Emulator Issues #3813
closed
Zelda : Twilight Princess (Japanese) can't get past loading screen
0%
Description
What's the problem?
Zelda : Twilight Princess (Japanese) can't get past the loading screen
If MMU enabled
or
If MMU speed hack and EFB copy are enabled, black screen with VPS but no FPS forever.
If default settings are used, dolphin crashes with no console messages
Dolphin version with the problem (as it appears in the title bar, Ex.: "R
4779" or "R 6403M"):
r6701
(optional) Dolphin version that does not have the problem:
Operating system and version:
Linux
32-bit or 64-bit:
64-bit
Game ID (as it appears in game properties, Ex.: "GZ2P01" or "RSBE01"):
GZ2J01
Build command-line (not on Windows):
Was the ISO a plain dump from disc, compressed and/or scrubbed?
ISO
Please provide any additional information below.
Updated by james.jdunne over 13 years ago
- Status changed from New to Questionable
Please re-test this with r6714. May have been related to issue 3822?
Updated by chadernook over 13 years ago
gdb with 'thread apply all bt' gave me no useful information, all the threads that had stack traces (not dynamically recompiled) couldn't possibly have caused the crash because they were sleeping.
Updated by BhaaL over 13 years ago
Can you provide a bt/disas (+/-20 instructions) of the dynarec threads?
Updated by chadernook over 13 years ago
Okay, I've got
(gdb) x/64i 0x0000000040c49818
0x40c49818: jmpq 0x42a00085
0x40c4981d: mov -0x402a7cef(%rip),%edi # 0x9a1b34 <_ZN7PowerPC8ppcStateE+628>
0x40c49823: add $0x0,%edi
0x40c49829: test $0xc000000,%edi
0x40c4982f: je 0x40c49838
0x40c49831: callq 0x4050017a
0x40c49836: jmp 0x40c4983e
0x40c49838: mov 0x0(%rbx,%rdi,1),%eax
0x40c4983c: bswap %eax
0x40c4983e: mov %eax,-0x402a7d74(%rip) # 0x9a1ad0 <_ZN7PowerPC8ppcStateE+528>
0x40c49844: mov -0x402a7d7a(%rip),%ebp # 0x9a1ad0 <_ZN7PowerPC8ppcStateE+528>
0x40c4984a: cmp -0x402a7d14(%rip),%ebp # 0x9a1b3c <_ZN7PowerPC8ppcStateE+636>
0x40c49850: jl 0x40c49866
0x40c49852: jg 0x40c4985d
0x40c49854: movb $0x2,-0x402a7b0f(%rip) # 0x9a1d4c <_ZN7PowerPC8ppcStateE+1164>
0x40c4985b: jmp 0x40c4986f
0x40c4985d: movb $0x4,-0x402a7b18(%rip) # 0x9a1d4c <_ZN7PowerPC8ppcStateE+1164>
0x40c49864: jmp 0x40c49885
0x40c49866: movb $0x8,-0x402a7b21(%rip) # 0x9a1d4c <_ZN7PowerPC8ppcStateE+1164>
0x40c4986d: jmp 0x40c49885
0x40c4986f: subl $0x3,-0x40302252(%rip) # 0x947624 <_ZN10CoreTiming9downcountE>
0x40c49876: movl $0x80336e28,-0x402a7b40(%rip) # 0x9a1d40 <_ZN7PowerPC8ppcStateE+1152>
0x40c49880: jmpq 0x42a00027
0x40c49885: subl $0x3,-0x40302268(%rip) # 0x947624 <_ZN10CoreTiming9downcountE>
