.M, @0x11b8
010c 0240 fff0 andi $AC0.M, #0xfff0
010e 1f5e mrr $AX0.H, $AC0.M
010f 02bf 81f4 call 0x81f4
81f4 b51e mulxac'mv $AX0.H, $AX1.L, $ACC1 : $AX1.H, $AC0.M
81f5 9909 asr16'ir $ACC1 : $AR1
81f6 1b7f srri @$AR3, $AC1.M
81f7 812b clr's $ACC0 : @$AR3, $AC1.L
0111 f100 lsl16 $ACC1
0112 02bf 8458 call 0x8458
8458 b51e mulxac'mv $AX0.H, $AX1.L, $ACC1 : $AX1.H, $AC0.M
8459 9900 asr16 $ACC1
845a 1b7f srri @$AR3, $AC1.M
845b 812b clr's $ACC0 : @$AR3, $AC1.L
0114 8f00 set40
0115 0082 0015 lri $AR2, #0x0015
0117 00de 0006 lr $AC0.M, @0x0006
0119 00da 165b lr $AX0.H, @0x165b
011b 02bf 88e5 call 0x88e5
88e5 387a orr'l $AC0.M, $AX0.H : $AC1.M, @$AR2
88e6 18dd lrrd $AC1.L, @$AR2
88e7 4c05 add'dr $ACC0, $ACC1 : $AR1
88e8 1b5e srri @$AR2, $AC0.M
88e9 1a5c srr @$AR2, $AC0.L
011d 14fd asr $ACC0, #-3
011e 1403 lsl $ACC0, #3
011f 1b5e srri @$AR2, $AC0.M
0120 1b5c srri @$AR2, $AC0.L
0121 0082 0016 lri $AR2, #0x0016
0123 00de 1723 lr $AC0.M, @0x1723
0125 14f4 asr $ACC0, #-12
0126 00da 166b lr $AX0.H, @0x166b
0128 02bf 88e5 call 0x88e5
88e5 387a orr'l $AC0.M, $AX0.H : $AC1.M, @$AR2
88e6 18dd lrrd $AC1.L, @$AR2
88e7 4c05 add'dr $ACC0, $ACC1 : $AR1
88e8 1b5e srri @$AR2, $AC0.M
88e9 1a5c srr @$AR2, $AC0.L
012a b100 tst $ACC0
012b 0290 012e jge 0x012e
012d 8100 clr $ACC0
:
012e 14fd asr $ACC0, #-3
012f 8e00 set16
0130 00df 1491 lr $AC1.M, @0x1491
0132 0340 d0f0 andi $AC1.M, #0xd0f0
0134 1cbf mrr $IX1, $AC1.M
0135 00df 1468 lr $AC1.M, @0x1468
0137 00d1 11fc lr $AC1.H, @0x11fc
0139 157c lsr $ACC1, #-4
013a 1cdf mrr $IX2, $AC1.M
013b 00d1 11b8 lr $AC1.H, @0x11b8
013d 9900 asr16 $ACC1
013e 1418 lsl $ACC0, #24
013f 1478 lsr $ACC0, #-8
0140 1f5e mrr $AX0.H, $AC0.M
0141 1ffe mrr $AC1.M, $AC0.M
0142 1f65 mrr $AX1.H, $IX1
0143 3600 andr $AC0.M, $AX1.H
0144 1402 lsl $ACC0, #2
0145 1f66 mrr $AX1.H, $IX2
0146 3700 andr $AC1.M, $AX1.H
0147 1501 lsl $ACC1, #1
0148 4c00 add $ACC0, $ACC1
0149 1518 lsl $ACC1, #24
014a 9900 asr16 $ACC1
014b 3500 andr $AC1.M, $AX0.H
014c 4c00 add $ACC0, $ACC1
014d 00df 0012 lr $AC1.M, @0x0012
014f 3f00 orc $AC1.M, $AC0.M
0150 00ff 0012 sr @0x0012, $AC1.M
0152 1470 lsr $ACC0, #-16
0153 00df 0011 lr $AC1.M, @0x0011
0155 3f00 orc $AC1.M, $AC0.M
0156 00ff 0011 sr @0x0011, $AC1.M
0158 1fa5 mrr $AC1.L, $IX1
0159 1501 lsl $ACC1, #1
015a 1fe6 mrr $AC1.M, $IX2
015b f100 lsl16 $ACC1
015c 15f8 asr $ACC1, #-8
