2 /* Simulator for the MIPS architecture.
4 This file is part of the MIPS sim
6 THIS SOFTWARE IS NOT COPYRIGHTED
8 Cygnus offers the following for use in the public domain. Cygnus
9 makes no warranty with regard to the software or it's performance
10 and the user accepts the software "AS IS" with all faults.
12 CYGNUS DISCLAIMS ANY WARRANTIES, EXPRESS OR IMPLIED, WITH REGARD TO
13 THIS SOFTWARE INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
14 MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.
18 The IDT monitor (found on the VR4300 board), seems to lie about
19 register contents. It seems to treat the registers as sign-extended
20 32-bit values. This cause *REAL* problems when single-stepping 64-bit
25 /* The TRACE manifests enable the provision of extra features. If they
26 are not defined then a simpler (quicker) simulator is constructed
27 without the required run-time checks, etc. */
28 #if 1 /* 0 to allow user build selection, 1 to force inclusion */
35 #include "sim-utils.h"
36 #include "sim-options.h"
37 #include "sim-assert.h"
63 #include "libiberty.h"
65 #include "gdb/callback.h" /* GDB simulator callback interface */
66 #include "gdb/remote-sim.h" /* GDB simulator interface */
68 char* pr_addr (SIM_ADDR addr);
69 char* pr_uword64 (uword64 addr);
72 /* Within interp.c we refer to the sim_state and sim_cpu directly. */
77 /* The following reserved instruction value is used when a simulator
78 trap is required. NOTE: Care must be taken, since this value may be
79 used in later revisions of the MIPS ISA. */
81 #define RSVD_INSTRUCTION (0x00000005)
82 #define RSVD_INSTRUCTION_MASK (0xFC00003F)
84 #define RSVD_INSTRUCTION_ARG_SHIFT 6
85 #define RSVD_INSTRUCTION_ARG_MASK 0xFFFFF
88 /* Bits in the Debug register */
89 #define Debug_DBD 0x80000000 /* Debug Branch Delay */
90 #define Debug_DM 0x40000000 /* Debug Mode */
91 #define Debug_DBp 0x00000002 /* Debug Breakpoint indicator */
93 /*---------------------------------------------------------------------------*/
94 /*-- GDB simulator interface ------------------------------------------------*/
95 /*---------------------------------------------------------------------------*/
97 static void ColdReset (SIM_DESC sd);
99 /*---------------------------------------------------------------------------*/
103 #define DELAYSLOT() {\
104 if (STATE & simDELAYSLOT)\
105 sim_io_eprintf(sd,"Delay slot already activated (branch in delay slot?)\n");\
106 STATE |= simDELAYSLOT;\
109 #define JALDELAYSLOT() {\
111 STATE |= simJALDELAYSLOT;\
115 STATE &= ~simDELAYSLOT;\
116 STATE |= simSKIPNEXT;\
119 #define CANCELDELAYSLOT() {\
121 STATE &= ~(simDELAYSLOT | simJALDELAYSLOT);\
124 #define INDELAYSLOT() ((STATE & simDELAYSLOT) != 0)
125 #define INJALDELAYSLOT() ((STATE & simJALDELAYSLOT) != 0)
127 /* Note that the monitor code essentially assumes this layout of memory.
128 If you change these, change the monitor code, too. */
129 /* FIXME Currently addresses are truncated to 32-bits, see
130 mips/sim-main.c:address_translation(). If that changes, then these
131 values will need to be extended, and tested for more carefully. */
132 #define K0BASE (0x80000000)
133 #define K0SIZE (0x20000000)
134 #define K1BASE (0xA0000000)
135 #define K1SIZE (0x20000000)
137 /* Simple run-time monitor support.
139 We emulate the monitor by placing magic reserved instructions at
140 the monitor's entry points; when we hit these instructions, instead
141 of raising an exception (as we would normally), we look at the
142 instruction and perform the appropriate monitory operation.
144 `*_monitor_base' are the physical addresses at which the corresponding
145 monitor vectors are located. `0' means none. By default,
147 The RSVD_INSTRUCTION... macros specify the magic instructions we
148 use at the monitor entry points. */
149 static int firmware_option_p = 0;
150 static SIM_ADDR idt_monitor_base = 0xBFC00000;
151 static SIM_ADDR pmon_monitor_base = 0xBFC00500;
152 static SIM_ADDR lsipmon_monitor_base = 0xBFC00200;
154 static SIM_RC sim_firmware_command (SIM_DESC sd, char* arg);
157 #define MEM_SIZE (8 << 20) /* 8 MBytes */
161 static char *tracefile = "trace.din"; /* default filename for trace log */
162 FILE *tracefh = NULL;
163 static void open_trace (SIM_DESC sd);
166 static const char * get_insn_name (sim_cpu *, int);
168 /* simulation target board. NULL=canonical */
169 static char* board = NULL;
172 static DECLARE_OPTION_HANDLER (mips_option_handler);
175 OPTION_DINERO_TRACE = OPTION_START,
182 static int display_mem_info = 0;
185 mips_option_handler (sd, cpu, opt, arg, is_command)
195 case OPTION_DINERO_TRACE: /* ??? */
197 /* Eventually the simTRACE flag could be treated as a toggle, to
198 allow external control of the program points being traced
199 (i.e. only from main onwards, excluding the run-time setup,
201 for (cpu_nr = 0; cpu_nr < MAX_NR_PROCESSORS; cpu_nr++)
203 sim_cpu *cpu = STATE_CPU (sd, cpu_nr);
206 else if (strcmp (arg, "yes") == 0)
208 else if (strcmp (arg, "no") == 0)
210 else if (strcmp (arg, "on") == 0)
212 else if (strcmp (arg, "off") == 0)
216 fprintf (stderr, "Unrecognized dinero-trace option `%s'\n", arg);
223 Simulator constructed without dinero tracing support (for performance).\n\
224 Re-compile simulator with \"-DTRACE\" to enable this option.\n");
228 case OPTION_DINERO_FILE:
230 if (optarg != NULL) {
232 tmp = (char *)malloc(strlen(optarg) + 1);
235 sim_io_printf(sd,"Failed to allocate buffer for tracefile name \"%s\"\n",optarg);
241 sim_io_printf(sd,"Placing trace information into file \"%s\"\n",tracefile);
247 case OPTION_FIRMWARE:
248 return sim_firmware_command (sd, arg);
254 board = zalloc(strlen(arg) + 1);
260 case OPTION_INFO_MEMORY:
261 display_mem_info = 1;
269 static const OPTION mips_options[] =
271 { {"dinero-trace", optional_argument, NULL, OPTION_DINERO_TRACE},
272 '\0', "on|off", "Enable dinero tracing",
273 mips_option_handler },
274 { {"dinero-file", required_argument, NULL, OPTION_DINERO_FILE},
275 '\0', "FILE", "Write dinero trace to FILE",
276 mips_option_handler },
277 { {"firmware", required_argument, NULL, OPTION_FIRMWARE},
278 '\0', "[idt|pmon|lsipmon|none][@ADDRESS]", "Emulate ROM monitor",
279 mips_option_handler },
280 { {"board", required_argument, NULL, OPTION_BOARD},
281 '\0', "none" /* rely on compile-time string concatenation for other options */
283 #define BOARD_JMR3904 "jmr3904"
285 #define BOARD_JMR3904_PAL "jmr3904pal"
286 "|" BOARD_JMR3904_PAL
287 #define BOARD_JMR3904_DEBUG "jmr3904debug"
288 "|" BOARD_JMR3904_DEBUG
289 #define BOARD_BSP "bsp"
292 , "Customize simulation for a particular board.", mips_option_handler },
294 /* These next two options have the same names as ones found in the
295 memory_options[] array in common/sim-memopt.c. This is because
296 the intention is to provide an alternative handler for those two
297 options. We need an alternative handler because the memory
298 regions are not set up until after the command line arguments
299 have been parsed, and so we cannot display the memory info whilst
300 processing the command line. There is a hack in sim_open to
301 remove these handlers when we want the real --memory-info option
303 { { "info-memory", no_argument, NULL, OPTION_INFO_MEMORY },
304 '\0', NULL, "List configured memory regions", mips_option_handler },
305 { { "memory-info", no_argument, NULL, OPTION_INFO_MEMORY },
306 '\0', NULL, NULL, mips_option_handler },
308 { {NULL, no_argument, NULL, 0}, '\0', NULL, NULL, NULL }
312 int interrupt_pending;
315 interrupt_event (SIM_DESC sd, void *data)
317 sim_cpu *cpu = STATE_CPU (sd, 0); /* FIXME */
318 address_word cia = CIA_GET (cpu);
321 interrupt_pending = 0;
322 SignalExceptionInterrupt (1); /* interrupt "1" */
324 else if (!interrupt_pending)
325 sim_events_schedule (sd, 1, interrupt_event, data);
329 /*---------------------------------------------------------------------------*/
330 /*-- Device registration hook -----------------------------------------------*/
331 /*---------------------------------------------------------------------------*/
332 static void device_init(SIM_DESC sd) {
334 extern void register_devices(SIM_DESC);
335 register_devices(sd);
339 /*---------------------------------------------------------------------------*/
340 /*-- GDB simulator interface ------------------------------------------------*/
341 /*---------------------------------------------------------------------------*/
344 sim_open (kind, cb, abfd, argv)
350 SIM_DESC sd = sim_state_alloc (kind, cb);
351 sim_cpu *cpu = STATE_CPU (sd, 0); /* FIXME */
353 SIM_ASSERT (STATE_MAGIC (sd) == SIM_MAGIC_NUMBER);
355 /* FIXME: watchpoints code shouldn't need this */
356 STATE_WATCHPOINTS (sd)->pc = &(PC);
357 STATE_WATCHPOINTS (sd)->sizeof_pc = sizeof (PC);
358 STATE_WATCHPOINTS (sd)->interrupt_handler = interrupt_event;
360 /* Initialize the mechanism for doing insn profiling. */
361 CPU_INSN_NAME (cpu) = get_insn_name;
362 CPU_MAX_INSNS (cpu) = nr_itable_entries;
366 if (sim_pre_argv_init (sd, argv[0]) != SIM_RC_OK)
368 sim_add_option_table (sd, NULL, mips_options);
371 /* getopt will print the error message so we just have to exit if this fails.
