PLBU commandstream analysis
Based on some analysis of bunch of PLBU dumps, I have noticed some patterns that might help.
Firstly, the opcodes seem to consist of two 32-bit integers. Now the second integer's 4 top bits seems to specify the opcode of the operation, giving possible 16 operations:
- 0x0 - OP_DRAW
- 0x1 - OP_WRITE_REG ?? Write constant to register
- 0x2 - OP_ARRAY_ADDRESS
- 0x3 - OP_BLOCK_STRIDE
- 0x5 - OP_END_CMDSTREAM
- 0x6 - OP_SEMAPHORE
- 0x7 - OP_SCISSOR
- 0x8 - OP_RSW_VERTEX_ARRAY
- 0x9 - ??? (Similar to OP_WRITE_REG)
- 0xA - ??? (Similar to OP_WRITE_REG), always followed by 0xD operation
- 0xD - ??? unknown, always follow list of 0xA operations
- 0xF - ??? CMD_CONTINUE in luc's limadriver headers
I have not seen 0x4, 0xB, 0xC, 0xE and 0xF yet, though.
0x1
, 0x9
and 0xa
seem to be really similar, with command format as 0xX00001??
, which means that it could be related to some kind of register/memory/store access.
Also, based on certain calls, it seems 0x9 and 0xa seem to target same memory locations, as the arguments are the same (from the clear.single_buffer.second_draw.no_glClear
or scissor.frame2
dumps:
('0x90000103', '0x10000080')
('0x90000104', '0x10000084')
('0x90000107', '0x10000088')
('0x90000108', '0x1000008c')
('0x90000105', '0x10000090')
('0x90000106', '0x10000094')
('0xa0000103', '0x10000080')
('0xa0000104', '0x10000084')
('0xa0000107', '0x10000088')
('0xa0000108', '0x1000008c')
('0xa0000105', '0x10000090')
('0xa0000106', '0x10000094')
Also, analysing the scissor.frame1
and scissor.frame2
dumps, I noticed following:
frame1:
...
('0xa0000103', '0x10000080')
('0xa0000104', '0x10000084')
('0xa0000107', '0x10000088')
('0xa0000108', '0x1000008c')
('0xa0000105', '0x10000090')
('0xa0000106', '0x10000094')
('0xd0000000', '0x00000000')
frame2:
('0x90000103', '0x10000080')
('0x90000104', '0x10000084')
('0x90000107', '0x10000088')
('0x90000108', '0x1000008c')
('0x90000105', '0x10000090')
('0x90000106', '0x10000094')
...
('0xa0000103', '0x10000080')
('0xa0000104', '0x10000084')
('0xa0000107', '0x10000088')
('0xa0000108', '0x1000008c')
('0xa0000105', '0x10000090')
('0xa0000106', '0x10000094')
('0xd0000000', '0x00000000')
Based on this data, it seems that 0xa is a store operation to GPU memory which could then mean that 0xd is flush or sync command, and 0x9 is load from memory.