2 /* Simulator for the MIPS architecture.
4 This file is part of the MIPS sim
6 THIS SOFTWARE IS NOT COPYRIGHTED
8 Cygnus offers the following for use in the public domain. Cygnus
9 makes no warranty with regard to the software or it's performance
10 and the user accepts the software "AS IS" with all faults.
12 CYGNUS DISCLAIMS ANY WARRANTIES, EXPRESS OR IMPLIED, WITH REGARD TO
13 THIS SOFTWARE INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
14 MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.
18 The IDT monitor (found on the VR4300 board), seems to lie about
19 register contents. It seems to treat the registers as sign-extended
20 32-bit values. This cause *REAL* problems when single-stepping 64-bit
25 /* The TRACE manifests enable the provision of extra features. If they
26 are not defined then a simpler (quicker) simulator is constructed
27 without the required run-time checks, etc. */
28 #if 1 /* 0 to allow user build selection, 1 to force inclusion */
35 #include "sim-utils.h"
36 #include "sim-options.h"
37 #include "sim-assert.h"
63 #include "libiberty.h"
65 #include "gdb/callback.h" /* GDB simulator callback interface */
66 #include "gdb/remote-sim.h" /* GDB simulator interface */
72 char* pr_addr PARAMS ((SIM_ADDR addr));
73 char* pr_uword64 PARAMS ((uword64 addr));
76 /* Within interp.c we refer to the sim_state and sim_cpu directly. */
81 /* The following reserved instruction value is used when a simulator
82 trap is required. NOTE: Care must be taken, since this value may be
83 used in later revisions of the MIPS ISA. */
85 #define RSVD_INSTRUCTION (0x00000005)
86 #define RSVD_INSTRUCTION_MASK (0xFC00003F)
88 #define RSVD_INSTRUCTION_ARG_SHIFT 6
89 #define RSVD_INSTRUCTION_ARG_MASK 0xFFFFF
92 /* Bits in the Debug register */
93 #define Debug_DBD 0x80000000 /* Debug Branch Delay */
94 #define Debug_DM 0x40000000 /* Debug Mode */
95 #define Debug_DBp 0x00000002 /* Debug Breakpoint indicator */
97 /*---------------------------------------------------------------------------*/
98 /*-- GDB simulator interface ------------------------------------------------*/
99 /*---------------------------------------------------------------------------*/
101 static void ColdReset PARAMS((SIM_DESC sd));
103 /*---------------------------------------------------------------------------*/
107 #define DELAYSLOT() {\
108 if (STATE & simDELAYSLOT)\
109 sim_io_eprintf(sd,"Delay slot already activated (branch in delay slot?)\n");\
110 STATE |= simDELAYSLOT;\
113 #define JALDELAYSLOT() {\
115 STATE |= simJALDELAYSLOT;\
119 STATE &= ~simDELAYSLOT;\
120 STATE |= simSKIPNEXT;\
123 #define CANCELDELAYSLOT() {\
125 STATE &= ~(simDELAYSLOT | simJALDELAYSLOT);\
128 #define INDELAYSLOT() ((STATE & simDELAYSLOT) != 0)
129 #define INJALDELAYSLOT() ((STATE & simJALDELAYSLOT) != 0)
131 /* Note that the monitor code essentially assumes this layout of memory.
132 If you change these, change the monitor code, too. */
133 /* FIXME Currently addresses are truncated to 32-bits, see
134 mips/sim-main.c:address_translation(). If that changes, then these
135 values will need to be extended, and tested for more carefully. */
136 #define K0BASE (0x80000000)
137 #define K0SIZE (0x20000000)
138 #define K1BASE (0xA0000000)
139 #define K1SIZE (0x20000000)
141 /* Simple run-time monitor support.
143 We emulate the monitor by placing magic reserved instructions at
144 the monitor's entry points; when we hit these instructions, instead
145 of raising an exception (as we would normally), we look at the
146 instruction and perform the appropriate monitory operation.
148 `*_monitor_base' are the physical addresses at which the corresponding
149 monitor vectors are located. `0' means none. By default,
151 The RSVD_INSTRUCTION... macros specify the magic instructions we
152 use at the monitor entry points. */
153 static int firmware_option_p = 0;
154 static SIM_ADDR idt_monitor_base = 0xBFC00000;
155 static SIM_ADDR pmon_monitor_base = 0xBFC00500;
156 static SIM_ADDR lsipmon_monitor_base = 0xBFC00200;
158 static SIM_RC sim_firmware_command (SIM_DESC sd, char* arg);
161 #define MEM_SIZE (8 << 20) /* 8 MBytes */
165 static char *tracefile = "trace.din"; /* default filename for trace log */
166 FILE *tracefh = NULL;
167 static void open_trace PARAMS((SIM_DESC sd));
170 static const char * get_insn_name (sim_cpu *, int);
172 /* simulation target board. NULL=canonical */
173 static char* board = NULL;
176 static DECLARE_OPTION_HANDLER (mips_option_handler);
179 OPTION_DINERO_TRACE = OPTION_START,
186 static int display_mem_info = 0;
189 mips_option_handler (sd, cpu, opt, arg, is_command)
199 case OPTION_DINERO_TRACE: /* ??? */
201 /* Eventually the simTRACE flag could be treated as a toggle, to
202 allow external control of the program points being traced
203 (i.e. only from main onwards, excluding the run-time setup,
205 for (cpu_nr = 0; cpu_nr < MAX_NR_PROCESSORS; cpu_nr++)
207 sim_cpu *cpu = STATE_CPU (sd, cpu_nr);
210 else if (strcmp (arg, "yes") == 0)
212 else if (strcmp (arg, "no") == 0)
214 else if (strcmp (arg, "on") == 0)
216 else if (strcmp (arg, "off") == 0)
220 fprintf (stderr, "Unrecognized dinero-trace option `%s'\n", arg);
227 Simulator constructed without dinero tracing support (for performance).\n\
228 Re-compile simulator with \"-DTRACE\" to enable this option.\n");
232 case OPTION_DINERO_FILE:
234 if (optarg != NULL) {
236 tmp = (char *)malloc(strlen(optarg) + 1);
239 sim_io_printf(sd,"Failed to allocate buffer for tracefile name \"%s\"\n",optarg);
245 sim_io_printf(sd,"Placing trace information into file \"%s\"\n",tracefile);
251 case OPTION_FIRMWARE:
252 return sim_firmware_command (sd, arg);
258 board = zalloc(strlen(arg) + 1);
264 case OPTION_INFO_MEMORY:
265 display_mem_info = 1;
273 static const OPTION mips_options[] =
275 { {"dinero-trace", optional_argument, NULL, OPTION_DINERO_TRACE},
276 '\0', "on|off", "Enable dinero tracing",
277 mips_option_handler },
278 { {"dinero-file", required_argument, NULL, OPTION_DINERO_FILE},
279 '\0', "FILE", "Write dinero trace to FILE",
280 mips_option_handler },
281 { {"firmware", required_argument, NULL, OPTION_FIRMWARE},
282 '\0', "[idt|pmon|lsipmon|none][@ADDRESS]", "Emulate ROM monitor",
283 mips_option_handler },
284 { {"board", required_argument, NULL, OPTION_BOARD},
285 '\0', "none" /* rely on compile-time string concatenation for other options */
287 #define BOARD_JMR3904 "jmr3904"
289 #define BOARD_JMR3904_PAL "jmr3904pal"
290 "|" BOARD_JMR3904_PAL
291 #define BOARD_JMR3904_DEBUG "jmr3904debug"
292 "|" BOARD_JMR3904_DEBUG
293 #define BOARD_BSP "bsp"
296 , "Customize simulation for a particular board.", mips_option_handler },
298 /* These next two options have the same names as ones found in the
299 memory_options[] array in common/sim-memopt.c. This is because
300 the intention is to provide an alternative handler for those two
301 options. We need an alternative handler because the memory
302 regions are not set up until after the command line arguments
303 have been parsed, and so we cannot display the memory info whilst
304 processing the command line. There is a hack in sim_open to
305 remove these handlers when we want the real --memory-info option
307 { { "info-memory", no_argument, NULL, OPTION_INFO_MEMORY },
308 '\0', NULL, "List configured memory regions", mips_option_handler },
309 { { "memory-info", no_argument, NULL, OPTION_INFO_MEMORY },
310 '\0', NULL, NULL, mips_option_handler },
312 { {NULL, no_argument, NULL, 0}, '\0', NULL, NULL, NULL }
316 int interrupt_pending;
319 interrupt_event (SIM_DESC sd, void *data)
321 sim_cpu *cpu = STATE_CPU (sd, 0); /* FIXME */
322 address_word cia = CIA_GET (cpu);
325 interrupt_pending = 0;
326 SignalExceptionInterrupt (1); /* interrupt "1" */
328 else if (!interrupt_pending)
329 sim_events_schedule (sd, 1, interrupt_event, data);
333 /*---------------------------------------------------------------------------*/
334 /*-- Device registration hook -----------------------------------------------*/
335 /*---------------------------------------------------------------------------*/
336 static void device_init(SIM_DESC sd) {
338 extern void register_devices(SIM_DESC);
339 register_devices(sd);
343 /*---------------------------------------------------------------------------*/
344 /*-- GDB simulator interface ------------------------------------------------*/
345 /*---------------------------------------------------------------------------*/
348 sim_open (kind, cb, abfd, argv)
354 SIM_DESC sd = sim_state_alloc (kind, cb);
355 sim_cpu *cpu = STATE_CPU (sd, 0); /* FIXME */
357 SIM_ASSERT (STATE_MAGIC (sd) == SIM_MAGIC_NUMBER);
359 /* FIXME: watchpoints code shouldn't need this */
360 STATE_WATCHPOINTS (sd)->pc = &(PC);
361 STATE_WATCHPOINTS (sd)->sizeof_pc = sizeof (PC);
362 STATE_WATCHPOINTS (sd)->interrupt_handler = interrupt_event;
364 /* Initialize the mechanism for doing insn profiling. */
365 CPU_INSN_NAME (cpu) = get_insn_name;
366 CPU_MAX_INSNS (cpu) = nr_itable_entries;
370 if (sim_pre_argv_init (sd, argv[0]) != SIM_RC_OK)
372 sim_add_option_table (sd, NULL, mips_options);
375 /* getopt will print the error message so we just have to exit if this fails.
