4 #include "host-utils.h"
5 #if !defined(CONFIG_USER_ONLY)
10 static void cpu_reset_model_id(CPUARMState *env, uint32_t id)
13 case ARM_CPUID_ARM926:
15 case ARM_CPUID_ARM946:
17 case ARM_CPUID_ARM1026:
19 case ARM_CPUID_ARM1136:
20 /* This is the 1136 r1, which is a v6K core */
21 case ARM_CPUID_ARM1136_R2:
23 case ARM_CPUID_ARM1176:
25 case ARM_CPUID_ARM11MPCORE:
27 case ARM_CPUID_CORTEXA8:
29 case ARM_CPUID_CORTEXA9:
31 case ARM_CPUID_CORTEXA15:
33 case ARM_CPUID_CORTEXM3:
35 case ARM_CPUID_ANY: /* For userspace emulation. */
37 case ARM_CPUID_TI915T:
38 case ARM_CPUID_TI925T:
40 case ARM_CPUID_PXA250:
41 case ARM_CPUID_PXA255:
42 case ARM_CPUID_PXA260:
43 case ARM_CPUID_PXA261:
44 case ARM_CPUID_PXA262:
46 case ARM_CPUID_PXA270_A0:
47 case ARM_CPUID_PXA270_A1:
48 case ARM_CPUID_PXA270_B0:
49 case ARM_CPUID_PXA270_B1:
50 case ARM_CPUID_PXA270_C0:
51 case ARM_CPUID_PXA270_C5:
53 case ARM_CPUID_SA1100:
54 case ARM_CPUID_SA1110:
57 cpu_abort(env, "Bad CPU ID: %x\n", id);
63 /* TODO Move contents into arm_cpu_reset() in cpu.c,
64 * once cpu_reset_model_id() is eliminated,
65 * and then forward to cpu_reset() here.
67 void cpu_state_reset(CPUARMState *env)
71 ARMCPU *cpu = arm_env_get_cpu(env);
73 if (qemu_loglevel_mask(CPU_LOG_RESET)) {
74 qemu_log("CPU Reset (CPU %d)\n", env->cpu_index);
75 log_cpu_state(env, 0);
79 tmp = env->cp15.c15_config_base_address;
80 memset(env, 0, offsetof(CPUARMState, breakpoints));
82 cpu_reset_model_id(env, id);
83 env->cp15.c15_config_base_address = tmp;
84 env->cp15.c0_cpuid = cpu->midr;
85 env->vfp.xregs[ARM_VFP_FPSID] = cpu->reset_fpsid;
86 env->vfp.xregs[ARM_VFP_MVFR0] = cpu->mvfr0;
87 env->vfp.xregs[ARM_VFP_MVFR1] = cpu->mvfr1;
88 env->cp15.c0_cachetype = cpu->ctr;
89 env->cp15.c1_sys = cpu->reset_sctlr;
90 env->cp15.c0_c1[0] = cpu->id_pfr0;
91 env->cp15.c0_c1[1] = cpu->id_pfr1;
92 env->cp15.c0_c1[2] = cpu->id_dfr0;
93 env->cp15.c0_c1[3] = cpu->id_afr0;
94 env->cp15.c0_c1[4] = cpu->id_mmfr0;
95 env->cp15.c0_c1[5] = cpu->id_mmfr1;
96 env->cp15.c0_c1[6] = cpu->id_mmfr2;
97 env->cp15.c0_c1[7] = cpu->id_mmfr3;
98 env->cp15.c0_c2[0] = cpu->id_isar0;
99 env->cp15.c0_c2[1] = cpu->id_isar1;
100 env->cp15.c0_c2[2] = cpu->id_isar2;
101 env->cp15.c0_c2[3] = cpu->id_isar3;
102 env->cp15.c0_c2[4] = cpu->id_isar4;
103 env->cp15.c0_c2[5] = cpu->id_isar5;
104 env->cp15.c15_i_min = 0xff0;
105 env->cp15.c0_clid = cpu->clidr;
106 memcpy(env->cp15.c0_ccsid, cpu->ccsidr, ARRAY_SIZE(cpu->ccsidr));
108 if (arm_feature(env, ARM_FEATURE_IWMMXT)) {
109 env->iwmmxt.cregs[ARM_IWMMXT_wCID] = 0x69051000 | 'Q';
112 #if defined (CONFIG_USER_ONLY)
113 env->uncached_cpsr = ARM_CPU_MODE_USR;
114 /* For user mode we must enable access to coprocessors */
115 env->vfp.xregs[ARM_VFP_FPEXC] = 1 << 30;
116 if (arm_feature(env, ARM_FEATURE_IWMMXT)) {
117 env->cp15.c15_cpar = 3;
118 } else if (arm_feature(env, ARM_FEATURE_XSCALE)) {
119 env->cp15.c15_cpar = 1;
122 /* SVC mode with interrupts disabled. */
123 env->uncached_cpsr = ARM_CPU_MODE_SVC | CPSR_A | CPSR_F | CPSR_I;
124 /* On ARMv7-M the CPSR_I is the value of the PRIMASK register, and is
125 clear at reset. Initial SP and PC are loaded from ROM. */
129 env->uncached_cpsr &= ~CPSR_I;
132 /* We should really use ldl_phys here, in case the guest
133 modified flash and reset itself. However images
134 loaded via -kernel have not been copied yet, so load the
135 values directly from there. */
136 env->regs[13] = ldl_p(rom);
139 env->regs[15] = pc & ~1;
142 env->vfp.xregs[ARM_VFP_FPEXC] = 0;
143 env->cp15.c2_base_mask = 0xffffc000u;
144 /* v7 performance monitor control register: same implementor
145 * field as main ID register, and we implement no event counters.
147 env->cp15.c9_pmcr = (id & 0xff000000);
149 set_flush_to_zero(1, &env->vfp.standard_fp_status);
150 set_flush_inputs_to_zero(1, &env->vfp.standard_fp_status);
151 set_default_nan_mode(1, &env->vfp.standard_fp_status);
152 set_float_detect_tininess(float_tininess_before_rounding,
153 &env->vfp.fp_status);
154 set_float_detect_tininess(float_tininess_before_rounding,
155 &env->vfp.standard_fp_status);
157 /* Reset is a state change for some CPUARMState fields which we
158 * bake assumptions about into translated code, so we need to
164 static int vfp_gdb_get_reg(CPUARMState *env, uint8_t *buf, int reg)
168 /* VFP data registers are always little-endian. */
169 nregs = arm_feature(env, ARM_FEATURE_VFP3) ? 32 : 16;
171 stfq_le_p(buf, env->vfp.regs[reg]);
174 if (arm_feature(env, ARM_FEATURE_NEON)) {
175 /* Aliases for Q regs. */
178 stfq_le_p(buf, env->vfp.regs[(reg - 32) * 2]);
179 stfq_le_p(buf + 8, env->vfp.regs[(reg - 32) * 2 + 1]);
183 switch (reg - nregs) {
184 case 0: stl_p(buf, env->vfp.xregs[ARM_VFP_FPSID]); return 4;
185 case 1: stl_p(buf, env->vfp.xregs[ARM_VFP_FPSCR]); return 4;
186 case 2: stl_p(buf, env->vfp.xregs[ARM_VFP_FPEXC]); return 4;
191 static int vfp_gdb_set_reg(CPUARMState *env, uint8_t *buf, int reg)
195 nregs = arm_feature(env, ARM_FEATURE_VFP3) ? 32 : 16;
197 env->vfp.regs[reg] = ldfq_le_p(buf);
200 if (arm_feature(env, ARM_FEATURE_NEON)) {
203 env->vfp.regs[(reg - 32) * 2] = ldfq_le_p(buf);
204 env->vfp.regs[(reg - 32) * 2 + 1] = ldfq_le_p(buf + 8);
208 switch (reg - nregs) {
209 case 0: env->vfp.xregs[ARM_VFP_FPSID] = ldl_p(buf); return 4;
210 case 1: env->vfp.xregs[ARM_VFP_FPSCR] = ldl_p(buf); return 4;
211 case 2: env->vfp.xregs[ARM_VFP_FPEXC] = ldl_p(buf) & (1 << 30); return 4;
216 CPUARMState *cpu_arm_init(const char *cpu_model)
220 static int inited = 0;
222 if (!object_class_by_name(cpu_model)) {
225 cpu = ARM_CPU(object_new(cpu_model));
227 env->cpu_model_str = cpu_model;
228 arm_cpu_realize(cpu);
230 if (tcg_enabled() && !inited) {
232 arm_translate_init();
235 cpu_state_reset(env);
236 if (arm_feature(env, ARM_FEATURE_NEON)) {
237 gdb_register_coprocessor(env, vfp_gdb_get_reg, vfp_gdb_set_reg,
238 51, "arm-neon.xml", 0);
239 } else if (arm_feature(env, ARM_FEATURE_VFP3)) {
240 gdb_register_coprocessor(env, vfp_gdb_get_reg, vfp_gdb_set_reg,
241 35, "arm-vfp3.xml", 0);
242 } else if (arm_feature(env, ARM_FEATURE_VFP)) {
243 gdb_register_coprocessor(env, vfp_gdb_get_reg, vfp_gdb_set_reg,
244 19, "arm-vfp.xml", 0);
250 typedef struct ARMCPUListState {
251 fprintf_function cpu_fprintf;
255 /* Sort alphabetically by type name, except for "any". */
256 static gint arm_cpu_list_compare(gconstpointer a, gconstpointer b)
258 ObjectClass *class_a = (ObjectClass *)a;
259 ObjectClass *class_b = (ObjectClass *)b;
260 const char *name_a, *name_b;
262 name_a = object_class_get_name(class_a);
263 name_b = object_class_get_name(class_b);
264 if (strcmp(name_a, "any") == 0) {
266 } else if (strcmp(name_b, "any") == 0) {
269 return strcmp(name_a, name_b);
273 static void arm_cpu_list_entry(gpointer data, gpointer user_data)
275 ObjectClass *oc = data;
276 ARMCPUListState *s = user_data;
278 (*s->cpu_fprintf)(s->file, " %s\n",
279 object_class_get_name(oc));
282 void arm_cpu_list(FILE *f, fprintf_function cpu_fprintf)
284 ARMCPUListState s = {
286 .cpu_fprintf = cpu_fprintf,
290 list = object_class_get_list(TYPE_ARM_CPU, false);
291 list = g_slist_sort(list, arm_cpu_list_compare);
292 (*cpu_fprintf)(f, "Available CPUs:\n");
293 g_slist_foreach(list, arm_cpu_list_entry, &s);
297 static int bad_mode_switch(CPUARMState *env, int mode)
299 /* Return true if it is not valid for us to switch to
300 * this CPU mode (ie all the UNPREDICTABLE cases in
301 * the ARM ARM CPSRWriteByInstr pseudocode).
