2 /* Simulator for the MIPS architecture.
4 This file is part of the MIPS sim
6 THIS SOFTWARE IS NOT COPYRIGHTED
8 Cygnus offers the following for use in the public domain. Cygnus
9 makes no warranty with regard to the software or it's performance
10 and the user accepts the software "AS IS" with all faults.
12 CYGNUS DISCLAIMS ANY WARRANTIES, EXPRESS OR IMPLIED, WITH REGARD TO
13 THIS SOFTWARE INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
14 MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.
18 The IDT monitor (found on the VR4300 board), seems to lie about
19 register contents. It seems to treat the registers as sign-extended
20 32-bit values. This cause *REAL* problems when single-stepping 64-bit
28 #include "sim-utils.h"
29 #include "sim-options.h"
30 #include "sim-assert.h"
56 #include "libiberty.h"
59 #include "gdb/callback.h" /* GDB simulator callback interface */
60 #include "gdb/remote-sim.h" /* GDB simulator interface */
62 char* pr_addr (SIM_ADDR addr);
63 char* pr_uword64 (uword64 addr);
66 /* Within interp.c we refer to the sim_state and sim_cpu directly. */
71 /* The following reserved instruction value is used when a simulator
72 trap is required. NOTE: Care must be taken, since this value may be
73 used in later revisions of the MIPS ISA. */
75 #define RSVD_INSTRUCTION (0x00000039)
76 #define RSVD_INSTRUCTION_MASK (0xFC00003F)
78 #define RSVD_INSTRUCTION_ARG_SHIFT 6
79 #define RSVD_INSTRUCTION_ARG_MASK 0xFFFFF
82 /* Bits in the Debug register */
83 #define Debug_DBD 0x80000000 /* Debug Branch Delay */
84 #define Debug_DM 0x40000000 /* Debug Mode */
85 #define Debug_DBp 0x00000002 /* Debug Breakpoint indicator */
87 /*---------------------------------------------------------------------------*/
88 /*-- GDB simulator interface ------------------------------------------------*/
89 /*---------------------------------------------------------------------------*/
91 static void ColdReset (SIM_DESC sd);
93 /*---------------------------------------------------------------------------*/
97 #define DELAYSLOT() {\
98 if (STATE & simDELAYSLOT)\
99 sim_io_eprintf(sd,"Delay slot already activated (branch in delay slot?)\n");\
100 STATE |= simDELAYSLOT;\
103 #define JALDELAYSLOT() {\
105 STATE |= simJALDELAYSLOT;\
109 STATE &= ~simDELAYSLOT;\
110 STATE |= simSKIPNEXT;\
113 #define CANCELDELAYSLOT() {\
115 STATE &= ~(simDELAYSLOT | simJALDELAYSLOT);\
118 #define INDELAYSLOT() ((STATE & simDELAYSLOT) != 0)
119 #define INJALDELAYSLOT() ((STATE & simJALDELAYSLOT) != 0)
121 /* Note that the monitor code essentially assumes this layout of memory.
122 If you change these, change the monitor code, too. */
123 /* FIXME Currently addresses are truncated to 32-bits, see
124 mips/sim-main.c:address_translation(). If that changes, then these
125 values will need to be extended, and tested for more carefully. */
126 #define K0BASE (0x80000000)
127 #define K0SIZE (0x20000000)
128 #define K1BASE (0xA0000000)
129 #define K1SIZE (0x20000000)
131 /* Simple run-time monitor support.
133 We emulate the monitor by placing magic reserved instructions at
134 the monitor's entry points; when we hit these instructions, instead
135 of raising an exception (as we would normally), we look at the
136 instruction and perform the appropriate monitory operation.
