8 #include "qemu-common.h"
9 #include "host-utils.h"
10 #if !defined(CONFIG_USER_ONLY)
11 #include "hw/loader.h"
14 static uint32_t cortexa9_cp15_c0_c1[8] =
15 { 0x1031, 0x11, 0x000, 0, 0x00100103, 0x20000000, 0x01230000, 0x00002111 };
17 static uint32_t cortexa9_cp15_c0_c2[8] =
18 { 0x00101111, 0x13112111, 0x21232041, 0x11112131, 0x00111142, 0, 0, 0 };
20 static uint32_t cortexa8_cp15_c0_c1[8] =
21 { 0x1031, 0x11, 0x400, 0, 0x31100003, 0x20000000, 0x01202000, 0x11 };
23 static uint32_t cortexa8_cp15_c0_c2[8] =
24 { 0x00101111, 0x12112111, 0x21232031, 0x11112131, 0x00111142, 0, 0, 0 };
26 static uint32_t mpcore_cp15_c0_c1[8] =
27 { 0x111, 0x1, 0, 0x2, 0x01100103, 0x10020302, 0x01222000, 0 };
29 static uint32_t mpcore_cp15_c0_c2[8] =
30 { 0x00100011, 0x12002111, 0x11221011, 0x01102131, 0x141, 0, 0, 0 };
32 static uint32_t arm1136_cp15_c0_c1[8] =
33 { 0x111, 0x1, 0x2, 0x3, 0x01130003, 0x10030302, 0x01222110, 0 };
35 static uint32_t arm1136_cp15_c0_c2[8] =
36 { 0x00140011, 0x12002111, 0x11231111, 0x01102131, 0x141, 0, 0, 0 };
38 static uint32_t arm1176_cp15_c0_c1[8] =
39 { 0x111, 0x11, 0x33, 0, 0x01130003, 0x10030302, 0x01222100, 0 };
41 static uint32_t arm1176_cp15_c0_c2[8] =
42 { 0x0140011, 0x12002111, 0x11231121, 0x01102131, 0x01141, 0, 0, 0 };
44 static uint32_t cpu_arm_find_by_name(const char *name);
46 static inline void set_feature(CPUARMState *env, int feature)
48 env->features |= 1u << feature;
51 static void cpu_reset_model_id(CPUARMState *env, uint32_t id)
53 env->cp15.c0_cpuid = id;
55 case ARM_CPUID_ARM926:
56 set_feature(env, ARM_FEATURE_V5);
57 set_feature(env, ARM_FEATURE_VFP);
58 env->vfp.xregs[ARM_VFP_FPSID] = 0x41011090;
59 env->cp15.c0_cachetype = 0x1dd20d2;
60 env->cp15.c1_sys = 0x00090078;
62 case ARM_CPUID_ARM946:
63 set_feature(env, ARM_FEATURE_V5);
64 set_feature(env, ARM_FEATURE_MPU);
65 env->cp15.c0_cachetype = 0x0f004006;
66 env->cp15.c1_sys = 0x00000078;
68 case ARM_CPUID_ARM1026:
69 set_feature(env, ARM_FEATURE_V5);
70 set_feature(env, ARM_FEATURE_VFP);
71 set_feature(env, ARM_FEATURE_AUXCR);
72 env->vfp.xregs[ARM_VFP_FPSID] = 0x410110a0;
73 env->cp15.c0_cachetype = 0x1dd20d2;
74 env->cp15.c1_sys = 0x00090078;
76 case ARM_CPUID_ARM1136:
77 /* This is the 1136 r1, which is a v6K core */
78 set_feature(env, ARM_FEATURE_V6K);
80 case ARM_CPUID_ARM1136_R2:
81 /* What qemu calls "arm1136_r2" is actually the 1136 r0p2, ie an
82 * older core than plain "arm1136". In particular this does not
83 * have the v6K features.
85 set_feature(env, ARM_FEATURE_V6);
86 set_feature(env, ARM_FEATURE_VFP);
87 /* These ID register values are correct for 1136 but may be wrong
88 * for 1136_r2 (in particular r0p2 does not actually implement most
89 * of the ID registers).
91 env->vfp.xregs[ARM_VFP_FPSID] = 0x410120b4;
92 env->vfp.xregs[ARM_VFP_MVFR0] = 0x11111111;
93 env->vfp.xregs[ARM_VFP_MVFR1] = 0x00000000;
94 memcpy(env->cp15.c0_c1, arm1136_cp15_c0_c1, 8 * sizeof(uint32_t));
95 memcpy(env->cp15.c0_c2, arm1136_cp15_c0_c2, 8 * sizeof(uint32_t));
96 env->cp15.c0_cachetype = 0x1dd20d2;
97 env->cp15.c1_sys = 0x00050078;
99 case ARM_CPUID_ARM1176:
100 set_feature(env, ARM_FEATURE_V6K);
101 set_feature(env, ARM_FEATURE_VFP);
102 set_feature(env, ARM_FEATURE_VAPA);
103 env->vfp.xregs[ARM_VFP_FPSID] = 0x410120b5;
104 env->vfp.xregs[ARM_VFP_MVFR0] = 0x11111111;
105 env->vfp.xregs[ARM_VFP_MVFR1] = 0x00000000;
106 memcpy(env->cp15.c0_c1, arm1176_cp15_c0_c1, 8 * sizeof(uint32_t));
107 memcpy(env->cp15.c0_c2, arm1176_cp15_c0_c2, 8 * sizeof(uint32_t));
108 env->cp15.c0_cachetype = 0x1dd20d2;
109 env->cp15.c1_sys = 0x00050078;
111 case ARM_CPUID_ARM11MPCORE:
112 set_feature(env, ARM_FEATURE_V6K);
113 set_feature(env, ARM_FEATURE_VFP);
114 set_feature(env, ARM_FEATURE_VAPA);
115 env->vfp.xregs[ARM_VFP_FPSID] = 0x410120b4;
116 env->vfp.xregs[ARM_VFP_MVFR0] = 0x11111111;
117 env->vfp.xregs[ARM_VFP_MVFR1] = 0x00000000;
118 memcpy(env->cp15.c0_c1, mpcore_cp15_c0_c1, 8 * sizeof(uint32_t));
119 memcpy(env->cp15.c0_c2, mpcore_cp15_c0_c2, 8 * sizeof(uint32_t));
120 env->cp15.c0_cachetype = 0x1dd20d2;
122 case ARM_CPUID_CORTEXA8:
123 set_feature(env, ARM_FEATURE_V7);
124 set_feature(env, ARM_FEATURE_VFP3);
125 set_feature(env, ARM_FEATURE_NEON);
126 set_feature(env, ARM_FEATURE_THUMB2EE);
127 env->vfp.xregs[ARM_VFP_FPSID] = 0x410330c0;
128 env->vfp.xregs[ARM_VFP_MVFR0] = 0x11110222;
129 env->vfp.xregs[ARM_VFP_MVFR1] = 0x00011100;
130 memcpy(env->cp15.c0_c1, cortexa8_cp15_c0_c1, 8 * sizeof(uint32_t));
131 memcpy(env->cp15.c0_c2, cortexa8_cp15_c0_c2, 8 * sizeof(uint32_t));
132 env->cp15.c0_cachetype = 0x82048004;
133 env->cp15.c0_clid = (1 << 27) | (2 << 24) | 3;
134 env->cp15.c0_ccsid[0] = 0xe007e01a; /* 16k L1 dcache. */
135 env->cp15.c0_ccsid[1] = 0x2007e01a; /* 16k L1 icache. */
136 env->cp15.c0_ccsid[2] = 0xf0000000; /* No L2 icache. */
137 env->cp15.c1_sys = 0x00c50078;
139 case ARM_CPUID_CORTEXA9:
140 set_feature(env, ARM_FEATURE_V7);
141 set_feature(env, ARM_FEATURE_VFP3);
142 set_feature(env, ARM_FEATURE_VFP_FP16);
143 set_feature(env, ARM_FEATURE_NEON);
144 set_feature(env, ARM_FEATURE_THUMB2EE);
145 /* Note that A9 supports the MP extensions even for
146 * A9UP and single-core A9MP (which are both different
147 * and valid configurations; we don't model A9UP).
149 set_feature(env, ARM_FEATURE_V7MP);
150 env->vfp.xregs[ARM_VFP_FPSID] = 0x41034000; /* Guess */
151 env->vfp.xregs[ARM_VFP_MVFR0] = 0x11110222;
152 env->vfp.xregs[ARM_VFP_MVFR1] = 0x01111111;
153 memcpy(env->cp15.c0_c1, cortexa9_cp15_c0_c1, 8 * sizeof(uint32_t));
154 memcpy(env->cp15.c0_c2, cortexa9_cp15_c0_c2, 8 * sizeof(uint32_t));
155 env->cp15.c0_cachetype = 0x80038003;
156 env->cp15.c0_clid = (1 << 27) | (1 << 24) | 3;
157 env->cp15.c0_ccsid[0] = 0xe00fe015; /* 16k L1 dcache. */
158 env->cp15.c0_ccsid[1] = 0x200fe015; /* 16k L1 icache. */
159 env->cp15.c1_sys = 0x00c50078;
161 case ARM_CPUID_CORTEXM3:
162 set_feature(env, ARM_FEATURE_V7);
163 set_feature(env, ARM_FEATURE_M);
165 case ARM_CPUID_ANY: /* For userspace emulation. */
166 set_feature(env, ARM_FEATURE_V7);
167 set_feature(env, ARM_FEATURE_VFP4);
168 set_feature(env, ARM_FEATURE_VFP_FP16);
169 set_feature(env, ARM_FEATURE_NEON);
170 set_feature(env, ARM_FEATURE_THUMB2EE);
171 set_feature(env, ARM_FEATURE_ARM_DIV);
172 set_feature(env, ARM_FEATURE_V7MP);
174 case ARM_CPUID_TI915T:
175 case ARM_CPUID_TI925T:
176 set_feature(env, ARM_FEATURE_V4T);
177 set_feature(env, ARM_FEATURE_OMAPCP);
178 env->cp15.c0_cpuid = ARM_CPUID_TI925T; /* Depends on wiring. */
179 env->cp15.c0_cachetype = 0x5109149;
180 env->cp15.c1_sys = 0x00000070;
181 env->cp15.c15_i_max = 0x000;
182 env->cp15.c15_i_min = 0xff0;
184 case ARM_CPUID_PXA250:
185 case ARM_CPUID_PXA255:
186 case ARM_CPUID_PXA260:
187 case ARM_CPUID_PXA261:
188 case ARM_CPUID_PXA262:
189 set_feature(env, ARM_FEATURE_V5);
190 set_feature(env, ARM_FEATURE_XSCALE);
191 /* JTAG_ID is ((id << 28) | 0x09265013) */
192 env->cp15.c0_cachetype = 0xd172172;
193 env->cp15.c1_sys = 0x00000078;
195 case ARM_CPUID_PXA270_A0:
196 case ARM_CPUID_PXA270_A1:
197 case ARM_CPUID_PXA270_B0:
198 case ARM_CPUID_PXA270_B1:
199 case ARM_CPUID_PXA270_C0:
200 case ARM_CPUID_PXA270_C5:
201 set_feature(env, ARM_FEATURE_V5);
202 set_feature(env, ARM_FEATURE_XSCALE);
203 /* JTAG_ID is ((id << 28) | 0x09265013) */
204 set_feature(env, ARM_FEATURE_IWMMXT);
205 env->iwmmxt.cregs[ARM_IWMMXT_wCID] = 0x69051000 | 'Q';
206 env->cp15.c0_cachetype = 0xd172172;
207 env->cp15.c1_sys = 0x00000078;
209 case ARM_CPUID_SA1100:
210 case ARM_CPUID_SA1110:
211 set_feature(env, ARM_FEATURE_STRONGARM);
212 env->cp15.c1_sys = 0x00000070;
215 cpu_abort(env, "Bad CPU ID: %x\n", id);
219 /* Some features automatically imply others: */
220 if (arm_feature(env, ARM_FEATURE_V7)) {
221 set_feature(env, ARM_FEATURE_VAPA);
222 set_feature(env, ARM_FEATURE_THUMB2);
223 if (!arm_feature(env, ARM_FEATURE_M)) {
224 set_feature(env, ARM_FEATURE_V6K);
226 set_feature(env, ARM_FEATURE_V6);
229 if (arm_feature(env, ARM_FEATURE_V6K)) {
230 set_feature(env, ARM_FEATURE_V6);
232 if (arm_feature(env, ARM_FEATURE_V6)) {
233 set_feature(env, ARM_FEATURE_V5);
234 if (!arm_feature(env, ARM_FEATURE_M)) {
235 set_feature(env, ARM_FEATURE_AUXCR);
238 if (arm_feature(env, ARM_FEATURE_V5)) {
239 set_feature(env, ARM_FEATURE_V4T);
241 if (arm_feature(env, ARM_FEATURE_M)) {
242 set_feature(env, ARM_FEATURE_THUMB_DIV);
244 if (arm_feature(env, ARM_FEATURE_ARM_DIV)) {
245 set_feature(env, ARM_FEATURE_THUMB_DIV);
247 if (arm_feature(env, ARM_FEATURE_VFP4)) {
248 set_feature(env, ARM_FEATURE_VFP3);
250 if (arm_feature(env, ARM_FEATURE_VFP3)) {
251 set_feature(env, ARM_FEATURE_VFP);
255 void cpu_reset(CPUARMState *env)
259 if (qemu_loglevel_mask(CPU_LOG_RESET)) {
260 qemu_log("CPU Reset (CPU %d)\n", env->cpu_index);
261 log_cpu_state(env, 0);
264 id = env->cp15.c0_cpuid;
265 memset(env, 0, offsetof(CPUARMState, breakpoints));
267 cpu_reset_model_id(env, id);
268 #if defined (CONFIG_USER_ONLY)
269 env->uncached_cpsr = ARM_CPU_MODE_USR;
270 /* For user mode we must enable access to coprocessors */
271 env->vfp.xregs[ARM_VFP_FPEXC] = 1 << 30;
272 if (arm_feature(env, ARM_FEATURE_IWMMXT)) {
273 env->cp15.c15_cpar = 3;
274 } else if (arm_feature(env, ARM_FEATURE_XSCALE)) {
275 env->cp15.c15_cpar = 1;
278 /* SVC mode with interrupts disabled. */
279 env->uncached_cpsr = ARM_CPU_MODE_SVC | CPSR_A | CPSR_F | CPSR_I;
280 /* On ARMv7-M the CPSR_I is the value of the PRIMASK register, and is
281 clear at reset. Initial SP and PC are loaded from ROM. */
285 env->uncached_cpsr &= ~CPSR_I;
288 /* We should really use ldl_phys here, in case the guest
289 modified flash and reset itself. However images
290 loaded via -kernel have not been copied yet, so load the
291 values directly from there. */
292 env->regs[13] = ldl_p(rom);
295 env->regs[15] = pc & ~1;
298 env->vfp.xregs[ARM_VFP_FPEXC] = 0;
299 env->cp15.c2_base_mask = 0xffffc000u;
300 /* v7 performance monitor control register: same implementor
301 * field as main ID register, and we implement no event counters.
