4 #include "host-utils.h"
5 #if !defined(CONFIG_USER_ONLY)
10 static uint32_t cortexa15_cp15_c0_c1[8] = {
11 0x00001131, 0x00011011, 0x02010555, 0x00000000,
12 0x10201105, 0x20000000, 0x01240000, 0x02102211
15 static uint32_t cortexa15_cp15_c0_c2[8] = {
16 0x02101110, 0x13112111, 0x21232041, 0x11112131, 0x10011142, 0, 0, 0
19 static uint32_t cortexa9_cp15_c0_c1[8] =
20 { 0x1031, 0x11, 0x000, 0, 0x00100103, 0x20000000, 0x01230000, 0x00002111 };
22 static uint32_t cortexa9_cp15_c0_c2[8] =
23 { 0x00101111, 0x13112111, 0x21232041, 0x11112131, 0x00111142, 0, 0, 0 };
25 static uint32_t cortexa8_cp15_c0_c1[8] =
26 { 0x1031, 0x11, 0x400, 0, 0x31100003, 0x20000000, 0x01202000, 0x11 };
28 static uint32_t cortexa8_cp15_c0_c2[8] =
29 { 0x00101111, 0x12112111, 0x21232031, 0x11112131, 0x00111142, 0, 0, 0 };
31 static uint32_t mpcore_cp15_c0_c1[8] =
32 { 0x111, 0x1, 0, 0x2, 0x01100103, 0x10020302, 0x01222000, 0 };
34 static uint32_t mpcore_cp15_c0_c2[8] =
35 { 0x00100011, 0x12002111, 0x11221011, 0x01102131, 0x141, 0, 0, 0 };
37 static uint32_t arm1136_cp15_c0_c1[8] =
38 { 0x111, 0x1, 0x2, 0x3, 0x01130003, 0x10030302, 0x01222110, 0 };
40 static uint32_t arm1136_cp15_c0_c2[8] =
41 { 0x00140011, 0x12002111, 0x11231111, 0x01102131, 0x141, 0, 0, 0 };
43 static uint32_t arm1176_cp15_c0_c1[8] =
44 { 0x111, 0x11, 0x33, 0, 0x01130003, 0x10030302, 0x01222100, 0 };
46 static uint32_t arm1176_cp15_c0_c2[8] =
47 { 0x0140011, 0x12002111, 0x11231121, 0x01102131, 0x01141, 0, 0, 0 };
49 static void cpu_reset_model_id(CPUARMState *env, uint32_t id)
52 case ARM_CPUID_ARM926:
53 env->cp15.c0_cachetype = 0x1dd20d2;
54 env->cp15.c1_sys = 0x00090078;
56 case ARM_CPUID_ARM946:
57 env->cp15.c0_cachetype = 0x0f004006;
58 env->cp15.c1_sys = 0x00000078;
60 case ARM_CPUID_ARM1026:
61 env->cp15.c0_cachetype = 0x1dd20d2;
62 env->cp15.c1_sys = 0x00090078;
64 case ARM_CPUID_ARM1136:
65 /* This is the 1136 r1, which is a v6K core */
66 case ARM_CPUID_ARM1136_R2:
67 /* What qemu calls "arm1136_r2" is actually the 1136 r0p2, ie an
68 * older core than plain "arm1136". In particular this does not
69 * have the v6K features.
71 /* These ID register values are correct for 1136 but may be wrong
72 * for 1136_r2 (in particular r0p2 does not actually implement most
73 * of the ID registers).
75 memcpy(env->cp15.c0_c1, arm1136_cp15_c0_c1, 8 * sizeof(uint32_t));
76 memcpy(env->cp15.c0_c2, arm1136_cp15_c0_c2, 8 * sizeof(uint32_t));
77 env->cp15.c0_cachetype = 0x1dd20d2;
78 env->cp15.c1_sys = 0x00050078;
80 case ARM_CPUID_ARM1176:
81 memcpy(env->cp15.c0_c1, arm1176_cp15_c0_c1, 8 * sizeof(uint32_t));
82 memcpy(env->cp15.c0_c2, arm1176_cp15_c0_c2, 8 * sizeof(uint32_t));
83 env->cp15.c0_cachetype = 0x1dd20d2;
84 env->cp15.c1_sys = 0x00050078;
86 case ARM_CPUID_ARM11MPCORE:
87 memcpy(env->cp15.c0_c1, mpcore_cp15_c0_c1, 8 * sizeof(uint32_t));
88 memcpy(env->cp15.c0_c2, mpcore_cp15_c0_c2, 8 * sizeof(uint32_t));
89 env->cp15.c0_cachetype = 0x1dd20d2;
91 case ARM_CPUID_CORTEXA8:
92 memcpy(env->cp15.c0_c1, cortexa8_cp15_c0_c1, 8 * sizeof(uint32_t));
93 memcpy(env->cp15.c0_c2, cortexa8_cp15_c0_c2, 8 * sizeof(uint32_t));
94 env->cp15.c0_cachetype = 0x82048004;
95 env->cp15.c0_clid = (1 << 27) | (2 << 24) | 3;
96 env->cp15.c0_ccsid[0] = 0xe007e01a; /* 16k L1 dcache. */
97 env->cp15.c0_ccsid[1] = 0x2007e01a; /* 16k L1 icache. */
98 env->cp15.c0_ccsid[2] = 0xf0000000; /* No L2 icache. */
99 env->cp15.c1_sys = 0x00c50078;
101 case ARM_CPUID_CORTEXA9:
102 memcpy(env->cp15.c0_c1, cortexa9_cp15_c0_c1, 8 * sizeof(uint32_t));
103 memcpy(env->cp15.c0_c2, cortexa9_cp15_c0_c2, 8 * sizeof(uint32_t));
104 env->cp15.c0_cachetype = 0x80038003;
105 env->cp15.c0_clid = (1 << 27) | (1 << 24) | 3;
106 env->cp15.c0_ccsid[0] = 0xe00fe015; /* 16k L1 dcache. */
107 env->cp15.c0_ccsid[1] = 0x200fe015; /* 16k L1 icache. */
108 env->cp15.c1_sys = 0x00c50078;
110 case ARM_CPUID_CORTEXA15:
111 memcpy(env->cp15.c0_c1, cortexa15_cp15_c0_c1, 8 * sizeof(uint32_t));
112 memcpy(env->cp15.c0_c2, cortexa15_cp15_c0_c2, 8 * sizeof(uint32_t));
113 env->cp15.c0_cachetype = 0x8444c004;
114 env->cp15.c0_clid = 0x0a200023;
115 env->cp15.c0_ccsid[0] = 0x701fe00a; /* 32K L1 dcache */
116 env->cp15.c0_ccsid[1] = 0x201fe00a; /* 32K L1 icache */
117 env->cp15.c0_ccsid[2] = 0x711fe07a; /* 4096K L2 unified cache */
118 env->cp15.c1_sys = 0x00c50078;
120 case ARM_CPUID_CORTEXM3:
122 case ARM_CPUID_ANY: /* For userspace emulation. */
124 case ARM_CPUID_TI915T:
125 case ARM_CPUID_TI925T:
126 env->cp15.c0_cachetype = 0x5109149;
127 env->cp15.c1_sys = 0x00000070;
128 env->cp15.c15_i_max = 0x000;
129 env->cp15.c15_i_min = 0xff0;
131 case ARM_CPUID_PXA250:
132 case ARM_CPUID_PXA255:
133 case ARM_CPUID_PXA260:
134 case ARM_CPUID_PXA261:
135 case ARM_CPUID_PXA262:
136 /* JTAG_ID is ((id << 28) | 0x09265013) */
137 env->cp15.c0_cachetype = 0xd172172;
138 env->cp15.c1_sys = 0x00000078;
140 case ARM_CPUID_PXA270_A0:
141 case ARM_CPUID_PXA270_A1:
142 case ARM_CPUID_PXA270_B0:
143 case ARM_CPUID_PXA270_B1:
144 case ARM_CPUID_PXA270_C0:
145 case ARM_CPUID_PXA270_C5:
146 /* JTAG_ID is ((id << 28) | 0x09265013) */
147 env->iwmmxt.cregs[ARM_IWMMXT_wCID] = 0x69051000 | 'Q';
148 env->cp15.c0_cachetype = 0xd172172;
149 env->cp15.c1_sys = 0x00000078;
151 case ARM_CPUID_SA1100:
152 case ARM_CPUID_SA1110:
153 env->cp15.c1_sys = 0x00000070;
156 cpu_abort(env, "Bad CPU ID: %x\n", id);
162 /* TODO Move contents into arm_cpu_reset() in cpu.c,
163 * once cpu_reset_model_id() is eliminated,
164 * and then forward to cpu_reset() here.
166 void cpu_state_reset(CPUARMState *env)
170 ARMCPU *cpu = arm_env_get_cpu(env);
172 if (qemu_loglevel_mask(CPU_LOG_RESET)) {
173 qemu_log("CPU Reset (CPU %d)\n", env->cpu_index);
174 log_cpu_state(env, 0);
178 tmp = env->cp15.c15_config_base_address;
179 memset(env, 0, offsetof(CPUARMState, breakpoints));
181 cpu_reset_model_id(env, id);
182 env->cp15.c15_config_base_address = tmp;
183 env->cp15.c0_cpuid = cpu->midr;
184 env->vfp.xregs[ARM_VFP_FPSID] = cpu->reset_fpsid;
185 env->vfp.xregs[ARM_VFP_MVFR0] = cpu->mvfr0;
186 env->vfp.xregs[ARM_VFP_MVFR1] = cpu->mvfr1;
188 #if defined (CONFIG_USER_ONLY)
189 env->uncached_cpsr = ARM_CPU_MODE_USR;
190 /* For user mode we must enable access to coprocessors */
191 env->vfp.xregs[ARM_VFP_FPEXC] = 1 << 30;
192 if (arm_feature(env, ARM_FEATURE_IWMMXT)) {
193 env->cp15.c15_cpar = 3;
194 } else if (arm_feature(env, ARM_FEATURE_XSCALE)) {
195 env->cp15.c15_cpar = 1;
198 /* SVC mode with interrupts disabled. */
199 env->uncached_cpsr = ARM_CPU_MODE_SVC | CPSR_A | CPSR_F | CPSR_I;
200 /* On ARMv7-M the CPSR_I is the value of the PRIMASK register, and is
201 clear at reset. Initial SP and PC are loaded from ROM. */
205 env->uncached_cpsr &= ~CPSR_I;
208 /* We should really use ldl_phys here, in case the guest
209 modified flash and reset itself. However images
210 loaded via -kernel have not been copied yet, so load the
211 values directly from there. */
212 env->regs[13] = ldl_p(rom);
215 env->regs[15] = pc & ~1;
218 env->vfp.xregs[ARM_VFP_FPEXC] = 0;
219 env->cp15.c2_base_mask = 0xffffc000u;
220 /* v7 performance monitor control register: same implementor
221 * field as main ID register, and we implement no event counters.