138 `*_monitor_base' are the physical addresses at which the corresponding
139 monitor vectors are located. `0' means none. By default,
141 The RSVD_INSTRUCTION... macros specify the magic instructions we
142 use at the monitor entry points. */
143 static int firmware_option_p = 0;
144 static SIM_ADDR idt_monitor_base = 0xBFC00000;
145 static SIM_ADDR pmon_monitor_base = 0xBFC00500;
146 static SIM_ADDR lsipmon_monitor_base = 0xBFC00200;
148 static SIM_RC sim_firmware_command (SIM_DESC sd, char* arg);
150 #define MEM_SIZE (8 << 20) /* 8 MBytes */
154 static char *tracefile = "trace.din"; /* default filename for trace log */
155 FILE *tracefh = NULL;
156 static void open_trace (SIM_DESC sd);
158 #define open_trace(sd)
161 static const char * get_insn_name (sim_cpu *, int);
163 /* simulation target board. NULL=canonical */
164 static char* board = NULL;
167 static DECLARE_OPTION_HANDLER (mips_option_handler);
170 OPTION_DINERO_TRACE = OPTION_START,
177 static int display_mem_info = 0;
180 mips_option_handler (SIM_DESC sd, sim_cpu *cpu, int opt, char *arg,
186 case OPTION_DINERO_TRACE: /* ??? */
188 /* Eventually the simTRACE flag could be treated as a toggle, to
189 allow external control of the program points being traced
190 (i.e. only from main onwards, excluding the run-time setup,
192 for (cpu_nr = 0; cpu_nr < MAX_NR_PROCESSORS; cpu_nr++)
194 sim_cpu *cpu = STATE_CPU (sd, cpu_nr);
197 else if (strcmp (arg, "yes") == 0)
199 else if (strcmp (arg, "no") == 0)
201 else if (strcmp (arg, "on") == 0)
203 else if (strcmp (arg, "off") == 0)
207 fprintf (stderr, "Unrecognized dinero-trace option `%s'\n", arg);
212 #else /* !WITH_TRACE_ANY_P */
214 Simulator constructed without dinero tracing support (for performance).\n\
215 Re-compile simulator with \"-DWITH_TRACE_ANY_P\" to enable this option.\n");
217 #endif /* !WITH_TRACE_ANY_P */
219 case OPTION_DINERO_FILE:
221 if (optarg != NULL) {
223 tmp = (char *)malloc(strlen(optarg) + 1);
226 sim_io_printf(sd,"Failed to allocate buffer for tracefile name \"%s\"\n",optarg);
232 sim_io_printf(sd,"Placing trace information into file \"%s\"\n",tracefile);
235 #endif /* WITH_TRACE_ANY_P */
238 case OPTION_FIRMWARE:
239 return sim_firmware_command (sd, arg);
245 board = zalloc(strlen(arg) + 1);
251 case OPTION_INFO_MEMORY:
252 display_mem_info = 1;
260 static const OPTION mips_options[] =
262 { {"dinero-trace", optional_argument, NULL, OPTION_DINERO_TRACE},
263 '\0', "on|off", "Enable dinero tracing",
264 mips_option_handler },
265 { {"dinero-file", required_argument, NULL, OPTION_DINERO_FILE},
266 '\0', "FILE", "Write dinero trace to FILE",
267 mips_option_handler },
268 { {"firmware", required_argument, NULL, OPTION_FIRMWARE},
269 '\0', "[idt|pmon|lsipmon|none][@ADDRESS]", "Emulate ROM monitor",
270 mips_option_handler },
271 { {"board", required_argument, NULL, OPTION_BOARD},
272 '\0', "none" /* rely on compile-time string concatenation for other options */
274 #define BOARD_JMR3904 "jmr3904"