304 case ARM_CPU_MODE_USR:
305 case ARM_CPU_MODE_SYS:
306 case ARM_CPU_MODE_SVC:
307 case ARM_CPU_MODE_ABT:
308 case ARM_CPU_MODE_UND:
309 case ARM_CPU_MODE_IRQ:
310 case ARM_CPU_MODE_FIQ:
317 uint32_t cpsr_read(CPUARMState *env)
321 return env->uncached_cpsr | (env->NF & 0x80000000) | (ZF << 30) |
322 (env->CF << 29) | ((env->VF & 0x80000000) >> 3) | (env->QF << 27)
323 | (env->thumb << 5) | ((env->condexec_bits & 3) << 25)
324 | ((env->condexec_bits & 0xfc) << 8)
328 void cpsr_write(CPUARMState *env, uint32_t val, uint32_t mask)
330 if (mask & CPSR_NZCV) {
331 env->ZF = (~val) & CPSR_Z;
333 env->CF = (val >> 29) & 1;
334 env->VF = (val << 3) & 0x80000000;
337 env->QF = ((val & CPSR_Q) != 0);
339 env->thumb = ((val & CPSR_T) != 0);
340 if (mask & CPSR_IT_0_1) {
341 env->condexec_bits &= ~3;
342 env->condexec_bits |= (val >> 25) & 3;
344 if (mask & CPSR_IT_2_7) {
345 env->condexec_bits &= 3;
346 env->condexec_bits |= (val >> 8) & 0xfc;
348 if (mask & CPSR_GE) {
349 env->GE = (val >> 16) & 0xf;
352 if ((env->uncached_cpsr ^ val) & mask & CPSR_M) {
353 if (bad_mode_switch(env, val & CPSR_M)) {
354 /* Attempt to switch to an invalid mode: this is UNPREDICTABLE.
355 * We choose to ignore the attempt and leave the CPSR M field
360 switch_mode(env, val & CPSR_M);
363 mask &= ~CACHED_CPSR_BITS;
364 env->uncached_cpsr = (env->uncached_cpsr & ~mask) | (val & mask);
367 /* Sign/zero extend */
368 uint32_t HELPER(sxtb16)(uint32_t x)
371 res = (uint16_t)(int8_t)x;
372 res |= (uint32_t)(int8_t)(x >> 16) << 16;
376 uint32_t HELPER(uxtb16)(uint32_t x)
379 res = (uint16_t)(uint8_t)x;
380 res |= (uint32_t)(uint8_t)(x >> 16) << 16;
384 uint32_t HELPER(clz)(uint32_t x)
389 int32_t HELPER(sdiv)(int32_t num, int32_t den)
393 if (num == INT_MIN && den == -1)
398 uint32_t HELPER(udiv)(uint32_t num, uint32_t den)
405 uint32_t HELPER(rbit)(uint32_t x)
407 x = ((x & 0xff000000) >> 24)
408 | ((x & 0x00ff0000) >> 8)
409 | ((x & 0x0000ff00) << 8)
410 | ((x & 0x000000ff) << 24);
411 x = ((x & 0xf0f0f0f0) >> 4)
412 | ((x & 0x0f0f0f0f) << 4);
413 x = ((x & 0x88888888) >> 3)
414 | ((x & 0x44444444) >> 1)
415 | ((x & 0x22222222) << 1)
416 | ((x & 0x11111111) << 3);
420 uint32_t HELPER(abs)(uint32_t x)
422 return ((int32_t)x < 0) ? -x : x;
425 #if defined(CONFIG_USER_ONLY)
427 void do_interrupt (CPUARMState *env)
429 env->exception_index = -1;
432 int cpu_arm_handle_mmu_fault (CPUARMState *env, target_ulong address, int rw,
436 env->exception_index = EXCP_PREFETCH_ABORT;
437 env->cp15.c6_insn = address;
439 env->exception_index = EXCP_DATA_ABORT;
440 env->cp15.c6_data = address;
445 /* These should probably raise undefined insn exceptions. */
446 void HELPER(set_cp)(CPUARMState *env, uint32_t insn, uint32_t val)
448 int op1 = (insn >> 8) & 0xf;
449 cpu_abort(env, "cp%i insn %08x\n", op1, insn);
453 uint32_t HELPER(get_cp)(CPUARMState *env, uint32_t insn)
455 int op1 = (insn >> 8) & 0xf;
456 cpu_abort(env, "cp%i insn %08x\n", op1, insn);
460 void HELPER(set_cp15)(CPUARMState *env, uint32_t insn, uint32_t val)
462 cpu_abort(env, "cp15 insn %08x\n", insn);
465 uint32_t HELPER(get_cp15)(CPUARMState *env, uint32_t insn)
467 cpu_abort(env, "cp15 insn %08x\n", insn);
470 /* These should probably raise undefined insn exceptions. */
471 void HELPER(v7m_msr)(CPUARMState *env, uint32_t reg, uint32_t val)
473 cpu_abort(env, "v7m_mrs %d\n", reg);
476 uint32_t HELPER(v7m_mrs)(CPUARMState *env, uint32_t reg)
478 cpu_abort(env, "v7m_mrs %d\n", reg);
482 void switch_mode(CPUARMState *env, int mode)
484 if (mode != ARM_CPU_MODE_USR)
485 cpu_abort(env, "Tried to switch out of user mode\n");
488 void HELPER(set_r13_banked)(CPUARMState *env, uint32_t mode, uint32_t val)
490 cpu_abort(env, "banked r13 write\n");
493 uint32_t HELPER(get_r13_banked)(CPUARMState *env, uint32_t mode)
495 cpu_abort(env, "banked r13 read\n");
501 /* Map CPU modes onto saved register banks. */
502 static inline int bank_number(CPUARMState *env, int mode)
505 case ARM_CPU_MODE_USR:
506 case ARM_CPU_MODE_SYS:
508 case ARM_CPU_MODE_SVC:
510 case ARM_CPU_MODE_ABT:
512 case ARM_CPU_MODE_UND:
514 case ARM_CPU_MODE_IRQ:
516 case ARM_CPU_MODE_FIQ:
519 cpu_abort(env, "Bad mode %x\n", mode);
523 void switch_mode(CPUARMState *env, int mode)
528 old_mode = env->uncached_cpsr & CPSR_M;
529 if (mode == old_mode)
532 if (old_mode == ARM_CPU_MODE_FIQ) {
533 memcpy (env->fiq_regs, env->regs + 8, 5 * sizeof(uint32_t));
534 memcpy (env->regs + 8, env->usr_regs, 5 * sizeof(uint32_t));
535 } else if (mode == ARM_CPU_MODE_FIQ) {
536 memcpy (env->usr_regs, env->regs + 8, 5 * sizeof(uint32_t));
537 memcpy (env->regs + 8, env->fiq_regs, 5 * sizeof(uint32_t));
540 i = bank_number(env, old_mode);
541 env->banked_r13[i] = env->regs[13];
542 env->banked_r14[i] = env->regs[14];
543 env->banked_spsr[i] = env->spsr;
545 i = bank_number(env, mode);
546 env->regs[13] = env->banked_r13[i];
547 env->regs[14] = env->banked_r14[i];
548 env->spsr = env->banked_spsr[i];
551 static void v7m_push(CPUARMState *env, uint32_t val)
554 stl_phys(env->regs[13], val);
557 static uint32_t v7m_pop(CPUARMState *env)
560 val = ldl_phys(env->regs[13]);
565 /* Switch to V7M main or process stack pointer. */
566 static void switch_v7m_sp(CPUARMState *env, int process)
569 if (env->v7m.current_sp != process) {
570 tmp = env->v7m.other_sp;
571 env->v7m.other_sp = env->regs[13];
573 env->v7m.current_sp = process;
577 static void do_v7m_exception_exit(CPUARMState *env)
582 type = env->regs[15];
583 if (env->v7m.exception != 0)
584 armv7m_nvic_complete_irq(env->nvic, env->v7m.exception);
586 /* Switch to the target stack. */
587 switch_v7m_sp(env, (type & 4) != 0);
589 env->regs[0] = v7m_pop(env);
590 env->regs[1] = v7m_pop(env);
591 env->regs[2] = v7m_pop(env);
592 env->regs[3] = v7m_pop(env);
593 env->regs[12] = v7m_pop(env);
594 env->regs[14] = v7m_pop(env);
595 env->regs[15] = v7m_pop(env);
597 xpsr_write(env, xpsr, 0xfffffdff);
598 /* Undo stack alignment. */
601 /* ??? The exception return type specifies Thread/Handler mode. However
602 this is also implied by the xPSR value. Not sure what to do
603 if there is a mismatch. */
604 /* ??? Likewise for mismatches between the CONTROL register and the stack
608 static void do_interrupt_v7m(CPUARMState *env)
610 uint32_t xpsr = xpsr_read(env);
615 if (env->v7m.current_sp)
617 if (env->v7m.exception == 0)
620 /* For exceptions we just mark as pending on the NVIC, and let that
622 /* TODO: Need to escalate if the current priority is higher than the
623 one we're raising. */
624 switch (env->exception_index) {
626 armv7m_nvic_set_pending(env->nvic, ARMV7M_EXCP_USAGE);
630 armv7m_nvic_set_pending(env->nvic, ARMV7M_EXCP_SVC);
632 case EXCP_PREFETCH_ABORT:
633 case EXCP_DATA_ABORT:
634 armv7m_nvic_set_pending(env->nvic, ARMV7M_EXCP_MEM);
637 if (semihosting_enabled) {
639 nr = arm_lduw_code(env->regs[15], env->bswap_code) & 0xff;
642 env->regs[0] = do_arm_semihosting(env);
646 armv7m_nvic_set_pending(env->nvic, ARMV7M_EXCP_DEBUG);
649 env->v7m.exception = armv7m_nvic_acknowledge_irq(env->nvic);
651 case EXCP_EXCEPTION_EXIT:
652 do_v7m_exception_exit(env);
655 cpu_abort(env, "Unhandled exception 0x%x\n", env->exception_index);
656 return; /* Never happens. Keep compiler happy. */
659 /* Align stack pointer. */
660 /* ??? Should only do this if Configuration Control Register
661 STACKALIGN bit is set. */
662 if (env->regs[13] & 4) {
666 /* Switch to the handler mode. */
668 v7m_push(env, env->regs[15]);
669 v7m_push(env, env->regs[14]);
670 v7m_push(env, env->regs[12]);
671 v7m_push(env, env->regs[3]);
672 v7m_push(env, env->regs[2]);
673 v7m_push(env, env->regs[1]);
674 v7m_push(env, env->regs[0]);
675 switch_v7m_sp(env, 0);
677 env->condexec_bits = 0;
679 addr = ldl_phys(env->v7m.vecbase + env->v7m.exception * 4);
680 env->regs[15] = addr & 0xfffffffe;
681 env->thumb = addr & 1;
684 /* Handle a CPU exception. */
685 void do_interrupt(CPUARMState *env)
693 do_interrupt_v7m(env);
696 /* TODO: Vectored interrupt controller. */
697 switch (env->exception_index) {
699 new_mode = ARM_CPU_MODE_UND;
708 if (semihosting_enabled) {
709 /* Check for semihosting interrupt. */
711 mask = arm_lduw_code(env->regs[15] - 2, env->bswap_code) & 0xff;
713 mask = arm_ldl_code(env->regs[15] - 4, env->bswap_code)
716 /* Only intercept calls from privileged modes, to provide some
717 semblance of security. */
718 if (((mask == 0x123456 && !env->thumb)
719 || (mask == 0xab && env->thumb))
720 && (env->uncached_cpsr & CPSR_M) != ARM_CPU_MODE_USR) {
721 env->regs[0] = do_arm_semihosting(env);
725 new_mode = ARM_CPU_MODE_SVC;
728 /* The PC already points to the next instruction. */
732 /* See if this is a semihosting syscall. */
733 if (env->thumb && semihosting_enabled) {
734 mask = arm_lduw_code(env->regs[15], env->bswap_code) & 0xff;
736 && (env->uncached_cpsr & CPSR_M) != ARM_CPU_MODE_USR) {
738 env->regs[0] = do_arm_semihosting(env);
742 env->cp15.c5_insn = 2;
743 /* Fall through to prefetch abort. */
744 case EXCP_PREFETCH_ABORT:
745 new_mode = ARM_CPU_MODE_ABT;
747 mask = CPSR_A | CPSR_I;
750 case EXCP_DATA_ABORT:
751 new_mode = ARM_CPU_MODE_ABT;
753 mask = CPSR_A | CPSR_I;
757 new_mode = ARM_CPU_MODE_IRQ;
759 /* Disable IRQ and imprecise data aborts. */
760 mask = CPSR_A | CPSR_I;
764 new_mode = ARM_CPU_MODE_FIQ;
766 /* Disable FIQ, IRQ and imprecise data aborts. */
767 mask = CPSR_A | CPSR_I | CPSR_F;
771 cpu_abort(env, "Unhandled exception 0x%x\n", env->exception_index);
772 return; /* Never happens. Keep compiler happy. */
775 if (env->cp15.c1_sys & (1 << 13)) {
778 switch_mode (env, new_mode);
779 env->spsr = cpsr_read(env);
781 env->condexec_bits = 0;
782 /* Switch to the new mode, and to the correct instruction set. */
783 env->uncached_cpsr = (env->uncached_cpsr & ~CPSR_M) | new_mode;
784 env->uncached_cpsr |= mask;
785 /* this is a lie, as the was no c1_sys on V4T/V5, but who cares
786 * and we should just guard the thumb mode on V4 */
787 if (arm_feature(env, ARM_FEATURE_V4T)) {
788 env->thumb = (env->cp15.c1_sys & (1 << 30)) != 0;
790 env->regs[14] = env->regs[15] + offset;
791 env->regs[15] = addr;
792 env->interrupt_request |= CPU_INTERRUPT_EXITTB;
795 /* Check section/page access permissions.
