Emulator Issues #448
closed
Metroid Prime 1 crashes as soon as I try to move or shoot
0%
Description
What steps will reproduce the problem?
- Fire up Dolphin, load Metroid Prime
- Wait until intro sequence finishes and until the HUD appears.
- Try to walk around or shoot, by using the corresponding keys on the
controller.
What is the expected output? What do you see instead?
I expected that Samus would walk around or shoot. Instead, Dolphin
immediately crashes. This doesn't seem to happen when I try the Z-button to
see the map etcetera, but occasionally it does happen when I try the R-button.
What version of the product are you using? On what operating system?
r1716, with USE_JIT undef'd in VertexLoader.cpp (otherwise, MP won't start
at all), on a x86_64 system (with an nVidia GeForce 7600 GS) running Debian
GNU/Linux lenny (Linux 2.6.26-1).
Compiled with flavour fastlog, and got the following output from
DolphinNoGUI u:
Last PC = 812fffc8 : stmw r8, -0x1DFE (r20)
== STACK TRACE - SP = 80481608 ==
- --- [ addr = 8000e7c8 ]
- --- [ addr = 8000c2c4 ]
- --- [ addr = 8000ba90 ]
- --- [ addr = 8004bd6c ]
- --- [ addr = 800260e0 ]
- --- [ addr = 80053290 ]
- --- [ addr = 800535c0 ]
- --- [ addr = 800073f0 ]
- --- [ addr = 800055b0 ]
- --- [ addr = 80008a58 ]
- --- [ addr = 80003274 ]
IntCPU: Unknown instr fa4ce44d at PC = 8000fa1c last_PC = 812fffc8 LR =
8000fa1c
Updated by ilja.korsun over 15 years ago
This is annoying indeed.
You can "fix" this if you enable "safe texture caching"-something in the OpenGL options.
However you wont be able to come far in MP1, i got many crashes at the Space Station.
Updated by tinctorius over 15 years ago
Unfortunately, I can't get into the OpenGL options (it just doesn't seem to do anything).
I tried adding "SafeTextureCache = true" in a section "Settings" to Dolphin.ini, to
no avail.
Updated by kurtis.ferry over 15 years ago
Metroid prime one DOES work fine using revision 1449 with safe texture catch (in adv
options of graphics). Only works with openGL as far as i know.
Although metroid seems to fail with later revisions.
Strid3r
Updated by tinctorius over 15 years ago
Related to issue 423. I trapped the error with gdb (SIGSEGV at 0x4114ff03d) and
dumped the JIT'ed code to a file. This is what I found:
(... rest of JIT code ...)
414ff02f: 8b 44 03 00 mov 0x0(%rbx,%rax,1),%eax
414ff033: f7 c0 fc 00 00 00 test $0xfc,%eax
414ff039: 75 07 jne 0x414ff042
414ff03b: 0f c8 bswap %eax
414ff03d: 41 ff 64 c7 00 jmpq *0x0(%r15,%rax,8)
(... rest of JIT code ...)
