Today PlayStation 3 developer Jon Rocatis has [Register or Login to view links] news of a Spusim clone called Sputnik Cell / SPU Pipeline Viewer, which is useful for those into low-level SPU analysis and optimization of PS3 object and ELF files.
Download: [Register or Login to view links] (Windows) / [Register or Login to view links] / [Register or Login to view links] (MAC)
To quote: Sputnik is a Cell/SPU Pipeline viewer. According to Wikipedia Sputnik means “co-traveler” or “traveling companion” and I hope Sputnik will be accompanying you on your future SPU coding adventures!
It’s somewhat of a clone of IBM’s spusim tool. That tool has some things that annoys me and is lacking some features that I would like, so I ended up writing my own!
First of all spusim locks the files you have loaded which is annoying – also it has no recent-files or anything like that. Sputnik has that and will even auto-load the most recently opened file at startup and go to the function you looked at last. Sputnik is able to load both object files and ELF-files.
Sputnik also has a lot of statistics regarding the schedule so you can easily get an idea about the performance and potential of your loops. It also shows you lots of register stats that can be helpful to judge if you have enough registers for unrolling.
Right now scheduling does not cross blocks which I believe is different from how spusim does it. Sometimes that causes spusim to show a stall going into a loop and then that stall becomes part of the loop which is not right either. Since the focus of Sputnik is to analyze loops I think it is better doing it my way. That said, Sputnik does not schedule from bottom of the loop through the branch itself. I’m not sure to visualize this anyway – if you have any ideas, let me know
Sputnik in action
It works bascially just like spusim does, but in case you don’t know that tool here are quick usage notes:
- Double clicking on a function in the function browser shows it in the pipeline-view.
- Hovering the mouse over a ‘pipeline block’ highlights it in yellow and shows stats for that block in the info window at the bottom.
- Click and hold on a register in an instruction will highlight that register in the entire pipeline-view.
- Clicking on an instruction (name) in the pipeline view will show the instructions that instruction depends on and the instruction that depend on it.
- Tool-tip in the pipeline view shows you instruction name and latency info.
Window positions and sizes are remembered across restarts. If you need more space for the pipeline-view you can collapse the function-browser and schedule-info.
My plan is to open-source this tool – I just want to clean it up a little before I do so.
That’s about it. Let me know what you think in the comments or on twitter jonrocatis
- Double precision stalls are not handled.
- Need to do something with branches. I’m not sure what.
- Saving of which function you looked at last doesn’t really work.
- 2-aug-2011. Small GUI fixes. Hovering over a function header show combined stats for all the blocks in that function. Made handy ‘iterations’-stats.
- 27-july-2011. Build 2. Fixed some crash bugs.
- 26-july-2011. First release.
Finall, in related news PlayStation 3 developer naehrwert has blogged (nwert.wordpress.com/2011/11/29/about-spu-channels-64-72-and-73/) recently on About SPU channels 64, 72 and 73 as follows:
If you are reversing the PS3′s isolated SPU modules, you will eventually notice channels 64, 72 and 73. Here are some C functions, that roughly describe how they work:
It seems that lv1ldr is storing it’s version into a special storage area.
01 void read_ch73(u32 skip, u32 *buf, u32 len)
03 u32 i;
04 spu_wrch(64, 0x10000);
05 for(i = 0; i < skip; i++)
07 for(i = 0; i < len; i++)
08 buf[i] = spu_rdch(73);
11 void write_ch72(u32 skip, u32 *buf, u32 len)
13 u32 i:
14 spu_wrch(64, 0x10000);
15 for(i = 0; i < skip; i++)
16 spu_wrch(72, spu_rdch(73));
17 for(i = 0; i < len; i++)
18 spu_wrch(72, buf[i]);
And e.g. isoldr reads the version from the storage area and compares it to it’s own version. If the check fails, isoldr will just stop execution.
1 s64 lv1ldr_main(...)
4 u64 ldr_ver = 0x0003004100000000;
5 write_ch72(0, &ldr_ver, 2);
I wonder what else is stored in the area and how long the data in it persists, so my next idea is to code an isolated elf, that allows me to specify the value written to channel 64 and then dumps the data from channel 73.
01 s64 check_version(u64 ldr_ver)
03 u64 stored_ver;
04 read_ch73(0, &stored_ver, 2);
08 s64 load_isoself(...)
10 ldr_ver = 0x0003004100000000;
11 if(check_version(ldr_ver) != 0)
12 return 0x30;
Finally, in related PS3 homebrew news nicogrx has made available a VNC Viewer for the PS3 with details below, to quote:
Download: [Register or Login to view links] / [Register or Login to view links] by troy1 (EBOOT.bin resigned for 4.30, tested working on Rogero 4.30 v2.05 and Rebug 4.30.2, copy EBOOT.bin to dev_hdd0/game/VNC0VIEWE/USRDIR/EBOOT.bin)
A very basic vnc viewer for the ps3. Did that stuff 2 years ago for my personal usage and i finally decided to share it. Works fine when connected to my ubuntu box running vnc4server. It run slower when connected to a windows 7 machine. Do not ask me why
Only 32bpp mode is supported with hextile, rre, copyrect & raw rfb encodings. There are probably many things to improve in the code to get it running faster but i have no time to spend on that right now. I might release the code on github if somebody request it.
Use a usb mouse & keyboard for a better experience. Of course, it is provided “as is” without warranty of any kind. Enjoy.
PS: Thanks to the great guys that brought the psl1ght toolchain and the SDL porting to the open community.
More PlayStation 3 News...