303 env->cp15.c9_pmcr = (id & 0xff000000);
305 set_flush_to_zero(1, &env->vfp.standard_fp_status);
306 set_flush_inputs_to_zero(1, &env->vfp.standard_fp_status);
307 set_default_nan_mode(1, &env->vfp.standard_fp_status);
308 set_float_detect_tininess(float_tininess_before_rounding,
309 &env->vfp.fp_status);
310 set_float_detect_tininess(float_tininess_before_rounding,
311 &env->vfp.standard_fp_status);
315 static int vfp_gdb_get_reg(CPUState *env, uint8_t *buf, int reg)
319 /* VFP data registers are always little-endian. */
320 nregs = arm_feature(env, ARM_FEATURE_VFP3) ? 32 : 16;
322 stfq_le_p(buf, env->vfp.regs[reg]);
325 if (arm_feature(env, ARM_FEATURE_NEON)) {
326 /* Aliases for Q regs. */
329 stfq_le_p(buf, env->vfp.regs[(reg - 32) * 2]);
330 stfq_le_p(buf + 8, env->vfp.regs[(reg - 32) * 2 + 1]);
334 switch (reg - nregs) {
335 case 0: stl_p(buf, env->vfp.xregs[ARM_VFP_FPSID]); return 4;
336 case 1: stl_p(buf, env->vfp.xregs[ARM_VFP_FPSCR]); return 4;
337 case 2: stl_p(buf, env->vfp.xregs[ARM_VFP_FPEXC]); return 4;
342 static int vfp_gdb_set_reg(CPUState *env, uint8_t *buf, int reg)
346 nregs = arm_feature(env, ARM_FEATURE_VFP3) ? 32 : 16;
348 env->vfp.regs[reg] = ldfq_le_p(buf);
351 if (arm_feature(env, ARM_FEATURE_NEON)) {
354 env->vfp.regs[(reg - 32) * 2] = ldfq_le_p(buf);
355 env->vfp.regs[(reg - 32) * 2 + 1] = ldfq_le_p(buf + 8);
359 switch (reg - nregs) {
360 case 0: env->vfp.xregs[ARM_VFP_FPSID] = ldl_p(buf); return 4;
361 case 1: env->vfp.xregs[ARM_VFP_FPSCR] = ldl_p(buf); return 4;
362 case 2: env->vfp.xregs[ARM_VFP_FPEXC] = ldl_p(buf) & (1 << 30); return 4;
367 CPUARMState *cpu_arm_init(const char *cpu_model)
371 static int inited = 0;
373 id = cpu_arm_find_by_name(cpu_model);
376 env = g_malloc0(sizeof(CPUARMState));
378 if (tcg_enabled() && !inited) {
380 arm_translate_init();
383 env->cpu_model_str = cpu_model;
384 env->cp15.c0_cpuid = id;
386 if (arm_feature(env, ARM_FEATURE_NEON)) {
387 gdb_register_coprocessor(env, vfp_gdb_get_reg, vfp_gdb_set_reg,
388 51, "arm-neon.xml", 0);
389 } else if (arm_feature(env, ARM_FEATURE_VFP3)) {
390 gdb_register_coprocessor(env, vfp_gdb_get_reg, vfp_gdb_set_reg,
391 35, "arm-vfp3.xml", 0);
392 } else if (arm_feature(env, ARM_FEATURE_VFP)) {
393 gdb_register_coprocessor(env, vfp_gdb_get_reg, vfp_gdb_set_reg,
394 19, "arm-vfp.xml", 0);
405 static const struct arm_cpu_t arm_cpu_names[] = {
406 { ARM_CPUID_ARM926, "arm926"},
407 { ARM_CPUID_ARM946, "arm946"},
408 { ARM_CPUID_ARM1026, "arm1026"},
409 { ARM_CPUID_ARM1136, "arm1136"},
410 { ARM_CPUID_ARM1136_R2, "arm1136-r2"},
411 { ARM_CPUID_ARM1176, "arm1176"},
412 { ARM_CPUID_ARM11MPCORE, "arm11mpcore"},
413 { ARM_CPUID_CORTEXM3, "cortex-m3"},
414 { ARM_CPUID_CORTEXA8, "cortex-a8"},
415 { ARM_CPUID_CORTEXA9, "cortex-a9"},
416 { ARM_CPUID_TI925T, "ti925t" },
417 { ARM_CPUID_PXA250, "pxa250" },
418 { ARM_CPUID_SA1100, "sa1100" },
419 { ARM_CPUID_SA1110, "sa1110" },
420 { ARM_CPUID_PXA255, "pxa255" },
421 { ARM_CPUID_PXA260, "pxa260" },
422 { ARM_CPUID_PXA261, "pxa261" },
423 { ARM_CPUID_PXA262, "pxa262" },
424 { ARM_CPUID_PXA270, "pxa270" },
425 { ARM_CPUID_PXA270_A0, "pxa270-a0" },
426 { ARM_CPUID_PXA270_A1, "pxa270-a1" },
427 { ARM_CPUID_PXA270_B0, "pxa270-b0" },
428 { ARM_CPUID_PXA270_B1, "pxa270-b1" },
429 { ARM_CPUID_PXA270_C0, "pxa270-c0" },
430 { ARM_CPUID_PXA270_C5, "pxa270-c5" },
431 { ARM_CPUID_ANY, "any"},
435 void arm_cpu_list(FILE *f, fprintf_function cpu_fprintf)
439 (*cpu_fprintf)(f, "Available CPUs:\n");
440 for (i = 0; arm_cpu_names[i].name; i++) {
441 (*cpu_fprintf)(f, " %s\n", arm_cpu_names[i].name);
445 /* return 0 if not found */
446 static uint32_t cpu_arm_find_by_name(const char *name)
452 for (i = 0; arm_cpu_names[i].name; i++) {
453 if (strcmp(name, arm_cpu_names[i].name) == 0) {
454 id = arm_cpu_names[i].id;
461 void cpu_arm_close(CPUARMState *env)
466 uint32_t cpsr_read(CPUARMState *env)
470 return env->uncached_cpsr | (env->NF & 0x80000000) | (ZF << 30) |
471 (env->CF << 29) | ((env->VF & 0x80000000) >> 3) | (env->QF << 27)
472 | (env->thumb << 5) | ((env->condexec_bits & 3) << 25)
473 | ((env->condexec_bits & 0xfc) << 8)
477 void cpsr_write(CPUARMState *env, uint32_t val, uint32_t mask)
479 if (mask & CPSR_NZCV) {
480 env->ZF = (~val) & CPSR_Z;
482 env->CF = (val >> 29) & 1;
483 env->VF = (val << 3) & 0x80000000;
486 env->QF = ((val & CPSR_Q) != 0);
488 env->thumb = ((val & CPSR_T) != 0);
489 if (mask & CPSR_IT_0_1) {
490 env->condexec_bits &= ~3;
491 env->condexec_bits |= (val >> 25) & 3;
493 if (mask & CPSR_IT_2_7) {
494 env->condexec_bits &= 3;
495 env->condexec_bits |= (val >> 8) & 0xfc;
497 if (mask & CPSR_GE) {
498 env->GE = (val >> 16) & 0xf;
501 if ((env->uncached_cpsr ^ val) & mask & CPSR_M) {
502 switch_mode(env, val & CPSR_M);
504 mask &= ~CACHED_CPSR_BITS;
505 env->uncached_cpsr = (env->uncached_cpsr & ~mask) | (val & mask);
508 /* Sign/zero extend */
509 uint32_t HELPER(sxtb16)(uint32_t x)
512 res = (uint16_t)(int8_t)x;
513 res |= (uint32_t)(int8_t)(x >> 16) << 16;
517 uint32_t HELPER(uxtb16)(uint32_t x)
520 res = (uint16_t)(uint8_t)x;
521 res |= (uint32_t)(uint8_t)(x >> 16) << 16;
525 uint32_t HELPER(clz)(uint32_t x)
530 int32_t HELPER(sdiv)(int32_t num, int32_t den)
534 if (num == INT_MIN && den == -1)
539 uint32_t HELPER(udiv)(uint32_t num, uint32_t den)
546 uint32_t HELPER(rbit)(uint32_t x)
548 x = ((x & 0xff000000) >> 24)
549 | ((x & 0x00ff0000) >> 8)
550 | ((x & 0x0000ff00) << 8)
551 | ((x & 0x000000ff) << 24);
552 x = ((x & 0xf0f0f0f0) >> 4)
553 | ((x & 0x0f0f0f0f) << 4);
554 x = ((x & 0x88888888) >> 3)
555 | ((x & 0x44444444) >> 1)
556 | ((x & 0x22222222) << 1)
557 | ((x & 0x11111111) << 3);
561 uint32_t HELPER(abs)(uint32_t x)
563 return ((int32_t)x < 0) ? -x : x;
566 #if defined(CONFIG_USER_ONLY)
568 void do_interrupt (CPUState *env)
570 env->exception_index = -1;
573 int cpu_arm_handle_mmu_fault (CPUState *env, target_ulong address, int rw,
577 env->exception_index = EXCP_PREFETCH_ABORT;
578 env->cp15.c6_insn = address;
580 env->exception_index = EXCP_DATA_ABORT;
581 env->cp15.c6_data = address;
586 /* These should probably raise undefined insn exceptions. */
587 void HELPER(set_cp)(CPUState *env, uint32_t insn, uint32_t val)
589 int op1 = (insn >> 8) & 0xf;
590 cpu_abort(env, "cp%i insn %08x\n", op1, insn);
594 uint32_t HELPER(get_cp)(CPUState *env, uint32_t insn)
596 int op1 = (insn >> 8) & 0xf;
597 cpu_abort(env, "cp%i insn %08x\n", op1, insn);
601 void HELPER(set_cp15)(CPUState *env, uint32_t insn, uint32_t val)
603 cpu_abort(env, "cp15 insn %08x\n", insn);
606 uint32_t HELPER(get_cp15)(CPUState *env, uint32_t insn)
608 cpu_abort(env, "cp15 insn %08x\n", insn);
611 /* These should probably raise undefined insn exceptions. */
612 void HELPER(v7m_msr)(CPUState *env, uint32_t reg, uint32_t val)
