Lightning JIT support for better Performance on iDevices

[mk8itra1n]

I know currently right now you are using an ARM Interpreter for emulation of the Nintendo DS. It works great on iDevices that carry the A6 chip and higher but it is still pretty laggy as the device struggles to maintain 60FPS. My device in question is an iPhone 6 Plus and even that has issues maintaining 60FPS in some games. Devices that use the A5 chip and lower are completely unplayable at 4-5FPS ingame. Any updates about JIT support and when can we expect it in the near future

[SuperOkazaki]

iNDS has JIT. You just have to enable it in the settings.

[mk8itra1n]

iNDS has JIT? That's awesome brother. I checked the settings but I don't see the option to enable JIT in the settings?

[mk8itra1n]

I examined the app files of iNDS and I can see the code for some kind of Lightning JIT option that you are supposed to flip on and off but I can't seem to see it in the settings. I found the code for it in iFile

[ghost]

I want to find out how to enable this. If anyone can help I'd appreciate it.

[WilliamLCobb]

The JIT lighting code is there but doesn't work yet. I took the option out because all it did was crash the emulator. I'm going to try to work on JIT after finals and see if I can get it working.

[mk8itra1n]

I see. I saw in a video showcasing the Nitrogen DS emulator which iNDS is based off had the option of enabling Lightning JIT and there was a switch for it in the video. Maybe you could import the code from that emulator into iNDS...

[WilliamLCobb]

Oh cool. I'll take a look at that today. The DeSmuME core already has JIT implementation done so it should work fine on the iPhone

[mk8itra1n]

Is there an ETA on when you'll implement the JIT or is it a simple port over from Nitrogen?

[SuperOkazaki]

My bad, I was using an old build that still had it enabled. Sorry.

[mk8itra1n]

It's alright. The new build removes it due to crashing issues. Did you ever do gameplay with JIT on? How was it?

[WilliamLCobb]

I'm pretty sure Nitrogen's JIT lighting never quite worked (Please let me know if I'm wrong). I just tested it on every game in my library and it crashed on startup for all of them. I haven't looked enough into JIT yet to give you an ETA but i'll post any updates here.

[SuperOkazaki]

I've always used iNDS on a non-jailbroken iPhone, so I had no way of getting an accurate test. Sorry. I just saw the option.

[mk8itra1n]

@WilliamLCobb I'll be looking forward for the updates on JIT. Check out Nitrogen as I think they have Lightning JIT implemented in their emulator. Maybe you could port it to iNDS and give credit to them. And I saw your post on Twitter about being a beta tester for you. I'm interested in that also. Been involved with emulation on iOS since 2007 so I've seen all emulators, currently developed and discontinued👍

[WilliamLCobb]

Awesome, I'll let you know once I get those to a testable state. Also I did some debugging on their JIT implementation and these were the errors I got:

I'll see if I can figure out whats going on but I'll put them here incase someone see's something I'm not.

[mk8itra1n]

Let me know when you get them in a testible state on this thread here on Github or on Twitter. Looks like most of their JIT was implemented correctly and I'm sure the few errors you got there can be corrected with some fixing of the code

[ghost]

We need more people with experience in code to contribute I'm going to post an issue on the Nitrogen emulator to redirect people to this page. I feel as if not enough developers know about this. We need more pull request.

[WilliamLCobb]

I figured out the error. It's in the JIT initialization. I think I may know the fix and I'll post here later tonight or tomorrow morning with a progress update

[mk8itra1n]

@WilliamLCobb That's awesome that you found the fix for JIT. Will you push an update to Cydia to enable it in the settings?

[ghost]

👍🏻👍🏻👍🏻👍🏻👍🏻😊

[WilliamLCobb]

I haven't found the fix yet just the problem. In order for JIT to work, the device must be able to compile code, store it in memory and then execute it. Loading the code into memory is working fine but when the emu tries to execute it, we get the error above. I'm going to look at the PPSSPP code to see how they did JIT.

