Peter Maydell [Fri, 14 Jan 2011 19:39:19 +0000 (20:39 +0100)]
target-arm: Restore IT bits when resuming after an exception
We were not correctly restoring the IT bits when resuming execution
after taking an unexpected exception in the middle of an IT block.
Fix this by tracking them along with PC changes and restoring in
gen_pc_load().
This fixes bug https://bugs.launchpad.net/qemu/+bug/581335
Peter Maydell [Fri, 14 Jan 2011 19:39:19 +0000 (20:39 +0100)]
linux-user: ARM: clear the IT bits when invoking a signal handler
When invoking a signal handler for an ARM target, make sure the IT
bits in the CPSR are cleared. (This would otherwise cause incorrect
execution if the IT state was non-zero when an exception occured.
This bug has been masked previously because we weren't getting the
IT state bits at exception entry right anyway.)
Also use the proper cpsr_read()/cpsr_write() interface to update
the CPSR rather than manipulating CPUState fields directly.
Peter Maydell [Fri, 14 Jan 2011 19:39:19 +0000 (20:39 +0100)]
target-arm: Remove redundant setting of IT bits before Thumb SWI
Remove a redundant call to gen_set_condexec() in the translation of Thumb
mode SWI. (SWI and WFI generate "exceptions" which happen after the
execution of the instruction, ie when PC and IT bits have updated.
So the condexec bits at this point are not correct. However, the code
that handles finishing the translation of the TB will write the correct
value of the condexec bits later, so the only effect was that a conditional
Thumb SWI would generate slightly worse code than necessary.)
Peter Maydell [Fri, 14 Jan 2011 19:39:19 +0000 (20:39 +0100)]
target-arm: Translate with condexec bits from TB flags, not CPUState
When translating, the condexec bits for the TB are in the TB flags;
the CPUState condexec bits may be different.
This patch fixes https://bugs.launchpad.net/bugs/604872 where we might
segfault if we took an exception in the middle of a TB with an IT
block, because when we came to retranslate in cpu_restore_state()
the CPUState condexec bits would have advanced compared to the start
of the TB and we would generate different (wrong) code.
Peter Maydell [Fri, 14 Jan 2011 19:39:19 +0000 (20:39 +0100)]
target-arm: Translate with VFP-enabled from TB flags, not CPUState
When translating code, whether the VFP unit is enabled for this TB
is stored in a bit in the TB flags. Use this rather than incorrectly
reading the FPEXC from the CPUState passed to translation.
Peter Maydell [Fri, 14 Jan 2011 19:39:18 +0000 (20:39 +0100)]
target-arm: Don't generate code specific to current CPU mode for SRS
When translating the SRS instruction, handle the "store registers
to stack of current mode" case in the helper function rather than
inline. This means the generated code does not make assumptions
about the current CPU mode which might not be valid when the TB
is executed later.
Peter Maydell [Fri, 14 Jan 2011 19:39:18 +0000 (20:39 +0100)]
target-arm: Add support for 'Standard FPSCR Value' as used by Neon
Add support to the ARM helper routines for a second fp_status value
which should be used for operations which the ARM ARM indicates use
"ARM standard floating-point arithmetic" rather than being controlled
by the rounding/flush/NaN settings in the FPSCR.
Peter Maydell [Fri, 14 Jan 2011 19:39:18 +0000 (20:39 +0100)]
target-arm: Fix implementation of VRSQRTS
The implementation of the ARM VRSQRTS instruction (which calculates
(3 - op1 * op2) / 2) was missing the division operation. It also
did not handle the special cases of (0,inf) and (inf,0).
Aurelien Jarno [Fri, 14 Jan 2011 19:39:18 +0000 (20:39 +0100)]
lsi53c895a: fix endianness issues
lsi_ram_read*() and lsi_ram_write*() are not consistent, one uses
leXX_to_cpu() the other uses nothing. As the comment above the RAM
declaration says: "Script ram is stored as 32-bit words in host
byteorder.", remove the leXX_to_cpu() calls.
This fixes the boot of an ARM versatile machine on MIPS and PowerPC
hosts.
Aurelien Jarno [Fri, 14 Jan 2011 19:39:18 +0000 (20:39 +0100)]
target-sh4: simplify comparisons after a 'and' op
When a TCG variable is anded with a value and the compared with the same
value, we can simply invert the comparison and compare it with 0. The
generated code is smaller.
Aurelien Jarno [Fri, 14 Jan 2011 19:39:18 +0000 (20:39 +0100)]
target-sh4: implement FPU exceptions
FPU exception support where not implemented on SH4. Implement them by
clearing the softfloat exceptions flags before an FP instruction (the
SH4 FPU also clear them before an instruction), and calling a function
to update the FPSCR register after an FP instruction. This function
update the corresponding FPSCR bits (both flags and cumulative flags)
and trigger exception if enabled.
Aurelien Jarno [Fri, 14 Jan 2011 19:39:17 +0000 (20:39 +0100)]
softfloat: fix default-NaN mode
When the default-NaN mode is enabled, it should return the default NaN
value, but it should anyway raise the invalid operation flag if one of
the operand is an sNaN.
