RomRaider

Does this ROM have a Base Timing Idle Minimum table?

I ask because I am trying to induce burbles/crackles on overrun, but can't seem to get timing to hit the timing set in "Base Timing Idle (In-Gear)(Above Speed Threshold)", despite being in gear, well above the speed threshold, and at 0% throttle/decelerating. For example, instead of the 5 degrees I have set for my 2000 RPM value in the "Base Timing Idle (In-Gear)(Above Speed Threshold)" table, I see 30 degrees (exactly 30 degrees). This value also doesn't match anything even in my base timing low load columns and seems way too consistent to be due to interpolation.

Actually, after looking into things a bit further, I've realized that the value in the "Base Timing Idle (In-Gear)(Above Speed Threshold)" table that I had changed to 5 degrees was originally 30 degrees! I downloaded my ROM back off of the ECU to see if the value had not been changed for some reason, but it was correct (i.e. 5 degrees) in my ROM downloaded straight off of the ECU. Very strange. Any ideas?

ROM attached.

Update: I flashed a new version of the ROM this morning and updated the last three cells in the "Base Timing Idle (In-Gear)(Above Speed Threshold)" table to see if changing them would cause the current values to be overwritten/take effect (I smoothed the retarted timing I was running in the 2000+RPM cell back to the 15.16 the ECU is programmed for stock over two cells, probably how I should have done things in the first place anyways). I may not have a chance to actually drive the vehicle until Friday morning, but will update as soon as I do to see if the reflash results in my changes having their desired effect.

Another update - No matter what is in my idle timing (in-gear) (above speed threshold) table, I cannot get timing under decel to go below 30 degrees until RPM is below 2k RPM. At exactly 2k RPM, the timing will start to drop until it bottoms out at 10 degrees at ~1,500RPM.

Also, changing timing in my non-idle base timing table, i.e. the leftmost column, does not result in timing dropping either, even while monitoring load and making sure I am hitting the load value where my timing changes are.

Last interesting thing I noted is that timing will drop lower during warmup. At EXACTLY 158 degrees F, however, the 30 degree timing floor comes into effect, with timing ramping up as the engine warms up.

Must be two tables I am missing, one that sets a timing floor based on ECT and another that sets a timing floor based on RPM... Any pointers anybody might have as far as finding these tables would be much appreciated!

Did some additional digging into the ROM and found two potential 2D tables of interest. Both tables have an RPM axis and a timing axis, with one sharing the RPM axis used by the two already-defined in-gear idle timing tables.

The table that shares an axis with the already-defined idle timing tables has an RPM axis located at ccc18 and timing at ccdde.

The second table has an RPM axis located at cce18 and timing at cce3c.

Timing is a one-byte unsigned integer where 85 raw = 10 degrees and RPM is a single float.

If someone could take a look and let me know if lowering the timing values in either or both of these tables would lower the idle timing floor I seem to be hitting, I would really appreciate it. If anyone has any idea what these tables might be called, specifically, in ROMs where they may already be defined, that would also be very helpful.

Yet another update! I think that I am finally beginning to understand using IDA for disassembly.

Basically, I took a look at a number of similar, already-defined ROMs, using XMLtoIDC to map them out in IDA. Based on this analysis and analysis of my logs, I determined that there MUST have been a 3D table comparing ECT to RPM for idle timing.

I then did some further labeling of the DWORDs associated with the idle tables, followed cross references to code where these values were being moved in and out of memory/registers, and used IDAs "graph view" and "proximity browser" views to look at the logic as a flowchart, more or less. Because I had named some of the dwords manually, the logic made more sense. Essentially, I focused on what came after the "Base Timing Idle Vehicle Speed Threshold" and assumed that the tables referred to immediately after were above and below speed threshold idle timing tables for in-gear. Since one was already marked, I navigated to the dword of the unmarked table and noted that it shared the format of the 3D idle timing tables seen in other ROMs.

The values in this table make sense in light of what I was seeing in my logs. I believe that perhaps the in-gear idle above speed threshold table is mis-marked in this ROM and should be the below speed threshold table instead, based on other ROMs with these tables (on second thought, maybe its in-gear above speed threshold for the AT version or an A/B table?).

Based on this analysis, I am quite confident that I have correctly identified the table and will flash a map with changes to it shortly and report back if those changes had the desired effect.

Screenshot of graph view attached and below:


Also, here are my notes regarding other potential tables of interest found during my search, along with descriptions of those tables:
Potential Idle Tables:
Base Timing Idle A (neutral)_? - RPM = cce18 - Timing = cce3c --- 10 Degrees up to 3000 RPM, then 25 degrees --- Labeled as "Base Timing Idle Min Table MJC" in the attached graph view
Base Timing Idle B (In-Gear) (Below Speed Threshold)? - RPM = ccc18 - Timing = ccdde - 10 degrees between 400 and 2k RPM --- Labeled as "TenDegreesFlatIdleTimingTable MJC" in the attached graph view

Already Defined, but suspect:
Base Timing Idle (In-Gear) (Above Speed Threshold) - RPM = ccc18 - Timing = ccdcc --- 10 Degrees up to 3000 RPM, then 25 degrees
Base Timing Idle (In-Gear) (Below Speed Threshold) - RPM = ccc18 - Timing = ccdd5 --- 15 Degrees Flat
Base Timing Idle (Neutral) - RPM = ccde8 - Timing = cce0c --- 15 Degrees up to 3000 RPM, then 25 degrees

Confident in:
Base Timing Idle (In-Gear) (Above Speed Threshold)_ - ECT = ce07c - RPM = ce054 - Timing = ce08c --- Limit of 30 degrees applies lower down RPM range as vehicle warms up, eventually down to 2k RPM, bottoming out at 10 degrees by 1600 RPM, as observed in logs --- This is the leftmost table in the attached graph view screenshot

Not sure:
Base Timing Idle (In-Gear) (Above Speed Threshold)_ - ECT = ce07c - RPM = ce054 - Timing = ce08c --- Limit of 30 degrees applies lower down RPM range as vehicle warms up, eventually down to 2k RPM, bottoming out at 10 degrees by 1600 RPM, as observed in logs

Lastly, here is a screenshot of the new table (Base Timing Idle (In-Gear) (Above Speed Threshold)_) in ECU Flash:


p.s. for those just starting out (i am only a few months of occasional nights in), i have found that looking at already defined maps, searching for the start locations of identified tables, doing a byte sequence search for the start location, jumping to the location and labeling it, then following the cross references to areas of the map that show move operations ans viewing those locations using the proximity browser and/or graph view makes identifying tables and logic much easier, relative to just searching for byte strings found in defined tables of interest in other ROMs, which can be hit or miss and often doesn't provide much context/requires logging to prove.

After flashing and logging, I can confirm that the 3D in gear, above speed threshold idle timing table referenced in my last post functions as intended, at least down to 0 degrees of timing (my current lowest cell).

No burbles with just the idle timing change, although my drive was relatively short and it was very cold this morning (around 15f), but I had previously confirmed that the dfco table worked fine and all overrun tables are all defined and work, so I should have everything I need now to play around with burbles/crackles.

Just to close this one out, was able to reduce timing down to -10 degrees, at least, using the found table (didn't need to go lower to get desired effect, so didn't). Combined with changes to overrun IPW (doubled from stock value), this allowed for short-lived burbles after letoff that are particularly pronounced when rev-match downshifting at higher RPM without causing driveability issues (when combined with changes to other tables to reduce rev hang - see my other threads).