notaz
commented
6 years ago Not without some additional details.
So there are some games that do work? Any details about the exception? Can you dump the memory around the crashing instruction?
Open bubble2k16 opened 6 years ago
notaz
commented
6 years ago Not without some additional details.
So there are some games that do work? Any details about the exception? Can you dump the memory around the crashing instruction?
bubble2k16
commented
6 years ago I was trying Virtual Racing Deluxe (JP) [!].32x. I get very random ARM11 exceptions.
In this exception, it occured just less than 1 second after the SEGA logo disappears and the intro demo starts.
Processor: ARM 11 (core 0) Exception Type: data abort R0 - FF560000 R1 - 005A2658 R2 - EAF8D66E R3 - 003D8014 R4 - 003A2004 R5 - 00000000 R6 - 00000000 R7 - 0000000C R8 - 40004C7C R9 - 0000007B R10 - 00000001 R11 - 00000000 R12 - 00000000 SP - 08007B10 LR - 00176544 PC - 003D8004 CPSR - 4000021C FPEXC - 40000700
Most of the crashes always happen in between 0x00300000 and 0x00600000, which supposedly is the dynarec cache.
Not too sure how I can dump the memory. Let me what's the dump output by Luma3DS.
bubble2k16
commented
6 years ago Ok I've got a more detailed dump here:
Processor: ARM11 (core 0)
Exception type: data abort
Fault status: Translation - Section
Current process: PicoDriv (0004000000384c00)
Register dump:
r0 ff560000 r1 005a2658
r2 eaf8d66e r3 003d8014
r4 003a2004 r5 00000000
r6 00000000 r7 0000000c
r8 40004c7c r9 0000007b
r10 00000001 r11 00000000
r12 00000000 sp 08007b10
lr 00176544 pc 003d8004
cpsr 4000021c dfsr 00000805
ifsr 00001007 far 00000000
fpexc 40000700 fpinst eeb48a67
fpinst2 eeb48a67
FAR 00000000 Access type: Write
Code dump:
3d7fd8: 00000000 andeq r0, r0, r0
3d7fdc: 00000000 andeq r0, r0, r0
3d7fe0: 00000000 andeq r0, r0, r0
3d7fe4: 00000000 andeq r0, r0, r0
3d7fe8: 00000000 andeq r0, r0, r0
3d7fec: 00000000 andeq r0, r0, r0
3d7ff0: 00000000 andeq r0, r0, r0
3d7ff4: 00000000 andeq r0, r0, r0
3d7ff8: 00000000 andeq r0, r0, r0
3d7ffc: 00000000 andeq r0, r0, r0
3d8000: e1a00000 nop ; (mov r0, r0)
3d8004: e88b01f0 stm r11, {r4, r5, r6, r7, r8}
Stack dump:
08007b10: 00 30 00 00 d8 1f 43 08 02 7e 00 08 00 00 00 00 |.0....C..~......|
08007b20: 02 00 00 00 b3 60 00 00 02 00 00 00 94 04 00 c0 |.....`..........|
08007b30: 90 04 00 c0 00 00 00 00 28 1f 61 40 00 00 00 00 |........(.a@....|
08007b40: 00 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 |................|
08007b50: 50 f3 43 08 00 00 00 00 01 00 00 00 00 00 00 00 |P.C.............|
08007b60: 4c 1e 61 00 a8 0d 56 00 78 d3 00 00 d8 1f 43 08 |L.a...V.x.....C.|
08007b70: 94 04 00 c0 94 04 00 c0 0a 00 00 00 04 00 00 00 |................|
08007b80: 00 04 00 c0 c4 04 00 c0 b4 01 00 c0 30 02 00 c0 |............0...|
08007b90: a0 81 55 00 00 00 00 00 00 00 00 00 74 71 15 00 |..U.........tq..|
