8 #include "qemu-common.h"
9 #include "host-utils.h"
10 #if !defined(CONFIG_USER_ONLY)
11 #include "hw/loader.h"
14 static uint32_t cortexa9_cp15_c0_c1[8] =
15 { 0x1031, 0x11, 0x000, 0, 0x00100103, 0x20000000, 0x01230000, 0x00002111 };
17 static uint32_t cortexa9_cp15_c0_c2[8] =
18 { 0x00101111, 0x13112111, 0x21232041, 0x11112131, 0x00111142, 0, 0, 0 };
20 static uint32_t cortexa8_cp15_c0_c1[8] =
21 { 0x1031, 0x11, 0x400, 0, 0x31100003, 0x20000000, 0x01202000, 0x11 };
23 static uint32_t cortexa8_cp15_c0_c2[8] =
24 { 0x00101111, 0x12112111, 0x21232031, 0x11112131, 0x00111142, 0, 0, 0 };
26 static uint32_t mpcore_cp15_c0_c1[8] =
27 { 0x111, 0x1, 0, 0x2, 0x01100103, 0x10020302, 0x01222000, 0 };
29 static uint32_t mpcore_cp15_c0_c2[8] =
30 { 0x00100011, 0x12002111, 0x11221011, 0x01102131, 0x141, 0, 0, 0 };
32 static uint32_t arm1136_cp15_c0_c1[8] =
33 { 0x111, 0x1, 0x2, 0x3, 0x01130003, 0x10030302, 0x01222110, 0 };
35 static uint32_t arm1136_cp15_c0_c2[8] =
36 { 0x00140011, 0x12002111, 0x11231111, 0x01102131, 0x141, 0, 0, 0 };
38 static uint32_t arm1176_cp15_c0_c1[8] =
39 { 0x111, 0x11, 0x33, 0, 0x01130003, 0x10030302, 0x01222100, 0 };
41 static uint32_t arm1176_cp15_c0_c2[8] =
42 { 0x0140011, 0x12002111, 0x11231121, 0x01102131, 0x01141, 0, 0, 0 };
44 static uint32_t cpu_arm_find_by_name(const char *name);
46 static inline void set_feature(CPUARMState *env, int feature)
48 env->features |= 1u << feature;
51 static void cpu_reset_model_id(CPUARMState *env, uint32_t id)
53 env->cp15.c0_cpuid = id;
55 case ARM_CPUID_ARM926:
56 set_feature(env, ARM_FEATURE_V5);
57 set_feature(env, ARM_FEATURE_VFP);
58 env->vfp.xregs[ARM_VFP_FPSID] = 0x41011090;
59 env->cp15.c0_cachetype = 0x1dd20d2;
60 env->cp15.c1_sys = 0x00090078;
62 case ARM_CPUID_ARM946:
63 set_feature(env, ARM_FEATURE_V5);
64 set_feature(env, ARM_FEATURE_MPU);
65 env->cp15.c0_cachetype = 0x0f004006;
66 env->cp15.c1_sys = 0x00000078;
68 case ARM_CPUID_ARM1026:
69 set_feature(env, ARM_FEATURE_V5);
70 set_feature(env, ARM_FEATURE_VFP);
71 set_feature(env, ARM_FEATURE_AUXCR);
72 env->vfp.xregs[ARM_VFP_FPSID] = 0x410110a0;
73 env->cp15.c0_cachetype = 0x1dd20d2;
74 env->cp15.c1_sys = 0x00090078;
76 case ARM_CPUID_ARM1136:
77 /* This is the 1136 r1, which is a v6K core */
78 set_feature(env, ARM_FEATURE_V6K);
80 case ARM_CPUID_ARM1136_R2:
81 /* What qemu calls "arm1136_r2" is actually the 1136 r0p2, ie an
82 * older core than plain "arm1136". In particular this does not
83 * have the v6K features.
85 set_feature(env, ARM_FEATURE_V6);
86 set_feature(env, ARM_FEATURE_VFP);
87 set_feature(env, ARM_FEATURE_AUXCR);
88 /* These ID register values are correct for 1136 but may be wrong
89 * for 1136_r2 (in particular r0p2 does not actually implement most
90 * of the ID registers).
92 env->vfp.xregs[ARM_VFP_FPSID] = 0x410120b4;
93 env->vfp.xregs[ARM_VFP_MVFR0] = 0x11111111;
94 env->vfp.xregs[ARM_VFP_MVFR1] = 0x00000000;
95 memcpy(env->cp15.c0_c1, arm1136_cp15_c0_c1, 8 * sizeof(uint32_t));
96 memcpy(env->cp15.c0_c2, arm1136_cp15_c0_c2, 8 * sizeof(uint32_t));
97 env->cp15.c0_cachetype = 0x1dd20d2;
98 env->cp15.c1_sys = 0x00050078;
100 case ARM_CPUID_ARM1176:
101 set_feature(env, ARM_FEATURE_V6);
102 set_feature(env, ARM_FEATURE_V6K);
103 set_feature(env, ARM_FEATURE_VFP);
104 set_feature(env, ARM_FEATURE_AUXCR);
105 set_feature(env, ARM_FEATURE_VAPA);
106 env->vfp.xregs[ARM_VFP_FPSID] = 0x410120b5;
107 env->vfp.xregs[ARM_VFP_MVFR0] = 0x11111111;
108 env->vfp.xregs[ARM_VFP_MVFR1] = 0x00000000;
109 memcpy(env->cp15.c0_c1, arm1176_cp15_c0_c1, 8 * sizeof(uint32_t));
110 memcpy(env->cp15.c0_c2, arm1176_cp15_c0_c2, 8 * sizeof(uint32_t));
111 env->cp15.c0_cachetype = 0x1dd20d2;
112 env->cp15.c1_sys = 0x00050078;
114 case ARM_CPUID_ARM11MPCORE:
115 set_feature(env, ARM_FEATURE_V6);
116 set_feature(env, ARM_FEATURE_V6K);
117 set_feature(env, ARM_FEATURE_VFP);
118 set_feature(env, ARM_FEATURE_AUXCR);
119 set_feature(env, ARM_FEATURE_VAPA);
120 env->vfp.xregs[ARM_VFP_FPSID] = 0x410120b4;
121 env->vfp.xregs[ARM_VFP_MVFR0] = 0x11111111;
122 env->vfp.xregs[ARM_VFP_MVFR1] = 0x00000000;
123 memcpy(env->cp15.c0_c1, mpcore_cp15_c0_c1, 8 * sizeof(uint32_t));
124 memcpy(env->cp15.c0_c2, mpcore_cp15_c0_c2, 8 * sizeof(uint32_t));
125 env->cp15.c0_cachetype = 0x1dd20d2;
127 case ARM_CPUID_CORTEXA8:
128 set_feature(env, ARM_FEATURE_V6);
129 set_feature(env, ARM_FEATURE_V6K);
130 set_feature(env, ARM_FEATURE_V7);
131 set_feature(env, ARM_FEATURE_AUXCR);
132 set_feature(env, ARM_FEATURE_THUMB2);
133 set_feature(env, ARM_FEATURE_VFP);
134 set_feature(env, ARM_FEATURE_VFP3);
135 set_feature(env, ARM_FEATURE_NEON);
136 set_feature(env, ARM_FEATURE_THUMB2EE);
137 env->vfp.xregs[ARM_VFP_FPSID] = 0x410330c0;
138 env->vfp.xregs[ARM_VFP_MVFR0] = 0x11110222;
139 env->vfp.xregs[ARM_VFP_MVFR1] = 0x00011100;
140 memcpy(env->cp15.c0_c1, cortexa8_cp15_c0_c1, 8 * sizeof(uint32_t));
141 memcpy(env->cp15.c0_c2, cortexa8_cp15_c0_c2, 8 * sizeof(uint32_t));
142 env->cp15.c0_cachetype = 0x82048004;
143 env->cp15.c0_clid = (1 << 27) | (2 << 24) | 3;
144 env->cp15.c0_ccsid[0] = 0xe007e01a; /* 16k L1 dcache. */
145 env->cp15.c0_ccsid[1] = 0x2007e01a; /* 16k L1 icache. */
146 env->cp15.c0_ccsid[2] = 0xf0000000; /* No L2 icache. */
147 env->cp15.c1_sys = 0x00c50078;
149 case ARM_CPUID_CORTEXA9:
150 set_feature(env, ARM_FEATURE_V6);
151 set_feature(env, ARM_FEATURE_V6K);
152 set_feature(env, ARM_FEATURE_V7);
153 set_feature(env, ARM_FEATURE_AUXCR);
154 set_feature(env, ARM_FEATURE_THUMB2);
155 set_feature(env, ARM_FEATURE_VFP);
156 set_feature(env, ARM_FEATURE_VFP3);
157 set_feature(env, ARM_FEATURE_VFP_FP16);
158 set_feature(env, ARM_FEATURE_NEON);
159 set_feature(env, ARM_FEATURE_THUMB2EE);
160 /* Note that A9 supports the MP extensions even for
161 * A9UP and single-core A9MP (which are both different
162 * and valid configurations; we don't model A9UP).