0x40c4988c: jmpq 0x40c4989c
0x40c49891: mov $0x80336d10,%edi
0x40c49896: jmpq 0x42a00027
0x40c4989b: int3
0x40c4989c: ja 0x40c498ad
0x40c4989e: movl $0x80336d10,-0x402a7b68(%rip) # 0x9a1d40 <_ZN7PowerPC8ppcStateE+1152>
0x40c498a8: jmpq 0x42a00085
0x40c498ad: testb $0x8,-0x402a7b68(%rip) # 0x9a1d4c <_ZN7PowerPC8ppcStateE+1164>
0x40c498b4: jne 0x40c498cc
0x40c498b6: subl $0x1,-0x40302299(%rip) # 0x947624 <_ZN10CoreTiming9downcountE>
0x40c498bd: jmpq 0x40c4a29c
0x40c498c2: mov $0x80336d64,%edi
0x40c498c7: jmpq 0x42a00027
0x40c498cc: subl $0x1,-0x403022af(%rip) # 0x947624 <_ZN10CoreTiming9downcountE>
0x40c498d3: jmpq 0x40c498e4
0x40c498d8: mov $0x80336d14,%edi
0x40c498dd: jmpq 0x42a00027
0x40c498e2: int3
0x40c498e3: int3
0x40c498e4: ja 0x40c498f5
0x40c498e6: movl $0x80336d14,-0x402a7bb0(%rip) # 0x9a1d40 <_ZN7PowerPC8ppcStateE+1152>
0x40c498f0: jmpq 0x42a00085
0x40c498f5: cmpl $0x494e4631,-0x402a7e2f(%rip) # 0x9a1ad0 <_ZN7PowerPC8ppcStateE+528>
0x40c498ff: movl $0x494e4631,-0x402a7e49(%rip) # 0x9a1ac0 <_ZN7PowerPC8ppcStateE+512>
0x40c49909: movl $0x494e0000,-0x402a7e47(%rip) # 0x9a1acc <_ZN7PowerPC8ppcStateE+524>
0x40c49913: jl 0x40c49929
0x40c49915: jg 0x40c49920
0x40c49917: movb $0x2,-0x402a7bd2(%rip) # 0x9a1d4c <_ZN7PowerPC8ppcStateE+1164>
0x40c4991e: jmp 0x40c49932
0x40c49920: movb $0x4,-0x402a7bdb(%rip) # 0x9a1d4c <_ZN7PowerPC8ppcStateE+1164>
0x40c49927: jmp 0x40c49948
0x40c49929: movb $0x8,-0x402a7be4(%rip) # 0x9a1d4c <_ZN7PowerPC8ppcStateE+1164>
0x40c49930: jmp 0x40c49948
0x40c49932: subl $0x4,-0x40302315(%rip) # 0x947624 <_ZN10CoreTiming9downcountE>
0x40c49939: jmpq 0x40c49960
0x40c4993e: mov $0x80336db4,%edi
0x40c49943: jmpq 0x42a00027
0x40c49948: subl $0x4,-0x4030232b(%rip) # 0x947624 <_ZN10CoreTiming9downcountE>
0x40c4994f: jmpq 0x40c4b690
0x40c49954: mov $0x80336d24,%edi
where 'thread apply all bt' gives:
Thread 8 (Thread 0x7fffd0286710 (LWP 1137)):
#0 0x00007ffff22f223c in pthread_cond_wait@@GLIBC_2.3.2 () from /lib/libpthread.so.0
#1 0x00007fffe07f77e4 in Common::Event::Wait(unsigned int) () from /usr/local/lib/dolphin-emu/libPlugin_DSP_HLE.so
#2 0x00007fffe07fa545 in OpenALStream::SoundLoop() () from /usr/local/lib/dolphin-emu/libPlugin_DSP_HLE.so
#3 0x00007fffe07fa1aa in OpenALStream::ThreadFunc(void*) () from /usr/local/lib/dolphin-emu/libPlugin_DSP_HLE.so
#4 0x00007ffff22ed894 in start_thread () from /lib/libpthread.so.0
#5 0x00007ffff205f27d in clone () from /lib/libc.so.6
Thread 7 (Thread 0x7fffcafff710 (LWP 1136)):
#0 0x00007ffff20565c3 in poll () from /lib/libc.so.6
#1 0x00007fffe5eac3ae in snd1_pcm_wait_nocheck () from /usr/lib/libasound.so.2
