qemu/target-arm/helper.c
Peter Maydell 721fae1253 target-arm: Convert TCG to using (index,value) list for cp migration
Convert the TCG ARM target to using an (index,value) list for migrating
coprocessors. The primary benefit of the (index,value) list is for
passing state between KVM and QEMU, but it works for TCG-to-TCG
migration as well and is a useful self-contained first step.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2013-06-25 18:16:10 +01:00

3714 lines
119 KiB
C

#include "cpu.h"
#include "exec/gdbstub.h"
#include "helper.h"
#include "qemu/host-utils.h"
#include "sysemu/sysemu.h"
#include "qemu/bitops.h"
#ifndef CONFIG_USER_ONLY
static inline int get_phys_addr(CPUARMState *env, uint32_t address,
int access_type, int is_user,
hwaddr *phys_ptr, int *prot,
target_ulong *page_size);
#endif
static int vfp_gdb_get_reg(CPUARMState *env, uint8_t *buf, int reg)
{
int nregs;
/* VFP data registers are always little-endian. */
nregs = arm_feature(env, ARM_FEATURE_VFP3) ? 32 : 16;
if (reg < nregs) {
stfq_le_p(buf, env->vfp.regs[reg]);
return 8;
}
if (arm_feature(env, ARM_FEATURE_NEON)) {
/* Aliases for Q regs. */
nregs += 16;
if (reg < nregs) {
stfq_le_p(buf, env->vfp.regs[(reg - 32) * 2]);
stfq_le_p(buf + 8, env->vfp.regs[(reg - 32) * 2 + 1]);
return 16;
}
}
switch (reg - nregs) {
case 0: stl_p(buf, env->vfp.xregs[ARM_VFP_FPSID]); return 4;
case 1: stl_p(buf, env->vfp.xregs[ARM_VFP_FPSCR]); return 4;
case 2: stl_p(buf, env->vfp.xregs[ARM_VFP_FPEXC]); return 4;
}
return 0;
}
static int vfp_gdb_set_reg(CPUARMState *env, uint8_t *buf, int reg)
{
int nregs;
nregs = arm_feature(env, ARM_FEATURE_VFP3) ? 32 : 16;
if (reg < nregs) {
env->vfp.regs[reg] = ldfq_le_p(buf);
return 8;
}
if (arm_feature(env, ARM_FEATURE_NEON)) {
nregs += 16;
if (reg < nregs) {
env->vfp.regs[(reg - 32) * 2] = ldfq_le_p(buf);
env->vfp.regs[(reg - 32) * 2 + 1] = ldfq_le_p(buf + 8);
return 16;
}
}
switch (reg - nregs) {
case 0: env->vfp.xregs[ARM_VFP_FPSID] = ldl_p(buf); return 4;
case 1: env->vfp.xregs[ARM_VFP_FPSCR] = ldl_p(buf); return 4;
case 2: env->vfp.xregs[ARM_VFP_FPEXC] = ldl_p(buf) & (1 << 30); return 4;
}
return 0;
}
static int raw_read(CPUARMState *env, const ARMCPRegInfo *ri,
uint64_t *value)
{
*value = CPREG_FIELD32(env, ri);
return 0;
}
static int raw_write(CPUARMState *env, const ARMCPRegInfo *ri,
uint64_t value)
{
CPREG_FIELD32(env, ri) = value;
return 0;
}
static bool read_raw_cp_reg(CPUARMState *env, const ARMCPRegInfo *ri,
uint64_t *v)
{
/* Raw read of a coprocessor register (as needed for migration, etc)
* return true on success, false if the read is impossible for some reason.
*/
if (ri->type & ARM_CP_CONST) {
*v = ri->resetvalue;
} else if (ri->raw_readfn) {
return (ri->raw_readfn(env, ri, v) == 0);
} else if (ri->readfn) {
return (ri->readfn(env, ri, v) == 0);
} else {
if (ri->type & ARM_CP_64BIT) {
*v = CPREG_FIELD64(env, ri);
} else {
*v = CPREG_FIELD32(env, ri);
}
}
return true;
}
static bool write_raw_cp_reg(CPUARMState *env, const ARMCPRegInfo *ri,
int64_t v)
{
/* Raw write of a coprocessor register (as needed for migration, etc).
* Return true on success, false if the write is impossible for some reason.
* Note that constant registers are treated as write-ignored; the
* caller should check for success by whether a readback gives the
* value written.
*/
if (ri->type & ARM_CP_CONST) {
return true;
} else if (ri->raw_writefn) {
return (ri->raw_writefn(env, ri, v) == 0);
} else if (ri->writefn) {
return (ri->writefn(env, ri, v) == 0);
} else {
if (ri->type & ARM_CP_64BIT) {
CPREG_FIELD64(env, ri) = v;
} else {
CPREG_FIELD32(env, ri) = v;
}
}
return true;
}
bool write_cpustate_to_list(ARMCPU *cpu)
{
/* Write the coprocessor state from cpu->env to the (index,value) list. */
int i;
bool ok = true;
for (i = 0; i < cpu->cpreg_array_len; i++) {
uint32_t regidx = kvm_to_cpreg_id(cpu->cpreg_indexes[i]);
const ARMCPRegInfo *ri;
uint64_t v;
ri = get_arm_cp_reginfo(cpu, regidx);
if (!ri) {
ok = false;
continue;
}
if (ri->type & ARM_CP_NO_MIGRATE) {
continue;
}
if (!read_raw_cp_reg(&cpu->env, ri, &v)) {
ok = false;
continue;
}
cpu->cpreg_values[i] = v;
}
return ok;
}
bool write_list_to_cpustate(ARMCPU *cpu)
{
int i;
bool ok = true;
for (i = 0; i < cpu->cpreg_array_len; i++) {
uint32_t regidx = kvm_to_cpreg_id(cpu->cpreg_indexes[i]);
uint64_t v = cpu->cpreg_values[i];
uint64_t readback;
const ARMCPRegInfo *ri;
ri = get_arm_cp_reginfo(cpu, regidx);
if (!ri) {
ok = false;
continue;
}
if (ri->type & ARM_CP_NO_MIGRATE) {
continue;
}
/* Write value and confirm it reads back as written
* (to catch read-only registers and partially read-only
* registers where the incoming migration value doesn't match)
*/
if (!write_raw_cp_reg(&cpu->env, ri, v) ||
!read_raw_cp_reg(&cpu->env, ri, &readback) ||
readback != v) {
ok = false;
}
}
return ok;
}
static void add_cpreg_to_list(gpointer key, gpointer opaque)
{
ARMCPU *cpu = opaque;
uint64_t regidx;
const ARMCPRegInfo *ri;
regidx = *(uint32_t *)key;
ri = get_arm_cp_reginfo(cpu, regidx);
if (!(ri->type & ARM_CP_NO_MIGRATE)) {
cpu->cpreg_indexes[cpu->cpreg_array_len] = cpreg_to_kvm_id(regidx);
/* The value array need not be initialized at this point */
cpu->cpreg_array_len++;
}
}
static void count_cpreg(gpointer key, gpointer opaque)
{
ARMCPU *cpu = opaque;
uint64_t regidx;
const ARMCPRegInfo *ri;
regidx = *(uint32_t *)key;
ri = get_arm_cp_reginfo(cpu, regidx);
if (!(ri->type & ARM_CP_NO_MIGRATE)) {
cpu->cpreg_array_len++;
}
}
static gint cpreg_key_compare(gconstpointer a, gconstpointer b)
{
uint32_t aidx = *(uint32_t *)a;
uint32_t bidx = *(uint32_t *)b;
return aidx - bidx;
}
void init_cpreg_list(ARMCPU *cpu)
{
/* Initialise the cpreg_tuples[] array based on the cp_regs hash.
* Note that we require cpreg_tuples[] to be sorted by key ID.
*/
GList *keys;
int arraylen;
keys = g_hash_table_get_keys(cpu->cp_regs);
keys = g_list_sort(keys, cpreg_key_compare);
cpu->cpreg_array_len = 0;
g_list_foreach(keys, count_cpreg, cpu);
arraylen = cpu->cpreg_array_len;
cpu->cpreg_indexes = g_new(uint64_t, arraylen);
cpu->cpreg_values = g_new(uint64_t, arraylen);
cpu->cpreg_vmstate_indexes = g_new(uint64_t, arraylen);
cpu->cpreg_vmstate_values = g_new(uint64_t, arraylen);
cpu->cpreg_vmstate_array_len = cpu->cpreg_array_len;
cpu->cpreg_array_len = 0;
g_list_foreach(keys, add_cpreg_to_list, cpu);
assert(cpu->cpreg_array_len == arraylen);
g_list_free(keys);
}
static int dacr_write(CPUARMState *env, const ARMCPRegInfo *ri, uint64_t value)
{
env->cp15.c3 = value;
tlb_flush(env, 1); /* Flush TLB as domain not tracked in TLB */
return 0;
}
static int fcse_write(CPUARMState *env, const ARMCPRegInfo *ri, uint64_t value)
{
if (env->cp15.c13_fcse != value) {
/* Unlike real hardware the qemu TLB uses virtual addresses,
* not modified virtual addresses, so this causes a TLB flush.
*/
tlb_flush(env, 1);
env->cp15.c13_fcse = value;
}
return 0;
}
static int contextidr_write(CPUARMState *env, const ARMCPRegInfo *ri,
uint64_t value)
{
if (env->cp15.c13_context != value && !arm_feature(env, ARM_FEATURE_MPU)) {
/* For VMSA (when not using the LPAE long descriptor page table
* format) this register includes the ASID, so do a TLB flush.
* For PMSA it is purely a process ID and no action is needed.
*/
tlb_flush(env, 1);
}
env->cp15.c13_context = value;
return 0;
}
static int tlbiall_write(CPUARMState *env, const ARMCPRegInfo *ri,
uint64_t value)
{
/* Invalidate all (TLBIALL) */
tlb_flush(env, 1);
return 0;
}
static int tlbimva_write(CPUARMState *env, const ARMCPRegInfo *ri,
uint64_t value)
{
/* Invalidate single TLB entry by MVA and ASID (TLBIMVA) */
tlb_flush_page(env, value & TARGET_PAGE_MASK);
return 0;
}
static int tlbiasid_write(CPUARMState *env, const ARMCPRegInfo *ri,
uint64_t value)
{
/* Invalidate by ASID (TLBIASID) */
tlb_flush(env, value == 0);
return 0;
}
static int tlbimvaa_write(CPUARMState *env, const ARMCPRegInfo *ri,
uint64_t value)
{
/* Invalidate single entry by MVA, all ASIDs (TLBIMVAA) */
tlb_flush_page(env, value & TARGET_PAGE_MASK);
return 0;
}
static const ARMCPRegInfo cp_reginfo[] = {
/* DBGDIDR: just RAZ. In particular this means the "debug architecture
* version" bits will read as a reserved value, which should cause
* Linux to not try to use the debug hardware.
*/
{ .name = "DBGDIDR", .cp = 14, .crn = 0, .crm = 0, .opc1 = 0, .opc2 = 0,
.access = PL0_R, .type = ARM_CP_CONST, .resetvalue = 0 },
/* MMU Domain access control / MPU write buffer control */
{ .name = "DACR", .cp = 15,
.crn = 3, .crm = CP_ANY, .opc1 = CP_ANY, .opc2 = CP_ANY,
.access = PL1_RW, .fieldoffset = offsetof(CPUARMState, cp15.c3),
.resetvalue = 0, .writefn = dacr_write, .raw_writefn = raw_write, },
{ .name = "FCSEIDR", .cp = 15, .crn = 13, .crm = 0, .opc1 = 0, .opc2 = 0,
.access = PL1_RW, .fieldoffset = offsetof(CPUARMState, cp15.c13_fcse),
.resetvalue = 0, .writefn = fcse_write, .raw_writefn = raw_write, },
{ .name = "CONTEXTIDR", .cp = 15, .crn = 13, .crm = 0, .opc1 = 0, .opc2 = 1,
.access = PL1_RW, .fieldoffset = offsetof(CPUARMState, cp15.c13_fcse),
.resetvalue = 0, .writefn = contextidr_write, .raw_writefn = raw_write, },
/* ??? This covers not just the impdef TLB lockdown registers but also
* some v7VMSA registers relating to TEX remap, so it is overly broad.
*/
{ .name = "TLB_LOCKDOWN", .cp = 15, .crn = 10, .crm = CP_ANY,
.opc1 = CP_ANY, .opc2 = CP_ANY, .access = PL1_RW, .type = ARM_CP_NOP },
/* MMU TLB control. Note that the wildcarding means we cover not just
* the unified TLB ops but also the dside/iside/inner-shareable variants.
*/
{ .name = "TLBIALL", .cp = 15, .crn = 8, .crm = CP_ANY,
.opc1 = CP_ANY, .opc2 = 0, .access = PL1_W, .writefn = tlbiall_write,
.type = ARM_CP_NO_MIGRATE },
{ .name = "TLBIMVA", .cp = 15, .crn = 8, .crm = CP_ANY,
.opc1 = CP_ANY, .opc2 = 1, .access = PL1_W, .writefn = tlbimva_write,
.type = ARM_CP_NO_MIGRATE },
{ .name = "TLBIASID", .cp = 15, .crn = 8, .crm = CP_ANY,
.opc1 = CP_ANY, .opc2 = 2, .access = PL1_W, .writefn = tlbiasid_write,
.type = ARM_CP_NO_MIGRATE },
{ .name = "TLBIMVAA", .cp = 15, .crn = 8, .crm = CP_ANY,
.opc1 = CP_ANY, .opc2 = 3, .access = PL1_W, .writefn = tlbimvaa_write,
.type = ARM_CP_NO_MIGRATE },
/* Cache maintenance ops; some of this space may be overridden later. */
{ .name = "CACHEMAINT", .cp = 15, .crn = 7, .crm = CP_ANY,
.opc1 = 0, .opc2 = CP_ANY, .access = PL1_W,
.type = ARM_CP_NOP | ARM_CP_OVERRIDE },
REGINFO_SENTINEL
};
static const ARMCPRegInfo not_v6_cp_reginfo[] = {
/* Not all pre-v6 cores implemented this WFI, so this is slightly
* over-broad.
*/
{ .name = "WFI_v5", .cp = 15, .crn = 7, .crm = 8, .opc1 = 0, .opc2 = 2,
.access = PL1_W, .type = ARM_CP_WFI },
REGINFO_SENTINEL
};
static const ARMCPRegInfo not_v7_cp_reginfo[] = {
/* Standard v6 WFI (also used in some pre-v6 cores); not in v7 (which
* is UNPREDICTABLE; we choose to NOP as most implementations do).
*/
{ .name = "WFI_v6", .cp = 15, .crn = 7, .crm = 0, .opc1 = 0, .opc2 = 4,
.access = PL1_W, .type = ARM_CP_WFI },
/* L1 cache lockdown. Not architectural in v6 and earlier but in practice
* implemented in 926, 946, 1026, 1136, 1176 and 11MPCore. StrongARM and
* OMAPCP will override this space.
*/
{ .name = "DLOCKDOWN", .cp = 15, .crn = 9, .crm = 0, .opc1 = 0, .opc2 = 0,
.access = PL1_RW, .fieldoffset = offsetof(CPUARMState, cp15.c9_data),
.resetvalue = 0 },
{ .name = "ILOCKDOWN", .cp = 15, .crn = 9, .crm = 0, .opc1 = 0, .opc2 = 1,
.access = PL1_RW, .fieldoffset = offsetof(CPUARMState, cp15.c9_insn),
.resetvalue = 0 },
/* v6 doesn't have the cache ID registers but Linux reads them anyway */
{ .name = "DUMMY", .cp = 15, .crn = 0, .crm = 0, .opc1 = 1, .opc2 = CP_ANY,
.access = PL1_R, .type = ARM_CP_CONST | ARM_CP_NO_MIGRATE,
.resetvalue = 0 },
REGINFO_SENTINEL
};
static int cpacr_write(CPUARMState *env, const ARMCPRegInfo *ri, uint64_t value)
{
if (env->cp15.c1_coproc != value) {
env->cp15.c1_coproc = value;
/* ??? Is this safe when called from within a TB? */
tb_flush(env);
}
return 0;
}
static const ARMCPRegInfo v6_cp_reginfo[] = {
/* prefetch by MVA in v6, NOP in v7 */
{ .name = "MVA_prefetch",
.cp = 15, .crn = 7, .crm = 13, .opc1 = 0, .opc2 = 1,
.access = PL1_W, .type = ARM_CP_NOP },
{ .name = "ISB", .cp = 15, .crn = 7, .crm = 5, .opc1 = 0, .opc2 = 4,
.access = PL0_W, .type = ARM_CP_NOP },
{ .name = "DSB", .cp = 15, .crn = 7, .crm = 10, .opc1 = 0, .opc2 = 4,
.access = PL0_W, .type = ARM_CP_NOP },
{ .name = "DMB", .cp = 15, .crn = 7, .crm = 10, .opc1 = 0, .opc2 = 5,
.access = PL0_W, .type = ARM_CP_NOP },
{ .name = "IFAR", .cp = 15, .crn = 6, .crm = 0, .opc1 = 0, .opc2 = 2,
.access = PL1_RW, .fieldoffset = offsetof(CPUARMState, cp15.c6_insn),
.resetvalue = 0, },
/* Watchpoint Fault Address Register : should actually only be present
* for 1136, 1176, 11MPCore.