276 #define BOARD_JMR3904_PAL "jmr3904pal"
277 "|" BOARD_JMR3904_PAL
278 #define BOARD_JMR3904_DEBUG "jmr3904debug"
279 "|" BOARD_JMR3904_DEBUG
280 #define BOARD_BSP "bsp"
283 , "Customize simulation for a particular board.", mips_option_handler },
285 /* These next two options have the same names as ones found in the
286 memory_options[] array in common/sim-memopt.c. This is because
287 the intention is to provide an alternative handler for those two
288 options. We need an alternative handler because the memory
289 regions are not set up until after the command line arguments
290 have been parsed, and so we cannot display the memory info whilst
291 processing the command line. There is a hack in sim_open to
292 remove these handlers when we want the real --memory-info option
294 { { "info-memory", no_argument, NULL, OPTION_INFO_MEMORY },
295 '\0', NULL, "List configured memory regions", mips_option_handler },
296 { { "memory-info", no_argument, NULL, OPTION_INFO_MEMORY },
297 '\0', NULL, NULL, mips_option_handler },
299 { {NULL, no_argument, NULL, 0}, '\0', NULL, NULL, NULL }
303 int interrupt_pending;
306 interrupt_event (SIM_DESC sd, void *data)
308 sim_cpu *cpu = STATE_CPU (sd, 0); /* FIXME */
309 address_word cia = CPU_PC_GET (cpu);
312 interrupt_pending = 0;
313 SignalExceptionInterrupt (1); /* interrupt "1" */
315 else if (!interrupt_pending)
316 sim_events_schedule (sd, 1, interrupt_event, data);
320 /*---------------------------------------------------------------------------*/
321 /*-- Device registration hook -----------------------------------------------*/
322 /*---------------------------------------------------------------------------*/
323 static void device_init(SIM_DESC sd) {
325 extern void register_devices(SIM_DESC);
326 register_devices(sd);
330 /*---------------------------------------------------------------------------*/
331 /*-- GDB simulator interface ------------------------------------------------*/
332 /*---------------------------------------------------------------------------*/
335 mips_pc_get (sim_cpu *cpu)
341 mips_pc_set (sim_cpu *cpu, sim_cia pc)
346 static int mips_reg_fetch (SIM_CPU *, int, unsigned char *, int);
347 static int mips_reg_store (SIM_CPU *, int, unsigned char *, int);
350 sim_open (SIM_OPEN_KIND kind, host_callback *cb,
351 struct bfd *abfd, char * const *argv)
354 SIM_DESC sd = sim_state_alloc (kind, cb);
357 SIM_ASSERT (STATE_MAGIC (sd) == SIM_MAGIC_NUMBER);
359 /* The cpu data is kept in a separately allocated chunk of memory. */
360 if (sim_cpu_alloc_all (sd, 1, /*cgen_cpu_max_extra_bytes ()*/0) != SIM_RC_OK)
363 cpu = STATE_CPU (sd, 0); /* FIXME */
365 /* FIXME: watchpoints code shouldn't need this */
366 STATE_WATCHPOINTS (sd)->pc = &(PC);
367 STATE_WATCHPOINTS (sd)->sizeof_pc = sizeof (PC);
368 STATE_WATCHPOINTS (sd)->interrupt_handler = interrupt_event;
370 /* Initialize the mechanism for doing insn profiling. */
371 CPU_INSN_NAME (cpu) = get_insn_name;