223 env->cp15.c9_pmcr = (id & 0xff000000);
225 set_flush_to_zero(1, &env->vfp.standard_fp_status);
226 set_flush_inputs_to_zero(1, &env->vfp.standard_fp_status);
227 set_default_nan_mode(1, &env->vfp.standard_fp_status);
228 set_float_detect_tininess(float_tininess_before_rounding,
229 &env->vfp.fp_status);
230 set_float_detect_tininess(float_tininess_before_rounding,
231 &env->vfp.standard_fp_status);
233 /* Reset is a state change for some CPUARMState fields which we
234 * bake assumptions about into translated code, so we need to
240 static int vfp_gdb_get_reg(CPUARMState *env, uint8_t *buf, int reg)
244 /* VFP data registers are always little-endian. */
245 nregs = arm_feature(env, ARM_FEATURE_VFP3) ? 32 : 16;
247 stfq_le_p(buf, env->vfp.regs[reg]);
250 if (arm_feature(env, ARM_FEATURE_NEON)) {
251 /* Aliases for Q regs. */
254 stfq_le_p(buf, env->vfp.regs[(reg - 32) * 2]);
255 stfq_le_p(buf + 8, env->vfp.regs[(reg - 32) * 2 + 1]);
259 switch (reg - nregs) {
260 case 0: stl_p(buf, env->vfp.xregs[ARM_VFP_FPSID]); return 4;
261 case 1: stl_p(buf, env->vfp.xregs[ARM_VFP_FPSCR]); return 4;
262 case 2: stl_p(buf, env->vfp.xregs[ARM_VFP_FPEXC]); return 4;
267 static int vfp_gdb_set_reg(CPUARMState *env, uint8_t *buf, int reg)
271 nregs = arm_feature(env, ARM_FEATURE_VFP3) ? 32 : 16;
273 env->vfp.regs[reg] = ldfq_le_p(buf);
276 if (arm_feature(env, ARM_FEATURE_NEON)) {
279 env->vfp.regs[(reg - 32) * 2] = ldfq_le_p(buf);
280 env->vfp.regs[(reg - 32) * 2 + 1] = ldfq_le_p(buf + 8);
284 switch (reg - nregs) {
285 case 0: env->vfp.xregs[ARM_VFP_FPSID] = ldl_p(buf); return 4;
286 case 1: env->vfp.xregs[ARM_VFP_FPSCR] = ldl_p(buf); return 4;
287 case 2: env->vfp.xregs[ARM_VFP_FPEXC] = ldl_p(buf) & (1 << 30); return 4;
292 CPUARMState *cpu_arm_init(const char *cpu_model)
296 static int inited = 0;
298 if (!object_class_by_name(cpu_model)) {
301 cpu = ARM_CPU(object_new(cpu_model));
303 env->cpu_model_str = cpu_model;
304 arm_cpu_realize(cpu);
306 if (tcg_enabled() && !inited) {
308 arm_translate_init();
311 cpu_state_reset(env);
312 if (arm_feature(env, ARM_FEATURE_NEON)) {
313 gdb_register_coprocessor(env, vfp_gdb_get_reg, vfp_gdb_set_reg,
314 51, "arm-neon.xml", 0);
315 } else if (arm_feature(env, ARM_FEATURE_VFP3)) {
316 gdb_register_coprocessor(env, vfp_gdb_get_reg, vfp_gdb_set_reg,
317 35, "arm-vfp3.xml", 0);
318 } else if (arm_feature(env, ARM_FEATURE_VFP)) {
319 gdb_register_coprocessor(env, vfp_gdb_get_reg, vfp_gdb_set_reg,
320 19, "arm-vfp.xml", 0);
326 typedef struct ARMCPUListState {
327 fprintf_function cpu_fprintf;
331 /* Sort alphabetically by type name, except for "any". */
332 static gint arm_cpu_list_compare(gconstpointer a, gconstpointer b)
334 ObjectClass *class_a = (ObjectClass *)a;
335 ObjectClass *class_b = (ObjectClass *)b;
336 const char *name_a, *name_b;
338 name_a = object_class_get_name(class_a);
339 name_b = object_class_get_name(class_b);
340 if (strcmp(name_a, "any") == 0) {
342 } else if (strcmp(name_b, "any") == 0) {
345 return strcmp(name_a, name_b);
349 static void arm_cpu_list_entry(gpointer data, gpointer user_data)
351 ObjectClass *oc = data;
352 ARMCPUListState *s = user_data;
354 (*s->cpu_fprintf)(s->file, " %s\n",
355 object_class_get_name(oc));
358 void arm_cpu_list(FILE *f, fprintf_function cpu_fprintf)
360 ARMCPUListState s = {
362 .cpu_fprintf = cpu_fprintf,
366 list = object_class_get_list(TYPE_ARM_CPU, false);
367 list = g_slist_sort(list, arm_cpu_list_compare);
368 (*cpu_fprintf)(f, "Available CPUs:\n");
369 g_slist_foreach(list, arm_cpu_list_entry, &s);
373 static int bad_mode_switch(CPUARMState *env, int mode)
375 /* Return true if it is not valid for us to switch to
376 * this CPU mode (ie all the UNPREDICTABLE cases in
377 * the ARM ARM CPSRWriteByInstr pseudocode).
380 case ARM_CPU_MODE_USR:
381 case ARM_CPU_MODE_SYS:
382 case ARM_CPU_MODE_SVC:
383 case ARM_CPU_MODE_ABT:
384 case ARM_CPU_MODE_UND:
385 case ARM_CPU_MODE_IRQ:
386 case ARM_CPU_MODE_FIQ:
393 uint32_t cpsr_read(CPUARMState *env)
397 return env->uncached_cpsr | (env->NF & 0x80000000) | (ZF << 30) |
398 (env->CF << 29) | ((env->VF & 0x80000000) >> 3) | (env->QF << 27)
399 | (env->thumb << 5) | ((env->condexec_bits & 3) << 25)
400 | ((env->condexec_bits & 0xfc) << 8)
404 void cpsr_write(CPUARMState *env, uint32_t val, uint32_t mask)
406 if (mask & CPSR_NZCV) {
407 env->ZF = (~val) & CPSR_Z;
409 env->CF = (val >> 29) & 1;
410 env->VF = (val << 3) & 0x80000000;
413 env->QF = ((val & CPSR_Q) != 0);
415 env->thumb = ((val & CPSR_T) != 0);
416 if (mask & CPSR_IT_0_1) {
417 env->condexec_bits &= ~3;
418 env->condexec_bits |= (val >> 25) & 3;
420 if (mask & CPSR_IT_2_7) {
421 env->condexec_bits &= 3;
422 env->condexec_bits |= (val >> 8) & 0xfc;
424 if (mask & CPSR_GE) {
425 env->GE = (val >> 16) & 0xf;
428 if ((env->uncached_cpsr ^ val) & mask & CPSR_M) {
429 if (bad_mode_switch(env, val & CPSR_M)) {
430 /* Attempt to switch to an invalid mode: this is UNPREDICTABLE.
431 * We choose to ignore the attempt and leave the CPSR M field
436 switch_mode(env, val & CPSR_M);
439 mask &= ~CACHED_CPSR_BITS;
440 env->uncached_cpsr = (env->uncached_cpsr & ~mask) | (val & mask);
443 /* Sign/zero extend */
444 uint32_t HELPER(sxtb16)(uint32_t x)
447 res = (uint16_t)(int8_t)x;
448 res |= (uint32_t)(int8_t)(x >> 16) << 16;
452 uint32_t HELPER(uxtb16)(uint32_t x)
455 res = (uint16_t)(uint8_t)x;
456 res |= (uint32_t)(uint8_t)(x >> 16) << 16;
460 uint32_t HELPER(clz)(uint32_t x)
465 int32_t HELPER(sdiv)(int32_t num, int32_t den)
469 if (num == INT_MIN && den == -1)
474 uint32_t HELPER(udiv)(uint32_t num, uint32_t den)
481 uint32_t HELPER(rbit)(uint32_t x)
483 x = ((x & 0xff000000) >> 24)
484 | ((x & 0x00ff0000) >> 8)
485 | ((x & 0x0000ff00) << 8)
486 | ((x & 0x000000ff) << 24);
487 x = ((x & 0xf0f0f0f0) >> 4)
488 | ((x & 0x0f0f0f0f) << 4);
489 x = ((x & 0x88888888) >> 3)
490 | ((x & 0x44444444) >> 1)
491 | ((x & 0x22222222) << 1)
492 | ((x & 0x11111111) << 3);
496 uint32_t HELPER(abs)(uint32_t x)
498 return ((int32_t)x < 0) ? -x : x;
501 #if defined(CONFIG_USER_ONLY)
503 void do_interrupt (CPUARMState *env)
505 env->exception_index = -1;
508 int cpu_arm_handle_mmu_fault (CPUARMState *env, target_ulong address, int rw,
512 env->exception_index = EXCP_PREFETCH_ABORT;
513 env->cp15.c6_insn = address;
515 env->exception_index = EXCP_DATA_ABORT;
516 env->cp15.c6_data = address;
521 /* These should probably raise undefined insn exceptions. */
522 void HELPER(set_cp)(CPUARMState *env, uint32_t insn, uint32_t val)
524 int op1 = (insn >> 8) & 0xf;
525 cpu_abort(env, "cp%i insn %08x\n", op1, insn);
529 uint32_t HELPER(get_cp)(CPUARMState *env, uint32_t insn)
531 int op1 = (insn >> 8) & 0xf;
532 cpu_abort(env, "cp%i insn %08x\n", op1, insn);
536 void HELPER(set_cp15)(CPUARMState *env, uint32_t insn, uint32_t val)
538 cpu_abort(env, "cp15 insn %08x\n", insn);
541 uint32_t HELPER(get_cp15)(CPUARMState *env, uint32_t insn)
543 cpu_abort(env, "cp15 insn %08x\n", insn);
546 /* These should probably raise undefined insn exceptions. */
547 void HELPER(v7m_msr)(CPUARMState *env, uint32_t reg, uint32_t val)
549 cpu_abort(env, "v7m_mrs %d\n", reg);
552 uint32_t HELPER(v7m_mrs)(CPUARMState *env, uint32_t reg)
554 cpu_abort(env, "v7m_mrs %d\n", reg);
558 void switch_mode(CPUARMState *env, int mode)
560 if (mode != ARM_CPU_MODE_USR)
561 cpu_abort(env, "Tried to switch out of user mode\n");
564 void HELPER(set_r13_banked)(CPUARMState *env, uint32_t mode, uint32_t val)
566 cpu_abort(env, "banked r13 write\n");
569 uint32_t HELPER(get_r13_banked)(CPUARMState *env, uint32_t mode)
571 cpu_abort(env, "banked r13 read\n");
577 /* Map CPU modes onto saved register banks. */
578 static inline int bank_number(CPUARMState *env, int mode)
581 case ARM_CPU_MODE_USR:
582 case ARM_CPU_MODE_SYS:
584 case ARM_CPU_MODE_SVC:
586 case ARM_CPU_MODE_ABT:
588 case ARM_CPU_MODE_UND:
590 case ARM_CPU_MODE_IRQ:
592 case ARM_CPU_MODE_FIQ:
595 cpu_abort(env, "Bad mode %x\n", mode);
599 void switch_mode(CPUARMState *env, int mode)
604 old_mode = env->uncached_cpsr & CPSR_M;
605 if (mode == old_mode)
608 if (old_mode == ARM_CPU_MODE_FIQ) {
609 memcpy (env->fiq_regs, env->regs + 8, 5 * sizeof(uint32_t));
610 memcpy (env->regs + 8, env->usr_regs, 5 * sizeof(uint32_t));
611 } else if (mode == ARM_CPU_MODE_FIQ) {
612 memcpy (env->usr_regs, env->regs + 8, 5 * sizeof(uint32_t));
613 memcpy (env->regs + 8, env->fiq_regs, 5 * sizeof(uint32_t));
616 i = bank_number(env, old_mode);
617 env->banked_r13[i] = env->regs[13];
618 env->banked_r14[i] = env->regs[14];
619 env->banked_spsr[i] = env->spsr;
621 i = bank_number(env, mode);
622 env->regs[13] = env->banked_r13[i];
623 env->regs[14] = env->banked_r14[i];
624 env->spsr = env->banked_spsr[i];
627 static void v7m_push(CPUARMState *env, uint32_t val)
630 stl_phys(env->regs[13], val);
633 static uint32_t v7m_pop(CPUARMState *env)
636 val = ldl_phys(env->regs[13]);
641 /* Switch to V7M main or process stack pointer. */
642 static void switch_v7m_sp(CPUARMState *env, int process)
645 if (env->v7m.current_sp != process) {
646 tmp = env->v7m.other_sp;