164 set_feature(env, ARM_FEATURE_V7MP);
165 env->vfp.xregs[ARM_VFP_FPSID] = 0x41034000; /* Guess */
166 env->vfp.xregs[ARM_VFP_MVFR0] = 0x11110222;
167 env->vfp.xregs[ARM_VFP_MVFR1] = 0x01111111;
168 memcpy(env->cp15.c0_c1, cortexa9_cp15_c0_c1, 8 * sizeof(uint32_t));
169 memcpy(env->cp15.c0_c2, cortexa9_cp15_c0_c2, 8 * sizeof(uint32_t));
170 env->cp15.c0_cachetype = 0x80038003;
171 env->cp15.c0_clid = (1 << 27) | (1 << 24) | 3;
172 env->cp15.c0_ccsid[0] = 0xe00fe015; /* 16k L1 dcache. */
173 env->cp15.c0_ccsid[1] = 0x200fe015; /* 16k L1 icache. */
174 env->cp15.c1_sys = 0x00c50078;
176 case ARM_CPUID_CORTEXM3:
177 set_feature(env, ARM_FEATURE_V6);
178 set_feature(env, ARM_FEATURE_THUMB2);
179 set_feature(env, ARM_FEATURE_V7);
180 set_feature(env, ARM_FEATURE_M);
181 set_feature(env, ARM_FEATURE_THUMB_DIV);
183 case ARM_CPUID_ANY: /* For userspace emulation. */
184 set_feature(env, ARM_FEATURE_V6);
185 set_feature(env, ARM_FEATURE_V6K);
186 set_feature(env, ARM_FEATURE_V7);
187 set_feature(env, ARM_FEATURE_THUMB2);
188 set_feature(env, ARM_FEATURE_VFP);
189 set_feature(env, ARM_FEATURE_VFP3);
190 set_feature(env, ARM_FEATURE_VFP4);
191 set_feature(env, ARM_FEATURE_VFP_FP16);
192 set_feature(env, ARM_FEATURE_NEON);
193 set_feature(env, ARM_FEATURE_THUMB2EE);
194 set_feature(env, ARM_FEATURE_ARM_DIV);
195 set_feature(env, ARM_FEATURE_V7MP);
197 case ARM_CPUID_TI915T:
198 case ARM_CPUID_TI925T:
199 set_feature(env, ARM_FEATURE_V4T);
200 set_feature(env, ARM_FEATURE_OMAPCP);
201 env->cp15.c0_cpuid = ARM_CPUID_TI925T; /* Depends on wiring. */
202 env->cp15.c0_cachetype = 0x5109149;
203 env->cp15.c1_sys = 0x00000070;
204 env->cp15.c15_i_max = 0x000;
205 env->cp15.c15_i_min = 0xff0;
207 case ARM_CPUID_PXA250:
208 case ARM_CPUID_PXA255:
209 case ARM_CPUID_PXA260:
210 case ARM_CPUID_PXA261:
211 case ARM_CPUID_PXA262:
212 set_feature(env, ARM_FEATURE_V5);
213 set_feature(env, ARM_FEATURE_XSCALE);
214 /* JTAG_ID is ((id << 28) | 0x09265013) */
215 env->cp15.c0_cachetype = 0xd172172;
216 env->cp15.c1_sys = 0x00000078;
218 case ARM_CPUID_PXA270_A0:
219 case ARM_CPUID_PXA270_A1:
220 case ARM_CPUID_PXA270_B0:
221 case ARM_CPUID_PXA270_B1:
222 case ARM_CPUID_PXA270_C0:
223 case ARM_CPUID_PXA270_C5:
224 set_feature(env, ARM_FEATURE_V5);
225 set_feature(env, ARM_FEATURE_XSCALE);
226 /* JTAG_ID is ((id << 28) | 0x09265013) */
227 set_feature(env, ARM_FEATURE_IWMMXT);
228 env->iwmmxt.cregs[ARM_IWMMXT_wCID] = 0x69051000 | 'Q';
229 env->cp15.c0_cachetype = 0xd172172;
230 env->cp15.c1_sys = 0x00000078;
232 case ARM_CPUID_SA1100:
233 case ARM_CPUID_SA1110:
234 set_feature(env, ARM_FEATURE_STRONGARM);
235 env->cp15.c1_sys = 0x00000070;
238 cpu_abort(env, "Bad CPU ID: %x\n", id);
242 /* Some features automatically imply others: */
243 if (arm_feature(env, ARM_FEATURE_V7)) {
244 set_feature(env, ARM_FEATURE_VAPA);
246 if (arm_feature(env, ARM_FEATURE_V6)) {
247 set_feature(env, ARM_FEATURE_V5);
249 if (arm_feature(env, ARM_FEATURE_V5)) {
250 set_feature(env, ARM_FEATURE_V4T);
252 if (arm_feature(env, ARM_FEATURE_ARM_DIV)) {
253 set_feature(env, ARM_FEATURE_THUMB_DIV);
257 void cpu_reset(CPUARMState *env)
261 if (qemu_loglevel_mask(CPU_LOG_RESET)) {
262 qemu_log("CPU Reset (CPU %d)\n", env->cpu_index);
263 log_cpu_state(env, 0);
266 id = env->cp15.c0_cpuid;
267 memset(env, 0, offsetof(CPUARMState, breakpoints));
269 cpu_reset_model_id(env, id);
270 #if defined (CONFIG_USER_ONLY)
271 env->uncached_cpsr = ARM_CPU_MODE_USR;
272 /* For user mode we must enable access to coprocessors */
273 env->vfp.xregs[ARM_VFP_FPEXC] = 1 << 30;
274 if (arm_feature(env, ARM_FEATURE_IWMMXT)) {
275 env->cp15.c15_cpar = 3;
276 } else if (arm_feature(env, ARM_FEATURE_XSCALE)) {
277 env->cp15.c15_cpar = 1;
280 /* SVC mode with interrupts disabled. */
281 env->uncached_cpsr = ARM_CPU_MODE_SVC | CPSR_A | CPSR_F | CPSR_I;
282 /* On ARMv7-M the CPSR_I is the value of the PRIMASK register, and is
283 clear at reset. Initial SP and PC are loaded from ROM. */
287 env->uncached_cpsr &= ~CPSR_I;
290 /* We should really use ldl_phys here, in case the guest
291 modified flash and reset itself. However images
292 loaded via -kernel have not been copied yet, so load the
293 values directly from there. */
294 env->regs[13] = ldl_p(rom);
297 env->regs[15] = pc & ~1;
300 env->vfp.xregs[ARM_VFP_FPEXC] = 0;
301 env->cp15.c2_base_mask = 0xffffc000u;
302 /* v7 performance monitor control register: same implementor
303 * field as main ID register, and we implement no event counters.
305 env->cp15.c9_pmcr = (id & 0xff000000);
307 set_flush_to_zero(1, &env->vfp.standard_fp_status);
308 set_flush_inputs_to_zero(1, &env->vfp.standard_fp_status);
309 set_default_nan_mode(1, &env->vfp.standard_fp_status);
310 set_float_detect_tininess(float_tininess_before_rounding,
311 &env->vfp.fp_status);
312 set_float_detect_tininess(float_tininess_before_rounding,
313 &env->vfp.standard_fp_status);
317 static int vfp_gdb_get_reg(CPUState *env, uint8_t *buf, int reg)
321 /* VFP data registers are always little-endian. */
322 nregs = arm_feature(env, ARM_FEATURE_VFP3) ? 32 : 16;
324 stfq_le_p(buf, env->vfp.regs[reg]);
327 if (arm_feature(env, ARM_FEATURE_NEON)) {
328 /* Aliases for Q regs. */
331 stfq_le_p(buf, env->vfp.regs[(reg - 32) * 2]);
332 stfq_le_p(buf + 8, env->vfp.regs[(reg - 32) * 2 + 1]);
336 switch (reg - nregs) {
337 case 0: stl_p(buf, env->vfp.xregs[ARM_VFP_FPSID]); return 4;
338 case 1: stl_p(buf, env->vfp.xregs[ARM_VFP_FPSCR]); return 4;
339 case 2: stl_p(buf, env->vfp.xregs[ARM_VFP_FPEXC]); return 4;
344 static int vfp_gdb_set_reg(CPUState *env, uint8_t *buf, int reg)
348 nregs = arm_feature(env, ARM_FEATURE_VFP3) ? 32 : 16;
350 env->vfp.regs[reg] = ldfq_le_p(buf);
353 if (arm_feature(env, ARM_FEATURE_NEON)) {
356 env->vfp.regs[(reg - 32) * 2] = ldfq_le_p(buf);
357 env->vfp.regs[(reg - 32) * 2 + 1] = ldfq_le_p(buf + 8);
361 switch (reg - nregs) {
362 case 0: env->vfp.xregs[ARM_VFP_FPSID] = ldl_p(buf); return 4;
363 case 1: env->vfp.xregs[ARM_VFP_FPSCR] = ldl_p(buf); return 4;
364 case 2: env->vfp.xregs[ARM_VFP_FPEXC] = ldl_p(buf) & (1 << 30); return 4;
369 CPUARMState *cpu_arm_init(const char *cpu_model)
373 static int inited = 0;
375 id = cpu_arm_find_by_name(cpu_model);
378 env = g_malloc0(sizeof(CPUARMState));
380 if (tcg_enabled() && !inited) {
382 arm_translate_init();
385 env->cpu_model_str = cpu_model;
386 env->cp15.c0_cpuid = id;
388 if (arm_feature(env, ARM_FEATURE_NEON)) {
389 gdb_register_coprocessor(env, vfp_gdb_get_reg, vfp_gdb_set_reg,
390 51, "arm-neon.xml", 0);
391 } else if (arm_feature(env, ARM_FEATURE_VFP3)) {
392 gdb_register_coprocessor(env, vfp_gdb_get_reg, vfp_gdb_set_reg,
393 35, "arm-vfp3.xml", 0);
394 } else if (arm_feature(env, ARM_FEATURE_VFP)) {
395 gdb_register_coprocessor(env, vfp_gdb_get_reg, vfp_gdb_set_reg,
396 19, "arm-vfp.xml", 0);
407 static const struct arm_cpu_t arm_cpu_names[] = {
408 { ARM_CPUID_ARM926, "arm926"},
409 { ARM_CPUID_ARM946, "arm946"},
410 { ARM_CPUID_ARM1026, "arm1026"},
411 { ARM_CPUID_ARM1136, "arm1136"},
412 { ARM_CPUID_ARM1136_R2, "arm1136-r2"},
413 { ARM_CPUID_ARM1176, "arm1176"},
414 { ARM_CPUID_ARM11MPCORE, "arm11mpcore"},
415 { ARM_CPUID_CORTEXM3, "cortex-m3"},
416 { ARM_CPUID_CORTEXA8, "cortex-a8"},
417 { ARM_CPUID_CORTEXA9, "cortex-a9"},
418 { ARM_CPUID_TI925T, "ti925t" },
419 { ARM_CPUID_PXA250, "pxa250" },
420 { ARM_CPUID_SA1100, "sa1100" },
421 { ARM_CPUID_SA1110, "sa1110" },
422 { ARM_CPUID_PXA255, "pxa255" },
423 { ARM_CPUID_PXA260, "pxa260" },
424 { ARM_CPUID_PXA261, "pxa261" },
425 { ARM_CPUID_PXA262, "pxa262" },
426 { ARM_CPUID_PXA270, "pxa270" },
427 { ARM_CPUID_PXA270_A0, "pxa270-a0" },
428 { ARM_CPUID_PXA270_A1, "pxa270-a1" },
429 { ARM_CPUID_PXA270_B0, "pxa270-b0" },
430 { ARM_CPUID_PXA270_B1, "pxa270-b1" },
431 { ARM_CPUID_PXA270_C0, "pxa270-c0" },
432 { ARM_CPUID_PXA270_C5, "pxa270-c5" },
433 { ARM_CPUID_ANY, "any"},
437 void arm_cpu_list(FILE *f, fprintf_function cpu_fprintf)
441 (*cpu_fprintf)(f, "Available CPUs:\n");
442 for (i = 0; arm_cpu_names[i].name; i++) {
443 (*cpu_fprintf)(f, " %s\n", arm_cpu_names[i].name);
447 /* return 0 if not found */
448 static uint32_t cpu_arm_find_by_name(const char *name)
454 for (i = 0; arm_cpu_names[i].name; i++) {
455 if (strcmp(name, arm_cpu_names[i].name) == 0) {
456 id = arm_cpu_names[i].id;
463 void cpu_arm_close(CPUARMState *env)
468 uint32_t cpsr_read(CPUARMState *env)
472 return env->uncached_cpsr | (env->NF & 0x80000000) | (ZF << 30) |
473 (env->CF << 29) | ((env->VF & 0x80000000) >> 3) | (env->QF << 27)
474 | (env->thumb << 5) | ((env->condexec_bits & 3) << 25)
475 | ((env->condexec_bits & 0xfc) << 8)
479 void cpsr_write(CPUARMState *env, uint32_t val, uint32_t mask)
481 if (mask & CPSR_NZCV) {
482 env->ZF = (~val) & CPSR_Z;
484 env->CF = (val >> 29) & 1;
485 env->VF = (val << 3) & 0x80000000;
488 env->QF = ((val & CPSR_Q) != 0);
490 env->thumb = ((val & CPSR_T) != 0);
491 if (mask & CPSR_IT_0_1) {
492 env->condexec_bits &= ~3;
493 env->condexec_bits |= (val >> 25) & 3;
495 if (mask & CPSR_IT_2_7) {