372 FIXME: Hmmm... in the case of gdb we need getopt to call
374 if (sim_parse_args (sd, argv) != SIM_RC_OK)
376 /* Uninstall the modules to avoid memory leaks,
377 file descriptor leaks, etc. */
378 sim_module_uninstall (sd);
382 /* handle board-specific memory maps */
385 /* Allocate core managed memory */
386 sim_memopt *entry, *match = NULL;
387 address_word mem_size = 0;
390 /* For compatibility with the old code - under this (at level one)
391 are the kernel spaces K0 & K1. Both of these map to a single
392 smaller sub region */
393 sim_do_command(sd," memory region 0x7fff8000,0x8000") ; /* MTZ- 32 k stack */
395 /* Look for largest memory region defined on command-line at
397 #ifdef SIM_HAVE_FLATMEM
398 mem_size = STATE_MEM_SIZE (sd);
400 for (entry = STATE_MEMOPT (sd); entry != NULL; entry = entry->next)
402 /* If we find an entry at address 0, then we will end up
403 allocating a new buffer in the "memory alias" command
404 below. The region at address 0 will be deleted. */
405 address_word size = (entry->modulo != 0
406 ? entry->modulo : entry->nr_bytes);
408 && (!match || entry->level < match->level))
410 else if (entry->addr == K0BASE || entry->addr == K1BASE)
415 for (alias = entry->alias; alias != NULL; alias = alias->next)
418 && (!match || entry->level < match->level))
420 else if (alias->addr == K0BASE || alias->addr == K1BASE)
430 /* Get existing memory region size. */
431 mem_size = (match->modulo != 0
432 ? match->modulo : match->nr_bytes);
433 /* Delete old region. */
434 sim_do_commandf (sd, "memory delete %d:0x%lx@%d",
435 match->space, match->addr, match->level);
437 else if (mem_size == 0)
439 /* Limit to KSEG1 size (512MB) */
440 if (mem_size > K1SIZE)
442 /* memory alias K1BASE@1,K1SIZE%MEMSIZE,K0BASE */
443 sim_do_commandf (sd, "memory alias 0x%lx@1,0x%lx%%0x%lx,0x%0x",
444 K1BASE, K1SIZE, (long)mem_size, K0BASE);
449 else if (board != NULL
450 && (strcmp(board, BOARD_BSP) == 0))
454 STATE_ENVIRONMENT (sd) = OPERATING_ENVIRONMENT;
456 /* ROM: 0x9FC0_0000 - 0x9FFF_FFFF and 0xBFC0_0000 - 0xBFFF_FFFF */
457 sim_do_commandf (sd, "memory alias 0x%lx@1,0x%lx,0x%0x",
459 4 * 1024 * 1024, /* 4 MB */
462 /* SRAM: 0x8000_0000 - 0x803F_FFFF and 0xA000_0000 - 0xA03F_FFFF */
463 sim_do_commandf (sd, "memory alias 0x%lx@1,0x%lx,0x%0x",
465 4 * 1024 * 1024, /* 4 MB */
468 /* DRAM: 0x8800_0000 - 0x89FF_FFFF and 0xA800_0000 - 0xA9FF_FFFF */
469 for (i=0; i<8; i++) /* 32 MB total */
471 unsigned size = 4 * 1024 * 1024; /* 4 MB */
472 sim_do_commandf (sd, "memory alias 0x%lx@1,0x%lx,0x%0x",
473 0x88000000 + (i * size),
475 0xA8000000 + (i * size));
479 else if (board != NULL
480 && (strcmp(board, BOARD_JMR3904) == 0 ||
481 strcmp(board, BOARD_JMR3904_PAL) == 0 ||
482 strcmp(board, BOARD_JMR3904_DEBUG) == 0))
484 /* match VIRTUAL memory layout of JMR-TX3904 board */
487 /* --- disable monitor unless forced on by user --- */
489 if (! firmware_option_p)
491 idt_monitor_base = 0;
492 pmon_monitor_base = 0;
493 lsipmon_monitor_base = 0;
496 /* --- environment --- */
498 STATE_ENVIRONMENT (sd) = OPERATING_ENVIRONMENT;
502 /* ROM: 0x9FC0_0000 - 0x9FFF_FFFF and 0xBFC0_0000 - 0xBFFF_FFFF */
503 sim_do_commandf (sd, "memory alias 0x%lx@1,0x%lx,0x%0x",
505 4 * 1024 * 1024, /* 4 MB */
508 /* SRAM: 0x8000_0000 - 0x803F_FFFF and 0xA000_0000 - 0xA03F_FFFF */
509 sim_do_commandf (sd, "memory alias 0x%lx@1,0x%lx,0x%0x",
511 4 * 1024 * 1024, /* 4 MB */
514 /* DRAM: 0x8800_0000 - 0x89FF_FFFF and 0xA800_0000 - 0xA9FF_FFFF */
515 for (i=0; i<8; i++) /* 32 MB total */
517 unsigned size = 4 * 1024 * 1024; /* 4 MB */
518 sim_do_commandf (sd, "memory alias 0x%lx@1,0x%lx,0x%0x",
519 0x88000000 + (i * size),
521 0xA8000000 + (i * size));
524 /* Dummy memory regions for unsimulated devices - sorted by address */
526 sim_do_commandf (sd, "memory alias 0x%lx@1,0x%lx", 0xB1000000, 0x400); /* ISA I/O */
527 sim_do_commandf (sd, "memory alias 0x%lx@1,0x%lx", 0xB2100000, 0x004); /* ISA ctl */
528 sim_do_commandf (sd, "memory alias 0x%lx@1,0x%lx", 0xB2500000, 0x004); /* LED/switch */
529 sim_do_commandf (sd, "memory alias 0x%lx@1,0x%lx", 0xB2700000, 0x004); /* RTC */
530 sim_do_commandf (sd, "memory alias 0x%lx@1,0x%lx", 0xB3C00000, 0x004); /* RTC */
531 sim_do_commandf (sd, "memory alias 0x%lx@1,0x%lx", 0xFFFF8000, 0x900); /* DRAMC */
532 sim_do_commandf (sd, "memory alias 0x%lx@1,0x%lx", 0xFFFF9000, 0x200); /* EBIF */
533 sim_do_commandf (sd, "memory alias 0x%lx@1,0x%lx", 0xFFFFE000, 0x01c); /* EBIF */
534 sim_do_commandf (sd, "memory alias 0x%lx@1,0x%lx", 0xFFFFF500, 0x300); /* PIO */
537 /* --- simulated devices --- */
538 sim_hw_parse (sd, "/tx3904irc@0xffffc000/reg 0xffffc000 0x20");
539 sim_hw_parse (sd, "/tx3904cpu");
540 sim_hw_parse (sd, "/tx3904tmr@0xfffff000/reg 0xfffff000 0x100");
541 sim_hw_parse (sd, "/tx3904tmr@0xfffff100/reg 0xfffff100 0x100");
542 sim_hw_parse (sd, "/tx3904tmr@0xfffff200/reg 0xfffff200 0x100");
543 sim_hw_parse (sd, "/tx3904sio@0xfffff300/reg 0xfffff300 0x100");
545 /* FIXME: poking at dv-sockser internals, use tcp backend if
546 --sockser_addr option was given.*/
547 extern char* sockser_addr;
548 if(sockser_addr == NULL)
549 sim_hw_parse (sd, "/tx3904sio@0xfffff300/backend stdio");
551 sim_hw_parse (sd, "/tx3904sio@0xfffff300/backend tcp");
553 sim_hw_parse (sd, "/tx3904sio@0xfffff400/reg 0xfffff400 0x100");
554 sim_hw_parse (sd, "/tx3904sio@0xfffff400/backend stdio");
556 /* -- device connections --- */
557 sim_hw_parse (sd, "/tx3904irc > ip level /tx3904cpu");
558 sim_hw_parse (sd, "/tx3904tmr@0xfffff000 > int tmr0 /tx3904irc");
559 sim_hw_parse (sd, "/tx3904tmr@0xfffff100 > int tmr1 /tx3904irc");
560 sim_hw_parse (sd, "/tx3904tmr@0xfffff200 > int tmr2 /tx3904irc");
561 sim_hw_parse (sd, "/tx3904sio@0xfffff300 > int sio0 /tx3904irc");
562 sim_hw_parse (sd, "/tx3904sio@0xfffff400 > int sio1 /tx3904irc");
564 /* add PAL timer & I/O module */