372 CPU_MAX_INSNS (cpu) = nr_itable_entries;
376 if (sim_pre_argv_init (sd, argv[0]) != SIM_RC_OK)
378 sim_add_option_table (sd, NULL, mips_options);
381 /* The parser will print an error message for us, so we silently return. */
382 if (sim_parse_args (sd, argv) != SIM_RC_OK)
384 /* Uninstall the modules to avoid memory leaks,
385 file descriptor leaks, etc. */
386 sim_module_uninstall (sd);
390 /* handle board-specific memory maps */
393 /* Allocate core managed memory */
394 sim_memopt *entry, *match = NULL;
395 address_word mem_size = 0;
398 /* For compatibility with the old code - under this (at level one)
399 are the kernel spaces K0 & K1. Both of these map to a single
400 smaller sub region */
401 sim_do_command(sd," memory region 0x7fff8000,0x8000") ; /* MTZ- 32 k stack */
403 /* Look for largest memory region defined on command-line at
405 for (entry = STATE_MEMOPT (sd); entry != NULL; entry = entry->next)
407 /* If we find an entry at address 0, then we will end up
408 allocating a new buffer in the "memory alias" command
409 below. The region at address 0 will be deleted. */
410 address_word size = (entry->modulo != 0
411 ? entry->modulo : entry->nr_bytes);
413 && (!match || entry->level < match->level))
415 else if (entry->addr == K0BASE || entry->addr == K1BASE)
420 for (alias = entry->alias; alias != NULL; alias = alias->next)
423 && (!match || entry->level < match->level))
425 else if (alias->addr == K0BASE || alias->addr == K1BASE)
435 /* Get existing memory region size. */
436 mem_size = (match->modulo != 0
437 ? match->modulo : match->nr_bytes);
438 /* Delete old region. */
439 sim_do_commandf (sd, "memory delete %d:0x%lx@%d",
440 match->space, match->addr, match->level);
442 else if (mem_size == 0)
444 /* Limit to KSEG1 size (512MB) */
445 if (mem_size > K1SIZE)
447 /* memory alias K1BASE@1,K1SIZE%MEMSIZE,K0BASE */
448 sim_do_commandf (sd, "memory alias 0x%lx@1,0x%lx%%0x%lx,0x%0x",
449 K1BASE, K1SIZE, (long)mem_size, K0BASE);
454 else if (board != NULL
455 && (strcmp(board, BOARD_BSP) == 0))
459 STATE_ENVIRONMENT (sd) = OPERATING_ENVIRONMENT;
461 /* ROM: 0x9FC0_0000 - 0x9FFF_FFFF and 0xBFC0_0000 - 0xBFFF_FFFF */
462 sim_do_commandf (sd, "memory alias 0x%lx@1,0x%lx,0x%0x",
464 4 * 1024 * 1024, /* 4 MB */
467 /* SRAM: 0x8000_0000 - 0x803F_FFFF and 0xA000_0000 - 0xA03F_FFFF */
468 sim_do_commandf (sd, "memory alias 0x%lx@1,0x%lx,0x%0x",
470 4 * 1024 * 1024, /* 4 MB */
473 /* DRAM: 0x8800_0000 - 0x89FF_FFFF and 0xA800_0000 - 0xA9FF_FFFF */
474 for (i=0; i<8; i++) /* 32 MB total */
476 unsigned size = 4 * 1024 * 1024; /* 4 MB */
477 sim_do_commandf (sd, "memory alias 0x%lx@1,0x%lx,0x%0x",
478 0x88000000 + (i * size),
480 0xA8000000 + (i * size));
484 else if (board != NULL
485 && (strcmp(board, BOARD_JMR3904) == 0 ||
486 strcmp(board, BOARD_JMR3904_PAL) == 0 ||
487 strcmp(board, BOARD_JMR3904_DEBUG) == 0))
489 /* match VIRTUAL memory layout of JMR-TX3904 board */
492 /* --- disable monitor unless forced on by user --- */