796 Returns the page protection flags, or zero if the access is not
798 static inline int check_ap(CPUARMState *env, int ap, int domain_prot,
799 int access_type, int is_user)
803 if (domain_prot == 3) {
804 return PAGE_READ | PAGE_WRITE;
807 if (access_type == 1)
814 if (access_type == 1)
816 switch ((env->cp15.c1_sys >> 8) & 3) {
818 return is_user ? 0 : PAGE_READ;
825 return is_user ? 0 : PAGE_READ | PAGE_WRITE;
830 return PAGE_READ | PAGE_WRITE;
832 return PAGE_READ | PAGE_WRITE;
833 case 4: /* Reserved. */
836 return is_user ? 0 : prot_ro;
840 if (!arm_feature (env, ARM_FEATURE_V6K))
848 static uint32_t get_level1_table_address(CPUARMState *env, uint32_t address)
852 if (address & env->cp15.c2_mask)
853 table = env->cp15.c2_base1 & 0xffffc000;
855 table = env->cp15.c2_base0 & env->cp15.c2_base_mask;
857 table |= (address >> 18) & 0x3ffc;
861 static int get_phys_addr_v5(CPUARMState *env, uint32_t address, int access_type,
862 int is_user, uint32_t *phys_ptr, int *prot,
863 target_ulong *page_size)
874 /* Pagetable walk. */
875 /* Lookup l1 descriptor. */
876 table = get_level1_table_address(env, address);
877 desc = ldl_phys(table);
879 domain = (desc >> 5) & 0x0f;
880 domain_prot = (env->cp15.c3 >> (domain * 2)) & 3;
882 /* Section translation fault. */
886 if (domain_prot == 0 || domain_prot == 2) {
888 code = 9; /* Section domain fault. */
890 code = 11; /* Page domain fault. */
895 phys_addr = (desc & 0xfff00000) | (address & 0x000fffff);
896 ap = (desc >> 10) & 3;
898 *page_size = 1024 * 1024;
900 /* Lookup l2 entry. */
902 /* Coarse pagetable. */
903 table = (desc & 0xfffffc00) | ((address >> 10) & 0x3fc);
905 /* Fine pagetable. */
906 table = (desc & 0xfffff000) | ((address >> 8) & 0xffc);
908 desc = ldl_phys(table);
910 case 0: /* Page translation fault. */
913 case 1: /* 64k page. */
914 phys_addr = (desc & 0xffff0000) | (address & 0xffff);
915 ap = (desc >> (4 + ((address >> 13) & 6))) & 3;
916 *page_size = 0x10000;
918 case 2: /* 4k page. */
919 phys_addr = (desc & 0xfffff000) | (address & 0xfff);
920 ap = (desc >> (4 + ((address >> 13) & 6))) & 3;
923 case 3: /* 1k page. */
925 if (arm_feature(env, ARM_FEATURE_XSCALE)) {
926 phys_addr = (desc & 0xfffff000) | (address & 0xfff);
928 /* Page translation fault. */
933 phys_addr = (desc & 0xfffffc00) | (address & 0x3ff);
935 ap = (desc >> 4) & 3;
939 /* Never happens, but compiler isn't smart enough to tell. */
944 *prot = check_ap(env, ap, domain_prot, access_type, is_user);
946 /* Access permission fault. */
950 *phys_ptr = phys_addr;
953 return code | (domain << 4);
956 static int get_phys_addr_v6(CPUARMState *env, uint32_t address, int access_type,
957 int is_user, uint32_t *phys_ptr, int *prot,
958 target_ulong *page_size)
970 /* Pagetable walk. */
971 /* Lookup l1 descriptor. */
972 table = get_level1_table_address(env, address);
973 desc = ldl_phys(table);
976 /* Section translation fault. */
980 } else if (type == 2 && (desc & (1 << 18))) {
984 /* Section or page. */
985 domain = (desc >> 5) & 0x0f;
987 domain_prot = (env->cp15.c3 >> (domain * 2)) & 3;
988 if (domain_prot == 0 || domain_prot == 2) {
990 code = 9; /* Section domain fault. */
992 code = 11; /* Page domain fault. */
996 if (desc & (1 << 18)) {
998 phys_addr = (desc & 0xff000000) | (address & 0x00ffffff);
999 *page_size = 0x1000000;
1002 phys_addr = (desc & 0xfff00000) | (address & 0x000fffff);
1003 *page_size = 0x100000;
1005 ap = ((desc >> 10) & 3) | ((desc >> 13) & 4);
1006 xn = desc & (1 << 4);
1009 /* Lookup l2 entry. */
1010 table = (desc & 0xfffffc00) | ((address >> 10) & 0x3fc);
1011 desc = ldl_phys(table);
1012 ap = ((desc >> 4) & 3) | ((desc >> 7) & 4);
1014 case 0: /* Page translation fault. */
1017 case 1: /* 64k page. */
1018 phys_addr = (desc & 0xffff0000) | (address & 0xffff);
1019 xn = desc & (1 << 15);
1020 *page_size = 0x10000;
1022 case 2: case 3: /* 4k page. */
1023 phys_addr = (desc & 0xfffff000) | (address & 0xfff);
1025 *page_size = 0x1000;
1028 /* Never happens, but compiler isn't smart enough to tell. */
1033 if (domain_prot == 3) {
1034 *prot = PAGE_READ | PAGE_WRITE | PAGE_EXEC;
1036 if (xn && access_type == 2)
1039 /* The simplified model uses AP[0] as an access control bit. */
1040 if ((env->cp15.c1_sys & (1 << 29)) && (ap & 1) == 0) {
1041 /* Access flag fault. */
1042 code = (code == 15) ? 6 : 3;
1045 *prot = check_ap(env, ap, domain_prot, access_type, is_user);
1047 /* Access permission fault. */
1054 *phys_ptr = phys_addr;
1057 return code | (domain << 4);
1060 static int get_phys_addr_mpu(CPUARMState *env, uint32_t address, int access_type,
1061 int is_user, uint32_t *phys_ptr, int *prot)
1067 *phys_ptr = address;
1068 for (n = 7; n >= 0; n--) {
1069 base = env->cp15.c6_region[n];
1070 if ((base & 1) == 0)
1072 mask = 1 << ((base >> 1) & 0x1f);
1073 /* Keep this shift separate from the above to avoid an
1074 (undefined) << 32. */
1075 mask = (mask << 1) - 1;
1076 if (((base ^ address) & ~mask) == 0)
1082 if (access_type == 2) {
1083 mask = env->cp15.c5_insn;
1085 mask = env->cp15.c5_data;
1087 mask = (mask >> (n * 4)) & 0xf;
1094 *prot = PAGE_READ | PAGE_WRITE;
1099 *prot |= PAGE_WRITE;
1102 *prot = PAGE_READ | PAGE_WRITE;
1113 /* Bad permission. */
1120 static inline int get_phys_addr(CPUARMState *env, uint32_t address,
1121 int access_type, int is_user,
1122 uint32_t *phys_ptr, int *prot,
1123 target_ulong *page_size)
1125 /* Fast Context Switch Extension. */
1126 if (address < 0x02000000)
1127 address += env->cp15.c13_fcse;
1129 if ((env->cp15.c1_sys & 1) == 0) {
1130 /* MMU/MPU disabled. */
1131 *phys_ptr = address;
1132 *prot = PAGE_READ | PAGE_WRITE | PAGE_EXEC;
1133 *page_size = TARGET_PAGE_SIZE;
1135 } else if (arm_feature(env, ARM_FEATURE_MPU)) {
1136 *page_size = TARGET_PAGE_SIZE;
1137 return get_phys_addr_mpu(env, address, access_type, is_user, phys_ptr,
1139 } else if (env->cp15.c1_sys & (1 << 23)) {
1140 return get_phys_addr_v6(env, address, access_type, is_user, phys_ptr,
1143 return get_phys_addr_v5(env, address, access_type, is_user, phys_ptr,
1148 int cpu_arm_handle_mmu_fault (CPUARMState *env, target_ulong address,
1149 int access_type, int mmu_idx)
1152 target_ulong page_size;
1156 is_user = mmu_idx == MMU_USER_IDX;
1157 ret = get_phys_addr(env, address, access_type, is_user, &phys_addr, &prot,
1160 /* Map a single [sub]page. */
1161 phys_addr &= ~(uint32_t)0x3ff;
1162 address &= ~(uint32_t)0x3ff;
1163 tlb_set_page (env, address, phys_addr, prot, mmu_idx, page_size);
1167 if (access_type == 2) {
1168 env->cp15.c5_insn = ret;
1169 env->cp15.c6_insn = address;
1170 env->exception_index = EXCP_PREFETCH_ABORT;
1172 env->cp15.c5_data = ret;
1173 if (access_type == 1 && arm_feature(env, ARM_FEATURE_V6))
1174 env->cp15.c5_data |= (1 << 11);
1175 env->cp15.c6_data = address;
1176 env->exception_index = EXCP_DATA_ABORT;
1181 target_phys_addr_t cpu_get_phys_page_debug(CPUARMState *env, target_ulong addr)
1184 target_ulong page_size;
1188 ret = get_phys_addr(env, addr, 0, 0, &phys_addr, &prot, &page_size);
1196 void HELPER(set_cp)(CPUARMState *env, uint32_t insn, uint32_t val)
1198 int cp_num = (insn >> 8) & 0xf;
1199 int cp_info = (insn >> 5) & 7;