376 FIXME: Hmmm... in the case of gdb we need getopt to call
378 if (sim_parse_args (sd, argv) != SIM_RC_OK)
380 /* Uninstall the modules to avoid memory leaks,
381 file descriptor leaks, etc. */
382 sim_module_uninstall (sd);
386 /* handle board-specific memory maps */
389 /* Allocate core managed memory */
390 sim_memopt *entry, *match = NULL;
391 address_word mem_size = 0;
394 /* For compatibility with the old code - under this (at level one)
395 are the kernel spaces K0 & K1. Both of these map to a single
396 smaller sub region */
397 sim_do_command(sd," memory region 0x7fff8000,0x8000") ; /* MTZ- 32 k stack */
399 /* Look for largest memory region defined on command-line at
401 #ifdef SIM_HAVE_FLATMEM
402 mem_size = STATE_MEM_SIZE (sd);
404 for (entry = STATE_MEMOPT (sd); entry != NULL; entry = entry->next)
406 /* If we find an entry at address 0, then we will end up
407 allocating a new buffer in the "memory alias" command
408 below. The region at address 0 will be deleted. */
409 address_word size = (entry->modulo != 0
410 ? entry->modulo : entry->nr_bytes);
412 && (!match || entry->level < match->level))
414 else if (entry->addr == K0BASE || entry->addr == K1BASE)
419 for (alias = entry->alias; alias != NULL; alias = alias->next)
422 && (!match || entry->level < match->level))
424 else if (alias->addr == K0BASE || alias->addr == K1BASE)
434 /* Get existing memory region size. */
435 mem_size = (match->modulo != 0
436 ? match->modulo : match->nr_bytes);
437 /* Delete old region. */
438 sim_do_commandf (sd, "memory delete %d:0x%lx@%d",
439 match->space, match->addr, match->level);
441 else if (mem_size == 0)
443 /* Limit to KSEG1 size (512MB) */
444 if (mem_size > K1SIZE)
446 /* memory alias K1BASE@1,K1SIZE%MEMSIZE,K0BASE */
447 sim_do_commandf (sd, "memory alias 0x%lx@1,0x%lx%%0x%lx,0x%0x",
448 K1BASE, K1SIZE, (long)mem_size, K0BASE);
453 else if (board != NULL
454 && (strcmp(board, BOARD_BSP) == 0))
458 STATE_ENVIRONMENT (sd) = OPERATING_ENVIRONMENT;
460 /* ROM: 0x9FC0_0000 - 0x9FFF_FFFF and 0xBFC0_0000 - 0xBFFF_FFFF */
461 sim_do_commandf (sd, "memory alias 0x%lx@1,0x%lx,0x%0x",
463 4 * 1024 * 1024, /* 4 MB */
466 /* SRAM: 0x8000_0000 - 0x803F_FFFF and 0xA000_0000 - 0xA03F_FFFF */
467 sim_do_commandf (sd, "memory alias 0x%lx@1,0x%lx,0x%0x",
469 4 * 1024 * 1024, /* 4 MB */
472 /* DRAM: 0x8800_0000 - 0x89FF_FFFF and 0xA800_0000 - 0xA9FF_FFFF */
473 for (i=0; i<8; i++) /* 32 MB total */
475 unsigned size = 4 * 1024 * 1024; /* 4 MB */
476 sim_do_commandf (sd, "memory alias 0x%lx@1,0x%lx,0x%0x",
477 0x88000000 + (i * size),
479 0xA8000000 + (i * size));
483 else if (board != NULL
484 && (strcmp(board, BOARD_JMR3904) == 0 ||
485 strcmp(board, BOARD_JMR3904_PAL) == 0 ||
486 strcmp(board, BOARD_JMR3904_DEBUG) == 0))
488 /* match VIRTUAL memory layout of JMR-TX3904 board */
491 /* --- disable monitor unless forced on by user --- */
493 if (! firmware_option_p)
495 idt_monitor_base = 0;
496 pmon_monitor_base = 0;
497 lsipmon_monitor_base = 0;
500 /* --- environment --- */
502 STATE_ENVIRONMENT (sd) = OPERATING_ENVIRONMENT;
506 /* ROM: 0x9FC0_0000 - 0x9FFF_FFFF and 0xBFC0_0000 - 0xBFFF_FFFF */
507 sim_do_commandf (sd, "memory alias 0x%lx@1,0x%lx,0x%0x",
509 4 * 1024 * 1024, /* 4 MB */
512 /* SRAM: 0x8000_0000 - 0x803F_FFFF and 0xA000_0000 - 0xA03F_FFFF */
513 sim_do_commandf (sd, "memory alias 0x%lx@1,0x%lx,0x%0x",
515 4 * 1024 * 1024, /* 4 MB */
518 /* DRAM: 0x8800_0000 - 0x89FF_FFFF and 0xA800_0000 - 0xA9FF_FFFF */
519 for (i=0; i<8; i++) /* 32 MB total */
521 unsigned size = 4 * 1024 * 1024; /* 4 MB */
522 sim_do_commandf (sd, "memory alias 0x%lx@1,0x%lx,0x%0x",
523 0x88000000 + (i * size),
525 0xA8000000 + (i * size));
528 /* Dummy memory regions for unsimulated devices - sorted by address */
530 sim_do_commandf (sd, "memory alias 0x%lx@1,0x%lx", 0xB1000000, 0x400); /* ISA I/O */
531 sim_do_commandf (sd, "memory alias 0x%lx@1,0x%lx", 0xB2100000, 0x004); /* ISA ctl */
532 sim_do_commandf (sd, "memory alias 0x%lx@1,0x%lx", 0xB2500000, 0x004); /* LED/switch */
533 sim_do_commandf (sd, "memory alias 0x%lx@1,0x%lx", 0xB2700000, 0x004); /* RTC */
534 sim_do_commandf (sd, "memory alias 0x%lx@1,0x%lx", 0xB3C00000, 0x004); /* RTC */
535 sim_do_commandf (sd, "memory alias 0x%lx@1,0x%lx", 0xFFFF8000, 0x900); /* DRAMC */
536 sim_do_commandf (sd, "memory alias 0x%lx@1,0x%lx", 0xFFFF9000, 0x200); /* EBIF */
537 sim_do_commandf (sd, "memory alias 0x%lx@1,0x%lx", 0xFFFFE000, 0x01c); /* EBIF */
538 sim_do_commandf (sd, "memory alias 0x%lx@1,0x%lx", 0xFFFFF500, 0x300); /* PIO */
541 /* --- simulated devices --- */
542 sim_hw_parse (sd, "/tx3904irc@0xffffc000/reg 0xffffc000 0x20");
543 sim_hw_parse (sd, "/tx3904cpu");
544 sim_hw_parse (sd, "/tx3904tmr@0xfffff000/reg 0xfffff000 0x100");
545 sim_hw_parse (sd, "/tx3904tmr@0xfffff100/reg 0xfffff100 0x100");
546 sim_hw_parse (sd, "/tx3904tmr@0xfffff200/reg 0xfffff200 0x100");
547 sim_hw_parse (sd, "/tx3904sio@0xfffff300/reg 0xfffff300 0x100");
549 /* FIXME: poking at dv-sockser internals, use tcp backend if
550 --sockser_addr option was given.*/
551 extern char* sockser_addr;
552 if(sockser_addr == NULL)
553 sim_hw_parse (sd, "/tx3904sio@0xfffff300/backend stdio");
555 sim_hw_parse (sd, "/tx3904sio@0xfffff300/backend tcp");
557 sim_hw_parse (sd, "/tx3904sio@0xfffff400/reg 0xfffff400 0x100");
558 sim_hw_parse (sd, "/tx3904sio@0xfffff400/backend stdio");
560 /* -- device connections --- */
561 sim_hw_parse (sd, "/tx3904irc > ip level /tx3904cpu");
562 sim_hw_parse (sd, "/tx3904tmr@0xfffff000 > int tmr0 /tx3904irc");
563 sim_hw_parse (sd, "/tx3904tmr@0xfffff100 > int tmr1 /tx3904irc");
564 sim_hw_parse (sd, "/tx3904tmr@0xfffff200 > int tmr2 /tx3904irc");
565 sim_hw_parse (sd, "/tx3904sio@0xfffff300 > int sio0 /tx3904irc");
566 sim_hw_parse (sd, "/tx3904sio@0xfffff400 > int sio1 /tx3904irc");
568 /* add PAL timer & I/O module */