08007ba0: 0a 00 00 00 18 7f 00 08 84 ec 55 00 50 97 55 00 |..........U.P.U.|
08007bb0: f8 97 55 00 00 00 00 00 3e 7d 00 08 18 7f 00 08 |..U.....>}......|
08007bc0: 00 00 00 00 0a 00 00 00 b8 18 20 00 a0 cc 27 00 |.......... ...'.|
08007bd0: 80 7c 00 08 a4 7c 00 08 50 d5 27 00 1c c0 1d 00 |.|...|..P.'.....|
08007be0: 1c d1 27 00 80 7c 00 08 00 00 00 00 00 00 00 00 |..'..|..........|
08007bf0: 00 00 00 00 03 00 00 00 02 00 00 00 00 00 00 00 |................|
08007c00: f8 0b 56 00 88 08 56 00 f4 85 59 00 20 19 5a 00 |..V...V...Y. .Z.|
08007c10: 02 00 00 00 00 00 00 00 00 00 00 00 3e 7d 00 08 |............>}..|
08007c20: 00 00 00 00 00 00 00 00 14 ed 55 00 e8 97 55 00 |..........U...U.|
08007c30: 4c 98 55 00 00 00 00 00 00 00 00 00 00 00 00 00 |L.U.............|
08007c40: 50 a7 1f 00 01 00 00 00 00 00 00 00 00 00 00 00 |P...............|
08007c50: 00 00 00 00 a8 7f 00 08 00 00 00 00 00 00 00 00 |................|
08007c60: 00 00 00 00 03 00 00 00 00 00 00 00 00 00 00 00 |................|
08007c70: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
08007c80: e4 0b 56 00 7c 08 56 00 cc 85 59 00 00 19 5a 00 |..V.|.V...Y...Z.|
08007c90: 9c 7c 00 08 00 00 00 00 00 00 00 00 cc a3 1f 00 |.|..............|
08007ca0: 0a 00 00 00 3e 7d 00 08 28 00 00 c0 10 02 00 c0 |....>}..(.......|
08007cb0: f8 01 00 c0 a0 cc 27 00 48 6a 23 00 50 28 1e 00 |......'.Hj#.P(..|
08007cc0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
08007cd0: 00 00 00 00 fc cf 27 00 00 00 00 00 00 00 00 00 |......'.........|
08007ce0: 00 00 00 00 00 00 00 00 ec cd 1f 00 00 00 00 00 |................|
08007cf0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
08007d00: 00 04 00 c0 c4 04 00 c0 b4 01 00 c0 30 02 00 c0 |............0...|
08007d10: 20 02 00 00 24 02 00 00 28 02 00 00 00 00 00 00 | ...$...(.......|
08007d20: 00 00 00 00 00 00 00 00 74 33 00 06 78 33 00 06 |........t3..x3..|
08007d30: 70 33 00 06 ac 44 00 06 b0 44 00 06 b4 44 31 34 |p3...D...D...D14|
08007d40: ff ff ff ff 00 00 00 00 00 00 00 00 00 00 00 00 |................|
08007d50: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
08007d60: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
08007d70: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
08007d80: 3e 04 00 c0 40 04 00 c0 5c 01 00 c0 90 00 00 c0 |>...@...\.......|
08007d90: f0 fe 55 ff 1c 4e 00 40 f0 fe 55 ff 1c 4e 00 40 |..U..N.@..U..N.@|
08007da0: 08 2c 01 08 d8 21 1d 00 02 00 00 04 00 00 05 04 |.,...!..........|
08007db0: 04 05 06 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
08007dc0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
08007dd0: 00 00 00 00 00 00 00 00 60 ce 52 08 a0 cc 27 00 |........`.R...'.|
08007de0: 10 27 01 08 d8 21 1d 00 f0 fe 55 ff 1c 4e 00 40 |.'...!....U..N.@|
08007df0: f0 fe 55 ff 1c 4e 00 40 10 27 01 08 d8 21 1d 00 |..U..N.@.'...!..|
