4 #include "host-utils.h"
7 static int vfp_gdb_get_reg(CPUARMState *env, uint8_t *buf, int reg)
11 /* VFP data registers are always little-endian. */
12 nregs = arm_feature(env, ARM_FEATURE_VFP3) ? 32 : 16;
14 stfq_le_p(buf, env->vfp.regs[reg]);
17 if (arm_feature(env, ARM_FEATURE_NEON)) {
18 /* Aliases for Q regs. */
21 stfq_le_p(buf, env->vfp.regs[(reg - 32) * 2]);
22 stfq_le_p(buf + 8, env->vfp.regs[(reg - 32) * 2 + 1]);
26 switch (reg - nregs) {
27 case 0: stl_p(buf, env->vfp.xregs[ARM_VFP_FPSID]); return 4;
28 case 1: stl_p(buf, env->vfp.xregs[ARM_VFP_FPSCR]); return 4;
29 case 2: stl_p(buf, env->vfp.xregs[ARM_VFP_FPEXC]); return 4;
34 static int vfp_gdb_set_reg(CPUARMState *env, uint8_t *buf, int reg)
38 nregs = arm_feature(env, ARM_FEATURE_VFP3) ? 32 : 16;
40 env->vfp.regs[reg] = ldfq_le_p(buf);
43 if (arm_feature(env, ARM_FEATURE_NEON)) {
46 env->vfp.regs[(reg - 32) * 2] = ldfq_le_p(buf);
47 env->vfp.regs[(reg - 32) * 2 + 1] = ldfq_le_p(buf + 8);
51 switch (reg - nregs) {
52 case 0: env->vfp.xregs[ARM_VFP_FPSID] = ldl_p(buf); return 4;
53 case 1: env->vfp.xregs[ARM_VFP_FPSCR] = ldl_p(buf); return 4;
54 case 2: env->vfp.xregs[ARM_VFP_FPEXC] = ldl_p(buf) & (1 << 30); return 4;
59 static int dacr_write(CPUARMState *env, const ARMCPRegInfo *ri, uint64_t value)
62 tlb_flush(env, 1); /* Flush TLB as domain not tracked in TLB */
66 static const ARMCPRegInfo cp_reginfo[] = {
67 /* DBGDIDR: just RAZ. In particular this means the "debug architecture
68 * version" bits will read as a reserved value, which should cause
69 * Linux to not try to use the debug hardware.
71 { .name = "DBGDIDR", .cp = 14, .crn = 0, .crm = 0, .opc1 = 0, .opc2 = 0,
72 .access = PL0_R, .type = ARM_CP_CONST, .resetvalue = 0 },
73 /* MMU Domain access control / MPU write buffer control */
74 { .name = "DACR", .cp = 15,
75 .crn = 3, .crm = CP_ANY, .opc1 = CP_ANY, .opc2 = CP_ANY,
76 .access = PL1_RW, .fieldoffset = offsetof(CPUARMState, cp15.c3),
77 .resetvalue = 0, .writefn = dacr_write },
81 static const ARMCPRegInfo not_v6_cp_reginfo[] = {
82 /* Not all pre-v6 cores implemented this WFI, so this is slightly
85 { .name = "WFI_v5", .cp = 15, .crn = 7, .crm = 8, .opc1 = 0, .opc2 = 2,
86 .access = PL1_W, .type = ARM_CP_WFI },
90 static const ARMCPRegInfo not_v7_cp_reginfo[] = {
91 /* Standard v6 WFI (also used in some pre-v6 cores); not in v7 (which
92 * is UNPREDICTABLE; we choose to NOP as most implementations do).
94 { .name = "WFI_v6", .cp = 15, .crn = 7, .crm = 0, .opc1 = 0, .opc2 = 4,
95 .access = PL1_W, .type = ARM_CP_WFI },
99 static const ARMCPRegInfo v6_cp_reginfo[] = {
100 /* prefetch by MVA in v6, NOP in v7 */
101 { .name = "MVA_prefetch",
102 .cp = 15, .crn = 7, .crm = 13, .opc1 = 0, .opc2 = 1,
103 .access = PL1_W, .type = ARM_CP_NOP },
104 { .name = "ISB", .cp = 15, .crn = 7, .crm = 5, .opc1 = 0, .opc2 = 4,
105 .access = PL0_W, .type = ARM_CP_NOP },
106 { .name = "ISB", .cp = 15, .crn = 7, .crm = 10, .opc1 = 0, .opc2 = 4,
107 .access = PL0_W, .type = ARM_CP_NOP },
108 { .name = "ISB", .cp = 15, .crn = 7, .crm = 10, .opc1 = 0, .opc2 = 5,
109 .access = PL0_W, .type = ARM_CP_NOP },
113 static int pmreg_read(CPUARMState *env, const ARMCPRegInfo *ri,
116 /* Generic performance monitor register read function for where
117 * user access may be allowed by PMUSERENR.
119 if (arm_current_pl(env) == 0 && !env->cp15.c9_pmuserenr) {
122 *value = CPREG_FIELD32(env, ri);
126 static int pmcr_write(CPUARMState *env, const ARMCPRegInfo *ri,
129 if (arm_current_pl(env) == 0 && !env->cp15.c9_pmuserenr) {
132 /* only the DP, X, D and E bits are writable */
133 env->cp15.c9_pmcr &= ~0x39;
134 env->cp15.c9_pmcr |= (value & 0x39);
138 static int pmcntenset_write(CPUARMState *env, const ARMCPRegInfo *ri,
141 if (arm_current_pl(env) == 0 && !env->cp15.c9_pmuserenr) {
145 env->cp15.c9_pmcnten |= value;
149 static int pmcntenclr_write(CPUARMState *env, const ARMCPRegInfo *ri,
152 if (arm_current_pl(env) == 0 && !env->cp15.c9_pmuserenr) {
156 env->cp15.c9_pmcnten &= ~value;
160 static int pmovsr_write(CPUARMState *env, const ARMCPRegInfo *ri,
163 if (arm_current_pl(env) == 0 && !env->cp15.c9_pmuserenr) {
166 env->cp15.c9_pmovsr &= ~value;
170 static int pmxevtyper_write(CPUARMState *env, const ARMCPRegInfo *ri,
173 if (arm_current_pl(env) == 0 && !env->cp15.c9_pmuserenr) {
176 env->cp15.c9_pmxevtyper = value & 0xff;
180 static int pmuserenr_write(CPUARMState *env, const ARMCPRegInfo *ri,
183 env->cp15.c9_pmuserenr = value & 1;
187 static int pmintenset_write(CPUARMState *env, const ARMCPRegInfo *ri,
190 /* We have no event counters so only the C bit can be changed */
192 env->cp15.c9_pminten |= value;
196 static int pmintenclr_write(CPUARMState *env, const ARMCPRegInfo *ri,
200 env->cp15.c9_pminten &= ~value;
204 static const ARMCPRegInfo v7_cp_reginfo[] = {
205 /* DBGDRAR, DBGDSAR: always RAZ since we don't implement memory mapped
208 { .name = "DBGDRAR", .cp = 14, .crn = 1, .crm = 0, .opc1 = 0, .opc2 = 0,
209 .access = PL0_R, .type = ARM_CP_CONST, .resetvalue = 0 },
210 { .name = "DBGDRAR", .cp = 14, .crn = 2, .crm = 0, .opc1 = 0, .opc2 = 0,
211 .access = PL0_R, .type = ARM_CP_CONST, .resetvalue = 0 },
212 /* the old v6 WFI, UNPREDICTABLE in v7 but we choose to NOP */
213 { .name = "NOP", .cp = 15, .crn = 7, .crm = 0, .opc1 = 0, .opc2 = 4,
214 .access = PL1_W, .type = ARM_CP_NOP },
215 /* Performance monitors are implementation defined in v7,
216 * but with an ARM recommended set of registers, which we
217 * follow (although we don't actually implement any counters)
219 * Performance registers fall into three categories:
220 * (a) always UNDEF in PL0, RW in PL1 (PMINTENSET, PMINTENCLR)
221 * (b) RO in PL0 (ie UNDEF on write), RW in PL1 (PMUSERENR)
222 * (c) UNDEF in PL0 if PMUSERENR.EN==0, otherwise accessible (all others)
223 * For the cases controlled by PMUSERENR we must set .access to PL0_RW
224 * or PL0_RO as appropriate and then check PMUSERENR in the helper fn.
226 { .name = "PMCNTENSET", .cp = 15, .crn = 9, .crm = 12, .opc1 = 0, .opc2 = 1,
227 .access = PL0_RW, .resetvalue = 0,
228 .fieldoffset = offsetof(CPUARMState, cp15.c9_pmcnten),
229 .readfn = pmreg_read, .writefn = pmcntenset_write },
230 { .name = "PMCNTENCLR", .cp = 15, .crn = 9, .crm = 12, .opc1 = 0, .opc2 = 2,
231 .access = PL0_RW, .fieldoffset = offsetof(CPUARMState, cp15.c9_pmcnten),
232 .readfn = pmreg_read, .writefn = pmcntenclr_write },
233 { .name = "PMOVSR", .cp = 15, .crn = 9, .crm = 12, .opc1 = 0, .opc2 = 3,
234 .access = PL0_RW, .fieldoffset = offsetof(CPUARMState, cp15.c9_pmovsr),
235 .readfn = pmreg_read, .writefn = pmovsr_write },
236 /* Unimplemented so WI. Strictly speaking write accesses in PL0 should
239 { .name = "PMSWINC", .cp = 15, .crn = 9, .crm = 12, .opc1 = 0, .opc2 = 4,
240 .access = PL0_W, .type = ARM_CP_NOP },
241 /* Since we don't implement any events, writing to PMSELR is UNPREDICTABLE.
242 * We choose to RAZ/WI. XXX should respect PMUSERENR.
244 { .name = "PMSELR", .cp = 15, .crn = 9, .crm = 12, .opc1 = 0, .opc2 = 5,
245 .access = PL0_RW, .type = ARM_CP_CONST, .resetvalue = 0 },
246 /* Unimplemented, RAZ/WI. XXX PMUSERENR */
247 { .name = "PMCCNTR", .cp = 15, .crn = 9, .crm = 13, .opc1 = 0, .opc2 = 0,
248 .access = PL0_RW, .type = ARM_CP_CONST, .resetvalue = 0 },
249 { .name = "PMXEVTYPER", .cp = 15, .crn = 9, .crm = 13, .opc1 = 0, .opc2 = 1,
251 .fieldoffset = offsetof(CPUARMState, cp15.c9_pmxevtyper),
252 .readfn = pmreg_read, .writefn = pmxevtyper_write },
253 /* Unimplemented, RAZ/WI. XXX PMUSERENR */
254 { .name = "PMXEVCNTR", .cp = 15, .crn = 9, .crm = 13, .opc1 = 0, .opc2 = 2,
255 .access = PL0_RW, .type = ARM_CP_CONST, .resetvalue = 0 },
256 { .name = "PMUSERENR", .cp = 15, .crn = 9, .crm = 14, .opc1 = 0, .opc2 = 0,
257 .access = PL0_R | PL1_RW,
258 .fieldoffset = offsetof(CPUARMState, cp15.c9_pmuserenr),
260 .writefn = pmuserenr_write },
261 { .name = "PMINTENSET", .cp = 15, .crn = 9, .crm = 14, .opc1 = 0, .opc2 = 1,
263 .fieldoffset = offsetof(CPUARMState, cp15.c9_pminten),
265 .writefn = pmintenset_write },
266 { .name = "PMINTENCLR", .cp = 15, .crn = 9, .crm = 14, .opc1 = 0, .opc2 = 2,
268 .fieldoffset = offsetof(CPUARMState, cp15.c9_pminten),
270 .writefn = pmintenclr_write },
274 static int teecr_write(CPUARMState *env, const ARMCPRegInfo *ri, uint64_t value)
281 static int teehbr_read(CPUARMState *env, const ARMCPRegInfo *ri,
284 /* This is a helper function because the user access rights
285 * depend on the value of the TEECR.