647 env->v7m.other_sp = env->regs[13];
649 env->v7m.current_sp = process;
653 static void do_v7m_exception_exit(CPUARMState *env)
658 type = env->regs[15];
659 if (env->v7m.exception != 0)
660 armv7m_nvic_complete_irq(env->nvic, env->v7m.exception);
662 /* Switch to the target stack. */
663 switch_v7m_sp(env, (type & 4) != 0);
665 env->regs[0] = v7m_pop(env);
666 env->regs[1] = v7m_pop(env);
667 env->regs[2] = v7m_pop(env);
668 env->regs[3] = v7m_pop(env);
669 env->regs[12] = v7m_pop(env);
670 env->regs[14] = v7m_pop(env);
671 env->regs[15] = v7m_pop(env);
673 xpsr_write(env, xpsr, 0xfffffdff);
674 /* Undo stack alignment. */
677 /* ??? The exception return type specifies Thread/Handler mode. However
678 this is also implied by the xPSR value. Not sure what to do
679 if there is a mismatch. */
680 /* ??? Likewise for mismatches between the CONTROL register and the stack
684 static void do_interrupt_v7m(CPUARMState *env)
686 uint32_t xpsr = xpsr_read(env);
691 if (env->v7m.current_sp)
693 if (env->v7m.exception == 0)
696 /* For exceptions we just mark as pending on the NVIC, and let that
698 /* TODO: Need to escalate if the current priority is higher than the
699 one we're raising. */
700 switch (env->exception_index) {
702 armv7m_nvic_set_pending(env->nvic, ARMV7M_EXCP_USAGE);
706 armv7m_nvic_set_pending(env->nvic, ARMV7M_EXCP_SVC);
708 case EXCP_PREFETCH_ABORT:
709 case EXCP_DATA_ABORT:
710 armv7m_nvic_set_pending(env->nvic, ARMV7M_EXCP_MEM);
713 if (semihosting_enabled) {
715 nr = arm_lduw_code(env->regs[15], env->bswap_code) & 0xff;
718 env->regs[0] = do_arm_semihosting(env);
722 armv7m_nvic_set_pending(env->nvic, ARMV7M_EXCP_DEBUG);
725 env->v7m.exception = armv7m_nvic_acknowledge_irq(env->nvic);
727 case EXCP_EXCEPTION_EXIT:
728 do_v7m_exception_exit(env);
731 cpu_abort(env, "Unhandled exception 0x%x\n", env->exception_index);
732 return; /* Never happens. Keep compiler happy. */
735 /* Align stack pointer. */
736 /* ??? Should only do this if Configuration Control Register
737 STACKALIGN bit is set. */
738 if (env->regs[13] & 4) {
742 /* Switch to the handler mode. */
744 v7m_push(env, env->regs[15]);
745 v7m_push(env, env->regs[14]);
746 v7m_push(env, env->regs[12]);
747 v7m_push(env, env->regs[3]);
748 v7m_push(env, env->regs[2]);
749 v7m_push(env, env->regs[1]);
750 v7m_push(env, env->regs[0]);
751 switch_v7m_sp(env, 0);
753 env->condexec_bits = 0;
755 addr = ldl_phys(env->v7m.vecbase + env->v7m.exception * 4);
756 env->regs[15] = addr & 0xfffffffe;
757 env->thumb = addr & 1;
760 /* Handle a CPU exception. */
761 void do_interrupt(CPUARMState *env)
769 do_interrupt_v7m(env);
772 /* TODO: Vectored interrupt controller. */
773 switch (env->exception_index) {
775 new_mode = ARM_CPU_MODE_UND;
784 if (semihosting_enabled) {
785 /* Check for semihosting interrupt. */
787 mask = arm_lduw_code(env->regs[15] - 2, env->bswap_code) & 0xff;
789 mask = arm_ldl_code(env->regs[15] - 4, env->bswap_code)
792 /* Only intercept calls from privileged modes, to provide some
793 semblance of security. */
794 if (((mask == 0x123456 && !env->thumb)
795 || (mask == 0xab && env->thumb))
796 && (env->uncached_cpsr & CPSR_M) != ARM_CPU_MODE_USR) {
797 env->regs[0] = do_arm_semihosting(env);
801 new_mode = ARM_CPU_MODE_SVC;
804 /* The PC already points to the next instruction. */
808 /* See if this is a semihosting syscall. */
809 if (env->thumb && semihosting_enabled) {
810 mask = arm_lduw_code(env->regs[15], env->bswap_code) & 0xff;
812 && (env->uncached_cpsr & CPSR_M) != ARM_CPU_MODE_USR) {
814 env->regs[0] = do_arm_semihosting(env);
818 env->cp15.c5_insn = 2;
819 /* Fall through to prefetch abort. */
820 case EXCP_PREFETCH_ABORT:
821 new_mode = ARM_CPU_MODE_ABT;
823 mask = CPSR_A | CPSR_I;
826 case EXCP_DATA_ABORT:
827 new_mode = ARM_CPU_MODE_ABT;
829 mask = CPSR_A | CPSR_I;
833 new_mode = ARM_CPU_MODE_IRQ;
835 /* Disable IRQ and imprecise data aborts. */
836 mask = CPSR_A | CPSR_I;
840 new_mode = ARM_CPU_MODE_FIQ;
842 /* Disable FIQ, IRQ and imprecise data aborts. */
843 mask = CPSR_A | CPSR_I | CPSR_F;
847 cpu_abort(env, "Unhandled exception 0x%x\n", env->exception_index);
848 return; /* Never happens. Keep compiler happy. */
851 if (env->cp15.c1_sys & (1 << 13)) {
854 switch_mode (env, new_mode);
855 env->spsr = cpsr_read(env);
857 env->condexec_bits = 0;
858 /* Switch to the new mode, and to the correct instruction set. */
859 env->uncached_cpsr = (env->uncached_cpsr & ~CPSR_M) | new_mode;
860 env->uncached_cpsr |= mask;
861 /* this is a lie, as the was no c1_sys on V4T/V5, but who cares
862 * and we should just guard the thumb mode on V4 */
863 if (arm_feature(env, ARM_FEATURE_V4T)) {
864 env->thumb = (env->cp15.c1_sys & (1 << 30)) != 0;
866 env->regs[14] = env->regs[15] + offset;
867 env->regs[15] = addr;
868 env->interrupt_request |= CPU_INTERRUPT_EXITTB;
871 /* Check section/page access permissions.
872 Returns the page protection flags, or zero if the access is not
874 static inline int check_ap(CPUARMState *env, int ap, int domain_prot,
875 int access_type, int is_user)
879 if (domain_prot == 3) {
880 return PAGE_READ | PAGE_WRITE;
883 if (access_type == 1)
890 if (access_type == 1)
892 switch ((env->cp15.c1_sys >> 8) & 3) {
894 return is_user ? 0 : PAGE_READ;
901 return is_user ? 0 : PAGE_READ | PAGE_WRITE;
906 return PAGE_READ | PAGE_WRITE;
908 return PAGE_READ | PAGE_WRITE;
909 case 4: /* Reserved. */
912 return is_user ? 0 : prot_ro;
916 if (!arm_feature (env, ARM_FEATURE_V6K))
924 static uint32_t get_level1_table_address(CPUARMState *env, uint32_t address)
928 if (address & env->cp15.c2_mask)
929 table = env->cp15.c2_base1 & 0xffffc000;
931 table = env->cp15.c2_base0 & env->cp15.c2_base_mask;
933 table |= (address >> 18) & 0x3ffc;
937 static int get_phys_addr_v5(CPUARMState *env, uint32_t address, int access_type,
938 int is_user, uint32_t *phys_ptr, int *prot,
939 target_ulong *page_size)
950 /* Pagetable walk. */
951 /* Lookup l1 descriptor. */
952 table = get_level1_table_address(env, address);
953 desc = ldl_phys(table);
955 domain = (desc >> 5) & 0x0f;
956 domain_prot = (env->cp15.c3 >> (domain * 2)) & 3;
958 /* Section translation fault. */
962 if (domain_prot == 0 || domain_prot == 2) {
964 code = 9; /* Section domain fault. */
966 code = 11; /* Page domain fault. */
971 phys_addr = (desc & 0xfff00000) | (address & 0x000fffff);
972 ap = (desc >> 10) & 3;
974 *page_size = 1024 * 1024;
976 /* Lookup l2 entry. */
978 /* Coarse pagetable. */
979 table = (desc & 0xfffffc00) | ((address >> 10) & 0x3fc);
981 /* Fine pagetable. */
982 table = (desc & 0xfffff000) | ((address >> 8) & 0xffc);
984 desc = ldl_phys(table);
986 case 0: /* Page translation fault. */
989 case 1: /* 64k page. */
990 phys_addr = (desc & 0xffff0000) | (address & 0xffff);
991 ap = (desc >> (4 + ((address >> 13) & 6))) & 3;
992 *page_size = 0x10000;
994 case 2: /* 4k page. */
995 phys_addr = (desc & 0xfffff000) | (address & 0xfff);
996 ap = (desc >> (4 + ((address >> 13) & 6))) & 3;
999 case 3: /* 1k page. */
1001 if (arm_feature(env, ARM_FEATURE_XSCALE)) {
1002 phys_addr = (desc & 0xfffff000) | (address & 0xfff);
1004 /* Page translation fault. */
1009 phys_addr = (desc & 0xfffffc00) | (address & 0x3ff);
1011 ap = (desc >> 4) & 3;
1015 /* Never happens, but compiler isn't smart enough to tell. */
1020 *prot = check_ap(env, ap, domain_prot, access_type, is_user);
1022 /* Access permission fault. */
1026 *phys_ptr = phys_addr;
1029 return code | (domain << 4);
1032 static int get_phys_addr_v6(CPUARMState *env, uint32_t address, int access_type,
1033 int is_user, uint32_t *phys_ptr, int *prot,
1034 target_ulong *page_size)
1046 /* Pagetable walk. */
1047 /* Lookup l1 descriptor. */
1048 table = get_level1_table_address(env, address);
1049 desc = ldl_phys(table);
1052 /* Section translation fault. */
1056 } else if (type == 2 && (desc & (1 << 18))) {
1060 /* Section or page. */
1061 domain = (desc >> 5) & 0x0f;
1063 domain_prot = (env->cp15.c3 >> (domain * 2)) & 3;
1064 if (domain_prot == 0 || domain_prot == 2) {
1066 code = 9; /* Section domain fault. */
1068 code = 11; /* Page domain fault. */
1072 if (desc & (1 << 18)) {
1074 phys_addr = (desc & 0xff000000) | (address & 0x00ffffff);
1075 *page_size = 0x1000000;
1078 phys_addr = (desc & 0xfff00000) | (address & 0x000fffff);
1079 *page_size = 0x100000;
1081 ap = ((desc >> 10) & 3) | ((desc >> 13) & 4);
1082 xn = desc & (1 << 4);
1085 /* Lookup l2 entry. */
1086 table = (desc & 0xfffffc00) | ((address >> 10) & 0x3fc);
1087 desc = ldl_phys(table);
1088 ap = ((desc >> 4) & 3) | ((desc >> 7) & 4);
1090 case 0: /* Page translation fault. */
1093 case 1: /* 64k page. */
1094 phys_addr = (desc & 0xffff0000) | (address & 0xffff);
1095 xn = desc & (1 << 15);
1096 *page_size = 0x10000;
1098 case 2: case 3: /* 4k page. */
1099 phys_addr = (desc & 0xfffff000) | (address & 0xfff);
1101 *page_size = 0x1000;
1104 /* Never happens, but compiler isn't smart enough to tell. */
1109 if (domain_prot == 3) {
1110 *prot = PAGE_READ | PAGE_WRITE | PAGE_EXEC;
1112 if (xn && access_type == 2)