565 if(! strcmp(board, BOARD_JMR3904_PAL))
568 sim_hw_parse (sd, "/pal@0xffff0000");
569 sim_hw_parse (sd, "/pal@0xffff0000/reg 0xffff0000 64");
571 /* wire up interrupt ports to irc */
572 sim_hw_parse (sd, "/pal@0x31000000 > countdown tmr0 /tx3904irc");
573 sim_hw_parse (sd, "/pal@0x31000000 > timer tmr1 /tx3904irc");
574 sim_hw_parse (sd, "/pal@0x31000000 > int int0 /tx3904irc");
577 if(! strcmp(board, BOARD_JMR3904_DEBUG))
579 /* -- DEBUG: glue interrupt generators --- */
580 sim_hw_parse (sd, "/glue@0xffff0000/reg 0xffff0000 0x50");
581 sim_hw_parse (sd, "/glue@0xffff0000 > int0 int0 /tx3904irc");
582 sim_hw_parse (sd, "/glue@0xffff0000 > int1 int1 /tx3904irc");
583 sim_hw_parse (sd, "/glue@0xffff0000 > int2 int2 /tx3904irc");
584 sim_hw_parse (sd, "/glue@0xffff0000 > int3 int3 /tx3904irc");
585 sim_hw_parse (sd, "/glue@0xffff0000 > int4 int4 /tx3904irc");
586 sim_hw_parse (sd, "/glue@0xffff0000 > int5 int5 /tx3904irc");
587 sim_hw_parse (sd, "/glue@0xffff0000 > int6 int6 /tx3904irc");
588 sim_hw_parse (sd, "/glue@0xffff0000 > int7 int7 /tx3904irc");
589 sim_hw_parse (sd, "/glue@0xffff0000 > int8 dmac0 /tx3904irc");
590 sim_hw_parse (sd, "/glue@0xffff0000 > int9 dmac1 /tx3904irc");
591 sim_hw_parse (sd, "/glue@0xffff0000 > int10 dmac2 /tx3904irc");
592 sim_hw_parse (sd, "/glue@0xffff0000 > int11 dmac3 /tx3904irc");
593 sim_hw_parse (sd, "/glue@0xffff0000 > int12 sio0 /tx3904irc");
594 sim_hw_parse (sd, "/glue@0xffff0000 > int13 sio1 /tx3904irc");
595 sim_hw_parse (sd, "/glue@0xffff0000 > int14 tmr0 /tx3904irc");
596 sim_hw_parse (sd, "/glue@0xffff0000 > int15 tmr1 /tx3904irc");
597 sim_hw_parse (sd, "/glue@0xffff0000 > int16 tmr2 /tx3904irc");
598 sim_hw_parse (sd, "/glue@0xffff0000 > int17 nmi /tx3904cpu");
605 if (display_mem_info)
607 struct option_list * ol;
608 struct option_list * prev;
610 /* This is a hack. We want to execute the real --memory-info command
611 line switch which is handled in common/sim-memopts.c, not the
612 override we have defined in this file. So we remove the
613 mips_options array from the state options list. This is safe
614 because we have now processed all of the command line. */
615 for (ol = STATE_OPTIONS (sd), prev = NULL;
617 prev = ol, ol = ol->next)
618 if (ol->options == mips_options)
621 SIM_ASSERT (ol != NULL);
624 STATE_OPTIONS (sd) = ol->next;
626 prev->next = ol->next;
628 sim_do_commandf (sd, "memory-info");
631 /* check for/establish the a reference program image */
632 if (sim_analyze_program (sd,
633 (STATE_PROG_ARGV (sd) != NULL
634 ? *STATE_PROG_ARGV (sd)
638 sim_module_uninstall (sd);
642 /* Configure/verify the target byte order and other runtime
643 configuration options */
644 if (sim_config (sd) != SIM_RC_OK)
646 sim_module_uninstall (sd);
650 if (sim_post_argv_init (sd) != SIM_RC_OK)
652 /* Uninstall the modules to avoid memory leaks,
653 file descriptor leaks, etc. */
654 sim_module_uninstall (sd);
658 /* verify assumptions the simulator made about the host type system.
659 This macro does not return if there is a problem */
660 SIM_ASSERT (sizeof(int) == (4 * sizeof(char)));
661 SIM_ASSERT (sizeof(word64) == (8 * sizeof(char)));
663 /* This is NASTY, in that we are assuming the size of specific
667 for (rn = 0; (rn < (LAST_EMBED_REGNUM + 1)); rn++)
670 cpu->register_widths[rn] = WITH_TARGET_WORD_BITSIZE;
671 else if ((rn >= FGR_BASE) && (rn < (FGR_BASE + NR_FGR)))
672 cpu->register_widths[rn] = WITH_TARGET_FLOATING_POINT_BITSIZE;
673 else if ((rn >= 33) && (rn <= 37))
674 cpu->register_widths[rn] = WITH_TARGET_WORD_BITSIZE;
675 else if ((rn == SRIDX)
678 || ((rn >= 72) && (rn <= 89)))
679 cpu->register_widths[rn] = 32;
681 cpu->register_widths[rn] = 0;
688 if (STATE & simTRACE)
693 sim_io_eprintf (sd, "idt@%x pmon@%x lsipmon@%x\n",
696 lsipmon_monitor_base);
699 /* Write the monitor trap address handlers into the monitor (eeprom)
700 address space. This can only be done once the target endianness
701 has been determined. */
702 if (idt_monitor_base != 0)
705 unsigned idt_monitor_size = 1 << 11;
707 /* the default monitor region */
708 sim_do_commandf (sd, "memory region 0x%x,0x%x",
709 idt_monitor_base, idt_monitor_size);
711 /* Entry into the IDT monitor is via fixed address vectors, and
712 not using machine instructions. To avoid clashing with use of
713 the MIPS TRAP system, we place our own (simulator specific)
714 "undefined" instructions into the relevant vector slots. */
715 for (loop = 0; (loop < idt_monitor_size); loop += 4)
717 address_word vaddr = (idt_monitor_base + loop);
718 unsigned32 insn = (RSVD_INSTRUCTION |
719 (((loop >> 2) & RSVD_INSTRUCTION_ARG_MASK)
720 << RSVD_INSTRUCTION_ARG_SHIFT));
722 sim_write (sd, vaddr, (char *)&insn, sizeof (insn));
726 if ((pmon_monitor_base != 0) || (lsipmon_monitor_base != 0))
728 /* The PMON monitor uses the same address space, but rather than
729 branching into it the address of a routine is loaded. We can
730 cheat for the moment, and direct the PMON routine to IDT style
731 instructions within the monitor space. This relies on the IDT
732 monitor not using the locations from 0xBFC00500 onwards as its
735 for (loop = 0; (loop < 24); loop++)
737 unsigned32 value = ((0x500 - 8) / 8); /* default UNDEFINED reason code */
753 value = ((0x500 - 16) / 8); /* not an IDT reason code */
755 case 8: /* cliexit */
758 case 11: /* flush_cache */
763 SIM_ASSERT (idt_monitor_base != 0);
764 value = ((unsigned int) idt_monitor_base + (value * 8));
767 if (pmon_monitor_base != 0)
769 address_word vaddr = (pmon_monitor_base + (loop * 4));
770 sim_write (sd, vaddr, (char *)&value, sizeof (value));
773 if (lsipmon_monitor_base != 0)
775 address_word vaddr = (lsipmon_monitor_base + (loop * 4));
776 sim_write (sd, vaddr, (char *)&value, sizeof (value));
780 /* Write an abort sequence into the TRAP (common) exception vector
781 addresses. This is to catch code executing a TRAP (et.al.)