287 if (arm_current_pl(env) == 0 && (env->teecr & 1)) {
290 *value = env->teehbr;
294 static int teehbr_write(CPUARMState *env, const ARMCPRegInfo *ri,
297 if (arm_current_pl(env) == 0 && (env->teecr & 1)) {
304 static const ARMCPRegInfo t2ee_cp_reginfo[] = {
305 { .name = "TEECR", .cp = 14, .crn = 0, .crm = 0, .opc1 = 6, .opc2 = 0,
306 .access = PL1_RW, .fieldoffset = offsetof(CPUARMState, teecr),
308 .writefn = teecr_write },
309 { .name = "TEEHBR", .cp = 14, .crn = 1, .crm = 0, .opc1 = 6, .opc2 = 0,
310 .access = PL0_RW, .fieldoffset = offsetof(CPUARMState, teehbr),
312 .readfn = teehbr_read, .writefn = teehbr_write },
316 static const ARMCPRegInfo v6k_cp_reginfo[] = {
317 { .name = "TPIDRURW", .cp = 15, .crn = 13, .crm = 0, .opc1 = 0, .opc2 = 2,
319 .fieldoffset = offsetof(CPUARMState, cp15.c13_tls1),
321 { .name = "TPIDRURO", .cp = 15, .crn = 13, .crm = 0, .opc1 = 0, .opc2 = 3,
322 .access = PL0_R|PL1_W,
323 .fieldoffset = offsetof(CPUARMState, cp15.c13_tls2),
325 { .name = "TPIDRPRW", .cp = 15, .crn = 13, .crm = 0, .opc1 = 0, .opc2 = 4,
327 .fieldoffset = offsetof(CPUARMState, cp15.c13_tls3),
332 static const ARMCPRegInfo generic_timer_cp_reginfo[] = {
333 /* Dummy implementation: RAZ/WI the whole crn=14 space */
334 { .name = "GENERIC_TIMER", .cp = 15, .crn = 14,
335 .crm = CP_ANY, .opc1 = CP_ANY, .opc2 = CP_ANY,
336 .access = PL1_RW, .type = ARM_CP_CONST, .resetvalue = 0 },
340 void register_cp_regs_for_features(ARMCPU *cpu)
342 /* Register all the coprocessor registers based on feature bits */
343 CPUARMState *env = &cpu->env;
344 if (arm_feature(env, ARM_FEATURE_M)) {
345 /* M profile has no coprocessor registers */
349 define_arm_cp_regs(cpu, cp_reginfo);
350 if (arm_feature(env, ARM_FEATURE_V6)) {
351 define_arm_cp_regs(cpu, v6_cp_reginfo);
353 define_arm_cp_regs(cpu, not_v6_cp_reginfo);
355 if (arm_feature(env, ARM_FEATURE_V6K)) {
356 define_arm_cp_regs(cpu, v6k_cp_reginfo);
358 if (arm_feature(env, ARM_FEATURE_V7)) {
359 /* v7 performance monitor control register: same implementor
360 * field as main ID register, and we implement no event counters.
362 ARMCPRegInfo pmcr = {
363 .name = "PMCR", .cp = 15, .crn = 9, .crm = 12, .opc1 = 0, .opc2 = 0,
364 .access = PL0_RW, .resetvalue = cpu->midr & 0xff000000,
365 .fieldoffset = offsetof(CPUARMState, cp15.c9_pmcr),
366 .readfn = pmreg_read, .writefn = pmcr_write
368 define_one_arm_cp_reg(cpu, &pmcr);
369 define_arm_cp_regs(cpu, v7_cp_reginfo);
371 define_arm_cp_regs(cpu, not_v7_cp_reginfo);
373 if (arm_feature(env, ARM_FEATURE_THUMB2EE)) {
374 define_arm_cp_regs(cpu, t2ee_cp_reginfo);
376 if (arm_feature(env, ARM_FEATURE_GENERIC_TIMER)) {
377 define_arm_cp_regs(cpu, generic_timer_cp_reginfo);
381 ARMCPU *cpu_arm_init(const char *cpu_model)
385 static int inited = 0;
387 if (!object_class_by_name(cpu_model)) {
390 cpu = ARM_CPU(object_new(cpu_model));
392 env->cpu_model_str = cpu_model;
393 arm_cpu_realize(cpu);
395 if (tcg_enabled() && !inited) {
397 arm_translate_init();
401 if (arm_feature(env, ARM_FEATURE_NEON)) {
402 gdb_register_coprocessor(env, vfp_gdb_get_reg, vfp_gdb_set_reg,
403 51, "arm-neon.xml", 0);
404 } else if (arm_feature(env, ARM_FEATURE_VFP3)) {
405 gdb_register_coprocessor(env, vfp_gdb_get_reg, vfp_gdb_set_reg,
406 35, "arm-vfp3.xml", 0);
407 } else if (arm_feature(env, ARM_FEATURE_VFP)) {
408 gdb_register_coprocessor(env, vfp_gdb_get_reg, vfp_gdb_set_reg,
409 19, "arm-vfp.xml", 0);
415 typedef struct ARMCPUListState {
416 fprintf_function cpu_fprintf;
420 /* Sort alphabetically by type name, except for "any". */
421 static gint arm_cpu_list_compare(gconstpointer a, gconstpointer b)
423 ObjectClass *class_a = (ObjectClass *)a;
424 ObjectClass *class_b = (ObjectClass *)b;
425 const char *name_a, *name_b;
427 name_a = object_class_get_name(class_a);
428 name_b = object_class_get_name(class_b);
429 if (strcmp(name_a, "any") == 0) {
431 } else if (strcmp(name_b, "any") == 0) {
434 return strcmp(name_a, name_b);
438 static void arm_cpu_list_entry(gpointer data, gpointer user_data)
440 ObjectClass *oc = data;
441 ARMCPUListState *s = user_data;
443 (*s->cpu_fprintf)(s->file, " %s\n",
444 object_class_get_name(oc));
447 void arm_cpu_list(FILE *f, fprintf_function cpu_fprintf)
449 ARMCPUListState s = {
451 .cpu_fprintf = cpu_fprintf,
455 list = object_class_get_list(TYPE_ARM_CPU, false);
456 list = g_slist_sort(list, arm_cpu_list_compare);
457 (*cpu_fprintf)(f, "Available CPUs:\n");
458 g_slist_foreach(list, arm_cpu_list_entry, &s);
462 void define_one_arm_cp_reg_with_opaque(ARMCPU *cpu,
463 const ARMCPRegInfo *r, void *opaque)
465 /* Define implementations of coprocessor registers.
466 * We store these in a hashtable because typically
467 * there are less than 150 registers in a space which
468 * is 16*16*16*8*8 = 262144 in size.
469 * Wildcarding is supported for the crm, opc1 and opc2 fields.
470 * If a register is defined twice then the second definition is
471 * used, so this can be used to define some generic registers and
472 * then override them with implementation specific variations.
473 * At least one of the original and the second definition should
474 * include ARM_CP_OVERRIDE in its type bits -- this is just a guard
475 * against accidental use.
478 int crmmin = (r->crm == CP_ANY) ? 0 : r->crm;
479 int crmmax = (r->crm == CP_ANY) ? 15 : r->crm;
480 int opc1min = (r->opc1 == CP_ANY) ? 0 : r->opc1;
481 int opc1max = (r->opc1 == CP_ANY) ? 7 : r->opc1;
482 int opc2min = (r->opc2 == CP_ANY) ? 0 : r->opc2;
483 int opc2max = (r->opc2 == CP_ANY) ? 7 : r->opc2;
484 /* 64 bit registers have only CRm and Opc1 fields */
485 assert(!((r->type & ARM_CP_64BIT) && (r->opc2 || r->crn)));
486 /* Check that the register definition has enough info to handle
487 * reads and writes if they are permitted.
489 if (!(r->type & (ARM_CP_SPECIAL|ARM_CP_CONST))) {
490 if (r->access & PL3_R) {
491 assert(r->fieldoffset || r->readfn);
493 if (r->access & PL3_W) {
494 assert(r->fieldoffset || r->writefn);
497 /* Bad type field probably means missing sentinel at end of reg list */
498 assert(cptype_valid(r->type));
499 for (crm = crmmin; crm <= crmmax; crm++) {
500 for (opc1 = opc1min; opc1 <= opc1max; opc1++) {
501 for (opc2 = opc2min; opc2 <= opc2max; opc2++) {
502 uint32_t *key = g_new(uint32_t, 1);
503 ARMCPRegInfo *r2 = g_memdup(r, sizeof(ARMCPRegInfo));
504 int is64 = (r->type & ARM_CP_64BIT) ? 1 : 0;
505 *key = ENCODE_CP_REG(r->cp, is64, r->crn, crm, opc1, opc2);
507 /* Make sure reginfo passed to helpers for wildcarded regs
508 * has the correct crm/opc1/opc2 for this reg, not CP_ANY:
513 /* Overriding of an existing definition must be explicitly
516 if (!(r->type & ARM_CP_OVERRIDE)) {
517 ARMCPRegInfo *oldreg;
518 oldreg = g_hash_table_lookup(cpu->cp_regs, key);
519 if (oldreg && !(oldreg->type & ARM_CP_OVERRIDE)) {
520 fprintf(stderr, "Register redefined: cp=%d %d bit "
521 "crn=%d crm=%d opc1=%d opc2=%d, "
522 "was %s, now %s\n", r2->cp, 32 + 32 * is64,
523 r2->crn, r2->crm, r2->opc1, r2->opc2,
524 oldreg->name, r2->name);
528 g_hash_table_insert(cpu->cp_regs, key, r2);
534 void define_arm_cp_regs_with_opaque(ARMCPU *cpu,
535 const ARMCPRegInfo *regs, void *opaque)
537 /* Define a whole list of registers */
538 const ARMCPRegInfo *r;
539 for (r = regs; r->type != ARM_CP_SENTINEL; r++) {
540 define_one_arm_cp_reg_with_opaque(cpu, r, opaque);
544 const ARMCPRegInfo *get_arm_cp_reginfo(ARMCPU *cpu, uint32_t encoded_cp)
546 return g_hash_table_lookup(cpu->cp_regs, &encoded_cp);
549 int arm_cp_write_ignore(CPUARMState *env, const ARMCPRegInfo *ri,
552 /* Helper coprocessor write function for write-ignore registers */
556 int arm_cp_read_zero(CPUARMState *env, const ARMCPRegInfo *ri, uint64_t *value)
558 /* Helper coprocessor write function for read-as-zero registers */
563 static int bad_mode_switch(CPUARMState *env, int mode)
565 /* Return true if it is not valid for us to switch to
566 * this CPU mode (ie all the UNPREDICTABLE cases in
567 * the ARM ARM CPSRWriteByInstr pseudocode).