*/
{ .name = "WFAR", .cp = 15, .crn = 6, .crm = 0, .opc1 = 0, .opc2 = 1,
.access = PL1_RW, .type = ARM_CP_CONST, .resetvalue = 0, },
{ .name = "CPACR", .cp = 15, .crn = 1, .crm = 0, .opc1 = 0, .opc2 = 2,
.access = PL1_RW, .fieldoffset = offsetof(CPUARMState, cp15.c1_coproc),
.resetvalue = 0, .writefn = cpacr_write },
REGINFO_SENTINEL
};
static int pmreg_read(CPUARMState *env, const ARMCPRegInfo *ri,
uint64_t *value)
{
/* Generic performance monitor register read function for where
* user access may be allowed by PMUSERENR.
*/
if (arm_current_pl(env) == 0 && !env->cp15.c9_pmuserenr) {
return EXCP_UDEF;
}
*value = CPREG_FIELD32(env, ri);
return 0;
}
static int pmcr_write(CPUARMState *env, const ARMCPRegInfo *ri,
uint64_t value)
{
if (arm_current_pl(env) == 0 && !env->cp15.c9_pmuserenr) {
return EXCP_UDEF;
}
/* only the DP, X, D and E bits are writable */
env->cp15.c9_pmcr &= ~0x39;
env->cp15.c9_pmcr |= (value & 0x39);
return 0;
}
static int pmcntenset_write(CPUARMState *env, const ARMCPRegInfo *ri,
uint64_t value)
{
if (arm_current_pl(env) == 0 && !env->cp15.c9_pmuserenr) {
return EXCP_UDEF;
}
value &= (1 << 31);
env->cp15.c9_pmcnten |= value;
return 0;
}
static int pmcntenclr_write(CPUARMState *env, const ARMCPRegInfo *ri,
uint64_t value)
{
if (arm_current_pl(env) == 0 && !env->cp15.c9_pmuserenr) {
return EXCP_UDEF;
}
value &= (1 << 31);
env->cp15.c9_pmcnten &= ~value;
return 0;
}
static int pmovsr_write(CPUARMState *env, const ARMCPRegInfo *ri,
uint64_t value)
{
if (arm_current_pl(env) == 0 && !env->cp15.c9_pmuserenr) {
return EXCP_UDEF;
}
env->cp15.c9_pmovsr &= ~value;
return 0;
}
static int pmxevtyper_write(CPUARMState *env, const ARMCPRegInfo *ri,
uint64_t value)
{
if (arm_current_pl(env) == 0 && !env->cp15.c9_pmuserenr) {
return EXCP_UDEF;
}
env->cp15.c9_pmxevtyper = value & 0xff;
return 0;
}
static int pmuserenr_write(CPUARMState *env, const ARMCPRegInfo *ri,
uint64_t value)
{
env->cp15.c9_pmuserenr = value & 1;
return 0;
}
static int pmintenset_write(CPUARMState *env, const ARMCPRegInfo *ri,
uint64_t value)
{
/* We have no event counters so only the C bit can be changed */
value &= (1 << 31);
env->cp15.c9_pminten |= value;
return 0;
}
static int pmintenclr_write(CPUARMState *env, const ARMCPRegInfo *ri,
uint64_t value)
{
value &= (1 << 31);
env->cp15.c9_pminten &= ~value;
return 0;
}
static int ccsidr_read(CPUARMState *env, const ARMCPRegInfo *ri,
uint64_t *value)
{
ARMCPU *cpu = arm_env_get_cpu(env);
*value = cpu->ccsidr[env->cp15.c0_cssel];
return 0;
}
static int csselr_write(CPUARMState *env, const ARMCPRegInfo *ri,
uint64_t value)
{
env->cp15.c0_cssel = value & 0xf;
return 0;
}
static const ARMCPRegInfo v7_cp_reginfo[] = {
/* DBGDRAR, DBGDSAR: always RAZ since we don't implement memory mapped
* debug components
*/
{ .name = "DBGDRAR", .cp = 14, .crn = 1, .crm = 0, .opc1 = 0, .opc2 = 0,
.access = PL0_R, .type = ARM_CP_CONST, .resetvalue = 0 },
{ .name = "DBGDSAR", .cp = 14, .crn = 2, .crm = 0, .opc1 = 0, .opc2 = 0,
.access = PL0_R, .type = ARM_CP_CONST, .resetvalue = 0 },
/* the old v6 WFI, UNPREDICTABLE in v7 but we choose to NOP */
{ .name = "NOP", .cp = 15, .crn = 7, .crm = 0, .opc1 = 0, .opc2 = 4,
.access = PL1_W, .type = ARM_CP_NOP },
/* Performance monitors are implementation defined in v7,
* but with an ARM recommended set of registers, which we
* follow (although we don't actually implement any counters)
*
* Performance registers fall into three categories:
* (a) always UNDEF in PL0, RW in PL1 (PMINTENSET, PMINTENCLR)
* (b) RO in PL0 (ie UNDEF on write), RW in PL1 (PMUSERENR)
* (c) UNDEF in PL0 if PMUSERENR.EN==0, otherwise accessible (all others)
* For the cases controlled by PMUSERENR we must set .access to PL0_RW
* or PL0_RO as appropriate and then check PMUSERENR in the helper fn.
*/
{ .name = "PMCNTENSET", .cp = 15, .crn = 9, .crm = 12, .opc1 = 0, .opc2 = 1,
.access = PL0_RW, .resetvalue = 0,
.fieldoffset = offsetof(CPUARMState, cp15.c9_pmcnten),
.readfn = pmreg_read, .writefn = pmcntenset_write,
.raw_readfn = raw_read, .raw_writefn = raw_write },
{ .name = "PMCNTENCLR", .cp = 15, .crn = 9, .crm = 12, .opc1 = 0, .opc2 = 2,
.access = PL0_RW, .fieldoffset = offsetof(CPUARMState, cp15.c9_pmcnten),
.readfn = pmreg_read, .writefn = pmcntenclr_write,
.type = ARM_CP_NO_MIGRATE },
{ .name = "PMOVSR", .cp = 15, .crn = 9, .crm = 12, .opc1 = 0, .opc2 = 3,
.access = PL0_RW, .fieldoffset = offsetof(CPUARMState, cp15.c9_pmovsr),
.readfn = pmreg_read, .writefn = pmovsr_write,
.raw_readfn = raw_read, .raw_writefn = raw_write },
/* Unimplemented so WI. Strictly speaking write accesses in PL0 should
* respect PMUSERENR.
*/
{ .name = "PMSWINC", .cp = 15, .crn = 9, .crm = 12, .opc1 = 0, .opc2 = 4,
.access = PL0_W, .type = ARM_CP_NOP },
/* Since we don't implement any events, writing to PMSELR is UNPREDICTABLE.
* We choose to RAZ/WI. XXX should respect PMUSERENR.
*/
{ .name = "PMSELR", .cp = 15, .crn = 9, .crm = 12, .opc1 = 0, .opc2 = 5,
.access = PL0_RW, .type = ARM_CP_CONST, .resetvalue = 0 },
/* Unimplemented, RAZ/WI. XXX PMUSERENR */
{ .name = "PMCCNTR", .cp = 15, .crn = 9, .crm = 13, .opc1 = 0, .opc2 = 0,
.access = PL0_RW, .type = ARM_CP_CONST, .resetvalue = 0 },
{ .name = "PMXEVTYPER", .cp = 15, .crn = 9, .crm = 13, .opc1 = 0, .opc2 = 1,
.access = PL0_RW,
.fieldoffset = offsetof(CPUARMState, cp15.c9_pmxevtyper),
.readfn = pmreg_read, .writefn = pmxevtyper_write,
.raw_readfn = raw_read, .raw_writefn = raw_write },
/* Unimplemented, RAZ/WI. XXX PMUSERENR */
{ .name = "PMXEVCNTR", .cp = 15, .crn = 9, .crm = 13, .opc1 = 0, .opc2 = 2,
.access = PL0_RW, .type = ARM_CP_CONST, .resetvalue = 0 },
{ .name = "PMUSERENR", .cp = 15, .crn = 9, .crm = 14, .opc1 = 0, .opc2 = 0,
.access = PL0_R | PL1_RW,
.fieldoffset = offsetof(CPUARMState, cp15.c9_pmuserenr),
.resetvalue = 0,
.writefn = pmuserenr_write, .raw_writefn = raw_write },
{ .name = "PMINTENSET", .cp = 15, .crn = 9, .crm = 14, .opc1 = 0, .opc2 = 1,
.access = PL1_RW,
.fieldoffset = offsetof(CPUARMState, cp15.c9_pminten),
.resetvalue = 0,
.writefn = pmintenset_write, .raw_writefn = raw_write },
{ .name = "PMINTENCLR", .cp = 15, .crn = 9, .crm = 14, .opc1 = 0, .opc2 = 2,
.access = PL1_RW, .type = ARM_CP_NO_MIGRATE,
.fieldoffset = offsetof(CPUARMState, cp15.c9_pminten),
.resetvalue = 0, .writefn = pmintenclr_write, },
{ .name = "SCR", .cp = 15, .crn = 1, .crm = 1, .opc1 = 0, .opc2 = 0,
.access = PL1_RW, .fieldoffset = offsetof(CPUARMState, cp15.c1_scr),
.resetvalue = 0, },
{ .name = "CCSIDR", .cp = 15, .crn = 0, .crm = 0, .opc1 = 1, .opc2 = 0,
.access = PL1_R, .readfn = ccsidr_read, .type = ARM_CP_NO_MIGRATE },
{ .name = "CSSELR", .cp = 15, .crn = 0, .crm = 0, .opc1 = 2, .opc2 = 0,
.access = PL1_RW, .fieldoffset = offsetof(CPUARMState, cp15.c0_cssel),
.writefn = csselr_write, .resetvalue = 0 },
/* Auxiliary ID register: this actually has an IMPDEF value but for now
* just RAZ for all cores:
*/
{ .name = "AIDR", .cp = 15, .crn = 0, .crm = 0, .opc1 = 1, .opc2 = 7,
.access = PL1_R, .type = ARM_CP_CONST, .resetvalue = 0 },
REGINFO_SENTINEL
};
static int teecr_write(CPUARMState *env, const ARMCPRegInfo *ri, uint64_t value)
{
value &= 1;
env->teecr = value;
return 0;
}
static int teehbr_read(CPUARMState *env, const ARMCPRegInfo *ri,
uint64_t *value)
{
/* This is a helper function because the user access rights
* depend on the value of the TEECR.
*/
if (arm_current_pl(env) == 0 && (env->teecr & 1)) {
return EXCP_UDEF;
}
*value = env->teehbr;
return 0;
}
static int teehbr_write(CPUARMState *env, const ARMCPRegInfo *ri,
uint64_t value)
{
if (arm_current_pl(env) == 0 && (env->teecr & 1)) {
return EXCP_UDEF;
}
env->teehbr = value;
return 0;
}
static const ARMCPRegInfo t2ee_cp_reginfo[] = {
{ .name = "TEECR", .cp = 14, .crn = 0, .crm = 0, .opc1 = 6, .opc2 = 0,
.access = PL1_RW, .fieldoffset = offsetof(CPUARMState, teecr),
.resetvalue = 0,
.writefn = teecr_write },
{ .name = "TEEHBR", .cp = 14, .crn = 1, .crm = 0, .opc1 = 6, .opc2 = 0,
.access = PL0_RW, .fieldoffset = offsetof(CPUARMState, teehbr),
.resetvalue = 0, .raw_readfn = raw_read, .raw_writefn = raw_write,
.readfn = teehbr_read, .writefn = teehbr_write },
REGINFO_SENTINEL
};
static const ARMCPRegInfo v6k_cp_reginfo[] = {
{ .name = "TPIDRURW", .cp = 15, .crn = 13, .crm = 0, .opc1 = 0, .opc2 = 2,
.access = PL0_RW,
.fieldoffset = offsetof(CPUARMState, cp15.c13_tls1),
.resetvalue = 0 },
{ .name = "TPIDRURO", .cp = 15, .crn = 13, .crm = 0, .opc1 = 0, .opc2 = 3,
.access = PL0_R|PL1_W,
.fieldoffset = offsetof(CPUARMState, cp15.c13_tls2),
.resetvalue = 0 },
{ .name = "TPIDRPRW", .cp = 15, .crn = 13, .crm = 0, .opc1 = 0, .opc2 = 4,
.access = PL1_RW,
.fieldoffset = offsetof(CPUARMState, cp15.c13_tls3),
.resetvalue = 0 },
REGINFO_SENTINEL
};
static const ARMCPRegInfo generic_timer_cp_reginfo[] = {
/* Dummy implementation: RAZ/WI the whole crn=14 space */
{ .name = "GENERIC_TIMER", .cp = 15, .crn = 14,
.crm = CP_ANY, .opc1 = CP_ANY, .opc2 = CP_ANY,
.access = PL1_RW, .type = ARM_CP_CONST | ARM_CP_NO_MIGRATE,
.resetvalue = 0 },
REGINFO_SENTINEL
};
static int par_write(CPUARMState *env, const ARMCPRegInfo *ri, uint64_t value)
{
if (arm_feature(env, ARM_FEATURE_LPAE)) {
env->cp15.c7_par = value;
} else if (arm_feature(env, ARM_FEATURE_V7)) {
env->cp15.c7_par = value & 0xfffff6ff;
} else {
env->cp15.c7_par = value & 0xfffff1ff;
}
return 0;
}
#ifndef CONFIG_USER_ONLY
/* get_phys_addr() isn't present for user-mode-only targets */
/* Return true if extended addresses are enabled, ie this is an
* LPAE implementation and we are using the long-descriptor translation
* table format because the TTBCR EAE bit is set.
*/
static inline bool extended_addresses_enabled(CPUARMState *env)
{
return arm_feature(env, ARM_FEATURE_LPAE)
&& (env->cp15.c2_control & (1 << 31));
}
static int ats_write(CPUARMState *env, const ARMCPRegInfo *ri, uint64_t value)
{
hwaddr phys_addr;
target_ulong page_size;
int prot;
int ret, is_user = ri->opc2 & 2;
int access_type = ri->opc2 & 1;
if (ri->opc2 & 4) {
/* Other states are only available with TrustZone */
return EXCP_UDEF;
}
ret = get_phys_addr(env, value, access_type, is_user,
&phys_addr, &prot, &page_size);
if (extended_addresses_enabled(env)) {
/* ret is a DFSR/IFSR value for the long descriptor
* translation table format, but with WnR always clear.
* Convert it to a 64-bit PAR.
*/
uint64_t par64 = (1 << 11); /* LPAE bit always set */
if (ret == 0) {
par64 |= phys_addr & ~0xfffULL;
/* We don't set the ATTR or SH fields in the PAR. */
} else {
par64 |= 1; /* F */
par64 |= (ret & 0x3f) << 1; /* FS */
/* Note that S2WLK and FSTAGE are always zero, because we don't
* implement virtualization and therefore there can't be a stage 2
* fault.
*/
}
env->cp15.c7_par = par64;
env->cp15.c7_par_hi = par64 >> 32;
} else {
/* ret is a DFSR/IFSR value for the short descriptor
* translation table format (with WnR always clear).
* Convert it to a 32-bit PAR.
