4 #include "host-utils.h"
5 #if !defined(CONFIG_USER_ONLY)
10 static uint32_t cortexa15_cp15_c0_c1[8] = {
11 0x00001131, 0x00011011, 0x02010555, 0x00000000,
12 0x10201105, 0x20000000, 0x01240000, 0x02102211
15 static uint32_t cortexa15_cp15_c0_c2[8] = {
16 0x02101110, 0x13112111, 0x21232041, 0x11112131, 0x10011142, 0, 0, 0
19 static uint32_t cortexa9_cp15_c0_c1[8] =
20 { 0x1031, 0x11, 0x000, 0, 0x00100103, 0x20000000, 0x01230000, 0x00002111 };
22 static uint32_t cortexa9_cp15_c0_c2[8] =
23 { 0x00101111, 0x13112111, 0x21232041, 0x11112131, 0x00111142, 0, 0, 0 };
25 static uint32_t cortexa8_cp15_c0_c1[8] =
26 { 0x1031, 0x11, 0x400, 0, 0x31100003, 0x20000000, 0x01202000, 0x11 };
28 static uint32_t cortexa8_cp15_c0_c2[8] =
29 { 0x00101111, 0x12112111, 0x21232031, 0x11112131, 0x00111142, 0, 0, 0 };
31 static uint32_t mpcore_cp15_c0_c1[8] =
32 { 0x111, 0x1, 0, 0x2, 0x01100103, 0x10020302, 0x01222000, 0 };
34 static uint32_t mpcore_cp15_c0_c2[8] =
35 { 0x00100011, 0x12002111, 0x11221011, 0x01102131, 0x141, 0, 0, 0 };
37 static uint32_t arm1136_cp15_c0_c1[8] =
38 { 0x111, 0x1, 0x2, 0x3, 0x01130003, 0x10030302, 0x01222110, 0 };
40 static uint32_t arm1136_cp15_c0_c2[8] =
41 { 0x00140011, 0x12002111, 0x11231111, 0x01102131, 0x141, 0, 0, 0 };
43 static uint32_t arm1176_cp15_c0_c1[8] =
44 { 0x111, 0x11, 0x33, 0, 0x01130003, 0x10030302, 0x01222100, 0 };
46 static uint32_t arm1176_cp15_c0_c2[8] =
47 { 0x0140011, 0x12002111, 0x11231121, 0x01102131, 0x01141, 0, 0, 0 };
49 static void cpu_reset_model_id(CPUARMState *env, uint32_t id)
52 case ARM_CPUID_ARM926:
54 case ARM_CPUID_ARM946:
56 case ARM_CPUID_ARM1026:
58 case ARM_CPUID_ARM1136:
59 /* This is the 1136 r1, which is a v6K core */
60 case ARM_CPUID_ARM1136_R2:
61 /* What qemu calls "arm1136_r2" is actually the 1136 r0p2, ie an
62 * older core than plain "arm1136". In particular this does not
63 * have the v6K features.
65 /* These ID register values are correct for 1136 but may be wrong
66 * for 1136_r2 (in particular r0p2 does not actually implement most
67 * of the ID registers).
69 memcpy(env->cp15.c0_c1, arm1136_cp15_c0_c1, 8 * sizeof(uint32_t));
70 memcpy(env->cp15.c0_c2, arm1136_cp15_c0_c2, 8 * sizeof(uint32_t));
72 case ARM_CPUID_ARM1176:
73 memcpy(env->cp15.c0_c1, arm1176_cp15_c0_c1, 8 * sizeof(uint32_t));
74 memcpy(env->cp15.c0_c2, arm1176_cp15_c0_c2, 8 * sizeof(uint32_t));
76 case ARM_CPUID_ARM11MPCORE:
77 memcpy(env->cp15.c0_c1, mpcore_cp15_c0_c1, 8 * sizeof(uint32_t));
78 memcpy(env->cp15.c0_c2, mpcore_cp15_c0_c2, 8 * sizeof(uint32_t));
80 case ARM_CPUID_CORTEXA8:
81 memcpy(env->cp15.c0_c1, cortexa8_cp15_c0_c1, 8 * sizeof(uint32_t));
82 memcpy(env->cp15.c0_c2, cortexa8_cp15_c0_c2, 8 * sizeof(uint32_t));
83 env->cp15.c0_clid = (1 << 27) | (2 << 24) | 3;
84 env->cp15.c0_ccsid[0] = 0xe007e01a; /* 16k L1 dcache. */
85 env->cp15.c0_ccsid[1] = 0x2007e01a; /* 16k L1 icache. */
86 env->cp15.c0_ccsid[2] = 0xf0000000; /* No L2 icache. */
88 case ARM_CPUID_CORTEXA9:
89 memcpy(env->cp15.c0_c1, cortexa9_cp15_c0_c1, 8 * sizeof(uint32_t));
90 memcpy(env->cp15.c0_c2, cortexa9_cp15_c0_c2, 8 * sizeof(uint32_t));
91 env->cp15.c0_clid = (1 << 27) | (1 << 24) | 3;
92 env->cp15.c0_ccsid[0] = 0xe00fe015; /* 16k L1 dcache. */
93 env->cp15.c0_ccsid[1] = 0x200fe015; /* 16k L1 icache. */
95 case ARM_CPUID_CORTEXA15:
96 memcpy(env->cp15.c0_c1, cortexa15_cp15_c0_c1, 8 * sizeof(uint32_t));
97 memcpy(env->cp15.c0_c2, cortexa15_cp15_c0_c2, 8 * sizeof(uint32_t));
98 env->cp15.c0_clid = 0x0a200023;
99 env->cp15.c0_ccsid[0] = 0x701fe00a; /* 32K L1 dcache */
100 env->cp15.c0_ccsid[1] = 0x201fe00a; /* 32K L1 icache */
101 env->cp15.c0_ccsid[2] = 0x711fe07a; /* 4096K L2 unified cache */
103 case ARM_CPUID_CORTEXM3:
105 case ARM_CPUID_ANY: /* For userspace emulation. */
107 case ARM_CPUID_TI915T:
108 case ARM_CPUID_TI925T:
109 env->cp15.c15_i_max = 0x000;
110 env->cp15.c15_i_min = 0xff0;
112 case ARM_CPUID_PXA250:
113 case ARM_CPUID_PXA255:
114 case ARM_CPUID_PXA260:
115 case ARM_CPUID_PXA261:
116 case ARM_CPUID_PXA262:
118 case ARM_CPUID_PXA270_A0:
119 case ARM_CPUID_PXA270_A1:
120 case ARM_CPUID_PXA270_B0:
121 case ARM_CPUID_PXA270_B1:
122 case ARM_CPUID_PXA270_C0:
123 case ARM_CPUID_PXA270_C5:
125 case ARM_CPUID_SA1100:
126 case ARM_CPUID_SA1110:
129 cpu_abort(env, "Bad CPU ID: %x\n", id);
135 /* TODO Move contents into arm_cpu_reset() in cpu.c,
136 * once cpu_reset_model_id() is eliminated,
137 * and then forward to cpu_reset() here.
139 void cpu_state_reset(CPUARMState *env)
143 ARMCPU *cpu = arm_env_get_cpu(env);
145 if (qemu_loglevel_mask(CPU_LOG_RESET)) {
146 qemu_log("CPU Reset (CPU %d)\n", env->cpu_index);
147 log_cpu_state(env, 0);
151 tmp = env->cp15.c15_config_base_address;
152 memset(env, 0, offsetof(CPUARMState, breakpoints));
154 cpu_reset_model_id(env, id);
155 env->cp15.c15_config_base_address = tmp;
156 env->cp15.c0_cpuid = cpu->midr;
157 env->vfp.xregs[ARM_VFP_FPSID] = cpu->reset_fpsid;
158 env->vfp.xregs[ARM_VFP_MVFR0] = cpu->mvfr0;
159 env->vfp.xregs[ARM_VFP_MVFR1] = cpu->mvfr1;
160 env->cp15.c0_cachetype = cpu->ctr;
161 env->cp15.c1_sys = cpu->reset_sctlr;
163 if (arm_feature(env, ARM_FEATURE_IWMMXT)) {
164 env->iwmmxt.cregs[ARM_IWMMXT_wCID] = 0x69051000 | 'Q';
167 #if defined (CONFIG_USER_ONLY)
168 env->uncached_cpsr = ARM_CPU_MODE_USR;
169 /* For user mode we must enable access to coprocessors */
170 env->vfp.xregs[ARM_VFP_FPEXC] = 1 << 30;
171 if (arm_feature(env, ARM_FEATURE_IWMMXT)) {
172 env->cp15.c15_cpar = 3;
173 } else if (arm_feature(env, ARM_FEATURE_XSCALE)) {
174 env->cp15.c15_cpar = 1;
177 /* SVC mode with interrupts disabled. */
178 env->uncached_cpsr = ARM_CPU_MODE_SVC | CPSR_A | CPSR_F | CPSR_I;
179 /* On ARMv7-M the CPSR_I is the value of the PRIMASK register, and is
180 clear at reset. Initial SP and PC are loaded from ROM. */
184 env->uncached_cpsr &= ~CPSR_I;
187 /* We should really use ldl_phys here, in case the guest
188 modified flash and reset itself. However images
189 loaded via -kernel have not been copied yet, so load the
190 values directly from there. */
191 env->regs[13] = ldl_p(rom);
194 env->regs[15] = pc & ~1;
197 env->vfp.xregs[ARM_VFP_FPEXC] = 0;
198 env->cp15.c2_base_mask = 0xffffc000u;
199 /* v7 performance monitor control register: same implementor
200 * field as main ID register, and we implement no event counters.