1200 int src = (insn >> 16) & 0xf;
1201 int operand = insn & 0xf;
1203 if (env->cp[cp_num].cp_write)
1204 env->cp[cp_num].cp_write(env->cp[cp_num].opaque,
1205 cp_info, src, operand, val);
1208 uint32_t HELPER(get_cp)(CPUARMState *env, uint32_t insn)
1210 int cp_num = (insn >> 8) & 0xf;
1211 int cp_info = (insn >> 5) & 7;
1212 int dest = (insn >> 16) & 0xf;
1213 int operand = insn & 0xf;
1215 if (env->cp[cp_num].cp_read)
1216 return env->cp[cp_num].cp_read(env->cp[cp_num].opaque,
1217 cp_info, dest, operand);
1221 /* Return basic MPU access permission bits. */
1222 static uint32_t simple_mpu_ap_bits(uint32_t val)
1229 for (i = 0; i < 16; i += 2) {
1230 ret |= (val >> i) & mask;
1236 /* Pad basic MPU access permission bits to extended format. */
1237 static uint32_t extended_mpu_ap_bits(uint32_t val)
1244 for (i = 0; i < 16; i += 2) {
1245 ret |= (val & mask) << i;
1251 void HELPER(set_cp15)(CPUARMState *env, uint32_t insn, uint32_t val)
1257 op1 = (insn >> 21) & 7;
1258 op2 = (insn >> 5) & 7;
1260 switch ((insn >> 16) & 0xf) {
1263 if (arm_feature(env, ARM_FEATURE_XSCALE))
1265 if (arm_feature(env, ARM_FEATURE_OMAPCP))
1267 if (arm_feature(env, ARM_FEATURE_V7)
1268 && op1 == 2 && crm == 0 && op2 == 0) {
1269 env->cp15.c0_cssel = val & 0xf;
1273 case 1: /* System configuration. */
1274 if (arm_feature(env, ARM_FEATURE_V7)
1275 && op1 == 0 && crm == 1 && op2 == 0) {
1276 env->cp15.c1_scr = val;
1279 if (arm_feature(env, ARM_FEATURE_OMAPCP))
1283 if (!arm_feature(env, ARM_FEATURE_XSCALE) || crm == 0)
1284 env->cp15.c1_sys = val;
1285 /* ??? Lots of these bits are not implemented. */
1286 /* This may enable/disable the MMU, so do a TLB flush. */
1289 case 1: /* Auxiliary control register. */
1290 if (arm_feature(env, ARM_FEATURE_XSCALE)) {
1291 env->cp15.c1_xscaleauxcr = val;
1294 /* Not implemented. */
1297 if (arm_feature(env, ARM_FEATURE_XSCALE))
1299 if (env->cp15.c1_coproc != val) {
1300 env->cp15.c1_coproc = val;
1301 /* ??? Is this safe when called from within a TB? */
1309 case 2: /* MMU Page table control / MPU cache control. */
1310 if (arm_feature(env, ARM_FEATURE_MPU)) {
1313 env->cp15.c2_data = val;
1316 env->cp15.c2_insn = val;
1324 env->cp15.c2_base0 = val;
1327 env->cp15.c2_base1 = val;
1331 env->cp15.c2_control = val;
1332 env->cp15.c2_mask = ~(((uint32_t)0xffffffffu) >> val);
1333 env->cp15.c2_base_mask = ~((uint32_t)0x3fffu >> val);
1340 case 3: /* MMU Domain access control / MPU write buffer control. */
1342 tlb_flush(env, 1); /* Flush TLB as domain not tracked in TLB */
1344 case 4: /* Reserved. */
1346 case 5: /* MMU Fault status / MPU access permission. */
1347 if (arm_feature(env, ARM_FEATURE_OMAPCP))
1351 if (arm_feature(env, ARM_FEATURE_MPU))
1352 val = extended_mpu_ap_bits(val);
1353 env->cp15.c5_data = val;
1356 if (arm_feature(env, ARM_FEATURE_MPU))
1357 val = extended_mpu_ap_bits(val);
1358 env->cp15.c5_insn = val;
1361 if (!arm_feature(env, ARM_FEATURE_MPU))
1363 env->cp15.c5_data = val;
1366 if (!arm_feature(env, ARM_FEATURE_MPU))
1368 env->cp15.c5_insn = val;
1374 case 6: /* MMU Fault address / MPU base/size. */
1375 if (arm_feature(env, ARM_FEATURE_MPU)) {
1378 env->cp15.c6_region[crm] = val;
1380 if (arm_feature(env, ARM_FEATURE_OMAPCP))
1384 env->cp15.c6_data = val;
1386 case 1: /* ??? This is WFAR on armv6 */
1388 env->cp15.c6_insn = val;
1395 case 7: /* Cache control. */
1396 env->cp15.c15_i_max = 0x000;
1397 env->cp15.c15_i_min = 0xff0;
1401 /* No cache, so nothing to do except VA->PA translations. */
1402 if (arm_feature(env, ARM_FEATURE_VAPA)) {
1405 if (arm_feature(env, ARM_FEATURE_V7)) {
1406 env->cp15.c7_par = val & 0xfffff6ff;
1408 env->cp15.c7_par = val & 0xfffff1ff;
1413 target_ulong page_size;
1415 int ret, is_user = op2 & 2;
1416 int access_type = op2 & 1;
1419 /* Other states are only available with TrustZone */
1422 ret = get_phys_addr(env, val, access_type, is_user,
1423 &phys_addr, &prot, &page_size);
1425 /* We do not set any attribute bits in the PAR */
1426 if (page_size == (1 << 24)
1427 && arm_feature(env, ARM_FEATURE_V7)) {
1428 env->cp15.c7_par = (phys_addr & 0xff000000) | 1 << 1;
1430 env->cp15.c7_par = phys_addr & 0xfffff000;
1433 env->cp15.c7_par = ((ret & (10 << 1)) >> 5) |
1434 ((ret & (12 << 1)) >> 6) |
1435 ((ret & 0xf) << 1) | 1;
1442 case 8: /* MMU TLB control. */
1444 case 0: /* Invalidate all (TLBIALL) */
1447 case 1: /* Invalidate single TLB entry by MVA and ASID (TLBIMVA) */
1448 tlb_flush_page(env, val & TARGET_PAGE_MASK);
1450 case 2: /* Invalidate by ASID (TLBIASID) */
1451 tlb_flush(env, val == 0);
1453 case 3: /* Invalidate single entry by MVA, all ASIDs (TLBIMVAA) */
1454 tlb_flush_page(env, val & TARGET_PAGE_MASK);
1461 if (arm_feature(env, ARM_FEATURE_OMAPCP))
1463 if (arm_feature(env, ARM_FEATURE_STRONGARM))
1464 break; /* Ignore ReadBuffer access */
1466 case 0: /* Cache lockdown. */
1468 case 0: /* L1 cache. */
1471 env->cp15.c9_data = val;
1474 env->cp15.c9_insn = val;
1480 case 1: /* L2 cache. */
1481 /* Ignore writes to L2 lockdown/auxiliary registers. */
1487 case 1: /* TCM memory region registers. */
1488 /* Not implemented. */
1490 case 12: /* Performance monitor control */
1491 /* Performance monitors are implementation defined in v7,
1492 * but with an ARM recommended set of registers, which we
1493 * follow (although we don't actually implement any counters)
1495 if (!arm_feature(env, ARM_FEATURE_V7)) {
1499 case 0: /* performance monitor control register */
1500 /* only the DP, X, D and E bits are writable */
1501 env->cp15.c9_pmcr &= ~0x39;
1502 env->cp15.c9_pmcr |= (val & 0x39);
1504 case 1: /* Count enable set register */
1506 env->cp15.c9_pmcnten |= val;
1508 case 2: /* Count enable clear */
1510 env->cp15.c9_pmcnten &= ~val;
1512 case 3: /* Overflow flag status */
1513 env->cp15.c9_pmovsr &= ~val;
1515 case 4: /* Software increment */
1516 /* RAZ/WI since we don't implement the software-count event */
1518 case 5: /* Event counter selection register */
1519 /* Since we don't implement any events, writing to this register
1520 * is actually UNPREDICTABLE. So we choose to RAZ/WI.
1527 case 13: /* Performance counters */
1528 if (!arm_feature(env, ARM_FEATURE_V7)) {
1532 case 0: /* Cycle count register: not implemented, so RAZ/WI */
1534 case 1: /* Event type select */
1535 env->cp15.c9_pmxevtyper = val & 0xff;
1537 case 2: /* Event count register */
1538 /* Unimplemented (we have no events), RAZ/WI */
1544 case 14: /* Performance monitor control */
1545 if (!arm_feature(env, ARM_FEATURE_V7)) {
1549 case 0: /* user enable */
1550 env->cp15.c9_pmuserenr = val & 1;
1551 /* changes access rights for cp registers, so flush tbs */
1554 case 1: /* interrupt enable set */
1555 /* We have no event counters so only the C bit can be changed */
1557 env->cp15.c9_pminten |= val;
1559 case 2: /* interrupt enable clear */
1561 env->cp15.c9_pminten &= ~val;
1569 case 10: /* MMU TLB lockdown. */
1570 /* ??? TLB lockdown not implemented. */
1572 case 12: /* Reserved. */
1574 case 13: /* Process ID. */
1577 /* Unlike real hardware the qemu TLB uses virtual addresses,
1578 not modified virtual addresses, so this causes a TLB flush.