570 case ARM_CPU_MODE_USR:
571 case ARM_CPU_MODE_SYS:
572 case ARM_CPU_MODE_SVC:
573 case ARM_CPU_MODE_ABT:
574 case ARM_CPU_MODE_UND:
575 case ARM_CPU_MODE_IRQ:
576 case ARM_CPU_MODE_FIQ:
583 uint32_t cpsr_read(CPUARMState *env)
587 return env->uncached_cpsr | (env->NF & 0x80000000) | (ZF << 30) |
588 (env->CF << 29) | ((env->VF & 0x80000000) >> 3) | (env->QF << 27)
589 | (env->thumb << 5) | ((env->condexec_bits & 3) << 25)
590 | ((env->condexec_bits & 0xfc) << 8)
594 void cpsr_write(CPUARMState *env, uint32_t val, uint32_t mask)
596 if (mask & CPSR_NZCV) {
597 env->ZF = (~val) & CPSR_Z;
599 env->CF = (val >> 29) & 1;
600 env->VF = (val << 3) & 0x80000000;
603 env->QF = ((val & CPSR_Q) != 0);
605 env->thumb = ((val & CPSR_T) != 0);
606 if (mask & CPSR_IT_0_1) {
607 env->condexec_bits &= ~3;
608 env->condexec_bits |= (val >> 25) & 3;
610 if (mask & CPSR_IT_2_7) {
611 env->condexec_bits &= 3;
612 env->condexec_bits |= (val >> 8) & 0xfc;
614 if (mask & CPSR_GE) {
615 env->GE = (val >> 16) & 0xf;
618 if ((env->uncached_cpsr ^ val) & mask & CPSR_M) {
619 if (bad_mode_switch(env, val & CPSR_M)) {
620 /* Attempt to switch to an invalid mode: this is UNPREDICTABLE.
621 * We choose to ignore the attempt and leave the CPSR M field
626 switch_mode(env, val & CPSR_M);
629 mask &= ~CACHED_CPSR_BITS;
630 env->uncached_cpsr = (env->uncached_cpsr & ~mask) | (val & mask);
633 /* Sign/zero extend */
634 uint32_t HELPER(sxtb16)(uint32_t x)
637 res = (uint16_t)(int8_t)x;
638 res |= (uint32_t)(int8_t)(x >> 16) << 16;
642 uint32_t HELPER(uxtb16)(uint32_t x)
645 res = (uint16_t)(uint8_t)x;
646 res |= (uint32_t)(uint8_t)(x >> 16) << 16;
650 uint32_t HELPER(clz)(uint32_t x)
655 int32_t HELPER(sdiv)(int32_t num, int32_t den)
659 if (num == INT_MIN && den == -1)
664 uint32_t HELPER(udiv)(uint32_t num, uint32_t den)
671 uint32_t HELPER(rbit)(uint32_t x)
673 x = ((x & 0xff000000) >> 24)
674 | ((x & 0x00ff0000) >> 8)
675 | ((x & 0x0000ff00) << 8)
676 | ((x & 0x000000ff) << 24);
677 x = ((x & 0xf0f0f0f0) >> 4)
678 | ((x & 0x0f0f0f0f) << 4);
679 x = ((x & 0x88888888) >> 3)
680 | ((x & 0x44444444) >> 1)
681 | ((x & 0x22222222) << 1)
682 | ((x & 0x11111111) << 3);
686 uint32_t HELPER(abs)(uint32_t x)
688 return ((int32_t)x < 0) ? -x : x;
691 #if defined(CONFIG_USER_ONLY)
693 void do_interrupt (CPUARMState *env)
695 env->exception_index = -1;
698 int cpu_arm_handle_mmu_fault (CPUARMState *env, target_ulong address, int rw,
702 env->exception_index = EXCP_PREFETCH_ABORT;
703 env->cp15.c6_insn = address;
705 env->exception_index = EXCP_DATA_ABORT;
706 env->cp15.c6_data = address;
711 void HELPER(set_cp15)(CPUARMState *env, uint32_t insn, uint32_t val)
713 cpu_abort(env, "cp15 insn %08x\n", insn);
716 uint32_t HELPER(get_cp15)(CPUARMState *env, uint32_t insn)
718 cpu_abort(env, "cp15 insn %08x\n", insn);
721 /* These should probably raise undefined insn exceptions. */
722 void HELPER(v7m_msr)(CPUARMState *env, uint32_t reg, uint32_t val)
724 cpu_abort(env, "v7m_mrs %d\n", reg);
727 uint32_t HELPER(v7m_mrs)(CPUARMState *env, uint32_t reg)
729 cpu_abort(env, "v7m_mrs %d\n", reg);
733 void switch_mode(CPUARMState *env, int mode)
735 if (mode != ARM_CPU_MODE_USR)
736 cpu_abort(env, "Tried to switch out of user mode\n");
739 void HELPER(set_r13_banked)(CPUARMState *env, uint32_t mode, uint32_t val)
741 cpu_abort(env, "banked r13 write\n");
744 uint32_t HELPER(get_r13_banked)(CPUARMState *env, uint32_t mode)
746 cpu_abort(env, "banked r13 read\n");
752 /* Map CPU modes onto saved register banks. */
753 static inline int bank_number(CPUARMState *env, int mode)
756 case ARM_CPU_MODE_USR:
757 case ARM_CPU_MODE_SYS:
759 case ARM_CPU_MODE_SVC:
761 case ARM_CPU_MODE_ABT:
763 case ARM_CPU_MODE_UND:
765 case ARM_CPU_MODE_IRQ:
767 case ARM_CPU_MODE_FIQ:
770 cpu_abort(env, "Bad mode %x\n", mode);
774 void switch_mode(CPUARMState *env, int mode)
779 old_mode = env->uncached_cpsr & CPSR_M;
780 if (mode == old_mode)
783 if (old_mode == ARM_CPU_MODE_FIQ) {
784 memcpy (env->fiq_regs, env->regs + 8, 5 * sizeof(uint32_t));
785 memcpy (env->regs + 8, env->usr_regs, 5 * sizeof(uint32_t));
786 } else if (mode == ARM_CPU_MODE_FIQ) {
787 memcpy (env->usr_regs, env->regs + 8, 5 * sizeof(uint32_t));
788 memcpy (env->regs + 8, env->fiq_regs, 5 * sizeof(uint32_t));
791 i = bank_number(env, old_mode);
792 env->banked_r13[i] = env->regs[13];
793 env->banked_r14[i] = env->regs[14];
794 env->banked_spsr[i] = env->spsr;
796 i = bank_number(env, mode);
797 env->regs[13] = env->banked_r13[i];
798 env->regs[14] = env->banked_r14[i];
799 env->spsr = env->banked_spsr[i];
802 static void v7m_push(CPUARMState *env, uint32_t val)
805 stl_phys(env->regs[13], val);
808 static uint32_t v7m_pop(CPUARMState *env)
811 val = ldl_phys(env->regs[13]);
816 /* Switch to V7M main or process stack pointer. */
817 static void switch_v7m_sp(CPUARMState *env, int process)
820 if (env->v7m.current_sp != process) {
821 tmp = env->v7m.other_sp;
822 env->v7m.other_sp = env->regs[13];
824 env->v7m.current_sp = process;
828 static void do_v7m_exception_exit(CPUARMState *env)
833 type = env->regs[15];
834 if (env->v7m.exception != 0)
835 armv7m_nvic_complete_irq(env->nvic, env->v7m.exception);
837 /* Switch to the target stack. */
838 switch_v7m_sp(env, (type & 4) != 0);
840 env->regs[0] = v7m_pop(env);
841 env->regs[1] = v7m_pop(env);
842 env->regs[2] = v7m_pop(env);
843 env->regs[3] = v7m_pop(env);
844 env->regs[12] = v7m_pop(env);
845 env->regs[14] = v7m_pop(env);
846 env->regs[15] = v7m_pop(env);
848 xpsr_write(env, xpsr, 0xfffffdff);
849 /* Undo stack alignment. */
852 /* ??? The exception return type specifies Thread/Handler mode. However
853 this is also implied by the xPSR value. Not sure what to do
854 if there is a mismatch. */
855 /* ??? Likewise for mismatches between the CONTROL register and the stack
859 static void do_interrupt_v7m(CPUARMState *env)
861 uint32_t xpsr = xpsr_read(env);
866 if (env->v7m.current_sp)
868 if (env->v7m.exception == 0)
871 /* For exceptions we just mark as pending on the NVIC, and let that
873 /* TODO: Need to escalate if the current priority is higher than the
874 one we're raising. */
875 switch (env->exception_index) {
877 armv7m_nvic_set_pending(env->nvic, ARMV7M_EXCP_USAGE);
881 armv7m_nvic_set_pending(env->nvic, ARMV7M_EXCP_SVC);
883 case EXCP_PREFETCH_ABORT:
884 case EXCP_DATA_ABORT:
885 armv7m_nvic_set_pending(env->nvic, ARMV7M_EXCP_MEM);
888 if (semihosting_enabled) {
890 nr = arm_lduw_code(env->regs[15], env->bswap_code) & 0xff;
893 env->regs[0] = do_arm_semihosting(env);
897 armv7m_nvic_set_pending(env->nvic, ARMV7M_EXCP_DEBUG);
900 env->v7m.exception = armv7m_nvic_acknowledge_irq(env->nvic);
902 case EXCP_EXCEPTION_EXIT:
903 do_v7m_exception_exit(env);
906 cpu_abort(env, "Unhandled exception 0x%x\n", env->exception_index);
907 return; /* Never happens. Keep compiler happy. */
910 /* Align stack pointer. */
911 /* ??? Should only do this if Configuration Control Register
912 STACKALIGN bit is set. */
913 if (env->regs[13] & 4) {
917 /* Switch to the handler mode. */
919 v7m_push(env, env->regs[15]);
920 v7m_push(env, env->regs[14]);
921 v7m_push(env, env->regs[12]);
922 v7m_push(env, env->regs[3]);
923 v7m_push(env, env->regs[2]);
924 v7m_push(env, env->regs[1]);
925 v7m_push(env, env->regs[0]);
926 switch_v7m_sp(env, 0);
928 env->condexec_bits = 0;
930 addr = ldl_phys(env->v7m.vecbase + env->v7m.exception * 4);
931 env->regs[15] = addr & 0xfffffffe;
932 env->thumb = addr & 1;
935 /* Handle a CPU exception. */
936 void do_interrupt(CPUARMState *env)
944 do_interrupt_v7m(env);
947 /* TODO: Vectored interrupt controller. */
948 switch (env->exception_index) {
950 new_mode = ARM_CPU_MODE_UND;
959 if (semihosting_enabled) {
960 /* Check for semihosting interrupt. */
962 mask = arm_lduw_code(env->regs[15] - 2, env->bswap_code) & 0xff;
964 mask = arm_ldl_code(env->regs[15] - 4, env->bswap_code)
967 /* Only intercept calls from privileged modes, to provide some
968 semblance of security. */
969 if (((mask == 0x123456 && !env->thumb)
970 || (mask == 0xab && env->thumb))
971 && (env->uncached_cpsr & CPSR_M) != ARM_CPU_MODE_USR) {
972 env->regs[0] = do_arm_semihosting(env);
976 new_mode = ARM_CPU_MODE_SVC;
979 /* The PC already points to the next instruction. */
983 /* See if this is a semihosting syscall. */
984 if (env->thumb && semihosting_enabled) {
985 mask = arm_lduw_code(env->regs[15], env->bswap_code) & 0xff;
987 && (env->uncached_cpsr & CPSR_M) != ARM_CPU_MODE_USR) {
989 env->regs[0] = do_arm_semihosting(env);
993 env->cp15.c5_insn = 2;
994 /* Fall through to prefetch abort. */
995 case EXCP_PREFETCH_ABORT:
996 new_mode = ARM_CPU_MODE_ABT;
998 mask = CPSR_A | CPSR_I;
1001 case EXCP_DATA_ABORT:
1002 new_mode = ARM_CPU_MODE_ABT;
1004 mask = CPSR_A | CPSR_I;
1008 new_mode = ARM_CPU_MODE_IRQ;
1010 /* Disable IRQ and imprecise data aborts. */
1011 mask = CPSR_A | CPSR_I;
1015 new_mode = ARM_CPU_MODE_FIQ;
1017 /* Disable FIQ, IRQ and imprecise data aborts. */
1018 mask = CPSR_A | CPSR_I | CPSR_F;
1022 cpu_abort(env, "Unhandled exception 0x%x\n", env->exception_index);
1023 return; /* Never happens. Keep compiler happy. */
1026 if (env->cp15.c1_sys & (1 << 13)) {
1029 switch_mode (env, new_mode);
1030 env->spsr = cpsr_read(env);
1031 /* Clear IT bits. */
1032 env->condexec_bits = 0;
1033 /* Switch to the new mode, and to the correct instruction set. */
1034 env->uncached_cpsr = (env->uncached_cpsr & ~CPSR_M) | new_mode;
1035 env->uncached_cpsr |= mask;
1036 /* this is a lie, as the was no c1_sys on V4T/V5, but who cares
1037 * and we should just guard the thumb mode on V4 */
1038 if (arm_feature(env, ARM_FEATURE_V4T)) {
1039 env->thumb = (env->cp15.c1_sys & (1 << 30)) != 0;
1041 env->regs[14] = env->regs[15] + offset;
1042 env->regs[15] = addr;
1043 env->interrupt_request |= CPU_INTERRUPT_EXITTB;
1046 /* Check section/page access permissions.