I guess that bswap is supposed to be performed on %rax. Since I can't figure out
which part of the JIT is malfunctioning here, I'll post the disassembly of the whole
function (manually modified objdump output to be a bit shorter; objdump was invoked
as objdump -D -m i386 -M x86-64 -b binary --adjust-vma 0x414ff000
/tmp/metroid_crash.bin):
414ff000: 53 push %rbx
414ff001: 55 push %rbp
414ff002: 41 54 push %r12
414ff004: 41 55 push %r13
414ff006: 41 56 push %r14
414ff008: 41 57 push %r15
414ff00a: 41 57 push %r15
414ff00c: 48 bb 00 00 00 00 23 00 00 00 mov $0x2300000000,%rbx
414ff016: 49 bf 50 c2 fc 00 00 00 00 00 mov $0xfcc250,%r15
414ff020: e8 ff ea f6 be callq 0x46db24
414ff025: eb 02 jmp 0x414ff029
414ff027: 76 50 jbe 0x414ff079
414ff029: 8b 05 91 b1 32 bf mov -0x40cd4e6f(%rip),%eax # 0x82a1c0
414ff02f: 8b 44 03 00 mov 0x0(%rbx,%rax,1),%eax
414ff033: f7 c0 fc 00 00 00 test $0xfc,%eax
414ff039: 75 07 jne 0x414ff042
414ff03b: 0f c8 bswap %eax
414ff03d: 41 ff 64 c7 00 jmpq *0x0(%r15,%rax,8)
414ff042: 8b 3d 78 b1 32 bf mov -0x40cd4e88(%rip),%edi # 0x82a1c0
414ff048: e8 81 9d fb be callq 0x4b8dce
414ff04d: eb da jmp 0x414ff029
414ff04f: cc int3
414ff050: 8b 05 6a b1 32 bf mov -0x40cd4e96(%rip),%eax # 0x82a1c0
414ff056: 89 05 68 b1 32 bf mov %eax,-0x40cd4e98(%rip) # 0x82a1c4
414ff05c: 81 0d 76 b1 32 bf 40 00 00 00 orl $0x40,-0x40cd4e8a(%rip) #
0x82a1dc
414ff066: e8 8d f4 f9 be callq 0x49e4f8
414ff06b: 8b 05 53 b1 32 bf mov -0x40cd4ead(%rip),%eax # 0x82a1c4
414ff071: 89 05 49 b1 32 bf mov %eax,-0x40cd4eb7(%rip) # 0x82a1c0
414ff077: eb ae jmp 0x414ff027
414ff079: e8 a6 ea f6 be callq 0x46db24
414ff07e: f7 05 54 b1 32 bf ff ff ff ff testl $0xffffffff,-0x40cd4eac(%rip)
0x82a1dc¶
414ff088: 74 1d je 0x414ff0a7
414ff08a: 8b 05 30 b1 32 bf mov -0x40cd4ed0(%rip),%eax # 0x82a1c0
414ff090: 89 05 2e b1 32 bf mov %eax,-0x40cd4ed2(%rip) # 0x82a1c4
414ff096: e8 5d f4 f9 be callq 0x49e4f8
414ff09b: 8b 05 23 b1 32 bf mov -0x40cd4edd(%rip),%eax # 0x82a1c4
414ff0a1: 89 05 19 b1 32 bf mov %eax,-0x40cd4ee7(%rip) # 0x82a1c0
414ff0a7: f7 05 93 08 2b bf ff ff ff ff testl $0xffffffff,-0x40d4f76d(%rip)
0x7af944¶
414ff0b1: 0f 84 69 ff ff ff je 0x414ff020
414ff0b7: 41 5f pop %r15
414ff0b9: 41 5f pop %r15
414ff0bb: 41 5e pop %r14
414ff0bd: 41 5d pop %r13
414ff0bf: 41 5c pop %r12
414ff0c1: 5d pop %rbp
414ff0c2: 5b pop %rbx
414ff0c3: c3 retq
414ff0c4: 41 5f pop %r15
414ff0c6: 41 5f pop %r15
414ff0c8: 41 5e pop %r14
414ff0ca: 41 5d pop %r13
414ff0cc: 41 5c pop %r12
414ff0ce: 5d pop %rbp
414ff0cf: 5b pop %rbx
414ff0d0: c3 retq
Updated by tinctorius over 15 years ago
In short: I guess it's not a game issue, more of a JIT issue.
Updated by tinctorius over 15 years ago
Found the generator: it crashes in code generated by AsmRoutineManager::Generate().
Using BSWAP on %rax only made things worse, but I'm now trying to find out the
register values.
The nature of the crashes seem pretty random though. Sometimes they're just hangs
(emulator thread is trying to create a MsgAlert from Memory:CheckDTLB, but got stuck
in the process... perhaps a dupe of issue 103), sometimes these segfaults.
Updated by tinctorius over 15 years ago
Duplicate of issue 266. Enabling Safe Texture Cache did help for this particular type
of crashes.
Updated by