782 instruction without installing a trap handler. */
783 if ((idt_monitor_base != 0) ||
784 (pmon_monitor_base != 0) ||
785 (lsipmon_monitor_base != 0))
787 unsigned32 halt[2] = { 0x2404002f /* addiu r4, r0, 47 */,
788 HALT_INSTRUCTION /* BREAK */ };
791 sim_write (sd, 0x80000000, (char *) halt, sizeof (halt));
792 sim_write (sd, 0x80000180, (char *) halt, sizeof (halt));
793 sim_write (sd, 0x80000200, (char *) halt, sizeof (halt));
794 /* XXX: Write here unconditionally? */
795 sim_write (sd, 0xBFC00200, (char *) halt, sizeof (halt));
796 sim_write (sd, 0xBFC00380, (char *) halt, sizeof (halt));
797 sim_write (sd, 0xBFC00400, (char *) halt, sizeof (halt));
811 tracefh = fopen(tracefile,"wb+");
814 sim_io_eprintf(sd,"Failed to create file \"%s\", writing trace information to stderr.\n",tracefile);
820 /* Return name of an insn, used by insn profiling. */
822 get_insn_name (sim_cpu *cpu, int i)
824 return itable[i].name;
828 sim_close (sd, quitting)
833 printf("DBG: sim_close: entered (quitting = %d)\n",quitting);
837 /* "quitting" is non-zero if we cannot hang on errors */
839 /* shut down modules */
840 sim_module_uninstall (sd);
842 /* Ensure that any resources allocated through the callback
843 mechanism are released: */
844 sim_io_shutdown (sd);
847 if (tracefh != NULL && tracefh != stderr)
852 /* FIXME - free SD */
859 sim_write (sd,addr,buffer,size)
862 const unsigned char *buffer;
866 sim_cpu *cpu = STATE_CPU (sd, 0); /* FIXME */
868 /* Return the number of bytes written, or zero if error. */
870 sim_io_printf(sd,"sim_write(0x%s,buffer,%d);\n",pr_addr(addr),size);
873 /* We use raw read and write routines, since we do not want to count
874 the GDB memory accesses in our statistics gathering. */
876 for (index = 0; index < size; index++)
878 address_word vaddr = (address_word)addr + index;
881 if (!address_translation (SD, CPU, NULL_CIA, vaddr, isDATA, isSTORE, &paddr, &cca, isRAW))
883 if (sim_core_write_buffer (SD, CPU, read_map, buffer + index, paddr, 1) != 1)
891 sim_read (sd,addr,buffer,size)
894 unsigned char *buffer;
898 sim_cpu *cpu = STATE_CPU (sd, 0); /* FIXME */
900 /* Return the number of bytes read, or zero if error. */
902 sim_io_printf(sd,"sim_read(0x%s,buffer,%d);\n",pr_addr(addr),size);
905 for (index = 0; (index < size); index++)
907 address_word vaddr = (address_word)addr + index;
910 if (!address_translation (SD, CPU, NULL_CIA, vaddr, isDATA, isLOAD, &paddr, &cca, isRAW))
912 if (sim_core_read_buffer (SD, CPU, read_map, buffer + index, paddr, 1) != 1)
920 sim_store_register (sd,rn,memory,length)
923 unsigned char *memory;
926 sim_cpu *cpu = STATE_CPU (sd, 0); /* FIXME */
927 /* NOTE: gdb (the client) stores registers in target byte order
928 while the simulator uses host byte order */
930 sim_io_printf(sd,"sim_store_register(%d,*memory=0x%s);\n",rn,pr_addr(*((SIM_ADDR *)memory)));
933 /* Unfortunately this suffers from the same problem as the register
934 numbering one. We need to know what the width of each logical
935 register number is for the architecture being simulated. */
937 if (cpu->register_widths[rn] == 0)
939 sim_io_eprintf(sd,"Invalid register width for %d (register store ignored)\n",rn);
945 if (rn >= FGR_BASE && rn < FGR_BASE + NR_FGR)
947 cpu->fpr_state[rn - FGR_BASE] = fmt_uninterpreted;
948 if (cpu->register_widths[rn] == 32)
952 cpu->fgr[rn - FGR_BASE] =
953 (unsigned32) T2H_8 (*(unsigned64*)memory);
958 cpu->fgr[rn - FGR_BASE] = T2H_4 (*(unsigned32*)memory);
966 cpu->fgr[rn - FGR_BASE] = T2H_8 (*(unsigned64*)memory);
971 cpu->fgr[rn - FGR_BASE] = T2H_4 (*(unsigned32*)memory);
977 if (cpu->register_widths[rn] == 32)
982 (unsigned32) T2H_8 (*(unsigned64*)memory);
987 cpu->registers[rn] = T2H_4 (*(unsigned32*)memory);
995 cpu->registers[rn] = T2H_8 (*(unsigned64*)memory);
1000 cpu->registers[rn] = (signed32) T2H_4(*(unsigned32*)memory);
1009 sim_fetch_register (sd,rn,memory,length)
1012 unsigned char *memory;
1015 sim_cpu *cpu = STATE_CPU (sd, 0); /* FIXME */
1016 /* NOTE: gdb (the client) stores registers in target byte order
1017 while the simulator uses host byte order */
1019 #if 0 /* FIXME: doesn't compile */
1020 sim_io_printf(sd,"sim_fetch_register(%d=0x%s,mem) : place simulator registers into memory\n",rn,pr_addr(registers[rn]));
1024 if (cpu->register_widths[rn] == 0)
1026 sim_io_eprintf (sd, "Invalid register width for %d (register fetch ignored)\n",rn);
1032 /* Any floating point register */
1033 if (rn >= FGR_BASE && rn < FGR_BASE + NR_FGR)
1035 if (cpu->register_widths[rn] == 32)
1039 *(unsigned64*)memory =
1040 H2T_8 ((unsigned32) (cpu->fgr[rn - FGR_BASE]));
1045 *(unsigned32*)memory = H2T_4 (cpu->fgr[rn - FGR_BASE]);
1053 *(unsigned64*)memory = H2T_8 (cpu->fgr[rn - FGR_BASE]);
1058 *(unsigned32*)memory = H2T_4 ((unsigned32)(cpu->fgr[rn - FGR_BASE]));
1064 if (cpu->register_widths[rn] == 32)
1068 *(unsigned64*)memory =
1069 H2T_8 ((unsigned32) (cpu->registers[rn]));
1074 *(unsigned32*)memory = H2T_4 ((unsigned32)(cpu->registers[rn]));
1082 *(unsigned64*)memory =
1083 H2T_8 ((unsigned64) (cpu->registers[rn]));
1088 *(unsigned32*)memory = H2T_4 ((unsigned32)(cpu->registers[rn]));
1098 sim_create_inferior (sd, abfd, argv,env)
1106 #if 0 /* FIXME: doesn't compile */
1107 printf("DBG: sim_create_inferior entered: start_address = 0x%s\n",
1116 /* override PC value set by ColdReset () */
1118 for (cpu_nr = 0; cpu_nr < sim_engine_nr_cpus (sd); cpu_nr++)
1120 sim_cpu *cpu = STATE_CPU (sd, cpu_nr);
1121 CIA_SET (cpu, (unsigned64) bfd_get_start_address (abfd));
1125 #if 0 /* def DEBUG */
1128 /* We should really place the argv slot values into the argument
1129 registers, and onto the stack as required. However, this
1130 assumes that we have a stack defined, which is not
1131 necessarily true at the moment. */
1133 sim_io_printf(sd,"sim_create_inferior() : passed arguments ignored\n");
1134 for (cptr = argv; (cptr && *cptr); cptr++)
1135 printf("DBG: arg \"%s\"\n",*cptr);
1142 /*---------------------------------------------------------------------------*/
1143 /*-- Private simulator support interface ------------------------------------*/
1144 /*---------------------------------------------------------------------------*/
1146 /* Read a null terminated string from memory, return in a buffer */
1148 fetch_str (SIM_DESC sd,
1154 while (sim_read (sd, addr + nr, &null, 1) == 1 && null != 0)
1156 buf = NZALLOC (char, nr + 1);
1157 sim_read (sd, addr, buf, nr);
1162 /* Implements the "sim firmware" command:
1163 sim firmware NAME[@ADDRESS] --- emulate ROM monitor named NAME.
1164 NAME can be idt, pmon, or lsipmon. If omitted, ADDRESS
1165 defaults to the normal address for that monitor.