1047 Returns the page protection flags, or zero if the access is not
1049 static inline int check_ap(CPUARMState *env, int ap, int domain_prot,
1050 int access_type, int is_user)
1054 if (domain_prot == 3) {
1055 return PAGE_READ | PAGE_WRITE;
1058 if (access_type == 1)
1061 prot_ro = PAGE_READ;
1065 if (access_type == 1)
1067 switch ((env->cp15.c1_sys >> 8) & 3) {
1069 return is_user ? 0 : PAGE_READ;
1076 return is_user ? 0 : PAGE_READ | PAGE_WRITE;
1081 return PAGE_READ | PAGE_WRITE;
1083 return PAGE_READ | PAGE_WRITE;
1084 case 4: /* Reserved. */
1087 return is_user ? 0 : prot_ro;
1091 if (!arm_feature (env, ARM_FEATURE_V6K))
1099 static uint32_t get_level1_table_address(CPUARMState *env, uint32_t address)
1103 if (address & env->cp15.c2_mask)
1104 table = env->cp15.c2_base1 & 0xffffc000;
1106 table = env->cp15.c2_base0 & env->cp15.c2_base_mask;
1108 table |= (address >> 18) & 0x3ffc;
1112 static int get_phys_addr_v5(CPUARMState *env, uint32_t address, int access_type,
1113 int is_user, uint32_t *phys_ptr, int *prot,
1114 target_ulong *page_size)
1125 /* Pagetable walk. */
1126 /* Lookup l1 descriptor. */
1127 table = get_level1_table_address(env, address);
1128 desc = ldl_phys(table);
1130 domain = (desc >> 5) & 0x0f;
1131 domain_prot = (env->cp15.c3 >> (domain * 2)) & 3;
1133 /* Section translation fault. */
1137 if (domain_prot == 0 || domain_prot == 2) {
1139 code = 9; /* Section domain fault. */
1141 code = 11; /* Page domain fault. */
1146 phys_addr = (desc & 0xfff00000) | (address & 0x000fffff);
1147 ap = (desc >> 10) & 3;
1149 *page_size = 1024 * 1024;
1151 /* Lookup l2 entry. */
1153 /* Coarse pagetable. */
1154 table = (desc & 0xfffffc00) | ((address >> 10) & 0x3fc);
1156 /* Fine pagetable. */
1157 table = (desc & 0xfffff000) | ((address >> 8) & 0xffc);
1159 desc = ldl_phys(table);
1161 case 0: /* Page translation fault. */
1164 case 1: /* 64k page. */
1165 phys_addr = (desc & 0xffff0000) | (address & 0xffff);
1166 ap = (desc >> (4 + ((address >> 13) & 6))) & 3;
1167 *page_size = 0x10000;
1169 case 2: /* 4k page. */
1170 phys_addr = (desc & 0xfffff000) | (address & 0xfff);
1171 ap = (desc >> (4 + ((address >> 13) & 6))) & 3;
1172 *page_size = 0x1000;
1174 case 3: /* 1k page. */
1176 if (arm_feature(env, ARM_FEATURE_XSCALE)) {
1177 phys_addr = (desc & 0xfffff000) | (address & 0xfff);
1179 /* Page translation fault. */
1184 phys_addr = (desc & 0xfffffc00) | (address & 0x3ff);
1186 ap = (desc >> 4) & 3;
1190 /* Never happens, but compiler isn't smart enough to tell. */
1195 *prot = check_ap(env, ap, domain_prot, access_type, is_user);
1197 /* Access permission fault. */
1201 *phys_ptr = phys_addr;
1204 return code | (domain << 4);
1207 static int get_phys_addr_v6(CPUARMState *env, uint32_t address, int access_type,
1208 int is_user, uint32_t *phys_ptr, int *prot,
1209 target_ulong *page_size)
1221 /* Pagetable walk. */
1222 /* Lookup l1 descriptor. */
1223 table = get_level1_table_address(env, address);
1224 desc = ldl_phys(table);
1227 /* Section translation fault. */
1231 } else if (type == 2 && (desc & (1 << 18))) {
1235 /* Section or page. */
1236 domain = (desc >> 5) & 0x0f;
1238 domain_prot = (env->cp15.c3 >> (domain * 2)) & 3;
1239 if (domain_prot == 0 || domain_prot == 2) {
1241 code = 9; /* Section domain fault. */
1243 code = 11; /* Page domain fault. */
1247 if (desc & (1 << 18)) {
1249 phys_addr = (desc & 0xff000000) | (address & 0x00ffffff);
1250 *page_size = 0x1000000;
1253 phys_addr = (desc & 0xfff00000) | (address & 0x000fffff);
1254 *page_size = 0x100000;
1256 ap = ((desc >> 10) & 3) | ((desc >> 13) & 4);
1257 xn = desc & (1 << 4);
1260 /* Lookup l2 entry. */
1261 table = (desc & 0xfffffc00) | ((address >> 10) & 0x3fc);
1262 desc = ldl_phys(table);
1263 ap = ((desc >> 4) & 3) | ((desc >> 7) & 4);
1265 case 0: /* Page translation fault. */
1268 case 1: /* 64k page. */
1269 phys_addr = (desc & 0xffff0000) | (address & 0xffff);
1270 xn = desc & (1 << 15);
1271 *page_size = 0x10000;
1273 case 2: case 3: /* 4k page. */
1274 phys_addr = (desc & 0xfffff000) | (address & 0xfff);
1276 *page_size = 0x1000;
1279 /* Never happens, but compiler isn't smart enough to tell. */
1284 if (domain_prot == 3) {
1285 *prot = PAGE_READ | PAGE_WRITE | PAGE_EXEC;
1287 if (xn && access_type == 2)
1290 /* The simplified model uses AP[0] as an access control bit. */
1291 if ((env->cp15.c1_sys & (1 << 29)) && (ap & 1) == 0) {
1292 /* Access flag fault. */
1293 code = (code == 15) ? 6 : 3;
1296 *prot = check_ap(env, ap, domain_prot, access_type, is_user);
1298 /* Access permission fault. */
1305 *phys_ptr = phys_addr;
1308 return code | (domain << 4);
1311 static int get_phys_addr_mpu(CPUARMState *env, uint32_t address, int access_type,
1312 int is_user, uint32_t *phys_ptr, int *prot)
1318 *phys_ptr = address;
1319 for (n = 7; n >= 0; n--) {
1320 base = env->cp15.c6_region[n];
1321 if ((base & 1) == 0)
1323 mask = 1 << ((base >> 1) & 0x1f);
1324 /* Keep this shift separate from the above to avoid an
1325 (undefined) << 32. */
1326 mask = (mask << 1) - 1;
1327 if (((base ^ address) & ~mask) == 0)
1333 if (access_type == 2) {
1334 mask = env->cp15.c5_insn;
1336 mask = env->cp15.c5_data;
1338 mask = (mask >> (n * 4)) & 0xf;
1345 *prot = PAGE_READ | PAGE_WRITE;
1350 *prot |= PAGE_WRITE;
1353 *prot = PAGE_READ | PAGE_WRITE;
1364 /* Bad permission. */
1371 static inline int get_phys_addr(CPUARMState *env, uint32_t address,
1372 int access_type, int is_user,
1373 uint32_t *phys_ptr, int *prot,
1374 target_ulong *page_size)
1376 /* Fast Context Switch Extension. */
1377 if (address < 0x02000000)
1378 address += env->cp15.c13_fcse;
1380 if ((env->cp15.c1_sys & 1) == 0) {
1381 /* MMU/MPU disabled. */
1382 *phys_ptr = address;
1383 *prot = PAGE_READ | PAGE_WRITE | PAGE_EXEC;
1384 *page_size = TARGET_PAGE_SIZE;
1386 } else if (arm_feature(env, ARM_FEATURE_MPU)) {
1387 *page_size = TARGET_PAGE_SIZE;
1388 return get_phys_addr_mpu(env, address, access_type, is_user, phys_ptr,
1390 } else if (env->cp15.c1_sys & (1 << 23)) {
1391 return get_phys_addr_v6(env, address, access_type, is_user, phys_ptr,
1394 return get_phys_addr_v5(env, address, access_type, is_user, phys_ptr,
1399 int cpu_arm_handle_mmu_fault (CPUARMState *env, target_ulong address,
1400 int access_type, int mmu_idx)
1403 target_ulong page_size;
1407 is_user = mmu_idx == MMU_USER_IDX;
1408 ret = get_phys_addr(env, address, access_type, is_user, &phys_addr, &prot,
1411 /* Map a single [sub]page. */
1412 phys_addr &= ~(uint32_t)0x3ff;
1413 address &= ~(uint32_t)0x3ff;
1414 tlb_set_page (env, address, phys_addr, prot, mmu_idx, page_size);
1418 if (access_type == 2) {
1419 env->cp15.c5_insn = ret;
1420 env->cp15.c6_insn = address;
1421 env->exception_index = EXCP_PREFETCH_ABORT;
1423 env->cp15.c5_data = ret;
1424 if (access_type == 1 && arm_feature(env, ARM_FEATURE_V6))
1425 env->cp15.c5_data |= (1 << 11);
1426 env->cp15.c6_data = address;
1427 env->exception_index = EXCP_DATA_ABORT;
1432 target_phys_addr_t cpu_get_phys_page_debug(CPUARMState *env, target_ulong addr)
1435 target_ulong page_size;
1439 ret = get_phys_addr(env, addr, 0, 0, &phys_addr, &prot, &page_size);
1447 /* Return basic MPU access permission bits. */
1448 static uint32_t simple_mpu_ap_bits(uint32_t val)
1455 for (i = 0; i < 16; i += 2) {
1456 ret |= (val >> i) & mask;
1462 /* Pad basic MPU access permission bits to extended format. */
1463 static uint32_t extended_mpu_ap_bits(uint32_t val)
1470 for (i = 0; i < 16; i += 2) {
1471 ret |= (val & mask) << i;
1477 void HELPER(set_cp15)(CPUARMState *env, uint32_t insn, uint32_t val)
1483 op1 = (insn >> 21) & 7;
1484 op2 = (insn >> 5) & 7;
1486 switch ((insn >> 16) & 0xf) {
1489 if (arm_feature(env, ARM_FEATURE_XSCALE))
1491 if (arm_feature(env, ARM_FEATURE_OMAPCP))
1493 if (arm_feature(env, ARM_FEATURE_V7)
1494 && op1 == 2 && crm == 0 && op2 == 0) {
1495 env->cp15.c0_cssel = val & 0xf;
1499 case 1: /* System configuration. */
1500 if (arm_feature(env, ARM_FEATURE_V7)
1501 && op1 == 0 && crm == 1 && op2 == 0) {
1502 env->cp15.c1_scr = val;
1505 if (arm_feature(env, ARM_FEATURE_OMAPCP))
1509 if (!arm_feature(env, ARM_FEATURE_XSCALE) || crm == 0)
1510 env->cp15.c1_sys = val;
1511 /* ??? Lots of these bits are not implemented. */
1512 /* This may enable/disable the MMU, so do a TLB flush. */
1515 case 1: /* Auxiliary control register. */
1516 if (arm_feature(env, ARM_FEATURE_XSCALE)) {
1517 env->cp15.c1_xscaleauxcr = val;
1520 /* Not implemented. */
1523 if (arm_feature(env, ARM_FEATURE_XSCALE))
1525 if (env->cp15.c1_coproc != val) {
1526 env->cp15.c1_coproc = val;
1527 /* ??? Is this safe when called from within a TB? */
1535 case 2: /* MMU Page table control / MPU cache control. */
1536 if (arm_feature(env, ARM_FEATURE_MPU)) {
1539 env->cp15.c2_data = val;
1542 env->cp15.c2_insn = val;
1550 env->cp15.c2_base0 = val;
1553 env->cp15.c2_base1 = val;
1557 env->cp15.c2_control = val;
1558 env->cp15.c2_mask = ~(((uint32_t)0xffffffffu) >> val);
1559 env->cp15.c2_base_mask = ~((uint32_t)0x3fffu >> val);