*/
if (ret == 0) {
/* We do not set any attribute bits in the PAR */
if (page_size == (1 << 24)
&& arm_feature(env, ARM_FEATURE_V7)) {
env->cp15.c7_par = (phys_addr & 0xff000000) | 1 << 1;
} else {
env->cp15.c7_par = phys_addr & 0xfffff000;
}
} else {
env->cp15.c7_par = ((ret & (10 << 1)) >> 5) |
((ret & (12 << 1)) >> 6) |
((ret & 0xf) << 1) | 1;
}
env->cp15.c7_par_hi = 0;
}
return 0;
}
#endif
static const ARMCPRegInfo vapa_cp_reginfo[] = {
{ .name = "PAR", .cp = 15, .crn = 7, .crm = 4, .opc1 = 0, .opc2 = 0,
.access = PL1_RW, .resetvalue = 0,
.fieldoffset = offsetof(CPUARMState, cp15.c7_par),
.writefn = par_write },
#ifndef CONFIG_USER_ONLY
{ .name = "ATS", .cp = 15, .crn = 7, .crm = 8, .opc1 = 0, .opc2 = CP_ANY,
.access = PL1_W, .writefn = ats_write, .type = ARM_CP_NO_MIGRATE },
#endif
REGINFO_SENTINEL
};
/* Return basic MPU access permission bits. */
static uint32_t simple_mpu_ap_bits(uint32_t val)
{
uint32_t ret;
uint32_t mask;
int i;
ret = 0;
mask = 3;
for (i = 0; i < 16; i += 2) {
ret |= (val >> i) & mask;
mask <<= 2;
}
return ret;
}
/* Pad basic MPU access permission bits to extended format. */
static uint32_t extended_mpu_ap_bits(uint32_t val)
{
uint32_t ret;
uint32_t mask;
int i;
ret = 0;
mask = 3;
for (i = 0; i < 16; i += 2) {
ret |= (val & mask) << i;
mask <<= 2;
}
return ret;
}
static int pmsav5_data_ap_write(CPUARMState *env, const ARMCPRegInfo *ri,
uint64_t value)
{
env->cp15.c5_data = extended_mpu_ap_bits(value);
return 0;
}
static int pmsav5_data_ap_read(CPUARMState *env, const ARMCPRegInfo *ri,
uint64_t *value)
{
*value = simple_mpu_ap_bits(env->cp15.c5_data);
return 0;
}
static int pmsav5_insn_ap_write(CPUARMState *env, const ARMCPRegInfo *ri,
uint64_t value)
{
env->cp15.c5_insn = extended_mpu_ap_bits(value);
return 0;
}
static int pmsav5_insn_ap_read(CPUARMState *env, const ARMCPRegInfo *ri,
uint64_t *value)
{
*value = simple_mpu_ap_bits(env->cp15.c5_insn);
return 0;
}
static int arm946_prbs_read(CPUARMState *env, const ARMCPRegInfo *ri,
uint64_t *value)
{
if (ri->crm >= 8) {
return EXCP_UDEF;
}
*value = env->cp15.c6_region[ri->crm];
return 0;
}
static int arm946_prbs_write(CPUARMState *env, const ARMCPRegInfo *ri,
uint64_t value)
{
if (ri->crm >= 8) {
return EXCP_UDEF;
}
env->cp15.c6_region[ri->crm] = value;
return 0;
}
static const ARMCPRegInfo pmsav5_cp_reginfo[] = {
{ .name = "DATA_AP", .cp = 15, .crn = 5, .crm = 0, .opc1 = 0, .opc2 = 0,
.access = PL1_RW, .type = ARM_CP_NO_MIGRATE,
.fieldoffset = offsetof(CPUARMState, cp15.c5_data), .resetvalue = 0,
.readfn = pmsav5_data_ap_read, .writefn = pmsav5_data_ap_write, },
{ .name = "INSN_AP", .cp = 15, .crn = 5, .crm = 0, .opc1 = 0, .opc2 = 1,
.access = PL1_RW, .type = ARM_CP_NO_MIGRATE,
.fieldoffset = offsetof(CPUARMState, cp15.c5_insn), .resetvalue = 0,
.readfn = pmsav5_insn_ap_read, .writefn = pmsav5_insn_ap_write, },
{ .name = "DATA_EXT_AP", .cp = 15, .crn = 5, .crm = 0, .opc1 = 0, .opc2 = 2,
.access = PL1_RW,
.fieldoffset = offsetof(CPUARMState, cp15.c5_data), .resetvalue = 0, },
{ .name = "INSN_EXT_AP", .cp = 15, .crn = 5, .crm = 0, .opc1 = 0, .opc2 = 3,
.access = PL1_RW,
.fieldoffset = offsetof(CPUARMState, cp15.c5_insn), .resetvalue = 0, },
{ .name = "DCACHE_CFG", .cp = 15, .crn = 2, .crm = 0, .opc1 = 0, .opc2 = 0,
.access = PL1_RW,
.fieldoffset = offsetof(CPUARMState, cp15.c2_data), .resetvalue = 0, },
{ .name = "ICACHE_CFG", .cp = 15, .crn = 2, .crm = 0, .opc1 = 0, .opc2 = 1,
.access = PL1_RW,
.fieldoffset = offsetof(CPUARMState, cp15.c2_insn), .resetvalue = 0, },
/* Protection region base and size registers */
{ .name = "946_PRBS", .cp = 15, .crn = 6, .crm = CP_ANY, .opc1 = 0,
.opc2 = CP_ANY, .access = PL1_RW,
.readfn = arm946_prbs_read, .writefn = arm946_prbs_write, },
REGINFO_SENTINEL
};
static int vmsa_ttbcr_raw_write(CPUARMState *env, const ARMCPRegInfo *ri,
uint64_t value)
{
if (arm_feature(env, ARM_FEATURE_LPAE)) {
value &= ~((7 << 19) | (3 << 14) | (0xf << 3));
} else {
value &= 7;
}
/* Note that we always calculate c2_mask and c2_base_mask, but
* they are only used for short-descriptor tables (ie if EAE is 0);
* for long-descriptor tables the TTBCR fields are used differently
* and the c2_mask and c2_base_mask values are meaningless.
*/
env->cp15.c2_control = value;
env->cp15.c2_mask = ~(((uint32_t)0xffffffffu) >> value);
env->cp15.c2_base_mask = ~((uint32_t)0x3fffu >> value);
return 0;
}
static int vmsa_ttbcr_write(CPUARMState *env, const ARMCPRegInfo *ri,
uint64_t value)
{
if (arm_feature(env, ARM_FEATURE_LPAE)) {
/* With LPAE the TTBCR could result in a change of ASID
* via the TTBCR.A1 bit, so do a TLB flush.
*/
tlb_flush(env, 1);
}
return vmsa_ttbcr_raw_write(env, ri, value);
}
static void vmsa_ttbcr_reset(CPUARMState *env, const ARMCPRegInfo *ri)
{
env->cp15.c2_base_mask = 0xffffc000u;
env->cp15.c2_control = 0;
env->cp15.c2_mask = 0;
}
static const ARMCPRegInfo vmsa_cp_reginfo[] = {
{ .name = "DFSR", .cp = 15, .crn = 5, .crm = 0, .opc1 = 0, .opc2 = 0,
.access = PL1_RW,
.fieldoffset = offsetof(CPUARMState, cp15.c5_data), .resetvalue = 0, },
{ .name = "IFSR", .cp = 15, .crn = 5, .crm = 0, .opc1 = 0, .opc2 = 1,
.access = PL1_RW,
.fieldoffset = offsetof(CPUARMState, cp15.c5_insn), .resetvalue = 0, },
{ .name = "TTBR0", .cp = 15, .crn = 2, .crm = 0, .opc1 = 0, .opc2 = 0,
.access = PL1_RW,
.fieldoffset = offsetof(CPUARMState, cp15.c2_base0), .resetvalue = 0, },
{ .name = "TTBR1", .cp = 15, .crn = 2, .crm = 0, .opc1 = 0, .opc2 = 1,
.access = PL1_RW,
.fieldoffset = offsetof(CPUARMState, cp15.c2_base1), .resetvalue = 0, },
{ .name = "TTBCR", .cp = 15, .crn = 2, .crm = 0, .opc1 = 0, .opc2 = 2,
.access = PL1_RW, .writefn = vmsa_ttbcr_write,
.resetfn = vmsa_ttbcr_reset, .raw_writefn = vmsa_ttbcr_raw_write,
.fieldoffset = offsetof(CPUARMState, cp15.c2_control) },
{ .name = "DFAR", .cp = 15, .crn = 6, .crm = 0, .opc1 = 0, .opc2 = 0,
.access = PL1_RW, .fieldoffset = offsetof(CPUARMState, cp15.c6_data),
.resetvalue = 0, },
REGINFO_SENTINEL
};
static int omap_ticonfig_write(CPUARMState *env, const ARMCPRegInfo *ri,
uint64_t value)
{
env->cp15.c15_ticonfig = value & 0xe7;
/* The OS_TYPE bit in this register changes the reported CPUID! */
env->cp15.c0_cpuid = (value & (1 << 5)) ?
ARM_CPUID_TI915T : ARM_CPUID_TI925T;
return 0;
}
static int omap_threadid_write(CPUARMState *env, const ARMCPRegInfo *ri,
uint64_t value)
{
env->cp15.c15_threadid = value & 0xffff;
return 0;
}
static int omap_wfi_write(CPUARMState *env, const ARMCPRegInfo *ri,
uint64_t value)
{
/* Wait-for-interrupt (deprecated) */
cpu_interrupt(CPU(arm_env_get_cpu(env)), CPU_INTERRUPT_HALT);
return 0;
}
static int omap_cachemaint_write(CPUARMState *env, const ARMCPRegInfo *ri,
uint64_t value)
{
/* On OMAP there are registers indicating the max/min index of dcache lines
* containing a dirty line; cache flush operations have to reset these.
*/
env->cp15.c15_i_max = 0x000;
env->cp15.c15_i_min = 0xff0;
return 0;
}
static const ARMCPRegInfo omap_cp_reginfo[] = {
{ .name = "DFSR", .cp = 15, .crn = 5, .crm = CP_ANY,
.opc1 = CP_ANY, .opc2 = CP_ANY, .access = PL1_RW, .type = ARM_CP_OVERRIDE,
.fieldoffset = offsetof(CPUARMState, cp15.c5_data), .resetvalue = 0, },
{ .name = "", .cp = 15, .crn = 15, .crm = 0, .opc1 = 0, .opc2 = 0,
.access = PL1_RW, .type = ARM_CP_NOP },
{ .name = "TICONFIG", .cp = 15, .crn = 15, .crm = 1, .opc1 = 0, .opc2 = 0,
.access = PL1_RW,
.fieldoffset = offsetof(CPUARMState, cp15.c15_ticonfig), .resetvalue = 0,
.writefn = omap_ticonfig_write },
{ .name = "IMAX", .cp = 15, .crn = 15, .crm = 2, .opc1 = 0, .opc2 = 0,
.access = PL1_RW,
.fieldoffset = offsetof(CPUARMState, cp15.c15_i_max), .resetvalue = 0, },
{ .name = "IMIN", .cp = 15, .crn = 15, .crm = 3, .opc1 = 0, .opc2 = 0,
.access = PL1_RW, .resetvalue = 0xff0,
.fieldoffset = offsetof(CPUARMState, cp15.c15_i_min) },
{ .name = "THREADID", .cp = 15, .crn = 15, .crm = 4, .opc1 = 0, .opc2 = 0,
.access = PL1_RW,
.fieldoffset = offsetof(CPUARMState, cp15.c15_threadid), .resetvalue = 0,
.writefn = omap_threadid_write },
{ .name = "TI925T_STATUS", .cp = 15, .crn = 15,
.crm = 8, .opc1 = 0, .opc2 = 0, .access = PL1_RW,
.type = ARM_CP_NO_MIGRATE,
.readfn = arm_cp_read_zero, .writefn = omap_wfi_write, },
/* TODO: Peripheral port remap register:
* On OMAP2 mcr p15, 0, rn, c15, c2, 4 sets up the interrupt controller
* base address at $rn & ~0xfff and map size of 0x200 << ($rn & 0xfff),
* when MMU is off.
*/
{ .name = "OMAP_CACHEMAINT", .cp = 15, .crn = 7, .crm = CP_ANY,
.opc1 = 0, .opc2 = CP_ANY, .access = PL1_W,
.type = ARM_CP_OVERRIDE | ARM_CP_NO_MIGRATE,
.writefn = omap_cachemaint_write },
{ .name = "C9", .cp = 15, .crn = 9,
.crm = CP_ANY, .opc1 = CP_ANY, .opc2 = CP_ANY, .access = PL1_RW,
.type = ARM_CP_CONST | ARM_CP_OVERRIDE, .resetvalue = 0 },
REGINFO_SENTINEL
};
static int xscale_cpar_write(CPUARMState *env, const ARMCPRegInfo *ri,
uint64_t value)
{
value &= 0x3fff;
if (env->cp15.c15_cpar != value) {
/* Changes cp0 to cp13 behavior, so needs a TB flush. */
tb_flush(env);
env->cp15.c15_cpar = value;
}
return 0;
}
static const ARMCPRegInfo xscale_cp_reginfo[] = {
{ .name = "XSCALE_CPAR",
.cp = 15, .crn = 15, .crm = 1, .opc1 = 0, .opc2 = 0, .access = PL1_RW,
.fieldoffset = offsetof(CPUARMState, cp15.c15_cpar), .resetvalue = 0,
.writefn = xscale_cpar_write, },
{ .name = "XSCALE_AUXCR",
.cp = 15, .crn = 1, .crm = 0, .opc1 = 0, .opc2 = 1, .access = PL1_RW,
.fieldoffset = offsetof(CPUARMState, cp15.c1_xscaleauxcr),
.resetvalue = 0, },
REGINFO_SENTINEL
};
static const ARMCPRegInfo dummy_c15_cp_reginfo[] = {
/* RAZ/WI the whole crn=15 space, when we don't have a more specific
* implementation of this implementation-defined space.
* Ideally this should eventually disappear in favour of actually
* implementing the correct behaviour for all cores.
*/
{ .name = "C15_IMPDEF", .cp = 15, .crn = 15,
.crm = CP_ANY, .opc1 = CP_ANY, .opc2 = CP_ANY,
.access = PL1_RW, .type = ARM_CP_CONST | ARM_CP_NO_MIGRATE,
.resetvalue = 0 },
REGINFO_SENTINEL
};
static const ARMCPRegInfo cache_dirty_status_cp_reginfo[] = {
/* Cache status: RAZ because we have no cache so it's always clean */
{ .name = "CDSR", .cp = 15, .crn = 7, .crm = 10, .opc1 = 0, .opc2 = 6,
.access = PL1_R, .type = ARM_CP_CONST | ARM_CP_NO_MIGRATE,
.resetvalue = 0 },
REGINFO_SENTINEL
};
static const ARMCPRegInfo cache_block_ops_cp_reginfo[] = {
/* We never have a a block transfer operation in progress */
{ .name = "BXSR", .cp = 15, .crn = 7, .crm = 12, .opc1 = 0, .opc2 = 4,
.access = PL0_R, .type = ARM_CP_CONST | ARM_CP_NO_MIGRATE,
.resetvalue = 0 },
/* The cache ops themselves: these all NOP for QEMU */
{ .name = "IICR", .cp = 15, .crm = 5, .opc1 = 0,
.access = PL1_W, .type = ARM_CP_NOP|ARM_CP_64BIT },
{ .name = "IDCR", .cp = 15, .crm = 6, .opc1 = 0,
.access = PL1_W, .type = ARM_CP_NOP|ARM_CP_64BIT },
{ .name = "CDCR", .cp = 15, .crm = 12, .opc1 = 0,
.access = PL0_W, .type = ARM_CP_NOP|ARM_CP_64BIT },
{ .name = "PIR", .cp = 15, .crm = 12, .opc1 = 1,
.access = PL0_W, .type = ARM_CP_NOP|ARM_CP_64BIT },
{ .name = "PDR", .cp = 15, .crm = 12, .opc1 = 2,
.access = PL0_W, .type = ARM_CP_NOP|ARM_CP_64BIT },
{ .name = "CIDCR", .cp = 15, .crm = 14, .opc1 = 0,
.access = PL1_W, .type = ARM_CP_NOP|ARM_CP_64BIT },
REGINFO_SENTINEL
};
static const ARMCPRegInfo cache_test_clean_cp_reginfo[] = {
/* The cache test-and-clean instructions always return (1 << 30)
* to indicate that there are no dirty cache lines.
*/
{ .name = "TC_DCACHE", .cp = 15, .crn = 7, .crm = 10, .opc1 = 0, .opc2 = 3,
.access = PL0_R, .type = ARM_CP_CONST | ARM_CP_NO_MIGRATE,
.resetvalue = (1 << 30) },
{ .name = "TCI_DCACHE", .cp = 15, .crn = 7, .crm = 14, .opc1 = 0, .opc2 = 3,
.access = PL0_R, .type = ARM_CP_CONST | ARM_CP_NO_MIGRATE,
.resetvalue = (1 << 30) },
REGINFO_SENTINEL
};
static const ARMCPRegInfo strongarm_cp_reginfo[] = {
/* Ignore ReadBuffer accesses */
{ .name = "C9_READBUFFER", .cp = 15, .crn = 9,
.crm = CP_ANY, .opc1 = CP_ANY, .opc2 = CP_ANY,
.access = PL1_RW, .resetvalue = 0,
.type = ARM_CP_CONST | ARM_CP_OVERRIDE | ARM_CP_NO_MIGRATE },
REGINFO_SENTINEL
};
static int mpidr_read(CPUARMState *env, const ARMCPRegInfo *ri,
uint64_t *value)
{
CPUState *cs = CPU(arm_env_get_cpu(env));
uint32_t mpidr = cs->cpu_index;
/* We don't support setting cluster ID ([8..11])
* so these bits always RAZ.
*/
if (arm_feature(env, ARM_FEATURE_V7MP)) {
mpidr |= (1 << 31);
/* Cores which are uniprocessor (non-coherent)
* but still implement the MP extensions set
* bit 30. (For instance, A9UP.) However we do
* not currently model any of those cores.
*/
}
*value = mpidr;
return 0;
}
static const ARMCPRegInfo mpidr_cp_reginfo[] = {
{ .name = "MPIDR", .cp = 15, .crn = 0, .crm = 0, .opc1 = 0, .opc2 = 5,
.access = PL1_R, .readfn = mpidr_read, .type = ARM_CP_NO_MIGRATE },
REGINFO_SENTINEL
};
static int par64_read(CPUARMState *env, const ARMCPRegInfo *ri, uint64_t *value)
{
*value = ((uint64_t)env->cp15.c7_par_hi << 32) | env->cp15.c7_par;
return 0;
}
static int par64_write(CPUARMState *env, const ARMCPRegInfo *ri, uint64_t value)
{
env->cp15.c7_par_hi = value >> 32;
env->cp15.c7_par = value;
return 0;
}
static void par64_reset(CPUARMState *env, const ARMCPRegInfo *ri)
{
env->cp15.c7_par_hi = 0;
env->cp15.c7_par = 0;
}
static int ttbr064_read(CPUARMState *env, const ARMCPRegInfo *ri,
uint64_t *value)
{
*value = ((uint64_t)env->cp15.c2_base0_hi << 32) | env->cp15.c2_base0;
return 0;
}
static int ttbr064_raw_write(CPUARMState *env, const ARMCPRegInfo *ri,
uint64_t value)
{
env->cp15.c2_base0_hi = value >> 32;
env->cp15.c2_base0 = value;
return 0;
}
static int ttbr064_write(CPUARMState *env, const ARMCPRegInfo *ri,
uint64_t value)
{
/* Writes to the 64 bit format TTBRs may change the ASID */
tlb_flush(env, 1);
return ttbr064_raw_write(env, ri, value);
}
static void ttbr064_reset(CPUARMState *env, const ARMCPRegInfo *ri)
{
env->cp15.c2_base0_hi = 0;
env->cp15.c2_base0 = 0;
}
static int ttbr164_read(CPUARMState *env, const ARMCPRegInfo *ri,
uint64_t *value)
{
*value = ((uint64_t)env->cp15.c2_base1_hi << 32) | env->cp15.c2_base1;
return 0;
}
static int ttbr164_write(CPUARMState *env, const ARMCPRegInfo *ri,
uint64_t value)
{
env->cp15.c2_base1_hi = value >> 32;
env->cp15.c2_base1 = value;
return 0;
}
static void ttbr164_reset(CPUARMState *env, const ARMCPRegInfo *ri)
{
env->cp15.c2_base1_hi = 0;
env->cp15.c2_base1 = 0;
}
static const ARMCPRegInfo lpae_cp_reginfo[] = {
/* NOP AMAIR0/1: the override is because these clash with the rather
* broadly specified TLB_LOCKDOWN entry in the generic cp_reginfo.