#2 0x00007fffe02ca635 in ALSAProc () from /usr/lib/libopenal.so.1
#3 0x00007fffe02c647a in StarterFunc () from /usr/lib/libopenal.so.1
#4 0x00007ffff22ed894 in start_thread () from /lib/libpthread.so.0
#5 0x00007ffff205f27d in clone () from /lib/libc.so.6
Thread 4 (Thread 0x7fffd0803710 (LWP 1122)):
#0 0x0000000040c49838 in ?? ()
#1 0x0000000000000007 in ?? ()
#2 0x0000000000000007 in ?? ()
#3 0x00007ffff7ffd000 in ?? () from /lib64/ld-linux-x86-64.so.2
#4 0x0000000000000000 in ?? ()
Thread 3 (Thread 0x7fffd2258710 (LWP 1118)):
#0 0x00007ffff202f63d in nanosleep () from /lib/libc.so.6
#1 0x00007ffff2059254 in usleep () from /lib/libc.so.6
#2 0x00007fffe5a50495 in XEventThread(void*) () from /usr/local/lib/dolphin-emu/libPlugin_VideoOGL.so
#3 0x00007ffff22ed894 in start_thread () from /lib/libpthread.so.0
#4 0x00007ffff205f27d in clone () from /lib/libc.so.6
Thread 2 (Thread 0x7fffe02aa710 (LWP 1051)):
#0 0x00007ffff2048dc7 in sched_yield () from /lib/libc.so.6
#1 0x00007ffff0770b8a in ?? () from /usr/lib/libnvidia-glcore.so.260.19.29
#2 0x00007ffff0770ccb in ?? () from /usr/lib/libnvidia-glcore.so.260.19.29
#3 0x00007ffff075def8 in ?? () from /usr/lib/libnvidia-glcore.so.260.19.29
#4 0x00007ffff0760697 in ?? () from /usr/lib/libnvidia-glcore.so.260.19.29
#5 0x00007ffff0779c1b in ?? () from /usr/lib/libnvidia-glcore.so.260.19.29
#6 0x00007ffff0691e2c in ?? () from /usr/lib/libnvidia-glcore.so.260.19.29
#7 0x00007ffff0739c74 in ?? () from /usr/lib/libnvidia-glcore.so.260.19.29
#8 0x00007ffff07167a2 in ?? () from /usr/lib/libnvidia-glcore.so.260.19.29
#9 0x00007ffff04c7803 in ?? () from /usr/lib/libnvidia-glcore.so.260.19.29
#10 0x00007ffff04c7a8a in ?? () from /usr/lib/libnvidia-glcore.so.260.19.29
#11 0x00007fffe5a5b4c4 in TextureConverter::EncodeToRamFromTexture(unsigned int, unsigned int, bool, bool, unsigned int, int, EFBRectangle const&) () from /usr/local/lib/dolphin-emu/libPlugin_VideoOGL.so
#12 0x00007fffe5a5a715 in OGL::TextureCache::TCacheEntry::FromRenderTarget(bool, bool, unsigned int, float const*, EFBRectangle const&, bool, unsigned int) () from /usr/local/lib/dolphin-emu/libPlugin_VideoOGL.so
#13 0x00007fffe5a7e81b in TextureCache::CopyRenderTargetToTexture(unsigned int, bool, bool, unsigned int, bool, EFBRectangle const&) () from /usr/local/lib/dolphin-emu/libPlugin_VideoOGL.so
#14 0x00007fffe5a6d0b6 in BPWritten(BPCmd const&) () from /usr/local/lib/dolphin-emu/libPlugin_VideoOGL.so
#15 0x00007fffe5a6c8f3 in LoadBPReg(unsigned int) () from /usr/local/lib/dolphin-emu/libPlugin_VideoOGL.so
#16 0x00007fffe5a73d85 in Decode() () from /usr/local/lib/dolphin-emu/libPlugin_VideoOGL.so
