感觉这才是值得做的编程工作啊!吾辈当自勉

13 小时 59 分钟前
 levelworm

https://news.ycombinator.com/item?id=42465378

Xbox 360 的一位软件工作者也来发了个帖子:

One challenge was that while I started working on the Xbox 360 about three years before it would ship, we knew that the custom CPU would not be available until early 2005 (first chips arrived in early February). And there was only supposed to be one hardware spin before final release.

一项挑战是,我是在 XBox 360 发售三年前开始给它写代码的(这位程序员当时写的是 bootloader 、kernel 和 hypervisor )。我们知道要等到 2005 年年初才能拿到芯片。

So I had no real hardware to test any of the software I was writing, and no other chips (like the Apple G5 we used as alpha kits) had the custom security hardware or boot sequence like the custom chip would have. But I still needed to provide the first stage boot loader which is stored in ROM inside the CPU weeks before first manufacture.

但是我仍然需要在开始生产之前数周的时候就拿出 bootloader 的代码,用以在生产之时保存在 ROM 中。

I ended up writing a simulator of the CPU (instruction level), to make progress on writing the boot code. Obviously my boot code and hypervisor would run perfectly on my simulator since I wrote both!

于是我最后写了一个指令级的 CPU 模拟器,用来帮助我的编程工作。我的 bootloader 和 hypervisor 在模拟器上运行的很完美。

But IBM had also had a hardware accelerated cycle-accurate simulator that I got to use. I was required to boot the entire Xbox 360 kernel in their simulator before I could release the boot ROM. What takes a few seconds on hardware to boot took over 3 hours in simulation. The POST codes would be displayed every so often to let me know that progress was still being made.

IBM 也提供了一个硬件加速的、能够精准到时钟周期的模拟器。我需要在烧录 ROM 之前在这个模拟器上成功运行整个 XBox 360 的 kernel 。在硬件上只需要几秒钟就能开机,但是在 IBM 提供的模拟器上却需要三个小时才能完成整个开机过程。为了显示开机程序还在运行,自检代码每隔一会就会在屏幕上出现。

The first CPU arrived on a Friday, by Saturday the electrical engineers flew to Austin to help get the chip on the motherboard and make sure FSB and other busses were all working. I arrived on Monday evening with a laptop containing the source code to the kernel, on Tuesday I compiled and flashed various versions, working through the typical bring-up issues. By Wednesday afternoon the kernel was running Quake, including sound output and controller input.

第一块 CPU 周五运到。周六硬件工程师飞到 Austin 去帮助把它安装在主板上,并保证总线正常工作。我是周一晚上赶到的,随身带了一台笔记本电脑,上面有 kernel 的代码。到了周二,代码编译好并烧录进机器,到了周三下午就能够跑 Quake 了,包括声音输出和摇杆输入。

Three years of preparation to make my contribution to hardware bring-up as short as possible, since I would bottleneck everyone else in the development team until the CPU booted the kernel.

关于这位大牛自己写的模拟器(指令级别)的一些趣闻:

I called the simulator Sbox and it was just a simple console app. I didn't implement the GPU, so no graphics just the hypervisor and kernel and some simple non-graphics apps. I made it so that you could build the Xbox 360 kernel on your windows machine, then just run sbox.exe and it would automatically find the just built kernel image targeting the PPC64 and boot it. Then if you typed control-C it would drop into the kernel debugger as a sub process, and you could poke around at the machine state as if it were the real Xbox hardware, showing all the PPC instructions and registers. It was a lot of fun writing it, and quite useful.

我把它叫做 Sbox 。它不模拟 GPU ,所以没有图像,只有 hypervisor 和 kernel 以及一些简单的文字程序。开发团队能够在 Windows 上编译 Xbox 360 内核,然后运行 sbox.exe ,它就能自动找到刚刚编译好的针对 Power PC 的内核二进制文件,并在模拟器内部开机。如果你输入 Ctrl-C ,那么就能进入到 kernel debugger 的子进程,勘察(模拟)机器的状态,包括所有 Power PC 指令和计算器,就好像这是一台真正的 XBox 360 一样。

(以下是大牛的一位同事说的)

You should also talk about the lwarx/stecx bug. IIRC - in the first version of the chip there was a bug in one or both of these instructions. Your code booted on SBox but didn't on the hardware. You compared the two and then figured out it was these instructions. You filed a bug report and then dug into them and used SBox to figure out what must have been going wrong.

你应该谈谈 lwarx/stecx bug 。我没记错的话,第一版的芯片有这个 bug 。你的代码能够在 Sbox 上运行,但是不能在硬件上运行。你在对比了两者之后,分析出是这两个指令的问题。你(给 IBM )递交了一份 bug 报告。

The chip supplier came back with a workaround and within five minutes you simulated it on SBox and said it wouldn't work, why, and then said how it should be fixed.

IBM 送了一块新的芯片过来,你在 SBox 上跑了五分钟之后就说它肯定不行,应该怎么样怎么样才能解决这个问题。(我读下来的感觉是,IBM 仅仅是提供了一个 workaround ,然后大牛在 SBox 里模拟了这个 workaround ,发现还是不行)

The supplier didn't believe you as yet. And you worked out a workaround so we could be unblocked. Two weeks later they agreed with your fix...