*/
{ .name = "AMAIR0", .cp = 15, .crn = 10, .crm = 3, .opc1 = 0, .opc2 = 0,
.access = PL1_RW, .type = ARM_CP_CONST | ARM_CP_OVERRIDE,
.resetvalue = 0 },
{ .name = "AMAIR1", .cp = 15, .crn = 10, .crm = 3, .opc1 = 0, .opc2 = 1,
.access = PL1_RW, .type = ARM_CP_CONST | ARM_CP_OVERRIDE,
.resetvalue = 0 },
/* 64 bit access versions of the (dummy) debug registers */
{ .name = "DBGDRAR", .cp = 14, .crm = 1, .opc1 = 0,
.access = PL0_R, .type = ARM_CP_CONST|ARM_CP_64BIT, .resetvalue = 0 },
{ .name = "DBGDSAR", .cp = 14, .crm = 2, .opc1 = 0,
.access = PL0_R, .type = ARM_CP_CONST|ARM_CP_64BIT, .resetvalue = 0 },
{ .name = "PAR", .cp = 15, .crm = 7, .opc1 = 0,
.access = PL1_RW, .type = ARM_CP_64BIT,
.readfn = par64_read, .writefn = par64_write, .resetfn = par64_reset },
{ .name = "TTBR0", .cp = 15, .crm = 2, .opc1 = 0,
.access = PL1_RW, .type = ARM_CP_64BIT, .readfn = ttbr064_read,
.writefn = ttbr064_write, .raw_writefn = ttbr064_raw_write,
.resetfn = ttbr064_reset },
{ .name = "TTBR1", .cp = 15, .crm = 2, .opc1 = 1,
.access = PL1_RW, .type = ARM_CP_64BIT, .readfn = ttbr164_read,
.writefn = ttbr164_write, .resetfn = ttbr164_reset },
REGINFO_SENTINEL
};
static int sctlr_write(CPUARMState *env, const ARMCPRegInfo *ri, uint64_t value)
{
env->cp15.c1_sys = value;
/* ??? Lots of these bits are not implemented. */
/* This may enable/disable the MMU, so do a TLB flush. */
tlb_flush(env, 1);
return 0;
}
void register_cp_regs_for_features(ARMCPU *cpu)
{
/* Register all the coprocessor registers based on feature bits */
CPUARMState *env = &cpu->env;
if (arm_feature(env, ARM_FEATURE_M)) {
/* M profile has no coprocessor registers */
return;
}
define_arm_cp_regs(cpu, cp_reginfo);
if (arm_feature(env, ARM_FEATURE_V6)) {
/* The ID registers all have impdef reset values */
ARMCPRegInfo v6_idregs[] = {
{ .name = "ID_PFR0", .cp = 15, .crn = 0, .crm = 1,
.opc1 = 0, .opc2 = 0, .access = PL1_R, .type = ARM_CP_CONST,
.resetvalue = cpu->id_pfr0 },
{ .name = "ID_PFR1", .cp = 15, .crn = 0, .crm = 1,
.opc1 = 0, .opc2 = 1, .access = PL1_R, .type = ARM_CP_CONST,
.resetvalue = cpu->id_pfr1 },
{ .name = "ID_DFR0", .cp = 15, .crn = 0, .crm = 1,
.opc1 = 0, .opc2 = 2, .access = PL1_R, .type = ARM_CP_CONST,
.resetvalue = cpu->id_dfr0 },
{ .name = "ID_AFR0", .cp = 15, .crn = 0, .crm = 1,
.opc1 = 0, .opc2 = 3, .access = PL1_R, .type = ARM_CP_CONST,
.resetvalue = cpu->id_afr0 },
{ .name = "ID_MMFR0", .cp = 15, .crn = 0, .crm = 1,
.opc1 = 0, .opc2 = 4, .access = PL1_R, .type = ARM_CP_CONST,
.resetvalue = cpu->id_mmfr0 },
{ .name = "ID_MMFR1", .cp = 15, .crn = 0, .crm = 1,
.opc1 = 0, .opc2 = 5, .access = PL1_R, .type = ARM_CP_CONST,
.resetvalue = cpu->id_mmfr1 },
{ .name = "ID_MMFR2", .cp = 15, .crn = 0, .crm = 1,
.opc1 = 0, .opc2 = 6, .access = PL1_R, .type = ARM_CP_CONST,
.resetvalue = cpu->id_mmfr2 },
{ .name = "ID_MMFR3", .cp = 15, .crn = 0, .crm = 1,
.opc1 = 0, .opc2 = 7, .access = PL1_R, .type = ARM_CP_CONST,
.resetvalue = cpu->id_mmfr3 },
{ .name = "ID_ISAR0", .cp = 15, .crn = 0, .crm = 2,
.opc1 = 0, .opc2 = 0, .access = PL1_R, .type = ARM_CP_CONST,
.resetvalue = cpu->id_isar0 },
{ .name = "ID_ISAR1", .cp = 15, .crn = 0, .crm = 2,
.opc1 = 0, .opc2 = 1, .access = PL1_R, .type = ARM_CP_CONST,
.resetvalue = cpu->id_isar1 },
{ .name = "ID_ISAR2", .cp = 15, .crn = 0, .crm = 2,
.opc1 = 0, .opc2 = 2, .access = PL1_R, .type = ARM_CP_CONST,
.resetvalue = cpu->id_isar2 },
{ .name = "ID_ISAR3", .cp = 15, .crn = 0, .crm = 2,
.opc1 = 0, .opc2 = 3, .access = PL1_R, .type = ARM_CP_CONST,
.resetvalue = cpu->id_isar3 },
{ .name = "ID_ISAR4", .cp = 15, .crn = 0, .crm = 2,
.opc1 = 0, .opc2 = 4, .access = PL1_R, .type = ARM_CP_CONST,
.resetvalue = cpu->id_isar4 },
{ .name = "ID_ISAR5", .cp = 15, .crn = 0, .crm = 2,
.opc1 = 0, .opc2 = 5, .access = PL1_R, .type = ARM_CP_CONST,
.resetvalue = cpu->id_isar5 },
/* 6..7 are as yet unallocated and must RAZ */
{ .name = "ID_ISAR6", .cp = 15, .crn = 0, .crm = 2,
.opc1 = 0, .opc2 = 6, .access = PL1_R, .type = ARM_CP_CONST,
.resetvalue = 0 },
{ .name = "ID_ISAR7", .cp = 15, .crn = 0, .crm = 2,
.opc1 = 0, .opc2 = 7, .access = PL1_R, .type = ARM_CP_CONST,
.resetvalue = 0 },
REGINFO_SENTINEL
};
define_arm_cp_regs(cpu, v6_idregs);
define_arm_cp_regs(cpu, v6_cp_reginfo);
} else {
define_arm_cp_regs(cpu, not_v6_cp_reginfo);
}
if (arm_feature(env, ARM_FEATURE_V6K)) {
define_arm_cp_regs(cpu, v6k_cp_reginfo);
}
if (arm_feature(env, ARM_FEATURE_V7)) {
/* v7 performance monitor control register: same implementor
* field as main ID register, and we implement no event counters.
*/
ARMCPRegInfo pmcr = {
.name = "PMCR", .cp = 15, .crn = 9, .crm = 12, .opc1 = 0, .opc2 = 0,
.access = PL0_RW, .resetvalue = cpu->midr & 0xff000000,
.fieldoffset = offsetof(CPUARMState, cp15.c9_pmcr),
.readfn = pmreg_read, .writefn = pmcr_write,
.raw_readfn = raw_read, .raw_writefn = raw_write,
};
ARMCPRegInfo clidr = {
.name = "CLIDR", .cp = 15, .crn = 0, .crm = 0, .opc1 = 1, .opc2 = 1,
.access = PL1_R, .type = ARM_CP_CONST, .resetvalue = cpu->clidr
};
define_one_arm_cp_reg(cpu, &pmcr);
define_one_arm_cp_reg(cpu, &clidr);
define_arm_cp_regs(cpu, v7_cp_reginfo);
} else {
define_arm_cp_regs(cpu, not_v7_cp_reginfo);
}
if (arm_feature(env, ARM_FEATURE_MPU)) {
/* These are the MPU registers prior to PMSAv6. Any new
* PMSA core later than the ARM946 will require that we
* implement the PMSAv6 or PMSAv7 registers, which are
* completely different.
*/
assert(!arm_feature(env, ARM_FEATURE_V6));
define_arm_cp_regs(cpu, pmsav5_cp_reginfo);
} else {
define_arm_cp_regs(cpu, vmsa_cp_reginfo);
}
if (arm_feature(env, ARM_FEATURE_THUMB2EE)) {
define_arm_cp_regs(cpu, t2ee_cp_reginfo);
}
if (arm_feature(env, ARM_FEATURE_GENERIC_TIMER)) {
define_arm_cp_regs(cpu, generic_timer_cp_reginfo);
}
if (arm_feature(env, ARM_FEATURE_VAPA)) {
define_arm_cp_regs(cpu, vapa_cp_reginfo);
}
if (arm_feature(env, ARM_FEATURE_CACHE_TEST_CLEAN)) {
define_arm_cp_regs(cpu, cache_test_clean_cp_reginfo);
}
if (arm_feature(env, ARM_FEATURE_CACHE_DIRTY_REG)) {
define_arm_cp_regs(cpu, cache_dirty_status_cp_reginfo);
}
if (arm_feature(env, ARM_FEATURE_CACHE_BLOCK_OPS)) {
define_arm_cp_regs(cpu, cache_block_ops_cp_reginfo);
}
if (arm_feature(env, ARM_FEATURE_OMAPCP)) {
define_arm_cp_regs(cpu, omap_cp_reginfo);
}
if (arm_feature(env, ARM_FEATURE_STRONGARM)) {
define_arm_cp_regs(cpu, strongarm_cp_reginfo);
}
if (arm_feature(env, ARM_FEATURE_XSCALE)) {
define_arm_cp_regs(cpu, xscale_cp_reginfo);
}
if (arm_feature(env, ARM_FEATURE_DUMMY_C15_REGS)) {
define_arm_cp_regs(cpu, dummy_c15_cp_reginfo);
}
if (arm_feature(env, ARM_FEATURE_MPIDR)) {
define_arm_cp_regs(cpu, mpidr_cp_reginfo);
}
if (arm_feature(env, ARM_FEATURE_LPAE)) {
define_arm_cp_regs(cpu, lpae_cp_reginfo);
}
/* Slightly awkwardly, the OMAP and StrongARM cores need all of
* cp15 crn=0 to be writes-ignored, whereas for other cores they should
* be read-only (ie write causes UNDEF exception).
*/
{
ARMCPRegInfo id_cp_reginfo[] = {
/* Note that the MIDR isn't a simple constant register because
* of the TI925 behaviour where writes to another register can
* cause the MIDR value to change.
*/
{ .name = "MIDR",
.cp = 15, .crn = 0, .crm = 0, .opc1 = 0, .opc2 = 0,
.access = PL1_R, .resetvalue = cpu->midr,
.writefn = arm_cp_write_ignore, .raw_writefn = raw_write,
.fieldoffset = offsetof(CPUARMState, cp15.c0_cpuid) },
{ .name = "CTR",
.cp = 15, .crn = 0, .crm = 0, .opc1 = 0, .opc2 = 1,
.access = PL1_R, .type = ARM_CP_CONST, .resetvalue = cpu->ctr },
{ .name = "TCMTR",
.cp = 15, .crn = 0, .crm = 0, .opc1 = 0, .opc2 = 2,
.access = PL1_R, .type = ARM_CP_CONST, .resetvalue = 0 },
{ .name = "TLBTR",
.cp = 15, .crn = 0, .crm = 0, .opc1 = 0, .opc2 = 3,
.access = PL1_R, .type = ARM_CP_CONST, .resetvalue = 0 },
/* crn = 0 op1 = 0 crm = 3..7 : currently unassigned; we RAZ. */
{ .name = "DUMMY",
.cp = 15, .crn = 0, .crm = 3, .opc1 = 0, .opc2 = CP_ANY,
.access = PL1_R, .type = ARM_CP_CONST, .resetvalue = 0 },
{ .name = "DUMMY",
.cp = 15, .crn = 0, .crm = 4, .opc1 = 0, .opc2 = CP_ANY,
.access = PL1_R, .type = ARM_CP_CONST, .resetvalue = 0 },
{ .name = "DUMMY",
.cp = 15, .crn = 0, .crm = 5, .opc1 = 0, .opc2 = CP_ANY,
.access = PL1_R, .type = ARM_CP_CONST, .resetvalue = 0 },
{ .name = "DUMMY",
.cp = 15, .crn = 0, .crm = 6, .opc1 = 0, .opc2 = CP_ANY,
.access = PL1_R, .type = ARM_CP_CONST, .resetvalue = 0 },
{ .name = "DUMMY",
.cp = 15, .crn = 0, .crm = 7, .opc1 = 0, .opc2 = CP_ANY,
.access = PL1_R, .type = ARM_CP_CONST, .resetvalue = 0 },
REGINFO_SENTINEL
};
ARMCPRegInfo crn0_wi_reginfo = {
.name = "CRN0_WI", .cp = 15, .crn = 0, .crm = CP_ANY,
.opc1 = CP_ANY, .opc2 = CP_ANY, .access = PL1_W,
.type = ARM_CP_NOP | ARM_CP_OVERRIDE
};
if (arm_feature(env, ARM_FEATURE_OMAPCP) ||
arm_feature(env, ARM_FEATURE_STRONGARM)) {
ARMCPRegInfo *r;
/* Register the blanket "writes ignored" value first to cover the
* whole space. Then define the specific ID registers, but update
* their access field to allow write access, so that they ignore
* writes rather than causing them to UNDEF.
*/
define_one_arm_cp_reg(cpu, &crn0_wi_reginfo);
for (r = id_cp_reginfo; r->type != ARM_CP_SENTINEL; r++) {
r->access = PL1_RW;
define_one_arm_cp_reg(cpu, r);
}
} else {
/* Just register the standard ID registers (read-only, meaning
* that writes will UNDEF).
*/
define_arm_cp_regs(cpu, id_cp_reginfo);
}
}
if (arm_feature(env, ARM_FEATURE_AUXCR)) {
ARMCPRegInfo auxcr = {
.name = "AUXCR", .cp = 15, .crn = 1, .crm = 0, .opc1 = 0, .opc2 = 1,
.access = PL1_RW, .type = ARM_CP_CONST,
.resetvalue = cpu->reset_auxcr
};
define_one_arm_cp_reg(cpu, &auxcr);
}
/* Generic registers whose values depend on the implementation */
{
ARMCPRegInfo sctlr = {
.name = "SCTLR", .cp = 15, .crn = 1, .crm = 0, .opc1 = 0, .opc2 = 0,
.access = PL1_RW, .fieldoffset = offsetof(CPUARMState, cp15.c1_sys),
.writefn = sctlr_write, .resetvalue = cpu->reset_sctlr,
.raw_writefn = raw_write,
};
if (arm_feature(env, ARM_FEATURE_XSCALE)) {
/* Normally we would always end the TB on an SCTLR write, but Linux
* arch/arm/mach-pxa/sleep.S expects two instructions following
* an MMU enable to execute from cache. Imitate this behaviour.
*/
sctlr.type |= ARM_CP_SUPPRESS_TB_END;
}
define_one_arm_cp_reg(cpu, &sctlr);
}
}
ARMCPU *cpu_arm_init(const char *cpu_model)
{
ARMCPU *cpu;
CPUARMState *env;
ObjectClass *oc;
oc = cpu_class_by_name(TYPE_ARM_CPU, cpu_model);
if (!oc) {
return NULL;
}
cpu = ARM_CPU(object_new(object_class_get_name(oc)));
env = &cpu->env;
env->cpu_model_str = cpu_model;
/* TODO this should be set centrally, once possible */
object_property_set_bool(OBJECT(cpu), true, "realized", NULL);
return cpu;
}
void arm_cpu_register_gdb_regs_for_features(ARMCPU *cpu)
{
CPUARMState *env = &cpu->env;
if (arm_feature(env, ARM_FEATURE_NEON)) {
gdb_register_coprocessor(env, vfp_gdb_get_reg, vfp_gdb_set_reg,
51, "arm-neon.xml", 0);
} else if (arm_feature(env, ARM_FEATURE_VFP3)) {
gdb_register_coprocessor(env, vfp_gdb_get_reg, vfp_gdb_set_reg,
35, "arm-vfp3.xml", 0);
} else if (arm_feature(env, ARM_FEATURE_VFP)) {
gdb_register_coprocessor(env, vfp_gdb_get_reg, vfp_gdb_set_reg,
19, "arm-vfp.xml", 0);
}
}
/* Sort alphabetically by type name, except for "any". */
static gint arm_cpu_list_compare(gconstpointer a, gconstpointer b)
{
ObjectClass *class_a = (ObjectClass *)a;
ObjectClass *class_b = (ObjectClass *)b;
const char *name_a, *name_b;
name_a = object_class_get_name(class_a);
name_b = object_class_get_name(class_b);
if (strcmp(name_a, "any-" TYPE_ARM_CPU) == 0) {
return 1;
} else if (strcmp(name_b, "any-" TYPE_ARM_CPU) == 0) {
return -1;
} else {
return strcmp(name_a, name_b);
}
}
static void arm_cpu_list_entry(gpointer data, gpointer user_data)
{
ObjectClass *oc = data;
CPUListState *s = user_data;
const char *typename;
char *name;
typename = object_class_get_name(oc);
name = g_strndup(typename, strlen(typename) - strlen("-" TYPE_ARM_CPU));
(*s->cpu_fprintf)(s->file, " %s\n",
name);
g_free(name);
}
void arm_cpu_list(FILE *f, fprintf_function cpu_fprintf)
{
CPUListState s = {
.file = f,
.cpu_fprintf = cpu_fprintf,
};
GSList *list;
list = object_class_get_list(TYPE_ARM_CPU, false);
list = g_slist_sort(list, arm_cpu_list_compare);
(*cpu_fprintf)(f, "Available CPUs:\n");
g_slist_foreach(list, arm_cpu_list_entry, &s);
g_slist_free(list);
}
void define_one_arm_cp_reg_with_opaque(ARMCPU *cpu,
const ARMCPRegInfo *r, void *opaque)
{
/* Define implementations of coprocessor registers.