#17 0x00007fffe5a73efd in OpcodeDecoder_Run(bool) () from /usr/local/lib/dolphin-emu/libPlugin_VideoOGL.so
#18 0x00007fffe5a71b6c in Fifo_EnterLoop(SVideoInitialize const&) () from /usr/local/lib/dolphin-emu/libPlugin_VideoOGL.so
#19 0x00000000004d0e95 in Core::EmuThread(void*) ()
#20 0x00007ffff22ed894 in start_thread () from /lib/libpthread.so.0
#21 0x00007ffff205f27d in clone () from /lib/libc.so.6
Thread 1 (Thread 0x7ffff7f987a0 (LWP 658)):
#0 0x00007ffff20565c3 in poll () from /lib/libc.so.6
#1 0x00007ffff6437414 in wxapp_poll_func () from /usr/lib/libwx_gtk2u_core-2.8.so.0
#2 0x00007ffff310bae9 in g_main_context_iterate () from /usr/lib/libglib-2.0.so.0
#3 0x00007ffff310c21d in g_main_loop_run () from /usr/lib/libglib-2.0.so.0
#4 0x00007ffff54b7cc7 in gtk_main () from /usr/lib/libgtk-x11-2.0.so.0
#5 0x00007ffff644f218 in wxEventLoop::Run() () from /usr/lib/libwx_gtk2u_core-2.8.so.0
#6 0x00007ffff64d364b in wxAppBase::MainLoop() () from /usr/lib/libwx_gtk2u_core-2.8.so.0
#7 0x00007ffff5a2d89d in wxEntry(int&, wchar_t**) () from /usr/lib/libwx_baseu-2.8.so.0
#8 0x0000000000493fd2 in main ()
Hope that helps.
Updated by chadernook over 13 years ago
Thought this also might be useful.
(gdb) info registers
rax 0xf00c6099 4027343001
rbx 0x2300000000 150323855360
rcx 0x30000459 805307481
rdx 0x803d5160 2151502176
rsi 0x7fffd832d010 140736820596752
rdi 0x7165e699 1902503577
rbp 0x7165e699 0x7165e699
rsp 0x7fffd0802dd0 0x7fffd0802dd0
r8 0x7fffcc69edd0 140736622882256
r9 0x0 0
r10 0x84014846 2214676550
r11 0x47 71
r12 0x400 1024
r13 0x4 4
r14 0x803d51e0 2151502304
r15 0x7fffda32e010 140736854155280
rip 0x40c49838 0x40c49838
eflags 0x10246 [ PF ZF IF RF ]
cs 0x33 51
ss 0x2b 43
ds 0x0 0
es 0x0 0
fs 0x0 0
gs 0x0 0
fctrl 0x37f 895
fstat 0x20 32
ftag 0xffff 65535
fiseg 0x7fff 32767
fioff 0xf057ac14 -262689772
foseg 0x7fff 32767
fooff 0xe029dbd0 -534127664
fop 0x55c 1372
mxcsr 0x1fa2 [ DE PE IM DM ZM OM UM PM ]
Updated by BhaaL over 13 years ago
Is that using the JitIL core? I can't find any pattern that matches the generated ASM for Jit64...
Updated by chadernook over 13 years ago
It's not the JitIL core (the one that's marked experimental). Would the fact that I compiled this from source have upset things in any way?
Updated by BhaaL over 13 years ago
Shouldnt be a problem, others would be having the same issues otherwise.
On a second look, it seems to be SafeLoadToEAX, with the mov crashing at pc (0x40c49838) being UnsafeLoadToEAX (the fast path).
The question is where it comes from. Do you have more context before 0x40c49818 (the jmpq)?