1566 case 4: /* Reserved. */
1568 case 5: /* MMU Fault status / MPU access permission. */
1569 if (arm_feature(env, ARM_FEATURE_OMAPCP))
1573 if (arm_feature(env, ARM_FEATURE_MPU))
1574 val = extended_mpu_ap_bits(val);
1575 env->cp15.c5_data = val;
1578 if (arm_feature(env, ARM_FEATURE_MPU))
1579 val = extended_mpu_ap_bits(val);
1580 env->cp15.c5_insn = val;
1583 if (!arm_feature(env, ARM_FEATURE_MPU))
1585 env->cp15.c5_data = val;
1588 if (!arm_feature(env, ARM_FEATURE_MPU))
1590 env->cp15.c5_insn = val;
1596 case 6: /* MMU Fault address / MPU base/size. */
1597 if (arm_feature(env, ARM_FEATURE_MPU)) {
1600 env->cp15.c6_region[crm] = val;
1602 if (arm_feature(env, ARM_FEATURE_OMAPCP))
1606 env->cp15.c6_data = val;
1608 case 1: /* ??? This is WFAR on armv6 */
1610 env->cp15.c6_insn = val;
1617 case 7: /* Cache control. */
1618 env->cp15.c15_i_max = 0x000;
1619 env->cp15.c15_i_min = 0xff0;
1623 /* No cache, so nothing to do except VA->PA translations. */
1624 if (arm_feature(env, ARM_FEATURE_VAPA)) {
1627 if (arm_feature(env, ARM_FEATURE_V7)) {
1628 env->cp15.c7_par = val & 0xfffff6ff;
1630 env->cp15.c7_par = val & 0xfffff1ff;
1635 target_ulong page_size;
1637 int ret, is_user = op2 & 2;
1638 int access_type = op2 & 1;
1641 /* Other states are only available with TrustZone */
1644 ret = get_phys_addr(env, val, access_type, is_user,
1645 &phys_addr, &prot, &page_size);
1647 /* We do not set any attribute bits in the PAR */
1648 if (page_size == (1 << 24)
1649 && arm_feature(env, ARM_FEATURE_V7)) {
1650 env->cp15.c7_par = (phys_addr & 0xff000000) | 1 << 1;
1652 env->cp15.c7_par = phys_addr & 0xfffff000;
1655 env->cp15.c7_par = ((ret & (10 << 1)) >> 5) |
1656 ((ret & (12 << 1)) >> 6) |
1657 ((ret & 0xf) << 1) | 1;
1664 case 8: /* MMU TLB control. */
1666 case 0: /* Invalidate all (TLBIALL) */
1669 case 1: /* Invalidate single TLB entry by MVA and ASID (TLBIMVA) */
1670 tlb_flush_page(env, val & TARGET_PAGE_MASK);
1672 case 2: /* Invalidate by ASID (TLBIASID) */
1673 tlb_flush(env, val == 0);
1675 case 3: /* Invalidate single entry by MVA, all ASIDs (TLBIMVAA) */
1676 tlb_flush_page(env, val & TARGET_PAGE_MASK);
1683 if (arm_feature(env, ARM_FEATURE_OMAPCP))
1685 if (arm_feature(env, ARM_FEATURE_STRONGARM))
1686 break; /* Ignore ReadBuffer access */
1688 case 0: /* Cache lockdown. */
1690 case 0: /* L1 cache. */
1693 env->cp15.c9_data = val;
1696 env->cp15.c9_insn = val;
1702 case 1: /* L2 cache. */
1703 /* Ignore writes to L2 lockdown/auxiliary registers. */
1709 case 1: /* TCM memory region registers. */
1710 /* Not implemented. */
1716 case 10: /* MMU TLB lockdown. */
1717 /* ??? TLB lockdown not implemented. */
1719 case 12: /* Reserved. */
1721 case 13: /* Process ID. */
1724 /* Unlike real hardware the qemu TLB uses virtual addresses,
1725 not modified virtual addresses, so this causes a TLB flush.
1727 if (env->cp15.c13_fcse != val)
1729 env->cp15.c13_fcse = val;
1732 /* This changes the ASID, so do a TLB flush. */
1733 if (env->cp15.c13_context != val
1734 && !arm_feature(env, ARM_FEATURE_MPU))
1736 env->cp15.c13_context = val;
1742 case 15: /* Implementation specific. */
1743 if (arm_feature(env, ARM_FEATURE_XSCALE)) {
1744 if (op2 == 0 && crm == 1) {
1745 if (env->cp15.c15_cpar != (val & 0x3fff)) {
1746 /* Changes cp0 to cp13 behavior, so needs a TB flush. */
1748 env->cp15.c15_cpar = val & 0x3fff;
1754 if (arm_feature(env, ARM_FEATURE_OMAPCP)) {
1758 case 1: /* Set TI925T configuration. */
1759 env->cp15.c15_ticonfig = val & 0xe7;
1760 env->cp15.c0_cpuid = (val & (1 << 5)) ? /* OS_TYPE bit */
1761 ARM_CPUID_TI915T : ARM_CPUID_TI925T;
1763 case 2: /* Set I_max. */
1764 env->cp15.c15_i_max = val;
1766 case 3: /* Set I_min. */
1767 env->cp15.c15_i_min = val;
1769 case 4: /* Set thread-ID. */
1770 env->cp15.c15_threadid = val & 0xffff;
1772 case 8: /* Wait-for-interrupt (deprecated). */
1773 cpu_interrupt(env, CPU_INTERRUPT_HALT);
1779 if (ARM_CPUID(env) == ARM_CPUID_CORTEXA9) {
1782 if ((op1 == 0) && (op2 == 0)) {
1783 env->cp15.c15_power_control = val;
1784 } else if ((op1 == 0) && (op2 == 1)) {
1785 env->cp15.c15_diagnostic = val;
1786 } else if ((op1 == 0) && (op2 == 2)) {
1787 env->cp15.c15_power_diagnostic = val;
1797 /* ??? For debugging only. Should raise illegal instruction exception. */
1798 cpu_abort(env, "Unimplemented cp15 register write (c%d, c%d, {%d, %d})\n",
1799 (insn >> 16) & 0xf, crm, op1, op2);
1802 uint32_t HELPER(get_cp15)(CPUARMState *env, uint32_t insn)
1808 op1 = (insn >> 21) & 7;
1809 op2 = (insn >> 5) & 7;
1811 switch ((insn >> 16) & 0xf) {
1812 case 0: /* ID codes. */
1818 case 0: /* Device ID. */
1819 return env->cp15.c0_cpuid;
1820 case 1: /* Cache Type. */
1821 return env->cp15.c0_cachetype;
1822 case 2: /* TCM status. */
1824 case 3: /* TLB type register. */
1825 return 0; /* No lockable TLB entries. */
1827 /* The MPIDR was standardised in v7; prior to
1828 * this it was implemented only in the 11MPCore.
1829 * For all other pre-v7 cores it does not exist.
1831 if (arm_feature(env, ARM_FEATURE_V7) ||
1832 ARM_CPUID(env) == ARM_CPUID_ARM11MPCORE) {
1833 int mpidr = env->cpu_index;
1834 /* We don't support setting cluster ID ([8..11])
1835 * so these bits always RAZ.
1837 if (arm_feature(env, ARM_FEATURE_V7MP)) {
1839 /* Cores which are uniprocessor (non-coherent)
1840 * but still implement the MP extensions set
1841 * bit 30. (For instance, A9UP.) However we do
1842 * not currently model any of those cores.
1847 /* otherwise fall through to the unimplemented-reg case */
1852 if (!arm_feature(env, ARM_FEATURE_V6))
1854 return env->cp15.c0_c1[op2];
1856 if (!arm_feature(env, ARM_FEATURE_V6))
1858 return env->cp15.c0_c2[op2];
1859 case 3: case 4: case 5: case 6: case 7:
1865 /* These registers aren't documented on arm11 cores. However
1866 Linux looks at them anyway. */
1867 if (!arm_feature(env, ARM_FEATURE_V6))
1871 if (!arm_feature(env, ARM_FEATURE_V7))
1876 return env->cp15.c0_ccsid[env->cp15.c0_cssel];
1878 return env->cp15.c0_clid;
1884 if (op2 != 0 || crm != 0)
1886 return env->cp15.c0_cssel;
1890 case 1: /* System configuration. */
1891 if (arm_feature(env, ARM_FEATURE_V7)
1892 && op1 == 0 && crm == 1 && op2 == 0) {
1893 return env->cp15.c1_scr;
1895 if (arm_feature(env, ARM_FEATURE_OMAPCP))
1898 case 0: /* Control register. */
1899 return env->cp15.c1_sys;
1900 case 1: /* Auxiliary control register. */
1901 if (arm_feature(env, ARM_FEATURE_XSCALE))
1902 return env->cp15.c1_xscaleauxcr;
1903 if (!arm_feature(env, ARM_FEATURE_AUXCR))
1905 switch (ARM_CPUID(env)) {
1906 case ARM_CPUID_ARM1026:
1908 case ARM_CPUID_ARM1136:
1909 case ARM_CPUID_ARM1136_R2:
1910 case ARM_CPUID_ARM1176:
1912 case ARM_CPUID_ARM11MPCORE:
1914 case ARM_CPUID_CORTEXA8:
1916 case ARM_CPUID_CORTEXA9:
1917 case ARM_CPUID_CORTEXA15:
1922 case 2: /* Coprocessor access register. */
1923 if (arm_feature(env, ARM_FEATURE_XSCALE))
1925 return env->cp15.c1_coproc;
1929 case 2: /* MMU Page table control / MPU cache control. */
1930 if (arm_feature(env, ARM_FEATURE_MPU)) {
1933 return env->cp15.c2_data;
1936 return env->cp15.c2_insn;
1944 return env->cp15.c2_base0;
1946 return env->cp15.c2_base1;
1948 return env->cp15.c2_control;
1953 case 4: /* Reserved. */
1955 case 5: /* MMU Fault status / MPU access permission. */
1956 if (arm_feature(env, ARM_FEATURE_OMAPCP))
1960 if (arm_feature(env, ARM_FEATURE_MPU))
1961 return simple_mpu_ap_bits(env->cp15.c5_data);
1962 return env->cp15.c5_data;
1964 if (arm_feature(env, ARM_FEATURE_MPU))
1965 return simple_mpu_ap_bits(env->cp15.c5_insn);
1966 return env->cp15.c5_insn;
1968 if (!arm_feature(env, ARM_FEATURE_MPU))
1970 return env->cp15.c5_data;
1972 if (!arm_feature(env, ARM_FEATURE_MPU))
1974 return env->cp15.c5_insn;
1978 case 6: /* MMU Fault address. */
1979 if (arm_feature(env, ARM_FEATURE_MPU)) {
1982 return env->cp15.c6_region[crm];
1984 if (arm_feature(env, ARM_FEATURE_OMAPCP))
1988 return env->cp15.c6_data;
1990 if (arm_feature(env, ARM_FEATURE_V6)) {
1991 /* Watchpoint Fault Adrress. */
1992 return 0; /* Not implemented. */
1994 /* Instruction Fault Adrress. */
1995 /* Arm9 doesn't have an IFAR, but implementing it anyway
1996 shouldn't do any harm. */
1997 return env->cp15.c6_insn;
2000 if (arm_feature(env, ARM_FEATURE_V6)) {
2001 /* Instruction Fault Adrress. */
2002 return env->cp15.c6_insn;
2010 case 7: /* Cache control. */
2011 if (crm == 4 && op1 == 0 && op2 == 0) {
2012 return env->cp15.c7_par;
2014 /* FIXME: Should only clear Z flag if destination is r15. */
2017 case 8: /* MMU TLB control. */
2021 case 0: /* Cache lockdown */
2023 case 0: /* L1 cache. */
2024 if (arm_feature(env, ARM_FEATURE_OMAPCP)) {
2029 return env->cp15.c9_data;
2031 return env->cp15.c9_insn;
2035 case 1: /* L2 cache */
2036 /* L2 Lockdown and Auxiliary control. */
2039 /* L2 cache lockdown (A8 only) */
2042 /* L2 cache auxiliary control (A8) or control (A15) */
2043 if (ARM_CPUID(env) == ARM_CPUID_CORTEXA15) {
2044 /* Linux wants the number of processors from here.