202 env->cp15.c9_pmcr = (id & 0xff000000);
204 set_flush_to_zero(1, &env->vfp.standard_fp_status);
205 set_flush_inputs_to_zero(1, &env->vfp.standard_fp_status);
206 set_default_nan_mode(1, &env->vfp.standard_fp_status);
207 set_float_detect_tininess(float_tininess_before_rounding,
208 &env->vfp.fp_status);
209 set_float_detect_tininess(float_tininess_before_rounding,
210 &env->vfp.standard_fp_status);
212 /* Reset is a state change for some CPUARMState fields which we
213 * bake assumptions about into translated code, so we need to
219 static int vfp_gdb_get_reg(CPUARMState *env, uint8_t *buf, int reg)
223 /* VFP data registers are always little-endian. */
224 nregs = arm_feature(env, ARM_FEATURE_VFP3) ? 32 : 16;
226 stfq_le_p(buf, env->vfp.regs[reg]);
229 if (arm_feature(env, ARM_FEATURE_NEON)) {
230 /* Aliases for Q regs. */
233 stfq_le_p(buf, env->vfp.regs[(reg - 32) * 2]);
234 stfq_le_p(buf + 8, env->vfp.regs[(reg - 32) * 2 + 1]);
238 switch (reg - nregs) {
239 case 0: stl_p(buf, env->vfp.xregs[ARM_VFP_FPSID]); return 4;
240 case 1: stl_p(buf, env->vfp.xregs[ARM_VFP_FPSCR]); return 4;
241 case 2: stl_p(buf, env->vfp.xregs[ARM_VFP_FPEXC]); return 4;
246 static int vfp_gdb_set_reg(CPUARMState *env, uint8_t *buf, int reg)
250 nregs = arm_feature(env, ARM_FEATURE_VFP3) ? 32 : 16;
252 env->vfp.regs[reg] = ldfq_le_p(buf);
255 if (arm_feature(env, ARM_FEATURE_NEON)) {
258 env->vfp.regs[(reg - 32) * 2] = ldfq_le_p(buf);
259 env->vfp.regs[(reg - 32) * 2 + 1] = ldfq_le_p(buf + 8);
263 switch (reg - nregs) {
264 case 0: env->vfp.xregs[ARM_VFP_FPSID] = ldl_p(buf); return 4;
265 case 1: env->vfp.xregs[ARM_VFP_FPSCR] = ldl_p(buf); return 4;
266 case 2: env->vfp.xregs[ARM_VFP_FPEXC] = ldl_p(buf) & (1 << 30); return 4;
271 CPUARMState *cpu_arm_init(const char *cpu_model)
275 static int inited = 0;
277 if (!object_class_by_name(cpu_model)) {
280 cpu = ARM_CPU(object_new(cpu_model));
282 env->cpu_model_str = cpu_model;
283 arm_cpu_realize(cpu);
285 if (tcg_enabled() && !inited) {
287 arm_translate_init();
290 cpu_state_reset(env);
291 if (arm_feature(env, ARM_FEATURE_NEON)) {
292 gdb_register_coprocessor(env, vfp_gdb_get_reg, vfp_gdb_set_reg,
293 51, "arm-neon.xml", 0);
294 } else if (arm_feature(env, ARM_FEATURE_VFP3)) {
295 gdb_register_coprocessor(env, vfp_gdb_get_reg, vfp_gdb_set_reg,
296 35, "arm-vfp3.xml", 0);
297 } else if (arm_feature(env, ARM_FEATURE_VFP)) {
298 gdb_register_coprocessor(env, vfp_gdb_get_reg, vfp_gdb_set_reg,
299 19, "arm-vfp.xml", 0);
305 typedef struct ARMCPUListState {
306 fprintf_function cpu_fprintf;
310 /* Sort alphabetically by type name, except for "any". */
311 static gint arm_cpu_list_compare(gconstpointer a, gconstpointer b)
313 ObjectClass *class_a = (ObjectClass *)a;
314 ObjectClass *class_b = (ObjectClass *)b;
315 const char *name_a, *name_b;
317 name_a = object_class_get_name(class_a);
318 name_b = object_class_get_name(class_b);
319 if (strcmp(name_a, "any") == 0) {
321 } else if (strcmp(name_b, "any") == 0) {
324 return strcmp(name_a, name_b);
328 static void arm_cpu_list_entry(gpointer data, gpointer user_data)
330 ObjectClass *oc = data;
331 ARMCPUListState *s = user_data;
333 (*s->cpu_fprintf)(s->file, " %s\n",
334 object_class_get_name(oc));
337 void arm_cpu_list(FILE *f, fprintf_function cpu_fprintf)
339 ARMCPUListState s = {
341 .cpu_fprintf = cpu_fprintf,
345 list = object_class_get_list(TYPE_ARM_CPU, false);
346 list = g_slist_sort(list, arm_cpu_list_compare);
347 (*cpu_fprintf)(f, "Available CPUs:\n");
348 g_slist_foreach(list, arm_cpu_list_entry, &s);
352 static int bad_mode_switch(CPUARMState *env, int mode)
354 /* Return true if it is not valid for us to switch to
355 * this CPU mode (ie all the UNPREDICTABLE cases in
356 * the ARM ARM CPSRWriteByInstr pseudocode).
359 case ARM_CPU_MODE_USR:
360 case ARM_CPU_MODE_SYS:
361 case ARM_CPU_MODE_SVC:
362 case ARM_CPU_MODE_ABT:
363 case ARM_CPU_MODE_UND:
364 case ARM_CPU_MODE_IRQ:
365 case ARM_CPU_MODE_FIQ:
372 uint32_t cpsr_read(CPUARMState *env)
376 return env->uncached_cpsr | (env->NF & 0x80000000) | (ZF << 30) |
377 (env->CF << 29) | ((env->VF & 0x80000000) >> 3) | (env->QF << 27)
378 | (env->thumb << 5) | ((env->condexec_bits & 3) << 25)
379 | ((env->condexec_bits & 0xfc) << 8)
383 void cpsr_write(CPUARMState *env, uint32_t val, uint32_t mask)
385 if (mask & CPSR_NZCV) {
386 env->ZF = (~val) & CPSR_Z;
388 env->CF = (val >> 29) & 1;
389 env->VF = (val << 3) & 0x80000000;
392 env->QF = ((val & CPSR_Q) != 0);
394 env->thumb = ((val & CPSR_T) != 0);
395 if (mask & CPSR_IT_0_1) {
396 env->condexec_bits &= ~3;
397 env->condexec_bits |= (val >> 25) & 3;
399 if (mask & CPSR_IT_2_7) {
400 env->condexec_bits &= 3;
401 env->condexec_bits |= (val >> 8) & 0xfc;
403 if (mask & CPSR_GE) {
404 env->GE = (val >> 16) & 0xf;
407 if ((env->uncached_cpsr ^ val) & mask & CPSR_M) {
408 if (bad_mode_switch(env, val & CPSR_M)) {
409 /* Attempt to switch to an invalid mode: this is UNPREDICTABLE.
410 * We choose to ignore the attempt and leave the CPSR M field
415 switch_mode(env, val & CPSR_M);
418 mask &= ~CACHED_CPSR_BITS;
419 env->uncached_cpsr = (env->uncached_cpsr & ~mask) | (val & mask);
422 /* Sign/zero extend */
423 uint32_t HELPER(sxtb16)(uint32_t x)
426 res = (uint16_t)(int8_t)x;
427 res |= (uint32_t)(int8_t)(x >> 16) << 16;
431 uint32_t HELPER(uxtb16)(uint32_t x)
434 res = (uint16_t)(uint8_t)x;
435 res |= (uint32_t)(uint8_t)(x >> 16) << 16;
439 uint32_t HELPER(clz)(uint32_t x)
444 int32_t HELPER(sdiv)(int32_t num, int32_t den)
448 if (num == INT_MIN && den == -1)
453 uint32_t HELPER(udiv)(uint32_t num, uint32_t den)
460 uint32_t HELPER(rbit)(uint32_t x)
462 x = ((x & 0xff000000) >> 24)
463 | ((x & 0x00ff0000) >> 8)
464 | ((x & 0x0000ff00) << 8)
465 | ((x & 0x000000ff) << 24);
466 x = ((x & 0xf0f0f0f0) >> 4)
467 | ((x & 0x0f0f0f0f) << 4);
468 x = ((x & 0x88888888) >> 3)
469 | ((x & 0x44444444) >> 1)
470 | ((x & 0x22222222) << 1)
471 | ((x & 0x11111111) << 3);
475 uint32_t HELPER(abs)(uint32_t x)
477 return ((int32_t)x < 0) ? -x : x;
480 #if defined(CONFIG_USER_ONLY)
482 void do_interrupt (CPUARMState *env)
484 env->exception_index = -1;
487 int cpu_arm_handle_mmu_fault (CPUARMState *env, target_ulong address, int rw,
491 env->exception_index = EXCP_PREFETCH_ABORT;
492 env->cp15.c6_insn = address;
494 env->exception_index = EXCP_DATA_ABORT;
495 env->cp15.c6_data = address;
500 /* These should probably raise undefined insn exceptions. */
501 void HELPER(set_cp)(CPUARMState *env, uint32_t insn, uint32_t val)
503 int op1 = (insn >> 8) & 0xf;
504 cpu_abort(env, "cp%i insn %08x\n", op1, insn);
508 uint32_t HELPER(get_cp)(CPUARMState *env, uint32_t insn)
510 int op1 = (insn >> 8) & 0xf;
511 cpu_abort(env, "cp%i insn %08x\n", op1, insn);
515 void HELPER(set_cp15)(CPUARMState *env, uint32_t insn, uint32_t val)
517 cpu_abort(env, "cp15 insn %08x\n", insn);
520 uint32_t HELPER(get_cp15)(CPUARMState *env, uint32_t insn)
522 cpu_abort(env, "cp15 insn %08x\n", insn);
525 /* These should probably raise undefined insn exceptions. */
526 void HELPER(v7m_msr)(CPUARMState *env, uint32_t reg, uint32_t val)
528 cpu_abort(env, "v7m_mrs %d\n", reg);
531 uint32_t HELPER(v7m_mrs)(CPUARMState *env, uint32_t reg)
533 cpu_abort(env, "v7m_mrs %d\n", reg);
537 void switch_mode(CPUARMState *env, int mode)
539 if (mode != ARM_CPU_MODE_USR)
540 cpu_abort(env, "Tried to switch out of user mode\n");
543 void HELPER(set_r13_banked)(CPUARMState *env, uint32_t mode, uint32_t val)
545 cpu_abort(env, "banked r13 write\n");
548 uint32_t HELPER(get_r13_banked)(CPUARMState *env, uint32_t mode)
550 cpu_abort(env, "banked r13 read\n");
556 /* Map CPU modes onto saved register banks. */
557 static inline int bank_number(CPUARMState *env, int mode)
560 case ARM_CPU_MODE_USR:
561 case ARM_CPU_MODE_SYS:
563 case ARM_CPU_MODE_SVC:
565 case ARM_CPU_MODE_ABT:
567 case ARM_CPU_MODE_UND:
569 case ARM_CPU_MODE_IRQ:
571 case ARM_CPU_MODE_FIQ:
574 cpu_abort(env, "Bad mode %x\n", mode);
578 void switch_mode(CPUARMState *env, int mode)
583 old_mode = env->uncached_cpsr & CPSR_M;
584 if (mode == old_mode)
587 if (old_mode == ARM_CPU_MODE_FIQ) {
588 memcpy (env->fiq_regs, env->regs + 8, 5 * sizeof(uint32_t));
589 memcpy (env->regs + 8, env->usr_regs, 5 * sizeof(uint32_t));
590 } else if (mode == ARM_CPU_MODE_FIQ) {
591 memcpy (env->usr_regs, env->regs + 8, 5 * sizeof(uint32_t));
592 memcpy (env->regs + 8, env->fiq_regs, 5 * sizeof(uint32_t));
595 i = bank_number(env, old_mode);
596 env->banked_r13[i] = env->regs[13];
597 env->banked_r14[i] = env->regs[14];
598 env->banked_spsr[i] = env->spsr;
600 i = bank_number(env, mode);
601 env->regs[13] = env->banked_r13[i];
602 env->regs[14] = env->banked_r14[i];
603 env->spsr = env->banked_spsr[i];
606 static void v7m_push(CPUARMState *env, uint32_t val)
609 stl_phys(env->regs[13], val);
612 static uint32_t v7m_pop(CPUARMState *env)
615 val = ldl_phys(env->regs[13]);
620 /* Switch to V7M main or process stack pointer. */
621 static void switch_v7m_sp(CPUARMState *env, int process)
624 if (env->v7m.current_sp != process) {
625 tmp = env->v7m.other_sp;