1580 if (env->cp15.c13_fcse != val)
1582 env->cp15.c13_fcse = val;
1585 /* This changes the ASID, so do a TLB flush. */
1586 if (env->cp15.c13_context != val
1587 && !arm_feature(env, ARM_FEATURE_MPU))
1589 env->cp15.c13_context = val;
1595 case 14: /* Generic timer */
1596 if (arm_feature(env, ARM_FEATURE_GENERIC_TIMER)) {
1597 /* Dummy implementation: RAZ/WI for all */
1601 case 15: /* Implementation specific. */
1602 if (arm_feature(env, ARM_FEATURE_XSCALE)) {
1603 if (op2 == 0 && crm == 1) {
1604 if (env->cp15.c15_cpar != (val & 0x3fff)) {
1605 /* Changes cp0 to cp13 behavior, so needs a TB flush. */
1607 env->cp15.c15_cpar = val & 0x3fff;
1613 if (arm_feature(env, ARM_FEATURE_OMAPCP)) {
1617 case 1: /* Set TI925T configuration. */
1618 env->cp15.c15_ticonfig = val & 0xe7;
1619 env->cp15.c0_cpuid = (val & (1 << 5)) ? /* OS_TYPE bit */
1620 ARM_CPUID_TI915T : ARM_CPUID_TI925T;
1622 case 2: /* Set I_max. */
1623 env->cp15.c15_i_max = val;
1625 case 3: /* Set I_min. */
1626 env->cp15.c15_i_min = val;
1628 case 4: /* Set thread-ID. */
1629 env->cp15.c15_threadid = val & 0xffff;
1631 case 8: /* Wait-for-interrupt (deprecated). */
1632 cpu_interrupt(env, CPU_INTERRUPT_HALT);
1638 if (ARM_CPUID(env) == ARM_CPUID_CORTEXA9) {
1641 if ((op1 == 0) && (op2 == 0)) {
1642 env->cp15.c15_power_control = val;
1643 } else if ((op1 == 0) && (op2 == 1)) {
1644 env->cp15.c15_diagnostic = val;
1645 } else if ((op1 == 0) && (op2 == 2)) {
1646 env->cp15.c15_power_diagnostic = val;
1656 /* ??? For debugging only. Should raise illegal instruction exception. */
1657 cpu_abort(env, "Unimplemented cp15 register write (c%d, c%d, {%d, %d})\n",
1658 (insn >> 16) & 0xf, crm, op1, op2);
1661 uint32_t HELPER(get_cp15)(CPUARMState *env, uint32_t insn)
1667 op1 = (insn >> 21) & 7;
1668 op2 = (insn >> 5) & 7;
1670 switch ((insn >> 16) & 0xf) {
1671 case 0: /* ID codes. */
1677 case 0: /* Device ID. */
1678 return env->cp15.c0_cpuid;
1679 case 1: /* Cache Type. */
1680 return env->cp15.c0_cachetype;
1681 case 2: /* TCM status. */
1683 case 3: /* TLB type register. */
1684 return 0; /* No lockable TLB entries. */
1686 /* The MPIDR was standardised in v7; prior to
1687 * this it was implemented only in the 11MPCore.
1688 * For all other pre-v7 cores it does not exist.
1690 if (arm_feature(env, ARM_FEATURE_V7) ||
1691 ARM_CPUID(env) == ARM_CPUID_ARM11MPCORE) {
1692 int mpidr = env->cpu_index;
1693 /* We don't support setting cluster ID ([8..11])
1694 * so these bits always RAZ.
1696 if (arm_feature(env, ARM_FEATURE_V7MP)) {
1698 /* Cores which are uniprocessor (non-coherent)
1699 * but still implement the MP extensions set
1700 * bit 30. (For instance, A9UP.) However we do
1701 * not currently model any of those cores.
1706 /* otherwise fall through to the unimplemented-reg case */
1711 if (!arm_feature(env, ARM_FEATURE_V6))
1713 return env->cp15.c0_c1[op2];
1715 if (!arm_feature(env, ARM_FEATURE_V6))
1717 return env->cp15.c0_c2[op2];
1718 case 3: case 4: case 5: case 6: case 7:
1724 /* These registers aren't documented on arm11 cores. However
1725 Linux looks at them anyway. */
1726 if (!arm_feature(env, ARM_FEATURE_V6))
1730 if (!arm_feature(env, ARM_FEATURE_V7))
1735 return env->cp15.c0_ccsid[env->cp15.c0_cssel];
1737 return env->cp15.c0_clid;
1743 if (op2 != 0 || crm != 0)
1745 return env->cp15.c0_cssel;
1749 case 1: /* System configuration. */
1750 if (arm_feature(env, ARM_FEATURE_V7)
1751 && op1 == 0 && crm == 1 && op2 == 0) {
1752 return env->cp15.c1_scr;
1754 if (arm_feature(env, ARM_FEATURE_OMAPCP))
1757 case 0: /* Control register. */
1758 return env->cp15.c1_sys;
1759 case 1: /* Auxiliary control register. */
1760 if (arm_feature(env, ARM_FEATURE_XSCALE))
1761 return env->cp15.c1_xscaleauxcr;
1762 if (!arm_feature(env, ARM_FEATURE_AUXCR))
1764 switch (ARM_CPUID(env)) {
1765 case ARM_CPUID_ARM1026:
1767 case ARM_CPUID_ARM1136:
1768 case ARM_CPUID_ARM1136_R2:
1769 case ARM_CPUID_ARM1176:
1771 case ARM_CPUID_ARM11MPCORE:
1773 case ARM_CPUID_CORTEXA8:
1775 case ARM_CPUID_CORTEXA9:
1776 case ARM_CPUID_CORTEXA15:
1781 case 2: /* Coprocessor access register. */
1782 if (arm_feature(env, ARM_FEATURE_XSCALE))
1784 return env->cp15.c1_coproc;
1788 case 2: /* MMU Page table control / MPU cache control. */
1789 if (arm_feature(env, ARM_FEATURE_MPU)) {
1792 return env->cp15.c2_data;
1795 return env->cp15.c2_insn;
1803 return env->cp15.c2_base0;
1805 return env->cp15.c2_base1;
1807 return env->cp15.c2_control;
1812 case 3: /* MMU Domain access control / MPU write buffer control. */
1813 return env->cp15.c3;
1814 case 4: /* Reserved. */
1816 case 5: /* MMU Fault status / MPU access permission. */
1817 if (arm_feature(env, ARM_FEATURE_OMAPCP))
1821 if (arm_feature(env, ARM_FEATURE_MPU))
1822 return simple_mpu_ap_bits(env->cp15.c5_data);
1823 return env->cp15.c5_data;
1825 if (arm_feature(env, ARM_FEATURE_MPU))
1826 return simple_mpu_ap_bits(env->cp15.c5_insn);
1827 return env->cp15.c5_insn;
1829 if (!arm_feature(env, ARM_FEATURE_MPU))
1831 return env->cp15.c5_data;
1833 if (!arm_feature(env, ARM_FEATURE_MPU))
1835 return env->cp15.c5_insn;
1839 case 6: /* MMU Fault address. */
1840 if (arm_feature(env, ARM_FEATURE_MPU)) {
1843 return env->cp15.c6_region[crm];
1845 if (arm_feature(env, ARM_FEATURE_OMAPCP))
1849 return env->cp15.c6_data;
1851 if (arm_feature(env, ARM_FEATURE_V6)) {
1852 /* Watchpoint Fault Adrress. */
1853 return 0; /* Not implemented. */
1855 /* Instruction Fault Adrress. */
1856 /* Arm9 doesn't have an IFAR, but implementing it anyway
1857 shouldn't do any harm. */
1858 return env->cp15.c6_insn;
1861 if (arm_feature(env, ARM_FEATURE_V6)) {
1862 /* Instruction Fault Adrress. */
1863 return env->cp15.c6_insn;
1871 case 7: /* Cache control. */
1872 if (crm == 4 && op1 == 0 && op2 == 0) {
1873 return env->cp15.c7_par;
1875 /* FIXME: Should only clear Z flag if destination is r15. */
1878 case 8: /* MMU TLB control. */
1882 case 0: /* Cache lockdown */
1884 case 0: /* L1 cache. */
1885 if (arm_feature(env, ARM_FEATURE_OMAPCP)) {
1890 return env->cp15.c9_data;
1892 return env->cp15.c9_insn;
1896 case 1: /* L2 cache */
1897 /* L2 Lockdown and Auxiliary control. */
1900 /* L2 cache lockdown (A8 only) */
1903 /* L2 cache auxiliary control (A8) or control (A15) */
1904 if (ARM_CPUID(env) == ARM_CPUID_CORTEXA15) {
1905 /* Linux wants the number of processors from here.
1906 * Might as well set the interrupt-controller bit too.