569 if(! strcmp(board, BOARD_JMR3904_PAL))
572 sim_hw_parse (sd, "/pal@0xffff0000");
573 sim_hw_parse (sd, "/pal@0xffff0000/reg 0xffff0000 64");
575 /* wire up interrupt ports to irc */
576 sim_hw_parse (sd, "/pal@0x31000000 > countdown tmr0 /tx3904irc");
577 sim_hw_parse (sd, "/pal@0x31000000 > timer tmr1 /tx3904irc");
578 sim_hw_parse (sd, "/pal@0x31000000 > int int0 /tx3904irc");
581 if(! strcmp(board, BOARD_JMR3904_DEBUG))
583 /* -- DEBUG: glue interrupt generators --- */
584 sim_hw_parse (sd, "/glue@0xffff0000/reg 0xffff0000 0x50");
585 sim_hw_parse (sd, "/glue@0xffff0000 > int0 int0 /tx3904irc");
586 sim_hw_parse (sd, "/glue@0xffff0000 > int1 int1 /tx3904irc");
587 sim_hw_parse (sd, "/glue@0xffff0000 > int2 int2 /tx3904irc");
588 sim_hw_parse (sd, "/glue@0xffff0000 > int3 int3 /tx3904irc");
589 sim_hw_parse (sd, "/glue@0xffff0000 > int4 int4 /tx3904irc");
590 sim_hw_parse (sd, "/glue@0xffff0000 > int5 int5 /tx3904irc");
591 sim_hw_parse (sd, "/glue@0xffff0000 > int6 int6 /tx3904irc");
592 sim_hw_parse (sd, "/glue@0xffff0000 > int7 int7 /tx3904irc");
593 sim_hw_parse (sd, "/glue@0xffff0000 > int8 dmac0 /tx3904irc");
594 sim_hw_parse (sd, "/glue@0xffff0000 > int9 dmac1 /tx3904irc");
595 sim_hw_parse (sd, "/glue@0xffff0000 > int10 dmac2 /tx3904irc");
596 sim_hw_parse (sd, "/glue@0xffff0000 > int11 dmac3 /tx3904irc");
597 sim_hw_parse (sd, "/glue@0xffff0000 > int12 sio0 /tx3904irc");
598 sim_hw_parse (sd, "/glue@0xffff0000 > int13 sio1 /tx3904irc");
599 sim_hw_parse (sd, "/glue@0xffff0000 > int14 tmr0 /tx3904irc");
600 sim_hw_parse (sd, "/glue@0xffff0000 > int15 tmr1 /tx3904irc");
601 sim_hw_parse (sd, "/glue@0xffff0000 > int16 tmr2 /tx3904irc");
602 sim_hw_parse (sd, "/glue@0xffff0000 > int17 nmi /tx3904cpu");
609 if (display_mem_info)
611 struct option_list * ol;
612 struct option_list * prev;
614 /* This is a hack. We want to execute the real --memory-info command
615 line switch which is handled in common/sim-memopts.c, not the
616 override we have defined in this file. So we remove the
617 mips_options array from the state options list. This is safe
618 because we have now processed all of the command line. */
619 for (ol = STATE_OPTIONS (sd), prev = NULL;
621 prev = ol, ol = ol->next)
622 if (ol->options == mips_options)
625 SIM_ASSERT (ol != NULL);
628 STATE_OPTIONS (sd) = ol->next;
630 prev->next = ol->next;
632 sim_do_commandf (sd, "memory-info");
635 /* check for/establish the a reference program image */
636 if (sim_analyze_program (sd,
637 (STATE_PROG_ARGV (sd) != NULL
638 ? *STATE_PROG_ARGV (sd)
642 sim_module_uninstall (sd);
646 /* Configure/verify the target byte order and other runtime
647 configuration options */
648 if (sim_config (sd) != SIM_RC_OK)
650 sim_module_uninstall (sd);
654 if (sim_post_argv_init (sd) != SIM_RC_OK)
656 /* Uninstall the modules to avoid memory leaks,
657 file descriptor leaks, etc. */
658 sim_module_uninstall (sd);
662 /* verify assumptions the simulator made about the host type system.
663 This macro does not return if there is a problem */
664 SIM_ASSERT (sizeof(int) == (4 * sizeof(char)));
665 SIM_ASSERT (sizeof(word64) == (8 * sizeof(char)));
667 /* This is NASTY, in that we are assuming the size of specific
671 for (rn = 0; (rn < (LAST_EMBED_REGNUM + 1)); rn++)
674 cpu->register_widths[rn] = WITH_TARGET_WORD_BITSIZE;
675 else if ((rn >= FGR_BASE) && (rn < (FGR_BASE + NR_FGR)))
676 cpu->register_widths[rn] = WITH_TARGET_FLOATING_POINT_BITSIZE;
677 else if ((rn >= 33) && (rn <= 37))
678 cpu->register_widths[rn] = WITH_TARGET_WORD_BITSIZE;
679 else if ((rn == SRIDX)
682 || ((rn >= 72) && (rn <= 89)))
683 cpu->register_widths[rn] = 32;
685 cpu->register_widths[rn] = 0;
692 if (STATE & simTRACE)
697 sim_io_eprintf (sd, "idt@%x pmon@%x lsipmon@%x\n",
700 lsipmon_monitor_base);
703 /* Write the monitor trap address handlers into the monitor (eeprom)
704 address space. This can only be done once the target endianness
705 has been determined. */
706 if (idt_monitor_base != 0)
709 unsigned idt_monitor_size = 1 << 11;
711 /* the default monitor region */
712 sim_do_commandf (sd, "memory region 0x%x,0x%x",
713 idt_monitor_base, idt_monitor_size);
715 /* Entry into the IDT monitor is via fixed address vectors, and
716 not using machine instructions. To avoid clashing with use of
717 the MIPS TRAP system, we place our own (simulator specific)
718 "undefined" instructions into the relevant vector slots. */
719 for (loop = 0; (loop < idt_monitor_size); loop += 4)
721 address_word vaddr = (idt_monitor_base + loop);
722 unsigned32 insn = (RSVD_INSTRUCTION |
723 (((loop >> 2) & RSVD_INSTRUCTION_ARG_MASK)
724 << RSVD_INSTRUCTION_ARG_SHIFT));
726 sim_write (sd, vaddr, (char *)&insn, sizeof (insn));
730 if ((pmon_monitor_base != 0) || (lsipmon_monitor_base != 0))
732 /* The PMON monitor uses the same address space, but rather than
733 branching into it the address of a routine is loaded. We can
734 cheat for the moment, and direct the PMON routine to IDT style
735 instructions within the monitor space. This relies on the IDT
736 monitor not using the locations from 0xBFC00500 onwards as its
739 for (loop = 0; (loop < 24); loop++)
741 unsigned32 value = ((0x500 - 8) / 8); /* default UNDEFINED reason code */
757 value = ((0x500 - 16) / 8); /* not an IDT reason code */
759 case 8: /* cliexit */
762 case 11: /* flush_cache */
767 SIM_ASSERT (idt_monitor_base != 0);
768 value = ((unsigned int) idt_monitor_base + (value * 8));
771 if (pmon_monitor_base != 0)
773 address_word vaddr = (pmon_monitor_base + (loop * 4));
774 sim_write (sd, vaddr, (char *)&value, sizeof (value));
777 if (lsipmon_monitor_base != 0)
779 address_word vaddr = (lsipmon_monitor_base + (loop * 4));
780 sim_write (sd, vaddr, (char *)&value, sizeof (value));
784 /* Write an abort sequence into the TRAP (common) exception vector
785 addresses. This is to catch code executing a TRAP (et.al.)