626 env->v7m.other_sp = env->regs[13];
628 env->v7m.current_sp = process;
632 static void do_v7m_exception_exit(CPUARMState *env)
637 type = env->regs[15];
638 if (env->v7m.exception != 0)
639 armv7m_nvic_complete_irq(env->nvic, env->v7m.exception);
641 /* Switch to the target stack. */
642 switch_v7m_sp(env, (type & 4) != 0);
644 env->regs[0] = v7m_pop(env);
645 env->regs[1] = v7m_pop(env);
646 env->regs[2] = v7m_pop(env);
647 env->regs[3] = v7m_pop(env);
648 env->regs[12] = v7m_pop(env);
649 env->regs[14] = v7m_pop(env);
650 env->regs[15] = v7m_pop(env);
652 xpsr_write(env, xpsr, 0xfffffdff);
653 /* Undo stack alignment. */
656 /* ??? The exception return type specifies Thread/Handler mode. However
657 this is also implied by the xPSR value. Not sure what to do
658 if there is a mismatch. */
659 /* ??? Likewise for mismatches between the CONTROL register and the stack
663 static void do_interrupt_v7m(CPUARMState *env)
665 uint32_t xpsr = xpsr_read(env);
670 if (env->v7m.current_sp)
672 if (env->v7m.exception == 0)
675 /* For exceptions we just mark as pending on the NVIC, and let that
677 /* TODO: Need to escalate if the current priority is higher than the
678 one we're raising. */
679 switch (env->exception_index) {
681 armv7m_nvic_set_pending(env->nvic, ARMV7M_EXCP_USAGE);
685 armv7m_nvic_set_pending(env->nvic, ARMV7M_EXCP_SVC);
687 case EXCP_PREFETCH_ABORT:
688 case EXCP_DATA_ABORT:
689 armv7m_nvic_set_pending(env->nvic, ARMV7M_EXCP_MEM);
692 if (semihosting_enabled) {
694 nr = arm_lduw_code(env->regs[15], env->bswap_code) & 0xff;
697 env->regs[0] = do_arm_semihosting(env);
701 armv7m_nvic_set_pending(env->nvic, ARMV7M_EXCP_DEBUG);
704 env->v7m.exception = armv7m_nvic_acknowledge_irq(env->nvic);
706 case EXCP_EXCEPTION_EXIT:
707 do_v7m_exception_exit(env);
710 cpu_abort(env, "Unhandled exception 0x%x\n", env->exception_index);
711 return; /* Never happens. Keep compiler happy. */
714 /* Align stack pointer. */
715 /* ??? Should only do this if Configuration Control Register
716 STACKALIGN bit is set. */
717 if (env->regs[13] & 4) {
721 /* Switch to the handler mode. */
723 v7m_push(env, env->regs[15]);
724 v7m_push(env, env->regs[14]);
725 v7m_push(env, env->regs[12]);
726 v7m_push(env, env->regs[3]);
727 v7m_push(env, env->regs[2]);
728 v7m_push(env, env->regs[1]);
729 v7m_push(env, env->regs[0]);
730 switch_v7m_sp(env, 0);
732 env->condexec_bits = 0;
734 addr = ldl_phys(env->v7m.vecbase + env->v7m.exception * 4);
735 env->regs[15] = addr & 0xfffffffe;
736 env->thumb = addr & 1;
739 /* Handle a CPU exception. */
740 void do_interrupt(CPUARMState *env)
748 do_interrupt_v7m(env);
751 /* TODO: Vectored interrupt controller. */
752 switch (env->exception_index) {
754 new_mode = ARM_CPU_MODE_UND;
763 if (semihosting_enabled) {
764 /* Check for semihosting interrupt. */
766 mask = arm_lduw_code(env->regs[15] - 2, env->bswap_code) & 0xff;
768 mask = arm_ldl_code(env->regs[15] - 4, env->bswap_code)
771 /* Only intercept calls from privileged modes, to provide some
772 semblance of security. */
773 if (((mask == 0x123456 && !env->thumb)
774 || (mask == 0xab && env->thumb))
775 && (env->uncached_cpsr & CPSR_M) != ARM_CPU_MODE_USR) {
776 env->regs[0] = do_arm_semihosting(env);
780 new_mode = ARM_CPU_MODE_SVC;
783 /* The PC already points to the next instruction. */
787 /* See if this is a semihosting syscall. */
788 if (env->thumb && semihosting_enabled) {
789 mask = arm_lduw_code(env->regs[15], env->bswap_code) & 0xff;
791 && (env->uncached_cpsr & CPSR_M) != ARM_CPU_MODE_USR) {
793 env->regs[0] = do_arm_semihosting(env);
797 env->cp15.c5_insn = 2;
798 /* Fall through to prefetch abort. */
799 case EXCP_PREFETCH_ABORT:
800 new_mode = ARM_CPU_MODE_ABT;
802 mask = CPSR_A | CPSR_I;
805 case EXCP_DATA_ABORT:
806 new_mode = ARM_CPU_MODE_ABT;
808 mask = CPSR_A | CPSR_I;
812 new_mode = ARM_CPU_MODE_IRQ;
814 /* Disable IRQ and imprecise data aborts. */
815 mask = CPSR_A | CPSR_I;
819 new_mode = ARM_CPU_MODE_FIQ;
821 /* Disable FIQ, IRQ and imprecise data aborts. */
822 mask = CPSR_A | CPSR_I | CPSR_F;
826 cpu_abort(env, "Unhandled exception 0x%x\n", env->exception_index);
827 return; /* Never happens. Keep compiler happy. */
830 if (env->cp15.c1_sys & (1 << 13)) {
833 switch_mode (env, new_mode);
834 env->spsr = cpsr_read(env);
836 env->condexec_bits = 0;
837 /* Switch to the new mode, and to the correct instruction set. */
838 env->uncached_cpsr = (env->uncached_cpsr & ~CPSR_M) | new_mode;
839 env->uncached_cpsr |= mask;
840 /* this is a lie, as the was no c1_sys on V4T/V5, but who cares
841 * and we should just guard the thumb mode on V4 */
842 if (arm_feature(env, ARM_FEATURE_V4T)) {
843 env->thumb = (env->cp15.c1_sys & (1 << 30)) != 0;
845 env->regs[14] = env->regs[15] + offset;
846 env->regs[15] = addr;
847 env->interrupt_request |= CPU_INTERRUPT_EXITTB;
850 /* Check section/page access permissions.
851 Returns the page protection flags, or zero if the access is not
853 static inline int check_ap(CPUARMState *env, int ap, int domain_prot,
854 int access_type, int is_user)
858 if (domain_prot == 3) {
859 return PAGE_READ | PAGE_WRITE;
862 if (access_type == 1)
869 if (access_type == 1)
871 switch ((env->cp15.c1_sys >> 8) & 3) {
873 return is_user ? 0 : PAGE_READ;
880 return is_user ? 0 : PAGE_READ | PAGE_WRITE;
885 return PAGE_READ | PAGE_WRITE;
887 return PAGE_READ | PAGE_WRITE;
888 case 4: /* Reserved. */
891 return is_user ? 0 : prot_ro;
895 if (!arm_feature (env, ARM_FEATURE_V6K))
903 static uint32_t get_level1_table_address(CPUARMState *env, uint32_t address)
907 if (address & env->cp15.c2_mask)
908 table = env->cp15.c2_base1 & 0xffffc000;
910 table = env->cp15.c2_base0 & env->cp15.c2_base_mask;
912 table |= (address >> 18) & 0x3ffc;
916 static int get_phys_addr_v5(CPUARMState *env, uint32_t address, int access_type,
917 int is_user, uint32_t *phys_ptr, int *prot,
918 target_ulong *page_size)
929 /* Pagetable walk. */
930 /* Lookup l1 descriptor. */
931 table = get_level1_table_address(env, address);
932 desc = ldl_phys(table);
934 domain = (desc >> 5) & 0x0f;
935 domain_prot = (env->cp15.c3 >> (domain * 2)) & 3;
937 /* Section translation fault. */
941 if (domain_prot == 0 || domain_prot == 2) {
943 code = 9; /* Section domain fault. */
945 code = 11; /* Page domain fault. */
950 phys_addr = (desc & 0xfff00000) | (address & 0x000fffff);
951 ap = (desc >> 10) & 3;
953 *page_size = 1024 * 1024;
955 /* Lookup l2 entry. */
957 /* Coarse pagetable. */
958 table = (desc & 0xfffffc00) | ((address >> 10) & 0x3fc);
960 /* Fine pagetable. */
961 table = (desc & 0xfffff000) | ((address >> 8) & 0xffc);
963 desc = ldl_phys(table);
965 case 0: /* Page translation fault. */
968 case 1: /* 64k page. */
969 phys_addr = (desc & 0xffff0000) | (address & 0xffff);
970 ap = (desc >> (4 + ((address >> 13) & 6))) & 3;
971 *page_size = 0x10000;
973 case 2: /* 4k page. */
974 phys_addr = (desc & 0xfffff000) | (address & 0xfff);
975 ap = (desc >> (4 + ((address >> 13) & 6))) & 3;
978 case 3: /* 1k page. */
980 if (arm_feature(env, ARM_FEATURE_XSCALE)) {
981 phys_addr = (desc & 0xfffff000) | (address & 0xfff);
983 /* Page translation fault. */
988 phys_addr = (desc & 0xfffffc00) | (address & 0x3ff);
990 ap = (desc >> 4) & 3;
994 /* Never happens, but compiler isn't smart enough to tell. */
999 *prot = check_ap(env, ap, domain_prot, access_type, is_user);
1001 /* Access permission fault. */
1005 *phys_ptr = phys_addr;
1008 return code | (domain << 4);
1011 static int get_phys_addr_v6(CPUARMState *env, uint32_t address, int access_type,
1012 int is_user, uint32_t *phys_ptr, int *prot,
1013 target_ulong *page_size)
1025 /* Pagetable walk. */
1026 /* Lookup l1 descriptor. */
1027 table = get_level1_table_address(env, address);
1028 desc = ldl_phys(table);
1031 /* Section translation fault. */
1035 } else if (type == 2 && (desc & (1 << 18))) {
1039 /* Section or page. */
1040 domain = (desc >> 5) & 0x0f;
1042 domain_prot = (env->cp15.c3 >> (domain * 2)) & 3;
1043 if (domain_prot == 0 || domain_prot == 2) {
1045 code = 9; /* Section domain fault. */
1047 code = 11; /* Page domain fault. */
1051 if (desc & (1 << 18)) {
1053 phys_addr = (desc & 0xff000000) | (address & 0x00ffffff);
1054 *page_size = 0x1000000;
1057 phys_addr = (desc & 0xfff00000) | (address & 0x000fffff);
1058 *page_size = 0x100000;
1060 ap = ((desc >> 10) & 3) | ((desc >> 13) & 4);
1061 xn = desc & (1 << 4);
1064 /* Lookup l2 entry. */
1065 table = (desc & 0xfffffc00) | ((address >> 10) & 0x3fc);
1066 desc = ldl_phys(table);
1067 ap = ((desc >> 4) & 3) | ((desc >> 7) & 4);
1069 case 0: /* Page translation fault. */
1072 case 1: /* 64k page. */
1073 phys_addr = (desc & 0xffff0000) | (address & 0xffff);
1074 xn = desc & (1 << 15);
1075 *page_size = 0x10000;
1077 case 2: case 3: /* 4k page. */
1078 phys_addr = (desc & 0xfffff000) | (address & 0xfff);
1080 *page_size = 0x1000;
1083 /* Never happens, but compiler isn't smart enough to tell. */
1088 if (domain_prot == 3) {
1089 *prot = PAGE_READ | PAGE_WRITE | PAGE_EXEC;
1091 if (xn && access_type == 2)
