MAMEWorld Central >> News
View all threads Index   Threaded Mode Threaded  

Pages: 1

B2K24
Evolution is a mystery
Reged: 10/25/10
Posts: 2429
Send PM


Haze: DS5002FP Dumping
#367937 - 07/17/17 04:12 PM


https://mamedev.emulab.it/haze/2017/07/17/ds5002fp-dumping/






agard
MAME Fan
Reged: 08/04/13
Posts: 75
Send PM


Re: Haze: DS5002FP Dumping new [Re: B2K24]
#367940 - 07/17/17 05:57 PM


Nice write up Haze & Thanks to all involved & i'm sure The Mame Team will get more boards sent to dump before they all go bad.
Cant wait to fully play World Rally 2 & nice tracking down the bad code. Thanks



CTOJAH
MAME Addict
Reged: 07/13/10
Posts: 862
Loc: Macedonia,Veles
Send PM


Re: Haze: DS5002FP Dumping new [Re: B2K24]
#367942 - 07/17/17 07:15 PM


This reminds me of Raiden II and long termed "impossible to emulate" situation. Thanks to MAME team, Gaelco games will be fully preserved & emulated sooner or later...

P.S. Just to spread the word :
Haze needs a video of the real machine's Thunder Hoop for comparing/better understanding the game.
Any good Thunder Hoop (1) players with a PCB?



MooglyGuy
Renegade MAME Dev
Reged: 09/01/05
Posts: 1492
Send PM


Re: Haze: DS5002FP Dumping new [Re: CTOJAH]
#367945 - 07/17/17 08:12 PM


> This reminds me of Raiden II and long termed "impossible to emulate" situation.

Except while Raiden II has gradually been made playable due to Kale's hard work, I don't think anyone knows with 100% certainty whether the Seibu COP emulation is 100% correct or not. There could be any number of subtle issues in rarely-used code paths. The worst thing is that by all accounts, the Seibu COP isn't a microcontroller and doesn't appear to have internal ROM, it's just a huge gate array which could be doing basically anything.

It's a testament to Kale's tenacity and intelligence that Raiden II is as playable as it is, but short of someone doing comprehensive trojaning of the results that the Seibu COP sends back for various commands, I think the "impossible" label for Raiden II and associated games is still rather apt.

To be honest, I would consider the new DS5002FP dumping effort to be in the same realm of not-quite-100% as Seibu COP, since I seem to recall Haze pointing out that none of these games do any checksums on the contents of the DS5002FP's RAM - so the only way to determine whether the dump is good or not is to simply try it in MAME and see whether or not it fails to work correctly. Then there's the additional layer of uncertainty of whether or not any misbehavior might be due to inaccuracies in MAME's 8051 core, as opposed to inaccuracies in the dumps.

Nonetheless, it's still an absolutely amazing accomplishment, and both Peter and Morten deserve all of our congratulations. But make no mistake, this is hardly the final chapter in this particular story. Rather than closing the book, it opens new doors to explore.



Haze
Reged: 09/23/03
Posts: 4334
Send PM


Re: Haze: DS5002FP Dumping new [Re: MooglyGuy]
#367947 - 07/17/17 08:58 PM


> > This reminds me of Raiden II and long termed "impossible to emulate" situation.
>
> Except while Raiden II has gradually been made playable due to Kale's hard work, I
> don't think anyone knows with 100% certainty whether the Seibu COP emulation is 100%
> correct or not. There could be any number of subtle issues in rarely-used code paths.
> The worst thing is that by all accounts, the Seibu COP isn't a microcontroller and
> doesn't appear to have internal ROM, it's just a huge gate array which could be doing
> basically anything.
>
> It's a testament to Kale's tenacity and intelligence that Raiden II is as playable as
> it is, but short of someone doing comprehensive trojaning of the results that the
> Seibu COP sends back for various commands, I think the "impossible" label for Raiden
> II and associated games is still rather apt.
>
> To be honest, I would consider the new DS5002FP dumping effort to be in the same
> realm of not-quite-100% as Seibu COP, since I seem to recall Haze pointing out that
> none of these games do any checksums on the contents of the DS5002FP's RAM - so the
> only way to determine whether the dump is good or not is to simply try it in MAME and
> see whether or not it fails to work correctly. Then there's the additional layer of
> uncertainty of whether or not any misbehavior might be due to inaccuracies in MAME's
> 8051 core, as opposed to inaccuracies in the dumps.
>
> Nonetheless, it's still an absolutely amazing accomplishment, and both Peter and
> Morten deserve all of our congratulations. But make no mistake, this is hardly the
> final chapter in this particular story. Rather than closing the book, it opens new
> doors to explore.