496 env->condexec_bits &= 3;
497 env->condexec_bits |= (val >> 8) & 0xfc;
499 if (mask & CPSR_GE) {
500 env->GE = (val >> 16) & 0xf;
503 if ((env->uncached_cpsr ^ val) & mask & CPSR_M) {
504 switch_mode(env, val & CPSR_M);
506 mask &= ~CACHED_CPSR_BITS;
507 env->uncached_cpsr = (env->uncached_cpsr & ~mask) | (val & mask);
510 /* Sign/zero extend */
511 uint32_t HELPER(sxtb16)(uint32_t x)
514 res = (uint16_t)(int8_t)x;
515 res |= (uint32_t)(int8_t)(x >> 16) << 16;
519 uint32_t HELPER(uxtb16)(uint32_t x)
522 res = (uint16_t)(uint8_t)x;
523 res |= (uint32_t)(uint8_t)(x >> 16) << 16;
527 uint32_t HELPER(clz)(uint32_t x)
532 int32_t HELPER(sdiv)(int32_t num, int32_t den)
536 if (num == INT_MIN && den == -1)
541 uint32_t HELPER(udiv)(uint32_t num, uint32_t den)
548 uint32_t HELPER(rbit)(uint32_t x)
550 x = ((x & 0xff000000) >> 24)
551 | ((x & 0x00ff0000) >> 8)
552 | ((x & 0x0000ff00) << 8)
553 | ((x & 0x000000ff) << 24);
554 x = ((x & 0xf0f0f0f0) >> 4)
555 | ((x & 0x0f0f0f0f) << 4);
556 x = ((x & 0x88888888) >> 3)
557 | ((x & 0x44444444) >> 1)
558 | ((x & 0x22222222) << 1)
559 | ((x & 0x11111111) << 3);
563 uint32_t HELPER(abs)(uint32_t x)
565 return ((int32_t)x < 0) ? -x : x;
568 #if defined(CONFIG_USER_ONLY)
570 void do_interrupt (CPUState *env)
572 env->exception_index = -1;
575 int cpu_arm_handle_mmu_fault (CPUState *env, target_ulong address, int rw,
579 env->exception_index = EXCP_PREFETCH_ABORT;
580 env->cp15.c6_insn = address;
582 env->exception_index = EXCP_DATA_ABORT;
583 env->cp15.c6_data = address;
588 /* These should probably raise undefined insn exceptions. */
589 void HELPER(set_cp)(CPUState *env, uint32_t insn, uint32_t val)
591 int op1 = (insn >> 8) & 0xf;
592 cpu_abort(env, "cp%i insn %08x\n", op1, insn);
596 uint32_t HELPER(get_cp)(CPUState *env, uint32_t insn)
598 int op1 = (insn >> 8) & 0xf;
599 cpu_abort(env, "cp%i insn %08x\n", op1, insn);
603 void HELPER(set_cp15)(CPUState *env, uint32_t insn, uint32_t val)
605 cpu_abort(env, "cp15 insn %08x\n", insn);
608 uint32_t HELPER(get_cp15)(CPUState *env, uint32_t insn)
610 cpu_abort(env, "cp15 insn %08x\n", insn);
613 /* These should probably raise undefined insn exceptions. */
614 void HELPER(v7m_msr)(CPUState *env, uint32_t reg, uint32_t val)
616 cpu_abort(env, "v7m_mrs %d\n", reg);
619 uint32_t HELPER(v7m_mrs)(CPUState *env, uint32_t reg)
621 cpu_abort(env, "v7m_mrs %d\n", reg);
625 void switch_mode(CPUState *env, int mode)
627 if (mode != ARM_CPU_MODE_USR)
628 cpu_abort(env, "Tried to switch out of user mode\n");
631 void HELPER(set_r13_banked)(CPUState *env, uint32_t mode, uint32_t val)
633 cpu_abort(env, "banked r13 write\n");
636 uint32_t HELPER(get_r13_banked)(CPUState *env, uint32_t mode)
638 cpu_abort(env, "banked r13 read\n");
644 extern int semihosting_enabled;
646 /* Map CPU modes onto saved register banks. */
647 static inline int bank_number (int mode)
650 case ARM_CPU_MODE_USR:
651 case ARM_CPU_MODE_SYS:
653 case ARM_CPU_MODE_SVC:
655 case ARM_CPU_MODE_ABT:
657 case ARM_CPU_MODE_UND:
659 case ARM_CPU_MODE_IRQ:
661 case ARM_CPU_MODE_FIQ:
664 cpu_abort(cpu_single_env, "Bad mode %x\n", mode);
668 void switch_mode(CPUState *env, int mode)
673 old_mode = env->uncached_cpsr & CPSR_M;
674 if (mode == old_mode)
677 if (old_mode == ARM_CPU_MODE_FIQ) {
678 memcpy (env->fiq_regs, env->regs + 8, 5 * sizeof(uint32_t));
679 memcpy (env->regs + 8, env->usr_regs, 5 * sizeof(uint32_t));
680 } else if (mode == ARM_CPU_MODE_FIQ) {
681 memcpy (env->usr_regs, env->regs + 8, 5 * sizeof(uint32_t));
682 memcpy (env->regs + 8, env->fiq_regs, 5 * sizeof(uint32_t));
685 i = bank_number(old_mode);
686 env->banked_r13[i] = env->regs[13];
687 env->banked_r14[i] = env->regs[14];
688 env->banked_spsr[i] = env->spsr;
690 i = bank_number(mode);
691 env->regs[13] = env->banked_r13[i];
692 env->regs[14] = env->banked_r14[i];
693 env->spsr = env->banked_spsr[i];
696 static void v7m_push(CPUARMState *env, uint32_t val)
699 stl_phys(env->regs[13], val);
702 static uint32_t v7m_pop(CPUARMState *env)
705 val = ldl_phys(env->regs[13]);
710 /* Switch to V7M main or process stack pointer. */
711 static void switch_v7m_sp(CPUARMState *env, int process)
714 if (env->v7m.current_sp != process) {
715 tmp = env->v7m.other_sp;
716 env->v7m.other_sp = env->regs[13];
718 env->v7m.current_sp = process;
722 static void do_v7m_exception_exit(CPUARMState *env)
727 type = env->regs[15];
728 if (env->v7m.exception != 0)
729 armv7m_nvic_complete_irq(env->nvic, env->v7m.exception);
731 /* Switch to the target stack. */
732 switch_v7m_sp(env, (type & 4) != 0);
734 env->regs[0] = v7m_pop(env);
735 env->regs[1] = v7m_pop(env);
736 env->regs[2] = v7m_pop(env);
737 env->regs[3] = v7m_pop(env);
738 env->regs[12] = v7m_pop(env);
739 env->regs[14] = v7m_pop(env);
740 env->regs[15] = v7m_pop(env);
742 xpsr_write(env, xpsr, 0xfffffdff);
743 /* Undo stack alignment. */
746 /* ??? The exception return type specifies Thread/Handler mode. However
747 this is also implied by the xPSR value. Not sure what to do
748 if there is a mismatch. */
749 /* ??? Likewise for mismatches between the CONTROL register and the stack
753 static void do_interrupt_v7m(CPUARMState *env)
755 uint32_t xpsr = xpsr_read(env);
760 if (env->v7m.current_sp)
762 if (env->v7m.exception == 0)
765 /* For exceptions we just mark as pending on the NVIC, and let that
767 /* TODO: Need to escalate if the current priority is higher than the
768 one we're raising. */
769 switch (env->exception_index) {
771 armv7m_nvic_set_pending(env->nvic, ARMV7M_EXCP_USAGE);
775 armv7m_nvic_set_pending(env->nvic, ARMV7M_EXCP_SVC);
777 case EXCP_PREFETCH_ABORT:
778 case EXCP_DATA_ABORT:
779 armv7m_nvic_set_pending(env->nvic, ARMV7M_EXCP_MEM);
782 if (semihosting_enabled) {
784 nr = lduw_code(env->regs[15]) & 0xff;
787 env->regs[0] = do_arm_semihosting(env);
791 armv7m_nvic_set_pending(env->nvic, ARMV7M_EXCP_DEBUG);
794 env->v7m.exception = armv7m_nvic_acknowledge_irq(env->nvic);
796 case EXCP_EXCEPTION_EXIT:
797 do_v7m_exception_exit(env);
800 cpu_abort(env, "Unhandled exception 0x%x\n", env->exception_index);
801 return; /* Never happens. Keep compiler happy. */
804 /* Align stack pointer. */
805 /* ??? Should only do this if Configuration Control Register
806 STACKALIGN bit is set. */
807 if (env->regs[13] & 4) {
811 /* Switch to the handler mode. */
813 v7m_push(env, env->regs[15]);
814 v7m_push(env, env->regs[14]);
815 v7m_push(env, env->regs[12]);
816 v7m_push(env, env->regs[3]);
817 v7m_push(env, env->regs[2]);
818 v7m_push(env, env->regs[1]);
819 v7m_push(env, env->regs[0]);
820 switch_v7m_sp(env, 0);
821 env->uncached_cpsr &= ~CPSR_IT;
823 addr = ldl_phys(env->v7m.vecbase + env->v7m.exception * 4);
824 env->regs[15] = addr & 0xfffffffe;
825 env->thumb = addr & 1;
828 /* Handle a CPU exception. */
829 void do_interrupt(CPUARMState *env)
837 do_interrupt_v7m(env);
840 /* TODO: Vectored interrupt controller. */
841 switch (env->exception_index) {
843 new_mode = ARM_CPU_MODE_UND;
852 if (semihosting_enabled) {
853 /* Check for semihosting interrupt. */
855 mask = lduw_code(env->regs[15] - 2) & 0xff;
857 mask = ldl_code(env->regs[15] - 4) & 0xffffff;
859 /* Only intercept calls from privileged modes, to provide some
860 semblance of security. */
861 if (((mask == 0x123456 && !env->thumb)
862 || (mask == 0xab && env->thumb))
863 && (env->uncached_cpsr & CPSR_M) != ARM_CPU_MODE_USR) {
864 env->regs[0] = do_arm_semihosting(env);
868 new_mode = ARM_CPU_MODE_SVC;
871 /* The PC already points to the next instruction. */
875 /* See if this is a semihosting syscall. */
876 if (env->thumb && semihosting_enabled) {
877 mask = lduw_code(env->regs[15]) & 0xff;
879 && (env->uncached_cpsr & CPSR_M) != ARM_CPU_MODE_USR) {
881 env->regs[0] = do_arm_semihosting(env);
885 env->cp15.c5_insn = 2;
886 /* Fall through to prefetch abort. */
887 case EXCP_PREFETCH_ABORT:
888 new_mode = ARM_CPU_MODE_ABT;
890 mask = CPSR_A | CPSR_I;
893 case EXCP_DATA_ABORT:
894 new_mode = ARM_CPU_MODE_ABT;
896 mask = CPSR_A | CPSR_I;
900 new_mode = ARM_CPU_MODE_IRQ;
902 /* Disable IRQ and imprecise data aborts. */
903 mask = CPSR_A | CPSR_I;
907 new_mode = ARM_CPU_MODE_FIQ;
909 /* Disable FIQ, IRQ and imprecise data aborts. */
910 mask = CPSR_A | CPSR_I | CPSR_F;
914 cpu_abort(env, "Unhandled exception 0x%x\n", env->exception_index);
915 return; /* Never happens. Keep compiler happy. */
918 if (env->cp15.c1_sys & (1 << 13)) {
921 switch_mode (env, new_mode);
922 env->spsr = cpsr_read(env);
924 env->condexec_bits = 0;
925 /* Switch to the new mode, and to the correct instruction set. */
926 env->uncached_cpsr = (env->uncached_cpsr & ~CPSR_M) | new_mode;
927 env->uncached_cpsr |= mask;
928 /* this is a lie, as the was no c1_sys on V4T/V5, but who cares
929 * and we should just guard the thumb mode on V4 */
930 if (arm_feature(env, ARM_FEATURE_V4T)) {
931 env->thumb = (env->cp15.c1_sys & (1 << 30)) != 0;
933 env->regs[14] = env->regs[15] + offset;
934 env->regs[15] = addr;
935 env->interrupt_request |= CPU_INTERRUPT_EXITTB;
938 /* Check section/page access permissions.