1094 /* The simplified model uses AP[0] as an access control bit. */
1095 if ((env->cp15.c1_sys & (1 << 29)) && (ap & 1) == 0) {
1096 /* Access flag fault. */
1097 code = (code == 15) ? 6 : 3;
1100 *prot = check_ap(env, ap, domain_prot, access_type, is_user);
1102 /* Access permission fault. */
1109 *phys_ptr = phys_addr;
1112 return code | (domain << 4);
1115 static int get_phys_addr_mpu(CPUARMState *env, uint32_t address, int access_type,
1116 int is_user, uint32_t *phys_ptr, int *prot)
1122 *phys_ptr = address;
1123 for (n = 7; n >= 0; n--) {
1124 base = env->cp15.c6_region[n];
1125 if ((base & 1) == 0)
1127 mask = 1 << ((base >> 1) & 0x1f);
1128 /* Keep this shift separate from the above to avoid an
1129 (undefined) << 32. */
1130 mask = (mask << 1) - 1;
1131 if (((base ^ address) & ~mask) == 0)
1137 if (access_type == 2) {
1138 mask = env->cp15.c5_insn;
1140 mask = env->cp15.c5_data;
1142 mask = (mask >> (n * 4)) & 0xf;
1149 *prot = PAGE_READ | PAGE_WRITE;
1154 *prot |= PAGE_WRITE;
1157 *prot = PAGE_READ | PAGE_WRITE;
1168 /* Bad permission. */
1175 static inline int get_phys_addr(CPUARMState *env, uint32_t address,
1176 int access_type, int is_user,
1177 uint32_t *phys_ptr, int *prot,
1178 target_ulong *page_size)
1180 /* Fast Context Switch Extension. */
1181 if (address < 0x02000000)
1182 address += env->cp15.c13_fcse;
1184 if ((env->cp15.c1_sys & 1) == 0) {
1185 /* MMU/MPU disabled. */
1186 *phys_ptr = address;
1187 *prot = PAGE_READ | PAGE_WRITE | PAGE_EXEC;
1188 *page_size = TARGET_PAGE_SIZE;
1190 } else if (arm_feature(env, ARM_FEATURE_MPU)) {
1191 *page_size = TARGET_PAGE_SIZE;
1192 return get_phys_addr_mpu(env, address, access_type, is_user, phys_ptr,
1194 } else if (env->cp15.c1_sys & (1 << 23)) {
1195 return get_phys_addr_v6(env, address, access_type, is_user, phys_ptr,
1198 return get_phys_addr_v5(env, address, access_type, is_user, phys_ptr,
1203 int cpu_arm_handle_mmu_fault (CPUARMState *env, target_ulong address,
1204 int access_type, int mmu_idx)
1207 target_ulong page_size;
1211 is_user = mmu_idx == MMU_USER_IDX;
1212 ret = get_phys_addr(env, address, access_type, is_user, &phys_addr, &prot,
1215 /* Map a single [sub]page. */
1216 phys_addr &= ~(uint32_t)0x3ff;
1217 address &= ~(uint32_t)0x3ff;
1218 tlb_set_page (env, address, phys_addr, prot, mmu_idx, page_size);
1222 if (access_type == 2) {
1223 env->cp15.c5_insn = ret;
1224 env->cp15.c6_insn = address;
1225 env->exception_index = EXCP_PREFETCH_ABORT;
1227 env->cp15.c5_data = ret;
1228 if (access_type == 1 && arm_feature(env, ARM_FEATURE_V6))
1229 env->cp15.c5_data |= (1 << 11);
1230 env->cp15.c6_data = address;
1231 env->exception_index = EXCP_DATA_ABORT;
1236 target_phys_addr_t cpu_get_phys_page_debug(CPUARMState *env, target_ulong addr)
1239 target_ulong page_size;
1243 ret = get_phys_addr(env, addr, 0, 0, &phys_addr, &prot, &page_size);
1251 void HELPER(set_cp)(CPUARMState *env, uint32_t insn, uint32_t val)
1253 int cp_num = (insn >> 8) & 0xf;
1254 int cp_info = (insn >> 5) & 7;
1255 int src = (insn >> 16) & 0xf;
1256 int operand = insn & 0xf;
1258 if (env->cp[cp_num].cp_write)
1259 env->cp[cp_num].cp_write(env->cp[cp_num].opaque,
1260 cp_info, src, operand, val);
1263 uint32_t HELPER(get_cp)(CPUARMState *env, uint32_t insn)
1265 int cp_num = (insn >> 8) & 0xf;
1266 int cp_info = (insn >> 5) & 7;
1267 int dest = (insn >> 16) & 0xf;
1268 int operand = insn & 0xf;
1270 if (env->cp[cp_num].cp_read)
1271 return env->cp[cp_num].cp_read(env->cp[cp_num].opaque,
1272 cp_info, dest, operand);
1276 /* Return basic MPU access permission bits. */
1277 static uint32_t simple_mpu_ap_bits(uint32_t val)
1284 for (i = 0; i < 16; i += 2) {
1285 ret |= (val >> i) & mask;
1291 /* Pad basic MPU access permission bits to extended format. */
1292 static uint32_t extended_mpu_ap_bits(uint32_t val)
1299 for (i = 0; i < 16; i += 2) {
1300 ret |= (val & mask) << i;
1306 void HELPER(set_cp15)(CPUARMState *env, uint32_t insn, uint32_t val)
1312 op1 = (insn >> 21) & 7;
1313 op2 = (insn >> 5) & 7;
1315 switch ((insn >> 16) & 0xf) {
1318 if (arm_feature(env, ARM_FEATURE_XSCALE))
1320 if (arm_feature(env, ARM_FEATURE_OMAPCP))
1322 if (arm_feature(env, ARM_FEATURE_V7)
1323 && op1 == 2 && crm == 0 && op2 == 0) {
1324 env->cp15.c0_cssel = val & 0xf;
1328 case 1: /* System configuration. */
1329 if (arm_feature(env, ARM_FEATURE_V7)
1330 && op1 == 0 && crm == 1 && op2 == 0) {
1331 env->cp15.c1_scr = val;
1334 if (arm_feature(env, ARM_FEATURE_OMAPCP))
1338 if (!arm_feature(env, ARM_FEATURE_XSCALE) || crm == 0)
1339 env->cp15.c1_sys = val;
1340 /* ??? Lots of these bits are not implemented. */
1341 /* This may enable/disable the MMU, so do a TLB flush. */
1344 case 1: /* Auxiliary control register. */
1345 if (arm_feature(env, ARM_FEATURE_XSCALE)) {
1346 env->cp15.c1_xscaleauxcr = val;
1349 /* Not implemented. */
1352 if (arm_feature(env, ARM_FEATURE_XSCALE))
1354 if (env->cp15.c1_coproc != val) {
1355 env->cp15.c1_coproc = val;
1356 /* ??? Is this safe when called from within a TB? */
1364 case 2: /* MMU Page table control / MPU cache control. */
1365 if (arm_feature(env, ARM_FEATURE_MPU)) {
1368 env->cp15.c2_data = val;
1371 env->cp15.c2_insn = val;
1379 env->cp15.c2_base0 = val;
1382 env->cp15.c2_base1 = val;
1386 env->cp15.c2_control = val;
1387 env->cp15.c2_mask = ~(((uint32_t)0xffffffffu) >> val);
1388 env->cp15.c2_base_mask = ~((uint32_t)0x3fffu >> val);
1395 case 3: /* MMU Domain access control / MPU write buffer control. */
1397 tlb_flush(env, 1); /* Flush TLB as domain not tracked in TLB */
1399 case 4: /* Reserved. */
1401 case 5: /* MMU Fault status / MPU access permission. */
1402 if (arm_feature(env, ARM_FEATURE_OMAPCP))
1406 if (arm_feature(env, ARM_FEATURE_MPU))
1407 val = extended_mpu_ap_bits(val);
1408 env->cp15.c5_data = val;
1411 if (arm_feature(env, ARM_FEATURE_MPU))
1412 val = extended_mpu_ap_bits(val);
1413 env->cp15.c5_insn = val;
1416 if (!arm_feature(env, ARM_FEATURE_MPU))
1418 env->cp15.c5_data = val;
1421 if (!arm_feature(env, ARM_FEATURE_MPU))
1423 env->cp15.c5_insn = val;
1429 case 6: /* MMU Fault address / MPU base/size. */
1430 if (arm_feature(env, ARM_FEATURE_MPU)) {
1433 env->cp15.c6_region[crm] = val;
1435 if (arm_feature(env, ARM_FEATURE_OMAPCP))
1439 env->cp15.c6_data = val;
1441 case 1: /* ??? This is WFAR on armv6 */
1443 env->cp15.c6_insn = val;
1450 case 7: /* Cache control. */
1451 env->cp15.c15_i_max = 0x000;
1452 env->cp15.c15_i_min = 0xff0;
1456 /* No cache, so nothing to do except VA->PA translations. */
1457 if (arm_feature(env, ARM_FEATURE_VAPA)) {
1460 if (arm_feature(env, ARM_FEATURE_V7)) {
1461 env->cp15.c7_par = val & 0xfffff6ff;
1463 env->cp15.c7_par = val & 0xfffff1ff;
1468 target_ulong page_size;
1470 int ret, is_user = op2 & 2;
1471 int access_type = op2 & 1;
1474 /* Other states are only available with TrustZone */
1477 ret = get_phys_addr(env, val, access_type, is_user,
1478 &phys_addr, &prot, &page_size);
1480 /* We do not set any attribute bits in the PAR */
1481 if (page_size == (1 << 24)
1482 && arm_feature(env, ARM_FEATURE_V7)) {
1483 env->cp15.c7_par = (phys_addr & 0xff000000) | 1 << 1;
1485 env->cp15.c7_par = phys_addr & 0xfffff000;
1488 env->cp15.c7_par = ((ret & (10 << 1)) >> 5) |
1489 ((ret & (12 << 1)) >> 6) |
1490 ((ret & 0xf) << 1) | 1;
1497 case 8: /* MMU TLB control. */
1499 case 0: /* Invalidate all (TLBIALL) */
1502 case 1: /* Invalidate single TLB entry by MVA and ASID (TLBIMVA) */
1503 tlb_flush_page(env, val & TARGET_PAGE_MASK);
1505 case 2: /* Invalidate by ASID (TLBIASID) */
1506 tlb_flush(env, val == 0);
1508 case 3: /* Invalidate single entry by MVA, all ASIDs (TLBIMVAA) */
1509 tlb_flush_page(env, val & TARGET_PAGE_MASK);
1516 if (arm_feature(env, ARM_FEATURE_OMAPCP))
1518 if (arm_feature(env, ARM_FEATURE_STRONGARM))
1519 break; /* Ignore ReadBuffer access */
1521 case 0: /* Cache lockdown. */
1523 case 0: /* L1 cache. */
1526 env->cp15.c9_data = val;
1529 env->cp15.c9_insn = val;
1535 case 1: /* L2 cache. */
1536 /* Ignore writes to L2 lockdown/auxiliary registers. */
1542 case 1: /* TCM memory region registers. */
1543 /* Not implemented. */
1545 case 12: /* Performance monitor control */
1546 /* Performance monitors are implementation defined in v7,
1547 * but with an ARM recommended set of registers, which we
1548 * follow (although we don't actually implement any counters)
1550 if (!arm_feature(env, ARM_FEATURE_V7)) {
1554 case 0: /* performance monitor control register */
1555 /* only the DP, X, D and E bits are writable */
1556 env->cp15.c9_pmcr &= ~0x39;
1557 env->cp15.c9_pmcr |= (val & 0x39);
1559 case 1: /* Count enable set register */
1561 env->cp15.c9_pmcnten |= val;
1563 case 2: /* Count enable clear */
1565 env->cp15.c9_pmcnten &= ~val;
1567 case 3: /* Overflow flag status */
1568 env->cp15.c9_pmovsr &= ~val;
1570 case 4: /* Software increment */
1571 /* RAZ/WI since we don't implement the software-count event */
1573 case 5: /* Event counter selection register */
1574 /* Since we don't implement any events, writing to this register
1575 * is actually UNPREDICTABLE. So we choose to RAZ/WI.