614 cpu_abort(env, "v7m_mrs %d\n", reg);
617 uint32_t HELPER(v7m_mrs)(CPUState *env, uint32_t reg)
619 cpu_abort(env, "v7m_mrs %d\n", reg);
623 void switch_mode(CPUState *env, int mode)
625 if (mode != ARM_CPU_MODE_USR)
626 cpu_abort(env, "Tried to switch out of user mode\n");
629 void HELPER(set_r13_banked)(CPUState *env, uint32_t mode, uint32_t val)
631 cpu_abort(env, "banked r13 write\n");
634 uint32_t HELPER(get_r13_banked)(CPUState *env, uint32_t mode)
636 cpu_abort(env, "banked r13 read\n");
642 extern int semihosting_enabled;
644 /* Map CPU modes onto saved register banks. */
645 static inline int bank_number (int mode)
648 case ARM_CPU_MODE_USR:
649 case ARM_CPU_MODE_SYS:
651 case ARM_CPU_MODE_SVC:
653 case ARM_CPU_MODE_ABT:
655 case ARM_CPU_MODE_UND:
657 case ARM_CPU_MODE_IRQ:
659 case ARM_CPU_MODE_FIQ:
662 cpu_abort(cpu_single_env, "Bad mode %x\n", mode);
666 void switch_mode(CPUState *env, int mode)
671 old_mode = env->uncached_cpsr & CPSR_M;
672 if (mode == old_mode)
675 if (old_mode == ARM_CPU_MODE_FIQ) {
676 memcpy (env->fiq_regs, env->regs + 8, 5 * sizeof(uint32_t));
677 memcpy (env->regs + 8, env->usr_regs, 5 * sizeof(uint32_t));
678 } else if (mode == ARM_CPU_MODE_FIQ) {
679 memcpy (env->usr_regs, env->regs + 8, 5 * sizeof(uint32_t));
680 memcpy (env->regs + 8, env->fiq_regs, 5 * sizeof(uint32_t));
683 i = bank_number(old_mode);
684 env->banked_r13[i] = env->regs[13];
685 env->banked_r14[i] = env->regs[14];
686 env->banked_spsr[i] = env->spsr;
688 i = bank_number(mode);
689 env->regs[13] = env->banked_r13[i];
690 env->regs[14] = env->banked_r14[i];
691 env->spsr = env->banked_spsr[i];
694 static void v7m_push(CPUARMState *env, uint32_t val)
697 stl_phys(env->regs[13], val);
700 static uint32_t v7m_pop(CPUARMState *env)
703 val = ldl_phys(env->regs[13]);
708 /* Switch to V7M main or process stack pointer. */
709 static void switch_v7m_sp(CPUARMState *env, int process)
712 if (env->v7m.current_sp != process) {
713 tmp = env->v7m.other_sp;
714 env->v7m.other_sp = env->regs[13];
716 env->v7m.current_sp = process;
720 static void do_v7m_exception_exit(CPUARMState *env)
725 type = env->regs[15];
726 if (env->v7m.exception != 0)
727 armv7m_nvic_complete_irq(env->nvic, env->v7m.exception);
729 /* Switch to the target stack. */
730 switch_v7m_sp(env, (type & 4) != 0);
732 env->regs[0] = v7m_pop(env);
733 env->regs[1] = v7m_pop(env);
734 env->regs[2] = v7m_pop(env);
735 env->regs[3] = v7m_pop(env);
736 env->regs[12] = v7m_pop(env);
737 env->regs[14] = v7m_pop(env);
738 env->regs[15] = v7m_pop(env);
740 xpsr_write(env, xpsr, 0xfffffdff);
741 /* Undo stack alignment. */
744 /* ??? The exception return type specifies Thread/Handler mode. However
745 this is also implied by the xPSR value. Not sure what to do
746 if there is a mismatch. */
747 /* ??? Likewise for mismatches between the CONTROL register and the stack
751 static void do_interrupt_v7m(CPUARMState *env)
753 uint32_t xpsr = xpsr_read(env);
758 if (env->v7m.current_sp)
760 if (env->v7m.exception == 0)
763 /* For exceptions we just mark as pending on the NVIC, and let that
765 /* TODO: Need to escalate if the current priority is higher than the
766 one we're raising. */
767 switch (env->exception_index) {
769 armv7m_nvic_set_pending(env->nvic, ARMV7M_EXCP_USAGE);
773 armv7m_nvic_set_pending(env->nvic, ARMV7M_EXCP_SVC);
775 case EXCP_PREFETCH_ABORT:
776 case EXCP_DATA_ABORT:
777 armv7m_nvic_set_pending(env->nvic, ARMV7M_EXCP_MEM);
780 if (semihosting_enabled) {
782 nr = lduw_code(env->regs[15]) & 0xff;
785 env->regs[0] = do_arm_semihosting(env);
789 armv7m_nvic_set_pending(env->nvic, ARMV7M_EXCP_DEBUG);
792 env->v7m.exception = armv7m_nvic_acknowledge_irq(env->nvic);
794 case EXCP_EXCEPTION_EXIT:
795 do_v7m_exception_exit(env);
798 cpu_abort(env, "Unhandled exception 0x%x\n", env->exception_index);
799 return; /* Never happens. Keep compiler happy. */
802 /* Align stack pointer. */
803 /* ??? Should only do this if Configuration Control Register
804 STACKALIGN bit is set. */
805 if (env->regs[13] & 4) {
809 /* Switch to the handler mode. */
811 v7m_push(env, env->regs[15]);
812 v7m_push(env, env->regs[14]);
813 v7m_push(env, env->regs[12]);
814 v7m_push(env, env->regs[3]);
815 v7m_push(env, env->regs[2]);
816 v7m_push(env, env->regs[1]);
817 v7m_push(env, env->regs[0]);
818 switch_v7m_sp(env, 0);
819 env->uncached_cpsr &= ~CPSR_IT;
821 addr = ldl_phys(env->v7m.vecbase + env->v7m.exception * 4);
822 env->regs[15] = addr & 0xfffffffe;
823 env->thumb = addr & 1;
826 /* Handle a CPU exception. */
827 void do_interrupt(CPUARMState *env)
835 do_interrupt_v7m(env);
838 /* TODO: Vectored interrupt controller. */
839 switch (env->exception_index) {
841 new_mode = ARM_CPU_MODE_UND;
850 if (semihosting_enabled) {
851 /* Check for semihosting interrupt. */
853 mask = lduw_code(env->regs[15] - 2) & 0xff;
855 mask = ldl_code(env->regs[15] - 4) & 0xffffff;
857 /* Only intercept calls from privileged modes, to provide some
858 semblance of security. */
859 if (((mask == 0x123456 && !env->thumb)
860 || (mask == 0xab && env->thumb))
861 && (env->uncached_cpsr & CPSR_M) != ARM_CPU_MODE_USR) {
862 env->regs[0] = do_arm_semihosting(env);
866 new_mode = ARM_CPU_MODE_SVC;
869 /* The PC already points to the next instruction. */
873 /* See if this is a semihosting syscall. */
874 if (env->thumb && semihosting_enabled) {
875 mask = lduw_code(env->regs[15]) & 0xff;
877 && (env->uncached_cpsr & CPSR_M) != ARM_CPU_MODE_USR) {
879 env->regs[0] = do_arm_semihosting(env);
883 env->cp15.c5_insn = 2;
884 /* Fall through to prefetch abort. */
885 case EXCP_PREFETCH_ABORT:
886 new_mode = ARM_CPU_MODE_ABT;
888 mask = CPSR_A | CPSR_I;
891 case EXCP_DATA_ABORT:
892 new_mode = ARM_CPU_MODE_ABT;
894 mask = CPSR_A | CPSR_I;
898 new_mode = ARM_CPU_MODE_IRQ;
900 /* Disable IRQ and imprecise data aborts. */
901 mask = CPSR_A | CPSR_I;
905 new_mode = ARM_CPU_MODE_FIQ;
907 /* Disable FIQ, IRQ and imprecise data aborts. */
908 mask = CPSR_A | CPSR_I | CPSR_F;
912 cpu_abort(env, "Unhandled exception 0x%x\n", env->exception_index);
913 return; /* Never happens. Keep compiler happy. */
916 if (env->cp15.c1_sys & (1 << 13)) {
919 switch_mode (env, new_mode);
920 env->spsr = cpsr_read(env);
922 env->condexec_bits = 0;
923 /* Switch to the new mode, and to the correct instruction set. */
924 env->uncached_cpsr = (env->uncached_cpsr & ~CPSR_M) | new_mode;
925 env->uncached_cpsr |= mask;
926 /* this is a lie, as the was no c1_sys on V4T/V5, but who cares
927 * and we should just guard the thumb mode on V4 */
928 if (arm_feature(env, ARM_FEATURE_V4T)) {
929 env->thumb = (env->cp15.c1_sys & (1 << 30)) != 0;
931 env->regs[14] = env->regs[15] + offset;
932 env->regs[15] = addr;
933 env->interrupt_request |= CPU_INTERRUPT_EXITTB;
936 /* Check section/page access permissions.