786 instruction without installing a trap handler. */
787 if ((idt_monitor_base != 0) ||
788 (pmon_monitor_base != 0) ||
789 (lsipmon_monitor_base != 0))
791 unsigned32 halt[2] = { 0x2404002f /* addiu r4, r0, 47 */,
792 HALT_INSTRUCTION /* BREAK */ };
795 sim_write (sd, 0x80000000, (char *) halt, sizeof (halt));
796 sim_write (sd, 0x80000180, (char *) halt, sizeof (halt));
797 sim_write (sd, 0x80000200, (char *) halt, sizeof (halt));
798 /* XXX: Write here unconditionally? */
799 sim_write (sd, 0xBFC00200, (char *) halt, sizeof (halt));
800 sim_write (sd, 0xBFC00380, (char *) halt, sizeof (halt));
801 sim_write (sd, 0xBFC00400, (char *) halt, sizeof (halt));
815 tracefh = fopen(tracefile,"wb+");
818 sim_io_eprintf(sd,"Failed to create file \"%s\", writing trace information to stderr.\n",tracefile);
824 /* Return name of an insn, used by insn profiling. */
826 get_insn_name (sim_cpu *cpu, int i)
828 return itable[i].name;
832 sim_close (sd, quitting)
837 printf("DBG: sim_close: entered (quitting = %d)\n",quitting);
841 /* "quitting" is non-zero if we cannot hang on errors */
843 /* shut down modules */
844 sim_module_uninstall (sd);
846 /* Ensure that any resources allocated through the callback
847 mechanism are released: */
848 sim_io_shutdown (sd);
851 if (tracefh != NULL && tracefh != stderr)
856 /* FIXME - free SD */
863 sim_write (sd,addr,buffer,size)
866 const unsigned char *buffer;
870 sim_cpu *cpu = STATE_CPU (sd, 0); /* FIXME */
872 /* Return the number of bytes written, or zero if error. */
874 sim_io_printf(sd,"sim_write(0x%s,buffer,%d);\n",pr_addr(addr),size);
877 /* We use raw read and write routines, since we do not want to count
878 the GDB memory accesses in our statistics gathering. */
880 for (index = 0; index < size; index++)
882 address_word vaddr = (address_word)addr + index;
885 if (!address_translation (SD, CPU, NULL_CIA, vaddr, isDATA, isSTORE, &paddr, &cca, isRAW))
887 if (sim_core_write_buffer (SD, CPU, read_map, buffer + index, paddr, 1) != 1)
895 sim_read (sd,addr,buffer,size)
898 unsigned char *buffer;
902 sim_cpu *cpu = STATE_CPU (sd, 0); /* FIXME */
904 /* Return the number of bytes read, or zero if error. */
906 sim_io_printf(sd,"sim_read(0x%s,buffer,%d);\n",pr_addr(addr),size);
909 for (index = 0; (index < size); index++)
911 address_word vaddr = (address_word)addr + index;
914 if (!address_translation (SD, CPU, NULL_CIA, vaddr, isDATA, isLOAD, &paddr, &cca, isRAW))
916 if (sim_core_read_buffer (SD, CPU, read_map, buffer + index, paddr, 1) != 1)
924 sim_store_register (sd,rn,memory,length)
927 unsigned char *memory;
930 sim_cpu *cpu = STATE_CPU (sd, 0); /* FIXME */
931 /* NOTE: gdb (the client) stores registers in target byte order
932 while the simulator uses host byte order */
934 sim_io_printf(sd,"sim_store_register(%d,*memory=0x%s);\n",rn,pr_addr(*((SIM_ADDR *)memory)));
937 /* Unfortunately this suffers from the same problem as the register
938 numbering one. We need to know what the width of each logical
939 register number is for the architecture being simulated. */
941 if (cpu->register_widths[rn] == 0)
943 sim_io_eprintf(sd,"Invalid register width for %d (register store ignored)\n",rn);
949 if (rn >= FGR_BASE && rn < FGR_BASE + NR_FGR)
951 cpu->fpr_state[rn - FGR_BASE] = fmt_uninterpreted;
952 if (cpu->register_widths[rn] == 32)
956 cpu->fgr[rn - FGR_BASE] =
957 (unsigned32) T2H_8 (*(unsigned64*)memory);
962 cpu->fgr[rn - FGR_BASE] = T2H_4 (*(unsigned32*)memory);
970 cpu->fgr[rn - FGR_BASE] = T2H_8 (*(unsigned64*)memory);
975 cpu->fgr[rn - FGR_BASE] = T2H_4 (*(unsigned32*)memory);
981 if (cpu->register_widths[rn] == 32)
986 (unsigned32) T2H_8 (*(unsigned64*)memory);
991 cpu->registers[rn] = T2H_4 (*(unsigned32*)memory);
999 cpu->registers[rn] = T2H_8 (*(unsigned64*)memory);
1004 cpu->registers[rn] = (signed32) T2H_4(*(unsigned32*)memory);
1013 sim_fetch_register (sd,rn,memory,length)
1016 unsigned char *memory;
1019 sim_cpu *cpu = STATE_CPU (sd, 0); /* FIXME */
1020 /* NOTE: gdb (the client) stores registers in target byte order
1021 while the simulator uses host byte order */
1023 #if 0 /* FIXME: doesn't compile */
1024 sim_io_printf(sd,"sim_fetch_register(%d=0x%s,mem) : place simulator registers into memory\n",rn,pr_addr(registers[rn]));
1028 if (cpu->register_widths[rn] == 0)
1030 sim_io_eprintf (sd, "Invalid register width for %d (register fetch ignored)\n",rn);
1036 /* Any floating point register */
1037 if (rn >= FGR_BASE && rn < FGR_BASE + NR_FGR)
1039 if (cpu->register_widths[rn] == 32)
1043 *(unsigned64*)memory =
1044 H2T_8 ((unsigned32) (cpu->fgr[rn - FGR_BASE]));
1049 *(unsigned32*)memory = H2T_4 (cpu->fgr[rn - FGR_BASE]);
1057 *(unsigned64*)memory = H2T_8 (cpu->fgr[rn - FGR_BASE]);
1062 *(unsigned32*)memory = H2T_4 ((unsigned32)(cpu->fgr[rn - FGR_BASE]));
1068 if (cpu->register_widths[rn] == 32)
1072 *(unsigned64*)memory =
1073 H2T_8 ((unsigned32) (cpu->registers[rn]));
1078 *(unsigned32*)memory = H2T_4 ((unsigned32)(cpu->registers[rn]));
1086 *(unsigned64*)memory =
1087 H2T_8 ((unsigned64) (cpu->registers[rn]));
1092 *(unsigned32*)memory = H2T_4 ((unsigned32)(cpu->registers[rn]));
1102 sim_create_inferior (sd, abfd, argv,env)
1110 #if 0 /* FIXME: doesn't compile */
1111 printf("DBG: sim_create_inferior entered: start_address = 0x%s\n",
1120 /* override PC value set by ColdReset () */
1122 for (cpu_nr = 0; cpu_nr < sim_engine_nr_cpus (sd); cpu_nr++)
1124 sim_cpu *cpu = STATE_CPU (sd, cpu_nr);
1125 CIA_SET (cpu, (unsigned64) bfd_get_start_address (abfd));
1129 #if 0 /* def DEBUG */
1132 /* We should really place the argv slot values into the argument
1133 registers, and onto the stack as required. However, this
1134 assumes that we have a stack defined, which is not
1135 necessarily true at the moment. */
1137 sim_io_printf(sd,"sim_create_inferior() : passed arguments ignored\n");
1138 for (cptr = argv; (cptr && *cptr); cptr++)
1139 printf("DBG: arg \"%s\"\n",*cptr);
1146 /*---------------------------------------------------------------------------*/
1147 /*-- Private simulator support interface ------------------------------------*/
1148 /*---------------------------------------------------------------------------*/
1150 /* Read a null terminated string from memory, return in a buffer */
1152 fetch_str (SIM_DESC sd,
1158 while (sim_read (sd, addr + nr, &null, 1) == 1 && null != 0)
1160 buf = NZALLOC (char, nr + 1);
1161 sim_read (sd, addr, buf, nr);
1166 /* Implements the "sim firmware" command:
1167 sim firmware NAME[@ADDRESS] --- emulate ROM monitor named NAME.
1168 NAME can be idt, pmon, or lsipmon. If omitted, ADDRESS
1169 defaults to the normal address for that monitor.