Updated by chadernook over 13 years ago
0x40c49758: mov $0x83612d89,%edi
0x40c4975d: (bad)
0x40c4975e: mov $0x836305c7,%edi
0x40c49763: (bad)
0x40c49764: mov $0x4d410000,%edi
0x40c49769: movl $0x0,-0x402a7c43(%rip) # 0x9a1b30 <_ZN7PowerPC8ppcStateE+624>
0x40c49773: mov %r13d,-0x402a7c46(%rip) # 0x9a1b34 <_ZN7PowerPC8ppcStateE+628>
0x40c4977a: mov %r14d,-0x402a7c49(%rip) # 0x9a1b38 <_ZN7PowerPC8ppcStateE+632>
0x40c49781: movl $0x4d415432,-0x402a7c4f(%rip) # 0x9a1b3c <_ZN7PowerPC8ppcStateE+636>
0x40c4978b: subl $0xf,-0x4030216e(%rip) # 0x947624 <_ZN10CoreTiming9downcountE>
0x40c49792: jmpq 0x40c497a4
0x40c49797: mov $0x80336e88,%edi
0x40c4979c: jmpq 0x42a00027
0x40c497a1: int3
0x40c497a2: int3
0x40c497a3: int3
0x40c497a4: ja 0x40c497b5
0x40c497a6: movl $0x80336e88,-0x402a7a70(%rip) # 0x9a1d40 <_ZN7PowerPC8ppcStateE+1152>
0x40c497b0: jmpq 0x42a00085
0x40c497b5: mov -0x402a7c8b(%rip),%ebp # 0x9a1b30 <_ZN7PowerPC8ppcStateE+624>
0x40c497bb: cmp -0x402a7c99(%rip),%ebp # 0x9a1b28 <_ZN7PowerPC8ppcStateE+616>
0x40c497c1: jb 0x40c497d7
0x40c497c3: ja 0x40c497ce
0x40c497c5: movb $0x2,-0x402a7a80(%rip) # 0x9a1d4c <_ZN7PowerPC8ppcStateE+1164>
0x40c497cc: jmp 0x40c497f4
0x40c497ce: movb $0x4,-0x402a7a89(%rip) # 0x9a1d4c <_ZN7PowerPC8ppcStateE+1164>
0x40c497d5: jmp 0x40c497f4
0x40c497d7: movb $0x8,-0x402a7a92(%rip) # 0x9a1d4c <_ZN7PowerPC8ppcStateE+1164>
0x40c497de: subl $0x2,-0x403021c1(%rip) # 0x947624 <_ZN10CoreTiming9downcountE>
0x40c497e5: jmpq 0x40c4980c
0x40c497ea: mov $0x80336d04,%edi
0x40c497ef: jmpq 0x42a00027
0x40c497f4: subl $0x2,-0x403021d7(%rip) # 0x947624 <_ZN10CoreTiming9downcountE>
0x40c497fb: jmpq 0x40c66a0c
0x40c49800: mov $0x80336e90,%edi
0x40c49805: jmpq 0x42a00027
0x40c4980a: int3
0x40c4980b: int3
0x40c4980c: ja 0x40c4981d
0x40c4980e: movl $0x80336d04,-0x402a7ad8(%rip) # 0x9a1d40 <_ZN7PowerPC8ppcStateE+1152>
0x40c49818: jmpq 0x42a00085
0x40c4981d: mov -0x402a7cef(%rip),%edi # 0x9a1b34 <_ZN7PowerPC8ppcStateE+628>
0x40c49823: add $0x0,%edi
0x40c49829: test $0xc000000,%edi
0x40c4982f: je 0x40c49838
0x40c49831: callq 0x4050017a
0x40c49836: jmp 0x40c4983e
0x40c49838: mov 0x0(%rbx,%rdi,1),%eax
Few more instructions at the beginning where the segfault seems to be at 0x40c49838. I assume that '(bad)' means it's disassembling into a data region.