1582 case 13: /* Performance counters */
1583 if (!arm_feature(env, ARM_FEATURE_V7)) {
1587 case 0: /* Cycle count register: not implemented, so RAZ/WI */
1589 case 1: /* Event type select */
1590 env->cp15.c9_pmxevtyper = val & 0xff;
1592 case 2: /* Event count register */
1593 /* Unimplemented (we have no events), RAZ/WI */
1599 case 14: /* Performance monitor control */
1600 if (!arm_feature(env, ARM_FEATURE_V7)) {
1604 case 0: /* user enable */
1605 env->cp15.c9_pmuserenr = val & 1;
1606 /* changes access rights for cp registers, so flush tbs */
1609 case 1: /* interrupt enable set */
1610 /* We have no event counters so only the C bit can be changed */
1612 env->cp15.c9_pminten |= val;
1614 case 2: /* interrupt enable clear */
1616 env->cp15.c9_pminten &= ~val;
1624 case 10: /* MMU TLB lockdown. */
1625 /* ??? TLB lockdown not implemented. */
1627 case 12: /* Reserved. */
1629 case 13: /* Process ID. */
1632 /* Unlike real hardware the qemu TLB uses virtual addresses,
1633 not modified virtual addresses, so this causes a TLB flush.
1635 if (env->cp15.c13_fcse != val)
1637 env->cp15.c13_fcse = val;
1640 /* This changes the ASID, so do a TLB flush. */
1641 if (env->cp15.c13_context != val
1642 && !arm_feature(env, ARM_FEATURE_MPU))
1644 env->cp15.c13_context = val;
1650 case 14: /* Generic timer */
1651 if (arm_feature(env, ARM_FEATURE_GENERIC_TIMER)) {
1652 /* Dummy implementation: RAZ/WI for all */
1656 case 15: /* Implementation specific. */
1657 if (arm_feature(env, ARM_FEATURE_XSCALE)) {
1658 if (op2 == 0 && crm == 1) {
1659 if (env->cp15.c15_cpar != (val & 0x3fff)) {
1660 /* Changes cp0 to cp13 behavior, so needs a TB flush. */
1662 env->cp15.c15_cpar = val & 0x3fff;
1668 if (arm_feature(env, ARM_FEATURE_OMAPCP)) {
1672 case 1: /* Set TI925T configuration. */
1673 env->cp15.c15_ticonfig = val & 0xe7;
1674 env->cp15.c0_cpuid = (val & (1 << 5)) ? /* OS_TYPE bit */
1675 ARM_CPUID_TI915T : ARM_CPUID_TI925T;
1677 case 2: /* Set I_max. */
1678 env->cp15.c15_i_max = val;
1680 case 3: /* Set I_min. */
1681 env->cp15.c15_i_min = val;
1683 case 4: /* Set thread-ID. */
1684 env->cp15.c15_threadid = val & 0xffff;
1686 case 8: /* Wait-for-interrupt (deprecated). */
1687 cpu_interrupt(env, CPU_INTERRUPT_HALT);
1693 if (ARM_CPUID(env) == ARM_CPUID_CORTEXA9) {
1696 if ((op1 == 0) && (op2 == 0)) {
1697 env->cp15.c15_power_control = val;
1698 } else if ((op1 == 0) && (op2 == 1)) {
1699 env->cp15.c15_diagnostic = val;
1700 } else if ((op1 == 0) && (op2 == 2)) {
1701 env->cp15.c15_power_diagnostic = val;
1711 /* ??? For debugging only. Should raise illegal instruction exception. */
1712 cpu_abort(env, "Unimplemented cp15 register write (c%d, c%d, {%d, %d})\n",
1713 (insn >> 16) & 0xf, crm, op1, op2);
1716 uint32_t HELPER(get_cp15)(CPUARMState *env, uint32_t insn)
1722 op1 = (insn >> 21) & 7;
1723 op2 = (insn >> 5) & 7;
1725 switch ((insn >> 16) & 0xf) {
1726 case 0: /* ID codes. */
1732 case 0: /* Device ID. */
1733 return env->cp15.c0_cpuid;
1734 case 1: /* Cache Type. */
1735 return env->cp15.c0_cachetype;
1736 case 2: /* TCM status. */
1738 case 3: /* TLB type register. */
1739 return 0; /* No lockable TLB entries. */
1741 /* The MPIDR was standardised in v7; prior to
1742 * this it was implemented only in the 11MPCore.
1743 * For all other pre-v7 cores it does not exist.
1745 if (arm_feature(env, ARM_FEATURE_V7) ||
1746 ARM_CPUID(env) == ARM_CPUID_ARM11MPCORE) {
1747 int mpidr = env->cpu_index;
1748 /* We don't support setting cluster ID ([8..11])
1749 * so these bits always RAZ.
1751 if (arm_feature(env, ARM_FEATURE_V7MP)) {
1753 /* Cores which are uniprocessor (non-coherent)
1754 * but still implement the MP extensions set
1755 * bit 30. (For instance, A9UP.) However we do
1756 * not currently model any of those cores.
1761 /* otherwise fall through to the unimplemented-reg case */
1766 if (!arm_feature(env, ARM_FEATURE_V6))
1768 return env->cp15.c0_c1[op2];
1770 if (!arm_feature(env, ARM_FEATURE_V6))
1772 return env->cp15.c0_c2[op2];
1773 case 3: case 4: case 5: case 6: case 7:
1779 /* These registers aren't documented on arm11 cores. However
1780 Linux looks at them anyway. */
1781 if (!arm_feature(env, ARM_FEATURE_V6))
1785 if (!arm_feature(env, ARM_FEATURE_V7))
1790 return env->cp15.c0_ccsid[env->cp15.c0_cssel];
1792 return env->cp15.c0_clid;
1798 if (op2 != 0 || crm != 0)
1800 return env->cp15.c0_cssel;
1804 case 1: /* System configuration. */
1805 if (arm_feature(env, ARM_FEATURE_V7)
1806 && op1 == 0 && crm == 1 && op2 == 0) {
1807 return env->cp15.c1_scr;
1809 if (arm_feature(env, ARM_FEATURE_OMAPCP))
1812 case 0: /* Control register. */
1813 return env->cp15.c1_sys;
1814 case 1: /* Auxiliary control register. */
1815 if (arm_feature(env, ARM_FEATURE_XSCALE))
1816 return env->cp15.c1_xscaleauxcr;
1817 if (!arm_feature(env, ARM_FEATURE_AUXCR))
1819 switch (ARM_CPUID(env)) {
1820 case ARM_CPUID_ARM1026:
1822 case ARM_CPUID_ARM1136:
1823 case ARM_CPUID_ARM1136_R2:
1824 case ARM_CPUID_ARM1176:
1826 case ARM_CPUID_ARM11MPCORE:
1828 case ARM_CPUID_CORTEXA8:
1830 case ARM_CPUID_CORTEXA9:
1831 case ARM_CPUID_CORTEXA15:
1836 case 2: /* Coprocessor access register. */
1837 if (arm_feature(env, ARM_FEATURE_XSCALE))
1839 return env->cp15.c1_coproc;
1843 case 2: /* MMU Page table control / MPU cache control. */
1844 if (arm_feature(env, ARM_FEATURE_MPU)) {
1847 return env->cp15.c2_data;
1850 return env->cp15.c2_insn;
1858 return env->cp15.c2_base0;
1860 return env->cp15.c2_base1;
1862 return env->cp15.c2_control;
1867 case 3: /* MMU Domain access control / MPU write buffer control. */
1868 return env->cp15.c3;
1869 case 4: /* Reserved. */
1871 case 5: /* MMU Fault status / MPU access permission. */
1872 if (arm_feature(env, ARM_FEATURE_OMAPCP))
1876 if (arm_feature(env, ARM_FEATURE_MPU))
1877 return simple_mpu_ap_bits(env->cp15.c5_data);
1878 return env->cp15.c5_data;
1880 if (arm_feature(env, ARM_FEATURE_MPU))
1881 return simple_mpu_ap_bits(env->cp15.c5_insn);
1882 return env->cp15.c5_insn;
1884 if (!arm_feature(env, ARM_FEATURE_MPU))
1886 return env->cp15.c5_data;
1888 if (!arm_feature(env, ARM_FEATURE_MPU))
1890 return env->cp15.c5_insn;
1894 case 6: /* MMU Fault address. */
1895 if (arm_feature(env, ARM_FEATURE_MPU)) {
1898 return env->cp15.c6_region[crm];
1900 if (arm_feature(env, ARM_FEATURE_OMAPCP))
1904 return env->cp15.c6_data;
1906 if (arm_feature(env, ARM_FEATURE_V6)) {
1907 /* Watchpoint Fault Adrress. */
1908 return 0; /* Not implemented. */
1910 /* Instruction Fault Adrress. */
1911 /* Arm9 doesn't have an IFAR, but implementing it anyway
1912 shouldn't do any harm. */
1913 return env->cp15.c6_insn;
1916 if (arm_feature(env, ARM_FEATURE_V6)) {
1917 /* Instruction Fault Adrress. */
1918 return env->cp15.c6_insn;
1926 case 7: /* Cache control. */
1927 if (crm == 4 && op1 == 0 && op2 == 0) {
1928 return env->cp15.c7_par;
1930 /* FIXME: Should only clear Z flag if destination is r15. */
1933 case 8: /* MMU TLB control. */
1937 case 0: /* Cache lockdown */
1939 case 0: /* L1 cache. */
1940 if (arm_feature(env, ARM_FEATURE_OMAPCP)) {
1945 return env->cp15.c9_data;
1947 return env->cp15.c9_insn;
1951 case 1: /* L2 cache */
1952 /* L2 Lockdown and Auxiliary control. */
1955 /* L2 cache lockdown (A8 only) */
1958 /* L2 cache auxiliary control (A8) or control (A15) */
1959 if (ARM_CPUID(env) == ARM_CPUID_CORTEXA15) {
1960 /* Linux wants the number of processors from here.
1961 * Might as well set the interrupt-controller bit too.