1170 sim firmware none --- don't emulate any ROM monitor. Useful
1171 if you need a clean address space. */
1173 sim_firmware_command (SIM_DESC sd, char *arg)
1175 int address_present = 0;
1178 /* Signal occurrence of this option. */
1179 firmware_option_p = 1;
1181 /* Parse out the address, if present. */
1183 char *p = strchr (arg, '@');
1187 address_present = 1;
1188 p ++; /* skip over @ */
1190 address = strtoul (p, &q, 0);
1193 sim_io_printf (sd, "Invalid address given to the"
1194 "`sim firmware NAME@ADDRESS' command: %s\n",
1201 address_present = 0;
1202 address = -1; /* Dummy value. */
1206 if (! strncmp (arg, "idt", 3))
1208 idt_monitor_base = address_present ? address : 0xBFC00000;
1209 pmon_monitor_base = 0;
1210 lsipmon_monitor_base = 0;
1212 else if (! strncmp (arg, "pmon", 4))
1214 /* pmon uses indirect calls. Hook into implied idt. */
1215 pmon_monitor_base = address_present ? address : 0xBFC00500;
1216 idt_monitor_base = pmon_monitor_base - 0x500;
1217 lsipmon_monitor_base = 0;
1219 else if (! strncmp (arg, "lsipmon", 7))
1221 /* lsipmon uses indirect calls. Hook into implied idt. */
1222 pmon_monitor_base = 0;
1223 lsipmon_monitor_base = address_present ? address : 0xBFC00200;
1224 idt_monitor_base = lsipmon_monitor_base - 0x200;
1226 else if (! strncmp (arg, "none", 4))
1228 if (address_present)
1231 "The `sim firmware none' command does "
1232 "not take an `ADDRESS' argument.\n");
1235 idt_monitor_base = 0;
1236 pmon_monitor_base = 0;
1237 lsipmon_monitor_base = 0;
1241 sim_io_printf (sd, "\
1242 Unrecognized name given to the `sim firmware NAME' command: %s\n\
1243 Recognized firmware names are: `idt', `pmon', `lsipmon', and `none'.\n",
1253 /* Simple monitor interface (currently setup for the IDT and PMON monitors) */
1255 sim_monitor (SIM_DESC sd,
1258 unsigned int reason)
1261 printf("DBG: sim_monitor: entered (reason = %d)\n",reason);
1264 /* The IDT monitor actually allows two instructions per vector
1265 slot. However, the simulator currently causes a trap on each
1266 individual instruction. We cheat, and lose the bottom bit. */
1269 /* The following callback functions are available, however the
1270 monitor we are simulating does not make use of them: get_errno,
1271 isatty, lseek, rename, system, time and unlink */
1275 case 6: /* int open(char *path,int flags) */
1277 char *path = fetch_str (sd, A0);
1278 V0 = sim_io_open (sd, path, (int)A1);
1283 case 7: /* int read(int file,char *ptr,int len) */
1287 char *buf = zalloc (nr);
1288 V0 = sim_io_read (sd, fd, buf, nr);
1289 sim_write (sd, A1, buf, nr);
1294 case 8: /* int write(int file,char *ptr,int len) */
1298 char *buf = zalloc (nr);
1299 sim_read (sd, A1, buf, nr);
1300 V0 = sim_io_write (sd, fd, buf, nr);
1302 sim_io_flush_stdout (sd);
1304 sim_io_flush_stderr (sd);
1309 case 10: /* int close(int file) */
1311 V0 = sim_io_close (sd, (int)A0);
1315 case 2: /* Densan monitor: char inbyte(int waitflag) */
1317 if (A0 == 0) /* waitflag == NOWAIT */
1318 V0 = (unsigned_word)-1;
1320 /* Drop through to case 11 */
1322 case 11: /* char inbyte(void) */
1325 /* ensure that all output has gone... */
1326 sim_io_flush_stdout (sd);
1327 if (sim_io_read_stdin (sd, &tmp, sizeof(char)) != sizeof(char))
1329 sim_io_error(sd,"Invalid return from character read");
1330 V0 = (unsigned_word)-1;
1333 V0 = (unsigned_word)tmp;
1337 case 3: /* Densan monitor: void co(char chr) */
1338 case 12: /* void outbyte(char chr) : write a byte to "stdout" */
1340 char tmp = (char)(A0 & 0xFF);
1341 sim_io_write_stdout (sd, &tmp, sizeof(char));
1345 case 17: /* void _exit() */
1347 sim_io_eprintf (sd, "sim_monitor(17): _exit(int reason) to be coded\n");
1348 sim_engine_halt (SD, CPU, NULL, NULL_CIA, sim_exited,
1349 (unsigned int)(A0 & 0xFFFFFFFF));
1353 case 28: /* PMON flush_cache */
1356 case 55: /* void get_mem_info(unsigned int *ptr) */
1357 /* in: A0 = pointer to three word memory location */
1358 /* out: [A0 + 0] = size */
1359 /* [A0 + 4] = instruction cache size */
1360 /* [A0 + 8] = data cache size */
1363 unsigned_4 zero = 0;
1364 address_word mem_size;
1365 sim_memopt *entry, *match = NULL;
1367 /* Search for memory region mapped to KSEG0 or KSEG1. */
1368 for (entry = STATE_MEMOPT (sd);
1370 entry = entry->next)
1372 if ((entry->addr == K0BASE || entry->addr == K1BASE)
1373 && (!match || entry->level < match->level))
1378 for (alias = entry->alias;
1380 alias = alias->next)
1381 if ((alias->addr == K0BASE || alias->addr == K1BASE)
1382 && (!match || entry->level < match->level))
1387 /* Get region size, limit to KSEG1 size (512MB). */
1388 SIM_ASSERT (match != NULL);
1389 mem_size = (match->modulo != 0
1390 ? match->modulo : match->nr_bytes);
1391 if (mem_size > K1SIZE)
1396 sim_write (sd, A0 + 0, (char *)&value, 4);
1397 sim_write (sd, A0 + 4, (char *)&zero, 4);
1398 sim_write (sd, A0 + 8, (char *)&zero, 4);
1399 /* sim_io_eprintf (sd, "sim: get_mem_info() deprecated\n"); */
1403 case 158: /* PMON printf */
1404 /* in: A0 = pointer to format string */
1405 /* A1 = optional argument 1 */
1406 /* A2 = optional argument 2 */
1407 /* A3 = optional argument 3 */
1409 /* The following is based on the PMON printf source */
1411 address_word s = A0;
1413 signed_word *ap = &A1; /* 1st argument */
1414 /* This isn't the quickest way, since we call the host print
1415 routine for every character almost. But it does avoid
1416 having to allocate and manage a temporary string buffer. */
1417 /* TODO: Include check that we only use three arguments (A1,
1419 while (sim_read (sd, s++, &c, 1) && c != '\0')
1424 enum {FMT_RJUST, FMT_LJUST, FMT_RJUST0, FMT_CENTER} fmt = FMT_RJUST;
1425 int width = 0, trunc = 0, haddot = 0, longlong = 0;
1426 while (sim_read (sd, s++, &c, 1) && c != '\0')
1428 if (strchr ("dobxXulscefg%", c))
1443 else if (c >= '1' && c <= '9')
1447 while (sim_read (sd, s++, &c, 1) == 1 && isdigit (c))
1450 n = (unsigned int)strtol(tmp,NULL,10);
1463 sim_io_printf (sd, "%%");
1468 address_word p = *ap++;
1470 while (sim_read (sd, p++, &ch, 1) == 1 && ch != '\0')
1471 sim_io_printf(sd, "%c", ch);
1474 sim_io_printf(sd,"(null)");
1477 sim_io_printf (sd, "%c", (int)*ap++);
1482 sim_read (sd, s++, &c, 1);
1486 sim_read (sd, s++, &c, 1);
1489 if (strchr ("dobxXu", c))
1491 word64 lv = (word64) *ap++;
1493 sim_io_printf(sd,"<binary not supported>");
1496 sprintf (tmp, "%%%s%c", longlong ? "ll" : "", c);
1498 sim_io_printf(sd, tmp, lv);
1500 sim_io_printf(sd, tmp, (int)lv);
1503 else if (strchr ("eEfgG", c))
1505 double dbl = *(double*)(ap++);
1506 sprintf (tmp, "%%%d.%d%c", width, trunc, c);
1507 sim_io_printf (sd, tmp, dbl);
1513 sim_io_printf(sd, "%c", c);
1519 /* Unknown reason. */
1525 /* Store a word into memory. */
1528 store_word (SIM_DESC sd,
1537 if ((vaddr & 3) != 0)
1538 SignalExceptionAddressStore ();
1541 if (AddressTranslation (vaddr, isDATA, isSTORE, &paddr, &uncached,
1544 const uword64 mask = 7;
1548 paddr = (paddr & ~mask) | ((paddr & mask) ^ (ReverseEndian << 2));
1549 byte = (vaddr & mask) ^ (BigEndianCPU << 2);
1550 memval = ((uword64) val) << (8 * byte);
1551 StoreMemory (uncached, AccessLength_WORD, memval, 0, paddr, vaddr,
1557 /* Load a word from memory. */
1560 load_word (SIM_DESC sd,
1565 if ((vaddr & 3) != 0)
1567 SIM_CORE_SIGNAL (SD, cpu, cia, read_map, AccessLength_WORD+1, vaddr, read_transfer, sim_core_unaligned_signal);
1574 if (AddressTranslation (vaddr, isDATA, isLOAD, &paddr, &uncached,
1577 const uword64 mask = 0x7;
1578 const unsigned int reverse = ReverseEndian ? 1 : 0;
1579 const unsigned int bigend = BigEndianCPU ? 1 : 0;
1583 paddr = (paddr & ~mask) | ((paddr & mask) ^ (reverse << 2));
1584 LoadMemory (&memval,NULL,uncached, AccessLength_WORD, paddr, vaddr,
1586 byte = (vaddr & mask) ^ (bigend << 2);
1587 return EXTEND32 (memval >> (8 * byte));
1594 /* Simulate the mips16 entry and exit pseudo-instructions. These
1595 would normally be handled by the reserved instruction exception
1596 code, but for ease of simulation we just handle them directly. */
1599 mips16_entry (SIM_DESC sd,
1604 int aregs, sregs, rreg;
1607 printf("DBG: mips16_entry: entered (insn = 0x%08X)\n",insn);
1610 aregs = (insn & 0x700) >> 8;
1611 sregs = (insn & 0x0c0) >> 6;
1612 rreg = (insn & 0x020) >> 5;
1614 /* This should be checked by the caller. */
1623 /* This is the entry pseudo-instruction. */
1625 for (i = 0; i < aregs; i++)
1626 store_word (SD, CPU, cia, (uword64) (SP + 4 * i), GPR[i + 4]);
1634 store_word (SD, CPU, cia, (uword64) tsp, RA);
1637 for (i = 0; i < sregs; i++)
1640 store_word (SD, CPU, cia, (uword64) tsp, GPR[16 + i]);
1648 /* This is the exit pseudo-instruction. */
1655 RA = load_word (SD, CPU, cia, (uword64) tsp);
1658 for (i = 0; i < sregs; i++)
1661 GPR[i + 16] = load_word (SD, CPU, cia, (uword64) tsp);
1666 if (CURRENT_FLOATING_POINT == HARD_FLOATING_POINT)
1670 FGR[0] = WORD64LO (GPR[4]);
1671 FPR_STATE[0] = fmt_uninterpreted;
1673 else if (aregs == 6)
1675 FGR[0] = WORD64LO (GPR[5]);
1676 FGR[1] = WORD64LO (GPR[4]);
1677 FPR_STATE[0] = fmt_uninterpreted;
1678 FPR_STATE[1] = fmt_uninterpreted;
1687 /*-- trace support ----------------------------------------------------------*/
1689 /* The TRACE support is provided (if required) in the memory accessing
1690 routines. Since we are also providing the architecture specific
1691 features, the architecture simulation code can also deal with
1692 notifying the TRACE world of cache flushes, etc. Similarly we do
1693 not need to provide profiling support in the simulator engine,
1694 since we can sample in the instruction fetch control loop. By
1695 defining the TRACE manifest, we add tracing as a run-time
1699 /* Tracing by default produces "din" format (as required by
1700 dineroIII). Each line of such a trace file *MUST* have a din label
1701 and address field. The rest of the line is ignored, so comments can
1702 be included if desired. The first field is the label which must be
1703 one of the following values:
1708 3 escape record (treated as unknown access type)
1709 4 escape record (causes cache flush)
1711 The address field is a 32bit (lower-case) hexadecimal address
1712 value. The address should *NOT* be preceded by "0x".