1115 /* The simplified model uses AP[0] as an access control bit. */
1116 if ((env->cp15.c1_sys & (1 << 29)) && (ap & 1) == 0) {
1117 /* Access flag fault. */
1118 code = (code == 15) ? 6 : 3;
1121 *prot = check_ap(env, ap, domain_prot, access_type, is_user);
1123 /* Access permission fault. */
1130 *phys_ptr = phys_addr;
1133 return code | (domain << 4);
1136 static int get_phys_addr_mpu(CPUARMState *env, uint32_t address, int access_type,
1137 int is_user, uint32_t *phys_ptr, int *prot)
1143 *phys_ptr = address;
1144 for (n = 7; n >= 0; n--) {
1145 base = env->cp15.c6_region[n];
1146 if ((base & 1) == 0)
1148 mask = 1 << ((base >> 1) & 0x1f);
1149 /* Keep this shift separate from the above to avoid an
1150 (undefined) << 32. */
1151 mask = (mask << 1) - 1;
1152 if (((base ^ address) & ~mask) == 0)
1158 if (access_type == 2) {
1159 mask = env->cp15.c5_insn;
1161 mask = env->cp15.c5_data;
1163 mask = (mask >> (n * 4)) & 0xf;
1170 *prot = PAGE_READ | PAGE_WRITE;
1175 *prot |= PAGE_WRITE;
1178 *prot = PAGE_READ | PAGE_WRITE;
1189 /* Bad permission. */
1196 static inline int get_phys_addr(CPUARMState *env, uint32_t address,
1197 int access_type, int is_user,
1198 uint32_t *phys_ptr, int *prot,
1199 target_ulong *page_size)
1201 /* Fast Context Switch Extension. */
1202 if (address < 0x02000000)
1203 address += env->cp15.c13_fcse;
1205 if ((env->cp15.c1_sys & 1) == 0) {
1206 /* MMU/MPU disabled. */
1207 *phys_ptr = address;
1208 *prot = PAGE_READ | PAGE_WRITE | PAGE_EXEC;
1209 *page_size = TARGET_PAGE_SIZE;
1211 } else if (arm_feature(env, ARM_FEATURE_MPU)) {
1212 *page_size = TARGET_PAGE_SIZE;
1213 return get_phys_addr_mpu(env, address, access_type, is_user, phys_ptr,
1215 } else if (env->cp15.c1_sys & (1 << 23)) {
1216 return get_phys_addr_v6(env, address, access_type, is_user, phys_ptr,
1219 return get_phys_addr_v5(env, address, access_type, is_user, phys_ptr,
1224 int cpu_arm_handle_mmu_fault (CPUARMState *env, target_ulong address,
1225 int access_type, int mmu_idx)
1228 target_ulong page_size;
1232 is_user = mmu_idx == MMU_USER_IDX;
1233 ret = get_phys_addr(env, address, access_type, is_user, &phys_addr, &prot,
1236 /* Map a single [sub]page. */
1237 phys_addr &= ~(uint32_t)0x3ff;
1238 address &= ~(uint32_t)0x3ff;
1239 tlb_set_page (env, address, phys_addr, prot, mmu_idx, page_size);
1243 if (access_type == 2) {
1244 env->cp15.c5_insn = ret;
1245 env->cp15.c6_insn = address;
1246 env->exception_index = EXCP_PREFETCH_ABORT;
1248 env->cp15.c5_data = ret;
1249 if (access_type == 1 && arm_feature(env, ARM_FEATURE_V6))
1250 env->cp15.c5_data |= (1 << 11);
1251 env->cp15.c6_data = address;
1252 env->exception_index = EXCP_DATA_ABORT;
1257 target_phys_addr_t cpu_get_phys_page_debug(CPUARMState *env, target_ulong addr)
1260 target_ulong page_size;
1264 ret = get_phys_addr(env, addr, 0, 0, &phys_addr, &prot, &page_size);
1272 void HELPER(set_cp)(CPUARMState *env, uint32_t insn, uint32_t val)
1274 int cp_num = (insn >> 8) & 0xf;
1275 int cp_info = (insn >> 5) & 7;
1276 int src = (insn >> 16) & 0xf;
1277 int operand = insn & 0xf;
1279 if (env->cp[cp_num].cp_write)
1280 env->cp[cp_num].cp_write(env->cp[cp_num].opaque,
1281 cp_info, src, operand, val);
1284 uint32_t HELPER(get_cp)(CPUARMState *env, uint32_t insn)
1286 int cp_num = (insn >> 8) & 0xf;
1287 int cp_info = (insn >> 5) & 7;
1288 int dest = (insn >> 16) & 0xf;
1289 int operand = insn & 0xf;
1291 if (env->cp[cp_num].cp_read)
1292 return env->cp[cp_num].cp_read(env->cp[cp_num].opaque,
1293 cp_info, dest, operand);
1297 /* Return basic MPU access permission bits. */
1298 static uint32_t simple_mpu_ap_bits(uint32_t val)
1305 for (i = 0; i < 16; i += 2) {
1306 ret |= (val >> i) & mask;
1312 /* Pad basic MPU access permission bits to extended format. */
1313 static uint32_t extended_mpu_ap_bits(uint32_t val)
1320 for (i = 0; i < 16; i += 2) {
1321 ret |= (val & mask) << i;
1327 void HELPER(set_cp15)(CPUARMState *env, uint32_t insn, uint32_t val)
1333 op1 = (insn >> 21) & 7;
1334 op2 = (insn >> 5) & 7;
1336 switch ((insn >> 16) & 0xf) {
1339 if (arm_feature(env, ARM_FEATURE_XSCALE))
1341 if (arm_feature(env, ARM_FEATURE_OMAPCP))
1343 if (arm_feature(env, ARM_FEATURE_V7)
1344 && op1 == 2 && crm == 0 && op2 == 0) {
1345 env->cp15.c0_cssel = val & 0xf;
1349 case 1: /* System configuration. */
1350 if (arm_feature(env, ARM_FEATURE_V7)
1351 && op1 == 0 && crm == 1 && op2 == 0) {
1352 env->cp15.c1_scr = val;
1355 if (arm_feature(env, ARM_FEATURE_OMAPCP))
1359 if (!arm_feature(env, ARM_FEATURE_XSCALE) || crm == 0)
1360 env->cp15.c1_sys = val;
1361 /* ??? Lots of these bits are not implemented. */
1362 /* This may enable/disable the MMU, so do a TLB flush. */
1365 case 1: /* Auxiliary control register. */
1366 if (arm_feature(env, ARM_FEATURE_XSCALE)) {
1367 env->cp15.c1_xscaleauxcr = val;
1370 /* Not implemented. */
1373 if (arm_feature(env, ARM_FEATURE_XSCALE))
1375 if (env->cp15.c1_coproc != val) {
1376 env->cp15.c1_coproc = val;
1377 /* ??? Is this safe when called from within a TB? */
1385 case 2: /* MMU Page table control / MPU cache control. */
1386 if (arm_feature(env, ARM_FEATURE_MPU)) {
1389 env->cp15.c2_data = val;
1392 env->cp15.c2_insn = val;
1400 env->cp15.c2_base0 = val;
1403 env->cp15.c2_base1 = val;
1407 env->cp15.c2_control = val;
1408 env->cp15.c2_mask = ~(((uint32_t)0xffffffffu) >> val);
1409 env->cp15.c2_base_mask = ~((uint32_t)0x3fffu >> val);
1416 case 3: /* MMU Domain access control / MPU write buffer control. */
1418 tlb_flush(env, 1); /* Flush TLB as domain not tracked in TLB */
1420 case 4: /* Reserved. */
1422 case 5: /* MMU Fault status / MPU access permission. */
1423 if (arm_feature(env, ARM_FEATURE_OMAPCP))
1427 if (arm_feature(env, ARM_FEATURE_MPU))
1428 val = extended_mpu_ap_bits(val);
1429 env->cp15.c5_data = val;
1432 if (arm_feature(env, ARM_FEATURE_MPU))
1433 val = extended_mpu_ap_bits(val);
1434 env->cp15.c5_insn = val;
1437 if (!arm_feature(env, ARM_FEATURE_MPU))
1439 env->cp15.c5_data = val;
1442 if (!arm_feature(env, ARM_FEATURE_MPU))
1444 env->cp15.c5_insn = val;
1450 case 6: /* MMU Fault address / MPU base/size. */
1451 if (arm_feature(env, ARM_FEATURE_MPU)) {
1454 env->cp15.c6_region[crm] = val;
1456 if (arm_feature(env, ARM_FEATURE_OMAPCP))
1460 env->cp15.c6_data = val;
1462 case 1: /* ??? This is WFAR on armv6 */
1464 env->cp15.c6_insn = val;
1471 case 7: /* Cache control. */
1472 env->cp15.c15_i_max = 0x000;
1473 env->cp15.c15_i_min = 0xff0;
1477 /* No cache, so nothing to do except VA->PA translations. */
1478 if (arm_feature(env, ARM_FEATURE_VAPA)) {
1481 if (arm_feature(env, ARM_FEATURE_V7)) {
1482 env->cp15.c7_par = val & 0xfffff6ff;
1484 env->cp15.c7_par = val & 0xfffff1ff;
1489 target_ulong page_size;
1491 int ret, is_user = op2 & 2;
1492 int access_type = op2 & 1;
1495 /* Other states are only available with TrustZone */
1498 ret = get_phys_addr(env, val, access_type, is_user,
1499 &phys_addr, &prot, &page_size);
1501 /* We do not set any attribute bits in the PAR */
1502 if (page_size == (1 << 24)
1503 && arm_feature(env, ARM_FEATURE_V7)) {
1504 env->cp15.c7_par = (phys_addr & 0xff000000) | 1 << 1;
1506 env->cp15.c7_par = phys_addr & 0xfffff000;
1509 env->cp15.c7_par = ((ret & (10 << 1)) >> 5) |
1510 ((ret & (12 << 1)) >> 6) |
1511 ((ret & 0xf) << 1) | 1;
1518 case 8: /* MMU TLB control. */
1520 case 0: /* Invalidate all (TLBIALL) */
1523 case 1: /* Invalidate single TLB entry by MVA and ASID (TLBIMVA) */
1524 tlb_flush_page(env, val & TARGET_PAGE_MASK);
1526 case 2: /* Invalidate by ASID (TLBIASID) */
1527 tlb_flush(env, val == 0);
1529 case 3: /* Invalidate single entry by MVA, all ASIDs (TLBIMVAA) */
1530 tlb_flush_page(env, val & TARGET_PAGE_MASK);
1537 if (arm_feature(env, ARM_FEATURE_OMAPCP))
1539 if (arm_feature(env, ARM_FEATURE_STRONGARM))
1540 break; /* Ignore ReadBuffer access */
1542 case 0: /* Cache lockdown. */
1544 case 0: /* L1 cache. */
1547 env->cp15.c9_data = val;
1550 env->cp15.c9_insn = val;
1556 case 1: /* L2 cache. */
1557 /* Ignore writes to L2 lockdown/auxiliary registers. */
1563 case 1: /* TCM memory region registers. */
1564 /* Not implemented. */
1566 case 12: /* Performance monitor control */
1567 /* Performance monitors are implementation defined in v7,
1568 * but with an ARM recommended set of registers, which we
1569 * follow (although we don't actually implement any counters)
1571 if (!arm_feature(env, ARM_FEATURE_V7)) {
1575 case 0: /* performance monitor control register */
1576 /* only the DP, X, D and E bits are writable */
1577 env->cp15.c9_pmcr &= ~0x39;
1578 env->cp15.c9_pmcr |= (val & 0x39);
1580 case 1: /* Count enable set register */
1582 env->cp15.c9_pmcnten |= val;
1584 case 2: /* Count enable clear */
1586 env->cp15.c9_pmcnten &= ~val;
1588 case 3: /* Overflow flag status */
1589 env->cp15.c9_pmovsr &= ~val;
1591 case 4: /* Software increment */
1592 /* RAZ/WI since we don't implement the software-count event */
1594 case 5: /* Event counter selection register */
1595 /* Since we don't implement any events, writing to this register
1596 * is actually UNPREDICTABLE. So we choose to RAZ/WI.