1166 sim firmware none --- don't emulate any ROM monitor. Useful
1167 if you need a clean address space. */
1169 sim_firmware_command (SIM_DESC sd, char *arg)
1171 int address_present = 0;
1174 /* Signal occurrence of this option. */
1175 firmware_option_p = 1;
1177 /* Parse out the address, if present. */
1179 char *p = strchr (arg, '@');
1183 address_present = 1;
1184 p ++; /* skip over @ */
1186 address = strtoul (p, &q, 0);
1189 sim_io_printf (sd, "Invalid address given to the"
1190 "`sim firmware NAME@ADDRESS' command: %s\n",
1197 address_present = 0;
1198 address = -1; /* Dummy value. */
1202 if (! strncmp (arg, "idt", 3))
1204 idt_monitor_base = address_present ? address : 0xBFC00000;
1205 pmon_monitor_base = 0;
1206 lsipmon_monitor_base = 0;
1208 else if (! strncmp (arg, "pmon", 4))
1210 /* pmon uses indirect calls. Hook into implied idt. */
1211 pmon_monitor_base = address_present ? address : 0xBFC00500;
1212 idt_monitor_base = pmon_monitor_base - 0x500;
1213 lsipmon_monitor_base = 0;
1215 else if (! strncmp (arg, "lsipmon", 7))
1217 /* lsipmon uses indirect calls. Hook into implied idt. */
1218 pmon_monitor_base = 0;
1219 lsipmon_monitor_base = address_present ? address : 0xBFC00200;
1220 idt_monitor_base = lsipmon_monitor_base - 0x200;
1222 else if (! strncmp (arg, "none", 4))
1224 if (address_present)
1227 "The `sim firmware none' command does "
1228 "not take an `ADDRESS' argument.\n");
1231 idt_monitor_base = 0;
1232 pmon_monitor_base = 0;
1233 lsipmon_monitor_base = 0;
1237 sim_io_printf (sd, "\
1238 Unrecognized name given to the `sim firmware NAME' command: %s\n\
1239 Recognized firmware names are: `idt', `pmon', `lsipmon', and `none'.\n",
1249 /* Simple monitor interface (currently setup for the IDT and PMON monitors) */
1251 sim_monitor (SIM_DESC sd,
1254 unsigned int reason)
1257 printf("DBG: sim_monitor: entered (reason = %d)\n",reason);
1260 /* The IDT monitor actually allows two instructions per vector
1261 slot. However, the simulator currently causes a trap on each
1262 individual instruction. We cheat, and lose the bottom bit. */
1265 /* The following callback functions are available, however the
1266 monitor we are simulating does not make use of them: get_errno,
1267 isatty, lseek, rename, system, time and unlink */
1271 case 6: /* int open(char *path,int flags) */
1273 char *path = fetch_str (sd, A0);
1274 V0 = sim_io_open (sd, path, (int)A1);
1279 case 7: /* int read(int file,char *ptr,int len) */
1283 char *buf = zalloc (nr);
1284 V0 = sim_io_read (sd, fd, buf, nr);
1285 sim_write (sd, A1, buf, nr);
1290 case 8: /* int write(int file,char *ptr,int len) */
1294 char *buf = zalloc (nr);
1295 sim_read (sd, A1, buf, nr);
1296 V0 = sim_io_write (sd, fd, buf, nr);
1298 sim_io_flush_stdout (sd);
1300 sim_io_flush_stderr (sd);
1305 case 10: /* int close(int file) */
1307 V0 = sim_io_close (sd, (int)A0);
1311 case 2: /* Densan monitor: char inbyte(int waitflag) */
1313 if (A0 == 0) /* waitflag == NOWAIT */
1314 V0 = (unsigned_word)-1;
1316 /* Drop through to case 11 */
1318 case 11: /* char inbyte(void) */
1321 /* ensure that all output has gone... */
1322 sim_io_flush_stdout (sd);
1323 if (sim_io_read_stdin (sd, &tmp, sizeof(char)) != sizeof(char))
1325 sim_io_error(sd,"Invalid return from character read");
1326 V0 = (unsigned_word)-1;
1329 V0 = (unsigned_word)tmp;
1333 case 3: /* Densan monitor: void co(char chr) */
1334 case 12: /* void outbyte(char chr) : write a byte to "stdout" */
1336 char tmp = (char)(A0 & 0xFF);
1337 sim_io_write_stdout (sd, &tmp, sizeof(char));
1341 case 17: /* void _exit() */
1343 sim_io_eprintf (sd, "sim_monitor(17): _exit(int reason) to be coded\n");
1344 sim_engine_halt (SD, CPU, NULL, NULL_CIA, sim_exited,
1345 (unsigned int)(A0 & 0xFFFFFFFF));
1349 case 28: /* PMON flush_cache */
1352 case 55: /* void get_mem_info(unsigned int *ptr) */
1353 /* in: A0 = pointer to three word memory location */
1354 /* out: [A0 + 0] = size */
1355 /* [A0 + 4] = instruction cache size */
1356 /* [A0 + 8] = data cache size */
1359 unsigned_4 zero = 0;
1360 address_word mem_size;
1361 sim_memopt *entry, *match = NULL;
1363 /* Search for memory region mapped to KSEG0 or KSEG1. */
1364 for (entry = STATE_MEMOPT (sd);
1366 entry = entry->next)
1368 if ((entry->addr == K0BASE || entry->addr == K1BASE)
1369 && (!match || entry->level < match->level))
1374 for (alias = entry->alias;
1376 alias = alias->next)
1377 if ((alias->addr == K0BASE || alias->addr == K1BASE)
1378 && (!match || entry->level < match->level))
1383 /* Get region size, limit to KSEG1 size (512MB). */
1384 SIM_ASSERT (match != NULL);
1385 mem_size = (match->modulo != 0
1386 ? match->modulo : match->nr_bytes);
1387 if (mem_size > K1SIZE)
1392 sim_write (sd, A0 + 0, (char *)&value, 4);
1393 sim_write (sd, A0 + 4, (char *)&zero, 4);
1394 sim_write (sd, A0 + 8, (char *)&zero, 4);
1395 /* sim_io_eprintf (sd, "sim: get_mem_info() deprecated\n"); */
1399 case 158: /* PMON printf */
1400 /* in: A0 = pointer to format string */
1401 /* A1 = optional argument 1 */
1402 /* A2 = optional argument 2 */
1403 /* A3 = optional argument 3 */
1405 /* The following is based on the PMON printf source */
1407 address_word s = A0;
1409 signed_word *ap = &A1; /* 1st argument */
1410 /* This isn't the quickest way, since we call the host print
1411 routine for every character almost. But it does avoid
1412 having to allocate and manage a temporary string buffer. */
1413 /* TODO: Include check that we only use three arguments (A1,
1415 while (sim_read (sd, s++, &c, 1) && c != '\0')
1420 enum {FMT_RJUST, FMT_LJUST, FMT_RJUST0, FMT_CENTER} fmt = FMT_RJUST;
1421 int width = 0, trunc = 0, haddot = 0, longlong = 0;
1422 while (sim_read (sd, s++, &c, 1) && c != '\0')
1424 if (strchr ("dobxXulscefg%", c))
1439 else if (c >= '1' && c <= '9')
1443 while (sim_read (sd, s++, &c, 1) == 1 && isdigit (c))
1446 n = (unsigned int)strtol(tmp,NULL,10);
1459 sim_io_printf (sd, "%%");
1464 address_word p = *ap++;
1466 while (sim_read (sd, p++, &ch, 1) == 1 && ch != '\0')
1467 sim_io_printf(sd, "%c", ch);
1470 sim_io_printf(sd,"(null)");
1473 sim_io_printf (sd, "%c", (int)*ap++);
1478 sim_read (sd, s++, &c, 1);
1482 sim_read (sd, s++, &c, 1);
1485 if (strchr ("dobxXu", c))
1487 word64 lv = (word64) *ap++;
1489 sim_io_printf(sd,"<binary not supported>");
1492 sprintf (tmp, "%%%s%c", longlong ? "ll" : "", c);
1494 sim_io_printf(sd, tmp, lv);
1496 sim_io_printf(sd, tmp, (int)lv);
1499 else if (strchr ("eEfgG", c))
1501 double dbl = *(double*)(ap++);
1502 sprintf (tmp, "%%%d.%d%c", width, trunc, c);
1503 sim_io_printf (sd, tmp, dbl);
1509 sim_io_printf(sd, "%c", c);
1515 /* Unknown reason. */
1521 /* Store a word into memory. */
1524 store_word (SIM_DESC sd,
1533 if ((vaddr & 3) != 0)
1534 SignalExceptionAddressStore ();
1537 if (AddressTranslation (vaddr, isDATA, isSTORE, &paddr, &uncached,
1540 const uword64 mask = 7;
1544 paddr = (paddr & ~mask) | ((paddr & mask) ^ (ReverseEndian << 2));
1545 byte = (vaddr & mask) ^ (BigEndianCPU << 2);
1546 memval = ((uword64) val) << (8 * byte);
1547 StoreMemory (uncached, AccessLength_WORD, memval, 0, paddr, vaddr,
1553 /* Load a word from memory. */
1556 load_word (SIM_DESC sd,
1561 if ((vaddr & 3) != 0)
1563 SIM_CORE_SIGNAL (SD, cpu, cia, read_map, AccessLength_WORD+1, vaddr, read_transfer, sim_core_unaligned_signal);
1570 if (AddressTranslation (vaddr, isDATA, isLOAD, &paddr, &uncached,
1573 const uword64 mask = 0x7;
1574 const unsigned int reverse = ReverseEndian ? 1 : 0;
1575 const unsigned int bigend = BigEndianCPU ? 1 : 0;
1579 paddr = (paddr & ~mask) | ((paddr & mask) ^ (reverse << 2));
1580 LoadMemory (&memval,NULL,uncached, AccessLength_WORD, paddr, vaddr,
1582 byte = (vaddr & mask) ^ (bigend << 2);
1583 return EXTEND32 (memval >> (8 * byte));
1590 /* Simulate the mips16 entry and exit pseudo-instructions. These
1591 would normally be handled by the reserved instruction exception
1592 code, but for ease of simulation we just handle them directly. */
1595 mips16_entry (SIM_DESC sd,
1600 int aregs, sregs, rreg;
1603 printf("DBG: mips16_entry: entered (insn = 0x%08X)\n",insn);
1606 aregs = (insn & 0x700) >> 8;
1607 sregs = (insn & 0x0c0) >> 6;
1608 rreg = (insn & 0x020) >> 5;
1610 /* This should be checked by the caller. */
1619 /* This is the entry pseudo-instruction. */
1621 for (i = 0; i < aregs; i++)
1622 store_word (SD, CPU, cia, (uword64) (SP + 4 * i), GPR[i + 4]);
1630 store_word (SD, CPU, cia, (uword64) tsp, RA);
1633 for (i = 0; i < sregs; i++)
1636 store_word (SD, CPU, cia, (uword64) tsp, GPR[16 + i]);
1644 /* This is the exit pseudo-instruction. */
1651 RA = load_word (SD, CPU, cia, (uword64) tsp);
1654 for (i = 0; i < sregs; i++)
1657 GPR[i + 16] = load_word (SD, CPU, cia, (uword64) tsp);
1662 if (CURRENT_FLOATING_POINT == HARD_FLOATING_POINT)
1666 FGR[0] = WORD64LO (GPR[4]);
1667 FPR_STATE[0] = fmt_uninterpreted;
1669 else if (aregs == 6)
1671 FGR[0] = WORD64LO (GPR[5]);
1672 FGR[1] = WORD64LO (GPR[4]);
1673 FPR_STATE[0] = fmt_uninterpreted;
1674 FPR_STATE[1] = fmt_uninterpreted;
1683 /*-- trace support ----------------------------------------------------------*/
1685 /* The TRACE support is provided (if required) in the memory accessing
1686 routines. Since we are also providing the architecture specific
1687 features, the architecture simulation code can also deal with
1688 notifying the TRACE world of cache flushes, etc. Similarly we do
1689 not need to provide profiling support in the simulator engine,
1690 since we can sample in the instruction fetch control loop. By
1691 defining the TRACE manifest, we add tracing as a run-time
1695 /* Tracing by default produces "din" format (as required by
1696 dineroIII). Each line of such a trace file *MUST* have a din label
1697 and address field. The rest of the line is ignored, so comments can
1698 be included if desired. The first field is the label which must be
1699 one of the following values:
1704 3 escape record (treated as unknown access type)
1705 4 escape record (causes cache flush)
1707 The address field is a 32bit (lower-case) hexadecimal address
1708 value. The address should *NOT* be preceded by "0x".