939 Returns the page protection flags, or zero if the access is not
941 static inline int check_ap(CPUState *env, int ap, int domain_prot,
942 int access_type, int is_user)
946 if (domain_prot == 3) {
947 return PAGE_READ | PAGE_WRITE;
950 if (access_type == 1)
957 if (access_type == 1)
959 switch ((env->cp15.c1_sys >> 8) & 3) {
961 return is_user ? 0 : PAGE_READ;
968 return is_user ? 0 : PAGE_READ | PAGE_WRITE;
973 return PAGE_READ | PAGE_WRITE;
975 return PAGE_READ | PAGE_WRITE;
976 case 4: /* Reserved. */
979 return is_user ? 0 : prot_ro;
983 if (!arm_feature (env, ARM_FEATURE_V6K))
991 static uint32_t get_level1_table_address(CPUState *env, uint32_t address)
995 if (address & env->cp15.c2_mask)
996 table = env->cp15.c2_base1 & 0xffffc000;
998 table = env->cp15.c2_base0 & env->cp15.c2_base_mask;
1000 table |= (address >> 18) & 0x3ffc;
1004 static int get_phys_addr_v5(CPUState *env, uint32_t address, int access_type,
1005 int is_user, uint32_t *phys_ptr, int *prot,
1006 target_ulong *page_size)
1017 /* Pagetable walk. */
1018 /* Lookup l1 descriptor. */
1019 table = get_level1_table_address(env, address);
1020 desc = ldl_phys(table);
1022 domain = (desc >> 5) & 0x0f;
1023 domain_prot = (env->cp15.c3 >> (domain * 2)) & 3;
1025 /* Section translation fault. */
1029 if (domain_prot == 0 || domain_prot == 2) {
1031 code = 9; /* Section domain fault. */
1033 code = 11; /* Page domain fault. */
1038 phys_addr = (desc & 0xfff00000) | (address & 0x000fffff);
1039 ap = (desc >> 10) & 3;
1041 *page_size = 1024 * 1024;
1043 /* Lookup l2 entry. */
1045 /* Coarse pagetable. */
1046 table = (desc & 0xfffffc00) | ((address >> 10) & 0x3fc);
1048 /* Fine pagetable. */
1049 table = (desc & 0xfffff000) | ((address >> 8) & 0xffc);
1051 desc = ldl_phys(table);
1053 case 0: /* Page translation fault. */
1056 case 1: /* 64k page. */
1057 phys_addr = (desc & 0xffff0000) | (address & 0xffff);
1058 ap = (desc >> (4 + ((address >> 13) & 6))) & 3;
1059 *page_size = 0x10000;
1061 case 2: /* 4k page. */
1062 phys_addr = (desc & 0xfffff000) | (address & 0xfff);
1063 ap = (desc >> (4 + ((address >> 13) & 6))) & 3;
1064 *page_size = 0x1000;
1066 case 3: /* 1k page. */
1068 if (arm_feature(env, ARM_FEATURE_XSCALE)) {
1069 phys_addr = (desc & 0xfffff000) | (address & 0xfff);
1071 /* Page translation fault. */
1076 phys_addr = (desc & 0xfffffc00) | (address & 0x3ff);
1078 ap = (desc >> 4) & 3;
1082 /* Never happens, but compiler isn't smart enough to tell. */
1087 *prot = check_ap(env, ap, domain_prot, access_type, is_user);
1089 /* Access permission fault. */
1093 *phys_ptr = phys_addr;
1096 return code | (domain << 4);
1099 static int get_phys_addr_v6(CPUState *env, uint32_t address, int access_type,
1100 int is_user, uint32_t *phys_ptr, int *prot,
1101 target_ulong *page_size)
1113 /* Pagetable walk. */
1114 /* Lookup l1 descriptor. */
1115 table = get_level1_table_address(env, address);
1116 desc = ldl_phys(table);
1119 /* Section translation fault. */
1123 } else if (type == 2 && (desc & (1 << 18))) {
1127 /* Section or page. */
1128 domain = (desc >> 5) & 0x0f;
1130 domain_prot = (env->cp15.c3 >> (domain * 2)) & 3;
1131 if (domain_prot == 0 || domain_prot == 2) {
1133 code = 9; /* Section domain fault. */
1135 code = 11; /* Page domain fault. */
1139 if (desc & (1 << 18)) {
1141 phys_addr = (desc & 0xff000000) | (address & 0x00ffffff);
1142 *page_size = 0x1000000;
1145 phys_addr = (desc & 0xfff00000) | (address & 0x000fffff);
1146 *page_size = 0x100000;
1148 ap = ((desc >> 10) & 3) | ((desc >> 13) & 4);
1149 xn = desc & (1 << 4);
1152 /* Lookup l2 entry. */
1153 table = (desc & 0xfffffc00) | ((address >> 10) & 0x3fc);
1154 desc = ldl_phys(table);
1155 ap = ((desc >> 4) & 3) | ((desc >> 7) & 4);
1157 case 0: /* Page translation fault. */
1160 case 1: /* 64k page. */
1161 phys_addr = (desc & 0xffff0000) | (address & 0xffff);
1162 xn = desc & (1 << 15);
1163 *page_size = 0x10000;
1165 case 2: case 3: /* 4k page. */
1166 phys_addr = (desc & 0xfffff000) | (address & 0xfff);
1168 *page_size = 0x1000;
1171 /* Never happens, but compiler isn't smart enough to tell. */
1176 if (domain_prot == 3) {
1177 *prot = PAGE_READ | PAGE_WRITE | PAGE_EXEC;
1179 if (xn && access_type == 2)
1182 /* The simplified model uses AP[0] as an access control bit. */
1183 if ((env->cp15.c1_sys & (1 << 29)) && (ap & 1) == 0) {
1184 /* Access flag fault. */
1185 code = (code == 15) ? 6 : 3;
1188 *prot = check_ap(env, ap, domain_prot, access_type, is_user);
1190 /* Access permission fault. */
1197 *phys_ptr = phys_addr;
1200 return code | (domain << 4);
1203 static int get_phys_addr_mpu(CPUState *env, uint32_t address, int access_type,
1204 int is_user, uint32_t *phys_ptr, int *prot)
1210 *phys_ptr = address;
1211 for (n = 7; n >= 0; n--) {
1212 base = env->cp15.c6_region[n];
1213 if ((base & 1) == 0)
1215 mask = 1 << ((base >> 1) & 0x1f);
1216 /* Keep this shift separate from the above to avoid an
1217 (undefined) << 32. */
1218 mask = (mask << 1) - 1;
1219 if (((base ^ address) & ~mask) == 0)
1225 if (access_type == 2) {
1226 mask = env->cp15.c5_insn;
1228 mask = env->cp15.c5_data;
1230 mask = (mask >> (n * 4)) & 0xf;
1237 *prot = PAGE_READ | PAGE_WRITE;
1242 *prot |= PAGE_WRITE;
1245 *prot = PAGE_READ | PAGE_WRITE;
1256 /* Bad permission. */
1263 static inline int get_phys_addr(CPUState *env, uint32_t address,
1264 int access_type, int is_user,
1265 uint32_t *phys_ptr, int *prot,
1266 target_ulong *page_size)
1268 /* Fast Context Switch Extension. */
1269 if (address < 0x02000000)
1270 address += env->cp15.c13_fcse;
1272 if ((env->cp15.c1_sys & 1) == 0) {
1273 /* MMU/MPU disabled. */
1274 *phys_ptr = address;
1275 *prot = PAGE_READ | PAGE_WRITE | PAGE_EXEC;
1276 *page_size = TARGET_PAGE_SIZE;
1278 } else if (arm_feature(env, ARM_FEATURE_MPU)) {
1279 *page_size = TARGET_PAGE_SIZE;
1280 return get_phys_addr_mpu(env, address, access_type, is_user, phys_ptr,
1282 } else if (env->cp15.c1_sys & (1 << 23)) {
1283 return get_phys_addr_v6(env, address, access_type, is_user, phys_ptr,
1286 return get_phys_addr_v5(env, address, access_type, is_user, phys_ptr,
1291 int cpu_arm_handle_mmu_fault (CPUState *env, target_ulong address,
1292 int access_type, int mmu_idx)
1295 target_ulong page_size;
1299 is_user = mmu_idx == MMU_USER_IDX;
1300 ret = get_phys_addr(env, address, access_type, is_user, &phys_addr, &prot,
1303 /* Map a single [sub]page. */
1304 phys_addr &= ~(uint32_t)0x3ff;
1305 address &= ~(uint32_t)0x3ff;
1306 tlb_set_page (env, address, phys_addr, prot, mmu_idx, page_size);
1310 if (access_type == 2) {
1311 env->cp15.c5_insn = ret;
1312 env->cp15.c6_insn = address;
1313 env->exception_index = EXCP_PREFETCH_ABORT;
1315 env->cp15.c5_data = ret;
1316 if (access_type == 1 && arm_feature(env, ARM_FEATURE_V6))
1317 env->cp15.c5_data |= (1 << 11);
1318 env->cp15.c6_data = address;
1319 env->exception_index = EXCP_DATA_ABORT;
1324 target_phys_addr_t cpu_get_phys_page_debug(CPUState *env, target_ulong addr)
1327 target_ulong page_size;
1331 ret = get_phys_addr(env, addr, 0, 0, &phys_addr, &prot, &page_size);
1339 void HELPER(set_cp)(CPUState *env, uint32_t insn, uint32_t val)
1341 int cp_num = (insn >> 8) & 0xf;
1342 int cp_info = (insn >> 5) & 7;
1343 int src = (insn >> 16) & 0xf;
1344 int operand = insn & 0xf;
1346 if (env->cp[cp_num].cp_write)
1347 env->cp[cp_num].cp_write(env->cp[cp_num].opaque,
1348 cp_info, src, operand, val);
1351 uint32_t HELPER(get_cp)(CPUState *env, uint32_t insn)
1353 int cp_num = (insn >> 8) & 0xf;
1354 int cp_info = (insn >> 5) & 7;
1355 int dest = (insn >> 16) & 0xf;
1356 int operand = insn & 0xf;
1358 if (env->cp[cp_num].cp_read)
1359 return env->cp[cp_num].cp_read(env->cp[cp_num].opaque,
1360 cp_info, dest, operand);
1364 /* Return basic MPU access permission bits. */
1365 static uint32_t simple_mpu_ap_bits(uint32_t val)
1372 for (i = 0; i < 16; i += 2) {
1373 ret |= (val >> i) & mask;
1379 /* Pad basic MPU access permission bits to extended format. */
1380 static uint32_t extended_mpu_ap_bits(uint32_t val)
1387 for (i = 0; i < 16; i += 2) {
1388 ret |= (val & mask) << i;
1394 void HELPER(set_cp15)(CPUState *env, uint32_t insn, uint32_t val)
1400 op1 = (insn >> 21) & 7;
1401 op2 = (insn >> 5) & 7;
1403 switch ((insn >> 16) & 0xf) {