1603 case 13: /* Performance counters */
1604 if (!arm_feature(env, ARM_FEATURE_V7)) {
1608 case 0: /* Cycle count register: not implemented, so RAZ/WI */
1610 case 1: /* Event type select */
1611 env->cp15.c9_pmxevtyper = val & 0xff;
1613 case 2: /* Event count register */
1614 /* Unimplemented (we have no events), RAZ/WI */
1620 case 14: /* Performance monitor control */
1621 if (!arm_feature(env, ARM_FEATURE_V7)) {
1625 case 0: /* user enable */
1626 env->cp15.c9_pmuserenr = val & 1;
1627 /* changes access rights for cp registers, so flush tbs */
1630 case 1: /* interrupt enable set */
1631 /* We have no event counters so only the C bit can be changed */
1633 env->cp15.c9_pminten |= val;
1635 case 2: /* interrupt enable clear */
1637 env->cp15.c9_pminten &= ~val;
1645 case 10: /* MMU TLB lockdown. */
1646 /* ??? TLB lockdown not implemented. */
1648 case 12: /* Reserved. */
1650 case 13: /* Process ID. */
1653 /* Unlike real hardware the qemu TLB uses virtual addresses,
1654 not modified virtual addresses, so this causes a TLB flush.
1656 if (env->cp15.c13_fcse != val)
1658 env->cp15.c13_fcse = val;
1661 /* This changes the ASID, so do a TLB flush. */
1662 if (env->cp15.c13_context != val
1663 && !arm_feature(env, ARM_FEATURE_MPU))
1665 env->cp15.c13_context = val;
1671 case 14: /* Generic timer */
1672 if (arm_feature(env, ARM_FEATURE_GENERIC_TIMER)) {
1673 /* Dummy implementation: RAZ/WI for all */
1677 case 15: /* Implementation specific. */
1678 if (arm_feature(env, ARM_FEATURE_XSCALE)) {
1679 if (op2 == 0 && crm == 1) {
1680 if (env->cp15.c15_cpar != (val & 0x3fff)) {
1681 /* Changes cp0 to cp13 behavior, so needs a TB flush. */
1683 env->cp15.c15_cpar = val & 0x3fff;
1689 if (arm_feature(env, ARM_FEATURE_OMAPCP)) {
1693 case 1: /* Set TI925T configuration. */
1694 env->cp15.c15_ticonfig = val & 0xe7;
1695 env->cp15.c0_cpuid = (val & (1 << 5)) ? /* OS_TYPE bit */
1696 ARM_CPUID_TI915T : ARM_CPUID_TI925T;
1698 case 2: /* Set I_max. */
1699 env->cp15.c15_i_max = val;
1701 case 3: /* Set I_min. */
1702 env->cp15.c15_i_min = val;
1704 case 4: /* Set thread-ID. */
1705 env->cp15.c15_threadid = val & 0xffff;
1707 case 8: /* Wait-for-interrupt (deprecated). */
1708 cpu_interrupt(env, CPU_INTERRUPT_HALT);
1714 if (ARM_CPUID(env) == ARM_CPUID_CORTEXA9) {
1717 if ((op1 == 0) && (op2 == 0)) {
1718 env->cp15.c15_power_control = val;
1719 } else if ((op1 == 0) && (op2 == 1)) {
1720 env->cp15.c15_diagnostic = val;
1721 } else if ((op1 == 0) && (op2 == 2)) {
1722 env->cp15.c15_power_diagnostic = val;
1732 /* ??? For debugging only. Should raise illegal instruction exception. */
1733 cpu_abort(env, "Unimplemented cp15 register write (c%d, c%d, {%d, %d})\n",
1734 (insn >> 16) & 0xf, crm, op1, op2);
1737 uint32_t HELPER(get_cp15)(CPUARMState *env, uint32_t insn)
1743 op1 = (insn >> 21) & 7;
1744 op2 = (insn >> 5) & 7;
1746 switch ((insn >> 16) & 0xf) {
1747 case 0: /* ID codes. */
1753 case 0: /* Device ID. */
1754 return env->cp15.c0_cpuid;
1755 case 1: /* Cache Type. */
1756 return env->cp15.c0_cachetype;
1757 case 2: /* TCM status. */
1759 case 3: /* TLB type register. */
1760 return 0; /* No lockable TLB entries. */
1762 /* The MPIDR was standardised in v7; prior to
1763 * this it was implemented only in the 11MPCore.
1764 * For all other pre-v7 cores it does not exist.
1766 if (arm_feature(env, ARM_FEATURE_V7) ||
1767 ARM_CPUID(env) == ARM_CPUID_ARM11MPCORE) {
1768 int mpidr = env->cpu_index;
1769 /* We don't support setting cluster ID ([8..11])
1770 * so these bits always RAZ.
1772 if (arm_feature(env, ARM_FEATURE_V7MP)) {
1774 /* Cores which are uniprocessor (non-coherent)
1775 * but still implement the MP extensions set
1776 * bit 30. (For instance, A9UP.) However we do
1777 * not currently model any of those cores.
1782 /* otherwise fall through to the unimplemented-reg case */
1787 if (!arm_feature(env, ARM_FEATURE_V6))
1789 return env->cp15.c0_c1[op2];
1791 if (!arm_feature(env, ARM_FEATURE_V6))
1793 return env->cp15.c0_c2[op2];
1794 case 3: case 4: case 5: case 6: case 7:
1800 /* These registers aren't documented on arm11 cores. However
1801 Linux looks at them anyway. */
1802 if (!arm_feature(env, ARM_FEATURE_V6))
1806 if (!arm_feature(env, ARM_FEATURE_V7))
1811 return env->cp15.c0_ccsid[env->cp15.c0_cssel];
1813 return env->cp15.c0_clid;
1819 if (op2 != 0 || crm != 0)
1821 return env->cp15.c0_cssel;
1825 case 1: /* System configuration. */
1826 if (arm_feature(env, ARM_FEATURE_V7)
1827 && op1 == 0 && crm == 1 && op2 == 0) {
1828 return env->cp15.c1_scr;
1830 if (arm_feature(env, ARM_FEATURE_OMAPCP))
1833 case 0: /* Control register. */
1834 return env->cp15.c1_sys;
1835 case 1: /* Auxiliary control register. */
1836 if (arm_feature(env, ARM_FEATURE_XSCALE))
1837 return env->cp15.c1_xscaleauxcr;
1838 if (!arm_feature(env, ARM_FEATURE_AUXCR))
1840 switch (ARM_CPUID(env)) {
1841 case ARM_CPUID_ARM1026:
1843 case ARM_CPUID_ARM1136:
1844 case ARM_CPUID_ARM1136_R2:
1845 case ARM_CPUID_ARM1176:
1847 case ARM_CPUID_ARM11MPCORE:
1849 case ARM_CPUID_CORTEXA8:
1851 case ARM_CPUID_CORTEXA9:
1852 case ARM_CPUID_CORTEXA15:
1857 case 2: /* Coprocessor access register. */
1858 if (arm_feature(env, ARM_FEATURE_XSCALE))
1860 return env->cp15.c1_coproc;
1864 case 2: /* MMU Page table control / MPU cache control. */
1865 if (arm_feature(env, ARM_FEATURE_MPU)) {
1868 return env->cp15.c2_data;
1871 return env->cp15.c2_insn;
1879 return env->cp15.c2_base0;
1881 return env->cp15.c2_base1;
1883 return env->cp15.c2_control;
1888 case 3: /* MMU Domain access control / MPU write buffer control. */
1889 return env->cp15.c3;
1890 case 4: /* Reserved. */
1892 case 5: /* MMU Fault status / MPU access permission. */
1893 if (arm_feature(env, ARM_FEATURE_OMAPCP))
1897 if (arm_feature(env, ARM_FEATURE_MPU))
1898 return simple_mpu_ap_bits(env->cp15.c5_data);
1899 return env->cp15.c5_data;
1901 if (arm_feature(env, ARM_FEATURE_MPU))
1902 return simple_mpu_ap_bits(env->cp15.c5_insn);
1903 return env->cp15.c5_insn;
1905 if (!arm_feature(env, ARM_FEATURE_MPU))
1907 return env->cp15.c5_data;
1909 if (!arm_feature(env, ARM_FEATURE_MPU))
1911 return env->cp15.c5_insn;
1915 case 6: /* MMU Fault address. */
1916 if (arm_feature(env, ARM_FEATURE_MPU)) {
1919 return env->cp15.c6_region[crm];
1921 if (arm_feature(env, ARM_FEATURE_OMAPCP))
1925 return env->cp15.c6_data;
1927 if (arm_feature(env, ARM_FEATURE_V6)) {
1928 /* Watchpoint Fault Adrress. */
1929 return 0; /* Not implemented. */
1931 /* Instruction Fault Adrress. */
1932 /* Arm9 doesn't have an IFAR, but implementing it anyway
1933 shouldn't do any harm. */
1934 return env->cp15.c6_insn;
1937 if (arm_feature(env, ARM_FEATURE_V6)) {
1938 /* Instruction Fault Adrress. */
1939 return env->cp15.c6_insn;
1947 case 7: /* Cache control. */
1948 if (crm == 4 && op1 == 0 && op2 == 0) {
1949 return env->cp15.c7_par;
1951 /* FIXME: Should only clear Z flag if destination is r15. */
1954 case 8: /* MMU TLB control. */
1958 case 0: /* Cache lockdown */
1960 case 0: /* L1 cache. */
1961 if (arm_feature(env, ARM_FEATURE_OMAPCP)) {
1966 return env->cp15.c9_data;
1968 return env->cp15.c9_insn;
1972 case 1: /* L2 cache */
1973 /* L2 Lockdown and Auxiliary control. */
1976 /* L2 cache lockdown (A8 only) */
1979 /* L2 cache auxiliary control (A8) or control (A15) */
1980 if (ARM_CPUID(env) == ARM_CPUID_CORTEXA15) {
1981 /* Linux wants the number of processors from here.
1982 * Might as well set the interrupt-controller bit too.