1710 The size of the memory transfer is not important when dealing with
1711 cache lines (as long as no more than a cache line can be
1712 transferred in a single operation :-), however more information
1713 could be given following the dineroIII requirement to allow more
1714 complete memory and cache simulators to provide better
1715 results. i.e. the University of Pisa has a cache simulator that can
1716 also take bus size and speed as (variable) inputs to calculate
1717 complete system performance (a much more useful ability when trying
1718 to construct an end product, rather than a processor). They
1719 currently have an ARM version of their tool called ChARM. */
1723 dotrace (SIM_DESC sd,
1731 if (STATE & simTRACE) {
1733 fprintf(tracefh,"%d %s ; width %d ; ",
1737 va_start(ap,comment);
1738 vfprintf(tracefh,comment,ap);
1740 fprintf(tracefh,"\n");
1742 /* NOTE: Since the "din" format will only accept 32bit addresses, and
1743 we may be generating 64bit ones, we should put the hi-32bits of the
1744 address into the comment field. */
1746 /* TODO: Provide a buffer for the trace lines. We can then avoid
1747 performing writes until the buffer is filled, or the file is
1750 /* NOTE: We could consider adding a comment field to the "din" file
1751 produced using type 3 markers (unknown access). This would then
1752 allow information about the program that the "din" is for, and
1753 the MIPs world that was being simulated, to be placed into the
1760 /*---------------------------------------------------------------------------*/
1761 /*-- simulator engine -------------------------------------------------------*/
1762 /*---------------------------------------------------------------------------*/
1765 ColdReset (SIM_DESC sd)
1768 for (cpu_nr = 0; cpu_nr < sim_engine_nr_cpus (sd); cpu_nr++)
1770 sim_cpu *cpu = STATE_CPU (sd, cpu_nr);
1771 /* RESET: Fixed PC address: */
1772 PC = (unsigned_word) UNSIGNED64 (0xFFFFFFFFBFC00000);
1773 /* The reset vector address is in the unmapped, uncached memory space. */
1775 SR &= ~(status_SR | status_TS | status_RP);
1776 SR |= (status_ERL | status_BEV);
1778 /* Cheat and allow access to the complete register set immediately */
1779 if (CURRENT_FLOATING_POINT == HARD_FLOATING_POINT
1780 && WITH_TARGET_WORD_BITSIZE == 64)
1781 SR |= status_FR; /* 64bit registers */
1783 /* Ensure that any instructions with pending register updates are
1785 PENDING_INVALIDATE();
1787 /* Initialise the FPU registers to the unknown state */
1788 if (CURRENT_FLOATING_POINT == HARD_FLOATING_POINT)
1791 for (rn = 0; (rn < 32); rn++)
1792 FPR_STATE[rn] = fmt_uninterpreted;
1795 /* Initialise the Config0 register. */
1796 C0_CONFIG = 0x80000000 /* Config1 present */
1797 | 2; /* KSEG0 uncached */
1798 if (WITH_TARGET_WORD_BITSIZE == 64)
1800 /* FIXME Currently mips/sim-main.c:address_translation()
1801 truncates all addresses to 32-bits. */
1802 if (0 && WITH_TARGET_ADDRESS_BITSIZE == 64)
1803 C0_CONFIG |= (2 << 13); /* MIPS64, 64-bit addresses */
1805 C0_CONFIG |= (1 << 13); /* MIPS64, 32-bit addresses */
1808 C0_CONFIG |= 0x00008000; /* Big Endian */
1815 /* Description from page A-26 of the "MIPS IV Instruction Set" manual (revision 3.1) */
1816 /* Signal an exception condition. This will result in an exception
1817 that aborts the instruction. The instruction operation pseudocode
1818 will never see a return from this function call. */
1821 signal_exception (SIM_DESC sd,
1829 sim_io_printf(sd,"DBG: SignalException(%d) PC = 0x%s\n",exception,pr_addr(cia));
1832 /* Ensure that any active atomic read/modify/write operation will fail: */
1835 /* Save registers before interrupt dispatching */
1836 #ifdef SIM_CPU_EXCEPTION_TRIGGER
1837 SIM_CPU_EXCEPTION_TRIGGER(sd, cpu, cia);
1840 switch (exception) {
1842 case DebugBreakPoint:
1843 if (! (Debug & Debug_DM))
1849 Debug |= Debug_DBD; /* signaled from within in delay slot */
1850 DEPC = cia - 4; /* reference the branch instruction */
1854 Debug &= ~Debug_DBD; /* not signaled from within a delay slot */
1858 Debug |= Debug_DM; /* in debugging mode */
1859 Debug |= Debug_DBp; /* raising a DBp exception */
1861 sim_engine_restart (SD, CPU, NULL, NULL_CIA);
1865 case ReservedInstruction:
1868 unsigned int instruction;
1869 va_start(ap,exception);
1870 instruction = va_arg(ap,unsigned int);
1872 /* Provide simple monitor support using ReservedInstruction
1873 exceptions. The following code simulates the fixed vector
1874 entry points into the IDT monitor by causing a simulator
1875 trap, performing the monitor operation, and returning to
1876 the address held in the $ra register (standard PCS return
1877 address). This means we only need to pre-load the vector
1878 space with suitable instruction values. For systems were
1879 actual trap instructions are used, we would not need to
1880 perform this magic. */
1881 if ((instruction & RSVD_INSTRUCTION_MASK) == RSVD_INSTRUCTION)
1883 int reason = (instruction >> RSVD_INSTRUCTION_ARG_SHIFT) & RSVD_INSTRUCTION_ARG_MASK;
1884 if (!sim_monitor (SD, CPU, cia, reason))
1885 sim_io_error (sd, "sim_monitor: unhandled reason = %d, pc = 0x%s\n", reason, pr_addr (cia));
1887 /* NOTE: This assumes that a branch-and-link style
1888 instruction was used to enter the vector (which is the
1889 case with the current IDT monitor). */
1890 sim_engine_restart (SD, CPU, NULL, RA);
1892 /* Look for the mips16 entry and exit instructions, and
1893 simulate a handler for them. */
1894 else if ((cia & 1) != 0
1895 && (instruction & 0xf81f) == 0xe809
1896 && (instruction & 0x0c0) != 0x0c0)
1898 mips16_entry (SD, CPU, cia, instruction);
1899 sim_engine_restart (sd, NULL, NULL, NULL_CIA);
1901 /* else fall through to normal exception processing */
1902 sim_io_eprintf(sd,"ReservedInstruction at PC = 0x%s\n", pr_addr (cia));
1906 /* Store exception code into current exception id variable (used
1909 /* TODO: If not simulating exceptions then stop the simulator
1910 execution. At the moment we always stop the simulation. */
1912 #ifdef SUBTARGET_R3900
1913 /* update interrupt-related registers */
1915 /* insert exception code in bits 6:2 */
1916 CAUSE = LSMASKED32(CAUSE, 31, 7) | LSINSERTED32(exception, 6, 2);
1917 /* shift IE/KU history bits left */
1918 SR = LSMASKED32(SR, 31, 4) | LSINSERTED32(LSEXTRACTED32(SR, 3, 0), 5, 2);
1920 if (STATE & simDELAYSLOT)
1922 STATE &= ~simDELAYSLOT;
1924 EPC = (cia - 4); /* reference the branch instruction */
1929 if (SR & status_BEV)
1930 PC = (signed)0xBFC00000 + 0x180;
1932 PC = (signed)0x80000000 + 0x080;
1934 /* See figure 5-17 for an outline of the code below */
1935 if (! (SR & status_EXL))
1937 CAUSE = (exception << 2);
1938 if (STATE & simDELAYSLOT)
1940 STATE &= ~simDELAYSLOT;
1942 EPC = (cia - 4); /* reference the branch instruction */
1946 /* FIXME: TLB et.al. */
1947 /* vector = 0x180; */
1951 CAUSE = (exception << 2);
1952 /* vector = 0x180; */
1955 /* Store exception code into current exception id variable (used
1958 if (SR & status_BEV)
1959 PC = (signed)0xBFC00200 + 0x180;
1961 PC = (signed)0x80000000 + 0x180;
1964 switch ((CAUSE >> 2) & 0x1F)
1967 /* Interrupts arrive during event processing, no need to
1973 #ifdef SUBTARGET_3900
1974 /* Exception vector: BEV=0 BFC00000 / BEF=1 BFC00000 */
1975 PC = (signed)0xBFC00000;
1976 #endif /* SUBTARGET_3900 */
1979 case TLBModification:
1984 case InstructionFetch:
1986 /* The following is so that the simulator will continue from the
1987 exception handler address. */
1988 sim_engine_halt (SD, CPU, NULL, PC,
1989 sim_stopped, SIM_SIGBUS);
1991 case ReservedInstruction:
1992 case CoProcessorUnusable:
1994 sim_engine_halt (SD, CPU, NULL, PC,
1995 sim_stopped, SIM_SIGILL);
1997 case IntegerOverflow:
1999 sim_engine_halt (SD, CPU, NULL, PC,
2000 sim_stopped, SIM_SIGFPE);
2003 sim_engine_halt (SD, CPU, NULL, PC, sim_stopped, SIM_SIGTRAP);
2008 sim_engine_restart (SD, CPU, NULL, PC);
2013 sim_engine_halt (SD, CPU, NULL, PC,
2014 sim_stopped, SIM_SIGTRAP);
2016 default: /* Unknown internal exception */
2018 sim_engine_halt (SD, CPU, NULL, PC,
2019 sim_stopped, SIM_SIGABRT);
2023 case SimulatorFault:
2027 va_start(ap,exception);
2028 msg = va_arg(ap,char *);
2030 sim_engine_abort (SD, CPU, NULL_CIA,
2031 "FATAL: Simulator error \"%s\"\n",msg);
2040 /* This function implements what the MIPS32 and MIPS64 ISAs define as
2041 "UNPREDICTABLE" behaviour.