* We store these in a hashtable because typically
* there are less than 150 registers in a space which
* is 16*16*16*8*8 = 262144 in size.
* Wildcarding is supported for the crm, opc1 and opc2 fields.
* If a register is defined twice then the second definition is
* used, so this can be used to define some generic registers and
* then override them with implementation specific variations.
* At least one of the original and the second definition should
* include ARM_CP_OVERRIDE in its type bits -- this is just a guard
* against accidental use.
*/
int crm, opc1, opc2;
int crmmin = (r->crm == CP_ANY) ? 0 : r->crm;
int crmmax = (r->crm == CP_ANY) ? 15 : r->crm;
int opc1min = (r->opc1 == CP_ANY) ? 0 : r->opc1;
int opc1max = (r->opc1 == CP_ANY) ? 7 : r->opc1;
int opc2min = (r->opc2 == CP_ANY) ? 0 : r->opc2;
int opc2max = (r->opc2 == CP_ANY) ? 7 : r->opc2;
/* 64 bit registers have only CRm and Opc1 fields */
assert(!((r->type & ARM_CP_64BIT) && (r->opc2 || r->crn)));
/* Check that the register definition has enough info to handle
* reads and writes if they are permitted.
*/
if (!(r->type & (ARM_CP_SPECIAL|ARM_CP_CONST))) {
if (r->access & PL3_R) {
assert(r->fieldoffset || r->readfn);
}
if (r->access & PL3_W) {
assert(r->fieldoffset || r->writefn);
}
}
/* Bad type field probably means missing sentinel at end of reg list */
assert(cptype_valid(r->type));
for (crm = crmmin; crm <= crmmax; crm++) {
for (opc1 = opc1min; opc1 <= opc1max; opc1++) {
for (opc2 = opc2min; opc2 <= opc2max; opc2++) {
uint32_t *key = g_new(uint32_t, 1);
ARMCPRegInfo *r2 = g_memdup(r, sizeof(ARMCPRegInfo));
int is64 = (r->type & ARM_CP_64BIT) ? 1 : 0;
*key = ENCODE_CP_REG(r->cp, is64, r->crn, crm, opc1, opc2);
r2->opaque = opaque;
/* Make sure reginfo passed to helpers for wildcarded regs
* has the correct crm/opc1/opc2 for this reg, not CP_ANY:
*/
r2->crm = crm;
r2->opc1 = opc1;
r2->opc2 = opc2;
/* By convention, for wildcarded registers only the first
* entry is used for migration; the others are marked as
* NO_MIGRATE so we don't try to transfer the register
* multiple times. Special registers (ie NOP/WFI) are
* never migratable.
*/
if ((r->type & ARM_CP_SPECIAL) ||
((r->crm == CP_ANY) && crm != 0) ||
((r->opc1 == CP_ANY) && opc1 != 0) ||
((r->opc2 == CP_ANY) && opc2 != 0)) {
r2->type |= ARM_CP_NO_MIGRATE;
}
/* Overriding of an existing definition must be explicitly
* requested.
*/
if (!(r->type & ARM_CP_OVERRIDE)) {
ARMCPRegInfo *oldreg;
oldreg = g_hash_table_lookup(cpu->cp_regs, key);
if (oldreg && !(oldreg->type & ARM_CP_OVERRIDE)) {
fprintf(stderr, "Register redefined: cp=%d %d bit "
"crn=%d crm=%d opc1=%d opc2=%d, "
"was %s, now %s\n", r2->cp, 32 + 32 * is64,
r2->crn, r2->crm, r2->opc1, r2->opc2,
oldreg->name, r2->name);
assert(0);
}
}
g_hash_table_insert(cpu->cp_regs, key, r2);
}
}
}
}
void define_arm_cp_regs_with_opaque(ARMCPU *cpu,
const ARMCPRegInfo *regs, void *opaque)
{
/* Define a whole list of registers */
const ARMCPRegInfo *r;
for (r = regs; r->type != ARM_CP_SENTINEL; r++) {
define_one_arm_cp_reg_with_opaque(cpu, r, opaque);
}
}
const ARMCPRegInfo *get_arm_cp_reginfo(ARMCPU *cpu, uint32_t encoded_cp)
{
return g_hash_table_lookup(cpu->cp_regs, &encoded_cp);
}
int arm_cp_write_ignore(CPUARMState *env, const ARMCPRegInfo *ri,
uint64_t value)
{
/* Helper coprocessor write function for write-ignore registers */
return 0;
}
int arm_cp_read_zero(CPUARMState *env, const ARMCPRegInfo *ri, uint64_t *value)
{
/* Helper coprocessor write function for read-as-zero registers */
*value = 0;
return 0;
}
static int bad_mode_switch(CPUARMState *env, int mode)
{
/* Return true if it is not valid for us to switch to
* this CPU mode (ie all the UNPREDICTABLE cases in
* the ARM ARM CPSRWriteByInstr pseudocode).
*/
switch (mode) {
case ARM_CPU_MODE_USR:
case ARM_CPU_MODE_SYS:
case ARM_CPU_MODE_SVC:
case ARM_CPU_MODE_ABT:
case ARM_CPU_MODE_UND:
case ARM_CPU_MODE_IRQ:
case ARM_CPU_MODE_FIQ:
return 0;
default:
return 1;
}
}
uint32_t cpsr_read(CPUARMState *env)
{
int ZF;
ZF = (env->ZF == 0);
return env->uncached_cpsr | (env->NF & 0x80000000) | (ZF << 30) |
(env->CF << 29) | ((env->VF & 0x80000000) >> 3) | (env->QF << 27)
| (env->thumb << 5) | ((env->condexec_bits & 3) << 25)
| ((env->condexec_bits & 0xfc) << 8)
| (env->GE << 16);
}
void cpsr_write(CPUARMState *env, uint32_t val, uint32_t mask)
{
if (mask & CPSR_NZCV) {
env->ZF = (~val) & CPSR_Z;
env->NF = val;
env->CF = (val >> 29) & 1;
env->VF = (val << 3) & 0x80000000;
}
if (mask & CPSR_Q)
env->QF = ((val & CPSR_Q) != 0);
if (mask & CPSR_T)
env->thumb = ((val & CPSR_T) != 0);
if (mask & CPSR_IT_0_1) {
env->condexec_bits &= ~3;
env->condexec_bits |= (val >> 25) & 3;
}
if (mask & CPSR_IT_2_7) {
env->condexec_bits &= 3;
env->condexec_bits |= (val >> 8) & 0xfc;
}
if (mask & CPSR_GE) {
env->GE = (val >> 16) & 0xf;
}
if ((env->uncached_cpsr ^ val) & mask & CPSR_M) {
if (bad_mode_switch(env, val & CPSR_M)) {
/* Attempt to switch to an invalid mode: this is UNPREDICTABLE.
* We choose to ignore the attempt and leave the CPSR M field
* untouched.
*/
mask &= ~CPSR_M;
} else {
switch_mode(env, val & CPSR_M);
}
}
mask &= ~CACHED_CPSR_BITS;
env->uncached_cpsr = (env->uncached_cpsr & ~mask) | (val & mask);
}
/* Sign/zero extend */
uint32_t HELPER(sxtb16)(uint32_t x)
{
uint32_t res;
res = (uint16_t)(int8_t)x;
res |= (uint32_t)(int8_t)(x >> 16) << 16;
return res;
}
uint32_t HELPER(uxtb16)(uint32_t x)
{
uint32_t res;
res = (uint16_t)(uint8_t)x;
res |= (uint32_t)(uint8_t)(x >> 16) << 16;
return res;
}
uint32_t HELPER(clz)(uint32_t x)
{
return clz32(x);
}
int32_t HELPER(sdiv)(int32_t num, int32_t den)
{
if (den == 0)
return 0;
if (num == INT_MIN && den == -1)
return INT_MIN;
return num / den;
}
uint32_t HELPER(udiv)(uint32_t num, uint32_t den)
{
if (den == 0)
return 0;
return num / den;
}
uint32_t HELPER(rbit)(uint32_t x)
{
x = ((x & 0xff000000) >> 24)
| ((x & 0x00ff0000) >> 8)
| ((x & 0x0000ff00) << 8)
| ((x & 0x000000ff) << 24);
x = ((x & 0xf0f0f0f0) >> 4)
| ((x & 0x0f0f0f0f) << 4);
x = ((x & 0x88888888) >> 3)
| ((x & 0x44444444) >> 1)
| ((x & 0x22222222) << 1)
| ((x & 0x11111111) << 3);
return x;
}
#if defined(CONFIG_USER_ONLY)
void arm_cpu_do_interrupt(CPUState *cs)
{
ARMCPU *cpu = ARM_CPU(cs);
CPUARMState *env = &cpu->env;
env->exception_index = -1;
}
int cpu_arm_handle_mmu_fault (CPUARMState *env, target_ulong address, int rw,
int mmu_idx)
{
if (rw == 2) {
env->exception_index = EXCP_PREFETCH_ABORT;
env->cp15.c6_insn = address;
} else {
env->exception_index = EXCP_DATA_ABORT;
env->cp15.c6_data = address;
}
return 1;
}
/* These should probably raise undefined insn exceptions. */
void HELPER(v7m_msr)(CPUARMState *env, uint32_t reg, uint32_t val)
{
cpu_abort(env, "v7m_mrs %d\n", reg);
}
uint32_t HELPER(v7m_mrs)(CPUARMState *env, uint32_t reg)
{
cpu_abort(env, "v7m_mrs %d\n", reg);
return 0;
}
void switch_mode(CPUARMState *env, int mode)
{
if (mode != ARM_CPU_MODE_USR)
cpu_abort(env, "Tried to switch out of user mode\n");
}
void HELPER(set_r13_banked)(CPUARMState *env, uint32_t mode, uint32_t val)
{
cpu_abort(env, "banked r13 write\n");
}
uint32_t HELPER(get_r13_banked)(CPUARMState *env, uint32_t mode)
{
cpu_abort(env, "banked r13 read\n");
return 0;
}
#else
/* Map CPU modes onto saved register banks. */
int bank_number(int mode)
{
switch (mode) {
case ARM_CPU_MODE_USR:
case ARM_CPU_MODE_SYS:
return 0;
case ARM_CPU_MODE_SVC:
return 1;
case ARM_CPU_MODE_ABT:
return 2;
case ARM_CPU_MODE_UND:
return 3;
case ARM_CPU_MODE_IRQ:
return 4;
case ARM_CPU_MODE_FIQ:
return 5;
}
hw_error("bank number requested for bad CPSR mode value 0x%x\n", mode);
}
void switch_mode(CPUARMState *env, int mode)
{
int old_mode;
int i;
old_mode = env->uncached_cpsr & CPSR_M;
if (mode == old_mode)
return;
if (old_mode == ARM_CPU_MODE_FIQ) {
memcpy (env->fiq_regs, env->regs + 8, 5 * sizeof(uint32_t));
memcpy (env->regs + 8, env->usr_regs, 5 * sizeof(uint32_t));
} else if (mode == ARM_CPU_MODE_FIQ) {
memcpy (env->usr_regs, env->regs + 8, 5 * sizeof(uint32_t));
memcpy (env->regs + 8, env->fiq_regs, 5 * sizeof(uint32_t));
}
i = bank_number(old_mode);
env->banked_r13[i] = env->regs[13];
env->banked_r14[i] = env->regs[14];
env->banked_spsr[i] = env->spsr;
i = bank_number(mode);
env->regs[13] = env->banked_r13[i];
env->regs[14] = env->banked_r14[i];
env->spsr = env->banked_spsr[i];
}
static void v7m_push(CPUARMState *env, uint32_t val)
{
env->regs[13] -= 4;
stl_phys(env->regs[13], val);
}
static uint32_t v7m_pop(CPUARMState *env)
{
uint32_t val;
val = ldl_phys(env->regs[13]);
env->regs[13] += 4;
return val;
}
/* Switch to V7M main or process stack pointer. */
static void switch_v7m_sp(CPUARMState *env, int process)
{
uint32_t tmp;
if (env->v7m.current_sp != process) {
tmp = env->v7m.other_sp;
env->v7m.other_sp = env->regs[13];
env->regs[13] = tmp;
env->v7m.current_sp = process;
}
}
static void do_v7m_exception_exit(CPUARMState *env)
{
uint32_t type;
uint32_t xpsr;
type = env->regs[15];
if (env->v7m.exception != 0)
armv7m_nvic_complete_irq(env->nvic, env->v7m.exception);
/* Switch to the target stack. */
switch_v7m_sp(env, (type & 4) != 0);
/* Pop registers. */
env->regs[0] = v7m_pop(env);
env->regs[1] = v7m_pop(env);
env->regs[2] = v7m_pop(env);
env->regs[3] = v7m_pop(env);
env->regs[12] = v7m_pop(env);
env->regs[14] = v7m_pop(env);
env->regs[15] = v7m_pop(env);
xpsr = v7m_pop(env);
xpsr_write(env, xpsr, 0xfffffdff);
/* Undo stack alignment. */
if (xpsr & 0x200)
env->regs[13] |= 4;
/* ??? The exception return type specifies Thread/Handler mode. However
this is also implied by the xPSR value. Not sure what to do
if there is a mismatch. */
/* ??? Likewise for mismatches between the CONTROL register and the stack
pointer. */
}
void arm_v7m_cpu_do_interrupt(CPUState *cs)
{
ARMCPU *cpu = ARM_CPU(cs);
CPUARMState *env = &cpu->env;
uint32_t xpsr = xpsr_read(env);
uint32_t lr;
uint32_t addr;
lr = 0xfffffff1;
if (env->v7m.current_sp)
lr |= 4;
if (env->v7m.exception == 0)
lr |= 8;
/* For exceptions we just mark as pending on the NVIC, and let that
handle it. */
/* TODO: Need to escalate if the current priority is higher than the
one we're raising. */
switch (env->exception_index) {
case EXCP_UDEF:
armv7m_nvic_set_pending(env->nvic, ARMV7M_EXCP_USAGE);
return;
case EXCP_SWI:
/* The PC already points to the next instruction. */
armv7m_nvic_set_pending(env->nvic, ARMV7M_EXCP_SVC);
return;
case EXCP_PREFETCH_ABORT:
case EXCP_DATA_ABORT:
armv7m_nvic_set_pending(env->nvic, ARMV7M_EXCP_MEM);
return;
case EXCP_BKPT:
if (semihosting_enabled) {
int nr;
nr = arm_lduw_code(env, env->regs[15], env->bswap_code) & 0xff;
if (nr == 0xab) {
env->regs[15] += 2;
env->regs[0] = do_arm_semihosting(env);
return;
}
}
armv7m_nvic_set_pending(env->nvic, ARMV7M_EXCP_DEBUG);
return;
case EXCP_IRQ:
env->v7m.exception = armv7m_nvic_acknowledge_irq(env->nvic);
break;
case EXCP_EXCEPTION_EXIT:
do_v7m_exception_exit(env);
return;
default:
cpu_abort(env, "Unhandled exception 0x%x\n", env->exception_index);
return; /* Never happens. Keep compiler happy. */
}
/* Align stack pointer. */
/* ??? Should only do this if Configuration Control Register
STACKALIGN bit is set. */
if (env->regs[13] & 4) {
env->regs[13] -= 4;
xpsr |= 0x200;
}
/* Switch to the handler mode. */
v7m_push(env, xpsr);
v7m_push(env, env->regs[15]);
v7m_push(env, env->regs[14]);
v7m_push(env, env->regs[12]);
v7m_push(env, env->regs[3]);
v7m_push(env, env->regs[2]);
v7m_push(env, env->regs[1]);
v7m_push(env, env->regs[0]);
switch_v7m_sp(env, 0);
/* Clear IT bits */
env->condexec_bits = 0;
env->regs[14] = lr;
addr = ldl_phys(env->v7m.vecbase + env->v7m.exception * 4);
env->regs[15] = addr & 0xfffffffe;
env->thumb = addr & 1;
}
/* Handle a CPU exception. */
void arm_cpu_do_interrupt(CPUState *cs)
{
ARMCPU *cpu = ARM_CPU(cs);
CPUARMState *env = &cpu->env;
uint32_t addr;
uint32_t mask;
int new_mode;
uint32_t offset;
assert(!IS_M(env));
/* TODO: Vectored interrupt controller. */
switch (env->exception_index) {
case EXCP_UDEF:
new_mode = ARM_CPU_MODE_UND;
addr = 0x04;
mask = CPSR_I;
if (env->thumb)
offset = 2;
else
offset = 4;
break;
case EXCP_SWI:
if (semihosting_enabled) {
/* Check for semihosting interrupt. */
if (env->thumb) {
mask = arm_lduw_code(env, env->regs[15] - 2, env->bswap_code)
& 0xff;
} else {
mask = arm_ldl_code(env, env->regs[15] - 4, env->bswap_code)
& 0xffffff;
}
/* Only intercept calls from privileged modes, to provide some
semblance of security. */
if (((mask == 0x123456 && !env->thumb)
|| (mask == 0xab && env->thumb))
&& (env->uncached_cpsr & CPSR_M) != ARM_CPU_MODE_USR) {
env->regs[0] = do_arm_semihosting(env);
return;
}
}
new_mode = ARM_CPU_MODE_SVC;
addr = 0x08;
mask = CPSR_I;
/* The PC already points to the next instruction. */
offset = 0;
break;
case EXCP_BKPT:
/* See if this is a semihosting syscall. */
if (env->thumb && semihosting_enabled) {
mask = arm_lduw_code(env, env->regs[15], env->bswap_code) & 0xff;
if (mask == 0xab
&& (env->uncached_cpsr & CPSR_M) != ARM_CPU_MODE_USR) {
env->regs[15] += 2;
env->regs[0] = do_arm_semihosting(env);
return;
}
}
env->cp15.c5_insn = 2;
/* Fall through to prefetch abort. */
case EXCP_PREFETCH_ABORT:
new_mode = ARM_CPU_MODE_ABT;
addr = 0x0c;
mask = CPSR_A | CPSR_I;
offset = 4;
break;
case EXCP_DATA_ABORT:
new_mode = ARM_CPU_MODE_ABT;
addr = 0x10;
mask = CPSR_A | CPSR_I;
offset = 8;
break;
case EXCP_IRQ:
new_mode = ARM_CPU_MODE_IRQ;
addr = 0x18;
/* Disable IRQ and imprecise data aborts. */
mask = CPSR_A | CPSR_I;
offset = 4;
break;
case EXCP_FIQ:
new_mode = ARM_CPU_MODE_FIQ;
addr = 0x1c;
/* Disable FIQ, IRQ and imprecise data aborts. */
mask = CPSR_A | CPSR_I | CPSR_F;
offset = 4;
break;
default:
cpu_abort(env, "Unhandled exception 0x%x\n", env->exception_index);
return; /* Never happens. Keep compiler happy. */
}
/* High vectors. */
if (env->cp15.c1_sys & (1 << 13)) {
addr += 0xffff0000;
}
switch_mode (env, new_mode);
env->spsr = cpsr_read(env);
/* Clear IT bits. */
env->condexec_bits = 0;
/* Switch to the new mode, and to the correct instruction set. */
env->uncached_cpsr = (env->uncached_cpsr & ~CPSR_M) | new_mode;
env->uncached_cpsr |= mask;
/* this is a lie, as the was no c1_sys on V4T/V5, but who cares
* and we should just guard the thumb mode on V4 */
if (arm_feature(env, ARM_FEATURE_V4T)) {
env->thumb = (env->cp15.c1_sys & (1 << 30)) != 0;
}
env->regs[14] = env->regs[15] + offset;
env->regs[15] = addr;
cs->interrupt_request |= CPU_INTERRUPT_EXITTB;
}
/* Check section/page access permissions.