1984 return ((smp_cpus - 1) << 24) | (1 << 23);
1988 /* L2 cache extended control (A15) */
1997 case 12: /* Performance monitor control */
1998 if (!arm_feature(env, ARM_FEATURE_V7)) {
2002 case 0: /* performance monitor control register */
2003 return env->cp15.c9_pmcr;
2004 case 1: /* count enable set */
2005 case 2: /* count enable clear */
2006 return env->cp15.c9_pmcnten;
2007 case 3: /* overflow flag status */
2008 return env->cp15.c9_pmovsr;
2009 case 4: /* software increment */
2010 case 5: /* event counter selection register */
2011 return 0; /* Unimplemented, RAZ/WI */
2015 case 13: /* Performance counters */
2016 if (!arm_feature(env, ARM_FEATURE_V7)) {
2020 case 1: /* Event type select */
2021 return env->cp15.c9_pmxevtyper;
2022 case 0: /* Cycle count register */
2023 case 2: /* Event count register */
2024 /* Unimplemented, so RAZ/WI */
2029 case 14: /* Performance monitor control */
2030 if (!arm_feature(env, ARM_FEATURE_V7)) {
2034 case 0: /* user enable */
2035 return env->cp15.c9_pmuserenr;
2036 case 1: /* interrupt enable set */
2037 case 2: /* interrupt enable clear */
2038 return env->cp15.c9_pminten;
2046 case 10: /* MMU TLB lockdown. */
2047 /* ??? TLB lockdown not implemented. */
2049 case 11: /* TCM DMA control. */
2050 case 12: /* Reserved. */
2052 case 13: /* Process ID. */
2055 return env->cp15.c13_fcse;
2057 return env->cp15.c13_context;
2061 case 14: /* Generic timer */
2062 if (arm_feature(env, ARM_FEATURE_GENERIC_TIMER)) {
2063 /* Dummy implementation: RAZ/WI for all */
2067 case 15: /* Implementation specific. */
2068 if (arm_feature(env, ARM_FEATURE_XSCALE)) {
2069 if (op2 == 0 && crm == 1)
2070 return env->cp15.c15_cpar;
2074 if (arm_feature(env, ARM_FEATURE_OMAPCP)) {
2078 case 1: /* Read TI925T configuration. */
2079 return env->cp15.c15_ticonfig;
2080 case 2: /* Read I_max. */
2081 return env->cp15.c15_i_max;
2082 case 3: /* Read I_min. */
2083 return env->cp15.c15_i_min;
2084 case 4: /* Read thread-ID. */
2085 return env->cp15.c15_threadid;
2086 case 8: /* TI925T_status */
2089 /* TODO: Peripheral port remap register:
2090 * On OMAP2 mcr p15, 0, rn, c15, c2, 4 sets up the interrupt
2091 * controller base address at $rn & ~0xfff and map size of
2092 * 0x200 << ($rn & 0xfff), when MMU is off. */
2095 if (ARM_CPUID(env) == ARM_CPUID_CORTEXA9) {
2098 if ((op1 == 4) && (op2 == 0)) {
2099 /* The config_base_address should hold the value of
2100 * the peripheral base. ARM should get this from a CPU
2101 * object property, but that support isn't available in
2102 * December 2011. Default to 0 for now and board models
2103 * that care can set it by a private hook */
2104 return env->cp15.c15_config_base_address;
2105 } else if ((op1 == 0) && (op2 == 0)) {
2106 /* power_control should be set to maximum latency. Again,
2107 default to 0 and set by private hook */
2108 return env->cp15.c15_power_control;
2109 } else if ((op1 == 0) && (op2 == 1)) {
2110 return env->cp15.c15_diagnostic;
2111 } else if ((op1 == 0) && (op2 == 2)) {
2112 return env->cp15.c15_power_diagnostic;
2115 case 1: /* NEON Busy */
2117 case 5: /* tlb lockdown */
2120 if ((op1 == 5) && (op2 == 2)) {
2132 /* ??? For debugging only. Should raise illegal instruction exception. */
2133 cpu_abort(env, "Unimplemented cp15 register read (c%d, c%d, {%d, %d})\n",
2134 (insn >> 16) & 0xf, crm, op1, op2);
2138 void HELPER(set_r13_banked)(CPUARMState *env, uint32_t mode, uint32_t val)
2140 if ((env->uncached_cpsr & CPSR_M) == mode) {
2141 env->regs[13] = val;
2143 env->banked_r13[bank_number(env, mode)] = val;
2147 uint32_t HELPER(get_r13_banked)(CPUARMState *env, uint32_t mode)
2149 if ((env->uncached_cpsr & CPSR_M) == mode) {
2150 return env->regs[13];
2152 return env->banked_r13[bank_number(env, mode)];
2156 uint32_t HELPER(v7m_mrs)(CPUARMState *env, uint32_t reg)
2160 return xpsr_read(env) & 0xf8000000;
2162 return xpsr_read(env) & 0xf80001ff;
2164 return xpsr_read(env) & 0xff00fc00;
2166 return xpsr_read(env) & 0xff00fdff;
2168 return xpsr_read(env) & 0x000001ff;
2170 return xpsr_read(env) & 0x0700fc00;
2172 return xpsr_read(env) & 0x0700edff;
2174 return env->v7m.current_sp ? env->v7m.other_sp : env->regs[13];
2176 return env->v7m.current_sp ? env->regs[13] : env->v7m.other_sp;
2177 case 16: /* PRIMASK */
2178 return (env->uncached_cpsr & CPSR_I) != 0;
2179 case 17: /* BASEPRI */
2180 case 18: /* BASEPRI_MAX */
2181 return env->v7m.basepri;
2182 case 19: /* FAULTMASK */
2183 return (env->uncached_cpsr & CPSR_F) != 0;
2184 case 20: /* CONTROL */
2185 return env->v7m.control;
2187 /* ??? For debugging only. */
2188 cpu_abort(env, "Unimplemented system register read (%d)\n", reg);
2193 void HELPER(v7m_msr)(CPUARMState *env, uint32_t reg, uint32_t val)
2197 xpsr_write(env, val, 0xf8000000);
2200 xpsr_write(env, val, 0xf8000000);
2203 xpsr_write(env, val, 0xfe00fc00);
2206 xpsr_write(env, val, 0xfe00fc00);
2209 /* IPSR bits are readonly. */
2212 xpsr_write(env, val, 0x0600fc00);
2215 xpsr_write(env, val, 0x0600fc00);
2218 if (env->v7m.current_sp)
2219 env->v7m.other_sp = val;
2221 env->regs[13] = val;
2224 if (env->v7m.current_sp)
2225 env->regs[13] = val;
2227 env->v7m.other_sp = val;
2229 case 16: /* PRIMASK */
2231 env->uncached_cpsr |= CPSR_I;
2233 env->uncached_cpsr &= ~CPSR_I;
2235 case 17: /* BASEPRI */
2236 env->v7m.basepri = val & 0xff;
2238 case 18: /* BASEPRI_MAX */
2240 if (val != 0 && (val < env->v7m.basepri || env->v7m.basepri == 0))
2241 env->v7m.basepri = val;
2243 case 19: /* FAULTMASK */
2245 env->uncached_cpsr |= CPSR_F;
2247 env->uncached_cpsr &= ~CPSR_F;
2249 case 20: /* CONTROL */
2250 env->v7m.control = val & 3;
2251 switch_v7m_sp(env, (val & 2) != 0);
2254 /* ??? For debugging only. */
2255 cpu_abort(env, "Unimplemented system register write (%d)\n", reg);
2260 void cpu_arm_set_cp_io(CPUARMState *env, int cpnum,
2261 ARMReadCPFunc *cp_read, ARMWriteCPFunc *cp_write,
2264 if (cpnum < 0 || cpnum > 14) {
2265 cpu_abort(env, "Bad coprocessor number: %i\n", cpnum);
2269 env->cp[cpnum].cp_read = cp_read;
2270 env->cp[cpnum].cp_write = cp_write;
2271 env->cp[cpnum].opaque = opaque;
2276 /* Note that signed overflow is undefined in C. The following routines are
2277 careful to use unsigned types where modulo arithmetic is required.
2278 Failure to do so _will_ break on newer gcc. */
2280 /* Signed saturating arithmetic. */
2282 /* Perform 16-bit signed saturating addition. */
2283 static inline uint16_t add16_sat(uint16_t a, uint16_t b)
2288 if (((res ^ a) & 0x8000) && !((a ^ b) & 0x8000)) {
2297 /* Perform 8-bit signed saturating addition. */
2298 static inline uint8_t add8_sat(uint8_t a, uint8_t b)
2303 if (((res ^ a) & 0x80) && !((a ^ b) & 0x80)) {
2312 /* Perform 16-bit signed saturating subtraction. */
2313 static inline uint16_t sub16_sat(uint16_t a, uint16_t b)
2318 if (((res ^ a) & 0x8000) && ((a ^ b) & 0x8000)) {
2327 /* Perform 8-bit signed saturating subtraction. */
2328 static inline uint8_t sub8_sat(uint8_t a, uint8_t b)
2333 if (((res ^ a) & 0x80) && ((a ^ b) & 0x80)) {
2342 #define ADD16(a, b, n) RESULT(add16_sat(a, b), n, 16);
2343 #define SUB16(a, b, n) RESULT(sub16_sat(a, b), n, 16);
2344 #define ADD8(a, b, n) RESULT(add8_sat(a, b), n, 8);
2345 #define SUB8(a, b, n) RESULT(sub8_sat(a, b), n, 8);
2348 #include "op_addsub.h"
2350 /* Unsigned saturating arithmetic. */
2351 static inline uint16_t add16_usat(uint16_t a, uint16_t b)
2360 static inline uint16_t sub16_usat(uint16_t a, uint16_t b)
2368 static inline uint8_t add8_usat(uint8_t a, uint8_t b)
2377 static inline uint8_t sub8_usat(uint8_t a, uint8_t b)
2385 #define ADD16(a, b, n) RESULT(add16_usat(a, b), n, 16);
2386 #define SUB16(a, b, n) RESULT(sub16_usat(a, b), n, 16);
2387 #define ADD8(a, b, n) RESULT(add8_usat(a, b), n, 8);
2388 #define SUB8(a, b, n) RESULT(sub8_usat(a, b), n, 8);
2391 #include "op_addsub.h"
2393 /* Signed modulo arithmetic. */
2394 #define SARITH16(a, b, n, op) do { \
2396 sum = (int32_t)(int16_t)(a) op (int32_t)(int16_t)(b); \
2397 RESULT(sum, n, 16); \
2399 ge |= 3 << (n * 2); \
2402 #define SARITH8(a, b, n, op) do { \
2404 sum = (int32_t)(int8_t)(a) op (int32_t)(int8_t)(b); \
2405 RESULT(sum, n, 8); \
2411 #define ADD16(a, b, n) SARITH16(a, b, n, +)