1963 return ((smp_cpus - 1) << 24) | (1 << 23);
1967 /* L2 cache extended control (A15) */
1976 case 12: /* Performance monitor control */
1977 if (!arm_feature(env, ARM_FEATURE_V7)) {
1981 case 0: /* performance monitor control register */
1982 return env->cp15.c9_pmcr;
1983 case 1: /* count enable set */
1984 case 2: /* count enable clear */
1985 return env->cp15.c9_pmcnten;
1986 case 3: /* overflow flag status */
1987 return env->cp15.c9_pmovsr;
1988 case 4: /* software increment */
1989 case 5: /* event counter selection register */
1990 return 0; /* Unimplemented, RAZ/WI */
1994 case 13: /* Performance counters */
1995 if (!arm_feature(env, ARM_FEATURE_V7)) {
1999 case 1: /* Event type select */
2000 return env->cp15.c9_pmxevtyper;
2001 case 0: /* Cycle count register */
2002 case 2: /* Event count register */
2003 /* Unimplemented, so RAZ/WI */
2008 case 14: /* Performance monitor control */
2009 if (!arm_feature(env, ARM_FEATURE_V7)) {
2013 case 0: /* user enable */
2014 return env->cp15.c9_pmuserenr;
2015 case 1: /* interrupt enable set */
2016 case 2: /* interrupt enable clear */
2017 return env->cp15.c9_pminten;
2025 case 10: /* MMU TLB lockdown. */
2026 /* ??? TLB lockdown not implemented. */
2028 case 11: /* TCM DMA control. */
2029 case 12: /* Reserved. */
2031 case 13: /* Process ID. */
2034 return env->cp15.c13_fcse;
2036 return env->cp15.c13_context;
2040 case 14: /* Generic timer */
2041 if (arm_feature(env, ARM_FEATURE_GENERIC_TIMER)) {
2042 /* Dummy implementation: RAZ/WI for all */
2046 case 15: /* Implementation specific. */
2047 if (arm_feature(env, ARM_FEATURE_XSCALE)) {
2048 if (op2 == 0 && crm == 1)
2049 return env->cp15.c15_cpar;
2053 if (arm_feature(env, ARM_FEATURE_OMAPCP)) {
2057 case 1: /* Read TI925T configuration. */
2058 return env->cp15.c15_ticonfig;
2059 case 2: /* Read I_max. */
2060 return env->cp15.c15_i_max;
2061 case 3: /* Read I_min. */
2062 return env->cp15.c15_i_min;
2063 case 4: /* Read thread-ID. */
2064 return env->cp15.c15_threadid;
2065 case 8: /* TI925T_status */
2068 /* TODO: Peripheral port remap register:
2069 * On OMAP2 mcr p15, 0, rn, c15, c2, 4 sets up the interrupt
2070 * controller base address at $rn & ~0xfff and map size of
2071 * 0x200 << ($rn & 0xfff), when MMU is off. */
2074 if (ARM_CPUID(env) == ARM_CPUID_CORTEXA9) {
2077 if ((op1 == 4) && (op2 == 0)) {
2078 /* The config_base_address should hold the value of
2079 * the peripheral base. ARM should get this from a CPU
2080 * object property, but that support isn't available in
2081 * December 2011. Default to 0 for now and board models
2082 * that care can set it by a private hook */
2083 return env->cp15.c15_config_base_address;
2084 } else if ((op1 == 0) && (op2 == 0)) {
2085 /* power_control should be set to maximum latency. Again,
2086 default to 0 and set by private hook */
2087 return env->cp15.c15_power_control;
2088 } else if ((op1 == 0) && (op2 == 1)) {
2089 return env->cp15.c15_diagnostic;
2090 } else if ((op1 == 0) && (op2 == 2)) {
2091 return env->cp15.c15_power_diagnostic;
2094 case 1: /* NEON Busy */
2096 case 5: /* tlb lockdown */
2099 if ((op1 == 5) && (op2 == 2)) {
2111 /* ??? For debugging only. Should raise illegal instruction exception. */
2112 cpu_abort(env, "Unimplemented cp15 register read (c%d, c%d, {%d, %d})\n",
2113 (insn >> 16) & 0xf, crm, op1, op2);
2117 void HELPER(set_r13_banked)(CPUARMState *env, uint32_t mode, uint32_t val)
2119 if ((env->uncached_cpsr & CPSR_M) == mode) {
2120 env->regs[13] = val;
2122 env->banked_r13[bank_number(env, mode)] = val;
2126 uint32_t HELPER(get_r13_banked)(CPUARMState *env, uint32_t mode)
2128 if ((env->uncached_cpsr & CPSR_M) == mode) {
2129 return env->regs[13];
2131 return env->banked_r13[bank_number(env, mode)];
2135 uint32_t HELPER(v7m_mrs)(CPUARMState *env, uint32_t reg)
2139 return xpsr_read(env) & 0xf8000000;
2141 return xpsr_read(env) & 0xf80001ff;
2143 return xpsr_read(env) & 0xff00fc00;
2145 return xpsr_read(env) & 0xff00fdff;
2147 return xpsr_read(env) & 0x000001ff;
2149 return xpsr_read(env) & 0x0700fc00;
2151 return xpsr_read(env) & 0x0700edff;
2153 return env->v7m.current_sp ? env->v7m.other_sp : env->regs[13];
2155 return env->v7m.current_sp ? env->regs[13] : env->v7m.other_sp;
2156 case 16: /* PRIMASK */
2157 return (env->uncached_cpsr & CPSR_I) != 0;
2158 case 17: /* BASEPRI */
2159 case 18: /* BASEPRI_MAX */
2160 return env->v7m.basepri;
2161 case 19: /* FAULTMASK */
2162 return (env->uncached_cpsr & CPSR_F) != 0;
2163 case 20: /* CONTROL */
2164 return env->v7m.control;
2166 /* ??? For debugging only. */
2167 cpu_abort(env, "Unimplemented system register read (%d)\n", reg);
2172 void HELPER(v7m_msr)(CPUARMState *env, uint32_t reg, uint32_t val)
2176 xpsr_write(env, val, 0xf8000000);
2179 xpsr_write(env, val, 0xf8000000);
2182 xpsr_write(env, val, 0xfe00fc00);
2185 xpsr_write(env, val, 0xfe00fc00);
2188 /* IPSR bits are readonly. */
2191 xpsr_write(env, val, 0x0600fc00);
2194 xpsr_write(env, val, 0x0600fc00);
2197 if (env->v7m.current_sp)
2198 env->v7m.other_sp = val;
2200 env->regs[13] = val;
2203 if (env->v7m.current_sp)
2204 env->regs[13] = val;
2206 env->v7m.other_sp = val;
2208 case 16: /* PRIMASK */
2210 env->uncached_cpsr |= CPSR_I;
2212 env->uncached_cpsr &= ~CPSR_I;
2214 case 17: /* BASEPRI */
2215 env->v7m.basepri = val & 0xff;
2217 case 18: /* BASEPRI_MAX */
2219 if (val != 0 && (val < env->v7m.basepri || env->v7m.basepri == 0))
2220 env->v7m.basepri = val;
2222 case 19: /* FAULTMASK */
2224 env->uncached_cpsr |= CPSR_F;
2226 env->uncached_cpsr &= ~CPSR_F;
2228 case 20: /* CONTROL */
2229 env->v7m.control = val & 3;
2230 switch_v7m_sp(env, (val & 2) != 0);
2233 /* ??? For debugging only. */
2234 cpu_abort(env, "Unimplemented system register write (%d)\n", reg);
2239 void cpu_arm_set_cp_io(CPUARMState *env, int cpnum,
2240 ARMReadCPFunc *cp_read, ARMWriteCPFunc *cp_write,
2243 if (cpnum < 0 || cpnum > 14) {
2244 cpu_abort(env, "Bad coprocessor number: %i\n", cpnum);
2248 env->cp[cpnum].cp_read = cp_read;
2249 env->cp[cpnum].cp_write = cp_write;
2250 env->cp[cpnum].opaque = opaque;
2255 /* Note that signed overflow is undefined in C. The following routines are
2256 careful to use unsigned types where modulo arithmetic is required.
2257 Failure to do so _will_ break on newer gcc. */
2259 /* Signed saturating arithmetic. */
2261 /* Perform 16-bit signed saturating addition. */
2262 static inline uint16_t add16_sat(uint16_t a, uint16_t b)
2267 if (((res ^ a) & 0x8000) && !((a ^ b) & 0x8000)) {
2276 /* Perform 8-bit signed saturating addition. */
2277 static inline uint8_t add8_sat(uint8_t a, uint8_t b)
2282 if (((res ^ a) & 0x80) && !((a ^ b) & 0x80)) {
2291 /* Perform 16-bit signed saturating subtraction. */
2292 static inline uint16_t sub16_sat(uint16_t a, uint16_t b)
2297 if (((res ^ a) & 0x8000) && ((a ^ b) & 0x8000)) {
2306 /* Perform 8-bit signed saturating subtraction. */
2307 static inline uint8_t sub8_sat(uint8_t a, uint8_t b)
2312 if (((res ^ a) & 0x80) && ((a ^ b) & 0x80)) {
2321 #define ADD16(a, b, n) RESULT(add16_sat(a, b), n, 16);
2322 #define SUB16(a, b, n) RESULT(sub16_sat(a, b), n, 16);
2323 #define ADD8(a, b, n) RESULT(add8_sat(a, b), n, 8);
2324 #define SUB8(a, b, n) RESULT(sub8_sat(a, b), n, 8);
2327 #include "op_addsub.h"
2329 /* Unsigned saturating arithmetic. */
2330 static inline uint16_t add16_usat(uint16_t a, uint16_t b)
2339 static inline uint16_t sub16_usat(uint16_t a, uint16_t b)
2347 static inline uint8_t add8_usat(uint8_t a, uint8_t b)
2356 static inline uint8_t sub8_usat(uint8_t a, uint8_t b)
2364 #define ADD16(a, b, n) RESULT(add16_usat(a, b), n, 16);
2365 #define SUB16(a, b, n) RESULT(sub16_usat(a, b), n, 16);
2366 #define ADD8(a, b, n) RESULT(add8_usat(a, b), n, 8);
2367 #define SUB8(a, b, n) RESULT(sub8_usat(a, b), n, 8);
2370 #include "op_addsub.h"
2372 /* Signed modulo arithmetic. */
2373 #define SARITH16(a, b, n, op) do { \
2375 sum = (int32_t)(int16_t)(a) op (int32_t)(int16_t)(b); \
2376 RESULT(sum, n, 16); \
2378 ge |= 3 << (n * 2); \
2381 #define SARITH8(a, b, n, op) do { \
2383 sum = (int32_t)(int8_t)(a) op (int32_t)(int8_t)(b); \
2384 RESULT(sum, n, 8); \
2390 #define ADD16(a, b, n) SARITH16(a, b, n, +)