[mk8itra1n]

@WilliamLCobb Ah I see. I know the PPSSPP team faced a similar issue when their emulator came to iOS in 2013. Maybe you can examine their JIT code and implementation. Who knows you might find your answer how to fix the error that iNDS gets when you enable JIT👍

[WilliamLCobb]

Currently the problem lies in this line: mprotect(p, 1024, PROT_READ | PROT_EXEC)

I'm getting errno 22 which means invalid arguments. Not exactly sure why thats coming up but once it's solved JIT should be able to work.

[milch]

I think the problem is not mprotect, but how the alignment is currently handled. I managed to get the test case in main.m to run in my fork by using posix_memalign to allocate the buffer.

[WilliamLCobb]

Awesome! I'll put that in the JIT initialization in a little bit and see if that fixes it

[milch]

I'm playing around with it currently, but unfortunately it seems that more is broken with the compiler on iOS. Here's the error I'm currently getting:

[milch]

I just sent you a Pull Request to make it easier for you to integrate those changes.

[mk8itra1n]

@Milch @WilliamLCobb I checked out the pull request. Looks like it was closed so it seems you guys figured out the issue for JIT. Will initial JIT be implemented in the settings for the next iNDS update for Cydia?

[ghost]

@mk8itra1n have you tried to build the app using Xcode or terminal its more reliable than waiting for the cydia source to get updated. https://github.com/WilliamLCobb/iNDS/wiki/Building-INDS-Jailbroken

https://github.com/WilliamLCobb/iNDS/wiki/Building-INDS

[WilliamLCobb]

JIT is still not working, milch got it really close but it's not generating code correctly. I'm going to try it on a a 32bit device and see if that works

[milch]

Unfortunately it's really hard to work with the JIT code as there's no documentation and everything is hidden several levels deep in macros. If it's still generating armv6 it's possible that it will work on older devices, though.

[WilliamLCobb]

Yea it's a complete mess. It is emitting arm6 so it's not going to work on newer devices.

It's emitting real instructions on my iPad mini but I have yet to get any games to run without bad access errors.

[brujo5]

Jit not work in ios 9 + for 64 bits devices

Because pangu jalibreak broke some things (No full kernel patch). Need to wait for Taig team

If you want to enable somo tiny jit code take an look on the libretro desmume port (retroarch) but of curse will not work until an new stable jalibreak release.

[mk8itra1n]

@WilliamLCobb I think RetroArch has a Nintendo DS emulator but I'm not sure if they implemented JIT in their emulator. I think iOS 9 jailbreak by Pangu broke JIT. But now that iOS 9.2 has been released by Apple maybe a jailbreak will be released by TaiG that fixes JIT on newer devices

[milch]

I don't think it has anything to do with the Pangu jailbreak, it's more likely that the GNU Lightning implementation is simply outdated (looking at lightning_config.h it seems this is using a modified version 1.2 from 2004). I'm not sure if 64bit was even a theoretical thing back then in the ARM world.

In my opinion, the current JIT implementation probably would need to be replaced by something more current to work correctly (also, as I see it, the current implementation is very hard to maintain). Either some other emulator's JIT code is ported (e.g. if libretro has a working implementation) to this codebase, the current implementation is updated to the latest version of lightning (2.1 with a lot of breaking changes), or someone implements it from scratch using a more recent JIT engine.

[mk8itra1n]

Is there anyway the current JIT implementation can be fixed for ARM64 devices or will it have to be scrapped with a more recent JIT engine?

[brujo5]

@milch

NO.

This is due to a number of changes in both iOS 9 and how Pangu9 works. iOS 9 (and OS X 10.11) includes something Apple advertises as "Rootless Security"

Now, many people think "Rootless" means "there is no longer root on iOS/OSX" — no, that'd be crazy. "Rootless" (on iOS, at least) is actually called KPP — Kernel Patch Protection — something where iOS checksums the kernel constantly (ARM TrustZone functionality is how they're doing that without destroying battery life), and panics if anything is patched.

Because of this new security model in iOS, Pangu9 had to make a number of innovations in how the untether works — this is where I skip out on details. The core thing that affects PPSSPP and other projects requiring JIT/modifying of rwx memory pages is the fact that the kernel is no longer patched.