Updated by chadernook over 13 years ago
No, the (bad) is the x86 variable opcode length corrupting the top of the disassembly.
Sorry, been a while.
0x40c495dd: jmp 0x40c495e5
0x40c495df: mov 0x0(%rbx,%rdi,1),%eax
0x40c495e3: bswap %eax
0x40c495e5: mov %eax,-0x402a7b1f(%rip) # 0x9a1acc <_ZN7PowerPC8ppcStateE+524>
0x40c495eb: movl $0x80336cc8,-0x402a7831(%rip) # 0x9a1dc4 <_ZN7PowerPC8ppcStateE+1284>
0x40c495f5: mov %ebp,-0x402a7b3b(%rip) # 0x9a1ac0 <_ZN7PowerPC8ppcStateE+512>
0x40c495fb: subl $0x4,-0x40301fde(%rip) # 0x947624 <_ZN10CoreTiming9downcountE>
0x40c49602: jmpq 0x40c493cc
0x40c49607: int3
0x40c49608: ja 0x40c49619
0x40c4960a: movl $0x80336cc8,-0x402a78d4(%rip) # 0x9a1d40 <_ZN7PowerPC8ppcStateE+1152>
0x40c49614: jmpq 0x42a00085
0x40c49619: mov -0x402a7af3(%rip),%edi # 0x9a1b2c <_ZN7PowerPC8ppcStateE+620>
0x40c4961f: add $0x4,%edi
0x40c49625: test $0xc000000,%edi
0x40c4962b: je 0x40c49634
0x40c4962d: callq 0x4050017a
0x40c49632: jmp 0x40c4963a
0x40c49634: mov 0x0(%rbx,%rdi,1),%eax
0x40c49638: bswap %eax
0x40c4963a: mov %eax,-0x402a7b74(%rip) # 0x9a1acc <_ZN7PowerPC8ppcStateE+524>
0x40c49640: mov -0x402a7b7a(%rip),%edx # 0x9a1acc <_ZN7PowerPC8ppcStateE+524>
0x40c49646: mov -0x402a7b28(%rip),%ecx # 0x9a1b24 <_ZN7PowerPC8ppcStateE+612>
0x40c4964c: add $0x4,%edx
0x40c49652: test $0xc000000,%edx
0x40c49658: je 0x40c49667
0x40c4965a: mov %rcx,%rdi
0x40c4965d: mov %rdx,%rsi
0x40c49660: callq 0x40500162
0x40c49665: jmp 0x40c4966d
0x40c49667: bswap %ecx
0x40c49669: mov %ecx,0x0(%rbx,%rdx,1)
0x40c4966d: mov -0x402a7b47(%rip),%edi # 0x9a1b2c <_ZN7PowerPC8ppcStateE+620>
0x40c49673: add $0x4,%edi
0x40c49679: test $0xc000000,%edi
0x40c4967f: je 0x40c49688
0x40c49681: callq 0x4050017a
0x40c49686: jmp 0x40c4968e
0x40c49688: mov 0x0(%rbx,%rdi,1),%eax
0x40c4968c: bswap %eax
0x40c4968e: mov %eax,-0x402a7bc8(%rip) # 0x9a1acc <_ZN7PowerPC8ppcStateE+524>
0x40c49694: mov -0x402a7bce(%rip),%edx # 0x9a1acc <_ZN7PowerPC8ppcStateE+524>
0x40c4969a: mov $0x0,%ecx
0x40c496a0: add $0x1c,%edx
0x40c496a6: test $0xc000000,%edx
0x40c496ac: je 0x40c496bb
0x40c496ae: mov %rcx,%rdi
0x40c496b1: mov %rdx,%rsi
0x40c496b4: callq 0x40500162
0x40c496b9: jmp 0x40c496c1
0x40c496bb: bswap %ecx
0x40c496bd: mov %ecx,0x0(%rbx,%rdx,1)
0x40c496c1: mov -0x402a7b9b(%rip),%edi # 0x9a1b2c <_ZN7PowerPC8ppcStateE+620>
0x40c496c7: add $0x4,%edi
0x40c496cd: test $0xc000000,%edi
0x40c496d3: je 0x40c496dc
0x40c496d5: callq 0x4050017a
0x40c496da: jmp 0x40c496e2