2412 #define SUB16(a, b, n) SARITH16(a, b, n, -)
2413 #define ADD8(a, b, n) SARITH8(a, b, n, +)
2414 #define SUB8(a, b, n) SARITH8(a, b, n, -)
2418 #include "op_addsub.h"
2420 /* Unsigned modulo arithmetic. */
2421 #define ADD16(a, b, n) do { \
2423 sum = (uint32_t)(uint16_t)(a) + (uint32_t)(uint16_t)(b); \
2424 RESULT(sum, n, 16); \
2425 if ((sum >> 16) == 1) \
2426 ge |= 3 << (n * 2); \
2429 #define ADD8(a, b, n) do { \
2431 sum = (uint32_t)(uint8_t)(a) + (uint32_t)(uint8_t)(b); \
2432 RESULT(sum, n, 8); \
2433 if ((sum >> 8) == 1) \
2437 #define SUB16(a, b, n) do { \
2439 sum = (uint32_t)(uint16_t)(a) - (uint32_t)(uint16_t)(b); \
2440 RESULT(sum, n, 16); \
2441 if ((sum >> 16) == 0) \
2442 ge |= 3 << (n * 2); \
2445 #define SUB8(a, b, n) do { \
2447 sum = (uint32_t)(uint8_t)(a) - (uint32_t)(uint8_t)(b); \
2448 RESULT(sum, n, 8); \
2449 if ((sum >> 8) == 0) \
2456 #include "op_addsub.h"
2458 /* Halved signed arithmetic. */
2459 #define ADD16(a, b, n) \
2460 RESULT(((int32_t)(int16_t)(a) + (int32_t)(int16_t)(b)) >> 1, n, 16)
2461 #define SUB16(a, b, n) \
2462 RESULT(((int32_t)(int16_t)(a) - (int32_t)(int16_t)(b)) >> 1, n, 16)
2463 #define ADD8(a, b, n) \
2464 RESULT(((int32_t)(int8_t)(a) + (int32_t)(int8_t)(b)) >> 1, n, 8)
2465 #define SUB8(a, b, n) \
2466 RESULT(((int32_t)(int8_t)(a) - (int32_t)(int8_t)(b)) >> 1, n, 8)
2469 #include "op_addsub.h"
2471 /* Halved unsigned arithmetic. */
2472 #define ADD16(a, b, n) \
2473 RESULT(((uint32_t)(uint16_t)(a) + (uint32_t)(uint16_t)(b)) >> 1, n, 16)
2474 #define SUB16(a, b, n) \
2475 RESULT(((uint32_t)(uint16_t)(a) - (uint32_t)(uint16_t)(b)) >> 1, n, 16)
2476 #define ADD8(a, b, n) \
2477 RESULT(((uint32_t)(uint8_t)(a) + (uint32_t)(uint8_t)(b)) >> 1, n, 8)
2478 #define SUB8(a, b, n) \
2479 RESULT(((uint32_t)(uint8_t)(a) - (uint32_t)(uint8_t)(b)) >> 1, n, 8)
2482 #include "op_addsub.h"
2484 static inline uint8_t do_usad(uint8_t a, uint8_t b)
2492 /* Unsigned sum of absolute byte differences. */
2493 uint32_t HELPER(usad8)(uint32_t a, uint32_t b)
2496 sum = do_usad(a, b);
2497 sum += do_usad(a >> 8, b >> 8);
2498 sum += do_usad(a >> 16, b >>16);
2499 sum += do_usad(a >> 24, b >> 24);
2503 /* For ARMv6 SEL instruction. */
2504 uint32_t HELPER(sel_flags)(uint32_t flags, uint32_t a, uint32_t b)
2517 return (a & mask) | (b & ~mask);
2520 uint32_t HELPER(logicq_cc)(uint64_t val)
2522 return (val >> 32) | (val != 0);
2525 /* VFP support. We follow the convention used for VFP instrunctions:
2526 Single precition routines have a "s" suffix, double precision a
2529 /* Convert host exception flags to vfp form. */
2530 static inline int vfp_exceptbits_from_host(int host_bits)
2532 int target_bits = 0;
2534 if (host_bits & float_flag_invalid)
2536 if (host_bits & float_flag_divbyzero)
2538 if (host_bits & float_flag_overflow)
2540 if (host_bits & (float_flag_underflow | float_flag_output_denormal))
2542 if (host_bits & float_flag_inexact)
2543 target_bits |= 0x10;
2544 if (host_bits & float_flag_input_denormal)
2545 target_bits |= 0x80;
2549 uint32_t HELPER(vfp_get_fpscr)(CPUARMState *env)
2554 fpscr = (env->vfp.xregs[ARM_VFP_FPSCR] & 0xffc8ffff)
2555 | (env->vfp.vec_len << 16)
2556 | (env->vfp.vec_stride << 20);
2557 i = get_float_exception_flags(&env->vfp.fp_status);
2558 i |= get_float_exception_flags(&env->vfp.standard_fp_status);
2559 fpscr |= vfp_exceptbits_from_host(i);
2563 uint32_t vfp_get_fpscr(CPUARMState *env)
2565 return HELPER(vfp_get_fpscr)(env);
2568 /* Convert vfp exception flags to target form. */
2569 static inline int vfp_exceptbits_to_host(int target_bits)
2573 if (target_bits & 1)
2574 host_bits |= float_flag_invalid;
2575 if (target_bits & 2)
2576 host_bits |= float_flag_divbyzero;
2577 if (target_bits & 4)
2578 host_bits |= float_flag_overflow;
2579 if (target_bits & 8)
2580 host_bits |= float_flag_underflow;
2581 if (target_bits & 0x10)
2582 host_bits |= float_flag_inexact;
2583 if (target_bits & 0x80)
2584 host_bits |= float_flag_input_denormal;
2588 void HELPER(vfp_set_fpscr)(CPUARMState *env, uint32_t val)
2593 changed = env->vfp.xregs[ARM_VFP_FPSCR];
2594 env->vfp.xregs[ARM_VFP_FPSCR] = (val & 0xffc8ffff);
2595 env->vfp.vec_len = (val >> 16) & 7;
2596 env->vfp.vec_stride = (val >> 20) & 3;
2599 if (changed & (3 << 22)) {
2600 i = (val >> 22) & 3;
2603 i = float_round_nearest_even;
2609 i = float_round_down;
2612 i = float_round_to_zero;
2615 set_float_rounding_mode(i, &env->vfp.fp_status);
2617 if (changed & (1 << 24)) {
2618 set_flush_to_zero((val & (1 << 24)) != 0, &env->vfp.fp_status);
2619 set_flush_inputs_to_zero((val & (1 << 24)) != 0, &env->vfp.fp_status);
2621 if (changed & (1 << 25))
2622 set_default_nan_mode((val & (1 << 25)) != 0, &env->vfp.fp_status);
2624 i = vfp_exceptbits_to_host(val);
2625 set_float_exception_flags(i, &env->vfp.fp_status);
2626 set_float_exception_flags(0, &env->vfp.standard_fp_status);
2629 void vfp_set_fpscr(CPUARMState *env, uint32_t val)
2631 HELPER(vfp_set_fpscr)(env, val);
2634 #define VFP_HELPER(name, p) HELPER(glue(glue(vfp_,name),p))
2636 #define VFP_BINOP(name) \
2637 float32 VFP_HELPER(name, s)(float32 a, float32 b, void *fpstp) \
2639 float_status *fpst = fpstp; \
2640 return float32_ ## name(a, b, fpst); \
2642 float64 VFP_HELPER(name, d)(float64 a, float64 b, void *fpstp) \
2644 float_status *fpst = fpstp; \
2645 return float64_ ## name(a, b, fpst); \
2653 float32 VFP_HELPER(neg, s)(float32 a)
2655 return float32_chs(a);
2658 float64 VFP_HELPER(neg, d)(float64 a)
2660 return float64_chs(a);
2663 float32 VFP_HELPER(abs, s)(float32 a)
2665 return float32_abs(a);
2668 float64 VFP_HELPER(abs, d)(float64 a)
2670 return float64_abs(a);
2673 float32 VFP_HELPER(sqrt, s)(float32 a, CPUARMState *env)
2675 return float32_sqrt(a, &env->vfp.fp_status);
2678 float64 VFP_HELPER(sqrt, d)(float64 a, CPUARMState *env)
2680 return float64_sqrt(a, &env->vfp.fp_status);
2683 /* XXX: check quiet/signaling case */
2684 #define DO_VFP_cmp(p, type) \
2685 void VFP_HELPER(cmp, p)(type a, type b, CPUARMState *env) \
2688 switch(type ## _compare_quiet(a, b, &env->vfp.fp_status)) { \
2689 case 0: flags = 0x6; break; \
2690 case -1: flags = 0x8; break; \
2691 case 1: flags = 0x2; break; \
2692 default: case 2: flags = 0x3; break; \
2694 env->vfp.xregs[ARM_VFP_FPSCR] = (flags << 28) \
2695 | (env->vfp.xregs[ARM_VFP_FPSCR] & 0x0fffffff); \
2697 void VFP_HELPER(cmpe, p)(type a, type b, CPUARMState *env) \
2700 switch(type ## _compare(a, b, &env->vfp.fp_status)) { \
2701 case 0: flags = 0x6; break; \
2702 case -1: flags = 0x8; break; \
2703 case 1: flags = 0x2; break; \
2704 default: case 2: flags = 0x3; break; \
2706 env->vfp.xregs[ARM_VFP_FPSCR] = (flags << 28) \
2707 | (env->vfp.xregs[ARM_VFP_FPSCR] & 0x0fffffff); \
2709 DO_VFP_cmp(s, float32)
2710 DO_VFP_cmp(d, float64)
2713 /* Integer to float and float to integer conversions */
2715 #define CONV_ITOF(name, fsz, sign) \
2716 float##fsz HELPER(name)(uint32_t x, void *fpstp) \
2718 float_status *fpst = fpstp; \
2719 return sign##int32_to_##float##fsz((sign##int32_t)x, fpst); \
2722 #define CONV_FTOI(name, fsz, sign, round) \
2723 uint32_t HELPER(name)(float##fsz x, void *fpstp) \
2725 float_status *fpst = fpstp; \
2726 if (float##fsz##_is_any_nan(x)) { \
2727 float_raise(float_flag_invalid, fpst); \
2730 return float##fsz##_to_##sign##int32##round(x, fpst); \
2733 #define FLOAT_CONVS(name, p, fsz, sign) \
2734 CONV_ITOF(vfp_##name##to##p, fsz, sign) \
2735 CONV_FTOI(vfp_to##name##p, fsz, sign, ) \
2736 CONV_FTOI(vfp_to##name##z##p, fsz, sign, _round_to_zero)
2738 FLOAT_CONVS(si, s, 32, )
2739 FLOAT_CONVS(si, d, 64, )
2740 FLOAT_CONVS(ui, s, 32, u)
2741 FLOAT_CONVS(ui, d, 64, u)
2747 /* floating point conversion */
2748 float64 VFP_HELPER(fcvtd, s)(float32 x, CPUARMState *env)
2750 float64 r = float32_to_float64(x, &env->vfp.fp_status);
2751 /* ARM requires that S<->D conversion of any kind of NaN generates
2752 * a quiet NaN by forcing the most significant frac bit to 1.
2754 return float64_maybe_silence_nan(r);
2757 float32 VFP_HELPER(fcvts, d)(float64 x, CPUARMState *env)
2759 float32 r = float64_to_float32(x, &env->vfp.fp_status);
2760 /* ARM requires that S<->D conversion of any kind of NaN generates
2761 * a quiet NaN by forcing the most significant frac bit to 1.