08007e00: 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
08007e10: 00 00 00 00 00 00 00 00 00 00 00 00 02 00 00 00 |................|
08007e20: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
08007e30: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
08007e40: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
08007e50: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
08007e60: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
08007e70: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
08007e80: c0 07 00 c0 80 07 00 c0 e2 ff 3b 00 31 00 53 00 |..........;.1.S.|
08007e90: 44 00 00 00 3b 00 00 00 50 ff 00 06 21 a0 04 00 |D...;...P...!...|
08007ea0: 4c 1e 61 00 40 80 3d 00 4c 1e 61 00 f3 03 00 00 |L.a.@.=.L.a.....|
08007eb0: 4c 1e 61 00 4c 2e 61 00 4c 1e 61 00 4c 2e 61 00 |L.a.L.a.L.a.L.a.|
08007ec0: f1 27 10 03 18 f7 5e 00 8c 1d 61 00 c8 21 17 00 |.'....^...a..!..|
08007ed0: 04 44 61 00 09 29 10 03 4c 1e 61 00 a4 2a 19 00 |.Da..)..L.a..*..|
08007ee0: ff 00 00 00 00 00 00 00 00 00 00 00 38 e7 28 00 |............8.(.|
08007ef0: de 71 07 b8 e0 58 3a 00 53 61 10 03 f1 27 10 03 |.q...X:.Sa...'..|
08007f00: 05 01 00 00 38 7f 63 00 14 1c 61 00 06 00 00 00 |....8.c...a.....|
08007f10: 12 00 00 00 12 00 00 00 06 00 00 00 06 01 00 00 |................|
08007f20: 00 00 00 1f dc 69 23 00 00 00 00 00 dc 1b 61 00 |.....i#.......a.|
08007f30: 38 e7 28 00 de 71 07 b8 60 21 28 00 08 37 28 00 |8.(..q..`!(..7(.|
08007f40: c0 cb 2c 00 94 73 16 00 ff ff ff ff ff 00 00 00 |..,..s..........|
08007f50: c8 10 fd ff 00 00 00 00 08 20 3a 00 00 05 00 c0 |......... :.....|
08007f60: 7c 4c 00 40 7b 00 00 00 01 00 00 00 08 2c 01 08 ||L.@{........,..|
08007f70: c8 7a 00 08 08 66 f0 ff 00 00 16 44 00 00 00 00 |.z...f.....D....|
08007f80: 00 00 00 00 00 00 00 00 38 e7 28 00 de 71 07 b8 |........8.(..q..|
08007f90: 60 21 28 00 08 37 28 00 c0 cb 2c 00 64 84 15 00 |`!(..7(...,.d...|
08007fa0: 7f 7f 7f 00 ff ff ff ff 44 e7 28 00 02 00 00 00 |........D.(.....|
08007fb0: 08 37 28 00 01 00 00 00 00 00 00 00 00 00 00 00 |.7(.............|
08007fc0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
08007fd0: 00 00 00 00 60 21 28 00 08 37 28 00 00 00 00 00 |....`!(..7(.....|
08007fe0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
08007ff0: 00 00 00 00 24 87 15 00 00 07 00 40 64 7e 14 00 |....$......@d~..|This is the picodrive_3ds.lst of all addresses:
003d7194 00000004 B __malloc_max_sbrked_mem 003d7198 00000004 B malloc_top_pad 003d719c 00000028 B malloc_current_mallinfo 003d8000 00000004 B tcache 003d9000 00200000 B tcache_default 005d9000 00000004 B PicoGameLoaded 005d9004 00000004 B PicoCartUnloadHook 005d9008 00000004 B PicoCartMemSetup
bubble2k16
commented
6 years ago This is another crash. Also within Virtual Racing Deluxe JP [!]. This happened only after about 4-5 seconds after the demonstration started.