1406 if (arm_feature(env, ARM_FEATURE_XSCALE))
1408 if (arm_feature(env, ARM_FEATURE_OMAPCP))
1410 if (arm_feature(env, ARM_FEATURE_V7)
1411 && op1 == 2 && crm == 0 && op2 == 0) {
1412 env->cp15.c0_cssel = val & 0xf;
1416 case 1: /* System configuration. */
1417 if (arm_feature(env, ARM_FEATURE_OMAPCP))
1421 if (!arm_feature(env, ARM_FEATURE_XSCALE) || crm == 0)
1422 env->cp15.c1_sys = val;
1423 /* ??? Lots of these bits are not implemented. */
1424 /* This may enable/disable the MMU, so do a TLB flush. */
1427 case 1: /* Auxiliary control register. */
1428 if (arm_feature(env, ARM_FEATURE_XSCALE)) {
1429 env->cp15.c1_xscaleauxcr = val;
1432 /* Not implemented. */
1435 if (arm_feature(env, ARM_FEATURE_XSCALE))
1437 if (env->cp15.c1_coproc != val) {
1438 env->cp15.c1_coproc = val;
1439 /* ??? Is this safe when called from within a TB? */
1447 case 2: /* MMU Page table control / MPU cache control. */
1448 if (arm_feature(env, ARM_FEATURE_MPU)) {
1451 env->cp15.c2_data = val;
1454 env->cp15.c2_insn = val;
1462 env->cp15.c2_base0 = val;
1465 env->cp15.c2_base1 = val;
1469 env->cp15.c2_control = val;
1470 env->cp15.c2_mask = ~(((uint32_t)0xffffffffu) >> val);
1471 env->cp15.c2_base_mask = ~((uint32_t)0x3fffu >> val);
1478 case 3: /* MMU Domain access control / MPU write buffer control. */
1480 tlb_flush(env, 1); /* Flush TLB as domain not tracked in TLB */
1482 case 4: /* Reserved. */
1484 case 5: /* MMU Fault status / MPU access permission. */
1485 if (arm_feature(env, ARM_FEATURE_OMAPCP))
1489 if (arm_feature(env, ARM_FEATURE_MPU))
1490 val = extended_mpu_ap_bits(val);
1491 env->cp15.c5_data = val;
1494 if (arm_feature(env, ARM_FEATURE_MPU))
1495 val = extended_mpu_ap_bits(val);
1496 env->cp15.c5_insn = val;
1499 if (!arm_feature(env, ARM_FEATURE_MPU))
1501 env->cp15.c5_data = val;
1504 if (!arm_feature(env, ARM_FEATURE_MPU))
1506 env->cp15.c5_insn = val;
1512 case 6: /* MMU Fault address / MPU base/size. */
1513 if (arm_feature(env, ARM_FEATURE_MPU)) {
1516 env->cp15.c6_region[crm] = val;
1518 if (arm_feature(env, ARM_FEATURE_OMAPCP))
1522 env->cp15.c6_data = val;
1524 case 1: /* ??? This is WFAR on armv6 */
1526 env->cp15.c6_insn = val;
1533 case 7: /* Cache control. */
1534 env->cp15.c15_i_max = 0x000;
1535 env->cp15.c15_i_min = 0xff0;
1539 /* No cache, so nothing to do except VA->PA translations. */
1540 if (arm_feature(env, ARM_FEATURE_VAPA)) {
1543 if (arm_feature(env, ARM_FEATURE_V7)) {
1544 env->cp15.c7_par = val & 0xfffff6ff;
1546 env->cp15.c7_par = val & 0xfffff1ff;
1551 target_ulong page_size;
1553 int ret, is_user = op2 & 2;
1554 int access_type = op2 & 1;
1557 /* Other states are only available with TrustZone */
1560 ret = get_phys_addr(env, val, access_type, is_user,
1561 &phys_addr, &prot, &page_size);
1563 /* We do not set any attribute bits in the PAR */
1564 if (page_size == (1 << 24)
1565 && arm_feature(env, ARM_FEATURE_V7)) {
1566 env->cp15.c7_par = (phys_addr & 0xff000000) | 1 << 1;
1568 env->cp15.c7_par = phys_addr & 0xfffff000;
1571 env->cp15.c7_par = ((ret & (10 << 1)) >> 5) |
1572 ((ret & (12 << 1)) >> 6) |
1573 ((ret & 0xf) << 1) | 1;
1580 case 8: /* MMU TLB control. */
1582 case 0: /* Invalidate all. */
1585 case 1: /* Invalidate single TLB entry. */
1586 tlb_flush_page(env, val & TARGET_PAGE_MASK);
1588 case 2: /* Invalidate on ASID. */
1589 tlb_flush(env, val == 0);
1591 case 3: /* Invalidate single entry on MVA. */
1592 /* ??? This is like case 1, but ignores ASID. */
1600 if (arm_feature(env, ARM_FEATURE_OMAPCP))
1602 if (arm_feature(env, ARM_FEATURE_STRONGARM))
1603 break; /* Ignore ReadBuffer access */
1605 case 0: /* Cache lockdown. */
1607 case 0: /* L1 cache. */
1610 env->cp15.c9_data = val;
1613 env->cp15.c9_insn = val;
1619 case 1: /* L2 cache. */
1620 /* Ignore writes to L2 lockdown/auxiliary registers. */
1626 case 1: /* TCM memory region registers. */
1627 /* Not implemented. */
1629 case 12: /* Performance monitor control */
1630 /* Performance monitors are implementation defined in v7,
1631 * but with an ARM recommended set of registers, which we
1632 * follow (although we don't actually implement any counters)
1634 if (!arm_feature(env, ARM_FEATURE_V7)) {
1638 case 0: /* performance monitor control register */
1639 /* only the DP, X, D and E bits are writable */
1640 env->cp15.c9_pmcr &= ~0x39;
1641 env->cp15.c9_pmcr |= (val & 0x39);
1643 case 1: /* Count enable set register */
1645 env->cp15.c9_pmcnten |= val;
1647 case 2: /* Count enable clear */
1649 env->cp15.c9_pmcnten &= ~val;
1651 case 3: /* Overflow flag status */
1652 env->cp15.c9_pmovsr &= ~val;
1654 case 4: /* Software increment */
1655 /* RAZ/WI since we don't implement the software-count event */
1657 case 5: /* Event counter selection register */
1658 /* Since we don't implement any events, writing to this register
1659 * is actually UNPREDICTABLE. So we choose to RAZ/WI.
1666 case 13: /* Performance counters */
1667 if (!arm_feature(env, ARM_FEATURE_V7)) {
1671 case 0: /* Cycle count register: not implemented, so RAZ/WI */
1673 case 1: /* Event type select */
1674 env->cp15.c9_pmxevtyper = val & 0xff;
1676 case 2: /* Event count register */
1677 /* Unimplemented (we have no events), RAZ/WI */
1683 case 14: /* Performance monitor control */
1684 if (!arm_feature(env, ARM_FEATURE_V7)) {
1688 case 0: /* user enable */
1689 env->cp15.c9_pmuserenr = val & 1;
1690 /* changes access rights for cp registers, so flush tbs */
1693 case 1: /* interrupt enable set */
1694 /* We have no event counters so only the C bit can be changed */
1696 env->cp15.c9_pminten |= val;
1698 case 2: /* interrupt enable clear */
1700 env->cp15.c9_pminten &= ~val;
1708 case 10: /* MMU TLB lockdown. */
1709 /* ??? TLB lockdown not implemented. */
1711 case 12: /* Reserved. */
1713 case 13: /* Process ID. */
1716 /* Unlike real hardware the qemu TLB uses virtual addresses,
1717 not modified virtual addresses, so this causes a TLB flush.
1719 if (env->cp15.c13_fcse != val)
1721 env->cp15.c13_fcse = val;
1724 /* This changes the ASID, so do a TLB flush. */
1725 if (env->cp15.c13_context != val
1726 && !arm_feature(env, ARM_FEATURE_MPU))
1728 env->cp15.c13_context = val;
1734 case 14: /* Reserved. */
1736 case 15: /* Implementation specific. */
1737 if (arm_feature(env, ARM_FEATURE_XSCALE)) {
1738 if (op2 == 0 && crm == 1) {
1739 if (env->cp15.c15_cpar != (val & 0x3fff)) {
1740 /* Changes cp0 to cp13 behavior, so needs a TB flush. */
1742 env->cp15.c15_cpar = val & 0x3fff;
1748 if (arm_feature(env, ARM_FEATURE_OMAPCP)) {
1752 case 1: /* Set TI925T configuration. */
1753 env->cp15.c15_ticonfig = val & 0xe7;
1754 env->cp15.c0_cpuid = (val & (1 << 5)) ? /* OS_TYPE bit */
1755 ARM_CPUID_TI915T : ARM_CPUID_TI925T;
1757 case 2: /* Set I_max. */
1758 env->cp15.c15_i_max = val;
1760 case 3: /* Set I_min. */
1761 env->cp15.c15_i_min = val;
1763 case 4: /* Set thread-ID. */
1764 env->cp15.c15_threadid = val & 0xffff;
1766 case 8: /* Wait-for-interrupt (deprecated). */
1767 cpu_interrupt(env, CPU_INTERRUPT_HALT);
1777 /* ??? For debugging only. Should raise illegal instruction exception. */
1778 cpu_abort(env, "Unimplemented cp15 register write (c%d, c%d, {%d, %d})\n",
1779 (insn >> 16) & 0xf, crm, op1, op2);
1782 uint32_t HELPER(get_cp15)(CPUState *env, uint32_t insn)
1788 op1 = (insn >> 21) & 7;
1789 op2 = (insn >> 5) & 7;
1791 switch ((insn >> 16) & 0xf) {
1792 case 0: /* ID codes. */
1798 case 0: /* Device ID. */
1799 return env->cp15.c0_cpuid;
1800 case 1: /* Cache Type. */
1801 return env->cp15.c0_cachetype;
1802 case 2: /* TCM status. */
1804 case 3: /* TLB type register. */
1805 return 0; /* No lockable TLB entries. */
1807 /* The MPIDR was standardised in v7; prior to
1808 * this it was implemented only in the 11MPCore.
1809 * For all other pre-v7 cores it does not exist.
1811 if (arm_feature(env, ARM_FEATURE_V7) ||
1812 ARM_CPUID(env) == ARM_CPUID_ARM11MPCORE) {
1813 int mpidr = env->cpu_index;
1814 /* We don't support setting cluster ID ([8..11])
1815 * so these bits always RAZ.
1817 if (arm_feature(env, ARM_FEATURE_V7MP)) {
1819 /* Cores which are uniprocessor (non-coherent)
1820 * but still implement the MP extensions set
1821 * bit 30. (For instance, A9UP.) However we do
1822 * not currently model any of those cores.