2763 return float32_maybe_silence_nan(r);
2766 /* VFP3 fixed point conversion. */
2767 #define VFP_CONV_FIX(name, p, fsz, itype, sign) \
2768 float##fsz HELPER(vfp_##name##to##p)(uint##fsz##_t x, uint32_t shift, \
2771 float_status *fpst = fpstp; \
2773 tmp = sign##int32_to_##float##fsz((itype##_t)x, fpst); \
2774 return float##fsz##_scalbn(tmp, -(int)shift, fpst); \
2776 uint##fsz##_t HELPER(vfp_to##name##p)(float##fsz x, uint32_t shift, \
2779 float_status *fpst = fpstp; \
2781 if (float##fsz##_is_any_nan(x)) { \
2782 float_raise(float_flag_invalid, fpst); \
2785 tmp = float##fsz##_scalbn(x, shift, fpst); \
2786 return float##fsz##_to_##itype##_round_to_zero(tmp, fpst); \
2789 VFP_CONV_FIX(sh, d, 64, int16, )
2790 VFP_CONV_FIX(sl, d, 64, int32, )
2791 VFP_CONV_FIX(uh, d, 64, uint16, u)
2792 VFP_CONV_FIX(ul, d, 64, uint32, u)
2793 VFP_CONV_FIX(sh, s, 32, int16, )
2794 VFP_CONV_FIX(sl, s, 32, int32, )
2795 VFP_CONV_FIX(uh, s, 32, uint16, u)
2796 VFP_CONV_FIX(ul, s, 32, uint32, u)
2799 /* Half precision conversions. */
2800 static float32 do_fcvt_f16_to_f32(uint32_t a, CPUARMState *env, float_status *s)
2802 int ieee = (env->vfp.xregs[ARM_VFP_FPSCR] & (1 << 26)) == 0;
2803 float32 r = float16_to_float32(make_float16(a), ieee, s);
2805 return float32_maybe_silence_nan(r);
2810 static uint32_t do_fcvt_f32_to_f16(float32 a, CPUARMState *env, float_status *s)
2812 int ieee = (env->vfp.xregs[ARM_VFP_FPSCR] & (1 << 26)) == 0;
2813 float16 r = float32_to_float16(a, ieee, s);
2815 r = float16_maybe_silence_nan(r);
2817 return float16_val(r);
2820 float32 HELPER(neon_fcvt_f16_to_f32)(uint32_t a, CPUARMState *env)
2822 return do_fcvt_f16_to_f32(a, env, &env->vfp.standard_fp_status);
2825 uint32_t HELPER(neon_fcvt_f32_to_f16)(float32 a, CPUARMState *env)
2827 return do_fcvt_f32_to_f16(a, env, &env->vfp.standard_fp_status);
2830 float32 HELPER(vfp_fcvt_f16_to_f32)(uint32_t a, CPUARMState *env)
2832 return do_fcvt_f16_to_f32(a, env, &env->vfp.fp_status);
2835 uint32_t HELPER(vfp_fcvt_f32_to_f16)(float32 a, CPUARMState *env)
2837 return do_fcvt_f32_to_f16(a, env, &env->vfp.fp_status);
2840 #define float32_two make_float32(0x40000000)
2841 #define float32_three make_float32(0x40400000)
2842 #define float32_one_point_five make_float32(0x3fc00000)
2844 float32 HELPER(recps_f32)(float32 a, float32 b, CPUARMState *env)
2846 float_status *s = &env->vfp.standard_fp_status;
2847 if ((float32_is_infinity(a) && float32_is_zero_or_denormal(b)) ||
2848 (float32_is_infinity(b) && float32_is_zero_or_denormal(a))) {
2849 if (!(float32_is_zero(a) || float32_is_zero(b))) {
2850 float_raise(float_flag_input_denormal, s);
2854 return float32_sub(float32_two, float32_mul(a, b, s), s);
2857 float32 HELPER(rsqrts_f32)(float32 a, float32 b, CPUARMState *env)
2859 float_status *s = &env->vfp.standard_fp_status;
2861 if ((float32_is_infinity(a) && float32_is_zero_or_denormal(b)) ||
2862 (float32_is_infinity(b) && float32_is_zero_or_denormal(a))) {
2863 if (!(float32_is_zero(a) || float32_is_zero(b))) {
2864 float_raise(float_flag_input_denormal, s);
2866 return float32_one_point_five;
2868 product = float32_mul(a, b, s);
2869 return float32_div(float32_sub(float32_three, product, s), float32_two, s);
2874 /* Constants 256 and 512 are used in some helpers; we avoid relying on
2875 * int->float conversions at run-time. */
2876 #define float64_256 make_float64(0x4070000000000000LL)
2877 #define float64_512 make_float64(0x4080000000000000LL)
2879 /* The algorithm that must be used to calculate the estimate
2880 * is specified by the ARM ARM.
2882 static float64 recip_estimate(float64 a, CPUARMState *env)
2884 /* These calculations mustn't set any fp exception flags,
2885 * so we use a local copy of the fp_status.
2887 float_status dummy_status = env->vfp.standard_fp_status;
2888 float_status *s = &dummy_status;
2889 /* q = (int)(a * 512.0) */
2890 float64 q = float64_mul(float64_512, a, s);
2891 int64_t q_int = float64_to_int64_round_to_zero(q, s);
2893 /* r = 1.0 / (((double)q + 0.5) / 512.0) */
2894 q = int64_to_float64(q_int, s);
2895 q = float64_add(q, float64_half, s);
2896 q = float64_div(q, float64_512, s);
2897 q = float64_div(float64_one, q, s);
2899 /* s = (int)(256.0 * r + 0.5) */
2900 q = float64_mul(q, float64_256, s);
2901 q = float64_add(q, float64_half, s);
2902 q_int = float64_to_int64_round_to_zero(q, s);
2904 /* return (double)s / 256.0 */
2905 return float64_div(int64_to_float64(q_int, s), float64_256, s);
2908 float32 HELPER(recpe_f32)(float32 a, CPUARMState *env)
2910 float_status *s = &env->vfp.standard_fp_status;
2912 uint32_t val32 = float32_val(a);
2915 int a_exp = (val32 & 0x7f800000) >> 23;
2916 int sign = val32 & 0x80000000;
2918 if (float32_is_any_nan(a)) {
2919 if (float32_is_signaling_nan(a)) {
2920 float_raise(float_flag_invalid, s);
2922 return float32_default_nan;
2923 } else if (float32_is_infinity(a)) {
2924 return float32_set_sign(float32_zero, float32_is_neg(a));
2925 } else if (float32_is_zero_or_denormal(a)) {
2926 if (!float32_is_zero(a)) {
2927 float_raise(float_flag_input_denormal, s);
2929 float_raise(float_flag_divbyzero, s);
2930 return float32_set_sign(float32_infinity, float32_is_neg(a));
2931 } else if (a_exp >= 253) {
2932 float_raise(float_flag_underflow, s);
2933 return float32_set_sign(float32_zero, float32_is_neg(a));
2936 f64 = make_float64((0x3feULL << 52)
2937 | ((int64_t)(val32 & 0x7fffff) << 29));
2939 result_exp = 253 - a_exp;
2941 f64 = recip_estimate(f64, env);
2944 | ((result_exp & 0xff) << 23)
2945 | ((float64_val(f64) >> 29) & 0x7fffff);
2946 return make_float32(val32);
2949 /* The algorithm that must be used to calculate the estimate
2950 * is specified by the ARM ARM.
2952 static float64 recip_sqrt_estimate(float64 a, CPUARMState *env)
2954 /* These calculations mustn't set any fp exception flags,
2955 * so we use a local copy of the fp_status.
2957 float_status dummy_status = env->vfp.standard_fp_status;
2958 float_status *s = &dummy_status;
2962 if (float64_lt(a, float64_half, s)) {
2963 /* range 0.25 <= a < 0.5 */
2965 /* a in units of 1/512 rounded down */
2966 /* q0 = (int)(a * 512.0); */
2967 q = float64_mul(float64_512, a, s);
2968 q_int = float64_to_int64_round_to_zero(q, s);
2970 /* reciprocal root r */
2971 /* r = 1.0 / sqrt(((double)q0 + 0.5) / 512.0); */
2972 q = int64_to_float64(q_int, s);
2973 q = float64_add(q, float64_half, s);
2974 q = float64_div(q, float64_512, s);
2975 q = float64_sqrt(q, s);
2976 q = float64_div(float64_one, q, s);
2978 /* range 0.5 <= a < 1.0 */
2980 /* a in units of 1/256 rounded down */
2981 /* q1 = (int)(a * 256.0); */
2982 q = float64_mul(float64_256, a, s);
2983 int64_t q_int = float64_to_int64_round_to_zero(q, s);
2985 /* reciprocal root r */
2986 /* r = 1.0 /sqrt(((double)q1 + 0.5) / 256); */
2987 q = int64_to_float64(q_int, s);
2988 q = float64_add(q, float64_half, s);
2989 q = float64_div(q, float64_256, s);
2990 q = float64_sqrt(q, s);
2991 q = float64_div(float64_one, q, s);
2993 /* r in units of 1/256 rounded to nearest */
2994 /* s = (int)(256.0 * r + 0.5); */
2996 q = float64_mul(q, float64_256,s );
2997 q = float64_add(q, float64_half, s);
2998 q_int = float64_to_int64_round_to_zero(q, s);
3000 /* return (double)s / 256.0;*/
3001 return float64_div(int64_to_float64(q_int, s), float64_256, s);
3004 float32 HELPER(rsqrte_f32)(float32 a, CPUARMState *env)
3006 float_status *s = &env->vfp.standard_fp_status;
3012 val = float32_val(a);
3014 if (float32_is_any_nan(a)) {
3015 if (float32_is_signaling_nan(a)) {
3016 float_raise(float_flag_invalid, s);
3018 return float32_default_nan;
3019 } else if (float32_is_zero_or_denormal(a)) {
3020 if (!float32_is_zero(a)) {
3021 float_raise(float_flag_input_denormal, s);
3023 float_raise(float_flag_divbyzero, s);
3024 return float32_set_sign(float32_infinity, float32_is_neg(a));
3025 } else if (float32_is_neg(a)) {
3026 float_raise(float_flag_invalid, s);
3027 return float32_default_nan;
3028 } else if (float32_is_infinity(a)) {
3029 return float32_zero;
3032 /* Normalize to a double-precision value between 0.25 and 1.0,
3033 * preserving the parity of the exponent. */
3034 if ((val & 0x800000) == 0) {
3035 f64 = make_float64(((uint64_t)(val & 0x80000000) << 32)
3037 | ((uint64_t)(val & 0x7fffff) << 29));
3039 f64 = make_float64(((uint64_t)(val & 0x80000000) << 32)
3041 | ((uint64_t)(val & 0x7fffff) << 29));
3044 result_exp = (380 - ((val & 0x7f800000) >> 23)) / 2;
3046 f64 = recip_sqrt_estimate(f64, env);
3048 val64 = float64_val(f64);
3050 val = ((result_exp & 0xff) << 23)
3051 | ((val64 >> 29) & 0x7fffff);
3052 return make_float32(val);
3055 uint32_t HELPER(recpe_u32)(uint32_t a, CPUARMState *env)
3059 if ((a & 0x80000000) == 0) {
3063 f64 = make_float64((0x3feULL << 52)
3064 | ((int64_t)(a & 0x7fffffff) << 21));
3066 f64 = recip_estimate (f64, env);
3068 return 0x80000000 | ((float64_val(f64) >> 21) & 0x7fffffff);
3071 uint32_t HELPER(rsqrte_u32)(uint32_t a, CPUARMState *env)
3075 if ((a & 0xc0000000) == 0) {
3079 if (a & 0x80000000) {
3080 f64 = make_float64((0x3feULL << 52)
3081 | ((uint64_t)(a & 0x7fffffff) << 21));
3082 } else { /* bits 31-30 == '01' */
3083 f64 = make_float64((0x3fdULL << 52)
3084 | ((uint64_t)(a & 0x3fffffff) << 22));
3087 f64 = recip_sqrt_estimate(f64, env);
3089 return 0x80000000 | ((float64_val(f64) >> 21) & 0x7fffffff);
3092 /* VFPv4 fused multiply-accumulate */
3093 float32 VFP_HELPER(muladd, s)(float32 a, float32 b, float32 c, void *fpstp)
3095 float_status *fpst = fpstp;
3096 return float32_muladd(a, b, c, 0, fpst);
3099 float64 VFP_HELPER(muladd, d)(float64 a, float64 b, float64 c, void *fpstp)
3101 float_status *fpst = fpstp;
3102 return float64_muladd(a, b, c, 0, fpst);
3105 void HELPER(set_teecr)(CPUARMState *env, uint32_t val)
3108 if (env->teecr != val) {
projects / qemu.git / blob