1714 The size of the memory transfer is not important when dealing with
1715 cache lines (as long as no more than a cache line can be
1716 transferred in a single operation :-), however more information
1717 could be given following the dineroIII requirement to allow more
1718 complete memory and cache simulators to provide better
1719 results. i.e. the University of Pisa has a cache simulator that can
1720 also take bus size and speed as (variable) inputs to calculate
1721 complete system performance (a much more useful ability when trying
1722 to construct an end product, rather than a processor). They
1723 currently have an ARM version of their tool called ChARM. */
1727 dotrace (SIM_DESC sd,
1735 if (STATE & simTRACE) {
1737 fprintf(tracefh,"%d %s ; width %d ; ",
1741 va_start(ap,comment);
1742 vfprintf(tracefh,comment,ap);
1744 fprintf(tracefh,"\n");
1746 /* NOTE: Since the "din" format will only accept 32bit addresses, and
1747 we may be generating 64bit ones, we should put the hi-32bits of the
1748 address into the comment field. */
1750 /* TODO: Provide a buffer for the trace lines. We can then avoid
1751 performing writes until the buffer is filled, or the file is
1754 /* NOTE: We could consider adding a comment field to the "din" file
1755 produced using type 3 markers (unknown access). This would then
1756 allow information about the program that the "din" is for, and
1757 the MIPs world that was being simulated, to be placed into the
1764 /*---------------------------------------------------------------------------*/
1765 /*-- simulator engine -------------------------------------------------------*/
1766 /*---------------------------------------------------------------------------*/
1769 ColdReset (SIM_DESC sd)
1772 for (cpu_nr = 0; cpu_nr < sim_engine_nr_cpus (sd); cpu_nr++)
1774 sim_cpu *cpu = STATE_CPU (sd, cpu_nr);
1775 /* RESET: Fixed PC address: */
1776 PC = (unsigned_word) UNSIGNED64 (0xFFFFFFFFBFC00000);
1777 /* The reset vector address is in the unmapped, uncached memory space. */
1779 SR &= ~(status_SR | status_TS | status_RP);
1780 SR |= (status_ERL | status_BEV);
1782 /* Cheat and allow access to the complete register set immediately */
1783 if (CURRENT_FLOATING_POINT == HARD_FLOATING_POINT
1784 && WITH_TARGET_WORD_BITSIZE == 64)
1785 SR |= status_FR; /* 64bit registers */
1787 /* Ensure that any instructions with pending register updates are
1789 PENDING_INVALIDATE();
1791 /* Initialise the FPU registers to the unknown state */
1792 if (CURRENT_FLOATING_POINT == HARD_FLOATING_POINT)
1795 for (rn = 0; (rn < 32); rn++)
1796 FPR_STATE[rn] = fmt_uninterpreted;
1799 /* Initialise the Config0 register. */
1800 C0_CONFIG = 0x80000000 /* Config1 present */
1801 | 2; /* KSEG0 uncached */
1802 if (WITH_TARGET_WORD_BITSIZE == 64)
1804 /* FIXME Currently mips/sim-main.c:address_translation()
1805 truncates all addresses to 32-bits. */
1806 if (0 && WITH_TARGET_ADDRESS_BITSIZE == 64)
1807 C0_CONFIG |= (2 << 13); /* MIPS64, 64-bit addresses */
1809 C0_CONFIG |= (1 << 13); /* MIPS64, 32-bit addresses */
1812 C0_CONFIG |= 0x00008000; /* Big Endian */
1819 /* Description from page A-26 of the "MIPS IV Instruction Set" manual (revision 3.1) */
1820 /* Signal an exception condition. This will result in an exception
1821 that aborts the instruction. The instruction operation pseudocode
1822 will never see a return from this function call. */
1825 signal_exception (SIM_DESC sd,
1833 sim_io_printf(sd,"DBG: SignalException(%d) PC = 0x%s\n",exception,pr_addr(cia));
1836 /* Ensure that any active atomic read/modify/write operation will fail: */
1839 /* Save registers before interrupt dispatching */
1840 #ifdef SIM_CPU_EXCEPTION_TRIGGER
1841 SIM_CPU_EXCEPTION_TRIGGER(sd, cpu, cia);
1844 switch (exception) {
1846 case DebugBreakPoint:
1847 if (! (Debug & Debug_DM))
1853 Debug |= Debug_DBD; /* signaled from within in delay slot */
1854 DEPC = cia - 4; /* reference the branch instruction */
1858 Debug &= ~Debug_DBD; /* not signaled from within a delay slot */
1862 Debug |= Debug_DM; /* in debugging mode */
1863 Debug |= Debug_DBp; /* raising a DBp exception */
1865 sim_engine_restart (SD, CPU, NULL, NULL_CIA);
1869 case ReservedInstruction:
1872 unsigned int instruction;
1873 va_start(ap,exception);
1874 instruction = va_arg(ap,unsigned int);
1876 /* Provide simple monitor support using ReservedInstruction
1877 exceptions. The following code simulates the fixed vector
1878 entry points into the IDT monitor by causing a simulator
1879 trap, performing the monitor operation, and returning to
1880 the address held in the $ra register (standard PCS return
1881 address). This means we only need to pre-load the vector
1882 space with suitable instruction values. For systems were
1883 actual trap instructions are used, we would not need to
1884 perform this magic. */
1885 if ((instruction & RSVD_INSTRUCTION_MASK) == RSVD_INSTRUCTION)
1887 int reason = (instruction >> RSVD_INSTRUCTION_ARG_SHIFT) & RSVD_INSTRUCTION_ARG_MASK;
1888 if (!sim_monitor (SD, CPU, cia, reason))
1889 sim_io_error (sd, "sim_monitor: unhandled reason = %d, pc = 0x%s\n", reason, pr_addr (cia));
1891 /* NOTE: This assumes that a branch-and-link style
1892 instruction was used to enter the vector (which is the
1893 case with the current IDT monitor). */
1894 sim_engine_restart (SD, CPU, NULL, RA);
1896 /* Look for the mips16 entry and exit instructions, and
1897 simulate a handler for them. */
1898 else if ((cia & 1) != 0
1899 && (instruction & 0xf81f) == 0xe809
1900 && (instruction & 0x0c0) != 0x0c0)
1902 mips16_entry (SD, CPU, cia, instruction);
1903 sim_engine_restart (sd, NULL, NULL, NULL_CIA);
1905 /* else fall through to normal exception processing */
1906 sim_io_eprintf(sd,"ReservedInstruction at PC = 0x%s\n", pr_addr (cia));
1910 /* Store exception code into current exception id variable (used
1913 /* TODO: If not simulating exceptions then stop the simulator
1914 execution. At the moment we always stop the simulation. */
1916 #ifdef SUBTARGET_R3900
1917 /* update interrupt-related registers */
1919 /* insert exception code in bits 6:2 */
1920 CAUSE = LSMASKED32(CAUSE, 31, 7) | LSINSERTED32(exception, 6, 2);
1921 /* shift IE/KU history bits left */
1922 SR = LSMASKED32(SR, 31, 4) | LSINSERTED32(LSEXTRACTED32(SR, 3, 0), 5, 2);
1924 if (STATE & simDELAYSLOT)
1926 STATE &= ~simDELAYSLOT;
1928 EPC = (cia - 4); /* reference the branch instruction */
1933 if (SR & status_BEV)
1934 PC = (signed)0xBFC00000 + 0x180;
1936 PC = (signed)0x80000000 + 0x080;
1938 /* See figure 5-17 for an outline of the code below */
1939 if (! (SR & status_EXL))
1941 CAUSE = (exception << 2);
1942 if (STATE & simDELAYSLOT)
1944 STATE &= ~simDELAYSLOT;
1946 EPC = (cia - 4); /* reference the branch instruction */
1950 /* FIXME: TLB et.al. */
1951 /* vector = 0x180; */
1955 CAUSE = (exception << 2);
1956 /* vector = 0x180; */
1959 /* Store exception code into current exception id variable (used
1962 if (SR & status_BEV)
1963 PC = (signed)0xBFC00200 + 0x180;
1965 PC = (signed)0x80000000 + 0x180;
1968 switch ((CAUSE >> 2) & 0x1F)
1971 /* Interrupts arrive during event processing, no need to
1977 #ifdef SUBTARGET_3900
1978 /* Exception vector: BEV=0 BFC00000 / BEF=1 BFC00000 */
1979 PC = (signed)0xBFC00000;
1980 #endif /* SUBTARGET_3900 */
1983 case TLBModification:
1988 case InstructionFetch:
1990 /* The following is so that the simulator will continue from the
1991 exception handler address. */
1992 sim_engine_halt (SD, CPU, NULL, PC,
1993 sim_stopped, SIM_SIGBUS);
1995 case ReservedInstruction:
1996 case CoProcessorUnusable:
1998 sim_engine_halt (SD, CPU, NULL, PC,
1999 sim_stopped, SIM_SIGILL);
2001 case IntegerOverflow:
2003 sim_engine_halt (SD, CPU, NULL, PC,
2004 sim_stopped, SIM_SIGFPE);
2007 sim_engine_halt (SD, CPU, NULL, PC, sim_stopped, SIM_SIGTRAP);
2012 sim_engine_restart (SD, CPU, NULL, PC);
2017 sim_engine_halt (SD, CPU, NULL, PC,
2018 sim_stopped, SIM_SIGTRAP);
2020 default: /* Unknown internal exception */
2022 sim_engine_halt (SD, CPU, NULL, PC,
2023 sim_stopped, SIM_SIGABRT);
2027 case SimulatorFault:
2031 va_start(ap,exception);
2032 msg = va_arg(ap,char *);
2034 sim_engine_abort (SD, CPU, NULL_CIA,
2035 "FATAL: Simulator error \"%s\"\n",msg);
2044 /* This function implements what the MIPS32 and MIPS64 ISAs define as
2045 "UNPREDICTABLE" behaviour.