Raiden 2 in the end was mostly OG, although we managed to correlate a lot of what was found by Kale for the other games so implementations are mostly shared, various bugs were fixed along the way by doing this.

Seibu COP is something that has been worked on by a lot of people over the years tho, there are still contributions I made to that (eg. the finer details of some of the collisions based on extensive feedback from Raiden 2 players who knew exactly how big and where the hitboxes should be for each power-up level of ship as you can't pass through certain patterns fully-powered as you have a hitbox that is slightly bigger too)

Unfortunately, no, Gaelco didn't checksum any of this, and the chips are going bad, so until we've got 2 of each game secured it's actually a bit of a risk releasing anybody because we're already seeing people jump on the 'going to buy up bad boards and reprogram them' bandwagon (and obviously a reprogrammed board doesn't help verify at all)

The DS5002FP even has a checksum function in hardware where you can program a checksum into it, have the bootstrap check it, and wipe sram / put it back in programming mode if the data becomes corrupt, however, it doesn't appear to be used here, hence why instead we're seeing games where some of the ram bits have gone flakey.



Master O
Yes, Even Parodius Music
Reged: 11/20/06
Posts: 1128
Send PM


Re: Haze: DS5002FP Dumping new [Re: Haze]
#367950 - 07/17/17 11:39 PM


> > > This reminds me of Raiden II and long termed "impossible to emulate" situation.
> >
> > Except while Raiden II has gradually been made playable due to Kale's hard work, I
> > don't think anyone knows with 100% certainty whether the Seibu COP emulation is
> 100%
> > correct or not. There could be any number of subtle issues in rarely-used code
> paths.
> > The worst thing is that by all accounts, the Seibu COP isn't a microcontroller and
> > doesn't appear to have internal ROM, it's just a huge gate array which could be
> doing
> > basically anything.
> >
> > It's a testament to Kale's tenacity and intelligence that Raiden II is as playable
> as
> > it is, but short of someone doing comprehensive trojaning of the results that the
> > Seibu COP sends back for various commands, I think the "impossible" label for
> Raiden
> > II and associated games is still rather apt.
> >
> > To be honest, I would consider the new DS5002FP dumping effort to be in the same
> > realm of not-quite-100% as Seibu COP, since I seem to recall Haze pointing out that
> > none of these games do any checksums on the contents of the DS5002FP's RAM - so the
> > only way to determine whether the dump is good or not is to simply try it in MAME
> and
> > see whether or not it fails to work correctly. Then there's the additional layer of
> > uncertainty of whether or not any misbehavior might be due to inaccuracies in
> MAME's
> > 8051 core, as opposed to inaccuracies in the dumps.
> >
> > Nonetheless, it's still an absolutely amazing accomplishment, and both Peter and
> > Morten deserve all of our congratulations. But make no mistake, this is hardly the
> > final chapter in this particular story. Rather than closing the book, it opens new
> > doors to explore.
>
> Raiden 2 in the end was mostly OG, although we managed to correlate a lot of what was
> found by Kale for the other games so implementations are mostly shared, various bugs
> were fixed along the way by doing this.
>
> Seibu COP is something that has been worked on by a lot of people over the years tho,
> there are still contributions I made to that (eg. the finer details of some of the
> collisions based on extensive feedback from Raiden 2 players who knew exactly how big
> and where the hitboxes should be for each power-up level of ship as you can't pass
> through certain patterns fully-powered as you have a hitbox that is slightly bigger
> too)

I hear there are still several QFPs for Raiden II that need to be possibly decapped. Would that help with the emulation or are those gate arrays without ROMs?

http://arcade.vastheman.com/decap/


Quote:



? QFP Raiden 2 SEI360
? QFP Raiden 2 SEI1000
? QFP Raiden 2 SEI252
? QFP Raiden 2 SIE150
? QFP Raiden 2 SEI0200





"Note to Noobs:

We are glad to help you but simply posting that something does not work is not going to lead to you getting help. The more information you can supply defining your problem, the less likely it will be that you will get smart-alec replies.