1908 return ((smp_cpus - 1) << 24) | (1 << 23);
1912 /* L2 cache extended control (A15) */
1921 case 12: /* Performance monitor control */
1922 if (!arm_feature(env, ARM_FEATURE_V7)) {
1926 case 0: /* performance monitor control register */
1927 return env->cp15.c9_pmcr;
1928 case 1: /* count enable set */
1929 case 2: /* count enable clear */
1930 return env->cp15.c9_pmcnten;
1931 case 3: /* overflow flag status */
1932 return env->cp15.c9_pmovsr;
1933 case 4: /* software increment */
1934 case 5: /* event counter selection register */
1935 return 0; /* Unimplemented, RAZ/WI */
1939 case 13: /* Performance counters */
1940 if (!arm_feature(env, ARM_FEATURE_V7)) {
1944 case 1: /* Event type select */
1945 return env->cp15.c9_pmxevtyper;
1946 case 0: /* Cycle count register */
1947 case 2: /* Event count register */
1948 /* Unimplemented, so RAZ/WI */
1953 case 14: /* Performance monitor control */
1954 if (!arm_feature(env, ARM_FEATURE_V7)) {
1958 case 0: /* user enable */
1959 return env->cp15.c9_pmuserenr;
1960 case 1: /* interrupt enable set */
1961 case 2: /* interrupt enable clear */
1962 return env->cp15.c9_pminten;
1970 case 10: /* MMU TLB lockdown. */
1971 /* ??? TLB lockdown not implemented. */
1973 case 11: /* TCM DMA control. */
1974 case 12: /* Reserved. */
1976 case 13: /* Process ID. */
1979 return env->cp15.c13_fcse;
1981 return env->cp15.c13_context;
1985 case 14: /* Generic timer */
1986 if (arm_feature(env, ARM_FEATURE_GENERIC_TIMER)) {
1987 /* Dummy implementation: RAZ/WI for all */
1991 case 15: /* Implementation specific. */
1992 if (arm_feature(env, ARM_FEATURE_XSCALE)) {
1993 if (op2 == 0 && crm == 1)
1994 return env->cp15.c15_cpar;
1998 if (arm_feature(env, ARM_FEATURE_OMAPCP)) {
2002 case 1: /* Read TI925T configuration. */
2003 return env->cp15.c15_ticonfig;
2004 case 2: /* Read I_max. */
2005 return env->cp15.c15_i_max;
2006 case 3: /* Read I_min. */
2007 return env->cp15.c15_i_min;
2008 case 4: /* Read thread-ID. */
2009 return env->cp15.c15_threadid;
2010 case 8: /* TI925T_status */
2013 /* TODO: Peripheral port remap register:
2014 * On OMAP2 mcr p15, 0, rn, c15, c2, 4 sets up the interrupt
2015 * controller base address at $rn & ~0xfff and map size of
2016 * 0x200 << ($rn & 0xfff), when MMU is off. */
2019 if (ARM_CPUID(env) == ARM_CPUID_CORTEXA9) {
2022 if ((op1 == 4) && (op2 == 0)) {
2023 /* The config_base_address should hold the value of
2024 * the peripheral base. ARM should get this from a CPU
2025 * object property, but that support isn't available in
2026 * December 2011. Default to 0 for now and board models
2027 * that care can set it by a private hook */
2028 return env->cp15.c15_config_base_address;
2029 } else if ((op1 == 0) && (op2 == 0)) {
2030 /* power_control should be set to maximum latency. Again,
2031 default to 0 and set by private hook */
2032 return env->cp15.c15_power_control;
2033 } else if ((op1 == 0) && (op2 == 1)) {
2034 return env->cp15.c15_diagnostic;
2035 } else if ((op1 == 0) && (op2 == 2)) {
2036 return env->cp15.c15_power_diagnostic;
2039 case 1: /* NEON Busy */
2041 case 5: /* tlb lockdown */
2044 if ((op1 == 5) && (op2 == 2)) {
2056 /* ??? For debugging only. Should raise illegal instruction exception. */
2057 cpu_abort(env, "Unimplemented cp15 register read (c%d, c%d, {%d, %d})\n",
2058 (insn >> 16) & 0xf, crm, op1, op2);
2062 void HELPER(set_r13_banked)(CPUARMState *env, uint32_t mode, uint32_t val)
2064 if ((env->uncached_cpsr & CPSR_M) == mode) {
2065 env->regs[13] = val;
2067 env->banked_r13[bank_number(env, mode)] = val;
2071 uint32_t HELPER(get_r13_banked)(CPUARMState *env, uint32_t mode)
2073 if ((env->uncached_cpsr & CPSR_M) == mode) {
2074 return env->regs[13];
2076 return env->banked_r13[bank_number(env, mode)];
2080 uint32_t HELPER(v7m_mrs)(CPUARMState *env, uint32_t reg)
2084 return xpsr_read(env) & 0xf8000000;
2086 return xpsr_read(env) & 0xf80001ff;
2088 return xpsr_read(env) & 0xff00fc00;
2090 return xpsr_read(env) & 0xff00fdff;
2092 return xpsr_read(env) & 0x000001ff;
2094 return xpsr_read(env) & 0x0700fc00;
2096 return xpsr_read(env) & 0x0700edff;
2098 return env->v7m.current_sp ? env->v7m.other_sp : env->regs[13];
2100 return env->v7m.current_sp ? env->regs[13] : env->v7m.other_sp;
2101 case 16: /* PRIMASK */
2102 return (env->uncached_cpsr & CPSR_I) != 0;
2103 case 17: /* BASEPRI */
2104 case 18: /* BASEPRI_MAX */
2105 return env->v7m.basepri;
2106 case 19: /* FAULTMASK */
2107 return (env->uncached_cpsr & CPSR_F) != 0;
2108 case 20: /* CONTROL */
2109 return env->v7m.control;
2111 /* ??? For debugging only. */
2112 cpu_abort(env, "Unimplemented system register read (%d)\n", reg);
2117 void HELPER(v7m_msr)(CPUARMState *env, uint32_t reg, uint32_t val)
2121 xpsr_write(env, val, 0xf8000000);
2124 xpsr_write(env, val, 0xf8000000);
2127 xpsr_write(env, val, 0xfe00fc00);
2130 xpsr_write(env, val, 0xfe00fc00);
2133 /* IPSR bits are readonly. */
2136 xpsr_write(env, val, 0x0600fc00);
2139 xpsr_write(env, val, 0x0600fc00);
2142 if (env->v7m.current_sp)
2143 env->v7m.other_sp = val;
2145 env->regs[13] = val;
2148 if (env->v7m.current_sp)
2149 env->regs[13] = val;
2151 env->v7m.other_sp = val;
2153 case 16: /* PRIMASK */
2155 env->uncached_cpsr |= CPSR_I;
2157 env->uncached_cpsr &= ~CPSR_I;
2159 case 17: /* BASEPRI */
2160 env->v7m.basepri = val & 0xff;
2162 case 18: /* BASEPRI_MAX */
2164 if (val != 0 && (val < env->v7m.basepri || env->v7m.basepri == 0))
2165 env->v7m.basepri = val;
2167 case 19: /* FAULTMASK */
2169 env->uncached_cpsr |= CPSR_F;
2171 env->uncached_cpsr &= ~CPSR_F;
2173 case 20: /* CONTROL */
2174 env->v7m.control = val & 3;
2175 switch_v7m_sp(env, (val & 2) != 0);
2178 /* ??? For debugging only. */
2179 cpu_abort(env, "Unimplemented system register write (%d)\n", reg);
2184 void cpu_arm_set_cp_io(CPUARMState *env, int cpnum,
2185 ARMReadCPFunc *cp_read, ARMWriteCPFunc *cp_write,
2188 if (cpnum < 0 || cpnum > 14) {
2189 cpu_abort(env, "Bad coprocessor number: %i\n", cpnum);
2193 env->cp[cpnum].cp_read = cp_read;
2194 env->cp[cpnum].cp_write = cp_write;
2195 env->cp[cpnum].opaque = opaque;
2200 /* Note that signed overflow is undefined in C. The following routines are
2201 careful to use unsigned types where modulo arithmetic is required.
2202 Failure to do so _will_ break on newer gcc. */
2204 /* Signed saturating arithmetic. */
2206 /* Perform 16-bit signed saturating addition. */
2207 static inline uint16_t add16_sat(uint16_t a, uint16_t b)
2212 if (((res ^ a) & 0x8000) && !((a ^ b) & 0x8000)) {
2221 /* Perform 8-bit signed saturating addition. */
2222 static inline uint8_t add8_sat(uint8_t a, uint8_t b)
2227 if (((res ^ a) & 0x80) && !((a ^ b) & 0x80)) {
2236 /* Perform 16-bit signed saturating subtraction. */
2237 static inline uint16_t sub16_sat(uint16_t a, uint16_t b)
2242 if (((res ^ a) & 0x8000) && ((a ^ b) & 0x8000)) {
2251 /* Perform 8-bit signed saturating subtraction. */
2252 static inline uint8_t sub8_sat(uint8_t a, uint8_t b)
2257 if (((res ^ a) & 0x80) && ((a ^ b) & 0x80)) {
2266 #define ADD16(a, b, n) RESULT(add16_sat(a, b), n, 16);
2267 #define SUB16(a, b, n) RESULT(sub16_sat(a, b), n, 16);
2268 #define ADD8(a, b, n) RESULT(add8_sat(a, b), n, 8);
2269 #define SUB8(a, b, n) RESULT(sub8_sat(a, b), n, 8);
2272 #include "op_addsub.h"
2274 /* Unsigned saturating arithmetic. */
2275 static inline uint16_t add16_usat(uint16_t a, uint16_t b)
2284 static inline uint16_t sub16_usat(uint16_t a, uint16_t b)
2292 static inline uint8_t add8_usat(uint8_t a, uint8_t b)
2301 static inline uint8_t sub8_usat(uint8_t a, uint8_t b)
2309 #define ADD16(a, b, n) RESULT(add16_usat(a, b), n, 16);
2310 #define SUB16(a, b, n) RESULT(sub16_usat(a, b), n, 16);
2311 #define ADD8(a, b, n) RESULT(add8_usat(a, b), n, 8);
2312 #define SUB8(a, b, n) RESULT(sub8_usat(a, b), n, 8);
2315 #include "op_addsub.h"
2317 /* Signed modulo arithmetic. */
2318 #define SARITH16(a, b, n, op) do { \
2320 sum = (int32_t)(int16_t)(a) op (int32_t)(int16_t)(b); \
2321 RESULT(sum, n, 16); \
2323 ge |= 3 << (n * 2); \
2326 #define SARITH8(a, b, n, op) do { \
2328 sum = (int32_t)(int8_t)(a) op (int32_t)(int8_t)(b); \
2329 RESULT(sum, n, 8); \
2335 #define ADD16(a, b, n) SARITH16(a, b, n, +)