0x40c496dc: mov 0x0(%rbx,%rdi,1),%eax
0x40c496e0: bswap %eax
0x40c496e2: mov %eax,-0x402a7c1c(%rip) # 0x9a1acc <_ZN7PowerPC8ppcStateE+524>
0x40c496e8: mov -0x402a7c22(%rip),%ebp # 0x9a1acc <_ZN7PowerPC8ppcStateE+524>
0x40c496ee: add $0x58,%ebp
0x40c496f4: mov -0x402a7bce(%rip),%edx # 0x9a1b2c <_ZN7PowerPC8ppcStateE+620>
0x40c496fa: mov %ebp,%ecx
0x40c496fc: add $0x8,%edx
0x40c49702: test $0xc000000,%edx
0x40c49708: je 0x40c49717
0x40c4970a: mov %rcx,%rdi
0x40c4970d: mov %rdx,%rsi
0x40c49710: callq 0x40500162
0x40c49715: jmp 0x40c4971d
0x40c49717: bswap %ecx
0x40c49719: mov %ecx,0x0(%rbx,%rdx,1)
0x40c4971d: mov -0x402a7c00(%rip),%r13d # 0x9a1b24 <_ZN7PowerPC8ppcStateE+612>
0x40c49724: add $0x20,%r13d
0x40c4972b: mov -0x402a7c0a(%rip),%r14d # 0x9a1b28 <_ZN7PowerPC8ppcStateE+616>
0x40c49732: mov -0x402a7c14(%rip),%edi # 0x9a1b24 <_ZN7PowerPC8ppcStateE+612>
0x40c49738: add $0xc,%edi
0x40c4973e: test $0xc000000,%edi
0x40c49744: je 0x40c4974d
0x40c49746: callq 0x4050017a
0x40c4974b: jmp 0x40c49753
0x40c4974d: mov 0x0(%rbx,%rdi,1),%eax
0x40c49751: bswap %eax
0x40c49753: mov %eax,-0x402a7c31(%rip) # 0x9a1b28 <_ZN7PowerPC8ppcStateE+616>
0x40c49759: mov %ebp,-0x402a7c9f(%rip) # 0x9a1ac0 <_ZN7PowerPC8ppcStateE+512>
0x40c4975f: movl $0x4d410000,-0x402a7c9d(%rip) # 0x9a1acc <_ZN7PowerPC8ppcStateE+524>
0x40c49769: movl $0x0,-0x402a7c43(%rip) # 0x9a1b30 <_ZN7PowerPC8ppcStateE+624>
0x40c49773: mov %r13d,-0x402a7c46(%rip) # 0x9a1b34 <_ZN7PowerPC8ppcStateE+628>
0x40c4977a: mov %r14d,-0x402a7c49(%rip) # 0x9a1b38 <_ZN7PowerPC8ppcStateE+632>
0x40c49781: movl $0x4d415432,-0x402a7c4f(%rip) # 0x9a1b3c <_ZN7PowerPC8ppcStateE+636>
0x40c4978b: subl $0xf,-0x4030216e(%rip) # 0x947624 <_ZN10CoreTiming9downcountE>
0x40c49792: jmpq 0x40c497a4
0x40c49797: mov $0x80336e88,%edi
0x40c4979c: jmpq 0x42a00027
0x40c497a1: int3
0x40c497a2: int3
0x40c497a3: int3
0x40c497a4: ja 0x40c497b5
0x40c497a6: movl $0x80336e88,-0x402a7a70(%rip) # 0x9a1d40 <_ZN7PowerPC8ppcStateE+1152>
0x40c497b0: jmpq 0x42a00085
0x40c497b5: mov -0x402a7c8b(%rip),%ebp # 0x9a1b30 <_ZN7PowerPC8ppcStateE+624>
0x40c497bb: cmp -0x402a7c99(%rip),%ebp # 0x9a1b28 <_ZN7PowerPC8ppcStateE+616>
0x40c497c1: jb 0x40c497d7
0x40c497c3: ja 0x40c497ce
0x40c497c5: movb $0x2,-0x402a7a80(%rip) # 0x9a1d4c <_ZN7PowerPC8ppcStateE+1164>
0x40c497cc: jmp 0x40c497f4
0x40c497ce: movb $0x4,-0x402a7a89(%rip) # 0x9a1d4c <_ZN7PowerPC8ppcStateE+1164>
0x40c497d5: jmp 0x40c497f4
0x40c497d7: movb $0x8,-0x402a7a92(%rip) # 0x9a1d4c <_ZN7PowerPC8ppcStateE+1164>