494 if (! firmware_option_p)
496 idt_monitor_base = 0;
497 pmon_monitor_base = 0;
498 lsipmon_monitor_base = 0;
501 /* --- environment --- */
503 STATE_ENVIRONMENT (sd) = OPERATING_ENVIRONMENT;
507 /* ROM: 0x9FC0_0000 - 0x9FFF_FFFF and 0xBFC0_0000 - 0xBFFF_FFFF */
508 sim_do_commandf (sd, "memory alias 0x%lx@1,0x%lx,0x%0x",
510 4 * 1024 * 1024, /* 4 MB */
513 /* SRAM: 0x8000_0000 - 0x803F_FFFF and 0xA000_0000 - 0xA03F_FFFF */
514 sim_do_commandf (sd, "memory alias 0x%lx@1,0x%lx,0x%0x",
516 4 * 1024 * 1024, /* 4 MB */
519 /* DRAM: 0x8800_0000 - 0x89FF_FFFF and 0xA800_0000 - 0xA9FF_FFFF */
520 for (i=0; i<8; i++) /* 32 MB total */
522 unsigned size = 4 * 1024 * 1024; /* 4 MB */
523 sim_do_commandf (sd, "memory alias 0x%lx@1,0x%lx,0x%0x",
524 0x88000000 + (i * size),
526 0xA8000000 + (i * size));
529 /* Dummy memory regions for unsimulated devices - sorted by address */
531 sim_do_commandf (sd, "memory alias 0x%lx@1,0x%lx", 0xB1000000, 0x400); /* ISA I/O */
532 sim_do_commandf (sd, "memory alias 0x%lx@1,0x%lx", 0xB2100000, 0x004); /* ISA ctl */
533 sim_do_commandf (sd, "memory alias 0x%lx@1,0x%lx", 0xB2500000, 0x004); /* LED/switch */
534 sim_do_commandf (sd, "memory alias 0x%lx@1,0x%lx", 0xB2700000, 0x004); /* RTC */
535 sim_do_commandf (sd, "memory alias 0x%lx@1,0x%lx", 0xB3C00000, 0x004); /* RTC */
536 sim_do_commandf (sd, "memory alias 0x%lx@1,0x%lx", 0xFFFF8000, 0x900); /* DRAMC */
537 sim_do_commandf (sd, "memory alias 0x%lx@1,0x%lx", 0xFFFF9000, 0x200); /* EBIF */
538 sim_do_commandf (sd, "memory alias 0x%lx@1,0x%lx", 0xFFFFE000, 0x01c); /* EBIF */
539 sim_do_commandf (sd, "memory alias 0x%lx@1,0x%lx", 0xFFFFF500, 0x300); /* PIO */
542 /* --- simulated devices --- */
543 sim_hw_parse (sd, "/tx3904irc@0xffffc000/reg 0xffffc000 0x20");
544 sim_hw_parse (sd, "/tx3904cpu");
545 sim_hw_parse (sd, "/tx3904tmr@0xfffff000/reg 0xfffff000 0x100");
546 sim_hw_parse (sd, "/tx3904tmr@0xfffff100/reg 0xfffff100 0x100");
547 sim_hw_parse (sd, "/tx3904tmr@0xfffff200/reg 0xfffff200 0x100");
548 sim_hw_parse (sd, "/tx3904sio@0xfffff300/reg 0xfffff300 0x100");
550 /* FIXME: poking at dv-sockser internals, use tcp backend if
551 --sockser_addr option was given.*/
552 extern char* sockser_addr;
553 if(sockser_addr == NULL)
554 sim_hw_parse (sd, "/tx3904sio@0xfffff300/backend stdio");
556 sim_hw_parse (sd, "/tx3904sio@0xfffff300/backend tcp");
558 sim_hw_parse (sd, "/tx3904sio@0xfffff400/reg 0xfffff400 0x100");
559 sim_hw_parse (sd, "/tx3904sio@0xfffff400/backend stdio");
561 /* -- device connections --- */
562 sim_hw_parse (sd, "/tx3904irc > ip level /tx3904cpu");
563 sim_hw_parse (sd, "/tx3904tmr@0xfffff000 > int tmr0 /tx3904irc");
564 sim_hw_parse (sd, "/tx3904tmr@0xfffff100 > int tmr1 /tx3904irc");
565 sim_hw_parse (sd, "/tx3904tmr@0xfffff200 > int tmr2 /tx3904irc");
566 sim_hw_parse (sd, "/tx3904sio@0xfffff300 > int sio0 /tx3904irc");
567 sim_hw_parse (sd, "/tx3904sio@0xfffff400 > int sio1 /tx3904irc");
569 /* add PAL timer & I/O module */