2336 #define SUB16(a, b, n) SARITH16(a, b, n, -)
2337 #define ADD8(a, b, n) SARITH8(a, b, n, +)
2338 #define SUB8(a, b, n) SARITH8(a, b, n, -)
2342 #include "op_addsub.h"
2344 /* Unsigned modulo arithmetic. */
2345 #define ADD16(a, b, n) do { \
2347 sum = (uint32_t)(uint16_t)(a) + (uint32_t)(uint16_t)(b); \
2348 RESULT(sum, n, 16); \
2349 if ((sum >> 16) == 1) \
2350 ge |= 3 << (n * 2); \
2353 #define ADD8(a, b, n) do { \
2355 sum = (uint32_t)(uint8_t)(a) + (uint32_t)(uint8_t)(b); \
2356 RESULT(sum, n, 8); \
2357 if ((sum >> 8) == 1) \
2361 #define SUB16(a, b, n) do { \
2363 sum = (uint32_t)(uint16_t)(a) - (uint32_t)(uint16_t)(b); \
2364 RESULT(sum, n, 16); \
2365 if ((sum >> 16) == 0) \
2366 ge |= 3 << (n * 2); \
2369 #define SUB8(a, b, n) do { \
2371 sum = (uint32_t)(uint8_t)(a) - (uint32_t)(uint8_t)(b); \
2372 RESULT(sum, n, 8); \
2373 if ((sum >> 8) == 0) \
2380 #include "op_addsub.h"
2382 /* Halved signed arithmetic. */
2383 #define ADD16(a, b, n) \
2384 RESULT(((int32_t)(int16_t)(a) + (int32_t)(int16_t)(b)) >> 1, n, 16)
2385 #define SUB16(a, b, n) \
2386 RESULT(((int32_t)(int16_t)(a) - (int32_t)(int16_t)(b)) >> 1, n, 16)
2387 #define ADD8(a, b, n) \
2388 RESULT(((int32_t)(int8_t)(a) + (int32_t)(int8_t)(b)) >> 1, n, 8)
2389 #define SUB8(a, b, n) \
2390 RESULT(((int32_t)(int8_t)(a) - (int32_t)(int8_t)(b)) >> 1, n, 8)
2393 #include "op_addsub.h"
2395 /* Halved unsigned arithmetic. */
2396 #define ADD16(a, b, n) \
2397 RESULT(((uint32_t)(uint16_t)(a) + (uint32_t)(uint16_t)(b)) >> 1, n, 16)
2398 #define SUB16(a, b, n) \
2399 RESULT(((uint32_t)(uint16_t)(a) - (uint32_t)(uint16_t)(b)) >> 1, n, 16)
2400 #define ADD8(a, b, n) \
2401 RESULT(((uint32_t)(uint8_t)(a) + (uint32_t)(uint8_t)(b)) >> 1, n, 8)
2402 #define SUB8(a, b, n) \
2403 RESULT(((uint32_t)(uint8_t)(a) - (uint32_t)(uint8_t)(b)) >> 1, n, 8)
2406 #include "op_addsub.h"
2408 static inline uint8_t do_usad(uint8_t a, uint8_t b)
2416 /* Unsigned sum of absolute byte differences. */
2417 uint32_t HELPER(usad8)(uint32_t a, uint32_t b)
2420 sum = do_usad(a, b);
2421 sum += do_usad(a >> 8, b >> 8);
2422 sum += do_usad(a >> 16, b >>16);
2423 sum += do_usad(a >> 24, b >> 24);
2427 /* For ARMv6 SEL instruction. */
2428 uint32_t HELPER(sel_flags)(uint32_t flags, uint32_t a, uint32_t b)
2441 return (a & mask) | (b & ~mask);
2444 uint32_t HELPER(logicq_cc)(uint64_t val)
2446 return (val >> 32) | (val != 0);
2449 /* VFP support. We follow the convention used for VFP instrunctions:
2450 Single precition routines have a "s" suffix, double precision a
2453 /* Convert host exception flags to vfp form. */
2454 static inline int vfp_exceptbits_from_host(int host_bits)
2456 int target_bits = 0;
2458 if (host_bits & float_flag_invalid)
2460 if (host_bits & float_flag_divbyzero)
2462 if (host_bits & float_flag_overflow)
2464 if (host_bits & (float_flag_underflow | float_flag_output_denormal))
2466 if (host_bits & float_flag_inexact)
2467 target_bits |= 0x10;
2468 if (host_bits & float_flag_input_denormal)
2469 target_bits |= 0x80;
2473 uint32_t HELPER(vfp_get_fpscr)(CPUARMState *env)
2478 fpscr = (env->vfp.xregs[ARM_VFP_FPSCR] & 0xffc8ffff)
2479 | (env->vfp.vec_len << 16)
2480 | (env->vfp.vec_stride << 20);
2481 i = get_float_exception_flags(&env->vfp.fp_status);
2482 i |= get_float_exception_flags(&env->vfp.standard_fp_status);
2483 fpscr |= vfp_exceptbits_from_host(i);
2487 uint32_t vfp_get_fpscr(CPUARMState *env)
2489 return HELPER(vfp_get_fpscr)(env);
2492 /* Convert vfp exception flags to target form. */
2493 static inline int vfp_exceptbits_to_host(int target_bits)
2497 if (target_bits & 1)
2498 host_bits |= float_flag_invalid;
2499 if (target_bits & 2)
2500 host_bits |= float_flag_divbyzero;
2501 if (target_bits & 4)
2502 host_bits |= float_flag_overflow;
2503 if (target_bits & 8)
2504 host_bits |= float_flag_underflow;
2505 if (target_bits & 0x10)
2506 host_bits |= float_flag_inexact;
2507 if (target_bits & 0x80)
2508 host_bits |= float_flag_input_denormal;
2512 void HELPER(vfp_set_fpscr)(CPUARMState *env, uint32_t val)
2517 changed = env->vfp.xregs[ARM_VFP_FPSCR];
2518 env->vfp.xregs[ARM_VFP_FPSCR] = (val & 0xffc8ffff);
2519 env->vfp.vec_len = (val >> 16) & 7;
2520 env->vfp.vec_stride = (val >> 20) & 3;
2523 if (changed & (3 << 22)) {
2524 i = (val >> 22) & 3;
2527 i = float_round_nearest_even;
2533 i = float_round_down;
2536 i = float_round_to_zero;
2539 set_float_rounding_mode(i, &env->vfp.fp_status);
2541 if (changed & (1 << 24)) {
2542 set_flush_to_zero((val & (1 << 24)) != 0, &env->vfp.fp_status);
2543 set_flush_inputs_to_zero((val & (1 << 24)) != 0, &env->vfp.fp_status);
2545 if (changed & (1 << 25))
2546 set_default_nan_mode((val & (1 << 25)) != 0, &env->vfp.fp_status);
2548 i = vfp_exceptbits_to_host(val);
2549 set_float_exception_flags(i, &env->vfp.fp_status);
2550 set_float_exception_flags(0, &env->vfp.standard_fp_status);
2553 void vfp_set_fpscr(CPUARMState *env, uint32_t val)
2555 HELPER(vfp_set_fpscr)(env, val);
2558 #define VFP_HELPER(name, p) HELPER(glue(glue(vfp_,name),p))
2560 #define VFP_BINOP(name) \
2561 float32 VFP_HELPER(name, s)(float32 a, float32 b, void *fpstp) \
2563 float_status *fpst = fpstp; \
2564 return float32_ ## name(a, b, fpst); \
2566 float64 VFP_HELPER(name, d)(float64 a, float64 b, void *fpstp) \
2568 float_status *fpst = fpstp; \
2569 return float64_ ## name(a, b, fpst); \
2577 float32 VFP_HELPER(neg, s)(float32 a)
2579 return float32_chs(a);
2582 float64 VFP_HELPER(neg, d)(float64 a)
2584 return float64_chs(a);
2587 float32 VFP_HELPER(abs, s)(float32 a)
2589 return float32_abs(a);
2592 float64 VFP_HELPER(abs, d)(float64 a)
2594 return float64_abs(a);
2597 float32 VFP_HELPER(sqrt, s)(float32 a, CPUARMState *env)
2599 return float32_sqrt(a, &env->vfp.fp_status);
2602 float64 VFP_HELPER(sqrt, d)(float64 a, CPUARMState *env)
2604 return float64_sqrt(a, &env->vfp.fp_status);
2607 /* XXX: check quiet/signaling case */
2608 #define DO_VFP_cmp(p, type) \
2609 void VFP_HELPER(cmp, p)(type a, type b, CPUARMState *env) \
2612 switch(type ## _compare_quiet(a, b, &env->vfp.fp_status)) { \
2613 case 0: flags = 0x6; break; \
2614 case -1: flags = 0x8; break; \
2615 case 1: flags = 0x2; break; \
2616 default: case 2: flags = 0x3; break; \
2618 env->vfp.xregs[ARM_VFP_FPSCR] = (flags << 28) \
2619 | (env->vfp.xregs[ARM_VFP_FPSCR] & 0x0fffffff); \
2621 void VFP_HELPER(cmpe, p)(type a, type b, CPUARMState *env) \
2624 switch(type ## _compare(a, b, &env->vfp.fp_status)) { \
2625 case 0: flags = 0x6; break; \
2626 case -1: flags = 0x8; break; \
2627 case 1: flags = 0x2; break; \
2628 default: case 2: flags = 0x3; break; \
2630 env->vfp.xregs[ARM_VFP_FPSCR] = (flags << 28) \
2631 | (env->vfp.xregs[ARM_VFP_FPSCR] & 0x0fffffff); \
2633 DO_VFP_cmp(s, float32)
2634 DO_VFP_cmp(d, float64)
2637 /* Integer to float and float to integer conversions */
2639 #define CONV_ITOF(name, fsz, sign) \
2640 float##fsz HELPER(name)(uint32_t x, void *fpstp) \
2642 float_status *fpst = fpstp; \
2643 return sign##int32_to_##float##fsz((sign##int32_t)x, fpst); \
2646 #define CONV_FTOI(name, fsz, sign, round) \
2647 uint32_t HELPER(name)(float##fsz x, void *fpstp) \
2649 float_status *fpst = fpstp; \
2650 if (float##fsz##_is_any_nan(x)) { \
2651 float_raise(float_flag_invalid, fpst); \
2654 return float##fsz##_to_##sign##int32##round(x, fpst); \
2657 #define FLOAT_CONVS(name, p, fsz, sign) \
2658 CONV_ITOF(vfp_##name##to##p, fsz, sign) \
2659 CONV_FTOI(vfp_to##name##p, fsz, sign, ) \
2660 CONV_FTOI(vfp_to##name##z##p, fsz, sign, _round_to_zero)
2662 FLOAT_CONVS(si, s, 32, )
2663 FLOAT_CONVS(si, d, 64, )
2664 FLOAT_CONVS(ui, s, 32, u)
2665 FLOAT_CONVS(ui, d, 64, u)
2671 /* floating point conversion */
2672 float64 VFP_HELPER(fcvtd, s)(float32 x, CPUARMState *env)
2674 float64 r = float32_to_float64(x, &env->vfp.fp_status);
2675 /* ARM requires that S<->D conversion of any kind of NaN generates
2676 * a quiet NaN by forcing the most significant frac bit to 1.
2678 return float64_maybe_silence_nan(r);
2681 float32 VFP_HELPER(fcvts, d)(float64 x, CPUARMState *env)
2683 float32 r = float64_to_float32(x, &env->vfp.fp_status);
2684 /* ARM requires that S<->D conversion of any kind of NaN generates
2685 * a quiet NaN by forcing the most significant frac bit to 1.