Returns the page protection flags, or zero if the access is not
permitted. */
static inline int check_ap(CPUARMState *env, int ap, int domain_prot,
int access_type, int is_user)
{
int prot_ro;
if (domain_prot == 3) {
return PAGE_READ | PAGE_WRITE;
}
if (access_type == 1)
prot_ro = 0;
else
prot_ro = PAGE_READ;
switch (ap) {
case 0:
if (access_type == 1)
return 0;
switch ((env->cp15.c1_sys >> 8) & 3) {
case 1:
return is_user ? 0 : PAGE_READ;
case 2:
return PAGE_READ;
default:
return 0;
}
case 1:
return is_user ? 0 : PAGE_READ | PAGE_WRITE;
case 2:
if (is_user)
return prot_ro;
else
return PAGE_READ | PAGE_WRITE;
case 3:
return PAGE_READ | PAGE_WRITE;
case 4: /* Reserved. */
return 0;
case 5:
return is_user ? 0 : prot_ro;
case 6:
return prot_ro;
case 7:
if (!arm_feature (env, ARM_FEATURE_V6K))
return 0;
return prot_ro;
default:
abort();
}
}
static uint32_t get_level1_table_address(CPUARMState *env, uint32_t address)
{
uint32_t table;
if (address & env->cp15.c2_mask)
table = env->cp15.c2_base1 & 0xffffc000;
else
table = env->cp15.c2_base0 & env->cp15.c2_base_mask;
table |= (address >> 18) & 0x3ffc;
return table;
}
static int get_phys_addr_v5(CPUARMState *env, uint32_t address, int access_type,
int is_user, hwaddr *phys_ptr,
int *prot, target_ulong *page_size)
{
int code;
uint32_t table;
uint32_t desc;
int type;
int ap;
int domain;
int domain_prot;
hwaddr phys_addr;
/* Pagetable walk. */
/* Lookup l1 descriptor. */
table = get_level1_table_address(env, address);
desc = ldl_phys(table);
type = (desc & 3);
domain = (desc >> 5) & 0x0f;
domain_prot = (env->cp15.c3 >> (domain * 2)) & 3;
if (type == 0) {
/* Section translation fault. */
code = 5;
goto do_fault;
}
if (domain_prot == 0 || domain_prot == 2) {
if (type == 2)
code = 9; /* Section domain fault. */
else
code = 11; /* Page domain fault. */
goto do_fault;
}
if (type == 2) {
/* 1Mb section. */
phys_addr = (desc & 0xfff00000) | (address & 0x000fffff);
ap = (desc >> 10) & 3;
code = 13;
*page_size = 1024 * 1024;
} else {
/* Lookup l2 entry. */
if (type == 1) {
/* Coarse pagetable. */
table = (desc & 0xfffffc00) | ((address >> 10) & 0x3fc);
} else {
/* Fine pagetable. */
table = (desc & 0xfffff000) | ((address >> 8) & 0xffc);
}
desc = ldl_phys(table);
switch (desc & 3) {
case 0: /* Page translation fault. */
code = 7;
goto do_fault;
case 1: /* 64k page. */
phys_addr = (desc & 0xffff0000) | (address & 0xffff);
ap = (desc >> (4 + ((address >> 13) & 6))) & 3;
*page_size = 0x10000;
break;
case 2: /* 4k page. */
phys_addr = (desc & 0xfffff000) | (address & 0xfff);
ap = (desc >> (4 + ((address >> 13) & 6))) & 3;
*page_size = 0x1000;
break;
case 3: /* 1k page. */
if (type == 1) {
if (arm_feature(env, ARM_FEATURE_XSCALE)) {
phys_addr = (desc & 0xfffff000) | (address & 0xfff);
} else {
/* Page translation fault. */
code = 7;
goto do_fault;
}
} else {
phys_addr = (desc & 0xfffffc00) | (address & 0x3ff);
}
ap = (desc >> 4) & 3;
*page_size = 0x400;
break;
default:
/* Never happens, but compiler isn't smart enough to tell. */
abort();
}
code = 15;
}
*prot = check_ap(env, ap, domain_prot, access_type, is_user);
if (!*prot) {
/* Access permission fault. */
goto do_fault;
}
*prot |= PAGE_EXEC;
*phys_ptr = phys_addr;
return 0;
do_fault:
return code | (domain << 4);
}
static int get_phys_addr_v6(CPUARMState *env, uint32_t address, int access_type,
int is_user, hwaddr *phys_ptr,
int *prot, target_ulong *page_size)
{
int code;
uint32_t table;
uint32_t desc;
uint32_t xn;
uint32_t pxn = 0;
int type;
int ap;
int domain = 0;
int domain_prot;
hwaddr phys_addr;
/* Pagetable walk. */
/* Lookup l1 descriptor. */
table = get_level1_table_address(env, address);
desc = ldl_phys(table);
type = (desc & 3);
if (type == 0 || (type == 3 && !arm_feature(env, ARM_FEATURE_PXN))) {
/* Section translation fault, or attempt to use the encoding
* which is Reserved on implementations without PXN.
*/
code = 5;
goto do_fault;
}
if ((type == 1) || !(desc & (1 << 18))) {
/* Page or Section. */
domain = (desc >> 5) & 0x0f;
}
domain_prot = (env->cp15.c3 >> (domain * 2)) & 3;
if (domain_prot == 0 || domain_prot == 2) {
if (type != 1) {
code = 9; /* Section domain fault. */
} else {
code = 11; /* Page domain fault. */
}
goto do_fault;
}
if (type != 1) {
if (desc & (1 << 18)) {
/* Supersection. */
phys_addr = (desc & 0xff000000) | (address & 0x00ffffff);
*page_size = 0x1000000;
} else {
/* Section. */
phys_addr = (desc & 0xfff00000) | (address & 0x000fffff);
*page_size = 0x100000;
}
ap = ((desc >> 10) & 3) | ((desc >> 13) & 4);
xn = desc & (1 << 4);
pxn = desc & 1;
code = 13;
} else {
if (arm_feature(env, ARM_FEATURE_PXN)) {
pxn = (desc >> 2) & 1;
}
/* Lookup l2 entry. */
table = (desc & 0xfffffc00) | ((address >> 10) & 0x3fc);
desc = ldl_phys(table);
ap = ((desc >> 4) & 3) | ((desc >> 7) & 4);
switch (desc & 3) {
case 0: /* Page translation fault. */
code = 7;
goto do_fault;
case 1: /* 64k page. */
phys_addr = (desc & 0xffff0000) | (address & 0xffff);
xn = desc & (1 << 15);
*page_size = 0x10000;
break;
case 2: case 3: /* 4k page. */
phys_addr = (desc & 0xfffff000) | (address & 0xfff);
xn = desc & 1;
*page_size = 0x1000;
break;
default:
/* Never happens, but compiler isn't smart enough to tell. */
abort();
}
code = 15;
}
if (domain_prot == 3) {
*prot = PAGE_READ | PAGE_WRITE | PAGE_EXEC;
} else {
if (pxn && !is_user) {
xn = 1;
}
if (xn && access_type == 2)
goto do_fault;
/* The simplified model uses AP[0] as an access control bit. */
if ((env->cp15.c1_sys & (1 << 29)) && (ap & 1) == 0) {
/* Access flag fault. */
code = (code == 15) ? 6 : 3;
goto do_fault;
}
*prot = check_ap(env, ap, domain_prot, access_type, is_user);
if (!*prot) {
/* Access permission fault. */
goto do_fault;
}
if (!xn) {
*prot |= PAGE_EXEC;
}
}
*phys_ptr = phys_addr;
return 0;
do_fault:
return code | (domain << 4);
}
/* Fault type for long-descriptor MMU fault reporting; this corresponds
* to bits [5..2] in the STATUS field in long-format DFSR/IFSR.
*/
typedef enum {
translation_fault = 1,
access_fault = 2,
permission_fault = 3,
} MMUFaultType;
static int get_phys_addr_lpae(CPUARMState *env, uint32_t address,
int access_type, int is_user,
hwaddr *phys_ptr, int *prot,
target_ulong *page_size_ptr)
{
/* Read an LPAE long-descriptor translation table. */
MMUFaultType fault_type = translation_fault;
uint32_t level = 1;
uint32_t epd;
uint32_t tsz;
uint64_t ttbr;
int ttbr_select;
int n;
hwaddr descaddr;
uint32_t tableattrs;
target_ulong page_size;
uint32_t attrs;
/* Determine whether this address is in the region controlled by
* TTBR0 or TTBR1 (or if it is in neither region and should fault).
* This is a Non-secure PL0/1 stage 1 translation, so controlled by
* TTBCR/TTBR0/TTBR1 in accordance with ARM ARM DDI0406C table B-32:
*/
uint32_t t0sz = extract32(env->cp15.c2_control, 0, 3);
uint32_t t1sz = extract32(env->cp15.c2_control, 16, 3);
if (t0sz && !extract32(address, 32 - t0sz, t0sz)) {
/* there is a ttbr0 region and we are in it (high bits all zero) */
ttbr_select = 0;
} else if (t1sz && !extract32(~address, 32 - t1sz, t1sz)) {
/* there is a ttbr1 region and we are in it (high bits all one) */
ttbr_select = 1;
} else if (!t0sz) {
/* ttbr0 region is "everything not in the ttbr1 region" */
ttbr_select = 0;
} else if (!t1sz) {
/* ttbr1 region is "everything not in the ttbr0 region" */
ttbr_select = 1;
} else {
/* in the gap between the two regions, this is a Translation fault */
fault_type = translation_fault;
goto do_fault;
}
/* Note that QEMU ignores shareability and cacheability attributes,
* so we don't need to do anything with the SH, ORGN, IRGN fields
* in the TTBCR. Similarly, TTBCR:A1 selects whether we get the
* ASID from TTBR0 or TTBR1, but QEMU's TLB doesn't currently
* implement any ASID-like capability so we can ignore it (instead
* we will always flush the TLB any time the ASID is changed).
*/
if (ttbr_select == 0) {
ttbr = ((uint64_t)env->cp15.c2_base0_hi << 32) | env->cp15.c2_base0;
epd = extract32(env->cp15.c2_control, 7, 1);
tsz = t0sz;
} else {
ttbr = ((uint64_t)env->cp15.c2_base1_hi << 32) | env->cp15.c2_base1;
epd = extract32(env->cp15.c2_control, 23, 1);
tsz = t1sz;
}
if (epd) {
/* Translation table walk disabled => Translation fault on TLB miss */
goto do_fault;
}
/* If the region is small enough we will skip straight to a 2nd level
* lookup. This affects the number of bits of the address used in
* combination with the TTBR to find the first descriptor. ('n' here
* matches the usage in the ARM ARM sB3.6.6, where bits [39..n] are
* from the TTBR, [n-1..3] from the vaddr, and [2..0] always zero).
*/
if (tsz > 1) {
level = 2;
n = 14 - tsz;
} else {
n = 5 - tsz;
}
/* Clear the vaddr bits which aren't part of the within-region address,
* so that we don't have to special case things when calculating the
* first descriptor address.
*/
address &= (0xffffffffU >> tsz);
/* Now we can extract the actual base address from the TTBR */
descaddr = extract64(ttbr, 0, 40);
descaddr &= ~((1ULL << n) - 1);
tableattrs = 0;
for (;;) {
uint64_t descriptor;
descaddr |= ((address >> (9 * (4 - level))) & 0xff8);
descriptor = ldq_phys(descaddr);
if (!(descriptor & 1) ||
(!(descriptor & 2) && (level == 3))) {
/* Invalid, or the Reserved level 3 encoding */
goto do_fault;
}
descaddr = descriptor & 0xfffffff000ULL;
if ((descriptor & 2) && (level < 3)) {
/* Table entry. The top five bits are attributes which may
* propagate down through lower levels of the table (and
* which are all arranged so that 0 means "no effect", so
* we can gather them up by ORing in the bits at each level).
*/
tableattrs |= extract64(descriptor, 59, 5);
level++;
continue;
}
/* Block entry at level 1 or 2, or page entry at level 3.
* These are basically the same thing, although the number
* of bits we pull in from the vaddr varies.
*/
page_size = (1 << (39 - (9 * level)));
descaddr |= (address & (page_size - 1));
/* Extract attributes from the descriptor and merge with table attrs */
attrs = extract64(descriptor, 2, 10)
| (extract64(descriptor, 52, 12) << 10);
attrs |= extract32(tableattrs, 0, 2) << 11; /* XN, PXN */
attrs |= extract32(tableattrs, 3, 1) << 5; /* APTable[1] => AP[2] */
/* The sense of AP[1] vs APTable[0] is reversed, as APTable[0] == 1
* means "force PL1 access only", which means forcing AP[1] to 0.
*/
if (extract32(tableattrs, 2, 1)) {
attrs &= ~(1 << 4);
}
/* Since we're always in the Non-secure state, NSTable is ignored. */
break;
}
/* Here descaddr is the final physical address, and attributes
* are all in attrs.
*/
fault_type = access_fault;
if ((attrs & (1 << 8)) == 0) {
/* Access flag */
goto do_fault;
}
fault_type = permission_fault;
if (is_user && !(attrs & (1 << 4))) {
/* Unprivileged access not enabled */
goto do_fault;
}
*prot = PAGE_READ | PAGE_WRITE | PAGE_EXEC;
if (attrs & (1 << 12) || (!is_user && (attrs & (1 << 11)))) {
/* XN or PXN */
if (access_type == 2) {
goto do_fault;
}
*prot &= ~PAGE_EXEC;
}
if (attrs & (1 << 5)) {
/* Write access forbidden */
if (access_type == 1) {
goto do_fault;
}
*prot &= ~PAGE_WRITE;
}
*phys_ptr = descaddr;
*page_size_ptr = page_size;
return 0;
do_fault:
/* Long-descriptor format IFSR/DFSR value */
return (1 << 9) | (fault_type << 2) | level;
}
static int get_phys_addr_mpu(CPUARMState *env, uint32_t address,
int access_type, int is_user,
hwaddr *phys_ptr, int *prot)
{
int n;
uint32_t mask;
uint32_t base;
*phys_ptr = address;
for (n = 7; n >= 0; n--) {
base = env->cp15.c6_region[n];
if ((base & 1) == 0)
continue;
mask = 1 << ((base >> 1) & 0x1f);
/* Keep this shift separate from the above to avoid an
(undefined) << 32. */
mask = (mask << 1) - 1;
if (((base ^ address) & ~mask) == 0)
break;
}
if (n < 0)
return 2;
if (access_type == 2) {
mask = env->cp15.c5_insn;
} else {
mask = env->cp15.c5_data;
}
mask = (mask >> (n * 4)) & 0xf;
switch (mask) {
case 0:
return 1;
case 1:
if (is_user)
return 1;
*prot = PAGE_READ | PAGE_WRITE;
break;
case 2:
*prot = PAGE_READ;
if (!is_user)
*prot |= PAGE_WRITE;
break;
case 3:
*prot = PAGE_READ | PAGE_WRITE;
break;
case 5:
if (is_user)
return 1;
*prot = PAGE_READ;
break;
case 6:
*prot = PAGE_READ;
break;
default:
/* Bad permission. */
return 1;
}
*prot |= PAGE_EXEC;
return 0;
}
/* get_phys_addr - get the physical address for this virtual address
*
* Find the physical address corresponding to the given virtual address,
* by doing a translation table walk on MMU based systems or using the
* MPU state on MPU based systems.