937 Returns the page protection flags, or zero if the access is not
939 static inline int check_ap(CPUState *env, int ap, int domain_prot,
940 int access_type, int is_user)
944 if (domain_prot == 3) {
945 return PAGE_READ | PAGE_WRITE;
948 if (access_type == 1)
955 if (access_type == 1)
957 switch ((env->cp15.c1_sys >> 8) & 3) {
959 return is_user ? 0 : PAGE_READ;
966 return is_user ? 0 : PAGE_READ | PAGE_WRITE;
971 return PAGE_READ | PAGE_WRITE;
973 return PAGE_READ | PAGE_WRITE;
974 case 4: /* Reserved. */
977 return is_user ? 0 : prot_ro;
981 if (!arm_feature (env, ARM_FEATURE_V6K))
989 static uint32_t get_level1_table_address(CPUState *env, uint32_t address)
993 if (address & env->cp15.c2_mask)
994 table = env->cp15.c2_base1 & 0xffffc000;
996 table = env->cp15.c2_base0 & env->cp15.c2_base_mask;
998 table |= (address >> 18) & 0x3ffc;
1002 static int get_phys_addr_v5(CPUState *env, uint32_t address, int access_type,
1003 int is_user, uint32_t *phys_ptr, int *prot,
1004 target_ulong *page_size)
1015 /* Pagetable walk. */
1016 /* Lookup l1 descriptor. */
1017 table = get_level1_table_address(env, address);
1018 desc = ldl_phys(table);
1020 domain = (desc >> 5) & 0x0f;
1021 domain_prot = (env->cp15.c3 >> (domain * 2)) & 3;
1023 /* Section translation fault. */
1027 if (domain_prot == 0 || domain_prot == 2) {
1029 code = 9; /* Section domain fault. */
1031 code = 11; /* Page domain fault. */
1036 phys_addr = (desc & 0xfff00000) | (address & 0x000fffff);
1037 ap = (desc >> 10) & 3;
1039 *page_size = 1024 * 1024;
1041 /* Lookup l2 entry. */
1043 /* Coarse pagetable. */
1044 table = (desc & 0xfffffc00) | ((address >> 10) & 0x3fc);
1046 /* Fine pagetable. */
1047 table = (desc & 0xfffff000) | ((address >> 8) & 0xffc);
1049 desc = ldl_phys(table);
1051 case 0: /* Page translation fault. */
1054 case 1: /* 64k page. */
1055 phys_addr = (desc & 0xffff0000) | (address & 0xffff);
1056 ap = (desc >> (4 + ((address >> 13) & 6))) & 3;
1057 *page_size = 0x10000;
1059 case 2: /* 4k page. */
1060 phys_addr = (desc & 0xfffff000) | (address & 0xfff);
1061 ap = (desc >> (4 + ((address >> 13) & 6))) & 3;
1062 *page_size = 0x1000;
1064 case 3: /* 1k page. */
1066 if (arm_feature(env, ARM_FEATURE_XSCALE)) {
1067 phys_addr = (desc & 0xfffff000) | (address & 0xfff);
1069 /* Page translation fault. */
1074 phys_addr = (desc & 0xfffffc00) | (address & 0x3ff);
1076 ap = (desc >> 4) & 3;
1080 /* Never happens, but compiler isn't smart enough to tell. */
1085 *prot = check_ap(env, ap, domain_prot, access_type, is_user);
1087 /* Access permission fault. */
1091 *phys_ptr = phys_addr;
1094 return code | (domain << 4);
1097 static int get_phys_addr_v6(CPUState *env, uint32_t address, int access_type,
1098 int is_user, uint32_t *phys_ptr, int *prot,
1099 target_ulong *page_size)
1111 /* Pagetable walk. */
1112 /* Lookup l1 descriptor. */
1113 table = get_level1_table_address(env, address);
1114 desc = ldl_phys(table);
1117 /* Section translation fault. */
1121 } else if (type == 2 && (desc & (1 << 18))) {
1125 /* Section or page. */
1126 domain = (desc >> 5) & 0x0f;
1128 domain_prot = (env->cp15.c3 >> (domain * 2)) & 3;
1129 if (domain_prot == 0 || domain_prot == 2) {
1131 code = 9; /* Section domain fault. */
1133 code = 11; /* Page domain fault. */
1137 if (desc & (1 << 18)) {
1139 phys_addr = (desc & 0xff000000) | (address & 0x00ffffff);
1140 *page_size = 0x1000000;
1143 phys_addr = (desc & 0xfff00000) | (address & 0x000fffff);
1144 *page_size = 0x100000;
1146 ap = ((desc >> 10) & 3) | ((desc >> 13) & 4);
1147 xn = desc & (1 << 4);
1150 /* Lookup l2 entry. */
1151 table = (desc & 0xfffffc00) | ((address >> 10) & 0x3fc);
1152 desc = ldl_phys(table);
1153 ap = ((desc >> 4) & 3) | ((desc >> 7) & 4);
1155 case 0: /* Page translation fault. */
1158 case 1: /* 64k page. */
1159 phys_addr = (desc & 0xffff0000) | (address & 0xffff);
1160 xn = desc & (1 << 15);
1161 *page_size = 0x10000;
1163 case 2: case 3: /* 4k page. */
1164 phys_addr = (desc & 0xfffff000) | (address & 0xfff);
1166 *page_size = 0x1000;
1169 /* Never happens, but compiler isn't smart enough to tell. */
1174 if (domain_prot == 3) {
1175 *prot = PAGE_READ | PAGE_WRITE | PAGE_EXEC;
1177 if (xn && access_type == 2)
1180 /* The simplified model uses AP[0] as an access control bit. */
1181 if ((env->cp15.c1_sys & (1 << 29)) && (ap & 1) == 0) {
1182 /* Access flag fault. */
1183 code = (code == 15) ? 6 : 3;
1186 *prot = check_ap(env, ap, domain_prot, access_type, is_user);
1188 /* Access permission fault. */
1195 *phys_ptr = phys_addr;
1198 return code | (domain << 4);
1201 static int get_phys_addr_mpu(CPUState *env, uint32_t address, int access_type,
1202 int is_user, uint32_t *phys_ptr, int *prot)
1208 *phys_ptr = address;
1209 for (n = 7; n >= 0; n--) {
1210 base = env->cp15.c6_region[n];
1211 if ((base & 1) == 0)
1213 mask = 1 << ((base >> 1) & 0x1f);
1214 /* Keep this shift separate from the above to avoid an
1215 (undefined) << 32. */
1216 mask = (mask << 1) - 1;
1217 if (((base ^ address) & ~mask) == 0)
1223 if (access_type == 2) {
1224 mask = env->cp15.c5_insn;
1226 mask = env->cp15.c5_data;
1228 mask = (mask >> (n * 4)) & 0xf;
1235 *prot = PAGE_READ | PAGE_WRITE;
1240 *prot |= PAGE_WRITE;
1243 *prot = PAGE_READ | PAGE_WRITE;
1254 /* Bad permission. */
1261 static inline int get_phys_addr(CPUState *env, uint32_t address,
1262 int access_type, int is_user,
1263 uint32_t *phys_ptr, int *prot,
1264 target_ulong *page_size)
1266 /* Fast Context Switch Extension. */
1267 if (address < 0x02000000)
1268 address += env->cp15.c13_fcse;
1270 if ((env->cp15.c1_sys & 1) == 0) {
1271 /* MMU/MPU disabled. */
1272 *phys_ptr = address;
1273 *prot = PAGE_READ | PAGE_WRITE | PAGE_EXEC;
1274 *page_size = TARGET_PAGE_SIZE;
1276 } else if (arm_feature(env, ARM_FEATURE_MPU)) {
1277 *page_size = TARGET_PAGE_SIZE;
1278 return get_phys_addr_mpu(env, address, access_type, is_user, phys_ptr,
1280 } else if (env->cp15.c1_sys & (1 << 23)) {
1281 return get_phys_addr_v6(env, address, access_type, is_user, phys_ptr,
1284 return get_phys_addr_v5(env, address, access_type, is_user, phys_ptr,
1289 int cpu_arm_handle_mmu_fault (CPUState *env, target_ulong address,
1290 int access_type, int mmu_idx)
1293 target_ulong page_size;
1297 is_user = mmu_idx == MMU_USER_IDX;
1298 ret = get_phys_addr(env, address, access_type, is_user, &phys_addr, &prot,
1301 /* Map a single [sub]page. */
1302 phys_addr &= ~(uint32_t)0x3ff;
1303 address &= ~(uint32_t)0x3ff;
1304 tlb_set_page (env, address, phys_addr, prot, mmu_idx, page_size);
1308 if (access_type == 2) {
1309 env->cp15.c5_insn = ret;
1310 env->cp15.c6_insn = address;
1311 env->exception_index = EXCP_PREFETCH_ABORT;
1313 env->cp15.c5_data = ret;
1314 if (access_type == 1 && arm_feature(env, ARM_FEATURE_V6))
1315 env->cp15.c5_data |= (1 << 11);
1316 env->cp15.c6_data = address;
1317 env->exception_index = EXCP_DATA_ABORT;
1322 target_phys_addr_t cpu_get_phys_page_debug(CPUState *env, target_ulong addr)
1325 target_ulong page_size;
1329 ret = get_phys_addr(env, addr, 0, 0, &phys_addr, &prot, &page_size);
1337 void HELPER(set_cp)(CPUState *env, uint32_t insn, uint32_t val)
1339 int cp_num = (insn >> 8) & 0xf;
1340 int cp_info = (insn >> 5) & 7;
1341 int src = (insn >> 16) & 0xf;
1342 int operand = insn & 0xf;
1344 if (env->cp[cp_num].cp_write)
1345 env->cp[cp_num].cp_write(env->cp[cp_num].opaque,
1346 cp_info, src, operand, val);
1349 uint32_t HELPER(get_cp)(CPUState *env, uint32_t insn)
1351 int cp_num = (insn >> 8) & 0xf;
1352 int cp_info = (insn >> 5) & 7;
1353 int dest = (insn >> 16) & 0xf;
1354 int operand = insn & 0xf;
1356 if (env->cp[cp_num].cp_read)
1357 return env->cp[cp_num].cp_read(env->cp[cp_num].opaque,
1358 cp_info, dest, operand);
1362 /* Return basic MPU access permission bits. */
1363 static uint32_t simple_mpu_ap_bits(uint32_t val)
1370 for (i = 0; i < 16; i += 2) {
1371 ret |= (val >> i) & mask;
1377 /* Pad basic MPU access permission bits to extended format. */
1378 static uint32_t extended_mpu_ap_bits(uint32_t val)
1385 for (i = 0; i < 16; i += 2) {
1386 ret |= (val & mask) << i;
1392 void HELPER(set_cp15)(CPUState *env, uint32_t insn, uint32_t val)
1398 op1 = (insn >> 21) & 7;
1399 op2 = (insn >> 5) & 7;
1401 switch ((insn >> 16) & 0xf) {