I have checked that this behavior matches the ARM and SH4 manuals, as
well as real SH4 hardware.
Aurelien Jarno [Fri, 14 Jan 2011 19:39:17 +0000 (20:39 +0100)]
target-sh4: switch sh4 to softfloat
We need to be able to catch exceptions correctly and thus enable softfloat
on SH4.
As all machines except i386 and x86_64 are using softfloat, make it the
default and change the case to detect i386 and x86_64. Note that CRIS
doesn't have an FPU, so it can be configured with both softfloat-native
and softfloat.
Aurelien Jarno [Fri, 14 Jan 2011 19:21:22 +0000 (20:21 +0100)]
configure: fix broken test
Since commit d1807a4f836c27f6dc7061e53a834dd27f78e46a ./configure tries
to test files and directories with "test -f", which only test for regular
files. Test with "test -e", which looks for any kind of files.
This unbreak the configure script when not using a separate object
directory.
Paolo Bonzini [Thu, 23 Dec 2010 10:43:53 +0000 (11:43 +0100)]
do not pass bogus $(SRC_PATH) include paths to cc during configure
Non-existent -I paths are dropped silently by the compiler, but still
it is not polite to pass bogus options. Configure-time tests do not
need any include files from the source path, so only include -I flags
at make time (when they're properly expanded).
Paolo Bonzini [Thu, 23 Dec 2010 10:43:52 +0000 (11:43 +0100)]
test cc with the complete set of chosen flags
The "test the C compiler works ok" comes before a bunch of flags
are added for --cpu or just depending on the host. It helps
debugging if the test is done after these flags are (unconditionally)
added.
Paolo Bonzini [Thu, 23 Dec 2010 10:43:51 +0000 (11:43 +0100)]
fix sparse support (?)
I didn't test with sparse, but the old code using += before a variable
was set was wrong. Sparse support should probably be ripped out or
redone, but this at least keeps some sanity.
Sergei Gavrikov [Wed, 12 Jan 2011 13:57:18 +0000 (15:57 +0200)]
slirp: Use strcasecmp() to check tftp mode, tsize
According to RFC 1350 (TFTP Revision 2) the mode field can contain any
combination of upper and lower case; also RFC 2349 propagates that the
transfer size option ("tsize") is case in-sensitive too.
Current implementation of embedded TFTP server missed that what does
mess some TFTP clients. Fixed by using STRCASECMP(3) in the required
places.
Michael Walle [Wed, 5 Jan 2011 00:05:47 +0000 (01:05 +0100)]
audio: split sample conversion and volume mixing
Refactor the volume mixing, so it can be reused for capturing devices.
Additionally, it removes superfluous multiplications with the nominal
volume within the hardware voice code path.
Peter Maydell [Mon, 10 Jan 2011 13:11:24 +0000 (13:11 +0000)]
linux-user: Add configure check for linux/fiemap.h and IOC_FS_FIEMAP
Add a configure check for the existence of linux/fiemap.h and the
IOC_FS_FIEMAP ioctl. This fixes a compilation failure on Linux
systems which don't have that header file.
Aurelien Jarno [Tue, 11 Jan 2011 15:13:34 +0000 (16:13 +0100)]
target-sh4: fix fpu disabled/illegal exception
Illegal instructions in a slot delay should generate a slot illegal
instruction exception instead of an illegal instruction exception.
The current PC should be saved before generating such an exception,
but should not be corrected if in a delay slot, given it's already
done in the exception handler do_interrupt().
Aurelien Jarno [Thu, 6 Jan 2011 21:43:13 +0000 (22:43 +0100)]
slirp: fix unaligned access in bootp code
Slirp code tries to be smart an avoid data copy by using pointer to
the data. This solution leads to unaligned access, in this case
preq_addr, which is a 32-bit long structure. There is no real point
of avoiding data copy in a such case, as the value itself is smaller
or the same size as a pointer.
The patch replaces pointers to the preq_addr structure by the strcture
itself, and use the address 0.0.0.0 if no address has been requested
(this is not a valid address in such a request). It compares it with
htonl(0L) for correctness reasons, in case a code checker look for such
mistakes. It also uses memcpy() for copying the data, which takes care
of alignement issues.
This fixes an unaligned access on IA64 host while requesting a DHCP
address.
Aurelien Jarno [Thu, 6 Jan 2011 21:43:13 +0000 (22:43 +0100)]
tcg/arm: improve constant loading
Improve constant loading in two ways:
- On all ARM versions, it's possible to load 0xffffff00 = -0x100 using
the mvn rd, #0. Fix the conditions.
- On <= ARMv6 versions, where movw and movt are not available, load the
constants using mov and orr with rotations depending on the constant
to load. This is very useful for example to load constants where the
low byte is 0. This reduce the generated code size by about 7%.