*
* Returns 0 if the translation was successful. Otherwise, phys_ptr,
* prot and page_size are not filled in, and the return value provides
* information on why the translation aborted, in the format of a
* DFSR/IFSR fault register, with the following caveats:
* * we honour the short vs long DFSR format differences.
* * the WnR bit is never set (the caller must do this).
* * for MPU based systems we don't bother to return a full FSR format
* value.
*
* @env: CPUARMState
* @address: virtual address to get physical address for
* @access_type: 0 for read, 1 for write, 2 for execute
* @is_user: 0 for privileged access, 1 for user
* @phys_ptr: set to the physical address corresponding to the virtual address
* @prot: set to the permissions for the page containing phys_ptr
* @page_size: set to the size of the page containing phys_ptr
*/
static inline int get_phys_addr(CPUARMState *env, uint32_t address,
int access_type, int is_user,
hwaddr *phys_ptr, int *prot,
target_ulong *page_size)
{
/* Fast Context Switch Extension. */
if (address < 0x02000000)
address += env->cp15.c13_fcse;
if ((env->cp15.c1_sys & 1) == 0) {
/* MMU/MPU disabled. */
*phys_ptr = address;
*prot = PAGE_READ | PAGE_WRITE | PAGE_EXEC;
*page_size = TARGET_PAGE_SIZE;
return 0;
} else if (arm_feature(env, ARM_FEATURE_MPU)) {
*page_size = TARGET_PAGE_SIZE;
return get_phys_addr_mpu(env, address, access_type, is_user, phys_ptr,
prot);
} else if (extended_addresses_enabled(env)) {
return get_phys_addr_lpae(env, address, access_type, is_user, phys_ptr,
prot, page_size);
} else if (env->cp15.c1_sys & (1 << 23)) {
return get_phys_addr_v6(env, address, access_type, is_user, phys_ptr,
prot, page_size);
} else {
return get_phys_addr_v5(env, address, access_type, is_user, phys_ptr,
prot, page_size);
}
}
int cpu_arm_handle_mmu_fault (CPUARMState *env, target_ulong address,
int access_type, int mmu_idx)
{
hwaddr phys_addr;
target_ulong page_size;
int prot;
int ret, is_user;
is_user = mmu_idx == MMU_USER_IDX;
ret = get_phys_addr(env, address, access_type, is_user, &phys_addr, &prot,
&page_size);
if (ret == 0) {
/* Map a single [sub]page. */
phys_addr &= ~(hwaddr)0x3ff;
address &= ~(uint32_t)0x3ff;
tlb_set_page (env, address, phys_addr, prot, mmu_idx, page_size);
return 0;
}
if (access_type == 2) {
env->cp15.c5_insn = ret;
env->cp15.c6_insn = address;
env->exception_index = EXCP_PREFETCH_ABORT;
} else {
env->cp15.c5_data = ret;
if (access_type == 1 && arm_feature(env, ARM_FEATURE_V6))
env->cp15.c5_data |= (1 << 11);
env->cp15.c6_data = address;
env->exception_index = EXCP_DATA_ABORT;
}
return 1;
}
hwaddr cpu_get_phys_page_debug(CPUARMState *env, target_ulong addr)
{
hwaddr phys_addr;
target_ulong page_size;
int prot;
int ret;
ret = get_phys_addr(env, addr, 0, 0, &phys_addr, &prot, &page_size);
if (ret != 0)
return -1;
return phys_addr;
}
void HELPER(set_r13_banked)(CPUARMState *env, uint32_t mode, uint32_t val)
{
if ((env->uncached_cpsr & CPSR_M) == mode) {
env->regs[13] = val;
} else {
env->banked_r13[bank_number(mode)] = val;
}
}
uint32_t HELPER(get_r13_banked)(CPUARMState *env, uint32_t mode)
{
if ((env->uncached_cpsr & CPSR_M) == mode) {
return env->regs[13];
} else {
return env->banked_r13[bank_number(mode)];
}
}
uint32_t HELPER(v7m_mrs)(CPUARMState *env, uint32_t reg)
{
switch (reg) {
case 0: /* APSR */
return xpsr_read(env) & 0xf8000000;
case 1: /* IAPSR */
return xpsr_read(env) & 0xf80001ff;
case 2: /* EAPSR */
return xpsr_read(env) & 0xff00fc00;
case 3: /* xPSR */
return xpsr_read(env) & 0xff00fdff;
case 5: /* IPSR */
return xpsr_read(env) & 0x000001ff;
case 6: /* EPSR */
return xpsr_read(env) & 0x0700fc00;
case 7: /* IEPSR */
return xpsr_read(env) & 0x0700edff;
case 8: /* MSP */
return env->v7m.current_sp ? env->v7m.other_sp : env->regs[13];
case 9: /* PSP */
return env->v7m.current_sp ? env->regs[13] : env->v7m.other_sp;
case 16: /* PRIMASK */
return (env->uncached_cpsr & CPSR_I) != 0;
case 17: /* BASEPRI */
case 18: /* BASEPRI_MAX */
return env->v7m.basepri;
case 19: /* FAULTMASK */
return (env->uncached_cpsr & CPSR_F) != 0;
case 20: /* CONTROL */
return env->v7m.control;
default:
/* ??? For debugging only. */
cpu_abort(env, "Unimplemented system register read (%d)\n", reg);
return 0;
}
}
void HELPER(v7m_msr)(CPUARMState *env, uint32_t reg, uint32_t val)
{
switch (reg) {
case 0: /* APSR */
xpsr_write(env, val, 0xf8000000);
break;
case 1: /* IAPSR */
xpsr_write(env, val, 0xf8000000);
break;
case 2: /* EAPSR */
xpsr_write(env, val, 0xfe00fc00);
break;
case 3: /* xPSR */
xpsr_write(env, val, 0xfe00fc00);
break;
case 5: /* IPSR */
/* IPSR bits are readonly. */
break;
case 6: /* EPSR */
xpsr_write(env, val, 0x0600fc00);
break;
case 7: /* IEPSR */
xpsr_write(env, val, 0x0600fc00);
break;
case 8: /* MSP */
if (env->v7m.current_sp)
env->v7m.other_sp = val;
else
env->regs[13] = val;
break;
case 9: /* PSP */
if (env->v7m.current_sp)
env->regs[13] = val;
else
env->v7m.other_sp = val;
break;
case 16: /* PRIMASK */
if (val & 1)
env->uncached_cpsr |= CPSR_I;
else
env->uncached_cpsr &= ~CPSR_I;
break;
case 17: /* BASEPRI */
env->v7m.basepri = val & 0xff;
break;
case 18: /* BASEPRI_MAX */
val &= 0xff;
if (val != 0 && (val < env->v7m.basepri || env->v7m.basepri == 0))
env->v7m.basepri = val;
break;
case 19: /* FAULTMASK */
if (val & 1)
env->uncached_cpsr |= CPSR_F;
else
env->uncached_cpsr &= ~CPSR_F;
break;
case 20: /* CONTROL */
env->v7m.control = val & 3;
switch_v7m_sp(env, (val & 2) != 0);
break;
default:
/* ??? For debugging only. */
cpu_abort(env, "Unimplemented system register write (%d)\n", reg);
return;
}
}
#endif
/* Note that signed overflow is undefined in C. The following routines are
careful to use unsigned types where modulo arithmetic is required.
Failure to do so _will_ break on newer gcc. */
/* Signed saturating arithmetic. */
/* Perform 16-bit signed saturating addition. */
static inline uint16_t add16_sat(uint16_t a, uint16_t b)
{
uint16_t res;
res = a + b;
if (((res ^ a) & 0x8000) && !((a ^ b) & 0x8000)) {
if (a & 0x8000)
res = 0x8000;
else
res = 0x7fff;
}
return res;
}
/* Perform 8-bit signed saturating addition. */
static inline uint8_t add8_sat(uint8_t a, uint8_t b)
{
uint8_t res;
res = a + b;
if (((res ^ a) & 0x80) && !((a ^ b) & 0x80)) {
if (a & 0x80)
res = 0x80;
else
res = 0x7f;
}
return res;
}
/* Perform 16-bit signed saturating subtraction. */
static inline uint16_t sub16_sat(uint16_t a, uint16_t b)
{
uint16_t res;
res = a - b;
if (((res ^ a) & 0x8000) && ((a ^ b) & 0x8000)) {
if (a & 0x8000)
res = 0x8000;
else
res = 0x7fff;
}
return res;
}
/* Perform 8-bit signed saturating subtraction. */
static inline uint8_t sub8_sat(uint8_t a, uint8_t b)
{
uint8_t res;
res = a - b;
if (((res ^ a) & 0x80) && ((a ^ b) & 0x80)) {
if (a & 0x80)
res = 0x80;
else
res = 0x7f;
}
return res;
}
#define ADD16(a, b, n) RESULT(add16_sat(a, b), n, 16);
#define SUB16(a, b, n) RESULT(sub16_sat(a, b), n, 16);
#define ADD8(a, b, n) RESULT(add8_sat(a, b), n, 8);
#define SUB8(a, b, n) RESULT(sub8_sat(a, b), n, 8);
#define PFX q
#include "op_addsub.h"
/* Unsigned saturating arithmetic. */
static inline uint16_t add16_usat(uint16_t a, uint16_t b)
{
uint16_t res;
res = a + b;
if (res < a)
res = 0xffff;
return res;
}
static inline uint16_t sub16_usat(uint16_t a, uint16_t b)
{
if (a > b)
return a - b;
else
return 0;
}
static inline uint8_t add8_usat(uint8_t a, uint8_t b)
{
uint8_t res;
res = a + b;
if (res < a)
res = 0xff;
return res;
}
static inline uint8_t sub8_usat(uint8_t a, uint8_t b)
{
if (a > b)
return a - b;
else
return 0;
}
#define ADD16(a, b, n) RESULT(add16_usat(a, b), n, 16);
#define SUB16(a, b, n) RESULT(sub16_usat(a, b), n, 16);
#define ADD8(a, b, n) RESULT(add8_usat(a, b), n, 8);
#define SUB8(a, b, n) RESULT(sub8_usat(a, b), n, 8);
#define PFX uq
#include "op_addsub.h"
/* Signed modulo arithmetic. */
#define SARITH16(a, b, n, op) do { \
int32_t sum; \
sum = (int32_t)(int16_t)(a) op (int32_t)(int16_t)(b); \
RESULT(sum, n, 16); \
if (sum >= 0) \
ge |= 3 << (n * 2); \
} while(0)
#define SARITH8(a, b, n, op) do { \
int32_t sum; \
sum = (int32_t)(int8_t)(a) op (int32_t)(int8_t)(b); \
RESULT(sum, n, 8); \
if (sum >= 0) \
ge |= 1 << n; \
} while(0)
#define ADD16(a, b, n) SARITH16(a, b, n, +)
#define SUB16(a, b, n) SARITH16(a, b, n, -)
#define ADD8(a, b, n) SARITH8(a, b, n, +)
#define SUB8(a, b, n) SARITH8(a, b, n, -)
#define PFX s
#define ARITH_GE
#include "op_addsub.h"
/* Unsigned modulo arithmetic. */
#define ADD16(a, b, n) do { \
uint32_t sum; \
sum = (uint32_t)(uint16_t)(a) + (uint32_t)(uint16_t)(b); \
RESULT(sum, n, 16); \
if ((sum >> 16) == 1) \
ge |= 3 << (n * 2); \
} while(0)
#define ADD8(a, b, n) do { \
uint32_t sum; \
sum = (uint32_t)(uint8_t)(a) + (uint32_t)(uint8_t)(b); \
RESULT(sum, n, 8); \
if ((sum >> 8) == 1) \
ge |= 1 << n; \
} while(0)
#define SUB16(a, b, n) do { \
uint32_t sum; \
sum = (uint32_t)(uint16_t)(a) - (uint32_t)(uint16_t)(b); \
RESULT(sum, n, 16); \
if ((sum >> 16) == 0) \
ge |= 3 << (n * 2); \
} while(0)
#define SUB8(a, b, n) do { \
uint32_t sum; \
sum = (uint32_t)(uint8_t)(a) - (uint32_t)(uint8_t)(b); \
RESULT(sum, n, 8); \
if ((sum >> 8) == 0) \
ge |= 1 << n; \
} while(0)
#define PFX u
#define ARITH_GE
#include "op_addsub.h"
/* Halved signed arithmetic. */
#define ADD16(a, b, n) \
RESULT(((int32_t)(int16_t)(a) + (int32_t)(int16_t)(b)) >> 1, n, 16)
#define SUB16(a, b, n) \
RESULT(((int32_t)(int16_t)(a) - (int32_t)(int16_t)(b)) >> 1, n, 16)
#define ADD8(a, b, n) \
RESULT(((int32_t)(int8_t)(a) + (int32_t)(int8_t)(b)) >> 1, n, 8)
#define SUB8(a, b, n) \
RESULT(((int32_t)(int8_t)(a) - (int32_t)(int8_t)(b)) >> 1, n, 8)
#define PFX sh
#include "op_addsub.h"
/* Halved unsigned arithmetic. */
#define ADD16(a, b, n) \
RESULT(((uint32_t)(uint16_t)(a) + (uint32_t)(uint16_t)(b)) >> 1, n, 16)
#define SUB16(a, b, n) \
RESULT(((uint32_t)(uint16_t)(a) - (uint32_t)(uint16_t)(b)) >> 1, n, 16)
#define ADD8(a, b, n) \
RESULT(((uint32_t)(uint8_t)(a) + (uint32_t)(uint8_t)(b)) >> 1, n, 8)
#define SUB8(a, b, n) \
RESULT(((uint32_t)(uint8_t)(a) - (uint32_t)(uint8_t)(b)) >> 1, n, 8)
#define PFX uh
#include "op_addsub.h"
static inline uint8_t do_usad(uint8_t a, uint8_t b)
{
if (a > b)
return a - b;
else
return b - a;
}
/* Unsigned sum of absolute byte differences. */
uint32_t HELPER(usad8)(uint32_t a, uint32_t b)
{
uint32_t sum;
sum = do_usad(a, b);
sum += do_usad(a >> 8, b >> 8);
sum += do_usad(a >> 16, b >>16);
sum += do_usad(a >> 24, b >> 24);
return sum;
}
/* For ARMv6 SEL instruction. */
uint32_t HELPER(sel_flags)(uint32_t flags, uint32_t a, uint32_t b)
{
uint32_t mask;
mask = 0;
if (flags & 1)
mask |= 0xff;
if (flags & 2)
mask |= 0xff00;
if (flags & 4)
mask |= 0xff0000;
if (flags & 8)
mask |= 0xff000000;
return (a & mask) | (b & ~mask);
}
/* VFP support. We follow the convention used for VFP instructions:
Single precision routines have a "s" suffix, double precision a
"d" suffix. */
/* Convert host exception flags to vfp form. */
static inline int vfp_exceptbits_from_host(int host_bits)
{
int target_bits = 0;
if (host_bits & float_flag_invalid)
target_bits |= 1;
if (host_bits & float_flag_divbyzero)
target_bits |= 2;
if (host_bits & float_flag_overflow)
target_bits |= 4;
if (host_bits & (float_flag_underflow | float_flag_output_denormal))
target_bits |= 8;
if (host_bits & float_flag_inexact)
target_bits |= 0x10;
if (host_bits & float_flag_input_denormal)
target_bits |= 0x80;
return target_bits;
}
uint32_t HELPER(vfp_get_fpscr)(CPUARMState *env)
{
int i;
uint32_t fpscr;
fpscr = (env->vfp.xregs[ARM_VFP_FPSCR] & 0xffc8ffff)
| (env->vfp.vec_len << 16)
| (env->vfp.vec_stride << 20);
i = get_float_exception_flags(&env->vfp.fp_status);
i |= get_float_exception_flags(&env->vfp.standard_fp_status);
fpscr |= vfp_exceptbits_from_host(i);
return fpscr;
}
uint32_t vfp_get_fpscr(CPUARMState *env)
{
return HELPER(vfp_get_fpscr)(env);
}
/* Convert vfp exception flags to target form. */
static inline int vfp_exceptbits_to_host(int target_bits)
{
int host_bits = 0;
if (target_bits & 1)
host_bits |= float_flag_invalid;
if (target_bits & 2)
host_bits |= float_flag_divbyzero;
if (target_bits & 4)
host_bits |= float_flag_overflow;
if (target_bits & 8)
host_bits |= float_flag_underflow;
if (target_bits & 0x10)
host_bits |= float_flag_inexact;
if (target_bits & 0x80)
host_bits |= float_flag_input_denormal;
return host_bits;
}
void HELPER(vfp_set_fpscr)(CPUARMState *env, uint32_t val)
{
int i;
uint32_t changed;
changed = env->vfp.xregs[ARM_VFP_FPSCR];
env->vfp.xregs[ARM_VFP_FPSCR] = (val & 0xffc8ffff);
env->vfp.vec_len = (val >> 16) & 7;
env->vfp.vec_stride = (val >> 20) & 3;
changed ^= val;
if (changed & (3 << 22)) {
i = (val >> 22) & 3;
switch (i) {
case 0:
i = float_round_nearest_even;
break;
case 1:
i = float_round_up;
break;
case 2:
i = float_round_down;
break;
case 3:
i = float_round_to_zero;
break;
}
set_float_rounding_mode(i, &env->vfp.fp_status);
}
if (changed & (1 << 24)) {
set_flush_to_zero((val & (1 << 24)) != 0, &env->vfp.fp_status);