1404 if (arm_feature(env, ARM_FEATURE_XSCALE))
1406 if (arm_feature(env, ARM_FEATURE_OMAPCP))
1408 if (arm_feature(env, ARM_FEATURE_V7)
1409 && op1 == 2 && crm == 0 && op2 == 0) {
1410 env->cp15.c0_cssel = val & 0xf;
1414 case 1: /* System configuration. */
1415 if (arm_feature(env, ARM_FEATURE_OMAPCP))
1419 if (!arm_feature(env, ARM_FEATURE_XSCALE) || crm == 0)
1420 env->cp15.c1_sys = val;
1421 /* ??? Lots of these bits are not implemented. */
1422 /* This may enable/disable the MMU, so do a TLB flush. */
1425 case 1: /* Auxiliary control register. */
1426 if (arm_feature(env, ARM_FEATURE_XSCALE)) {
1427 env->cp15.c1_xscaleauxcr = val;
1430 /* Not implemented. */
1433 if (arm_feature(env, ARM_FEATURE_XSCALE))
1435 if (env->cp15.c1_coproc != val) {
1436 env->cp15.c1_coproc = val;
1437 /* ??? Is this safe when called from within a TB? */
1445 case 2: /* MMU Page table control / MPU cache control. */
1446 if (arm_feature(env, ARM_FEATURE_MPU)) {
1449 env->cp15.c2_data = val;
1452 env->cp15.c2_insn = val;
1460 env->cp15.c2_base0 = val;
1463 env->cp15.c2_base1 = val;
1467 env->cp15.c2_control = val;
1468 env->cp15.c2_mask = ~(((uint32_t)0xffffffffu) >> val);
1469 env->cp15.c2_base_mask = ~((uint32_t)0x3fffu >> val);
1476 case 3: /* MMU Domain access control / MPU write buffer control. */
1478 tlb_flush(env, 1); /* Flush TLB as domain not tracked in TLB */
1480 case 4: /* Reserved. */
1482 case 5: /* MMU Fault status / MPU access permission. */
1483 if (arm_feature(env, ARM_FEATURE_OMAPCP))
1487 if (arm_feature(env, ARM_FEATURE_MPU))
1488 val = extended_mpu_ap_bits(val);
1489 env->cp15.c5_data = val;
1492 if (arm_feature(env, ARM_FEATURE_MPU))
1493 val = extended_mpu_ap_bits(val);
1494 env->cp15.c5_insn = val;
1497 if (!arm_feature(env, ARM_FEATURE_MPU))
1499 env->cp15.c5_data = val;
1502 if (!arm_feature(env, ARM_FEATURE_MPU))
1504 env->cp15.c5_insn = val;
1510 case 6: /* MMU Fault address / MPU base/size. */
1511 if (arm_feature(env, ARM_FEATURE_MPU)) {
1514 env->cp15.c6_region[crm] = val;
1516 if (arm_feature(env, ARM_FEATURE_OMAPCP))
1520 env->cp15.c6_data = val;
1522 case 1: /* ??? This is WFAR on armv6 */
1524 env->cp15.c6_insn = val;
1531 case 7: /* Cache control. */
1532 env->cp15.c15_i_max = 0x000;
1533 env->cp15.c15_i_min = 0xff0;
1537 /* No cache, so nothing to do except VA->PA translations. */
1538 if (arm_feature(env, ARM_FEATURE_VAPA)) {
1541 if (arm_feature(env, ARM_FEATURE_V7)) {
1542 env->cp15.c7_par = val & 0xfffff6ff;
1544 env->cp15.c7_par = val & 0xfffff1ff;
1549 target_ulong page_size;
1551 int ret, is_user = op2 & 2;
1552 int access_type = op2 & 1;
1555 /* Other states are only available with TrustZone */
1558 ret = get_phys_addr(env, val, access_type, is_user,
1559 &phys_addr, &prot, &page_size);
1561 /* We do not set any attribute bits in the PAR */
1562 if (page_size == (1 << 24)
1563 && arm_feature(env, ARM_FEATURE_V7)) {
1564 env->cp15.c7_par = (phys_addr & 0xff000000) | 1 << 1;
1566 env->cp15.c7_par = phys_addr & 0xfffff000;
1569 env->cp15.c7_par = ((ret & (10 << 1)) >> 5) |
1570 ((ret & (12 << 1)) >> 6) |
1571 ((ret & 0xf) << 1) | 1;
1578 case 8: /* MMU TLB control. */
1580 case 0: /* Invalidate all. */
1583 case 1: /* Invalidate single TLB entry. */
1584 tlb_flush_page(env, val & TARGET_PAGE_MASK);
1586 case 2: /* Invalidate on ASID. */
1587 tlb_flush(env, val == 0);
1589 case 3: /* Invalidate single entry on MVA. */
1590 /* ??? This is like case 1, but ignores ASID. */
1598 if (arm_feature(env, ARM_FEATURE_OMAPCP))
1600 if (arm_feature(env, ARM_FEATURE_STRONGARM))
1601 break; /* Ignore ReadBuffer access */
1603 case 0: /* Cache lockdown. */
1605 case 0: /* L1 cache. */
1608 env->cp15.c9_data = val;
1611 env->cp15.c9_insn = val;
1617 case 1: /* L2 cache. */
1618 /* Ignore writes to L2 lockdown/auxiliary registers. */
1624 case 1: /* TCM memory region registers. */
1625 /* Not implemented. */
1627 case 12: /* Performance monitor control */
1628 /* Performance monitors are implementation defined in v7,
1629 * but with an ARM recommended set of registers, which we
1630 * follow (although we don't actually implement any counters)
1632 if (!arm_feature(env, ARM_FEATURE_V7)) {
1636 case 0: /* performance monitor control register */
1637 /* only the DP, X, D and E bits are writable */
1638 env->cp15.c9_pmcr &= ~0x39;
1639 env->cp15.c9_pmcr |= (val & 0x39);
1641 case 1: /* Count enable set register */
1643 env->cp15.c9_pmcnten |= val;
1645 case 2: /* Count enable clear */
1647 env->cp15.c9_pmcnten &= ~val;
1649 case 3: /* Overflow flag status */
1650 env->cp15.c9_pmovsr &= ~val;
1652 case 4: /* Software increment */
1653 /* RAZ/WI since we don't implement the software-count event */
1655 case 5: /* Event counter selection register */
1656 /* Since we don't implement any events, writing to this register
1657 * is actually UNPREDICTABLE. So we choose to RAZ/WI.
1664 case 13: /* Performance counters */
1665 if (!arm_feature(env, ARM_FEATURE_V7)) {
1669 case 0: /* Cycle count register: not implemented, so RAZ/WI */
1671 case 1: /* Event type select */
1672 env->cp15.c9_pmxevtyper = val & 0xff;
1674 case 2: /* Event count register */
1675 /* Unimplemented (we have no events), RAZ/WI */
1681 case 14: /* Performance monitor control */
1682 if (!arm_feature(env, ARM_FEATURE_V7)) {
1686 case 0: /* user enable */
1687 env->cp15.c9_pmuserenr = val & 1;
1688 /* changes access rights for cp registers, so flush tbs */
1691 case 1: /* interrupt enable set */
1692 /* We have no event counters so only the C bit can be changed */
1694 env->cp15.c9_pminten |= val;
1696 case 2: /* interrupt enable clear */
1698 env->cp15.c9_pminten &= ~val;
1706 case 10: /* MMU TLB lockdown. */
1707 /* ??? TLB lockdown not implemented. */
1709 case 12: /* Reserved. */
1711 case 13: /* Process ID. */
1714 /* Unlike real hardware the qemu TLB uses virtual addresses,
1715 not modified virtual addresses, so this causes a TLB flush.
1717 if (env->cp15.c13_fcse != val)
1719 env->cp15.c13_fcse = val;
1722 /* This changes the ASID, so do a TLB flush. */
1723 if (env->cp15.c13_context != val
1724 && !arm_feature(env, ARM_FEATURE_MPU))
1726 env->cp15.c13_context = val;
1732 case 14: /* Reserved. */
1734 case 15: /* Implementation specific. */
1735 if (arm_feature(env, ARM_FEATURE_XSCALE)) {
1736 if (op2 == 0 && crm == 1) {
1737 if (env->cp15.c15_cpar != (val & 0x3fff)) {
1738 /* Changes cp0 to cp13 behavior, so needs a TB flush. */
1740 env->cp15.c15_cpar = val & 0x3fff;
1746 if (arm_feature(env, ARM_FEATURE_OMAPCP)) {
1750 case 1: /* Set TI925T configuration. */
1751 env->cp15.c15_ticonfig = val & 0xe7;
1752 env->cp15.c0_cpuid = (val & (1 << 5)) ? /* OS_TYPE bit */
1753 ARM_CPUID_TI915T : ARM_CPUID_TI925T;
1755 case 2: /* Set I_max. */
1756 env->cp15.c15_i_max = val;
1758 case 3: /* Set I_min. */
1759 env->cp15.c15_i_min = val;
1761 case 4: /* Set thread-ID. */
1762 env->cp15.c15_threadid = val & 0xffff;
1764 case 8: /* Wait-for-interrupt (deprecated). */
1765 cpu_interrupt(env, CPU_INTERRUPT_HALT);
1775 /* ??? For debugging only. Should raise illegal instruction exception. */
1776 cpu_abort(env, "Unimplemented cp15 register write (c%d, c%d, {%d, %d})\n",
1777 (insn >> 16) & 0xf, crm, op1, op2);
1780 uint32_t HELPER(get_cp15)(CPUState *env, uint32_t insn)
1786 op1 = (insn >> 21) & 7;
1787 op2 = (insn >> 5) & 7;
1789 switch ((insn >> 16) & 0xf) {
1790 case 0: /* ID codes. */
1796 case 0: /* Device ID. */
1797 return env->cp15.c0_cpuid;
1798 case 1: /* Cache Type. */
1799 return env->cp15.c0_cachetype;
1800 case 2: /* TCM status. */
1802 case 3: /* TLB type register. */
1803 return 0; /* No lockable TLB entries. */
1805 /* The MPIDR was standardised in v7; prior to
1806 * this it was implemented only in the 11MPCore.
1807 * For all other pre-v7 cores it does not exist.
1809 if (arm_feature(env, ARM_FEATURE_V7) ||
1810 ARM_CPUID(env) == ARM_CPUID_ARM11MPCORE) {
1811 int mpidr = env->cpu_index;
1812 /* We don't support setting cluster ID ([8..11])
1813 * so these bits always RAZ.
1815 if (arm_feature(env, ARM_FEATURE_V7MP)) {
1817 /* Cores which are uniprocessor (non-coherent)
1818 * but still implement the MP extensions set
1819 * bit 30. (For instance, A9UP.) However we do
1820 * not currently model any of those cores.