2045 * Might as well set the interrupt-controller bit too.
2047 return ((smp_cpus - 1) << 24) | (1 << 23);
2051 /* L2 cache extended control (A15) */
2064 case 10: /* MMU TLB lockdown. */
2065 /* ??? TLB lockdown not implemented. */
2067 case 11: /* TCM DMA control. */
2068 case 12: /* Reserved. */
2070 case 13: /* Process ID. */
2073 return env->cp15.c13_fcse;
2075 return env->cp15.c13_context;
2079 case 15: /* Implementation specific. */
2080 if (arm_feature(env, ARM_FEATURE_XSCALE)) {
2081 if (op2 == 0 && crm == 1)
2082 return env->cp15.c15_cpar;
2086 if (arm_feature(env, ARM_FEATURE_OMAPCP)) {
2090 case 1: /* Read TI925T configuration. */
2091 return env->cp15.c15_ticonfig;
2092 case 2: /* Read I_max. */
2093 return env->cp15.c15_i_max;
2094 case 3: /* Read I_min. */
2095 return env->cp15.c15_i_min;
2096 case 4: /* Read thread-ID. */
2097 return env->cp15.c15_threadid;
2098 case 8: /* TI925T_status */
2101 /* TODO: Peripheral port remap register:
2102 * On OMAP2 mcr p15, 0, rn, c15, c2, 4 sets up the interrupt
2103 * controller base address at $rn & ~0xfff and map size of
2104 * 0x200 << ($rn & 0xfff), when MMU is off. */
2107 if (ARM_CPUID(env) == ARM_CPUID_CORTEXA9) {
2110 if ((op1 == 4) && (op2 == 0)) {
2111 /* The config_base_address should hold the value of
2112 * the peripheral base. ARM should get this from a CPU
2113 * object property, but that support isn't available in
2114 * December 2011. Default to 0 for now and board models
2115 * that care can set it by a private hook */
2116 return env->cp15.c15_config_base_address;
2117 } else if ((op1 == 0) && (op2 == 0)) {
2118 /* power_control should be set to maximum latency. Again,
2119 default to 0 and set by private hook */
2120 return env->cp15.c15_power_control;
2121 } else if ((op1 == 0) && (op2 == 1)) {
2122 return env->cp15.c15_diagnostic;
2123 } else if ((op1 == 0) && (op2 == 2)) {
2124 return env->cp15.c15_power_diagnostic;
2127 case 1: /* NEON Busy */
2129 case 5: /* tlb lockdown */
2132 if ((op1 == 5) && (op2 == 2)) {
2144 /* ??? For debugging only. Should raise illegal instruction exception. */
2145 cpu_abort(env, "Unimplemented cp15 register read (c%d, c%d, {%d, %d})\n",
2146 (insn >> 16) & 0xf, crm, op1, op2);
2150 void HELPER(set_r13_banked)(CPUARMState *env, uint32_t mode, uint32_t val)
2152 if ((env->uncached_cpsr & CPSR_M) == mode) {
2153 env->regs[13] = val;
2155 env->banked_r13[bank_number(env, mode)] = val;
2159 uint32_t HELPER(get_r13_banked)(CPUARMState *env, uint32_t mode)
2161 if ((env->uncached_cpsr & CPSR_M) == mode) {
2162 return env->regs[13];
2164 return env->banked_r13[bank_number(env, mode)];
2168 uint32_t HELPER(v7m_mrs)(CPUARMState *env, uint32_t reg)
2172 return xpsr_read(env) & 0xf8000000;
2174 return xpsr_read(env) & 0xf80001ff;
2176 return xpsr_read(env) & 0xff00fc00;
2178 return xpsr_read(env) & 0xff00fdff;
2180 return xpsr_read(env) & 0x000001ff;
2182 return xpsr_read(env) & 0x0700fc00;
2184 return xpsr_read(env) & 0x0700edff;
2186 return env->v7m.current_sp ? env->v7m.other_sp : env->regs[13];
2188 return env->v7m.current_sp ? env->regs[13] : env->v7m.other_sp;
2189 case 16: /* PRIMASK */
2190 return (env->uncached_cpsr & CPSR_I) != 0;
2191 case 17: /* BASEPRI */
2192 case 18: /* BASEPRI_MAX */
2193 return env->v7m.basepri;
2194 case 19: /* FAULTMASK */
2195 return (env->uncached_cpsr & CPSR_F) != 0;
2196 case 20: /* CONTROL */
2197 return env->v7m.control;
2199 /* ??? For debugging only. */
2200 cpu_abort(env, "Unimplemented system register read (%d)\n", reg);
2205 void HELPER(v7m_msr)(CPUARMState *env, uint32_t reg, uint32_t val)
2209 xpsr_write(env, val, 0xf8000000);
2212 xpsr_write(env, val, 0xf8000000);
2215 xpsr_write(env, val, 0xfe00fc00);
2218 xpsr_write(env, val, 0xfe00fc00);
2221 /* IPSR bits are readonly. */
2224 xpsr_write(env, val, 0x0600fc00);
2227 xpsr_write(env, val, 0x0600fc00);
2230 if (env->v7m.current_sp)
2231 env->v7m.other_sp = val;
2233 env->regs[13] = val;
2236 if (env->v7m.current_sp)
2237 env->regs[13] = val;
2239 env->v7m.other_sp = val;
2241 case 16: /* PRIMASK */
2243 env->uncached_cpsr |= CPSR_I;
2245 env->uncached_cpsr &= ~CPSR_I;
2247 case 17: /* BASEPRI */
2248 env->v7m.basepri = val & 0xff;
2250 case 18: /* BASEPRI_MAX */
2252 if (val != 0 && (val < env->v7m.basepri || env->v7m.basepri == 0))
2253 env->v7m.basepri = val;
2255 case 19: /* FAULTMASK */
2257 env->uncached_cpsr |= CPSR_F;
2259 env->uncached_cpsr &= ~CPSR_F;
2261 case 20: /* CONTROL */
2262 env->v7m.control = val & 3;
2263 switch_v7m_sp(env, (val & 2) != 0);
2266 /* ??? For debugging only. */
2267 cpu_abort(env, "Unimplemented system register write (%d)\n", reg);
2274 /* Note that signed overflow is undefined in C. The following routines are
2275 careful to use unsigned types where modulo arithmetic is required.
2276 Failure to do so _will_ break on newer gcc. */
2278 /* Signed saturating arithmetic. */
2280 /* Perform 16-bit signed saturating addition. */
2281 static inline uint16_t add16_sat(uint16_t a, uint16_t b)
2286 if (((res ^ a) & 0x8000) && !((a ^ b) & 0x8000)) {
2295 /* Perform 8-bit signed saturating addition. */
2296 static inline uint8_t add8_sat(uint8_t a, uint8_t b)
2301 if (((res ^ a) & 0x80) && !((a ^ b) & 0x80)) {
2310 /* Perform 16-bit signed saturating subtraction. */
2311 static inline uint16_t sub16_sat(uint16_t a, uint16_t b)
2316 if (((res ^ a) & 0x8000) && ((a ^ b) & 0x8000)) {
2325 /* Perform 8-bit signed saturating subtraction. */
2326 static inline uint8_t sub8_sat(uint8_t a, uint8_t b)
2331 if (((res ^ a) & 0x80) && ((a ^ b) & 0x80)) {
2340 #define ADD16(a, b, n) RESULT(add16_sat(a, b), n, 16);
2341 #define SUB16(a, b, n) RESULT(sub16_sat(a, b), n, 16);
2342 #define ADD8(a, b, n) RESULT(add8_sat(a, b), n, 8);
2343 #define SUB8(a, b, n) RESULT(sub8_sat(a, b), n, 8);
2346 #include "op_addsub.h"
2348 /* Unsigned saturating arithmetic. */
2349 static inline uint16_t add16_usat(uint16_t a, uint16_t b)
2358 static inline uint16_t sub16_usat(uint16_t a, uint16_t b)
2366 static inline uint8_t add8_usat(uint8_t a, uint8_t b)
2375 static inline uint8_t sub8_usat(uint8_t a, uint8_t b)
2383 #define ADD16(a, b, n) RESULT(add16_usat(a, b), n, 16);
2384 #define SUB16(a, b, n) RESULT(sub16_usat(a, b), n, 16);
2385 #define ADD8(a, b, n) RESULT(add8_usat(a, b), n, 8);
2386 #define SUB8(a, b, n) RESULT(sub8_usat(a, b), n, 8);
2389 #include "op_addsub.h"
2391 /* Signed modulo arithmetic. */
2392 #define SARITH16(a, b, n, op) do { \
2394 sum = (int32_t)(int16_t)(a) op (int32_t)(int16_t)(b); \
2395 RESULT(sum, n, 16); \
2397 ge |= 3 << (n * 2); \
2400 #define SARITH8(a, b, n, op) do { \
2402 sum = (int32_t)(int8_t)(a) op (int32_t)(int8_t)(b); \
2403 RESULT(sum, n, 8); \
2409 #define ADD16(a, b, n) SARITH16(a, b, n, +)
2410 #define SUB16(a, b, n) SARITH16(a, b, n, -)
2411 #define ADD8(a, b, n) SARITH8(a, b, n, +)
2412 #define SUB8(a, b, n) SARITH8(a, b, n, -)
2416 #include "op_addsub.h"
2418 /* Unsigned modulo arithmetic. */
2419 #define ADD16(a, b, n) do { \
2421 sum = (uint32_t)(uint16_t)(a) + (uint32_t)(uint16_t)(b); \
2422 RESULT(sum, n, 16); \
2423 if ((sum >> 16) == 1) \
2424 ge |= 3 << (n * 2); \
2427 #define ADD8(a, b, n) do { \
2429 sum = (uint32_t)(uint8_t)(a) + (uint32_t)(uint8_t)(b); \
2430 RESULT(sum, n, 8); \
2431 if ((sum >> 8) == 1) \
2435 #define SUB16(a, b, n) do { \
2437 sum = (uint32_t)(uint16_t)(a) - (uint32_t)(uint16_t)(b); \
2438 RESULT(sum, n, 16); \
2439 if ((sum >> 16) == 0) \
2440 ge |= 3 << (n * 2); \
2443 #define SUB8(a, b, n) do { \