2043 About UNPREDICTABLE behaviour they say: "UNPREDICTABLE results
2044 may vary from processor implementation to processor implementation,
2045 instruction to instruction, or as a function of time on the same
2046 implementation or instruction. Software can never depend on results
2047 that are UNPREDICTABLE. ..." (MIPS64 Architecture for Programmers
2048 Volume II, The MIPS64 Instruction Set. MIPS Document MD00087 revision
2051 For UNPREDICTABLE behaviour, we print a message, if possible print
2052 the offending instructions mips.igen instruction name (provided by
2053 the caller), and stop the simulator.
2055 XXX FIXME: eventually, stopping the simulator should be made conditional
2056 on a command-line option. */
2058 unpredictable_action(sim_cpu *cpu, address_word cia)
2060 SIM_DESC sd = CPU_STATE(cpu);
2062 sim_io_eprintf(sd, "UNPREDICTABLE: PC = 0x%s\n", pr_addr (cia));
2063 sim_engine_halt (SD, CPU, NULL, cia, sim_stopped, SIM_SIGABRT);
2067 /*-- co-processor support routines ------------------------------------------*/
2070 CoProcPresent(unsigned int coproc_number)
2072 /* Return TRUE if simulator provides a model for the given co-processor number */
2077 cop_lw (SIM_DESC sd,
2082 unsigned int memword)
2087 if (CURRENT_FLOATING_POINT == HARD_FLOATING_POINT)
2090 printf("DBG: COP_LW: memword = 0x%08X (uword64)memword = 0x%s\n",memword,pr_addr(memword));
2092 StoreFPR(coproc_reg,fmt_uninterpreted_32,(uword64)memword);
2097 #if 0 /* this should be controlled by a configuration option */
2098 sim_io_printf(sd,"COP_LW(%d,%d,0x%08X) at PC = 0x%s : TODO (architecture specific)\n",coproc_num,coproc_reg,memword,pr_addr(cia));
2107 cop_ld (SIM_DESC sd,
2116 printf("DBG: COP_LD: coproc_num = %d, coproc_reg = %d, value = 0x%s : PC = 0x%s\n", coproc_num, coproc_reg, pr_uword64(memword), pr_addr(cia) );
2119 switch (coproc_num) {
2121 if (CURRENT_FLOATING_POINT == HARD_FLOATING_POINT)
2123 StoreFPR(coproc_reg,fmt_uninterpreted_64,memword);
2128 #if 0 /* this message should be controlled by a configuration option */
2129 sim_io_printf(sd,"COP_LD(%d,%d,0x%s) at PC = 0x%s : TODO (architecture specific)\n",coproc_num,coproc_reg,pr_addr(memword),pr_addr(cia));
2141 cop_sw (SIM_DESC sd,
2147 unsigned int value = 0;
2152 if (CURRENT_FLOATING_POINT == HARD_FLOATING_POINT)
2154 value = (unsigned int)ValueFPR(coproc_reg,fmt_uninterpreted_32);
2159 #if 0 /* should be controlled by configuration option */
2160 sim_io_printf(sd,"COP_SW(%d,%d) at PC = 0x%s : TODO (architecture specific)\n",coproc_num,coproc_reg,pr_addr(cia));
2169 cop_sd (SIM_DESC sd,
2179 if (CURRENT_FLOATING_POINT == HARD_FLOATING_POINT)
2181 value = ValueFPR(coproc_reg,fmt_uninterpreted_64);
2186 #if 0 /* should be controlled by configuration option */
2187 sim_io_printf(sd,"COP_SD(%d,%d) at PC = 0x%s : TODO (architecture specific)\n",coproc_num,coproc_reg,pr_addr(cia));
2199 decode_coproc (SIM_DESC sd,
2202 unsigned int instruction)
2204 int coprocnum = ((instruction >> 26) & 3);
2208 case 0: /* standard CPU control and cache registers */
2210 int code = ((instruction >> 21) & 0x1F);
2211 int rt = ((instruction >> 16) & 0x1F);
2212 int rd = ((instruction >> 11) & 0x1F);
2213 int tail = instruction & 0x3ff;
2214 /* R4000 Users Manual (second edition) lists the following CP0
2216 CODE><-RT><RD-><--TAIL--->
2217 DMFC0 Doubleword Move From CP0 (VR4100 = 01000000001tttttddddd00000000000)
2218 DMTC0 Doubleword Move To CP0 (VR4100 = 01000000101tttttddddd00000000000)
2219 MFC0 word Move From CP0 (VR4100 = 01000000000tttttddddd00000000000)
2220 MTC0 word Move To CP0 (VR4100 = 01000000100tttttddddd00000000000)
2221 TLBR Read Indexed TLB Entry (VR4100 = 01000010000000000000000000000001)
2222 TLBWI Write Indexed TLB Entry (VR4100 = 01000010000000000000000000000010)
2223 TLBWR Write Random TLB Entry (VR4100 = 01000010000000000000000000000110)
2224 TLBP Probe TLB for Matching Entry (VR4100 = 01000010000000000000000000001000)
2225 CACHE Cache operation (VR4100 = 101111bbbbbpppppiiiiiiiiiiiiiiii)
2226 ERET Exception return (VR4100 = 01000010000000000000000000011000)
2228 if (((code == 0x00) || (code == 0x04) /* MFC0 / MTC0 */
2229 || (code == 0x01) || (code == 0x05)) /* DMFC0 / DMTC0 */
2232 /* Clear double/single coprocessor move bit. */
2235 /* M[TF]C0 (32 bits) | DM[TF]C0 (64 bits) */
2237 switch (rd) /* NOTEs: Standard CP0 registers */
2239 /* 0 = Index R4000 VR4100 VR4300 */
2240 /* 1 = Random R4000 VR4100 VR4300 */
2241 /* 2 = EntryLo0 R4000 VR4100 VR4300 */
2242 /* 3 = EntryLo1 R4000 VR4100 VR4300 */
2243 /* 4 = Context R4000 VR4100 VR4300 */
2244 /* 5 = PageMask R4000 VR4100 VR4300 */
2245 /* 6 = Wired R4000 VR4100 VR4300 */
2246 /* 8 = BadVAddr R4000 VR4100 VR4300 */
2247 /* 9 = Count R4000 VR4100 VR4300 */
2248 /* 10 = EntryHi R4000 VR4100 VR4300 */
2249 /* 11 = Compare R4000 VR4100 VR4300 */
2250 /* 12 = SR R4000 VR4100 VR4300 */
2251 #ifdef SUBTARGET_R3900
2253 /* 3 = Config R3900 */
2255 /* 7 = Cache R3900 */
2257 /* 15 = PRID R3900 */
2263 /* 8 = BadVAddr R4000 VR4100 VR4300 */
2265 GPR[rt] = (signed_word) (signed_address) COP0_BADVADDR;
2267 COP0_BADVADDR = GPR[rt];
2270 #endif /* SUBTARGET_R3900 */
2277 /* 13 = Cause R4000 VR4100 VR4300 */
2284 /* 14 = EPC R4000 VR4100 VR4300 */
2287 GPR[rt] = (signed_word) (signed_address) EPC;
2291 /* 15 = PRId R4000 VR4100 VR4300 */
2292 #ifdef SUBTARGET_R3900
2301 /* 16 = Config R4000 VR4100 VR4300 */
2304 GPR[rt] = C0_CONFIG;
2306 /* only bottom three bits are writable */
2307 C0_CONFIG = (C0_CONFIG & ~0x7) | (GPR[rt] & 0x7);
2310 #ifdef SUBTARGET_R3900
2319 /* 17 = LLAddr R4000 VR4100 VR4300 */
2321 /* 18 = WatchLo R4000 VR4100 VR4300 */
2322 /* 19 = WatchHi R4000 VR4100 VR4300 */
2323 /* 20 = XContext R4000 VR4100 VR4300 */
2324 /* 26 = PErr or ECC R4000 VR4100 VR4300 */