1825 /* otherwise fall through to the unimplemented-reg case */
1830 if (!arm_feature(env, ARM_FEATURE_V6))
1832 return env->cp15.c0_c1[op2];
1834 if (!arm_feature(env, ARM_FEATURE_V6))
1836 return env->cp15.c0_c2[op2];
1837 case 3: case 4: case 5: case 6: case 7:
1843 /* These registers aren't documented on arm11 cores. However
1844 Linux looks at them anyway. */
1845 if (!arm_feature(env, ARM_FEATURE_V6))
1849 if (!arm_feature(env, ARM_FEATURE_V7))
1854 return env->cp15.c0_ccsid[env->cp15.c0_cssel];
1856 return env->cp15.c0_clid;
1862 if (op2 != 0 || crm != 0)
1864 return env->cp15.c0_cssel;
1868 case 1: /* System configuration. */
1869 if (arm_feature(env, ARM_FEATURE_OMAPCP))
1872 case 0: /* Control register. */
1873 return env->cp15.c1_sys;
1874 case 1: /* Auxiliary control register. */
1875 if (arm_feature(env, ARM_FEATURE_XSCALE))
1876 return env->cp15.c1_xscaleauxcr;
1877 if (!arm_feature(env, ARM_FEATURE_AUXCR))
1879 switch (ARM_CPUID(env)) {
1880 case ARM_CPUID_ARM1026:
1882 case ARM_CPUID_ARM1136:
1883 case ARM_CPUID_ARM1136_R2:
1884 case ARM_CPUID_ARM1176:
1886 case ARM_CPUID_ARM11MPCORE:
1888 case ARM_CPUID_CORTEXA8:
1890 case ARM_CPUID_CORTEXA9:
1895 case 2: /* Coprocessor access register. */
1896 if (arm_feature(env, ARM_FEATURE_XSCALE))
1898 return env->cp15.c1_coproc;
1902 case 2: /* MMU Page table control / MPU cache control. */
1903 if (arm_feature(env, ARM_FEATURE_MPU)) {
1906 return env->cp15.c2_data;
1909 return env->cp15.c2_insn;
1917 return env->cp15.c2_base0;
1919 return env->cp15.c2_base1;
1921 return env->cp15.c2_control;
1926 case 3: /* MMU Domain access control / MPU write buffer control. */
1927 return env->cp15.c3;
1928 case 4: /* Reserved. */
1930 case 5: /* MMU Fault status / MPU access permission. */
1931 if (arm_feature(env, ARM_FEATURE_OMAPCP))
1935 if (arm_feature(env, ARM_FEATURE_MPU))
1936 return simple_mpu_ap_bits(env->cp15.c5_data);
1937 return env->cp15.c5_data;
1939 if (arm_feature(env, ARM_FEATURE_MPU))
1940 return simple_mpu_ap_bits(env->cp15.c5_data);
1941 return env->cp15.c5_insn;
1943 if (!arm_feature(env, ARM_FEATURE_MPU))
1945 return env->cp15.c5_data;
1947 if (!arm_feature(env, ARM_FEATURE_MPU))
1949 return env->cp15.c5_insn;
1953 case 6: /* MMU Fault address. */
1954 if (arm_feature(env, ARM_FEATURE_MPU)) {
1957 return env->cp15.c6_region[crm];
1959 if (arm_feature(env, ARM_FEATURE_OMAPCP))
1963 return env->cp15.c6_data;
1965 if (arm_feature(env, ARM_FEATURE_V6)) {
1966 /* Watchpoint Fault Adrress. */
1967 return 0; /* Not implemented. */
1969 /* Instruction Fault Adrress. */
1970 /* Arm9 doesn't have an IFAR, but implementing it anyway
1971 shouldn't do any harm. */
1972 return env->cp15.c6_insn;
1975 if (arm_feature(env, ARM_FEATURE_V6)) {
1976 /* Instruction Fault Adrress. */
1977 return env->cp15.c6_insn;
1985 case 7: /* Cache control. */
1986 if (crm == 4 && op1 == 0 && op2 == 0) {
1987 return env->cp15.c7_par;
1989 /* FIXME: Should only clear Z flag if destination is r15. */
1992 case 8: /* MMU TLB control. */
1996 case 0: /* Cache lockdown */
1998 case 0: /* L1 cache. */
1999 if (arm_feature(env, ARM_FEATURE_OMAPCP)) {
2004 return env->cp15.c9_data;
2006 return env->cp15.c9_insn;
2010 case 1: /* L2 cache */
2014 /* L2 Lockdown and Auxiliary control. */
2020 case 12: /* Performance monitor control */
2021 if (!arm_feature(env, ARM_FEATURE_V7)) {
2025 case 0: /* performance monitor control register */
2026 return env->cp15.c9_pmcr;
2027 case 1: /* count enable set */
2028 case 2: /* count enable clear */
2029 return env->cp15.c9_pmcnten;
2030 case 3: /* overflow flag status */
2031 return env->cp15.c9_pmovsr;
2032 case 4: /* software increment */
2033 case 5: /* event counter selection register */
2034 return 0; /* Unimplemented, RAZ/WI */
2038 case 13: /* Performance counters */
2039 if (!arm_feature(env, ARM_FEATURE_V7)) {
2043 case 1: /* Event type select */
2044 return env->cp15.c9_pmxevtyper;
2045 case 0: /* Cycle count register */
2046 case 2: /* Event count register */
2047 /* Unimplemented, so RAZ/WI */
2052 case 14: /* Performance monitor control */
2053 if (!arm_feature(env, ARM_FEATURE_V7)) {
2057 case 0: /* user enable */
2058 return env->cp15.c9_pmuserenr;
2059 case 1: /* interrupt enable set */
2060 case 2: /* interrupt enable clear */
2061 return env->cp15.c9_pminten;
2069 case 10: /* MMU TLB lockdown. */
2070 /* ??? TLB lockdown not implemented. */
2072 case 11: /* TCM DMA control. */
2073 case 12: /* Reserved. */
2075 case 13: /* Process ID. */
2078 return env->cp15.c13_fcse;
2080 return env->cp15.c13_context;
2084 case 14: /* Reserved. */
2086 case 15: /* Implementation specific. */
2087 if (arm_feature(env, ARM_FEATURE_XSCALE)) {
2088 if (op2 == 0 && crm == 1)
2089 return env->cp15.c15_cpar;
2093 if (arm_feature(env, ARM_FEATURE_OMAPCP)) {
2097 case 1: /* Read TI925T configuration. */
2098 return env->cp15.c15_ticonfig;
2099 case 2: /* Read I_max. */
2100 return env->cp15.c15_i_max;
2101 case 3: /* Read I_min. */
2102 return env->cp15.c15_i_min;
2103 case 4: /* Read thread-ID. */
2104 return env->cp15.c15_threadid;
2105 case 8: /* TI925T_status */
2108 /* TODO: Peripheral port remap register:
2109 * On OMAP2 mcr p15, 0, rn, c15, c2, 4 sets up the interrupt
2110 * controller base address at $rn & ~0xfff and map size of
2111 * 0x200 << ($rn & 0xfff), when MMU is off. */
2117 /* ??? For debugging only. Should raise illegal instruction exception. */
2118 cpu_abort(env, "Unimplemented cp15 register read (c%d, c%d, {%d, %d})\n",
2119 (insn >> 16) & 0xf, crm, op1, op2);
2123 void HELPER(set_r13_banked)(CPUState *env, uint32_t mode, uint32_t val)
2125 if ((env->uncached_cpsr & CPSR_M) == mode) {
2126 env->regs[13] = val;
2128 env->banked_r13[bank_number(mode)] = val;
2132 uint32_t HELPER(get_r13_banked)(CPUState *env, uint32_t mode)
2134 if ((env->uncached_cpsr & CPSR_M) == mode) {
2135 return env->regs[13];
2137 return env->banked_r13[bank_number(mode)];
2141 uint32_t HELPER(v7m_mrs)(CPUState *env, uint32_t reg)
2145 return xpsr_read(env) & 0xf8000000;
2147 return xpsr_read(env) & 0xf80001ff;
2149 return xpsr_read(env) & 0xff00fc00;
2151 return xpsr_read(env) & 0xff00fdff;
2153 return xpsr_read(env) & 0x000001ff;
2155 return xpsr_read(env) & 0x0700fc00;
2157 return xpsr_read(env) & 0x0700edff;
2159 return env->v7m.current_sp ? env->v7m.other_sp : env->regs[13];
2161 return env->v7m.current_sp ? env->regs[13] : env->v7m.other_sp;
2162 case 16: /* PRIMASK */
2163 return (env->uncached_cpsr & CPSR_I) != 0;
2164 case 17: /* BASEPRI */
2165 case 18: /* BASEPRI_MAX */
2166 return env->v7m.basepri;
2167 case 19: /* FAULTMASK */
2168 return (env->uncached_cpsr & CPSR_F) != 0;
2169 case 20: /* CONTROL */
2170 return env->v7m.control;
2172 /* ??? For debugging only. */
2173 cpu_abort(env, "Unimplemented system register read (%d)\n", reg);
2178 void HELPER(v7m_msr)(CPUState *env, uint32_t reg, uint32_t val)
2182 xpsr_write(env, val, 0xf8000000);
2185 xpsr_write(env, val, 0xf8000000);
2188 xpsr_write(env, val, 0xfe00fc00);
2191 xpsr_write(env, val, 0xfe00fc00);
2194 /* IPSR bits are readonly. */
2197 xpsr_write(env, val, 0x0600fc00);
2200 xpsr_write(env, val, 0x0600fc00);
2203 if (env->v7m.current_sp)
2204 env->v7m.other_sp = val;
2206 env->regs[13] = val;
2209 if (env->v7m.current_sp)
2210 env->regs[13] = val;
2212 env->v7m.other_sp = val;
2214 case 16: /* PRIMASK */
2216 env->uncached_cpsr |= CPSR_I;
2218 env->uncached_cpsr &= ~CPSR_I;
2220 case 17: /* BASEPRI */
2221 env->v7m.basepri = val & 0xff;
2223 case 18: /* BASEPRI_MAX */
2225 if (val != 0 && (val < env->v7m.basepri || env->v7m.basepri == 0))
2226 env->v7m.basepri = val;
2228 case 19: /* FAULTMASK */
2230 env->uncached_cpsr |= CPSR_F;
2232 env->uncached_cpsr &= ~CPSR_F;
2234 case 20: /* CONTROL */
2235 env->v7m.control = val & 3;
2236 switch_v7m_sp(env, (val & 2) != 0);
2239 /* ??? For debugging only. */
2240 cpu_abort(env, "Unimplemented system register write (%d)\n", reg);
2245 void cpu_arm_set_cp_io(CPUARMState *env, int cpnum,
2246 ARMReadCPFunc *cp_read, ARMWriteCPFunc *cp_write,
2249 if (cpnum < 0 || cpnum > 14) {
2250 cpu_abort(env, "Bad coprocessor number: %i\n", cpnum);
2254 env->cp[cpnum].cp_read = cp_read;
2255 env->cp[cpnum].cp_write = cp_write;
2256 env->cp[cpnum].opaque = opaque;
2261 /* Note that signed overflow is undefined in C. The following routines are
2262 careful to use unsigned types where modulo arithmetic is required.