You see, no one's actually figured out how to break KPP. So Pangu9 does not actually patch the kernel, but rather does some [censored] magic to achieve most of what we see in past jailbreaks. Unfortunately, VM_PROTECT is not one of these things — this is what broke basically every JIT implementation out there.

Now, some of you with iOS 9 32-bit devices (iPhone 5, 5c, 4s; iPad 2, 3, 4; iPod touch 5) may have noticed that hey — PPSSPPBuildBot's PPSSPP builds have perfectly working JIT! This is because Pangu9 on 32-bit devices actually does patch the kernel, including VM_PROTECT ;P So JIT is fine for you.

thx to @ angelxwind

[milch]

@brujo5

Still, they must be doing something right.

If you don't believe me, go to main.m, put #define USE_TEMP_JIT at the top and try running it on a 64 bit device (I ran it on my iPhone 6+ 9.0.2, in case that matters).

The example in there has the arm64 assembly for a simple increment function in a buffer, allocates some memory on the heap, copies that buffer to the heap, activates the execute flag on the heap memory and then executes the function on the heap with a parameter of 1. It then correctly prints the result of 2 and exits successfully with no EXC_BAD_INSTRUCTION, EXC_BAD_ACCESS or any other errors thrown which should be impossible according to your explanation, unless I'm missing something.

The fact remains that what the JIT currently outputs on a 64bit device are not valid arm64 instructions and that won't change, even if the KPP needs to be patched before the JIT would theoretically work.

[mk8itra1n]

Looks like development of iNDS has come to a halt. I've seen no pull requests or changes on GitHub for it. Any news or anything on the JIT support?

[WilliamLCobb]

I'm busy this week studying for finals and applying for internships. Development will resume pretty soon.

JIT is going to be a pretty big hill to climb but I'm going to try and get it working

[mk8itra1n]

@WilliamLCobb Yep finals for me are next week. Best of luck to you brother✌️

[mk8itra1n]

In the meantime while your trying to get JIT working do you have any plans to increase FPS and speed for the software interpreter ?

[WilliamLCobb]

Just an update, I've been messing around with JIT some more and actually got a rom into the execution loop which is pretty good. But it gets BAD_ACCESS errors before anything on the screen even shows up. I'll update if anything else interesting happens

[mk8itra1n]

@WilliamLCobb thanks for the update brother👏 Oh and do let me know about the beta tester position if you still need one man👍

[brujo5]

@WilliamLCobb

That error is normal, just wait for an better jalibreak

"Kernel patch protection" is a security feature that stops the kernel from being modified (see https://en.wikipedia.org/wiki/Kernel_Patch_Protection; it's not a thing unique to iOS, even Windows XP had a form of it), so their jailbreak works by hacking the kernel, quickly modifying userspace to grant more permissions than there were before, then putting the kernel back to normal before KPP notices. My guess would be that the RWX patch was a kernel modification, and since the jailbreak can't persist a modified kernel, it can't apply any permanent kernel patches.

This doesn't mean you can't execute code in jailbroken iOS anymore; the solution would likely be to give an app the same permissions as Safari so that it can allocate RWX memory on startup, and design the emulator to use that API (however it works).

Pangu can't "apply the RWX patch" because kernel patch protection means you can't apply any patches [to the kernel].

[WilliamLCobb]

I've been testing it on a device on iOS 8 where protecting the kernel still works. If only I could find documentation for DeSmuME's JIT I might be able to get it to work.

[ghost]

http://filetrip.net/nds-downloads/emulators/download-desmume-099-jit-jit-f29543.html[/spoiler]

[WilliamLCobb]

I'm getting really close. JIT code is successfully compiling and executing for a few loops before memory errors.

[ghost]

great if you get it working well it could also be used in GC4IOS, you have some really good skills man.

[mk8itra1n]

@WilliamLCobb I can't wait for iNDS with JIT support. Looks like it won't be long now👍

[brujo5]

with this emulator envy least android..Well only envy Dolphin and MAME 0.167 emulators