570 if(! strcmp(board, BOARD_JMR3904_PAL))
573 sim_hw_parse (sd, "/pal@0xffff0000");
574 sim_hw_parse (sd, "/pal@0xffff0000/reg 0xffff0000 64");
576 /* wire up interrupt ports to irc */
577 sim_hw_parse (sd, "/pal@0x31000000 > countdown tmr0 /tx3904irc");
578 sim_hw_parse (sd, "/pal@0x31000000 > timer tmr1 /tx3904irc");
579 sim_hw_parse (sd, "/pal@0x31000000 > int int0 /tx3904irc");
582 if(! strcmp(board, BOARD_JMR3904_DEBUG))
584 /* -- DEBUG: glue interrupt generators --- */
585 sim_hw_parse (sd, "/glue@0xffff0000/reg 0xffff0000 0x50");
586 sim_hw_parse (sd, "/glue@0xffff0000 > int0 int0 /tx3904irc");
587 sim_hw_parse (sd, "/glue@0xffff0000 > int1 int1 /tx3904irc");
588 sim_hw_parse (sd, "/glue@0xffff0000 > int2 int2 /tx3904irc");
589 sim_hw_parse (sd, "/glue@0xffff0000 > int3 int3 /tx3904irc");
590 sim_hw_parse (sd, "/glue@0xffff0000 > int4 int4 /tx3904irc");
591 sim_hw_parse (sd, "/glue@0xffff0000 > int5 int5 /tx3904irc");
592 sim_hw_parse (sd, "/glue@0xffff0000 > int6 int6 /tx3904irc");
593 sim_hw_parse (sd, "/glue@0xffff0000 > int7 int7 /tx3904irc");
594 sim_hw_parse (sd, "/glue@0xffff0000 > int8 dmac0 /tx3904irc");
595 sim_hw_parse (sd, "/glue@0xffff0000 > int9 dmac1 /tx3904irc");
596 sim_hw_parse (sd, "/glue@0xffff0000 > int10 dmac2 /tx3904irc");
597 sim_hw_parse (sd, "/glue@0xffff0000 > int11 dmac3 /tx3904irc");
598 sim_hw_parse (sd, "/glue@0xffff0000 > int12 sio0 /tx3904irc");
599 sim_hw_parse (sd, "/glue@0xffff0000 > int13 sio1 /tx3904irc");
600 sim_hw_parse (sd, "/glue@0xffff0000 > int14 tmr0 /tx3904irc");
601 sim_hw_parse (sd, "/glue@0xffff0000 > int15 tmr1 /tx3904irc");
602 sim_hw_parse (sd, "/glue@0xffff0000 > int16 tmr2 /tx3904irc");
603 sim_hw_parse (sd, "/glue@0xffff0000 > int17 nmi /tx3904cpu");
610 if (display_mem_info)
612 struct option_list * ol;
613 struct option_list * prev;
615 /* This is a hack. We want to execute the real --memory-info command
616 line switch which is handled in common/sim-memopts.c, not the
617 override we have defined in this file. So we remove the
618 mips_options array from the state options list. This is safe
619 because we have now processed all of the command line. */
620 for (ol = STATE_OPTIONS (sd), prev = NULL;
622 prev = ol, ol = ol->next)
623 if (ol->options == mips_options)
626 SIM_ASSERT (ol != NULL);
629 STATE_OPTIONS (sd) = ol->next;
631 prev->next = ol->next;
633 sim_do_commandf (sd, "memory-info");
636 /* check for/establish the a reference program image */
637 if (sim_analyze_program (sd,
638 (STATE_PROG_ARGV (sd) != NULL
639 ? *STATE_PROG_ARGV (sd)
643 sim_module_uninstall (sd);
647 /* Configure/verify the target byte order and other runtime
648 configuration options */
649 if (sim_config (sd) != SIM_RC_OK)
651 sim_module_uninstall (sd);
655 if (sim_post_argv_init (sd) != SIM_RC_OK)
657 /* Uninstall the modules to avoid memory leaks,
658 file descriptor leaks, etc. */
659 sim_module_uninstall (sd);
663 /* verify assumptions the simulator made about the host type system.