2391 #define SUB16(a, b, n) SARITH16(a, b, n, -)
2392 #define ADD8(a, b, n) SARITH8(a, b, n, +)
2393 #define SUB8(a, b, n) SARITH8(a, b, n, -)
2397 #include "op_addsub.h"
2399 /* Unsigned modulo arithmetic. */
2400 #define ADD16(a, b, n) do { \
2402 sum = (uint32_t)(uint16_t)(a) + (uint32_t)(uint16_t)(b); \
2403 RESULT(sum, n, 16); \
2404 if ((sum >> 16) == 1) \
2405 ge |= 3 << (n * 2); \
2408 #define ADD8(a, b, n) do { \
2410 sum = (uint32_t)(uint8_t)(a) + (uint32_t)(uint8_t)(b); \
2411 RESULT(sum, n, 8); \
2412 if ((sum >> 8) == 1) \
2416 #define SUB16(a, b, n) do { \
2418 sum = (uint32_t)(uint16_t)(a) - (uint32_t)(uint16_t)(b); \
2419 RESULT(sum, n, 16); \
2420 if ((sum >> 16) == 0) \
2421 ge |= 3 << (n * 2); \
2424 #define SUB8(a, b, n) do { \
2426 sum = (uint32_t)(uint8_t)(a) - (uint32_t)(uint8_t)(b); \
2427 RESULT(sum, n, 8); \
2428 if ((sum >> 8) == 0) \
2435 #include "op_addsub.h"
2437 /* Halved signed arithmetic. */
2438 #define ADD16(a, b, n) \
2439 RESULT(((int32_t)(int16_t)(a) + (int32_t)(int16_t)(b)) >> 1, n, 16)
2440 #define SUB16(a, b, n) \
2441 RESULT(((int32_t)(int16_t)(a) - (int32_t)(int16_t)(b)) >> 1, n, 16)
2442 #define ADD8(a, b, n) \
2443 RESULT(((int32_t)(int8_t)(a) + (int32_t)(int8_t)(b)) >> 1, n, 8)
2444 #define SUB8(a, b, n) \
2445 RESULT(((int32_t)(int8_t)(a) - (int32_t)(int8_t)(b)) >> 1, n, 8)
2448 #include "op_addsub.h"
2450 /* Halved unsigned arithmetic. */
2451 #define ADD16(a, b, n) \
2452 RESULT(((uint32_t)(uint16_t)(a) + (uint32_t)(uint16_t)(b)) >> 1, n, 16)
2453 #define SUB16(a, b, n) \
2454 RESULT(((uint32_t)(uint16_t)(a) - (uint32_t)(uint16_t)(b)) >> 1, n, 16)
2455 #define ADD8(a, b, n) \
2456 RESULT(((uint32_t)(uint8_t)(a) + (uint32_t)(uint8_t)(b)) >> 1, n, 8)
2457 #define SUB8(a, b, n) \
2458 RESULT(((uint32_t)(uint8_t)(a) - (uint32_t)(uint8_t)(b)) >> 1, n, 8)
2461 #include "op_addsub.h"
2463 static inline uint8_t do_usad(uint8_t a, uint8_t b)
2471 /* Unsigned sum of absolute byte differences. */
2472 uint32_t HELPER(usad8)(uint32_t a, uint32_t b)
2475 sum = do_usad(a, b);
2476 sum += do_usad(a >> 8, b >> 8);
2477 sum += do_usad(a >> 16, b >>16);
2478 sum += do_usad(a >> 24, b >> 24);
2482 /* For ARMv6 SEL instruction. */
2483 uint32_t HELPER(sel_flags)(uint32_t flags, uint32_t a, uint32_t b)
2496 return (a & mask) | (b & ~mask);
2499 uint32_t HELPER(logicq_cc)(uint64_t val)
2501 return (val >> 32) | (val != 0);
2504 /* VFP support. We follow the convention used for VFP instrunctions:
2505 Single precition routines have a "s" suffix, double precision a
2508 /* Convert host exception flags to vfp form. */
2509 static inline int vfp_exceptbits_from_host(int host_bits)
2511 int target_bits = 0;
2513 if (host_bits & float_flag_invalid)
2515 if (host_bits & float_flag_divbyzero)
2517 if (host_bits & float_flag_overflow)
2519 if (host_bits & (float_flag_underflow | float_flag_output_denormal))
2521 if (host_bits & float_flag_inexact)
2522 target_bits |= 0x10;
2523 if (host_bits & float_flag_input_denormal)
2524 target_bits |= 0x80;
2528 uint32_t HELPER(vfp_get_fpscr)(CPUARMState *env)
2533 fpscr = (env->vfp.xregs[ARM_VFP_FPSCR] & 0xffc8ffff)
2534 | (env->vfp.vec_len << 16)
2535 | (env->vfp.vec_stride << 20);
2536 i = get_float_exception_flags(&env->vfp.fp_status);
2537 i |= get_float_exception_flags(&env->vfp.standard_fp_status);
2538 fpscr |= vfp_exceptbits_from_host(i);
2542 uint32_t vfp_get_fpscr(CPUARMState *env)
2544 return HELPER(vfp_get_fpscr)(env);
2547 /* Convert vfp exception flags to target form. */
2548 static inline int vfp_exceptbits_to_host(int target_bits)
2552 if (target_bits & 1)
2553 host_bits |= float_flag_invalid;
2554 if (target_bits & 2)
2555 host_bits |= float_flag_divbyzero;
2556 if (target_bits & 4)
2557 host_bits |= float_flag_overflow;
2558 if (target_bits & 8)
2559 host_bits |= float_flag_underflow;
2560 if (target_bits & 0x10)
2561 host_bits |= float_flag_inexact;
2562 if (target_bits & 0x80)
2563 host_bits |= float_flag_input_denormal;
2567 void HELPER(vfp_set_fpscr)(CPUARMState *env, uint32_t val)
2572 changed = env->vfp.xregs[ARM_VFP_FPSCR];
2573 env->vfp.xregs[ARM_VFP_FPSCR] = (val & 0xffc8ffff);
2574 env->vfp.vec_len = (val >> 16) & 7;
2575 env->vfp.vec_stride = (val >> 20) & 3;
2578 if (changed & (3 << 22)) {
2579 i = (val >> 22) & 3;
2582 i = float_round_nearest_even;
2588 i = float_round_down;
2591 i = float_round_to_zero;
2594 set_float_rounding_mode(i, &env->vfp.fp_status);
2596 if (changed & (1 << 24)) {
2597 set_flush_to_zero((val & (1 << 24)) != 0, &env->vfp.fp_status);
2598 set_flush_inputs_to_zero((val & (1 << 24)) != 0, &env->vfp.fp_status);
2600 if (changed & (1 << 25))
2601 set_default_nan_mode((val & (1 << 25)) != 0, &env->vfp.fp_status);
2603 i = vfp_exceptbits_to_host(val);
2604 set_float_exception_flags(i, &env->vfp.fp_status);
2605 set_float_exception_flags(0, &env->vfp.standard_fp_status);
2608 void vfp_set_fpscr(CPUARMState *env, uint32_t val)
2610 HELPER(vfp_set_fpscr)(env, val);
2613 #define VFP_HELPER(name, p) HELPER(glue(glue(vfp_,name),p))
2615 #define VFP_BINOP(name) \
2616 float32 VFP_HELPER(name, s)(float32 a, float32 b, void *fpstp) \
2618 float_status *fpst = fpstp; \
2619 return float32_ ## name(a, b, fpst); \
2621 float64 VFP_HELPER(name, d)(float64 a, float64 b, void *fpstp) \
2623 float_status *fpst = fpstp; \
2624 return float64_ ## name(a, b, fpst); \
2632 float32 VFP_HELPER(neg, s)(float32 a)
2634 return float32_chs(a);
2637 float64 VFP_HELPER(neg, d)(float64 a)
2639 return float64_chs(a);
2642 float32 VFP_HELPER(abs, s)(float32 a)
2644 return float32_abs(a);
2647 float64 VFP_HELPER(abs, d)(float64 a)
2649 return float64_abs(a);
2652 float32 VFP_HELPER(sqrt, s)(float32 a, CPUARMState *env)
2654 return float32_sqrt(a, &env->vfp.fp_status);
2657 float64 VFP_HELPER(sqrt, d)(float64 a, CPUARMState *env)
2659 return float64_sqrt(a, &env->vfp.fp_status);
2662 /* XXX: check quiet/signaling case */
2663 #define DO_VFP_cmp(p, type) \
2664 void VFP_HELPER(cmp, p)(type a, type b, CPUARMState *env) \
2667 switch(type ## _compare_quiet(a, b, &env->vfp.fp_status)) { \
2668 case 0: flags = 0x6; break; \
2669 case -1: flags = 0x8; break; \
2670 case 1: flags = 0x2; break; \
2671 default: case 2: flags = 0x3; break; \
2673 env->vfp.xregs[ARM_VFP_FPSCR] = (flags << 28) \
2674 | (env->vfp.xregs[ARM_VFP_FPSCR] & 0x0fffffff); \
2676 void VFP_HELPER(cmpe, p)(type a, type b, CPUARMState *env) \
2679 switch(type ## _compare(a, b, &env->vfp.fp_status)) { \
2680 case 0: flags = 0x6; break; \
2681 case -1: flags = 0x8; break; \
2682 case 1: flags = 0x2; break; \
2683 default: case 2: flags = 0x3; break; \
2685 env->vfp.xregs[ARM_VFP_FPSCR] = (flags << 28) \
2686 | (env->vfp.xregs[ARM_VFP_FPSCR] & 0x0fffffff); \
2688 DO_VFP_cmp(s, float32)
2689 DO_VFP_cmp(d, float64)
2692 /* Integer to float and float to integer conversions */
2694 #define CONV_ITOF(name, fsz, sign) \
2695 float##fsz HELPER(name)(uint32_t x, void *fpstp) \
2697 float_status *fpst = fpstp; \
2698 return sign##int32_to_##float##fsz((sign##int32_t)x, fpst); \
2701 #define CONV_FTOI(name, fsz, sign, round) \
2702 uint32_t HELPER(name)(float##fsz x, void *fpstp) \
2704 float_status *fpst = fpstp; \
2705 if (float##fsz##_is_any_nan(x)) { \
2706 float_raise(float_flag_invalid, fpst); \
2709 return float##fsz##_to_##sign##int32##round(x, fpst); \
2712 #define FLOAT_CONVS(name, p, fsz, sign) \
2713 CONV_ITOF(vfp_##name##to##p, fsz, sign) \
2714 CONV_FTOI(vfp_to##name##p, fsz, sign, ) \
2715 CONV_FTOI(vfp_to##name##z##p, fsz, sign, _round_to_zero)
2717 FLOAT_CONVS(si, s, 32, )
2718 FLOAT_CONVS(si, d, 64, )
2719 FLOAT_CONVS(ui, s, 32, u)
2720 FLOAT_CONVS(ui, d, 64, u)
2726 /* floating point conversion */
2727 float64 VFP_HELPER(fcvtd, s)(float32 x, CPUARMState *env)
2729 float64 r = float32_to_float64(x, &env->vfp.fp_status);
2730 /* ARM requires that S<->D conversion of any kind of NaN generates
2731 * a quiet NaN by forcing the most significant frac bit to 1.
2733 return float64_maybe_silence_nan(r);
2736 float32 VFP_HELPER(fcvts, d)(float64 x, CPUARMState *env)
2738 float32 r = float64_to_float32(x, &env->vfp.fp_status);
2739 /* ARM requires that S<->D conversion of any kind of NaN generates
2740 * a quiet NaN by forcing the most significant frac bit to 1.