1827 /* otherwise fall through to the unimplemented-reg case */
1832 if (!arm_feature(env, ARM_FEATURE_V6))
1834 return env->cp15.c0_c1[op2];
1836 if (!arm_feature(env, ARM_FEATURE_V6))
1838 return env->cp15.c0_c2[op2];
1839 case 3: case 4: case 5: case 6: case 7:
1845 /* These registers aren't documented on arm11 cores. However
1846 Linux looks at them anyway. */
1847 if (!arm_feature(env, ARM_FEATURE_V6))
1851 if (!arm_feature(env, ARM_FEATURE_V7))
1856 return env->cp15.c0_ccsid[env->cp15.c0_cssel];
1858 return env->cp15.c0_clid;
1864 if (op2 != 0 || crm != 0)
1866 return env->cp15.c0_cssel;
1870 case 1: /* System configuration. */
1871 if (arm_feature(env, ARM_FEATURE_OMAPCP))
1874 case 0: /* Control register. */
1875 return env->cp15.c1_sys;
1876 case 1: /* Auxiliary control register. */
1877 if (arm_feature(env, ARM_FEATURE_XSCALE))
1878 return env->cp15.c1_xscaleauxcr;
1879 if (!arm_feature(env, ARM_FEATURE_AUXCR))
1881 switch (ARM_CPUID(env)) {
1882 case ARM_CPUID_ARM1026:
1884 case ARM_CPUID_ARM1136:
1885 case ARM_CPUID_ARM1136_R2:
1886 case ARM_CPUID_ARM1176:
1888 case ARM_CPUID_ARM11MPCORE:
1890 case ARM_CPUID_CORTEXA8:
1892 case ARM_CPUID_CORTEXA9:
1897 case 2: /* Coprocessor access register. */
1898 if (arm_feature(env, ARM_FEATURE_XSCALE))
1900 return env->cp15.c1_coproc;
1904 case 2: /* MMU Page table control / MPU cache control. */
1905 if (arm_feature(env, ARM_FEATURE_MPU)) {
1908 return env->cp15.c2_data;
1911 return env->cp15.c2_insn;
1919 return env->cp15.c2_base0;
1921 return env->cp15.c2_base1;
1923 return env->cp15.c2_control;
1928 case 3: /* MMU Domain access control / MPU write buffer control. */
1929 return env->cp15.c3;
1930 case 4: /* Reserved. */
1932 case 5: /* MMU Fault status / MPU access permission. */
1933 if (arm_feature(env, ARM_FEATURE_OMAPCP))
1937 if (arm_feature(env, ARM_FEATURE_MPU))
1938 return simple_mpu_ap_bits(env->cp15.c5_data);
1939 return env->cp15.c5_data;
1941 if (arm_feature(env, ARM_FEATURE_MPU))
1942 return simple_mpu_ap_bits(env->cp15.c5_data);
1943 return env->cp15.c5_insn;
1945 if (!arm_feature(env, ARM_FEATURE_MPU))
1947 return env->cp15.c5_data;
1949 if (!arm_feature(env, ARM_FEATURE_MPU))
1951 return env->cp15.c5_insn;
1955 case 6: /* MMU Fault address. */
1956 if (arm_feature(env, ARM_FEATURE_MPU)) {
1959 return env->cp15.c6_region[crm];
1961 if (arm_feature(env, ARM_FEATURE_OMAPCP))
1965 return env->cp15.c6_data;
1967 if (arm_feature(env, ARM_FEATURE_V6)) {
1968 /* Watchpoint Fault Adrress. */
1969 return 0; /* Not implemented. */
1971 /* Instruction Fault Adrress. */
1972 /* Arm9 doesn't have an IFAR, but implementing it anyway
1973 shouldn't do any harm. */
1974 return env->cp15.c6_insn;
1977 if (arm_feature(env, ARM_FEATURE_V6)) {
1978 /* Instruction Fault Adrress. */
1979 return env->cp15.c6_insn;
1987 case 7: /* Cache control. */
1988 if (crm == 4 && op1 == 0 && op2 == 0) {
1989 return env->cp15.c7_par;
1991 /* FIXME: Should only clear Z flag if destination is r15. */
1994 case 8: /* MMU TLB control. */
1998 case 0: /* Cache lockdown */
2000 case 0: /* L1 cache. */
2001 if (arm_feature(env, ARM_FEATURE_OMAPCP)) {
2006 return env->cp15.c9_data;
2008 return env->cp15.c9_insn;
2012 case 1: /* L2 cache */
2016 /* L2 Lockdown and Auxiliary control. */
2022 case 12: /* Performance monitor control */
2023 if (!arm_feature(env, ARM_FEATURE_V7)) {
2027 case 0: /* performance monitor control register */
2028 return env->cp15.c9_pmcr;
2029 case 1: /* count enable set */
2030 case 2: /* count enable clear */
2031 return env->cp15.c9_pmcnten;
2032 case 3: /* overflow flag status */
2033 return env->cp15.c9_pmovsr;
2034 case 4: /* software increment */
2035 case 5: /* event counter selection register */
2036 return 0; /* Unimplemented, RAZ/WI */
2040 case 13: /* Performance counters */
2041 if (!arm_feature(env, ARM_FEATURE_V7)) {
2045 case 1: /* Event type select */
2046 return env->cp15.c9_pmxevtyper;
2047 case 0: /* Cycle count register */
2048 case 2: /* Event count register */
2049 /* Unimplemented, so RAZ/WI */
2054 case 14: /* Performance monitor control */
2055 if (!arm_feature(env, ARM_FEATURE_V7)) {
2059 case 0: /* user enable */
2060 return env->cp15.c9_pmuserenr;
2061 case 1: /* interrupt enable set */
2062 case 2: /* interrupt enable clear */
2063 return env->cp15.c9_pminten;
2071 case 10: /* MMU TLB lockdown. */
2072 /* ??? TLB lockdown not implemented. */
2074 case 11: /* TCM DMA control. */
2075 case 12: /* Reserved. */
2077 case 13: /* Process ID. */
2080 return env->cp15.c13_fcse;
2082 return env->cp15.c13_context;
2086 case 14: /* Reserved. */
2088 case 15: /* Implementation specific. */
2089 if (arm_feature(env, ARM_FEATURE_XSCALE)) {
2090 if (op2 == 0 && crm == 1)
2091 return env->cp15.c15_cpar;
2095 if (arm_feature(env, ARM_FEATURE_OMAPCP)) {
2099 case 1: /* Read TI925T configuration. */
2100 return env->cp15.c15_ticonfig;
2101 case 2: /* Read I_max. */
2102 return env->cp15.c15_i_max;
2103 case 3: /* Read I_min. */
2104 return env->cp15.c15_i_min;
2105 case 4: /* Read thread-ID. */
2106 return env->cp15.c15_threadid;
2107 case 8: /* TI925T_status */
2110 /* TODO: Peripheral port remap register:
2111 * On OMAP2 mcr p15, 0, rn, c15, c2, 4 sets up the interrupt
2112 * controller base address at $rn & ~0xfff and map size of
2113 * 0x200 << ($rn & 0xfff), when MMU is off. */
2119 /* ??? For debugging only. Should raise illegal instruction exception. */
2120 cpu_abort(env, "Unimplemented cp15 register read (c%d, c%d, {%d, %d})\n",
2121 (insn >> 16) & 0xf, crm, op1, op2);
2125 void HELPER(set_r13_banked)(CPUState *env, uint32_t mode, uint32_t val)
2127 if ((env->uncached_cpsr & CPSR_M) == mode) {
2128 env->regs[13] = val;
2130 env->banked_r13[bank_number(mode)] = val;
2134 uint32_t HELPER(get_r13_banked)(CPUState *env, uint32_t mode)
2136 if ((env->uncached_cpsr & CPSR_M) == mode) {
2137 return env->regs[13];
2139 return env->banked_r13[bank_number(mode)];
2143 uint32_t HELPER(v7m_mrs)(CPUState *env, uint32_t reg)
2147 return xpsr_read(env) & 0xf8000000;
2149 return xpsr_read(env) & 0xf80001ff;
2151 return xpsr_read(env) & 0xff00fc00;
2153 return xpsr_read(env) & 0xff00fdff;
2155 return xpsr_read(env) & 0x000001ff;
2157 return xpsr_read(env) & 0x0700fc00;
2159 return xpsr_read(env) & 0x0700edff;
2161 return env->v7m.current_sp ? env->v7m.other_sp : env->regs[13];
2163 return env->v7m.current_sp ? env->regs[13] : env->v7m.other_sp;
2164 case 16: /* PRIMASK */
2165 return (env->uncached_cpsr & CPSR_I) != 0;
2166 case 17: /* BASEPRI */
2167 case 18: /* BASEPRI_MAX */
2168 return env->v7m.basepri;
2169 case 19: /* FAULTMASK */
2170 return (env->uncached_cpsr & CPSR_F) != 0;
2171 case 20: /* CONTROL */
2172 return env->v7m.control;
2174 /* ??? For debugging only. */
2175 cpu_abort(env, "Unimplemented system register read (%d)\n", reg);
2180 void HELPER(v7m_msr)(CPUState *env, uint32_t reg, uint32_t val)
2184 xpsr_write(env, val, 0xf8000000);
2187 xpsr_write(env, val, 0xf8000000);
2190 xpsr_write(env, val, 0xfe00fc00);
2193 xpsr_write(env, val, 0xfe00fc00);
2196 /* IPSR bits are readonly. */
2199 xpsr_write(env, val, 0x0600fc00);
2202 xpsr_write(env, val, 0x0600fc00);
2205 if (env->v7m.current_sp)
2206 env->v7m.other_sp = val;
2208 env->regs[13] = val;
2211 if (env->v7m.current_sp)
2212 env->regs[13] = val;
2214 env->v7m.other_sp = val;
2216 case 16: /* PRIMASK */
2218 env->uncached_cpsr |= CPSR_I;
2220 env->uncached_cpsr &= ~CPSR_I;
2222 case 17: /* BASEPRI */
2223 env->v7m.basepri = val & 0xff;
2225 case 18: /* BASEPRI_MAX */
2227 if (val != 0 && (val < env->v7m.basepri || env->v7m.basepri == 0))
2228 env->v7m.basepri = val;
2230 case 19: /* FAULTMASK */
2232 env->uncached_cpsr |= CPSR_F;
2234 env->uncached_cpsr &= ~CPSR_F;
2236 case 20: /* CONTROL */
2237 env->v7m.control = val & 3;
2238 switch_v7m_sp(env, (val & 2) != 0);
2241 /* ??? For debugging only. */
2242 cpu_abort(env, "Unimplemented system register write (%d)\n", reg);
2247 void cpu_arm_set_cp_io(CPUARMState *env, int cpnum,
2248 ARMReadCPFunc *cp_read, ARMWriteCPFunc *cp_write,
2251 if (cpnum < 0 || cpnum > 14) {
2252 cpu_abort(env, "Bad coprocessor number: %i\n", cpnum);
2256 env->cp[cpnum].cp_read = cp_read;
2257 env->cp[cpnum].cp_write = cp_write;
2258 env->cp[cpnum].opaque = opaque;
2263 /* Note that signed overflow is undefined in C. The following routines are
2264 careful to use unsigned types where modulo arithmetic is required.