664 This macro does not return if there is a problem */
665 SIM_ASSERT (sizeof(int) == (4 * sizeof(char)));
666 SIM_ASSERT (sizeof(word64) == (8 * sizeof(char)));
668 /* This is NASTY, in that we are assuming the size of specific
672 for (rn = 0; (rn < (LAST_EMBED_REGNUM + 1)); rn++)
675 cpu->register_widths[rn] = WITH_TARGET_WORD_BITSIZE;
676 else if ((rn >= FGR_BASE) && (rn < (FGR_BASE + NR_FGR)))
677 cpu->register_widths[rn] = WITH_TARGET_FLOATING_POINT_BITSIZE;
678 else if ((rn >= 33) && (rn <= 37))
679 cpu->register_widths[rn] = WITH_TARGET_WORD_BITSIZE;
680 else if ((rn == SRIDX)
683 || ((rn >= 72) && (rn <= 89)))
684 cpu->register_widths[rn] = 32;
686 cpu->register_widths[rn] = 0;
692 if (STATE & simTRACE)
696 sim_io_eprintf (sd, "idt@%x pmon@%x lsipmon@%x\n",
699 lsipmon_monitor_base);
702 /* Write the monitor trap address handlers into the monitor (eeprom)
703 address space. This can only be done once the target endianness
704 has been determined. */
705 if (idt_monitor_base != 0)
708 unsigned idt_monitor_size = 1 << 11;
710 /* the default monitor region */
711 sim_do_commandf (sd, "memory region 0x%x,0x%x",
712 idt_monitor_base, idt_monitor_size);
714 /* Entry into the IDT monitor is via fixed address vectors, and
715 not using machine instructions. To avoid clashing with use of
716 the MIPS TRAP system, we place our own (simulator specific)
717 "undefined" instructions into the relevant vector slots. */
718 for (loop = 0; (loop < idt_monitor_size); loop += 4)
720 address_word vaddr = (idt_monitor_base + loop);
721 unsigned32 insn = (RSVD_INSTRUCTION |
722 (((loop >> 2) & RSVD_INSTRUCTION_ARG_MASK)
723 << RSVD_INSTRUCTION_ARG_SHIFT));
725 sim_write (sd, vaddr, (unsigned char *)&insn, sizeof (insn));
729 if ((pmon_monitor_base != 0) || (lsipmon_monitor_base != 0))
731 /* The PMON monitor uses the same address space, but rather than
732 branching into it the address of a routine is loaded. We can
733 cheat for the moment, and direct the PMON routine to IDT style
734 instructions within the monitor space. This relies on the IDT
735 monitor not using the locations from 0xBFC00500 onwards as its
738 for (loop = 0; (loop < 24); loop++)
740 unsigned32 value = ((0x500 - 8) / 8); /* default UNDEFINED reason code */
756 value = ((0x500 - 16) / 8); /* not an IDT reason code */
758 case 8: /* cliexit */
761 case 11: /* flush_cache */
766 SIM_ASSERT (idt_monitor_base != 0);
767 value = ((unsigned int) idt_monitor_base + (value * 8));
770 if (pmon_monitor_base != 0)
772 address_word vaddr = (pmon_monitor_base + (loop * 4));
773 sim_write (sd, vaddr, (unsigned char *)&value, sizeof (value));
776 if (lsipmon_monitor_base != 0)
778 address_word vaddr = (lsipmon_monitor_base + (loop * 4));
779 sim_write (sd, vaddr, (unsigned char *)&value, sizeof (value));
783 /* Write an abort sequence into the TRAP (common) exception vector
784 addresses. This is to catch code executing a TRAP (et.al.)