2742 return float32_maybe_silence_nan(r);
2745 /* VFP3 fixed point conversion. */
2746 #define VFP_CONV_FIX(name, p, fsz, itype, sign) \
2747 float##fsz HELPER(vfp_##name##to##p)(uint##fsz##_t x, uint32_t shift, \
2750 float_status *fpst = fpstp; \
2752 tmp = sign##int32_to_##float##fsz((itype##_t)x, fpst); \
2753 return float##fsz##_scalbn(tmp, -(int)shift, fpst); \
2755 uint##fsz##_t HELPER(vfp_to##name##p)(float##fsz x, uint32_t shift, \
2758 float_status *fpst = fpstp; \
2760 if (float##fsz##_is_any_nan(x)) { \
2761 float_raise(float_flag_invalid, fpst); \
2764 tmp = float##fsz##_scalbn(x, shift, fpst); \
2765 return float##fsz##_to_##itype##_round_to_zero(tmp, fpst); \
2768 VFP_CONV_FIX(sh, d, 64, int16, )
2769 VFP_CONV_FIX(sl, d, 64, int32, )
2770 VFP_CONV_FIX(uh, d, 64, uint16, u)
2771 VFP_CONV_FIX(ul, d, 64, uint32, u)
2772 VFP_CONV_FIX(sh, s, 32, int16, )
2773 VFP_CONV_FIX(sl, s, 32, int32, )
2774 VFP_CONV_FIX(uh, s, 32, uint16, u)
2775 VFP_CONV_FIX(ul, s, 32, uint32, u)
2778 /* Half precision conversions. */
2779 static float32 do_fcvt_f16_to_f32(uint32_t a, CPUARMState *env, float_status *s)
2781 int ieee = (env->vfp.xregs[ARM_VFP_FPSCR] & (1 << 26)) == 0;
2782 float32 r = float16_to_float32(make_float16(a), ieee, s);
2784 return float32_maybe_silence_nan(r);
2789 static uint32_t do_fcvt_f32_to_f16(float32 a, CPUARMState *env, float_status *s)
2791 int ieee = (env->vfp.xregs[ARM_VFP_FPSCR] & (1 << 26)) == 0;
2792 float16 r = float32_to_float16(a, ieee, s);
2794 r = float16_maybe_silence_nan(r);
2796 return float16_val(r);
2799 float32 HELPER(neon_fcvt_f16_to_f32)(uint32_t a, CPUARMState *env)
2801 return do_fcvt_f16_to_f32(a, env, &env->vfp.standard_fp_status);
2804 uint32_t HELPER(neon_fcvt_f32_to_f16)(float32 a, CPUARMState *env)
2806 return do_fcvt_f32_to_f16(a, env, &env->vfp.standard_fp_status);
2809 float32 HELPER(vfp_fcvt_f16_to_f32)(uint32_t a, CPUARMState *env)
2811 return do_fcvt_f16_to_f32(a, env, &env->vfp.fp_status);
2814 uint32_t HELPER(vfp_fcvt_f32_to_f16)(float32 a, CPUARMState *env)
2816 return do_fcvt_f32_to_f16(a, env, &env->vfp.fp_status);
2819 #define float32_two make_float32(0x40000000)
2820 #define float32_three make_float32(0x40400000)
2821 #define float32_one_point_five make_float32(0x3fc00000)
2823 float32 HELPER(recps_f32)(float32 a, float32 b, CPUARMState *env)
2825 float_status *s = &env->vfp.standard_fp_status;
2826 if ((float32_is_infinity(a) && float32_is_zero_or_denormal(b)) ||
2827 (float32_is_infinity(b) && float32_is_zero_or_denormal(a))) {
2828 if (!(float32_is_zero(a) || float32_is_zero(b))) {
2829 float_raise(float_flag_input_denormal, s);
2833 return float32_sub(float32_two, float32_mul(a, b, s), s);
2836 float32 HELPER(rsqrts_f32)(float32 a, float32 b, CPUARMState *env)
2838 float_status *s = &env->vfp.standard_fp_status;
2840 if ((float32_is_infinity(a) && float32_is_zero_or_denormal(b)) ||
2841 (float32_is_infinity(b) && float32_is_zero_or_denormal(a))) {
2842 if (!(float32_is_zero(a) || float32_is_zero(b))) {
2843 float_raise(float_flag_input_denormal, s);
2845 return float32_one_point_five;
2847 product = float32_mul(a, b, s);
2848 return float32_div(float32_sub(float32_three, product, s), float32_two, s);
2853 /* Constants 256 and 512 are used in some helpers; we avoid relying on
2854 * int->float conversions at run-time. */
2855 #define float64_256 make_float64(0x4070000000000000LL)
2856 #define float64_512 make_float64(0x4080000000000000LL)
2858 /* The algorithm that must be used to calculate the estimate
2859 * is specified by the ARM ARM.
2861 static float64 recip_estimate(float64 a, CPUARMState *env)
2863 /* These calculations mustn't set any fp exception flags,
2864 * so we use a local copy of the fp_status.
2866 float_status dummy_status = env->vfp.standard_fp_status;
2867 float_status *s = &dummy_status;
2868 /* q = (int)(a * 512.0) */
2869 float64 q = float64_mul(float64_512, a, s);
2870 int64_t q_int = float64_to_int64_round_to_zero(q, s);
2872 /* r = 1.0 / (((double)q + 0.5) / 512.0) */
2873 q = int64_to_float64(q_int, s);
2874 q = float64_add(q, float64_half, s);
2875 q = float64_div(q, float64_512, s);
2876 q = float64_div(float64_one, q, s);
2878 /* s = (int)(256.0 * r + 0.5) */
2879 q = float64_mul(q, float64_256, s);
2880 q = float64_add(q, float64_half, s);
2881 q_int = float64_to_int64_round_to_zero(q, s);
2883 /* return (double)s / 256.0 */
2884 return float64_div(int64_to_float64(q_int, s), float64_256, s);
2887 float32 HELPER(recpe_f32)(float32 a, CPUARMState *env)
2889 float_status *s = &env->vfp.standard_fp_status;
2891 uint32_t val32 = float32_val(a);
2894 int a_exp = (val32 & 0x7f800000) >> 23;
2895 int sign = val32 & 0x80000000;
2897 if (float32_is_any_nan(a)) {
2898 if (float32_is_signaling_nan(a)) {
2899 float_raise(float_flag_invalid, s);
2901 return float32_default_nan;
2902 } else if (float32_is_infinity(a)) {
2903 return float32_set_sign(float32_zero, float32_is_neg(a));
2904 } else if (float32_is_zero_or_denormal(a)) {
2905 if (!float32_is_zero(a)) {
2906 float_raise(float_flag_input_denormal, s);
2908 float_raise(float_flag_divbyzero, s);
2909 return float32_set_sign(float32_infinity, float32_is_neg(a));
2910 } else if (a_exp >= 253) {
2911 float_raise(float_flag_underflow, s);
2912 return float32_set_sign(float32_zero, float32_is_neg(a));
2915 f64 = make_float64((0x3feULL << 52)
2916 | ((int64_t)(val32 & 0x7fffff) << 29));
2918 result_exp = 253 - a_exp;
2920 f64 = recip_estimate(f64, env);
2923 | ((result_exp & 0xff) << 23)
2924 | ((float64_val(f64) >> 29) & 0x7fffff);
2925 return make_float32(val32);
2928 /* The algorithm that must be used to calculate the estimate
2929 * is specified by the ARM ARM.
2931 static float64 recip_sqrt_estimate(float64 a, CPUARMState *env)
2933 /* These calculations mustn't set any fp exception flags,
2934 * so we use a local copy of the fp_status.
2936 float_status dummy_status = env->vfp.standard_fp_status;
2937 float_status *s = &dummy_status;
2941 if (float64_lt(a, float64_half, s)) {
2942 /* range 0.25 <= a < 0.5 */
2944 /* a in units of 1/512 rounded down */
2945 /* q0 = (int)(a * 512.0); */
2946 q = float64_mul(float64_512, a, s);
2947 q_int = float64_to_int64_round_to_zero(q, s);
2949 /* reciprocal root r */
2950 /* r = 1.0 / sqrt(((double)q0 + 0.5) / 512.0); */
2951 q = int64_to_float64(q_int, s);
2952 q = float64_add(q, float64_half, s);
2953 q = float64_div(q, float64_512, s);
2954 q = float64_sqrt(q, s);
2955 q = float64_div(float64_one, q, s);
2957 /* range 0.5 <= a < 1.0 */
2959 /* a in units of 1/256 rounded down */
2960 /* q1 = (int)(a * 256.0); */
2961 q = float64_mul(float64_256, a, s);
2962 int64_t q_int = float64_to_int64_round_to_zero(q, s);
2964 /* reciprocal root r */
2965 /* r = 1.0 /sqrt(((double)q1 + 0.5) / 256); */
2966 q = int64_to_float64(q_int, s);
2967 q = float64_add(q, float64_half, s);
2968 q = float64_div(q, float64_256, s);
2969 q = float64_sqrt(q, s);
2970 q = float64_div(float64_one, q, s);
2972 /* r in units of 1/256 rounded to nearest */
2973 /* s = (int)(256.0 * r + 0.5); */
2975 q = float64_mul(q, float64_256,s );
2976 q = float64_add(q, float64_half, s);
2977 q_int = float64_to_int64_round_to_zero(q, s);
2979 /* return (double)s / 256.0;*/
2980 return float64_div(int64_to_float64(q_int, s), float64_256, s);
2983 float32 HELPER(rsqrte_f32)(float32 a, CPUARMState *env)
2985 float_status *s = &env->vfp.standard_fp_status;
2991 val = float32_val(a);
2993 if (float32_is_any_nan(a)) {
2994 if (float32_is_signaling_nan(a)) {
2995 float_raise(float_flag_invalid, s);
2997 return float32_default_nan;
2998 } else if (float32_is_zero_or_denormal(a)) {
2999 if (!float32_is_zero(a)) {
3000 float_raise(float_flag_input_denormal, s);
3002 float_raise(float_flag_divbyzero, s);
3003 return float32_set_sign(float32_infinity, float32_is_neg(a));
3004 } else if (float32_is_neg(a)) {
3005 float_raise(float_flag_invalid, s);
3006 return float32_default_nan;
3007 } else if (float32_is_infinity(a)) {
3008 return float32_zero;
3011 /* Normalize to a double-precision value between 0.25 and 1.0,
3012 * preserving the parity of the exponent. */
3013 if ((val & 0x800000) == 0) {
3014 f64 = make_float64(((uint64_t)(val & 0x80000000) << 32)
3016 | ((uint64_t)(val & 0x7fffff) << 29));
3018 f64 = make_float64(((uint64_t)(val & 0x80000000) << 32)
3020 | ((uint64_t)(val & 0x7fffff) << 29));
3023 result_exp = (380 - ((val & 0x7f800000) >> 23)) / 2;
3025 f64 = recip_sqrt_estimate(f64, env);
3027 val64 = float64_val(f64);
3029 val = ((result_exp & 0xff) << 23)
3030 | ((val64 >> 29) & 0x7fffff);
3031 return make_float32(val);
3034 uint32_t HELPER(recpe_u32)(uint32_t a, CPUARMState *env)
3038 if ((a & 0x80000000) == 0) {
3042 f64 = make_float64((0x3feULL << 52)
3043 | ((int64_t)(a & 0x7fffffff) << 21));
3045 f64 = recip_estimate (f64, env);
3047 return 0x80000000 | ((float64_val(f64) >> 21) & 0x7fffffff);
3050 uint32_t HELPER(rsqrte_u32)(uint32_t a, CPUARMState *env)
3054 if ((a & 0xc0000000) == 0) {
3058 if (a & 0x80000000) {
3059 f64 = make_float64((0x3feULL << 52)
3060 | ((uint64_t)(a & 0x7fffffff) << 21));
3061 } else { /* bits 31-30 == '01' */
3062 f64 = make_float64((0x3fdULL << 52)
3063 | ((uint64_t)(a & 0x3fffffff) << 22));
3066 f64 = recip_sqrt_estimate(f64, env);
3068 return 0x80000000 | ((float64_val(f64) >> 21) & 0x7fffffff);
3071 /* VFPv4 fused multiply-accumulate */
3072 float32 VFP_HELPER(muladd, s)(float32 a, float32 b, float32 c, void *fpstp)
3074 float_status *fpst = fpstp;
3075 return float32_muladd(a, b, c, 0, fpst);
3078 float64 VFP_HELPER(muladd, d)(float64 a, float64 b, float64 c, void *fpstp)
3080 float_status *fpst = fpstp;
3081 return float64_muladd(a, b, c, 0, fpst);
3084 void HELPER(set_teecr)(CPUARMState *env, uint32_t val)
3087 if (env->teecr != val) {
projects / qemu.git / blob