2047 About UNPREDICTABLE behaviour they say: "UNPREDICTABLE results
2048 may vary from processor implementation to processor implementation,
2049 instruction to instruction, or as a function of time on the same
2050 implementation or instruction. Software can never depend on results
2051 that are UNPREDICTABLE. ..." (MIPS64 Architecture for Programmers
2052 Volume II, The MIPS64 Instruction Set. MIPS Document MD00087 revision
2055 For UNPREDICTABLE behaviour, we print a message, if possible print
2056 the offending instructions mips.igen instruction name (provided by
2057 the caller), and stop the simulator.
2059 XXX FIXME: eventually, stopping the simulator should be made conditional
2060 on a command-line option. */
2062 unpredictable_action(sim_cpu *cpu, address_word cia)
2064 SIM_DESC sd = CPU_STATE(cpu);
2066 sim_io_eprintf(sd, "UNPREDICTABLE: PC = 0x%s\n", pr_addr (cia));
2067 sim_engine_halt (SD, CPU, NULL, cia, sim_stopped, SIM_SIGABRT);
2071 /*-- co-processor support routines ------------------------------------------*/
2074 CoProcPresent(unsigned int coproc_number)
2076 /* Return TRUE if simulator provides a model for the given co-processor number */
2081 cop_lw (SIM_DESC sd,
2086 unsigned int memword)
2091 if (CURRENT_FLOATING_POINT == HARD_FLOATING_POINT)
2094 printf("DBG: COP_LW: memword = 0x%08X (uword64)memword = 0x%s\n",memword,pr_addr(memword));
2096 StoreFPR(coproc_reg,fmt_uninterpreted_32,(uword64)memword);
2101 #if 0 /* this should be controlled by a configuration option */
2102 sim_io_printf(sd,"COP_LW(%d,%d,0x%08X) at PC = 0x%s : TODO (architecture specific)\n",coproc_num,coproc_reg,memword,pr_addr(cia));
2111 cop_ld (SIM_DESC sd,
2120 printf("DBG: COP_LD: coproc_num = %d, coproc_reg = %d, value = 0x%s : PC = 0x%s\n", coproc_num, coproc_reg, pr_uword64(memword), pr_addr(cia) );
2123 switch (coproc_num) {
2125 if (CURRENT_FLOATING_POINT == HARD_FLOATING_POINT)
2127 StoreFPR(coproc_reg,fmt_uninterpreted_64,memword);
2132 #if 0 /* this message should be controlled by a configuration option */
2133 sim_io_printf(sd,"COP_LD(%d,%d,0x%s) at PC = 0x%s : TODO (architecture specific)\n",coproc_num,coproc_reg,pr_addr(memword),pr_addr(cia));
2145 cop_sw (SIM_DESC sd,
2151 unsigned int value = 0;
2156 if (CURRENT_FLOATING_POINT == HARD_FLOATING_POINT)
2158 value = (unsigned int)ValueFPR(coproc_reg,fmt_uninterpreted_32);
2163 #if 0 /* should be controlled by configuration option */
2164 sim_io_printf(sd,"COP_SW(%d,%d) at PC = 0x%s : TODO (architecture specific)\n",coproc_num,coproc_reg,pr_addr(cia));
2173 cop_sd (SIM_DESC sd,
2183 if (CURRENT_FLOATING_POINT == HARD_FLOATING_POINT)
2185 value = ValueFPR(coproc_reg,fmt_uninterpreted_64);
2190 #if 0 /* should be controlled by configuration option */
2191 sim_io_printf(sd,"COP_SD(%d,%d) at PC = 0x%s : TODO (architecture specific)\n",coproc_num,coproc_reg,pr_addr(cia));
2203 decode_coproc (SIM_DESC sd,
2206 unsigned int instruction)
2208 int coprocnum = ((instruction >> 26) & 3);
2212 case 0: /* standard CPU control and cache registers */
2214 int code = ((instruction >> 21) & 0x1F);
2215 int rt = ((instruction >> 16) & 0x1F);
2216 int rd = ((instruction >> 11) & 0x1F);
2217 int tail = instruction & 0x3ff;
2218 /* R4000 Users Manual (second edition) lists the following CP0
2220 CODE><-RT><RD-><--TAIL--->
2221 DMFC0 Doubleword Move From CP0 (VR4100 = 01000000001tttttddddd00000000000)
2222 DMTC0 Doubleword Move To CP0 (VR4100 = 01000000101tttttddddd00000000000)
2223 MFC0 word Move From CP0 (VR4100 = 01000000000tttttddddd00000000000)
2224 MTC0 word Move To CP0 (VR4100 = 01000000100tttttddddd00000000000)
2225 TLBR Read Indexed TLB Entry (VR4100 = 01000010000000000000000000000001)
2226 TLBWI Write Indexed TLB Entry (VR4100 = 01000010000000000000000000000010)
2227 TLBWR Write Random TLB Entry (VR4100 = 01000010000000000000000000000110)
2228 TLBP Probe TLB for Matching Entry (VR4100 = 01000010000000000000000000001000)
2229 CACHE Cache operation (VR4100 = 101111bbbbbpppppiiiiiiiiiiiiiiii)
2230 ERET Exception return (VR4100 = 01000010000000000000000000011000)
2232 if (((code == 0x00) || (code == 0x04) /* MFC0 / MTC0 */
2233 || (code == 0x01) || (code == 0x05)) /* DMFC0 / DMTC0 */
2236 /* Clear double/single coprocessor move bit. */
2239 /* M[TF]C0 (32 bits) | DM[TF]C0 (64 bits) */
2241 switch (rd) /* NOTEs: Standard CP0 registers */
2243 /* 0 = Index R4000 VR4100 VR4300 */
2244 /* 1 = Random R4000 VR4100 VR4300 */
2245 /* 2 = EntryLo0 R4000 VR4100 VR4300 */
2246 /* 3 = EntryLo1 R4000 VR4100 VR4300 */
2247 /* 4 = Context R4000 VR4100 VR4300 */
2248 /* 5 = PageMask R4000 VR4100 VR4300 */
2249 /* 6 = Wired R4000 VR4100 VR4300 */
2250 /* 8 = BadVAddr R4000 VR4100 VR4300 */
2251 /* 9 = Count R4000 VR4100 VR4300 */
2252 /* 10 = EntryHi R4000 VR4100 VR4300 */
2253 /* 11 = Compare R4000 VR4100 VR4300 */
2254 /* 12 = SR R4000 VR4100 VR4300 */
2255 #ifdef SUBTARGET_R3900
2257 /* 3 = Config R3900 */
2259 /* 7 = Cache R3900 */
2261 /* 15 = PRID R3900 */
2267 /* 8 = BadVAddr R4000 VR4100 VR4300 */
2269 GPR[rt] = (signed_word) (signed_address) COP0_BADVADDR;
2271 COP0_BADVADDR = GPR[rt];
2274 #endif /* SUBTARGET_R3900 */
2281 /* 13 = Cause R4000 VR4100 VR4300 */
2288 /* 14 = EPC R4000 VR4100 VR4300 */
2291 GPR[rt] = (signed_word) (signed_address) EPC;
2295 /* 15 = PRId R4000 VR4100 VR4300 */
2296 #ifdef SUBTARGET_R3900
2305 /* 16 = Config R4000 VR4100 VR4300 */
2308 GPR[rt] = C0_CONFIG;
2310 /* only bottom three bits are writable */
2311 C0_CONFIG = (C0_CONFIG & ~0x7) | (GPR[rt] & 0x7);
2314 #ifdef SUBTARGET_R3900
2323 /* 17 = LLAddr R4000 VR4100 VR4300 */
2325 /* 18 = WatchLo R4000 VR4100 VR4300 */
2326 /* 19 = WatchHi R4000 VR4100 VR4300 */
2327 /* 20 = XContext R4000 VR4100 VR4300 */
2328 /* 26 = PErr or ECC R4000 VR4100 VR4300 */