IBM 不相信你的话,于是你自己想了个解决办法,避免我们的进度停滞不前。两个礼拜之后 IBM 说你的解决办法没错。

6047 次点击
所在节点    程序员
37 条回复
flyqie
13 小时 35 分钟前
真的是牛人,太狠了。。

这类 emu 要涉及到的东西太多了。
levelworm
13 小时 22 分钟前
@flyqie 是啊,这是生产项目的模拟,不是我那种写个 lc-3 模拟器的玩具。而且 PPC 的芯片在当时也算是比较复杂的芯片。

The XCPU, named Waternoose (later Loki) is a custom triple-core 64-bit PowerPC-based design by IBM.
liquid207
13 小时 10 分钟前
太厉害了,比 IBM 还熟悉它们的产品
ccpp132
13 小时 6 分钟前
这种得是对搞硬件和模拟器已经很熟悉的人了,没干过的第一次肯定不敢这么搞
levelworm
13 小时 3 分钟前
@liquid207 这种芯片的 specification 估计有 1000 页,就算不用全部读了估计也得读个一大半。

https://xenonlibrary.com/wiki/Waternoose

短时间搜了一下没找到它的 specification ,可能是因为是特供 XBox 360 的原因。
levelworm
12 小时 56 分钟前
@ccpp132 #4
我找到这哥们了:Dinarte Morais

领英和 X 上都有账号,但是信息少得可怜。微软的网站上有他的一点信息:

Dinarte is a Distinguished Engineer who has worked on the Xbox team since 2001. He’s been the key architect focused on security, software emulation for backward compatibility of games, and digital rights protection of downloaded content. He functioned as a critical liaison between the hardware engineers and the software development team, and worked closely with 3rd party vendors to help them realize the Microsoft vision of next generation gaming. Dinarte first joined Microsoft in 1992 after working as the lead developer for ON Technology and several years as an independent software consultant. He is an MIT graduate.

92 年就加入微软,看起来一直都是偏底层的,不知道在加入 XBox 团队之前做的是什么。
Mithril
12 小时 54 分钟前
后面还有他用编译器给硬件打 patch ,这 patch 跑满了整个生命周期。。。。

所以说工程这种东西,就是能跑就行。
levelworm
12 小时 30 分钟前
@Mithril #7
多谢,看到之后的细节了。能够打这种补丁,的确是厉害。
levelworm
12 小时 7 分钟前
@Mithril #7
我把之后的这块也翻译出来了。可惜论坛给的空间太小,如果还需要增加 append 的话,就没机会了。
Mithril
9 小时 58 分钟前
@levelworm 其实我觉得这都算是比较传统的程序员了。毕竟那个年代选择做程序员的,多少都是有点爱好在里面的。等互联网兴起以后,大把的人只是为了这份工作赚钱才当程序员,那就没什么兴趣可言了。

有兴趣才能做出自己搞个模拟器出来这种事。不然肯定“你 CPU 都没有,我写个什么 Bootloader ?”,互相扯皮甩锅对其进度去了。
assiadamo
9 小时 42 分钟前
MIT 大神
name1991
9 小时 31 分钟前
已经超过三十五了。。。
prosgtsr
9 小时 19 分钟前
人家是推进社会进步的高质量人类
我只是提供基因突变所需的材料罢了,日常 emo
majula
8 小时 45 分钟前
哈哈,想起来之前有次和甲方对接,他们没有给我们 API 文档,让我们自己逆向动态库去分析接口逻辑,我说做不了,结果被领导 diss 了,说我缺乏探索精神,这样下去永远提高不了,只能当一辈子调库侠。

当时我挺生气,差点想当场离职。事后也在论坛上发了小作文骂他。

现在来看,和楼主帖子里这位老哥相比,还是我浅薄了。怪不得人家能成为大佬,而我干了这么多年还是个菜鸟码农。
shily
8 小时 6 分钟前
@majula 这,能一样嘛。你这个是真 CPU 。

大佬的项目提前 3 年开工,你这项目提前 3 天都是好的了。
xieranmaya
8 小时 1 分钟前
还好吧,我读到第一段的时候就猜到肯定要搞模拟器
拿不到硬件,可不就得模拟吗
当年文曲星都有模拟器呢,几乎每个型号都有,就是用软件模拟了整个硬件,然后加载文曲星自己的软件进去
仿佛是 2005 年以前了
CT0rc4m
7 小时 57 分钟前
@majula 干过一样的事情。。
jeesk
7 小时 51 分钟前
@majula 我想问一下逆向如果待铁手镯了, 你领导负责吗?
senhtry
7 小时 25 分钟前
虽然但是也很无聊,实际上没做过觉得很有滤镜。但是实际上陷到各种指令里面看各种复现不了的 bug ,时间久了也这样了,有时候还经常有挫败感。
archxm
7 小时 23 分钟前
被吹捧了而已

这是一个专为移动设备优化的页面(即为了让你能够在 Google 搜索结果里秒开这个页面),如果你希望参与 V2EX 社区的讨论,你可以继续到 V2EX 上打开本讨论主题的完整版本。

https://www.v2ex.com/t/1098992

V2EX 是创意工作者们的社区,是一个分享自己正在做的有趣事物、交流想法,可以遇见新朋友甚至新机会的地方。

V2EX is a community of developers, designers and creative people.

© 2021 V2EX