2263 Failure to do so _will_ break on newer gcc. */
2265 /* Signed saturating arithmetic. */
2267 /* Perform 16-bit signed saturating addition. */
2268 static inline uint16_t add16_sat(uint16_t a, uint16_t b)
2273 if (((res ^ a) & 0x8000) && !((a ^ b) & 0x8000)) {
2282 /* Perform 8-bit signed saturating addition. */
2283 static inline uint8_t add8_sat(uint8_t a, uint8_t b)
2288 if (((res ^ a) & 0x80) && !((a ^ b) & 0x80)) {
2297 /* Perform 16-bit signed saturating subtraction. */
2298 static inline uint16_t sub16_sat(uint16_t a, uint16_t b)
2303 if (((res ^ a) & 0x8000) && ((a ^ b) & 0x8000)) {
2312 /* Perform 8-bit signed saturating subtraction. */
2313 static inline uint8_t sub8_sat(uint8_t a, uint8_t b)
2318 if (((res ^ a) & 0x80) && ((a ^ b) & 0x80)) {
2327 #define ADD16(a, b, n) RESULT(add16_sat(a, b), n, 16);
2328 #define SUB16(a, b, n) RESULT(sub16_sat(a, b), n, 16);
2329 #define ADD8(a, b, n) RESULT(add8_sat(a, b), n, 8);
2330 #define SUB8(a, b, n) RESULT(sub8_sat(a, b), n, 8);
2333 #include "op_addsub.h"
2335 /* Unsigned saturating arithmetic. */
2336 static inline uint16_t add16_usat(uint16_t a, uint16_t b)
2345 static inline uint16_t sub16_usat(uint16_t a, uint16_t b)
2353 static inline uint8_t add8_usat(uint8_t a, uint8_t b)
2362 static inline uint8_t sub8_usat(uint8_t a, uint8_t b)
2370 #define ADD16(a, b, n) RESULT(add16_usat(a, b), n, 16);
2371 #define SUB16(a, b, n) RESULT(sub16_usat(a, b), n, 16);
2372 #define ADD8(a, b, n) RESULT(add8_usat(a, b), n, 8);
2373 #define SUB8(a, b, n) RESULT(sub8_usat(a, b), n, 8);
2376 #include "op_addsub.h"
2378 /* Signed modulo arithmetic. */
2379 #define SARITH16(a, b, n, op) do { \
2381 sum = (int32_t)(int16_t)(a) op (int32_t)(int16_t)(b); \
2382 RESULT(sum, n, 16); \
2384 ge |= 3 << (n * 2); \
2387 #define SARITH8(a, b, n, op) do { \
2389 sum = (int32_t)(int8_t)(a) op (int32_t)(int8_t)(b); \
2390 RESULT(sum, n, 8); \
2396 #define ADD16(a, b, n) SARITH16(a, b, n, +)
2397 #define SUB16(a, b, n) SARITH16(a, b, n, -)
2398 #define ADD8(a, b, n) SARITH8(a, b, n, +)
2399 #define SUB8(a, b, n) SARITH8(a, b, n, -)
2403 #include "op_addsub.h"
2405 /* Unsigned modulo arithmetic. */
2406 #define ADD16(a, b, n) do { \
2408 sum = (uint32_t)(uint16_t)(a) + (uint32_t)(uint16_t)(b); \
2409 RESULT(sum, n, 16); \
2410 if ((sum >> 16) == 1) \
2411 ge |= 3 << (n * 2); \
2414 #define ADD8(a, b, n) do { \
2416 sum = (uint32_t)(uint8_t)(a) + (uint32_t)(uint8_t)(b); \
2417 RESULT(sum, n, 8); \
2418 if ((sum >> 8) == 1) \
2422 #define SUB16(a, b, n) do { \
2424 sum = (uint32_t)(uint16_t)(a) - (uint32_t)(uint16_t)(b); \
2425 RESULT(sum, n, 16); \
2426 if ((sum >> 16) == 0) \
2427 ge |= 3 << (n * 2); \
2430 #define SUB8(a, b, n) do { \
2432 sum = (uint32_t)(uint8_t)(a) - (uint32_t)(uint8_t)(b); \
2433 RESULT(sum, n, 8); \
2434 if ((sum >> 8) == 0) \
2441 #include "op_addsub.h"
2443 /* Halved signed arithmetic. */
2444 #define ADD16(a, b, n) \
2445 RESULT(((int32_t)(int16_t)(a) + (int32_t)(int16_t)(b)) >> 1, n, 16)
2446 #define SUB16(a, b, n) \
2447 RESULT(((int32_t)(int16_t)(a) - (int32_t)(int16_t)(b)) >> 1, n, 16)
2448 #define ADD8(a, b, n) \
2449 RESULT(((int32_t)(int8_t)(a) + (int32_t)(int8_t)(b)) >> 1, n, 8)
2450 #define SUB8(a, b, n) \
2451 RESULT(((int32_t)(int8_t)(a) - (int32_t)(int8_t)(b)) >> 1, n, 8)
2454 #include "op_addsub.h"
2456 /* Halved unsigned arithmetic. */
2457 #define ADD16(a, b, n) \
2458 RESULT(((uint32_t)(uint16_t)(a) + (uint32_t)(uint16_t)(b)) >> 1, n, 16)
2459 #define SUB16(a, b, n) \
2460 RESULT(((uint32_t)(uint16_t)(a) - (uint32_t)(uint16_t)(b)) >> 1, n, 16)
2461 #define ADD8(a, b, n) \
2462 RESULT(((uint32_t)(uint8_t)(a) + (uint32_t)(uint8_t)(b)) >> 1, n, 8)
2463 #define SUB8(a, b, n) \
2464 RESULT(((uint32_t)(uint8_t)(a) - (uint32_t)(uint8_t)(b)) >> 1, n, 8)
2467 #include "op_addsub.h"
2469 static inline uint8_t do_usad(uint8_t a, uint8_t b)
2477 /* Unsigned sum of absolute byte differences. */
2478 uint32_t HELPER(usad8)(uint32_t a, uint32_t b)
2481 sum = do_usad(a, b);
2482 sum += do_usad(a >> 8, b >> 8);
2483 sum += do_usad(a >> 16, b >>16);
2484 sum += do_usad(a >> 24, b >> 24);
2488 /* For ARMv6 SEL instruction. */
2489 uint32_t HELPER(sel_flags)(uint32_t flags, uint32_t a, uint32_t b)
2502 return (a & mask) | (b & ~mask);
2505 uint32_t HELPER(logicq_cc)(uint64_t val)
2507 return (val >> 32) | (val != 0);
2510 /* VFP support. We follow the convention used for VFP instrunctions:
2511 Single precition routines have a "s" suffix, double precision a
2514 /* Convert host exception flags to vfp form. */
2515 static inline int vfp_exceptbits_from_host(int host_bits)
2517 int target_bits = 0;
2519 if (host_bits & float_flag_invalid)
2521 if (host_bits & float_flag_divbyzero)
2523 if (host_bits & float_flag_overflow)
2525 if (host_bits & (float_flag_underflow | float_flag_output_denormal))
2527 if (host_bits & float_flag_inexact)
2528 target_bits |= 0x10;
2529 if (host_bits & float_flag_input_denormal)
2530 target_bits |= 0x80;
2534 uint32_t HELPER(vfp_get_fpscr)(CPUState *env)
2539 fpscr = (env->vfp.xregs[ARM_VFP_FPSCR] & 0xffc8ffff)
2540 | (env->vfp.vec_len << 16)
2541 | (env->vfp.vec_stride << 20);
2542 i = get_float_exception_flags(&env->vfp.fp_status);
2543 i |= get_float_exception_flags(&env->vfp.standard_fp_status);
2544 fpscr |= vfp_exceptbits_from_host(i);
2548 uint32_t vfp_get_fpscr(CPUState *env)
2550 return HELPER(vfp_get_fpscr)(env);
2553 /* Convert vfp exception flags to target form. */
2554 static inline int vfp_exceptbits_to_host(int target_bits)
2558 if (target_bits & 1)
2559 host_bits |= float_flag_invalid;
2560 if (target_bits & 2)
2561 host_bits |= float_flag_divbyzero;
2562 if (target_bits & 4)
2563 host_bits |= float_flag_overflow;
2564 if (target_bits & 8)
2565 host_bits |= float_flag_underflow;
2566 if (target_bits & 0x10)
2567 host_bits |= float_flag_inexact;
2568 if (target_bits & 0x80)
2569 host_bits |= float_flag_input_denormal;
2573 void HELPER(vfp_set_fpscr)(CPUState *env, uint32_t val)
2578 changed = env->vfp.xregs[ARM_VFP_FPSCR];
2579 env->vfp.xregs[ARM_VFP_FPSCR] = (val & 0xffc8ffff);
2580 env->vfp.vec_len = (val >> 16) & 7;
2581 env->vfp.vec_stride = (val >> 20) & 3;
2584 if (changed & (3 << 22)) {
2585 i = (val >> 22) & 3;
2588 i = float_round_nearest_even;
2594 i = float_round_down;
2597 i = float_round_to_zero;
2600 set_float_rounding_mode(i, &env->vfp.fp_status);
2602 if (changed & (1 << 24)) {
2603 set_flush_to_zero((val & (1 << 24)) != 0, &env->vfp.fp_status);
2604 set_flush_inputs_to_zero((val & (1 << 24)) != 0, &env->vfp.fp_status);
2606 if (changed & (1 << 25))
2607 set_default_nan_mode((val & (1 << 25)) != 0, &env->vfp.fp_status);
2609 i = vfp_exceptbits_to_host(val);
2610 set_float_exception_flags(i, &env->vfp.fp_status);
2611 set_float_exception_flags(0, &env->vfp.standard_fp_status);
2614 void vfp_set_fpscr(CPUState *env, uint32_t val)
2616 HELPER(vfp_set_fpscr)(env, val);
2619 #define VFP_HELPER(name, p) HELPER(glue(glue(vfp_,name),p))
2621 #define VFP_BINOP(name) \
2622 float32 VFP_HELPER(name, s)(float32 a, float32 b, void *fpstp) \
2624 float_status *fpst = fpstp; \
2625 return float32_ ## name(a, b, fpst); \
2627 float64 VFP_HELPER(name, d)(float64 a, float64 b, void *fpstp) \
2629 float_status *fpst = fpstp; \
2630 return float64_ ## name(a, b, fpst); \
2638 float32 VFP_HELPER(neg, s)(float32 a)
2640 return float32_chs(a);
2643 float64 VFP_HELPER(neg, d)(float64 a)
2645 return float64_chs(a);
2648 float32 VFP_HELPER(abs, s)(float32 a)
2650 return float32_abs(a);
2653 float64 VFP_HELPER(abs, d)(float64 a)
2655 return float64_abs(a);
2658 float32 VFP_HELPER(sqrt, s)(float32 a, CPUState *env)
2660 return float32_sqrt(a, &env->vfp.fp_status);
2663 float64 VFP_HELPER(sqrt, d)(float64 a, CPUState *env)
2665 return float64_sqrt(a, &env->vfp.fp_status);
2668 /* XXX: check quiet/signaling case */
2669 #define DO_VFP_cmp(p, type) \
2670 void VFP_HELPER(cmp, p)(type a, type b, CPUState *env) \
2673 switch(type ## _compare_quiet(a, b, &env->vfp.fp_status)) { \
2674 case 0: flags = 0x6; break; \
2675 case -1: flags = 0x8; break; \
2676 case 1: flags = 0x2; break; \
2677 default: case 2: flags = 0x3; break; \
2679 env->vfp.xregs[ARM_VFP_FPSCR] = (flags << 28) \
2680 | (env->vfp.xregs[ARM_VFP_FPSCR] & 0x0fffffff); \
2682 void VFP_HELPER(cmpe, p)(type a, type b, CPUState *env) \
2685 switch(type ## _compare(a, b, &env->vfp.fp_status)) { \
2686 case 0: flags = 0x6; break; \
2687 case -1: flags = 0x8; break; \
2688 case 1: flags = 0x2; break; \
2689 default: case 2: flags = 0x3; break; \
2691 env->vfp.xregs[ARM_VFP_FPSCR] = (flags << 28) \
2692 | (env->vfp.xregs[ARM_VFP_FPSCR] & 0x0fffffff); \
2694 DO_VFP_cmp(s, float32)
2695 DO_VFP_cmp(d, float64)
2698 /* Integer to float and float to integer conversions */
2700 #define CONV_ITOF(name, fsz, sign) \
2701 float##fsz HELPER(name)(uint32_t x, void *fpstp) \
2703 float_status *fpst = fpstp; \
2704 return sign##int32_to_##float##fsz(x, fpst); \
2707 #define CONV_FTOI(name, fsz, sign, round) \
2708 uint32_t HELPER(name)(float##fsz x, void *fpstp) \
2710 float_status *fpst = fpstp; \
2711 if (float##fsz##_is_any_nan(x)) { \
2712 float_raise(float_flag_invalid, fpst); \
2715 return float##fsz##_to_##sign##int32##round(x, fpst); \
2718 #define FLOAT_CONVS(name, p, fsz, sign) \
2719 CONV_ITOF(vfp_##name##to##p, fsz, sign) \
2720 CONV_FTOI(vfp_to##name##p, fsz, sign, ) \
2721 CONV_FTOI(vfp_to##name##z##p, fsz, sign, _round_to_zero)
2723 FLOAT_CONVS(si, s, 32, )
2724 FLOAT_CONVS(si, d, 64, )
2725 FLOAT_CONVS(ui, s, 32, u)
2726 FLOAT_CONVS(ui, d, 64, u)
2732 /* floating point conversion */
2733 float64 VFP_HELPER(fcvtd, s)(float32 x, CPUState *env)
2735 float64 r = float32_to_float64(x, &env->vfp.fp_status);
2736 /* ARM requires that S<->D conversion of any kind of NaN generates
2737 * a quiet NaN by forcing the most significant frac bit to 1.
2739 return float64_maybe_silence_nan(r);
2742 float32 VFP_HELPER(fcvts, d)(float64 x, CPUState *env)
2744 float32 r = float64_to_float32(x, &env->vfp.fp_status);
2745 /* ARM requires that S<->D conversion of any kind of NaN generates
2746 * a quiet NaN by forcing the most significant frac bit to 1.