2445 sum = (uint32_t)(uint8_t)(a) - (uint32_t)(uint8_t)(b); \
2446 RESULT(sum, n, 8); \
2447 if ((sum >> 8) == 0) \
2454 #include "op_addsub.h"
2456 /* Halved signed arithmetic. */
2457 #define ADD16(a, b, n) \
2458 RESULT(((int32_t)(int16_t)(a) + (int32_t)(int16_t)(b)) >> 1, n, 16)
2459 #define SUB16(a, b, n) \
2460 RESULT(((int32_t)(int16_t)(a) - (int32_t)(int16_t)(b)) >> 1, n, 16)
2461 #define ADD8(a, b, n) \
2462 RESULT(((int32_t)(int8_t)(a) + (int32_t)(int8_t)(b)) >> 1, n, 8)
2463 #define SUB8(a, b, n) \
2464 RESULT(((int32_t)(int8_t)(a) - (int32_t)(int8_t)(b)) >> 1, n, 8)
2467 #include "op_addsub.h"
2469 /* Halved unsigned arithmetic. */
2470 #define ADD16(a, b, n) \
2471 RESULT(((uint32_t)(uint16_t)(a) + (uint32_t)(uint16_t)(b)) >> 1, n, 16)
2472 #define SUB16(a, b, n) \
2473 RESULT(((uint32_t)(uint16_t)(a) - (uint32_t)(uint16_t)(b)) >> 1, n, 16)
2474 #define ADD8(a, b, n) \
2475 RESULT(((uint32_t)(uint8_t)(a) + (uint32_t)(uint8_t)(b)) >> 1, n, 8)
2476 #define SUB8(a, b, n) \
2477 RESULT(((uint32_t)(uint8_t)(a) - (uint32_t)(uint8_t)(b)) >> 1, n, 8)
2480 #include "op_addsub.h"
2482 static inline uint8_t do_usad(uint8_t a, uint8_t b)
2490 /* Unsigned sum of absolute byte differences. */
2491 uint32_t HELPER(usad8)(uint32_t a, uint32_t b)
2494 sum = do_usad(a, b);
2495 sum += do_usad(a >> 8, b >> 8);
2496 sum += do_usad(a >> 16, b >>16);
2497 sum += do_usad(a >> 24, b >> 24);
2501 /* For ARMv6 SEL instruction. */
2502 uint32_t HELPER(sel_flags)(uint32_t flags, uint32_t a, uint32_t b)
2515 return (a & mask) | (b & ~mask);
2518 uint32_t HELPER(logicq_cc)(uint64_t val)
2520 return (val >> 32) | (val != 0);
2523 /* VFP support. We follow the convention used for VFP instrunctions:
2524 Single precition routines have a "s" suffix, double precision a
2527 /* Convert host exception flags to vfp form. */
2528 static inline int vfp_exceptbits_from_host(int host_bits)
2530 int target_bits = 0;
2532 if (host_bits & float_flag_invalid)
2534 if (host_bits & float_flag_divbyzero)
2536 if (host_bits & float_flag_overflow)
2538 if (host_bits & (float_flag_underflow | float_flag_output_denormal))
2540 if (host_bits & float_flag_inexact)
2541 target_bits |= 0x10;
2542 if (host_bits & float_flag_input_denormal)
2543 target_bits |= 0x80;
2547 uint32_t HELPER(vfp_get_fpscr)(CPUARMState *env)
2552 fpscr = (env->vfp.xregs[ARM_VFP_FPSCR] & 0xffc8ffff)
2553 | (env->vfp.vec_len << 16)
2554 | (env->vfp.vec_stride << 20);
2555 i = get_float_exception_flags(&env->vfp.fp_status);
2556 i |= get_float_exception_flags(&env->vfp.standard_fp_status);
2557 fpscr |= vfp_exceptbits_from_host(i);
2561 uint32_t vfp_get_fpscr(CPUARMState *env)
2563 return HELPER(vfp_get_fpscr)(env);
2566 /* Convert vfp exception flags to target form. */
2567 static inline int vfp_exceptbits_to_host(int target_bits)
2571 if (target_bits & 1)
2572 host_bits |= float_flag_invalid;
2573 if (target_bits & 2)
2574 host_bits |= float_flag_divbyzero;
2575 if (target_bits & 4)
2576 host_bits |= float_flag_overflow;
2577 if (target_bits & 8)
2578 host_bits |= float_flag_underflow;
2579 if (target_bits & 0x10)
2580 host_bits |= float_flag_inexact;
2581 if (target_bits & 0x80)
2582 host_bits |= float_flag_input_denormal;
2586 void HELPER(vfp_set_fpscr)(CPUARMState *env, uint32_t val)
2591 changed = env->vfp.xregs[ARM_VFP_FPSCR];
2592 env->vfp.xregs[ARM_VFP_FPSCR] = (val & 0xffc8ffff);
2593 env->vfp.vec_len = (val >> 16) & 7;
2594 env->vfp.vec_stride = (val >> 20) & 3;
2597 if (changed & (3 << 22)) {
2598 i = (val >> 22) & 3;
2601 i = float_round_nearest_even;
2607 i = float_round_down;
2610 i = float_round_to_zero;
2613 set_float_rounding_mode(i, &env->vfp.fp_status);
2615 if (changed & (1 << 24)) {
2616 set_flush_to_zero((val & (1 << 24)) != 0, &env->vfp.fp_status);
2617 set_flush_inputs_to_zero((val & (1 << 24)) != 0, &env->vfp.fp_status);
2619 if (changed & (1 << 25))
2620 set_default_nan_mode((val & (1 << 25)) != 0, &env->vfp.fp_status);
2622 i = vfp_exceptbits_to_host(val);
2623 set_float_exception_flags(i, &env->vfp.fp_status);
2624 set_float_exception_flags(0, &env->vfp.standard_fp_status);
2627 void vfp_set_fpscr(CPUARMState *env, uint32_t val)
2629 HELPER(vfp_set_fpscr)(env, val);
2632 #define VFP_HELPER(name, p) HELPER(glue(glue(vfp_,name),p))
2634 #define VFP_BINOP(name) \
2635 float32 VFP_HELPER(name, s)(float32 a, float32 b, void *fpstp) \
2637 float_status *fpst = fpstp; \
2638 return float32_ ## name(a, b, fpst); \
2640 float64 VFP_HELPER(name, d)(float64 a, float64 b, void *fpstp) \
2642 float_status *fpst = fpstp; \
2643 return float64_ ## name(a, b, fpst); \
2651 float32 VFP_HELPER(neg, s)(float32 a)
2653 return float32_chs(a);
2656 float64 VFP_HELPER(neg, d)(float64 a)
2658 return float64_chs(a);
2661 float32 VFP_HELPER(abs, s)(float32 a)
2663 return float32_abs(a);
2666 float64 VFP_HELPER(abs, d)(float64 a)
2668 return float64_abs(a);
2671 float32 VFP_HELPER(sqrt, s)(float32 a, CPUARMState *env)
2673 return float32_sqrt(a, &env->vfp.fp_status);
2676 float64 VFP_HELPER(sqrt, d)(float64 a, CPUARMState *env)
2678 return float64_sqrt(a, &env->vfp.fp_status);
2681 /* XXX: check quiet/signaling case */
2682 #define DO_VFP_cmp(p, type) \
2683 void VFP_HELPER(cmp, p)(type a, type b, CPUARMState *env) \
2686 switch(type ## _compare_quiet(a, b, &env->vfp.fp_status)) { \
2687 case 0: flags = 0x6; break; \
2688 case -1: flags = 0x8; break; \
2689 case 1: flags = 0x2; break; \
2690 default: case 2: flags = 0x3; break; \
2692 env->vfp.xregs[ARM_VFP_FPSCR] = (flags << 28) \
2693 | (env->vfp.xregs[ARM_VFP_FPSCR] & 0x0fffffff); \
2695 void VFP_HELPER(cmpe, p)(type a, type b, CPUARMState *env) \
2698 switch(type ## _compare(a, b, &env->vfp.fp_status)) { \
2699 case 0: flags = 0x6; break; \
2700 case -1: flags = 0x8; break; \
2701 case 1: flags = 0x2; break; \
2702 default: case 2: flags = 0x3; break; \
2704 env->vfp.xregs[ARM_VFP_FPSCR] = (flags << 28) \
2705 | (env->vfp.xregs[ARM_VFP_FPSCR] & 0x0fffffff); \
2707 DO_VFP_cmp(s, float32)
2708 DO_VFP_cmp(d, float64)
2711 /* Integer to float and float to integer conversions */
2713 #define CONV_ITOF(name, fsz, sign) \
2714 float##fsz HELPER(name)(uint32_t x, void *fpstp) \
2716 float_status *fpst = fpstp; \
2717 return sign##int32_to_##float##fsz((sign##int32_t)x, fpst); \
2720 #define CONV_FTOI(name, fsz, sign, round) \
2721 uint32_t HELPER(name)(float##fsz x, void *fpstp) \
2723 float_status *fpst = fpstp; \
2724 if (float##fsz##_is_any_nan(x)) { \
2725 float_raise(float_flag_invalid, fpst); \
2728 return float##fsz##_to_##sign##int32##round(x, fpst); \
2731 #define FLOAT_CONVS(name, p, fsz, sign) \
2732 CONV_ITOF(vfp_##name##to##p, fsz, sign) \
2733 CONV_FTOI(vfp_to##name##p, fsz, sign, ) \
2734 CONV_FTOI(vfp_to##name##z##p, fsz, sign, _round_to_zero)
2736 FLOAT_CONVS(si, s, 32, )
2737 FLOAT_CONVS(si, d, 64, )
2738 FLOAT_CONVS(ui, s, 32, u)
2739 FLOAT_CONVS(ui, d, 64, u)
2745 /* floating point conversion */
2746 float64 VFP_HELPER(fcvtd, s)(float32 x, CPUARMState *env)
2748 float64 r = float32_to_float64(x, &env->vfp.fp_status);
2749 /* ARM requires that S<->D conversion of any kind of NaN generates
2750 * a quiet NaN by forcing the most significant frac bit to 1.
2752 return float64_maybe_silence_nan(r);
2755 float32 VFP_HELPER(fcvts, d)(float64 x, CPUARMState *env)
2757 float32 r = float64_to_float32(x, &env->vfp.fp_status);
2758 /* ARM requires that S<->D conversion of any kind of NaN generates
2759 * a quiet NaN by forcing the most significant frac bit to 1.