2687 return float32_maybe_silence_nan(r);
2690 /* VFP3 fixed point conversion. */
2691 #define VFP_CONV_FIX(name, p, fsz, itype, sign) \
2692 float##fsz HELPER(vfp_##name##to##p)(uint##fsz##_t x, uint32_t shift, \
2695 float_status *fpst = fpstp; \
2697 tmp = sign##int32_to_##float##fsz((itype##_t)x, fpst); \
2698 return float##fsz##_scalbn(tmp, -(int)shift, fpst); \
2700 uint##fsz##_t HELPER(vfp_to##name##p)(float##fsz x, uint32_t shift, \
2703 float_status *fpst = fpstp; \
2705 if (float##fsz##_is_any_nan(x)) { \
2706 float_raise(float_flag_invalid, fpst); \
2709 tmp = float##fsz##_scalbn(x, shift, fpst); \
2710 return float##fsz##_to_##itype##_round_to_zero(tmp, fpst); \
2713 VFP_CONV_FIX(sh, d, 64, int16, )
2714 VFP_CONV_FIX(sl, d, 64, int32, )
2715 VFP_CONV_FIX(uh, d, 64, uint16, u)
2716 VFP_CONV_FIX(ul, d, 64, uint32, u)
2717 VFP_CONV_FIX(sh, s, 32, int16, )
2718 VFP_CONV_FIX(sl, s, 32, int32, )
2719 VFP_CONV_FIX(uh, s, 32, uint16, u)
2720 VFP_CONV_FIX(ul, s, 32, uint32, u)
2723 /* Half precision conversions. */
2724 static float32 do_fcvt_f16_to_f32(uint32_t a, CPUARMState *env, float_status *s)
2726 int ieee = (env->vfp.xregs[ARM_VFP_FPSCR] & (1 << 26)) == 0;
2727 float32 r = float16_to_float32(make_float16(a), ieee, s);
2729 return float32_maybe_silence_nan(r);
2734 static uint32_t do_fcvt_f32_to_f16(float32 a, CPUARMState *env, float_status *s)
2736 int ieee = (env->vfp.xregs[ARM_VFP_FPSCR] & (1 << 26)) == 0;
2737 float16 r = float32_to_float16(a, ieee, s);
2739 r = float16_maybe_silence_nan(r);
2741 return float16_val(r);
2744 float32 HELPER(neon_fcvt_f16_to_f32)(uint32_t a, CPUARMState *env)
2746 return do_fcvt_f16_to_f32(a, env, &env->vfp.standard_fp_status);
2749 uint32_t HELPER(neon_fcvt_f32_to_f16)(float32 a, CPUARMState *env)
2751 return do_fcvt_f32_to_f16(a, env, &env->vfp.standard_fp_status);
2754 float32 HELPER(vfp_fcvt_f16_to_f32)(uint32_t a, CPUARMState *env)
2756 return do_fcvt_f16_to_f32(a, env, &env->vfp.fp_status);
2759 uint32_t HELPER(vfp_fcvt_f32_to_f16)(float32 a, CPUARMState *env)
2761 return do_fcvt_f32_to_f16(a, env, &env->vfp.fp_status);
2764 #define float32_two make_float32(0x40000000)
2765 #define float32_three make_float32(0x40400000)
2766 #define float32_one_point_five make_float32(0x3fc00000)
2768 float32 HELPER(recps_f32)(float32 a, float32 b, CPUARMState *env)
2770 float_status *s = &env->vfp.standard_fp_status;
2771 if ((float32_is_infinity(a) && float32_is_zero_or_denormal(b)) ||
2772 (float32_is_infinity(b) && float32_is_zero_or_denormal(a))) {
2773 if (!(float32_is_zero(a) || float32_is_zero(b))) {
2774 float_raise(float_flag_input_denormal, s);
2778 return float32_sub(float32_two, float32_mul(a, b, s), s);
2781 float32 HELPER(rsqrts_f32)(float32 a, float32 b, CPUARMState *env)
2783 float_status *s = &env->vfp.standard_fp_status;
2785 if ((float32_is_infinity(a) && float32_is_zero_or_denormal(b)) ||
2786 (float32_is_infinity(b) && float32_is_zero_or_denormal(a))) {
2787 if (!(float32_is_zero(a) || float32_is_zero(b))) {
2788 float_raise(float_flag_input_denormal, s);
2790 return float32_one_point_five;
2792 product = float32_mul(a, b, s);
2793 return float32_div(float32_sub(float32_three, product, s), float32_two, s);
2798 /* Constants 256 and 512 are used in some helpers; we avoid relying on
2799 * int->float conversions at run-time. */
2800 #define float64_256 make_float64(0x4070000000000000LL)
2801 #define float64_512 make_float64(0x4080000000000000LL)
2803 /* The algorithm that must be used to calculate the estimate
2804 * is specified by the ARM ARM.
2806 static float64 recip_estimate(float64 a, CPUARMState *env)
2808 /* These calculations mustn't set any fp exception flags,
2809 * so we use a local copy of the fp_status.
2811 float_status dummy_status = env->vfp.standard_fp_status;
2812 float_status *s = &dummy_status;
2813 /* q = (int)(a * 512.0) */
2814 float64 q = float64_mul(float64_512, a, s);
2815 int64_t q_int = float64_to_int64_round_to_zero(q, s);
2817 /* r = 1.0 / (((double)q + 0.5) / 512.0) */
2818 q = int64_to_float64(q_int, s);
2819 q = float64_add(q, float64_half, s);
2820 q = float64_div(q, float64_512, s);
2821 q = float64_div(float64_one, q, s);
2823 /* s = (int)(256.0 * r + 0.5) */
2824 q = float64_mul(q, float64_256, s);
2825 q = float64_add(q, float64_half, s);
2826 q_int = float64_to_int64_round_to_zero(q, s);
2828 /* return (double)s / 256.0 */
2829 return float64_div(int64_to_float64(q_int, s), float64_256, s);
2832 float32 HELPER(recpe_f32)(float32 a, CPUARMState *env)
2834 float_status *s = &env->vfp.standard_fp_status;
2836 uint32_t val32 = float32_val(a);
2839 int a_exp = (val32 & 0x7f800000) >> 23;
2840 int sign = val32 & 0x80000000;
2842 if (float32_is_any_nan(a)) {
2843 if (float32_is_signaling_nan(a)) {
2844 float_raise(float_flag_invalid, s);
2846 return float32_default_nan;
2847 } else if (float32_is_infinity(a)) {
2848 return float32_set_sign(float32_zero, float32_is_neg(a));
2849 } else if (float32_is_zero_or_denormal(a)) {
2850 if (!float32_is_zero(a)) {
2851 float_raise(float_flag_input_denormal, s);
2853 float_raise(float_flag_divbyzero, s);
2854 return float32_set_sign(float32_infinity, float32_is_neg(a));
2855 } else if (a_exp >= 253) {
2856 float_raise(float_flag_underflow, s);
2857 return float32_set_sign(float32_zero, float32_is_neg(a));
2860 f64 = make_float64((0x3feULL << 52)
2861 | ((int64_t)(val32 & 0x7fffff) << 29));
2863 result_exp = 253 - a_exp;
2865 f64 = recip_estimate(f64, env);
2868 | ((result_exp & 0xff) << 23)
2869 | ((float64_val(f64) >> 29) & 0x7fffff);
2870 return make_float32(val32);
2873 /* The algorithm that must be used to calculate the estimate
2874 * is specified by the ARM ARM.
2876 static float64 recip_sqrt_estimate(float64 a, CPUARMState *env)
2878 /* These calculations mustn't set any fp exception flags,
2879 * so we use a local copy of the fp_status.
2881 float_status dummy_status = env->vfp.standard_fp_status;
2882 float_status *s = &dummy_status;
2886 if (float64_lt(a, float64_half, s)) {
2887 /* range 0.25 <= a < 0.5 */
2889 /* a in units of 1/512 rounded down */
2890 /* q0 = (int)(a * 512.0); */
2891 q = float64_mul(float64_512, a, s);
2892 q_int = float64_to_int64_round_to_zero(q, s);
2894 /* reciprocal root r */
2895 /* r = 1.0 / sqrt(((double)q0 + 0.5) / 512.0); */
2896 q = int64_to_float64(q_int, s);
2897 q = float64_add(q, float64_half, s);
2898 q = float64_div(q, float64_512, s);
2899 q = float64_sqrt(q, s);
2900 q = float64_div(float64_one, q, s);
2902 /* range 0.5 <= a < 1.0 */
2904 /* a in units of 1/256 rounded down */
2905 /* q1 = (int)(a * 256.0); */
2906 q = float64_mul(float64_256, a, s);
2907 int64_t q_int = float64_to_int64_round_to_zero(q, s);
2909 /* reciprocal root r */
2910 /* r = 1.0 /sqrt(((double)q1 + 0.5) / 256); */
2911 q = int64_to_float64(q_int, s);
2912 q = float64_add(q, float64_half, s);
2913 q = float64_div(q, float64_256, s);
2914 q = float64_sqrt(q, s);
2915 q = float64_div(float64_one, q, s);
2917 /* r in units of 1/256 rounded to nearest */
2918 /* s = (int)(256.0 * r + 0.5); */
2920 q = float64_mul(q, float64_256,s );
2921 q = float64_add(q, float64_half, s);
2922 q_int = float64_to_int64_round_to_zero(q, s);
2924 /* return (double)s / 256.0;*/
2925 return float64_div(int64_to_float64(q_int, s), float64_256, s);
2928 float32 HELPER(rsqrte_f32)(float32 a, CPUARMState *env)
2930 float_status *s = &env->vfp.standard_fp_status;
2936 val = float32_val(a);
2938 if (float32_is_any_nan(a)) {
2939 if (float32_is_signaling_nan(a)) {
2940 float_raise(float_flag_invalid, s);
2942 return float32_default_nan;
2943 } else if (float32_is_zero_or_denormal(a)) {
2944 if (!float32_is_zero(a)) {
2945 float_raise(float_flag_input_denormal, s);
2947 float_raise(float_flag_divbyzero, s);
2948 return float32_set_sign(float32_infinity, float32_is_neg(a));
2949 } else if (float32_is_neg(a)) {
2950 float_raise(float_flag_invalid, s);
2951 return float32_default_nan;
2952 } else if (float32_is_infinity(a)) {
2953 return float32_zero;
2956 /* Normalize to a double-precision value between 0.25 and 1.0,
2957 * preserving the parity of the exponent. */
2958 if ((val & 0x800000) == 0) {
2959 f64 = make_float64(((uint64_t)(val & 0x80000000) << 32)
2961 | ((uint64_t)(val & 0x7fffff) << 29));
2963 f64 = make_float64(((uint64_t)(val & 0x80000000) << 32)
2965 | ((uint64_t)(val & 0x7fffff) << 29));
2968 result_exp = (380 - ((val & 0x7f800000) >> 23)) / 2;
2970 f64 = recip_sqrt_estimate(f64, env);
2972 val64 = float64_val(f64);
2974 val = ((result_exp & 0xff) << 23)
2975 | ((val64 >> 29) & 0x7fffff);
2976 return make_float32(val);
2979 uint32_t HELPER(recpe_u32)(uint32_t a, CPUARMState *env)
2983 if ((a & 0x80000000) == 0) {
2987 f64 = make_float64((0x3feULL << 52)
2988 | ((int64_t)(a & 0x7fffffff) << 21));
2990 f64 = recip_estimate (f64, env);
2992 return 0x80000000 | ((float64_val(f64) >> 21) & 0x7fffffff);
2995 uint32_t HELPER(rsqrte_u32)(uint32_t a, CPUARMState *env)
2999 if ((a & 0xc0000000) == 0) {
3003 if (a & 0x80000000) {
3004 f64 = make_float64((0x3feULL << 52)
3005 | ((uint64_t)(a & 0x7fffffff) << 21));
3006 } else { /* bits 31-30 == '01' */
3007 f64 = make_float64((0x3fdULL << 52)
3008 | ((uint64_t)(a & 0x3fffffff) << 22));
3011 f64 = recip_sqrt_estimate(f64, env);
3013 return 0x80000000 | ((float64_val(f64) >> 21) & 0x7fffffff);
3016 /* VFPv4 fused multiply-accumulate */
3017 float32 VFP_HELPER(muladd, s)(float32 a, float32 b, float32 c, void *fpstp)
3019 float_status *fpst = fpstp;
3020 return float32_muladd(a, b, c, 0, fpst);
3023 float64 VFP_HELPER(muladd, d)(float64 a, float64 b, float64 c, void *fpstp)
3025 float_status *fpst = fpstp;
3026 return float64_muladd(a, b, c, 0, fpst);
3029 void HELPER(set_teecr)(CPUARMState *env, uint32_t val)
3032 if (env->teecr != val) {
projects / qemu.git / blob