C.D.~"



AJR Hacker
MAME Fan
Reged: 02/01/16
Posts: 35
Send PM


Re: Haze: DS5002FP Dumping new [Re: Master O]
#367990 - 07/19/17 02:49 AM



Quote:


I hear there are still several QFPs for Raiden II that need to be possibly decapped. Would that help with the emulation or are those gate arrays without ROMs?




Virtually all of Seibu's custom-marked support chips are believed to be gate arrays of some kind. One exception is the T5812 that served as a sound MCU in a few of their 1980s games, but the "decap" of that chip to extract its ROM turned out to be a trivial operation.

Some people have conjectured that SEI1000 contains some internal math tables for trigonometry since the external COP ROM only contains tables for quotients and square roots, but that's the very last thing expected to help emulation with taming that beast.



Master O
Yes, Even Parodius Music
Reged: 11/20/06
Posts: 1128
Send PM


Re: Haze: DS5002FP Dumping new [Re: Haze]
#368063 - 07/20/17 11:44 PM


> > > This reminds me of Raiden II and long termed "impossible to emulate" situation.
> >
> > Except while Raiden II has gradually been made playable due to Kale's hard work, I
> > don't think anyone knows with 100% certainty whether the Seibu COP emulation is
> 100%
> > correct or not. There could be any number of subtle issues in rarely-used code
> paths.
> > The worst thing is that by all accounts, the Seibu COP isn't a microcontroller and
> > doesn't appear to have internal ROM, it's just a huge gate array which could be
> doing
> > basically anything.
> >
> > It's a testament to Kale's tenacity and intelligence that Raiden II is as playable
> as
> > it is, but short of someone doing comprehensive trojaning of the results that the
> > Seibu COP sends back for various commands, I think the "impossible" label for
> Raiden
> > II and associated games is still rather apt.
> >
> > To be honest, I would consider the new DS5002FP dumping effort to be in the same
> > realm of not-quite-100% as Seibu COP, since I seem to recall Haze pointing out that
> > none of these games do any checksums on the contents of the DS5002FP's RAM - so the
> > only way to determine whether the dump is good or not is to simply try it in MAME
> and
> > see whether or not it fails to work correctly. Then there's the additional layer of
> > uncertainty of whether or not any misbehavior might be due to inaccuracies in
> MAME's
> > 8051 core, as opposed to inaccuracies in the dumps.
> >
> > Nonetheless, it's still an absolutely amazing accomplishment, and both Peter and
> > Morten deserve all of our congratulations. But make no mistake, this is hardly the
> > final chapter in this particular story. Rather than closing the book, it opens new
> > doors to explore.
>
> Raiden 2 in the end was mostly OG, although we managed to correlate a lot of what was
> found by Kale for the other games so implementations are mostly shared, various bugs
> were fixed along the way by doing this.
>
> Seibu COP is something that has been worked on by a lot of people over the years tho,
> there are still contributions I made to that (eg. the finer details of some of the
> collisions based on extensive feedback from Raiden 2 players who knew exactly how big
> and where the hitboxes should be for each power-up level of ship as you can't pass
> through certain patterns fully-powered as you have a hitbox that is slightly bigger
> too)
>
> Unfortunately, no, Gaelco didn't checksum any of this, and the chips are going bad,
> so until we've got 2 of each game secured it's actually a bit of a risk releasing
> anybody because we're already seeing people jump on the 'going to buy up bad boards
> and reprogram them' bandwagon (and obviously a reprogrammed board doesn't help verify
> at all)
>
> The DS5002FP even has a checksum function in hardware where you can program a
> checksum into it, have the bootstrap check it, and wipe sram / put it back in
> programming mode if the data becomes corrupt, however, it doesn't appear to be used
> here, hence why instead we're seeing games where some of the ram bits have gone
> flakey.