2761 return float32_maybe_silence_nan(r);
2764 /* VFP3 fixed point conversion. */
2765 #define VFP_CONV_FIX(name, p, fsz, itype, sign) \
2766 float##fsz HELPER(vfp_##name##to##p)(uint##fsz##_t x, uint32_t shift, \
2769 float_status *fpst = fpstp; \
2771 tmp = sign##int32_to_##float##fsz((itype##_t)x, fpst); \
2772 return float##fsz##_scalbn(tmp, -(int)shift, fpst); \
2774 uint##fsz##_t HELPER(vfp_to##name##p)(float##fsz x, uint32_t shift, \
2777 float_status *fpst = fpstp; \
2779 if (float##fsz##_is_any_nan(x)) { \
2780 float_raise(float_flag_invalid, fpst); \
2783 tmp = float##fsz##_scalbn(x, shift, fpst); \
2784 return float##fsz##_to_##itype##_round_to_zero(tmp, fpst); \
2787 VFP_CONV_FIX(sh, d, 64, int16, )
2788 VFP_CONV_FIX(sl, d, 64, int32, )
2789 VFP_CONV_FIX(uh, d, 64, uint16, u)
2790 VFP_CONV_FIX(ul, d, 64, uint32, u)
2791 VFP_CONV_FIX(sh, s, 32, int16, )
2792 VFP_CONV_FIX(sl, s, 32, int32, )
2793 VFP_CONV_FIX(uh, s, 32, uint16, u)
2794 VFP_CONV_FIX(ul, s, 32, uint32, u)
2797 /* Half precision conversions. */
2798 static float32 do_fcvt_f16_to_f32(uint32_t a, CPUARMState *env, float_status *s)
2800 int ieee = (env->vfp.xregs[ARM_VFP_FPSCR] & (1 << 26)) == 0;
2801 float32 r = float16_to_float32(make_float16(a), ieee, s);
2803 return float32_maybe_silence_nan(r);
2808 static uint32_t do_fcvt_f32_to_f16(float32 a, CPUARMState *env, float_status *s)
2810 int ieee = (env->vfp.xregs[ARM_VFP_FPSCR] & (1 << 26)) == 0;
2811 float16 r = float32_to_float16(a, ieee, s);
2813 r = float16_maybe_silence_nan(r);
2815 return float16_val(r);
2818 float32 HELPER(neon_fcvt_f16_to_f32)(uint32_t a, CPUARMState *env)
2820 return do_fcvt_f16_to_f32(a, env, &env->vfp.standard_fp_status);
2823 uint32_t HELPER(neon_fcvt_f32_to_f16)(float32 a, CPUARMState *env)
2825 return do_fcvt_f32_to_f16(a, env, &env->vfp.standard_fp_status);
2828 float32 HELPER(vfp_fcvt_f16_to_f32)(uint32_t a, CPUARMState *env)
2830 return do_fcvt_f16_to_f32(a, env, &env->vfp.fp_status);
2833 uint32_t HELPER(vfp_fcvt_f32_to_f16)(float32 a, CPUARMState *env)
2835 return do_fcvt_f32_to_f16(a, env, &env->vfp.fp_status);
2838 #define float32_two make_float32(0x40000000)
2839 #define float32_three make_float32(0x40400000)
2840 #define float32_one_point_five make_float32(0x3fc00000)
2842 float32 HELPER(recps_f32)(float32 a, float32 b, CPUARMState *env)
2844 float_status *s = &env->vfp.standard_fp_status;
2845 if ((float32_is_infinity(a) && float32_is_zero_or_denormal(b)) ||
2846 (float32_is_infinity(b) && float32_is_zero_or_denormal(a))) {
2847 if (!(float32_is_zero(a) || float32_is_zero(b))) {
2848 float_raise(float_flag_input_denormal, s);
2852 return float32_sub(float32_two, float32_mul(a, b, s), s);
2855 float32 HELPER(rsqrts_f32)(float32 a, float32 b, CPUARMState *env)
2857 float_status *s = &env->vfp.standard_fp_status;
2859 if ((float32_is_infinity(a) && float32_is_zero_or_denormal(b)) ||
2860 (float32_is_infinity(b) && float32_is_zero_or_denormal(a))) {
2861 if (!(float32_is_zero(a) || float32_is_zero(b))) {
2862 float_raise(float_flag_input_denormal, s);
2864 return float32_one_point_five;
2866 product = float32_mul(a, b, s);
2867 return float32_div(float32_sub(float32_three, product, s), float32_two, s);
2872 /* Constants 256 and 512 are used in some helpers; we avoid relying on
2873 * int->float conversions at run-time. */
2874 #define float64_256 make_float64(0x4070000000000000LL)
2875 #define float64_512 make_float64(0x4080000000000000LL)
2877 /* The algorithm that must be used to calculate the estimate
2878 * is specified by the ARM ARM.
2880 static float64 recip_estimate(float64 a, CPUARMState *env)
2882 /* These calculations mustn't set any fp exception flags,
2883 * so we use a local copy of the fp_status.
2885 float_status dummy_status = env->vfp.standard_fp_status;
2886 float_status *s = &dummy_status;
2887 /* q = (int)(a * 512.0) */
2888 float64 q = float64_mul(float64_512, a, s);
2889 int64_t q_int = float64_to_int64_round_to_zero(q, s);
2891 /* r = 1.0 / (((double)q + 0.5) / 512.0) */
2892 q = int64_to_float64(q_int, s);
2893 q = float64_add(q, float64_half, s);
2894 q = float64_div(q, float64_512, s);
2895 q = float64_div(float64_one, q, s);
2897 /* s = (int)(256.0 * r + 0.5) */
2898 q = float64_mul(q, float64_256, s);
2899 q = float64_add(q, float64_half, s);
2900 q_int = float64_to_int64_round_to_zero(q, s);
2902 /* return (double)s / 256.0 */
2903 return float64_div(int64_to_float64(q_int, s), float64_256, s);
2906 float32 HELPER(recpe_f32)(float32 a, CPUARMState *env)
2908 float_status *s = &env->vfp.standard_fp_status;
2910 uint32_t val32 = float32_val(a);
2913 int a_exp = (val32 & 0x7f800000) >> 23;
2914 int sign = val32 & 0x80000000;
2916 if (float32_is_any_nan(a)) {
2917 if (float32_is_signaling_nan(a)) {
2918 float_raise(float_flag_invalid, s);
2920 return float32_default_nan;
2921 } else if (float32_is_infinity(a)) {
2922 return float32_set_sign(float32_zero, float32_is_neg(a));
2923 } else if (float32_is_zero_or_denormal(a)) {
2924 if (!float32_is_zero(a)) {
2925 float_raise(float_flag_input_denormal, s);
2927 float_raise(float_flag_divbyzero, s);
2928 return float32_set_sign(float32_infinity, float32_is_neg(a));
2929 } else if (a_exp >= 253) {
2930 float_raise(float_flag_underflow, s);
2931 return float32_set_sign(float32_zero, float32_is_neg(a));
2934 f64 = make_float64((0x3feULL << 52)
2935 | ((int64_t)(val32 & 0x7fffff) << 29));
2937 result_exp = 253 - a_exp;
2939 f64 = recip_estimate(f64, env);
2942 | ((result_exp & 0xff) << 23)
2943 | ((float64_val(f64) >> 29) & 0x7fffff);
2944 return make_float32(val32);
2947 /* The algorithm that must be used to calculate the estimate
2948 * is specified by the ARM ARM.
2950 static float64 recip_sqrt_estimate(float64 a, CPUARMState *env)
2952 /* These calculations mustn't set any fp exception flags,
2953 * so we use a local copy of the fp_status.
2955 float_status dummy_status = env->vfp.standard_fp_status;
2956 float_status *s = &dummy_status;
2960 if (float64_lt(a, float64_half, s)) {
2961 /* range 0.25 <= a < 0.5 */
2963 /* a in units of 1/512 rounded down */
2964 /* q0 = (int)(a * 512.0); */
2965 q = float64_mul(float64_512, a, s);
2966 q_int = float64_to_int64_round_to_zero(q, s);
2968 /* reciprocal root r */
2969 /* r = 1.0 / sqrt(((double)q0 + 0.5) / 512.0); */
2970 q = int64_to_float64(q_int, s);
2971 q = float64_add(q, float64_half, s);
2972 q = float64_div(q, float64_512, s);
2973 q = float64_sqrt(q, s);
2974 q = float64_div(float64_one, q, s);
2976 /* range 0.5 <= a < 1.0 */
2978 /* a in units of 1/256 rounded down */
2979 /* q1 = (int)(a * 256.0); */
2980 q = float64_mul(float64_256, a, s);
2981 int64_t q_int = float64_to_int64_round_to_zero(q, s);
2983 /* reciprocal root r */
2984 /* r = 1.0 /sqrt(((double)q1 + 0.5) / 256); */
2985 q = int64_to_float64(q_int, s);
2986 q = float64_add(q, float64_half, s);
2987 q = float64_div(q, float64_256, s);
2988 q = float64_sqrt(q, s);
2989 q = float64_div(float64_one, q, s);
2991 /* r in units of 1/256 rounded to nearest */
2992 /* s = (int)(256.0 * r + 0.5); */
2994 q = float64_mul(q, float64_256,s );
2995 q = float64_add(q, float64_half, s);
2996 q_int = float64_to_int64_round_to_zero(q, s);
2998 /* return (double)s / 256.0;*/
2999 return float64_div(int64_to_float64(q_int, s), float64_256, s);
3002 float32 HELPER(rsqrte_f32)(float32 a, CPUARMState *env)
3004 float_status *s = &env->vfp.standard_fp_status;
3010 val = float32_val(a);
3012 if (float32_is_any_nan(a)) {
3013 if (float32_is_signaling_nan(a)) {
3014 float_raise(float_flag_invalid, s);
3016 return float32_default_nan;
3017 } else if (float32_is_zero_or_denormal(a)) {
3018 if (!float32_is_zero(a)) {
3019 float_raise(float_flag_input_denormal, s);
3021 float_raise(float_flag_divbyzero, s);
3022 return float32_set_sign(float32_infinity, float32_is_neg(a));
3023 } else if (float32_is_neg(a)) {
3024 float_raise(float_flag_invalid, s);
3025 return float32_default_nan;
3026 } else if (float32_is_infinity(a)) {
3027 return float32_zero;
3030 /* Normalize to a double-precision value between 0.25 and 1.0,
3031 * preserving the parity of the exponent. */
3032 if ((val & 0x800000) == 0) {
3033 f64 = make_float64(((uint64_t)(val & 0x80000000) << 32)
3035 | ((uint64_t)(val & 0x7fffff) << 29));
3037 f64 = make_float64(((uint64_t)(val & 0x80000000) << 32)
3039 | ((uint64_t)(val & 0x7fffff) << 29));
3042 result_exp = (380 - ((val & 0x7f800000) >> 23)) / 2;
3044 f64 = recip_sqrt_estimate(f64, env);
3046 val64 = float64_val(f64);
3048 val = ((result_exp & 0xff) << 23)
3049 | ((val64 >> 29) & 0x7fffff);
3050 return make_float32(val);
3053 uint32_t HELPER(recpe_u32)(uint32_t a, CPUARMState *env)
3057 if ((a & 0x80000000) == 0) {
3061 f64 = make_float64((0x3feULL << 52)
3062 | ((int64_t)(a & 0x7fffffff) << 21));
3064 f64 = recip_estimate (f64, env);
3066 return 0x80000000 | ((float64_val(f64) >> 21) & 0x7fffffff);
3069 uint32_t HELPER(rsqrte_u32)(uint32_t a, CPUARMState *env)
3073 if ((a & 0xc0000000) == 0) {
3077 if (a & 0x80000000) {
3078 f64 = make_float64((0x3feULL << 52)
3079 | ((uint64_t)(a & 0x7fffffff) << 21));
3080 } else { /* bits 31-30 == '01' */
3081 f64 = make_float64((0x3fdULL << 52)
3082 | ((uint64_t)(a & 0x3fffffff) << 22));
3085 f64 = recip_sqrt_estimate(f64, env);
3087 return 0x80000000 | ((float64_val(f64) >> 21) & 0x7fffffff);
3090 /* VFPv4 fused multiply-accumulate */
3091 float32 VFP_HELPER(muladd, s)(float32 a, float32 b, float32 c, void *fpstp)
3093 float_status *fpst = fpstp;
3094 return float32_muladd(a, b, c, 0, fpst);
3097 float64 VFP_HELPER(muladd, d)(float64 a, float64 b, float64 c, void *fpstp)
3099 float_status *fpst = fpstp;
3100 return float64_muladd(a, b, c, 0, fpst);
projects / qemu.git / blob