qemu/target
Peter Maydell 3bb8a96f53 arm: Implement M profile exception return properly
On M profile, return from exceptions happen when code in Handler mode
executes one of the following function call return instructions:
 * POP or LDM which loads the PC
 * LDR to PC
 * BX register
and the new PC value is 0xFFxxxxxx.

QEMU tries to implement this by not treating the instruction
specially but then catching the attempt to execute from the magic
address value.  This is not ideal, because:
 * there are guest visible differences from the architecturally
   specified behaviour (for instance jumping to 0xFFxxxxxx via a
   different instruction should not cause an exception return but it
   will in the QEMU implementation)
 * we have to account for it in various places (like refusing to take
   an interrupt if the PC is at a magic value, and making sure that
   the MPU doesn't deny execution at the magic value addresses)

Drop these hacks, and instead implement exception return the way the
architecture specifies -- by having the relevant instructions check
for the magic value and raise the 'do an exception return' QEMU
internal exception immediately.

The effect on the generated code is minor:

 bx lr, old code (and new code for Thread mode):
  TCG:
   mov_i32 tmp5,r14
   movi_i32 tmp6,$0xfffffffffffffffe
   and_i32 pc,tmp5,tmp6
   movi_i32 tmp6,$0x1
   and_i32 tmp5,tmp5,tmp6
   st_i32 tmp5,env,$0x218
   exit_tb $0x0
   set_label $L0
   exit_tb $0x7f2aabd61993
  x86_64 generated code:
   0x7f2aabe87019:  mov    %ebx,%ebp
   0x7f2aabe8701b:  and    $0xfffffffffffffffe,%ebp
   0x7f2aabe8701e:  mov    %ebp,0x3c(%r14)
   0x7f2aabe87022:  and    $0x1,%ebx
   0x7f2aabe87025:  mov    %ebx,0x218(%r14)
   0x7f2aabe8702c:  xor    %eax,%eax
   0x7f2aabe8702e:  jmpq   0x7f2aabe7c016

 bx lr, new code when in Handler mode:
  TCG:
   mov_i32 tmp5,r14
   movi_i32 tmp6,$0xfffffffffffffffe
   and_i32 pc,tmp5,tmp6
   movi_i32 tmp6,$0x1
   and_i32 tmp5,tmp5,tmp6
   st_i32 tmp5,env,$0x218
   movi_i32 tmp5,$0xffffffffff000000
   brcond_i32 pc,tmp5,geu,$L1
   exit_tb $0x0
   set_label $L1
   movi_i32 tmp5,$0x8
   call exception_internal,$0x0,$0,env,tmp5
  x86_64 generated code:
   0x7fe8fa1264e3:  mov    %ebp,%ebx
   0x7fe8fa1264e5:  and    $0xfffffffffffffffe,%ebx
   0x7fe8fa1264e8:  mov    %ebx,0x3c(%r14)
   0x7fe8fa1264ec:  and    $0x1,%ebp
   0x7fe8fa1264ef:  mov    %ebp,0x218(%r14)
   0x7fe8fa1264f6:  cmp    $0xff000000,%ebx
   0x7fe8fa1264fc:  jae    0x7fe8fa126509
   0x7fe8fa126502:  xor    %eax,%eax
   0x7fe8fa126504:  jmpq   0x7fe8fa122016
   0x7fe8fa126509:  mov    %r14,%rdi
   0x7fe8fa12650c:  mov    $0x8,%esi
   0x7fe8fa126511:  mov    $0x56095dbeccf5,%r10
   0x7fe8fa12651b:  callq  *%r10

which is a difference of one cmp/branch-not-taken. This will
be lost in the noise of having to exit generated code and
look up the next TB anyway.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <rth@twiddle.net>
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Message-id: 1491844419-12485-9-git-send-email-peter.maydell@linaro.org
2017-04-20 17:39:17 +01:00
..
alpha qemu-timer: do not include sysemu/cpus.h from util/qemu-timer.h 2017-03-14 13:28:18 +01:00
arm arm: Implement M profile exception return properly 2017-04-20 17:39:17 +01:00
cris qom/cpu: move tlb_flush to cpu_common_reset 2017-01-13 14:24:31 +00:00
hppa hppa: avoid anonymous unions in designated initializers. 2017-03-04 12:52:01 +00:00
i386 target/i386/misc_helper: wrap BQL around another IRQ generator 2017-04-10 10:14:50 +01:00
lm32 qom/cpu: move tlb_flush to cpu_common_reset 2017-01-13 14:24:31 +00:00
m68k This is the same as the v3 posted except a re-base and a few extra signoffs 2017-01-16 18:23:02 +00:00
microblaze cputlb: drop flush_global flag from tlb_flush 2017-01-13 14:24:37 +00:00
mips target/mips: fix delay slot detection in gen_msa_branch() 2017-03-20 11:19:14 +00:00
moxie qom/cpu: move tlb_flush to cpu_common_reset 2017-01-13 14:24:31 +00:00
nios2 target/nios2: take BQL around interrupt check 2017-03-14 13:26:37 +01:00
openrisc target/openrisc: Optimize for r0 being zero 2017-02-14 08:15:00 +11:00
ppc target/ppc: fix cpu_ov setting for 32-bit 2017-03-14 11:27:23 +11:00
s390x target/s390x: Fix broken user mode 2017-03-23 10:49:13 +01:00
sh4 monitor: Fix crashes when using HMP commands without CPU 2017-02-21 18:29:01 +00:00
sparc sparc/sparc64: grab BQL before calling cpu_check_irqs 2017-03-09 10:41:38 +00:00
tilegx qom/cpu: move tlb_flush to cpu_common_reset 2017-01-13 14:24:31 +00:00
tricore qom/cpu: move tlb_flush to cpu_common_reset 2017-01-13 14:24:31 +00:00
unicore32 cputlb: drop flush_global flag from tlb_flush 2017-01-13 14:24:37 +00:00
xtensa target/xtensa fixes for 2.9: 2017-03-18 17:24:49 +00:00