SceVeneziaImage: Difference between revisions

From Vita Development Wiki
Jump to navigation Jump to search
(Created page with "The Venezia image module. = Module = This module is just image module. {| class="wikitable" |- ! Segment !! Description |- | Text || The module entry. |- | Data || The Vene...")
 
(Add information about the image (RE by GrapheneCt))
Line 1: Line 1:
The Venezia image module.
The VENEZIA binary image module.


= Module =
= Module =


This module is just image module.
This module doesn't contain any ARM code; instead, it holds the image for execution on the VENEZIA coprocessor.
 
The module doesn't import from any library, and doesn't export any library.


{| class="wikitable"
{| class="wikitable"
|+ Module layout description
|-
|-
! Segment !! Description
! Segment !! Description
|-
|-
| Text || The module entry.
| <code>.text</code> || Module metadata (<code>SceModuleInfo</code>, etc)
|-
|-
| Data || The Venezia image data.
| <code>.data</code> || VENEZIA image
|}
|}


Venezia image data is an executable binary for the MeP language.
The VENEZIA image is an executable binary for the MeP architecture. The binary is copied to physical address <code>0x40800000</code> by [[SceSblFwLoader]] (mapped at vaddr <code>0x28200000</code>).
 
On the VENEZIA MeP cores, the image is visible at address <code>0x800000</code> (i.e. the binary's base address is <code>0x800000</code>).
 
= Image =
 
== General information ==
 
The image contains MeP code for SceNgs, SceAudioDec, JPEG encoder, decoder and CSC.
 
The MP3 decoder used is <code>SoCrates MP3 Decoder FIXED-1-16</code>.
 
The AAC decoder used is <code>Toshiba Enhanced MPEG-4 ADTS & RAW AACPLUS LC Decoder (Fixed Point) 0-04</code>.


Binary base address is <code>0x800000</code>.
All offsets in the following sections are relative to the start of the image, for <code>vnzimg.skprx</code> from firmware ???.
 
More information is available in the [https://github.com/GrapheneCt/VVNZRunner/ VVNZRunner GitHub repository].
 
== RPC calls ==
 
MeP code parses RPC calls from ARM (issued with <code>sceVeneziaRpcCallGenericThunk()</code> in a function at 0x11482. It maps RPC call ID to a function with the following code:
<source lang="C">
void* get_function_by_id(int id) {
    if (id >= 0x200)
        return NULL;
    return FUNCTABLE[id];
}
 
FUNCTABLE is located at 0xEADD0 and cointains pointers to other functions. An example of such a function is <code>vnsJpegEncoderEncode</code> located at 0x1F988.
 
</source>
 
== VENEZIA memory model ==
 
Venezia works with memory by using physical addresses directly
However since Venezia supports threading it includes memory mapping model to prevent race conditions
This model is described in detail in the [https://patents.google.com/patent/US20120324167A1/ US20120324167A1 patent].
 
=== PRIVATE state ===
In this state, only a task that has changed a memory region to
this state is permitted to perform a read/write access
by the L1C/L2C. This access is achieved by accessing a
virtual address that is mapped in a physical memory by the
L1 CFL2C.
 
=== PROTECTED state ===
In this state, one or more tasks that belong to the
same process and that have requested a transition to this state
are permitted to perform a read access by the L1C/L2C. A task
is not permitted to perform a write access to a memory region
in this state.
 
=== PUBLIC state ===
In this state, tasks of which mapping set by the ATU
is the same, that is, tasks that belong to the same process,
share data. However, a task cannot directly access a memory region
in this state. Only tasks that belong to the same process
are permitted to access, after changing a memory in this state
to the PRIVATE state or the PROTECTED state
 
=== UNMANAGED state ===
This state is a state that is not managed by the kernel.
That is, this is a portion excluding the kernel management region
out of memory regions that the memory has. Because the kernel
does not manage consistency of caches in a memory region in this state,
a task must hold consistency of the caches by taking responsibility,
when a task uses this memory region.
 
Any memory must be switched to at least PUBLIC state to ensure cache coherence.
 
== Functions ==
The VENEZIA image includes the following functions:
 
=== Toshiba functions ===
Those functions are described in the [https://patents.google.com/patent/US20120324167A1/ US20120324167A1 patent].
 
{| class="wikitable"
! Offset !! Function
|-
| 0x11A30 || <code>enter_memory_access_protocol</code>
|-
| 0x11ADC || <code>leave_memory_access_protocol</code>
|-
| 0x11E02 || <code>open_private_memory</code>
|-
| 0x11D34 || <code>open_protected_memory</code>
|-
| 0x11C4E || <code>open_public_memory</code>
|-
| 0x11E76 || <code>close_private_memory</code>
|-
| 0x11DA8 || <code>close_protected_memory</code>
|-
| 0x11CBC || <code>close_public_memory</code>
|}
 
=== Sony functions ===
These functions are wrappers for the Toshiba functions, written by SCE.
 
See [https://github.com/GrapheneCt/VVNZRunner/blob/main/sample_mep/include/vnz/memory.h vnz/memory.h].
 
== VENEZIA threads ==
 
VENEZIA can run up to 7 threads in parallel (one on each core). Threads are assigned to cores automatically and have a priority system.
 