Aurelien Jarno [Sun, 9 Jan 2011 22:53:45 +0000 (23:53 +0100)]
target-sh4: improve TLB
SH4 is using 16-bit instructions which means most of the constants are
loaded through a constant pool at the end of the subroutine. The same
memory page is therefore accessed in exec and read mode.
With the current implementation, a QEMU TLB entry is set to read or
read/write mode after an UTLB search and to exec mode after an ITLB
search, which causes a lot of TLB exceptions to switch from read or
read/write to exec and vice versa.
This patch optimizes that by already setting the QEMU TLB entry in read
or read/write mode when an UTLB entry is copied into ITLB (during an
ITLB miss). This improve the emulation speed by about 14%.
Aurelien Jarno [Sun, 9 Jan 2011 22:53:45 +0000 (23:53 +0100)]
target-sh4: implement writes to mmaped ITLB
Some Linux kernels seems to implement ITLB/UTLB flushing through by
writing all TLB entries through the memory mapped interface instead
of writing one to MMUCR.TI.
Implement memory mapped ITLB write interface so that such kernels can
boot. This fixes https://bugs.launchpad.net/bugs/700774 .
Aurelien Jarno [Thu, 6 Jan 2011 21:43:13 +0000 (22:43 +0100)]
tcg/arm: fix branch target change during code retranslation
QEMU uses code retranslation to restore the CPU state when an exception
happens. For it to work the retranslation must not modify the generated
code. This is what is currently implemented in ARM TCG.
However on CPU that don't have icache/dcache/memory synchronised like
ARM, this requirement is stronger and code retranslation must not modify
the generated code "atomically", as the cache line might be flushed
at any moment (interrupt, exception, task switching), even if not
triggered by QEMU. The probability for this to happen is very low, and
depends on cache size and associativiy, machine load, interrupts, so the
symptoms are might happen randomly.
This requirement is currently not followed in tcg/arm, for the
load/store code, which basically has the following structure:
1) tlb access code is written
2) conditional fast path code is written
3) branch is written with a temporary target
4) slow path code is written
5) branch target is updated
The cache lines corresponding to the retranslated code is not flushed
after code retranslation as the generated code is supposed to be the
same. However if the cache line corresponding to the branch instruction
is flushed between step 3 and 5, and is not flushed again before the
code is executed again, the branch target is wrong. In the guest, the
symptoms are MMU page fault at a random addresses, which leads to
kernel page fault or segmentation faults.
The patch fixes this issue by avoiding writing the branch target until
it is known, that is by writing only the branch instruction first, and
later only the offset.
This fixes booting linux guests on ARM hosts (tested: arm, i386, mips,
mipsel, sh4, sparc).
Aurelien Jarno [Sat, 8 Jan 2011 15:25:48 +0000 (16:25 +0100)]
Merge branch 'linux-user-for-upstream' of git://gitorious.org/qemu-maemo/qemu
* 'linux-user-for-upstream' of git://gitorious.org/qemu-maemo/qemu:
Remove dead code for ARM semihosting commandline handling
Fix commandline handling for ARM semihosted executables
linux-user: Fix incorrect NaN detection in ARM nwfpe emulation
softfloat: Implement floatx80_is_any_nan() and float128_is_any_nan()
linux-user: Implement FS_IOC_FIEMAP ioctl
linux-user: Support ioctls whose parameter size is not constant
linux-user: Implement sync_file_range{,2} syscalls
Fix commandline handling for ARM semihosted executables
Use the copy of the command line that loader_build_argptr() sets up in guest
memory as the command line to return from the ARM SYS_GET_CMDLINE semihosting
call. Previously we were using a pointer to memory which had already been
freed before the guest program started.
This fixes https://bugs.launchpad.net/qemu/+bug/673613 .
Peter Maydell [Thu, 6 Jan 2011 18:34:44 +0000 (18:34 +0000)]
linux-user: Fix incorrect NaN detection in ARM nwfpe emulation
The code in the linux-user ARM nwfpe emulation was incorrectly
checking only for quiet NaNs when it should have been checking
for any kind of NaN. This is probably because the code in
question was taken from the Linux kernel, whose copy of the
softfloat library had been modified so that float*_is_nan()
returned true for all NaNs, not just quiet ones. The qemu
equivalent function is float*_is_any_nan(), so use that.
NB that this code is really obsolete since nobody uses FPE
for actual arithmetic now; this is just cleanup following
the recent renaming of the NaN related functions.
Peter Maydell [Thu, 6 Jan 2011 15:04:18 +0000 (15:04 +0000)]
linux-user: Implement FS_IOC_FIEMAP ioctl
Implement the FS_IOC_FIEMAP ioctl using the new support for
custom handling of ioctls; this is needed because the struct
that is passed includes a variable-length array.
Peter Maydell [Thu, 6 Jan 2011 15:04:17 +0000 (15:04 +0000)]
linux-user: Support ioctls whose parameter size is not constant
Some ioctls (for example FS_IOC_FIEMAP) use structures whose size is
not constant. The generic argument conversion code in do_ioctl()
cannot handle this, so add support for implementing a special-case
handler for a particular ioctl which does the conversion itself.
projects / qemu.git / log