2325 /* 27 = CacheErr R4000 VR4100 */
2326 /* 28 = TagLo R4000 VR4100 VR4300 */
2327 /* 29 = TagHi R4000 VR4100 VR4300 */
2328 /* 30 = ErrorEPC R4000 VR4100 VR4300 */
2329 if (STATE_VERBOSE_P(SD))
2331 "Warning: PC 0x%lx:interp.c decode_coproc DEADC0DE\n",
2332 (unsigned long)cia);
2333 GPR[rt] = 0xDEADC0DE; /* CPR[0,rd] */
2334 /* CPR[0,rd] = GPR[rt]; */
2337 GPR[rt] = (signed_word) (signed32) COP0_GPR[rd];
2339 COP0_GPR[rd] = GPR[rt];
2342 sim_io_printf(sd,"Warning: MFC0 %d,%d ignored, PC=%08x (architecture specific)\n",rt,rd, (unsigned)cia);
2344 sim_io_printf(sd,"Warning: MTC0 %d,%d ignored, PC=%08x (architecture specific)\n",rt,rd, (unsigned)cia);
2348 else if ((code == 0x00 || code == 0x01)
2351 /* [D]MFC0 RT,C0_CONFIG,SEL */
2353 switch (tail & 0x07)
2359 /* MIPS32 r/o Config1:
2362 /* MIPS16 implemented.
2363 XXX How to check configuration? */
2365 if (CURRENT_FLOATING_POINT == HARD_FLOATING_POINT)
2366 /* MDMX & FPU implemented */
2370 /* MIPS32 r/o Config2:
2375 /* MIPS32 r/o Config3:
2376 SmartMIPS implemented. */
2382 else if (code == 0x10 && (tail & 0x3f) == 0x18)
2385 if (SR & status_ERL)
2387 /* Oops, not yet available */
2388 sim_io_printf(sd,"Warning: ERET when SR[ERL] set not handled yet");
2398 else if (code == 0x10 && (tail & 0x3f) == 0x10)
2401 #ifdef SUBTARGET_R3900
2402 /* TX39: Copy IEp/KUp -> IEc/KUc, and IEo/KUo -> IEp/KUp */
2404 /* shift IE/KU history bits right */
2405 SR = LSMASKED32(SR, 31, 4) | LSINSERTED32(LSEXTRACTED32(SR, 5, 2), 3, 0);
2407 /* TODO: CACHE register */
2408 #endif /* SUBTARGET_R3900 */
2410 else if (code == 0x10 && (tail & 0x3f) == 0x1F)
2418 sim_io_eprintf(sd,"Unrecognised COP0 instruction 0x%08X at PC = 0x%s : No handler present\n",instruction,pr_addr(cia));
2419 /* TODO: When executing an ERET or RFE instruction we should
2420 clear LLBIT, to ensure that any out-standing atomic
2421 read/modify/write sequence fails. */
2425 case 2: /* co-processor 2 */
2432 sim_io_eprintf(sd, "COP2 instruction 0x%08X at PC = 0x%s : No handler present\n",
2433 instruction,pr_addr(cia));
2438 case 1: /* should not occur (FPU co-processor) */
2439 case 3: /* should not occur (FPU co-processor) */
2440 SignalException(ReservedInstruction,instruction);
2448 /* This code copied from gdb's utils.c. Would like to share this code,
2449 but don't know of a common place where both could get to it. */
2451 /* Temporary storage using circular buffer */
2457 static char buf[NUMCELLS][CELLSIZE];
2459 if (++cell>=NUMCELLS) cell=0;
2463 /* Print routines to handle variable size regs, etc */
2465 /* Eliminate warning from compiler on 32-bit systems */
2466 static int thirty_two = 32;
2472 char *paddr_str=get_cell();
2473 switch (sizeof(addr))
2476 sprintf(paddr_str,"%08lx%08lx",
2477 (unsigned long)(addr>>thirty_two),(unsigned long)(addr&0xffffffff));
2480 sprintf(paddr_str,"%08lx",(unsigned long)addr);
2483 sprintf(paddr_str,"%04x",(unsigned short)(addr&0xffff));
2486 sprintf(paddr_str,"%x",addr);
2495 char *paddr_str=get_cell();
2496 sprintf(paddr_str,"%08lx%08lx",
2497 (unsigned long)(addr>>thirty_two),(unsigned long)(addr&0xffffffff));
2503 mips_core_signal (SIM_DESC sd,
2509 transfer_type transfer,
2510 sim_core_signals sig)
2512 const char *copy = (transfer == read_transfer ? "read" : "write");
2513 address_word ip = CIA_ADDR (cia);
2517 case sim_core_unmapped_signal:
2518 sim_io_eprintf (sd, "mips-core: %d byte %s to unmapped address 0x%lx at 0x%lx\n",
2520 (unsigned long) addr, (unsigned long) ip);
2521 COP0_BADVADDR = addr;
2522 SignalExceptionDataReference();
2525 case sim_core_unaligned_signal:
2526 sim_io_eprintf (sd, "mips-core: %d byte %s to unaligned address 0x%lx at 0x%lx\n",
2528 (unsigned long) addr, (unsigned long) ip);
2529 COP0_BADVADDR = addr;
2530 if(transfer == read_transfer)
2531 SignalExceptionAddressLoad();
2533 SignalExceptionAddressStore();
2537 sim_engine_abort (sd, cpu, cia,
2538 "mips_core_signal - internal error - bad switch");
2544 mips_cpu_exception_trigger(SIM_DESC sd, sim_cpu* cpu, address_word cia)
2546 ASSERT(cpu != NULL);
2548 if(cpu->exc_suspended > 0)
2549 sim_io_eprintf(sd, "Warning, nested exception triggered (%d)\n", cpu->exc_suspended);
2552 memcpy(cpu->exc_trigger_registers, cpu->registers, sizeof(cpu->exc_trigger_registers));
2553 cpu->exc_suspended = 0;
2557 mips_cpu_exception_suspend(SIM_DESC sd, sim_cpu* cpu, int exception)
2559 ASSERT(cpu != NULL);
2561 if(cpu->exc_suspended > 0)
2562 sim_io_eprintf(sd, "Warning, nested exception signal (%d then %d)\n",
2563 cpu->exc_suspended, exception);
2565 memcpy(cpu->exc_suspend_registers, cpu->registers, sizeof(cpu->exc_suspend_registers));
2566 memcpy(cpu->registers, cpu->exc_trigger_registers, sizeof(cpu->registers));
2567 cpu->exc_suspended = exception;
2571 mips_cpu_exception_resume(SIM_DESC sd, sim_cpu* cpu, int exception)
2573 ASSERT(cpu != NULL);
2575 if(exception == 0 && cpu->exc_suspended > 0)
2577 /* warn not for breakpoints */
2578 if(cpu->exc_suspended != sim_signal_to_host(sd, SIM_SIGTRAP))
2579 sim_io_eprintf(sd, "Warning, resuming but ignoring pending exception signal (%d)\n",
2580 cpu->exc_suspended);
2582 else if(exception != 0 && cpu->exc_suspended > 0)
2584 if(exception != cpu->exc_suspended)
2585 sim_io_eprintf(sd, "Warning, resuming with mismatched exception signal (%d vs %d)\n",
2586 cpu->exc_suspended, exception);
2588 memcpy(cpu->registers, cpu->exc_suspend_registers, sizeof(cpu->registers));
2590 else if(exception != 0 && cpu->exc_suspended == 0)
2592 sim_io_eprintf(sd, "Warning, ignoring spontanous exception signal (%d)\n", exception);
2594 cpu->exc_suspended = 0;
2598 /*---------------------------------------------------------------------------*/
2599 /*> EOF interp.c <*/
projects / platform / upstream / binutils.git / blob