See [https://github.com/GrapheneCt/VVNZRunner/blob/main/sample_mep/include/vnz/vthread.h vnz/vthread.h].
 
== Generic functions ==
 
{| class="wikitable"
! Offset !! Function
|-
! colspan="2" | C stdlib
|-
| 0x124F28 || <code>memset</code>
|-
| 0x124F3C || <code>abs</code>
|-
| 0x124F48 || <code>memcpy</code>
|-
| 0x124F60 || <code>memmove</code>
|-
! colspan="2" | [https://gcc.gnu.org/onlinedocs/gccint/Soft-float-library-routines.html softfp functions]
|-
| 0x124F90 || <code>__mulsf3</code>
|-
| 0x125268 || <code>__divsf3</code>
|-
| 0x125324 || <code>__eqsf2</code>
|-
| 0x125686 || <code>__fixsfsi</code>
|-
| 0x1256DC || <code>__floatsisf</code>
|-
| 0x1253F0 || <code>__gesf2</code>
|-
| 0x12536A || <code>__gtsf2</code>
|-
| 0x1254FC || <code>__lesf2</code>
|-
| 0x125476 || <code>__ltsf2</code>
|-
| 0x1252DE || <code>__nesf2</code>
|}

Revision as of 12:32, 3 September 2022

The VENEZIA binary image module.

Module

This module doesn't contain any ARM code; instead, it holds the image for execution on the VENEZIA coprocessor.

The module doesn't import from any library, and doesn't export any library.

Module layout description
Segment Description
.text Module metadata (SceModuleInfo, etc)
.data VENEZIA image

The VENEZIA image is an executable binary for the MeP architecture. The binary is copied to physical address 0x40800000 by SceSblFwLoader (mapped at vaddr 0x28200000).

On the VENEZIA MeP cores, the image is visible at address 0x800000 (i.e. the binary's base address is 0x800000).

Image

General information

The image contains MeP code for SceNgs, SceAudioDec, JPEG encoder, decoder and CSC.

The MP3 decoder used is SoCrates MP3 Decoder FIXED-1-16.

The AAC decoder used is Toshiba Enhanced MPEG-4 ADTS & RAW AACPLUS LC Decoder (Fixed Point) 0-04.

All offsets in the following sections are relative to the start of the image, for vnzimg.skprx from firmware ???.

More information is available in the VVNZRunner GitHub repository.

RPC calls

MeP code parses RPC calls from ARM (issued with sceVeneziaRpcCallGenericThunk() in a function at 0x11482. It maps RPC call ID to a function with the following code:

void* get_function_by_id(int id) {
    if (id >= 0x200)
        return NULL;
    return FUNCTABLE[id];
}

FUNCTABLE is located at 0xEADD0 and cointains pointers to other functions. An example of such a function is <code>vnsJpegEncoderEncode</code> located at 0x1F988.

VENEZIA memory model

Venezia works with memory by using physical addresses directly However since Venezia supports threading it includes memory mapping model to prevent race conditions This model is described in detail in the US20120324167A1 patent.

PRIVATE state

In this state, only a task that has changed a memory region to this state is permitted to perform a read/write access by the L1C/L2C. This access is achieved by accessing a virtual address that is mapped in a physical memory by the L1 CFL2C.

PROTECTED state

In this state, one or more tasks that belong to the same process and that have requested a transition to this state are permitted to perform a read access by the L1C/L2C. A task is not permitted to perform a write access to a memory region in this state.

PUBLIC state

In this state, tasks of which mapping set by the ATU is the same, that is, tasks that belong to the same process, share data. However, a task cannot directly access a memory region in this state. Only tasks that belong to the same process are permitted to access, after changing a memory in this state to the PRIVATE state or the PROTECTED state

UNMANAGED state

This state is a state that is not managed by the kernel. That is, this is a portion excluding the kernel management region out of memory regions that the memory has. Because the kernel does not manage consistency of caches in a memory region in this state, a task must hold consistency of the caches by taking responsibility, when a task uses this memory region.

Any memory must be switched to at least PUBLIC state to ensure cache coherence.

Functions

The VENEZIA image includes the following functions:

Toshiba functions

Those functions are described in the US20120324167A1 patent.

Offset Function
0x11A30 enter_memory_access_protocol
0x11ADC leave_memory_access_protocol
0x11E02 open_private_memory
0x11D34 open_protected_memory
0x11C4E open_public_memory
0x11E76 close_private_memory
0x11DA8 close_protected_memory
0x11CBC close_public_memory

Sony functions

These functions are wrappers for the Toshiba functions, written by SCE.

See vnz/memory.h.

VENEZIA threads

VENEZIA can run up to 7 threads in parallel (one on each core). Threads are assigned to cores automatically and have a priority system.

See vnz/vthread.h.

Generic functions

Offset Function
C stdlib
0x124F28 memset
0x124F3C abs
0x124F48 memcpy
0x124F60 memmove
softfp functions
0x124F90 __mulsf3
0x125268 __divsf3
0x125324 __eqsf2
0x125686 __fixsfsi
0x1256DC __floatsisf
0x1253F0 __gesf2
0x12536A __gtsf2
0x1254FC __lesf2
0x125476 __ltsf2
0x1252DE __nesf2