Now that the World Rally 2 MCU is dumped, is WR2 now fully playable, although your commit doesn't explicitly state it?

https://github.com/mamedev/mame/commit/199ce7d06da149804c6ed998bf39206f69885197



"Note to Noobs:

We are glad to help you but simply posting that something does not work is not going to lead to you getting help. The more information you can supply defining your problem, the less likely it will be that you will get smart-alec replies.

C.D.~"



F1ReB4LL
Reged: 03/09/05
Posts: 301
Send PM


Re: Haze: DS5002FP Dumping new [Re: Master O]
#368081 - 07/21/17 02:08 PM


> Now that the World Rally 2 MCU is dumped, is WR2 now fully playable, although your
> commit doesn't explicitly state it?
>
> https://github.com/mamedev/mame/commit/199ce7d06da149804c6ed998bf39206f69885197

It doesn't have MACHINE_NOT_WORKING" and "MACHINE_UNEMULATED_PROTECTION" flags anymore, so why to ask?

I have a better question: since the MCU dumps have differences in the startup code, why not to keep the older MCU dump as well (via the clone set)?



Haze
Reged: 09/23/03
Posts: 4334
Send PM


Re: Haze: DS5002FP Dumping new [Re: F1ReB4LL]
#368113 - 07/22/17 08:35 PM


> > Now that the World Rally 2 MCU is dumped, is WR2 now fully playable, although your
> > commit doesn't explicitly state it?
> >
> > https://github.com/mamedev/mame/commit/199ce7d06da149804c6ed998bf39206f69885197
>
> It doesn't have MACHINE_NOT_WORKING" and "MACHINE_UNEMULATED_PROTECTION" flags
> anymore, so why to ask?
>
> I have a better question: since the MCU dumps have differences in the startup code,
> why not to keep the older MCU dump as well (via the clone set)?

The trusted dump comes unmodified from the 2nd CPU SRAM, didn't really see the point in keeping the bad one around in this instance, just documented what we saw.

anyway the actual answer to the question is that they'll only REALLY be considered working if the current Pull Request (https://github.com/mamedev/mame/pull/2500) gets merged in before the 'freeze period' for the release*. If not, there's a 1-byte error in the World Rally 2 rom (also reversed stereo channels) and the Touch + Go high score table doesn't initialize properly.

(* looks at this point like it WILL make it)



Master O
Yes, Even Parodius Music
Reged: 11/20/06
Posts: 1128
Send PM


Re: Haze: DS5002FP Dumping new [Re: Haze]
#368119 - 07/23/17 03:15 AM


> > > Now that the World Rally 2 MCU is dumped, is WR2 now fully playable, although
> your
> > > commit doesn't explicitly state it?
> > >
> > > https://github.com/mamedev/mame/commit/199ce7d06da149804c6ed998bf39206f69885197
> >
> > It doesn't have MACHINE_NOT_WORKING" and "MACHINE_UNEMULATED_PROTECTION" flags
> > anymore, so why to ask?
> >
> > I have a better question: since the MCU dumps have differences in the startup code,
> > why not to keep the older MCU dump as well (via the clone set)?
>
> The trusted dump comes unmodified from the 2nd CPU SRAM, didn't really see the point
> in keeping the bad one around in this instance, just documented what we saw.
>
> anyway the actual answer to the question is that they'll only REALLY be considered
> working if the current Pull Request (https://github.com/mamedev/mame/pull/2500)
> gets merged in before the 'freeze period' for the release*. If not, there's a 1-byte
> error in the World Rally 2 rom (also reversed stereo channels) and the Touch + Go
> high score table doesn't initialize properly.
>
> (* looks at this point like it WILL make it)

Good to hear that the MCUs from the other Gaelco games will be added to Mame soon, too.



"Note to Noobs:

We are glad to help you but simply posting that something does not work is not going to lead to you getting help. The more information you can supply defining your problem, the less likely it will be that you will get smart-alec replies.

C.D.~"


Pages: 1

MAMEWorld Central >> News
View all threads Index   Threaded Mode Threaded  

Extra information Permissions
Moderator:  John IV, Tafoid 
0 registered and 27 anonymous users are browsing this forum.
You cannot start new topics
You cannot reply to topics
HTML is enabled
UBBCode is enabled
Thread views: 1638