2748 return float32_maybe_silence_nan(r);
2751 /* VFP3 fixed point conversion. */
2752 #define VFP_CONV_FIX(name, p, fsz, itype, sign) \
2753 float##fsz HELPER(vfp_##name##to##p)(uint##fsz##_t x, uint32_t shift, \
2756 float_status *fpst = fpstp; \
2758 tmp = sign##int32_to_##float##fsz((itype##_t)x, fpst); \
2759 return float##fsz##_scalbn(tmp, -(int)shift, fpst); \
2761 uint##fsz##_t HELPER(vfp_to##name##p)(float##fsz x, uint32_t shift, \
2764 float_status *fpst = fpstp; \
2766 if (float##fsz##_is_any_nan(x)) { \
2767 float_raise(float_flag_invalid, fpst); \
2770 tmp = float##fsz##_scalbn(x, shift, fpst); \
2771 return float##fsz##_to_##itype##_round_to_zero(tmp, fpst); \
2774 VFP_CONV_FIX(sh, d, 64, int16, )
2775 VFP_CONV_FIX(sl, d, 64, int32, )
2776 VFP_CONV_FIX(uh, d, 64, uint16, u)
2777 VFP_CONV_FIX(ul, d, 64, uint32, u)
2778 VFP_CONV_FIX(sh, s, 32, int16, )
2779 VFP_CONV_FIX(sl, s, 32, int32, )
2780 VFP_CONV_FIX(uh, s, 32, uint16, u)
2781 VFP_CONV_FIX(ul, s, 32, uint32, u)
2784 /* Half precision conversions. */
2785 static float32 do_fcvt_f16_to_f32(uint32_t a, CPUState *env, float_status *s)
2787 int ieee = (env->vfp.xregs[ARM_VFP_FPSCR] & (1 << 26)) == 0;
2788 float32 r = float16_to_float32(make_float16(a), ieee, s);
2790 return float32_maybe_silence_nan(r);
2795 static uint32_t do_fcvt_f32_to_f16(float32 a, CPUState *env, float_status *s)
2797 int ieee = (env->vfp.xregs[ARM_VFP_FPSCR] & (1 << 26)) == 0;
2798 float16 r = float32_to_float16(a, ieee, s);
2800 r = float16_maybe_silence_nan(r);
2802 return float16_val(r);
2805 float32 HELPER(neon_fcvt_f16_to_f32)(uint32_t a, CPUState *env)
2807 return do_fcvt_f16_to_f32(a, env, &env->vfp.standard_fp_status);
2810 uint32_t HELPER(neon_fcvt_f32_to_f16)(float32 a, CPUState *env)
2812 return do_fcvt_f32_to_f16(a, env, &env->vfp.standard_fp_status);
2815 float32 HELPER(vfp_fcvt_f16_to_f32)(uint32_t a, CPUState *env)
2817 return do_fcvt_f16_to_f32(a, env, &env->vfp.fp_status);
2820 uint32_t HELPER(vfp_fcvt_f32_to_f16)(float32 a, CPUState *env)
2822 return do_fcvt_f32_to_f16(a, env, &env->vfp.fp_status);
2825 #define float32_two make_float32(0x40000000)
2826 #define float32_three make_float32(0x40400000)
2827 #define float32_one_point_five make_float32(0x3fc00000)
2829 float32 HELPER(recps_f32)(float32 a, float32 b, CPUState *env)
2831 float_status *s = &env->vfp.standard_fp_status;
2832 if ((float32_is_infinity(a) && float32_is_zero_or_denormal(b)) ||
2833 (float32_is_infinity(b) && float32_is_zero_or_denormal(a))) {
2834 if (!(float32_is_zero(a) || float32_is_zero(b))) {
2835 float_raise(float_flag_input_denormal, s);
2839 return float32_sub(float32_two, float32_mul(a, b, s), s);
2842 float32 HELPER(rsqrts_f32)(float32 a, float32 b, CPUState *env)
2844 float_status *s = &env->vfp.standard_fp_status;
2846 if ((float32_is_infinity(a) && float32_is_zero_or_denormal(b)) ||
2847 (float32_is_infinity(b) && float32_is_zero_or_denormal(a))) {
2848 if (!(float32_is_zero(a) || float32_is_zero(b))) {
2849 float_raise(float_flag_input_denormal, s);
2851 return float32_one_point_five;
2853 product = float32_mul(a, b, s);
2854 return float32_div(float32_sub(float32_three, product, s), float32_two, s);
2859 /* Constants 256 and 512 are used in some helpers; we avoid relying on
2860 * int->float conversions at run-time. */
2861 #define float64_256 make_float64(0x4070000000000000LL)
2862 #define float64_512 make_float64(0x4080000000000000LL)
2864 /* The algorithm that must be used to calculate the estimate
2865 * is specified by the ARM ARM.
2867 static float64 recip_estimate(float64 a, CPUState *env)
2869 /* These calculations mustn't set any fp exception flags,
2870 * so we use a local copy of the fp_status.
2872 float_status dummy_status = env->vfp.standard_fp_status;
2873 float_status *s = &dummy_status;
2874 /* q = (int)(a * 512.0) */
2875 float64 q = float64_mul(float64_512, a, s);
2876 int64_t q_int = float64_to_int64_round_to_zero(q, s);
2878 /* r = 1.0 / (((double)q + 0.5) / 512.0) */
2879 q = int64_to_float64(q_int, s);
2880 q = float64_add(q, float64_half, s);
2881 q = float64_div(q, float64_512, s);
2882 q = float64_div(float64_one, q, s);
2884 /* s = (int)(256.0 * r + 0.5) */
2885 q = float64_mul(q, float64_256, s);
2886 q = float64_add(q, float64_half, s);
2887 q_int = float64_to_int64_round_to_zero(q, s);
2889 /* return (double)s / 256.0 */
2890 return float64_div(int64_to_float64(q_int, s), float64_256, s);
2893 float32 HELPER(recpe_f32)(float32 a, CPUState *env)
2895 float_status *s = &env->vfp.standard_fp_status;
2897 uint32_t val32 = float32_val(a);
2900 int a_exp = (val32 & 0x7f800000) >> 23;
2901 int sign = val32 & 0x80000000;
2903 if (float32_is_any_nan(a)) {
2904 if (float32_is_signaling_nan(a)) {
2905 float_raise(float_flag_invalid, s);
2907 return float32_default_nan;
2908 } else if (float32_is_infinity(a)) {
2909 return float32_set_sign(float32_zero, float32_is_neg(a));
2910 } else if (float32_is_zero_or_denormal(a)) {
2911 if (!float32_is_zero(a)) {
2912 float_raise(float_flag_input_denormal, s);
2914 float_raise(float_flag_divbyzero, s);
2915 return float32_set_sign(float32_infinity, float32_is_neg(a));
2916 } else if (a_exp >= 253) {
2917 float_raise(float_flag_underflow, s);
2918 return float32_set_sign(float32_zero, float32_is_neg(a));
2921 f64 = make_float64((0x3feULL << 52)
2922 | ((int64_t)(val32 & 0x7fffff) << 29));
2924 result_exp = 253 - a_exp;
2926 f64 = recip_estimate(f64, env);
2929 | ((result_exp & 0xff) << 23)
2930 | ((float64_val(f64) >> 29) & 0x7fffff);
2931 return make_float32(val32);
2934 /* The algorithm that must be used to calculate the estimate
2935 * is specified by the ARM ARM.
2937 static float64 recip_sqrt_estimate(float64 a, CPUState *env)
2939 /* These calculations mustn't set any fp exception flags,
2940 * so we use a local copy of the fp_status.
2942 float_status dummy_status = env->vfp.standard_fp_status;
2943 float_status *s = &dummy_status;
2947 if (float64_lt(a, float64_half, s)) {
2948 /* range 0.25 <= a < 0.5 */
2950 /* a in units of 1/512 rounded down */
2951 /* q0 = (int)(a * 512.0); */
2952 q = float64_mul(float64_512, a, s);
2953 q_int = float64_to_int64_round_to_zero(q, s);
2955 /* reciprocal root r */
2956 /* r = 1.0 / sqrt(((double)q0 + 0.5) / 512.0); */
2957 q = int64_to_float64(q_int, s);
2958 q = float64_add(q, float64_half, s);
2959 q = float64_div(q, float64_512, s);
2960 q = float64_sqrt(q, s);
2961 q = float64_div(float64_one, q, s);
2963 /* range 0.5 <= a < 1.0 */
2965 /* a in units of 1/256 rounded down */
2966 /* q1 = (int)(a * 256.0); */
2967 q = float64_mul(float64_256, a, s);
2968 int64_t q_int = float64_to_int64_round_to_zero(q, s);
2970 /* reciprocal root r */
2971 /* r = 1.0 /sqrt(((double)q1 + 0.5) / 256); */
2972 q = int64_to_float64(q_int, s);
2973 q = float64_add(q, float64_half, s);
2974 q = float64_div(q, float64_256, s);
2975 q = float64_sqrt(q, s);
2976 q = float64_div(float64_one, q, s);
2978 /* r in units of 1/256 rounded to nearest */
2979 /* s = (int)(256.0 * r + 0.5); */
2981 q = float64_mul(q, float64_256,s );
2982 q = float64_add(q, float64_half, s);
2983 q_int = float64_to_int64_round_to_zero(q, s);
2985 /* return (double)s / 256.0;*/
2986 return float64_div(int64_to_float64(q_int, s), float64_256, s);
2989 float32 HELPER(rsqrte_f32)(float32 a, CPUState *env)
2991 float_status *s = &env->vfp.standard_fp_status;
2997 val = float32_val(a);
2999 if (float32_is_any_nan(a)) {
3000 if (float32_is_signaling_nan(a)) {
3001 float_raise(float_flag_invalid, s);
3003 return float32_default_nan;
3004 } else if (float32_is_zero_or_denormal(a)) {
3005 if (!float32_is_zero(a)) {
3006 float_raise(float_flag_input_denormal, s);
3008 float_raise(float_flag_divbyzero, s);
3009 return float32_set_sign(float32_infinity, float32_is_neg(a));
3010 } else if (float32_is_neg(a)) {
3011 float_raise(float_flag_invalid, s);
3012 return float32_default_nan;
3013 } else if (float32_is_infinity(a)) {
3014 return float32_zero;
3017 /* Normalize to a double-precision value between 0.25 and 1.0,
3018 * preserving the parity of the exponent. */
3019 if ((val & 0x800000) == 0) {
3020 f64 = make_float64(((uint64_t)(val & 0x80000000) << 32)
3022 | ((uint64_t)(val & 0x7fffff) << 29));
3024 f64 = make_float64(((uint64_t)(val & 0x80000000) << 32)
3026 | ((uint64_t)(val & 0x7fffff) << 29));
3029 result_exp = (380 - ((val & 0x7f800000) >> 23)) / 2;
3031 f64 = recip_sqrt_estimate(f64, env);
3033 val64 = float64_val(f64);
3035 val = ((result_exp & 0xff) << 23)
3036 | ((val64 >> 29) & 0x7fffff);
3037 return make_float32(val);
3040 uint32_t HELPER(recpe_u32)(uint32_t a, CPUState *env)
3044 if ((a & 0x80000000) == 0) {
3048 f64 = make_float64((0x3feULL << 52)
3049 | ((int64_t)(a & 0x7fffffff) << 21));
3051 f64 = recip_estimate (f64, env);
3053 return 0x80000000 | ((float64_val(f64) >> 21) & 0x7fffffff);
3056 uint32_t HELPER(rsqrte_u32)(uint32_t a, CPUState *env)
3060 if ((a & 0xc0000000) == 0) {
3064 if (a & 0x80000000) {
3065 f64 = make_float64((0x3feULL << 52)
3066 | ((uint64_t)(a & 0x7fffffff) << 21));
3067 } else { /* bits 31-30 == '01' */
3068 f64 = make_float64((0x3fdULL << 52)
3069 | ((uint64_t)(a & 0x3fffffff) << 22));
3072 f64 = recip_sqrt_estimate(f64, env);
3074 return 0x80000000 | ((float64_val(f64) >> 21) & 0x7fffffff);
3077 /* VFPv4 fused multiply-accumulate */
3078 float32 VFP_HELPER(muladd, s)(float32 a, float32 b, float32 c, void *fpstp)
3080 float_status *fpst = fpstp;
3081 return float32_muladd(a, b, c, 0, fpst);
3084 float64 VFP_HELPER(muladd, d)(float64 a, float64 b, float64 c, void *fpstp)
3086 float_status *fpst = fpstp;
3087 return float64_muladd(a, b, c, 0, fpst);
3090 void HELPER(set_teecr)(CPUState *env, uint32_t val)
3093 if (env->teecr != val) {
projects / qemu.git / blob