set_flush_inputs_to_zero((val & (1 << 24)) != 0, &env->vfp.fp_status);
}
if (changed & (1 << 25))
set_default_nan_mode((val & (1 << 25)) != 0, &env->vfp.fp_status);
i = vfp_exceptbits_to_host(val);
set_float_exception_flags(i, &env->vfp.fp_status);
set_float_exception_flags(0, &env->vfp.standard_fp_status);
}
void vfp_set_fpscr(CPUARMState *env, uint32_t val)
{
HELPER(vfp_set_fpscr)(env, val);
}
#define VFP_HELPER(name, p) HELPER(glue(glue(vfp_,name),p))
#define VFP_BINOP(name) \
float32 VFP_HELPER(name, s)(float32 a, float32 b, void *fpstp) \
{ \
float_status *fpst = fpstp; \
return float32_ ## name(a, b, fpst); \
} \
float64 VFP_HELPER(name, d)(float64 a, float64 b, void *fpstp) \
{ \
float_status *fpst = fpstp; \
return float64_ ## name(a, b, fpst); \
}
VFP_BINOP(add)
VFP_BINOP(sub)
VFP_BINOP(mul)
VFP_BINOP(div)
#undef VFP_BINOP
float32 VFP_HELPER(neg, s)(float32 a)
{
return float32_chs(a);
}
float64 VFP_HELPER(neg, d)(float64 a)
{
return float64_chs(a);
}
float32 VFP_HELPER(abs, s)(float32 a)
{
return float32_abs(a);
}
float64 VFP_HELPER(abs, d)(float64 a)
{
return float64_abs(a);
}
float32 VFP_HELPER(sqrt, s)(float32 a, CPUARMState *env)
{
return float32_sqrt(a, &env->vfp.fp_status);
}
float64 VFP_HELPER(sqrt, d)(float64 a, CPUARMState *env)
{
return float64_sqrt(a, &env->vfp.fp_status);
}
/* XXX: check quiet/signaling case */
#define DO_VFP_cmp(p, type) \
void VFP_HELPER(cmp, p)(type a, type b, CPUARMState *env) \
{ \
uint32_t flags; \
switch(type ## _compare_quiet(a, b, &env->vfp.fp_status)) { \
case 0: flags = 0x6; break; \
case -1: flags = 0x8; break; \
case 1: flags = 0x2; break; \
default: case 2: flags = 0x3; break; \
} \
env->vfp.xregs[ARM_VFP_FPSCR] = (flags << 28) \
| (env->vfp.xregs[ARM_VFP_FPSCR] & 0x0fffffff); \
} \
void VFP_HELPER(cmpe, p)(type a, type b, CPUARMState *env) \
{ \
uint32_t flags; \
switch(type ## _compare(a, b, &env->vfp.fp_status)) { \
case 0: flags = 0x6; break; \
case -1: flags = 0x8; break; \
case 1: flags = 0x2; break; \
default: case 2: flags = 0x3; break; \
} \
env->vfp.xregs[ARM_VFP_FPSCR] = (flags << 28) \
| (env->vfp.xregs[ARM_VFP_FPSCR] & 0x0fffffff); \
}
DO_VFP_cmp(s, float32)
DO_VFP_cmp(d, float64)
#undef DO_VFP_cmp
/* Integer to float and float to integer conversions */
#define CONV_ITOF(name, fsz, sign) \
float##fsz HELPER(name)(uint32_t x, void *fpstp) \
{ \
float_status *fpst = fpstp; \
return sign##int32_to_##float##fsz((sign##int32_t)x, fpst); \
}
#define CONV_FTOI(name, fsz, sign, round) \
uint32_t HELPER(name)(float##fsz x, void *fpstp) \
{ \
float_status *fpst = fpstp; \
if (float##fsz##_is_any_nan(x)) { \
float_raise(float_flag_invalid, fpst); \
return 0; \
} \
return float##fsz##_to_##sign##int32##round(x, fpst); \
}
#define FLOAT_CONVS(name, p, fsz, sign) \
CONV_ITOF(vfp_##name##to##p, fsz, sign) \
CONV_FTOI(vfp_to##name##p, fsz, sign, ) \
CONV_FTOI(vfp_to##name##z##p, fsz, sign, _round_to_zero)
FLOAT_CONVS(si, s, 32, )
FLOAT_CONVS(si, d, 64, )
FLOAT_CONVS(ui, s, 32, u)
FLOAT_CONVS(ui, d, 64, u)
#undef CONV_ITOF
#undef CONV_FTOI
#undef FLOAT_CONVS
/* floating point conversion */
float64 VFP_HELPER(fcvtd, s)(float32 x, CPUARMState *env)
{
float64 r = float32_to_float64(x, &env->vfp.fp_status);
/* ARM requires that S<->D conversion of any kind of NaN generates
* a quiet NaN by forcing the most significant frac bit to 1.
*/
return float64_maybe_silence_nan(r);
}
float32 VFP_HELPER(fcvts, d)(float64 x, CPUARMState *env)
{
float32 r = float64_to_float32(x, &env->vfp.fp_status);
/* ARM requires that S<->D conversion of any kind of NaN generates
* a quiet NaN by forcing the most significant frac bit to 1.
*/
return float32_maybe_silence_nan(r);
}
/* VFP3 fixed point conversion. */
#define VFP_CONV_FIX(name, p, fsz, itype, sign) \
float##fsz HELPER(vfp_##name##to##p)(uint##fsz##_t x, uint32_t shift, \
void *fpstp) \
{ \
float_status *fpst = fpstp; \
float##fsz tmp; \
tmp = sign##int32_to_##float##fsz((itype##_t)x, fpst); \
return float##fsz##_scalbn(tmp, -(int)shift, fpst); \
} \
uint##fsz##_t HELPER(vfp_to##name##p)(float##fsz x, uint32_t shift, \
void *fpstp) \
{ \
float_status *fpst = fpstp; \
float##fsz tmp; \
if (float##fsz##_is_any_nan(x)) { \
float_raise(float_flag_invalid, fpst); \
return 0; \
} \
tmp = float##fsz##_scalbn(x, shift, fpst); \
return float##fsz##_to_##itype##_round_to_zero(tmp, fpst); \
}
VFP_CONV_FIX(sh, d, 64, int16, )
VFP_CONV_FIX(sl, d, 64, int32, )
VFP_CONV_FIX(uh, d, 64, uint16, u)
VFP_CONV_FIX(ul, d, 64, uint32, u)
VFP_CONV_FIX(sh, s, 32, int16, )
VFP_CONV_FIX(sl, s, 32, int32, )
VFP_CONV_FIX(uh, s, 32, uint16, u)
VFP_CONV_FIX(ul, s, 32, uint32, u)
#undef VFP_CONV_FIX
/* Half precision conversions. */
static float32 do_fcvt_f16_to_f32(uint32_t a, CPUARMState *env, float_status *s)
{
int ieee = (env->vfp.xregs[ARM_VFP_FPSCR] & (1 << 26)) == 0;
float32 r = float16_to_float32(make_float16(a), ieee, s);
if (ieee) {
return float32_maybe_silence_nan(r);
}
return r;
}
static uint32_t do_fcvt_f32_to_f16(float32 a, CPUARMState *env, float_status *s)
{
int ieee = (env->vfp.xregs[ARM_VFP_FPSCR] & (1 << 26)) == 0;
float16 r = float32_to_float16(a, ieee, s);
if (ieee) {
r = float16_maybe_silence_nan(r);
}
return float16_val(r);
}
float32 HELPER(neon_fcvt_f16_to_f32)(uint32_t a, CPUARMState *env)
{
return do_fcvt_f16_to_f32(a, env, &env->vfp.standard_fp_status);
}
uint32_t HELPER(neon_fcvt_f32_to_f16)(float32 a, CPUARMState *env)
{
return do_fcvt_f32_to_f16(a, env, &env->vfp.standard_fp_status);
}
float32 HELPER(vfp_fcvt_f16_to_f32)(uint32_t a, CPUARMState *env)
{
return do_fcvt_f16_to_f32(a, env, &env->vfp.fp_status);
}
uint32_t HELPER(vfp_fcvt_f32_to_f16)(float32 a, CPUARMState *env)
{
return do_fcvt_f32_to_f16(a, env, &env->vfp.fp_status);
}
#define float32_two make_float32(0x40000000)
#define float32_three make_float32(0x40400000)
#define float32_one_point_five make_float32(0x3fc00000)
float32 HELPER(recps_f32)(float32 a, float32 b, CPUARMState *env)
{
float_status *s = &env->vfp.standard_fp_status;
if ((float32_is_infinity(a) && float32_is_zero_or_denormal(b)) ||
(float32_is_infinity(b) && float32_is_zero_or_denormal(a))) {
if (!(float32_is_zero(a) || float32_is_zero(b))) {
float_raise(float_flag_input_denormal, s);
}
return float32_two;
}
return float32_sub(float32_two, float32_mul(a, b, s), s);
}
float32 HELPER(rsqrts_f32)(float32 a, float32 b, CPUARMState *env)
{
float_status *s = &env->vfp.standard_fp_status;
float32 product;
if ((float32_is_infinity(a) && float32_is_zero_or_denormal(b)) ||
(float32_is_infinity(b) && float32_is_zero_or_denormal(a))) {
if (!(float32_is_zero(a) || float32_is_zero(b))) {
float_raise(float_flag_input_denormal, s);
}
return float32_one_point_five;
}
product = float32_mul(a, b, s);
return float32_div(float32_sub(float32_three, product, s), float32_two, s);
}
/* NEON helpers. */
/* Constants 256 and 512 are used in some helpers; we avoid relying on
* int->float conversions at run-time. */
#define float64_256 make_float64(0x4070000000000000LL)
#define float64_512 make_float64(0x4080000000000000LL)
/* The algorithm that must be used to calculate the estimate
* is specified by the ARM ARM.
*/
static float64 recip_estimate(float64 a, CPUARMState *env)
{
/* These calculations mustn't set any fp exception flags,
* so we use a local copy of the fp_status.
*/
float_status dummy_status = env->vfp.standard_fp_status;
float_status *s = &dummy_status;
/* q = (int)(a * 512.0) */
float64 q = float64_mul(float64_512, a, s);
int64_t q_int = float64_to_int64_round_to_zero(q, s);
/* r = 1.0 / (((double)q + 0.5) / 512.0) */
q = int64_to_float64(q_int, s);
q = float64_add(q, float64_half, s);
q = float64_div(q, float64_512, s);
q = float64_div(float64_one, q, s);
/* s = (int)(256.0 * r + 0.5) */
q = float64_mul(q, float64_256, s);
q = float64_add(q, float64_half, s);
q_int = float64_to_int64_round_to_zero(q, s);
/* return (double)s / 256.0 */
return float64_div(int64_to_float64(q_int, s), float64_256, s);
}
float32 HELPER(recpe_f32)(float32 a, CPUARMState *env)
{
float_status *s = &env->vfp.standard_fp_status;
float64 f64;
uint32_t val32 = float32_val(a);
int result_exp;
int a_exp = (val32 & 0x7f800000) >> 23;
int sign = val32 & 0x80000000;
if (float32_is_any_nan(a)) {
if (float32_is_signaling_nan(a)) {
float_raise(float_flag_invalid, s);
}
return float32_default_nan;
} else if (float32_is_infinity(a)) {
return float32_set_sign(float32_zero, float32_is_neg(a));
} else if (float32_is_zero_or_denormal(a)) {
if (!float32_is_zero(a)) {
float_raise(float_flag_input_denormal, s);
}
float_raise(float_flag_divbyzero, s);
return float32_set_sign(float32_infinity, float32_is_neg(a));
} else if (a_exp >= 253) {
float_raise(float_flag_underflow, s);
return float32_set_sign(float32_zero, float32_is_neg(a));
}
f64 = make_float64((0x3feULL << 52)
| ((int64_t)(val32 & 0x7fffff) << 29));
result_exp = 253 - a_exp;
f64 = recip_estimate(f64, env);
val32 = sign
| ((result_exp & 0xff) << 23)
| ((float64_val(f64) >> 29) & 0x7fffff);
return make_float32(val32);
}
/* The algorithm that must be used to calculate the estimate
* is specified by the ARM ARM.
*/
static float64 recip_sqrt_estimate(float64 a, CPUARMState *env)
{
/* These calculations mustn't set any fp exception flags,
* so we use a local copy of the fp_status.
*/
float_status dummy_status = env->vfp.standard_fp_status;
float_status *s = &dummy_status;
float64 q;
int64_t q_int;
if (float64_lt(a, float64_half, s)) {
/* range 0.25 <= a < 0.5 */
/* a in units of 1/512 rounded down */
/* q0 = (int)(a * 512.0); */
q = float64_mul(float64_512, a, s);
q_int = float64_to_int64_round_to_zero(q, s);
/* reciprocal root r */
/* r = 1.0 / sqrt(((double)q0 + 0.5) / 512.0); */
q = int64_to_float64(q_int, s);
q = float64_add(q, float64_half, s);
q = float64_div(q, float64_512, s);
q = float64_sqrt(q, s);
q = float64_div(float64_one, q, s);
} else {
/* range 0.5 <= a < 1.0 */
/* a in units of 1/256 rounded down */
/* q1 = (int)(a * 256.0); */
q = float64_mul(float64_256, a, s);
int64_t q_int = float64_to_int64_round_to_zero(q, s);
/* reciprocal root r */
/* r = 1.0 /sqrt(((double)q1 + 0.5) / 256); */
q = int64_to_float64(q_int, s);
q = float64_add(q, float64_half, s);
q = float64_div(q, float64_256, s);
q = float64_sqrt(q, s);
q = float64_div(float64_one, q, s);
}
/* r in units of 1/256 rounded to nearest */
/* s = (int)(256.0 * r + 0.5); */
q = float64_mul(q, float64_256,s );
q = float64_add(q, float64_half, s);
q_int = float64_to_int64_round_to_zero(q, s);
/* return (double)s / 256.0;*/
return float64_div(int64_to_float64(q_int, s), float64_256, s);
}
float32 HELPER(rsqrte_f32)(float32 a, CPUARMState *env)
{
float_status *s = &env->vfp.standard_fp_status;
int result_exp;
float64 f64;
uint32_t val;
uint64_t val64;
val = float32_val(a);
if (float32_is_any_nan(a)) {
if (float32_is_signaling_nan(a)) {
float_raise(float_flag_invalid, s);
}
return float32_default_nan;
} else if (float32_is_zero_or_denormal(a)) {
if (!float32_is_zero(a)) {
float_raise(float_flag_input_denormal, s);
}
float_raise(float_flag_divbyzero, s);
return float32_set_sign(float32_infinity, float32_is_neg(a));
} else if (float32_is_neg(a)) {
float_raise(float_flag_invalid, s);
return float32_default_nan;
} else if (float32_is_infinity(a)) {
return float32_zero;
}
/* Normalize to a double-precision value between 0.25 and 1.0,
* preserving the parity of the exponent. */
if ((val & 0x800000) == 0) {
f64 = make_float64(((uint64_t)(val & 0x80000000) << 32)
| (0x3feULL << 52)
| ((uint64_t)(val & 0x7fffff) << 29));
} else {
f64 = make_float64(((uint64_t)(val & 0x80000000) << 32)
| (0x3fdULL << 52)
| ((uint64_t)(val & 0x7fffff) << 29));
}
result_exp = (380 - ((val & 0x7f800000) >> 23)) / 2;
f64 = recip_sqrt_estimate(f64, env);
val64 = float64_val(f64);
val = ((result_exp & 0xff) << 23)
| ((val64 >> 29) & 0x7fffff);
return make_float32(val);
}
uint32_t HELPER(recpe_u32)(uint32_t a, CPUARMState *env)
{
float64 f64;
if ((a & 0x80000000) == 0) {
return 0xffffffff;
}
f64 = make_float64((0x3feULL << 52)
| ((int64_t)(a & 0x7fffffff) << 21));
f64 = recip_estimate (f64, env);
return 0x80000000 | ((float64_val(f64) >> 21) & 0x7fffffff);
}
uint32_t HELPER(rsqrte_u32)(uint32_t a, CPUARMState *env)
{
float64 f64;
if ((a & 0xc0000000) == 0) {
return 0xffffffff;
}
if (a & 0x80000000) {
f64 = make_float64((0x3feULL << 52)
| ((uint64_t)(a & 0x7fffffff) << 21));
} else { /* bits 31-30 == '01' */
f64 = make_float64((0x3fdULL << 52)
| ((uint64_t)(a & 0x3fffffff) << 22));
}
f64 = recip_sqrt_estimate(f64, env);
return 0x80000000 | ((float64_val(f64) >> 21) & 0x7fffffff);
}
/* VFPv4 fused multiply-accumulate */
float32 VFP_HELPER(muladd, s)(float32 a, float32 b, float32 c, void *fpstp)
{
float_status *fpst = fpstp;
return float32_muladd(a, b, c, 0, fpst);
}
float64 VFP_HELPER(muladd, d)(float64 a, float64 b, float64 c, void *fpstp)
{
float_status *fpst = fpstp;
return float64_muladd(a, b, c, 0, fpst);
}