0x40c497de: subl $0x2,-0x403021c1(%rip) # 0x947624 <_ZN10CoreTiming9downcountE>
0x40c497e5: jmpq 0x40c4980c
0x40c497ea: mov $0x80336d04,%edi
0x40c497ef: jmpq 0x42a00027
0x40c497f4: subl $0x2,-0x403021d7(%rip) # 0x947624 <_ZN10CoreTiming9downcountE>
0x40c497fb: jmpq 0x40c66a0c
0x40c49800: mov $0x80336e90,%edi
0x40c49805: jmpq 0x42a00027
0x40c4980a: int3
0x40c4980b: int3
0x40c4980c: ja 0x40c4981d
0x40c4980e: movl $0x80336d04,-0x402a7ad8(%rip) # 0x9a1d40 <_ZN7PowerPC8ppcStateE+1152>
0x40c49818: jmpq 0x42a00085
0x40c4981d: mov -0x402a7cef(%rip),%edi # 0x9a1b34 <_ZN7PowerPC8ppcStateE+628>
0x40c49823: add $0x0,%edi
0x40c49829: test $0xc000000,%edi
0x40c4982f: je 0x40c49838
0x40c49831: callq 0x4050017a
0x40c49836: jmp 0x40c4983e
0x40c49838: mov 0x0(%rbx,%rdi,1),%eax
Updated by chadernook over 13 years ago
On a related note, with the MMU and EFB options selected with the interpreter core, it gave me:
Program tried to read an opcode from [00000000]. It has crashed.
Updated by BhaaL over 13 years ago
Looks like I got two possible culprits: Either lXXx or lfs.
Please run Dolphin with "-d" and use the debugger menu to disable the following instructions, one at a time:
- lfs: LoadStoreFloating
- lXXx: LoadStore lbzx, lXz and lwz
If either of those work, please tell us.
Updated by chadernook over 13 years ago
lwz off gives:
ERROR : Trying to compile at 0. LR=00000001
But the segfault is prevented.
I still have not found any solution which enables progression beyond the load screen though.
Updated by BhaaL over 13 years ago
Hmm, has this game ever run on Dolphin? I'm getting the impression of a bad dump or something, when even the interpreter core crashes.
Either way, this one isnt going to be easy to debug/fix without the actual game, since we'd have to go backwards from the crashing lwz instruction to the place where PC becomes 0x00000000 by branching, calling or other means.
Updated by chadernook over 13 years ago
I agree, too much effort and it is likely just a bad dump. I'll see if I can obtain another and verify this.
Updated by chadernook over 13 years ago
Sorted and working. Bad dump had MD5:5db1193da270888efec0dc34e0428c7d, good working one had MD5:b130d78bb78cd63b501ddff210fde498.
Updated by BhaaL over 13 years ago
- Status changed from Questionable to Invalid
"Good" to hear that its not Dolphins fault. Either way, it's fun to work backwards from what Dolphin does to where it does things :)