015d f500 lsr16 $ACC1
015e 1f5f mrr $AX0.H, $AC1.M
015f 1f7d mrr $AX1.H, $AC1.L
0160 8100 clr $ACC0
0161 00de 0011 lr $AC0.M, @0x0011
0163 3400 andr $AC0.M, $AX0.H
0164 8900 clr $ACC1
0165 00df 0012 lr $AC1.M, @0x0012
0167 3500 andr $AC1.M, $AX0.H
0168 4c00 add $ACC0, $ACC1
0169 00df 0012 lr $AC1.M, @0x0012
016b 1578 lsr $ACC1, #-8
016c 4c00 add $ACC0, $ACC1
016d 8900 clr $ACC1
016e 1ffe mrr $AC1.M, $AC0.M
016f 1508 lsl $ACC1, #8
0170 3b00 orr $AC1.M, $AX1.H
0171 00de 0011 lr $AC0.M, @0x0011
0173 3e00 orc $AC0.M, $AC1.M
0174 00df 0012 lr $AC1.M, @0x0012
0176 3b00 orr $AC1.M, $AX1.H
0177 1cbf mrr $IX1, $AC1.M
0178 00da 15f1 lr $AX0.H, @0x15f1
017a 3500 andr $AC1.M, $AX0.H
017b 0295 0192 jz 0x0192
if () {
017d 00df 10e2 lr $AC1.M, @0x10e2
017f 1508 lsl $ACC1, #8
0180 1f5f mrr $AX0.H, $AC1.M
0181 00df 103b lr $AC1.M, @0x103b
0183 7900 decm $AC1.M
0184 3900 orr $AC1.M, $AX0.H
0185 3080 xorc $AC0.M, $AC1.M
0186 00fe 0022 sr @0x0022, $AC0.M
0188 00dc 1229 lr $AC0.L, @0x1229
018a 00dd 11f8 lr $AC1.L, @0x11f8
018c 5c00 sub $ACC0, $ACC1
018d f000 lsl16 $ACC0
018e 1fe5 mrr $AC1.M, $IX1
018f 3080 xorc $AC0.M, $AC1.M
0190 029f 01a5 jmp 0x01a5
} else {
0192 00df 10ca lr $AC1.M, @0x10ca
0194 1508 lsl $ACC1, #8
0195 1f5f mrr $AX0.H, $AC1.M
0196 00df 1043 lr $AC1.M, @0x1043
0198 7500 incm $AC1.M
0199 3900 orr $AC1.M, $AX0.H
019a 3080 xorc $AC0.M, $AC1.M
019b 00fe 0022 sr @0x0022, $AC0.M
019d 00dc 1259 lr $AC0.L, @0x1259
019f 00dd 16fe lr $AC1.L, @0x16fe
01a1 4c00 add $ACC0, $ACC1
01a2 f000 lsl16 $ACC0
01a3 1fe5 mrr $AC1.M, $IX1
01a4 3080 xorc $AC0.M, $AC1.M
}
01a5 00fe 0023 sr @0x0023, $AC0.M
// this is where result is written to main memory
// dsp mem 0x20-0x23 (8 bytes) are written back, because only values @22 and @23 were modified result is 32bit
01a7 00da 0008 lr $AX0.H, @0x0008 // cpu addr high
01a9 00d8 0009 lr $AX0.L, @0x0009 // cpu addr low
01ab 009b 0020 lri $AX1.H, #0x0020 // dsp addr
01ad 0099 0008 lri $AX1.L, #0x0008 // length
01af 0087 0000 lri $IX3, #0x0000 // there will be no iram dma
01b1 02bf 808b call 0x808b // dram->cpu <<<--- important!!
01b3 02df ret
}
01b4 0000 nop
01b5 0000 nop
01b6 0000 nop
01b7 0000 nop
01b8 0000 nop
01b9 0000 nop
01ba 0000 nop
01bb 0000 nop
01bc 0000 nop
01bd 0000 nop
01be 0000 nop
01bf 0000 nop
Reference in New Issue View Git Blame Copy Permalink