2265 Failure to do so _will_ break on newer gcc. */
2267 /* Signed saturating arithmetic. */
2269 /* Perform 16-bit signed saturating addition. */
2270 static inline uint16_t add16_sat(uint16_t a, uint16_t b)
2275 if (((res ^ a) & 0x8000) && !((a ^ b) & 0x8000)) {
2284 /* Perform 8-bit signed saturating addition. */
2285 static inline uint8_t add8_sat(uint8_t a, uint8_t b)
2290 if (((res ^ a) & 0x80) && !((a ^ b) & 0x80)) {
2299 /* Perform 16-bit signed saturating subtraction. */
2300 static inline uint16_t sub16_sat(uint16_t a, uint16_t b)
2305 if (((res ^ a) & 0x8000) && ((a ^ b) & 0x8000)) {
2314 /* Perform 8-bit signed saturating subtraction. */
2315 static inline uint8_t sub8_sat(uint8_t a, uint8_t b)
2320 if (((res ^ a) & 0x80) && ((a ^ b) & 0x80)) {
2329 #define ADD16(a, b, n) RESULT(add16_sat(a, b), n, 16);
2330 #define SUB16(a, b, n) RESULT(sub16_sat(a, b), n, 16);
2331 #define ADD8(a, b, n) RESULT(add8_sat(a, b), n, 8);
2332 #define SUB8(a, b, n) RESULT(sub8_sat(a, b), n, 8);
2335 #include "op_addsub.h"
2337 /* Unsigned saturating arithmetic. */
2338 static inline uint16_t add16_usat(uint16_t a, uint16_t b)
2347 static inline uint16_t sub16_usat(uint16_t a, uint16_t b)
2355 static inline uint8_t add8_usat(uint8_t a, uint8_t b)
2364 static inline uint8_t sub8_usat(uint8_t a, uint8_t b)
2372 #define ADD16(a, b, n) RESULT(add16_usat(a, b), n, 16);
2373 #define SUB16(a, b, n) RESULT(sub16_usat(a, b), n, 16);
2374 #define ADD8(a, b, n) RESULT(add8_usat(a, b), n, 8);
2375 #define SUB8(a, b, n) RESULT(sub8_usat(a, b), n, 8);
2378 #include "op_addsub.h"
2380 /* Signed modulo arithmetic. */
2381 #define SARITH16(a, b, n, op) do { \
2383 sum = (int32_t)(int16_t)(a) op (int32_t)(int16_t)(b); \
2384 RESULT(sum, n, 16); \
2386 ge |= 3 << (n * 2); \
2389 #define SARITH8(a, b, n, op) do { \
2391 sum = (int32_t)(int8_t)(a) op (int32_t)(int8_t)(b); \
2392 RESULT(sum, n, 8); \
2398 #define ADD16(a, b, n) SARITH16(a, b, n, +)
2399 #define SUB16(a, b, n) SARITH16(a, b, n, -)
2400 #define ADD8(a, b, n) SARITH8(a, b, n, +)
2401 #define SUB8(a, b, n) SARITH8(a, b, n, -)
2405 #include "op_addsub.h"
2407 /* Unsigned modulo arithmetic. */
2408 #define ADD16(a, b, n) do { \
2410 sum = (uint32_t)(uint16_t)(a) + (uint32_t)(uint16_t)(b); \
2411 RESULT(sum, n, 16); \
2412 if ((sum >> 16) == 1) \
2413 ge |= 3 << (n * 2); \
2416 #define ADD8(a, b, n) do { \
2418 sum = (uint32_t)(uint8_t)(a) + (uint32_t)(uint8_t)(b); \
2419 RESULT(sum, n, 8); \
2420 if ((sum >> 8) == 1) \
2424 #define SUB16(a, b, n) do { \
2426 sum = (uint32_t)(uint16_t)(a) - (uint32_t)(uint16_t)(b); \
2427 RESULT(sum, n, 16); \
2428 if ((sum >> 16) == 0) \
2429 ge |= 3 << (n * 2); \
2432 #define SUB8(a, b, n) do { \
2434 sum = (uint32_t)(uint8_t)(a) - (uint32_t)(uint8_t)(b); \
2435 RESULT(sum, n, 8); \
2436 if ((sum >> 8) == 0) \
2443 #include "op_addsub.h"
2445 /* Halved signed arithmetic. */
2446 #define ADD16(a, b, n) \
2447 RESULT(((int32_t)(int16_t)(a) + (int32_t)(int16_t)(b)) >> 1, n, 16)
2448 #define SUB16(a, b, n) \
2449 RESULT(((int32_t)(int16_t)(a) - (int32_t)(int16_t)(b)) >> 1, n, 16)
2450 #define ADD8(a, b, n) \
2451 RESULT(((int32_t)(int8_t)(a) + (int32_t)(int8_t)(b)) >> 1, n, 8)
2452 #define SUB8(a, b, n) \
2453 RESULT(((int32_t)(int8_t)(a) - (int32_t)(int8_t)(b)) >> 1, n, 8)
2456 #include "op_addsub.h"
2458 /* Halved unsigned arithmetic. */
2459 #define ADD16(a, b, n) \
2460 RESULT(((uint32_t)(uint16_t)(a) + (uint32_t)(uint16_t)(b)) >> 1, n, 16)
2461 #define SUB16(a, b, n) \
2462 RESULT(((uint32_t)(uint16_t)(a) - (uint32_t)(uint16_t)(b)) >> 1, n, 16)
2463 #define ADD8(a, b, n) \
2464 RESULT(((uint32_t)(uint8_t)(a) + (uint32_t)(uint8_t)(b)) >> 1, n, 8)
2465 #define SUB8(a, b, n) \
2466 RESULT(((uint32_t)(uint8_t)(a) - (uint32_t)(uint8_t)(b)) >> 1, n, 8)
2469 #include "op_addsub.h"
2471 static inline uint8_t do_usad(uint8_t a, uint8_t b)
2479 /* Unsigned sum of absolute byte differences. */
2480 uint32_t HELPER(usad8)(uint32_t a, uint32_t b)
2483 sum = do_usad(a, b);
2484 sum += do_usad(a >> 8, b >> 8);
2485 sum += do_usad(a >> 16, b >>16);
2486 sum += do_usad(a >> 24, b >> 24);
2490 /* For ARMv6 SEL instruction. */
2491 uint32_t HELPER(sel_flags)(uint32_t flags, uint32_t a, uint32_t b)
2504 return (a & mask) | (b & ~mask);
2507 uint32_t HELPER(logicq_cc)(uint64_t val)
2509 return (val >> 32) | (val != 0);
2512 /* VFP support. We follow the convention used for VFP instrunctions:
2513 Single precition routines have a "s" suffix, double precision a
2516 /* Convert host exception flags to vfp form. */
2517 static inline int vfp_exceptbits_from_host(int host_bits)
2519 int target_bits = 0;
2521 if (host_bits & float_flag_invalid)
2523 if (host_bits & float_flag_divbyzero)
2525 if (host_bits & float_flag_overflow)
2527 if (host_bits & (float_flag_underflow | float_flag_output_denormal))
2529 if (host_bits & float_flag_inexact)
2530 target_bits |= 0x10;
2531 if (host_bits & float_flag_input_denormal)
2532 target_bits |= 0x80;
2536 uint32_t HELPER(vfp_get_fpscr)(CPUState *env)
2541 fpscr = (env->vfp.xregs[ARM_VFP_FPSCR] & 0xffc8ffff)
2542 | (env->vfp.vec_len << 16)
2543 | (env->vfp.vec_stride << 20);
2544 i = get_float_exception_flags(&env->vfp.fp_status);
2545 i |= get_float_exception_flags(&env->vfp.standard_fp_status);
2546 fpscr |= vfp_exceptbits_from_host(i);
2550 uint32_t vfp_get_fpscr(CPUState *env)
2552 return HELPER(vfp_get_fpscr)(env);
2555 /* Convert vfp exception flags to target form. */
2556 static inline int vfp_exceptbits_to_host(int target_bits)
2560 if (target_bits & 1)
2561 host_bits |= float_flag_invalid;
2562 if (target_bits & 2)
2563 host_bits |= float_flag_divbyzero;
2564 if (target_bits & 4)
2565 host_bits |= float_flag_overflow;
2566 if (target_bits & 8)
2567 host_bits |= float_flag_underflow;
2568 if (target_bits & 0x10)
2569 host_bits |= float_flag_inexact;
2570 if (target_bits & 0x80)
2571 host_bits |= float_flag_input_denormal;
2575 void HELPER(vfp_set_fpscr)(CPUState *env, uint32_t val)
2580 changed = env->vfp.xregs[ARM_VFP_FPSCR];
2581 env->vfp.xregs[ARM_VFP_FPSCR] = (val & 0xffc8ffff);
2582 env->vfp.vec_len = (val >> 16) & 7;
2583 env->vfp.vec_stride = (val >> 20) & 3;
2586 if (changed & (3 << 22)) {
2587 i = (val >> 22) & 3;
2590 i = float_round_nearest_even;
2596 i = float_round_down;
2599 i = float_round_to_zero;
2602 set_float_rounding_mode(i, &env->vfp.fp_status);
2604 if (changed & (1 << 24)) {
2605 set_flush_to_zero((val & (1 << 24)) != 0, &env->vfp.fp_status);
2606 set_flush_inputs_to_zero((val & (1 << 24)) != 0, &env->vfp.fp_status);
2608 if (changed & (1 << 25))
2609 set_default_nan_mode((val & (1 << 25)) != 0, &env->vfp.fp_status);
2611 i = vfp_exceptbits_to_host(val);
2612 set_float_exception_flags(i, &env->vfp.fp_status);
2613 set_float_exception_flags(0, &env->vfp.standard_fp_status);
2616 void vfp_set_fpscr(CPUState *env, uint32_t val)
2618 HELPER(vfp_set_fpscr)(env, val);
2621 #define VFP_HELPER(name, p) HELPER(glue(glue(vfp_,name),p))
2623 #define VFP_BINOP(name) \
2624 float32 VFP_HELPER(name, s)(float32 a, float32 b, void *fpstp) \
2626 float_status *fpst = fpstp; \
2627 return float32_ ## name(a, b, fpst); \
2629 float64 VFP_HELPER(name, d)(float64 a, float64 b, void *fpstp) \
2631 float_status *fpst = fpstp; \
2632 return float64_ ## name(a, b, fpst); \
2640 float32 VFP_HELPER(neg, s)(float32 a)
2642 return float32_chs(a);
2645 float64 VFP_HELPER(neg, d)(float64 a)
2647 return float64_chs(a);
2650 float32 VFP_HELPER(abs, s)(float32 a)
2652 return float32_abs(a);
2655 float64 VFP_HELPER(abs, d)(float64 a)
2657 return float64_abs(a);
2660 float32 VFP_HELPER(sqrt, s)(float32 a, CPUState *env)
2662 return float32_sqrt(a, &env->vfp.fp_status);
2665 float64 VFP_HELPER(sqrt, d)(float64 a, CPUState *env)
2667 return float64_sqrt(a, &env->vfp.fp_status);
2670 /* XXX: check quiet/signaling case */
2671 #define DO_VFP_cmp(p, type) \
2672 void VFP_HELPER(cmp, p)(type a, type b, CPUState *env) \
2675 switch(type ## _compare_quiet(a, b, &env->vfp.fp_status)) { \
2676 case 0: flags = 0x6; break; \
2677 case -1: flags = 0x8; break; \
2678 case 1: flags = 0x2; break; \
2679 default: case 2: flags = 0x3; break; \
2681 env->vfp.xregs[ARM_VFP_FPSCR] = (flags << 28) \
2682 | (env->vfp.xregs[ARM_VFP_FPSCR] & 0x0fffffff); \
2684 void VFP_HELPER(cmpe, p)(type a, type b, CPUState *env) \
2687 switch(type ## _compare(a, b, &env->vfp.fp_status)) { \
2688 case 0: flags = 0x6; break; \
2689 case -1: flags = 0x8; break; \
2690 case 1: flags = 0x2; break; \
2691 default: case 2: flags = 0x3; break; \
2693 env->vfp.xregs[ARM_VFP_FPSCR] = (flags << 28) \
2694 | (env->vfp.xregs[ARM_VFP_FPSCR] & 0x0fffffff); \
2696 DO_VFP_cmp(s, float32)
2697 DO_VFP_cmp(d, float64)
2700 /* Integer to float and float to integer conversions */
2702 #define CONV_ITOF(name, fsz, sign) \
2703 float##fsz HELPER(name)(uint32_t x, void *fpstp) \
2705 float_status *fpst = fpstp; \
2706 return sign##int32_to_##float##fsz(x, fpst); \
2709 #define CONV_FTOI(name, fsz, sign, round) \
2710 uint32_t HELPER(name)(float##fsz x, void *fpstp) \
2712 float_status *fpst = fpstp; \
2713 if (float##fsz##_is_any_nan(x)) { \
2714 float_raise(float_flag_invalid, fpst); \
2717 return float##fsz##_to_##sign##int32##round(x, fpst); \
2720 #define FLOAT_CONVS(name, p, fsz, sign) \
2721 CONV_ITOF(vfp_##name##to##p, fsz, sign) \
2722 CONV_FTOI(vfp_to##name##p, fsz, sign, ) \
2723 CONV_FTOI(vfp_to##name##z##p, fsz, sign, _round_to_zero)
2725 FLOAT_CONVS(si, s, 32, )
2726 FLOAT_CONVS(si, d, 64, )
2727 FLOAT_CONVS(ui, s, 32, u)
2728 FLOAT_CONVS(ui, d, 64, u)
2734 /* floating point conversion */
2735 float64 VFP_HELPER(fcvtd, s)(float32 x, CPUState *env)
2737 float64 r = float32_to_float64(x, &env->vfp.fp_status);
2738 /* ARM requires that S<->D conversion of any kind of NaN generates
2739 * a quiet NaN by forcing the most significant frac bit to 1.
2741 return float64_maybe_silence_nan(r);
2744 float32 VFP_HELPER(fcvts, d)(float64 x, CPUState *env)
2746 float32 r = float64_to_float32(x, &env->vfp.fp_status);
2747 /* ARM requires that S<->D conversion of any kind of NaN generates
2748 * a quiet NaN by forcing the most significant frac bit to 1.