2329 /* 27 = CacheErr R4000 VR4100 */
2330 /* 28 = TagLo R4000 VR4100 VR4300 */
2331 /* 29 = TagHi R4000 VR4100 VR4300 */
2332 /* 30 = ErrorEPC R4000 VR4100 VR4300 */
2333 if (STATE_VERBOSE_P(SD))
2335 "Warning: PC 0x%lx:interp.c decode_coproc DEADC0DE\n",
2336 (unsigned long)cia);
2337 GPR[rt] = 0xDEADC0DE; /* CPR[0,rd] */
2338 /* CPR[0,rd] = GPR[rt]; */
2341 GPR[rt] = (signed_word) (signed32) COP0_GPR[rd];
2343 COP0_GPR[rd] = GPR[rt];
2346 sim_io_printf(sd,"Warning: MFC0 %d,%d ignored, PC=%08x (architecture specific)\n",rt,rd, (unsigned)cia);
2348 sim_io_printf(sd,"Warning: MTC0 %d,%d ignored, PC=%08x (architecture specific)\n",rt,rd, (unsigned)cia);
2352 else if ((code == 0x00 || code == 0x01)
2355 /* [D]MFC0 RT,C0_CONFIG,SEL */
2357 switch (tail & 0x07)
2363 /* MIPS32 r/o Config1:
2366 /* MIPS16 implemented.
2367 XXX How to check configuration? */
2369 if (CURRENT_FLOATING_POINT == HARD_FLOATING_POINT)
2370 /* MDMX & FPU implemented */
2374 /* MIPS32 r/o Config2:
2379 /* MIPS32 r/o Config3:
2380 SmartMIPS implemented. */
2386 else if (code == 0x10 && (tail & 0x3f) == 0x18)
2389 if (SR & status_ERL)
2391 /* Oops, not yet available */
2392 sim_io_printf(sd,"Warning: ERET when SR[ERL] set not handled yet");
2402 else if (code == 0x10 && (tail & 0x3f) == 0x10)
2405 #ifdef SUBTARGET_R3900
2406 /* TX39: Copy IEp/KUp -> IEc/KUc, and IEo/KUo -> IEp/KUp */
2408 /* shift IE/KU history bits right */
2409 SR = LSMASKED32(SR, 31, 4) | LSINSERTED32(LSEXTRACTED32(SR, 5, 2), 3, 0);
2411 /* TODO: CACHE register */
2412 #endif /* SUBTARGET_R3900 */
2414 else if (code == 0x10 && (tail & 0x3f) == 0x1F)
2422 sim_io_eprintf(sd,"Unrecognised COP0 instruction 0x%08X at PC = 0x%s : No handler present\n",instruction,pr_addr(cia));
2423 /* TODO: When executing an ERET or RFE instruction we should
2424 clear LLBIT, to ensure that any out-standing atomic
2425 read/modify/write sequence fails. */
2429 case 2: /* co-processor 2 */
2436 sim_io_eprintf(sd, "COP2 instruction 0x%08X at PC = 0x%s : No handler present\n",
2437 instruction,pr_addr(cia));
2442 case 1: /* should not occur (FPU co-processor) */
2443 case 3: /* should not occur (FPU co-processor) */
2444 SignalException(ReservedInstruction,instruction);
2452 /* This code copied from gdb's utils.c. Would like to share this code,
2453 but don't know of a common place where both could get to it. */
2455 /* Temporary storage using circular buffer */
2461 static char buf[NUMCELLS][CELLSIZE];
2463 if (++cell>=NUMCELLS) cell=0;
2467 /* Print routines to handle variable size regs, etc */
2469 /* Eliminate warning from compiler on 32-bit systems */
2470 static int thirty_two = 32;
2476 char *paddr_str=get_cell();
2477 switch (sizeof(addr))
2480 sprintf(paddr_str,"%08lx%08lx",
2481 (unsigned long)(addr>>thirty_two),(unsigned long)(addr&0xffffffff));
2484 sprintf(paddr_str,"%08lx",(unsigned long)addr);
2487 sprintf(paddr_str,"%04x",(unsigned short)(addr&0xffff));
2490 sprintf(paddr_str,"%x",addr);
2499 char *paddr_str=get_cell();
2500 sprintf(paddr_str,"%08lx%08lx",
2501 (unsigned long)(addr>>thirty_two),(unsigned long)(addr&0xffffffff));
2507 mips_core_signal (SIM_DESC sd,
2513 transfer_type transfer,
2514 sim_core_signals sig)
2516 const char *copy = (transfer == read_transfer ? "read" : "write");
2517 address_word ip = CIA_ADDR (cia);
2521 case sim_core_unmapped_signal:
2522 sim_io_eprintf (sd, "mips-core: %d byte %s to unmapped address 0x%lx at 0x%lx\n",
2524 (unsigned long) addr, (unsigned long) ip);
2525 COP0_BADVADDR = addr;
2526 SignalExceptionDataReference();
2529 case sim_core_unaligned_signal:
2530 sim_io_eprintf (sd, "mips-core: %d byte %s to unaligned address 0x%lx at 0x%lx\n",
2532 (unsigned long) addr, (unsigned long) ip);
2533 COP0_BADVADDR = addr;
2534 if(transfer == read_transfer)
2535 SignalExceptionAddressLoad();
2537 SignalExceptionAddressStore();
2541 sim_engine_abort (sd, cpu, cia,
2542 "mips_core_signal - internal error - bad switch");
2548 mips_cpu_exception_trigger(SIM_DESC sd, sim_cpu* cpu, address_word cia)
2550 ASSERT(cpu != NULL);
2552 if(cpu->exc_suspended > 0)
2553 sim_io_eprintf(sd, "Warning, nested exception triggered (%d)\n", cpu->exc_suspended);
2556 memcpy(cpu->exc_trigger_registers, cpu->registers, sizeof(cpu->exc_trigger_registers));
2557 cpu->exc_suspended = 0;
2561 mips_cpu_exception_suspend(SIM_DESC sd, sim_cpu* cpu, int exception)
2563 ASSERT(cpu != NULL);
2565 if(cpu->exc_suspended > 0)
2566 sim_io_eprintf(sd, "Warning, nested exception signal (%d then %d)\n",
2567 cpu->exc_suspended, exception);
2569 memcpy(cpu->exc_suspend_registers, cpu->registers, sizeof(cpu->exc_suspend_registers));
2570 memcpy(cpu->registers, cpu->exc_trigger_registers, sizeof(cpu->registers));
2571 cpu->exc_suspended = exception;
2575 mips_cpu_exception_resume(SIM_DESC sd, sim_cpu* cpu, int exception)
2577 ASSERT(cpu != NULL);
2579 if(exception == 0 && cpu->exc_suspended > 0)
2581 /* warn not for breakpoints */
2582 if(cpu->exc_suspended != sim_signal_to_host(sd, SIM_SIGTRAP))
2583 sim_io_eprintf(sd, "Warning, resuming but ignoring pending exception signal (%d)\n",
2584 cpu->exc_suspended);
2586 else if(exception != 0 && cpu->exc_suspended > 0)
2588 if(exception != cpu->exc_suspended)
2589 sim_io_eprintf(sd, "Warning, resuming with mismatched exception signal (%d vs %d)\n",
2590 cpu->exc_suspended, exception);
2592 memcpy(cpu->registers, cpu->exc_suspend_registers, sizeof(cpu->registers));
2594 else if(exception != 0 && cpu->exc_suspended == 0)
2596 sim_io_eprintf(sd, "Warning, ignoring spontanous exception signal (%d)\n", exception);
2598 cpu->exc_suspended = 0;
2602 /*---------------------------------------------------------------------------*/
2603 /*> EOF interp.c <*/
projects / external / binutils.git / blob