Processor: ARM11 (core 0)
Exception type: data abort
Fault status: Translation - Section
Current process: PicoDriv (0004000000384c00)
Register dump:
r0 00000000 r1 fff1a828
r2 fffd10c8 r3 c00005b6
r4 08007b00 r5 00000001
r6 00238b40 r7 00611c14
r8 00009068 r9 00612e4c
r10 80000000 r11 00000000
r12 00000000 sp ff55ff00
lr fff06608 pc 0055afcc
cpsr 600f0193 dfsr 00000805
ifsr 00001007 far 00000040
fpexc 40000700 fpinst eeb48a67
fpinst2 eeb48a67
FAR 00000040 Access type: Write
Code dump:
55afa0: e3822c05 orr r2, r2, #1280 ; 0x500
55afa4: e3822103 orr r2, r2, #-1073741824 ; 0xc0000000
55afa8: e58b2048 str r2, [r11, #72] ; 0x48
55afac: e3a03f83 mov r3, #524 ; 0x20c
55afb0: e3833b01 orr r3, r3, #1024 ; 0x400
55afb4: e3833103 orr r3, r3, #-1073741824 ; 0xc0000000
55afb8: e58b3040 str r3, [r11, #64] ; 0x40
55afbc: eafff8e9 b 0x559368
55afc0: e3a030b6 mov r3, #182 ; 0xb6
55afc4: e3833c05 orr r3, r3, #1280 ; 0x500
55afc8: e3833103 orr r3, r3, #-1073741824 ; 0xc0000000
55afcc: e58b3040 str r3, [r11, #64] ; 0x40
Stack dump:
ff55ff00: 74 af 55 00 b6 05 00 c0 08 20 3a 00 00 06 00 c0 |t.U...... :.....|
ff55ff10: 00 00 00 00 00 00 00 00 05 00 00 00 04 7d 43 08 |.............}C.|
ff55ff20: 04 20 3a 00 08 2c 01 08 10 7b 00 08 44 65 17 00 |. :..,...{..De..|
ff55ff30: d0 96 1c 00 10 00 0f 20 fe ff ff ff ff ff ff ff |....... ........|
ff55ff40: ff ff ff ff ff ff ff 3f 00 01 00 7b 00 00 00 00 |.......?...{....|
ff55ff50: c8 10 fd ff 01 00 00 00 40 8b 23 00 14 1c 61 00 |........@.#...a.|
ff55ff60: 68 90 00 00 4c 2e 61 00 00 00 00 80 00 00 00 00 |h...L.a.........|
ff55ff70: f8 fe 55 ff 08 66 f0 ff 00 00 00 00 00 00 00 00 |..U..f..........|
ff55ff80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
ff55ff90: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
ff55ffa0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
ff55ffb0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
ff55ffc0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
ff55ffd0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
ff55ffe0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
ff55fff0: 00 00 00 00 00 00 00 00 00 07 00 40 00 00 c0 03 |...........@....|Hmm looks pretty random, and the register state doesn't look like it should when executing that code. If it was a dynarec bug, you'd get more similar looking crashes each time. It suggests a problem with cache flushing, make sure ctr_flush_invalidate_cache() gets actually called, also that svcBackdoor is working and calling the actual flushing code. If multiple cores can run this code, other cores may also need flushing, but I have no idea how to achieve that on 3DS.
I've also noticed ctr_flush_invalidate_cache() is missing a barrier, so added that and pushed, no idea if it will help though.
bubble2k16
commented
6 years ago Yes, it's extremely random. Cache flushing and the 3DS OS randomly resetting my RWX permissions on memory were a few things I thought of. But other games like Chaotix and Tempo run very far into the game without crashing; so my gut feel is maybe something else was the reason instead.
I'll go on investigating. :)
notaz
commented
6 years ago Cache flushing itself should be unable to do change permissions, my guess would be svcBackdoor thing is to blame there (whatever it's doing).
Unlike other games, Virtual Racing is constantly overwriting code in RAM which is causing lots of recompilations and cache flushes, so it's stressing that part a lot.
Hi notaz, I just ported your PicoDrive to the 3DS (non Retroarch version).
I'm having problems with some 32X games (Virtual Racing Deluxe, Virtual Fighter) crashing with an ARM11 exception. The same problem also seems to happen with the Retroarch version on the 3DS.
Any guesses why and any advice?