2750 return float32_maybe_silence_nan(r);
2753 /* VFP3 fixed point conversion. */
2754 #define VFP_CONV_FIX(name, p, fsz, itype, sign) \
2755 float##fsz HELPER(vfp_##name##to##p)(uint##fsz##_t x, uint32_t shift, \
2758 float_status *fpst = fpstp; \
2760 tmp = sign##int32_to_##float##fsz((itype##_t)x, fpst); \
2761 return float##fsz##_scalbn(tmp, -(int)shift, fpst); \
2763 uint##fsz##_t HELPER(vfp_to##name##p)(float##fsz x, uint32_t shift, \
2766 float_status *fpst = fpstp; \
2768 if (float##fsz##_is_any_nan(x)) { \
2769 float_raise(float_flag_invalid, fpst); \
2772 tmp = float##fsz##_scalbn(x, shift, fpst); \
2773 return float##fsz##_to_##itype##_round_to_zero(tmp, fpst); \
2776 VFP_CONV_FIX(sh, d, 64, int16, )
2777 VFP_CONV_FIX(sl, d, 64, int32, )
2778 VFP_CONV_FIX(uh, d, 64, uint16, u)
2779 VFP_CONV_FIX(ul, d, 64, uint32, u)
2780 VFP_CONV_FIX(sh, s, 32, int16, )
2781 VFP_CONV_FIX(sl, s, 32, int32, )
2782 VFP_CONV_FIX(uh, s, 32, uint16, u)
2783 VFP_CONV_FIX(ul, s, 32, uint32, u)
2786 /* Half precision conversions. */
2787 static float32 do_fcvt_f16_to_f32(uint32_t a, CPUState *env, float_status *s)
2789 int ieee = (env->vfp.xregs[ARM_VFP_FPSCR] & (1 << 26)) == 0;
2790 float32 r = float16_to_float32(make_float16(a), ieee, s);
2792 return float32_maybe_silence_nan(r);
2797 static uint32_t do_fcvt_f32_to_f16(float32 a, CPUState *env, float_status *s)
2799 int ieee = (env->vfp.xregs[ARM_VFP_FPSCR] & (1 << 26)) == 0;
2800 float16 r = float32_to_float16(a, ieee, s);
2802 r = float16_maybe_silence_nan(r);
2804 return float16_val(r);
2807 float32 HELPER(neon_fcvt_f16_to_f32)(uint32_t a, CPUState *env)
2809 return do_fcvt_f16_to_f32(a, env, &env->vfp.standard_fp_status);
2812 uint32_t HELPER(neon_fcvt_f32_to_f16)(float32 a, CPUState *env)
2814 return do_fcvt_f32_to_f16(a, env, &env->vfp.standard_fp_status);
2817 float32 HELPER(vfp_fcvt_f16_to_f32)(uint32_t a, CPUState *env)
2819 return do_fcvt_f16_to_f32(a, env, &env->vfp.fp_status);
2822 uint32_t HELPER(vfp_fcvt_f32_to_f16)(float32 a, CPUState *env)
2824 return do_fcvt_f32_to_f16(a, env, &env->vfp.fp_status);
2827 #define float32_two make_float32(0x40000000)
2828 #define float32_three make_float32(0x40400000)
2829 #define float32_one_point_five make_float32(0x3fc00000)
2831 float32 HELPER(recps_f32)(float32 a, float32 b, CPUState *env)
2833 float_status *s = &env->vfp.standard_fp_status;
2834 if ((float32_is_infinity(a) && float32_is_zero_or_denormal(b)) ||
2835 (float32_is_infinity(b) && float32_is_zero_or_denormal(a))) {
2836 if (!(float32_is_zero(a) || float32_is_zero(b))) {
2837 float_raise(float_flag_input_denormal, s);
2841 return float32_sub(float32_two, float32_mul(a, b, s), s);
2844 float32 HELPER(rsqrts_f32)(float32 a, float32 b, CPUState *env)
2846 float_status *s = &env->vfp.standard_fp_status;
2848 if ((float32_is_infinity(a) && float32_is_zero_or_denormal(b)) ||
2849 (float32_is_infinity(b) && float32_is_zero_or_denormal(a))) {
2850 if (!(float32_is_zero(a) || float32_is_zero(b))) {
2851 float_raise(float_flag_input_denormal, s);
2853 return float32_one_point_five;
2855 product = float32_mul(a, b, s);
2856 return float32_div(float32_sub(float32_three, product, s), float32_two, s);
2861 /* Constants 256 and 512 are used in some helpers; we avoid relying on
2862 * int->float conversions at run-time. */
2863 #define float64_256 make_float64(0x4070000000000000LL)
2864 #define float64_512 make_float64(0x4080000000000000LL)
2866 /* The algorithm that must be used to calculate the estimate
2867 * is specified by the ARM ARM.
2869 static float64 recip_estimate(float64 a, CPUState *env)
2871 /* These calculations mustn't set any fp exception flags,
2872 * so we use a local copy of the fp_status.
2874 float_status dummy_status = env->vfp.standard_fp_status;
2875 float_status *s = &dummy_status;
2876 /* q = (int)(a * 512.0) */
2877 float64 q = float64_mul(float64_512, a, s);
2878 int64_t q_int = float64_to_int64_round_to_zero(q, s);
2880 /* r = 1.0 / (((double)q + 0.5) / 512.0) */
2881 q = int64_to_float64(q_int, s);
2882 q = float64_add(q, float64_half, s);
2883 q = float64_div(q, float64_512, s);
2884 q = float64_div(float64_one, q, s);
2886 /* s = (int)(256.0 * r + 0.5) */
2887 q = float64_mul(q, float64_256, s);
2888 q = float64_add(q, float64_half, s);
2889 q_int = float64_to_int64_round_to_zero(q, s);
2891 /* return (double)s / 256.0 */
2892 return float64_div(int64_to_float64(q_int, s), float64_256, s);
2895 float32 HELPER(recpe_f32)(float32 a, CPUState *env)
2897 float_status *s = &env->vfp.standard_fp_status;
2899 uint32_t val32 = float32_val(a);
2902 int a_exp = (val32 & 0x7f800000) >> 23;
2903 int sign = val32 & 0x80000000;
2905 if (float32_is_any_nan(a)) {
2906 if (float32_is_signaling_nan(a)) {
2907 float_raise(float_flag_invalid, s);
2909 return float32_default_nan;
2910 } else if (float32_is_infinity(a)) {
2911 return float32_set_sign(float32_zero, float32_is_neg(a));
2912 } else if (float32_is_zero_or_denormal(a)) {
2913 if (!float32_is_zero(a)) {
2914 float_raise(float_flag_input_denormal, s);
2916 float_raise(float_flag_divbyzero, s);
2917 return float32_set_sign(float32_infinity, float32_is_neg(a));
2918 } else if (a_exp >= 253) {
2919 float_raise(float_flag_underflow, s);
2920 return float32_set_sign(float32_zero, float32_is_neg(a));
2923 f64 = make_float64((0x3feULL << 52)
2924 | ((int64_t)(val32 & 0x7fffff) << 29));
2926 result_exp = 253 - a_exp;
2928 f64 = recip_estimate(f64, env);
2931 | ((result_exp & 0xff) << 23)
2932 | ((float64_val(f64) >> 29) & 0x7fffff);
2933 return make_float32(val32);
2936 /* The algorithm that must be used to calculate the estimate
2937 * is specified by the ARM ARM.
2939 static float64 recip_sqrt_estimate(float64 a, CPUState *env)
2941 /* These calculations mustn't set any fp exception flags,
2942 * so we use a local copy of the fp_status.
2944 float_status dummy_status = env->vfp.standard_fp_status;
2945 float_status *s = &dummy_status;
2949 if (float64_lt(a, float64_half, s)) {
2950 /* range 0.25 <= a < 0.5 */
2952 /* a in units of 1/512 rounded down */
2953 /* q0 = (int)(a * 512.0); */
2954 q = float64_mul(float64_512, a, s);
2955 q_int = float64_to_int64_round_to_zero(q, s);
2957 /* reciprocal root r */
2958 /* r = 1.0 / sqrt(((double)q0 + 0.5) / 512.0); */
2959 q = int64_to_float64(q_int, s);
2960 q = float64_add(q, float64_half, s);
2961 q = float64_div(q, float64_512, s);
2962 q = float64_sqrt(q, s);
2963 q = float64_div(float64_one, q, s);
2965 /* range 0.5 <= a < 1.0 */
2967 /* a in units of 1/256 rounded down */
2968 /* q1 = (int)(a * 256.0); */
2969 q = float64_mul(float64_256, a, s);
2970 int64_t q_int = float64_to_int64_round_to_zero(q, s);
2972 /* reciprocal root r */
2973 /* r = 1.0 /sqrt(((double)q1 + 0.5) / 256); */
2974 q = int64_to_float64(q_int, s);
2975 q = float64_add(q, float64_half, s);
2976 q = float64_div(q, float64_256, s);
2977 q = float64_sqrt(q, s);
2978 q = float64_div(float64_one, q, s);
2980 /* r in units of 1/256 rounded to nearest */
2981 /* s = (int)(256.0 * r + 0.5); */
2983 q = float64_mul(q, float64_256,s );
2984 q = float64_add(q, float64_half, s);
2985 q_int = float64_to_int64_round_to_zero(q, s);
2987 /* return (double)s / 256.0;*/
2988 return float64_div(int64_to_float64(q_int, s), float64_256, s);
2991 float32 HELPER(rsqrte_f32)(float32 a, CPUState *env)
2993 float_status *s = &env->vfp.standard_fp_status;
2999 val = float32_val(a);
3001 if (float32_is_any_nan(a)) {
3002 if (float32_is_signaling_nan(a)) {
3003 float_raise(float_flag_invalid, s);
3005 return float32_default_nan;
3006 } else if (float32_is_zero_or_denormal(a)) {
3007 if (!float32_is_zero(a)) {
3008 float_raise(float_flag_input_denormal, s);
3010 float_raise(float_flag_divbyzero, s);
3011 return float32_set_sign(float32_infinity, float32_is_neg(a));
3012 } else if (float32_is_neg(a)) {
3013 float_raise(float_flag_invalid, s);
3014 return float32_default_nan;
3015 } else if (float32_is_infinity(a)) {
3016 return float32_zero;
3019 /* Normalize to a double-precision value between 0.25 and 1.0,
3020 * preserving the parity of the exponent. */
3021 if ((val & 0x800000) == 0) {
3022 f64 = make_float64(((uint64_t)(val & 0x80000000) << 32)
3024 | ((uint64_t)(val & 0x7fffff) << 29));
3026 f64 = make_float64(((uint64_t)(val & 0x80000000) << 32)
3028 | ((uint64_t)(val & 0x7fffff) << 29));
3031 result_exp = (380 - ((val & 0x7f800000) >> 23)) / 2;
3033 f64 = recip_sqrt_estimate(f64, env);
3035 val64 = float64_val(f64);
3037 val = ((result_exp & 0xff) << 23)
3038 | ((val64 >> 29) & 0x7fffff);
3039 return make_float32(val);
3042 uint32_t HELPER(recpe_u32)(uint32_t a, CPUState *env)
3046 if ((a & 0x80000000) == 0) {
3050 f64 = make_float64((0x3feULL << 52)
3051 | ((int64_t)(a & 0x7fffffff) << 21));
3053 f64 = recip_estimate (f64, env);
3055 return 0x80000000 | ((float64_val(f64) >> 21) & 0x7fffffff);
3058 uint32_t HELPER(rsqrte_u32)(uint32_t a, CPUState *env)
3062 if ((a & 0xc0000000) == 0) {
3066 if (a & 0x80000000) {
3067 f64 = make_float64((0x3feULL << 52)
3068 | ((uint64_t)(a & 0x7fffffff) << 21));
3069 } else { /* bits 31-30 == '01' */
3070 f64 = make_float64((0x3fdULL << 52)
3071 | ((uint64_t)(a & 0x3fffffff) << 22));
3074 f64 = recip_sqrt_estimate(f64, env);
3076 return 0x80000000 | ((float64_val(f64) >> 21) & 0x7fffffff);
3079 /* VFPv4 fused multiply-accumulate */
3080 float32 VFP_HELPER(muladd, s)(float32 a, float32 b, float32 c, void *fpstp)
3082 float_status *fpst = fpstp;
3083 return float32_muladd(a, b, c, 0, fpst);
3086 float64 VFP_HELPER(muladd, d)(float64 a, float64 b, float64 c, void *fpstp)
3088 float_status *fpst = fpstp;
3089 return float64_muladd(a, b, c, 0, fpst);
3092 void HELPER(set_teecr)(CPUState *env, uint32_t val)
3095 if (env->teecr != val) {
projects / qemu.git / blob