785 instruction without installing a trap handler. */
786 if ((idt_monitor_base != 0) ||
787 (pmon_monitor_base != 0) ||
788 (lsipmon_monitor_base != 0))
790 unsigned32 halt[2] = { 0x2404002f /* addiu r4, r0, 47 */,
791 HALT_INSTRUCTION /* BREAK */ };
794 sim_write (sd, 0x80000000, (unsigned char *) halt, sizeof (halt));
795 sim_write (sd, 0x80000180, (unsigned char *) halt, sizeof (halt));
796 sim_write (sd, 0x80000200, (unsigned char *) halt, sizeof (halt));
797 /* XXX: Write here unconditionally? */
798 sim_write (sd, 0xBFC00200, (unsigned char *) halt, sizeof (halt));
799 sim_write (sd, 0xBFC00380, (unsigned char *) halt, sizeof (halt));
800 sim_write (sd, 0xBFC00400, (unsigned char *) halt, sizeof (halt));
804 /* CPU specific initialization. */
805 for (i = 0; i < MAX_NR_PROCESSORS; ++i)
807 SIM_CPU *cpu = STATE_CPU (sd, i);
809 CPU_REG_FETCH (cpu) = mips_reg_fetch;
810 CPU_REG_STORE (cpu) = mips_reg_store;
811 CPU_PC_FETCH (cpu) = mips_pc_get;
812 CPU_PC_STORE (cpu) = mips_pc_set;
820 open_trace (SIM_DESC sd)
822 tracefh = fopen(tracefile,"wb+");
825 sim_io_eprintf(sd,"Failed to create file \"%s\", writing trace information to stderr.\n",tracefile);
831 /* Return name of an insn, used by insn profiling. */
833 get_insn_name (sim_cpu *cpu, int i)
835 return itable[i].name;
839 mips_sim_close (SIM_DESC sd, int quitting)
842 if (tracefh != NULL && tracefh != stderr)
849 mips_reg_store (SIM_CPU *cpu, int rn, unsigned char *memory, int length)
851 /* NOTE: gdb (the client) stores registers in target byte order
852 while the simulator uses host byte order */
854 /* Unfortunately this suffers from the same problem as the register
855 numbering one. We need to know what the width of each logical
856 register number is for the architecture being simulated. */
858 if (cpu->register_widths[rn] == 0)
860 sim_io_eprintf (CPU_STATE (cpu), "Invalid register width for %d (register store ignored)\n", rn);
864 if (rn >= FGR_BASE && rn < FGR_BASE + NR_FGR)
866 cpu->fpr_state[rn - FGR_BASE] = fmt_uninterpreted;
867 if (cpu->register_widths[rn] == 32)
871 cpu->fgr[rn - FGR_BASE] =
872 (unsigned32) T2H_8 (*(unsigned64*)memory);
877 cpu->fgr[rn - FGR_BASE] = T2H_4 (*(unsigned32*)memory);
885 cpu->fgr[rn - FGR_BASE] = T2H_8 (*(unsigned64*)memory);
890 cpu->fgr[rn - FGR_BASE] = T2H_4 (*(unsigned32*)memory);
896 if (cpu->register_widths[rn] == 32)
901 (unsigned32) T2H_8 (*(unsigned64*)memory);
906 cpu->registers[rn] = T2H_4 (*(unsigned32*)memory);
914 cpu->registers[rn] = T2H_8 (*(unsigned64*)memory);
919 cpu->registers[rn] = (signed32) T2H_4(*(unsigned32*)memory);
928 mips_reg_fetch (SIM_CPU *cpu, int rn, unsigned char *memory, int length)
930 /* NOTE: gdb (the client) stores registers in target byte order
931 while the simulator uses host byte order */
933 if (cpu->register_widths[rn] == 0)
935 sim_io_eprintf (CPU_STATE (cpu), "Invalid register width for %d (register fetch ignored)\n", rn);
939 /* Any floating point register */
940 if (rn >= FGR_BASE && rn < FGR_BASE + NR_FGR)
942 if (cpu->register_widths[rn] == 32)
946 *(unsigned64*)memory =
947 H2T_8 ((unsigned32) (cpu->fgr[rn - FGR_BASE]));
952 *(unsigned32*)memory = H2T_4 (cpu->fgr[rn - FGR_BASE]);
960 *(unsigned64*)memory = H2T_8 (cpu->fgr[rn - FGR_BASE]);
965 *(unsigned32*)memory = H2T_4 ((unsigned32)(cpu->fgr[rn - FGR_BASE]));
971 if (cpu->register_widths[rn] == 32)
975 *(unsigned64*)memory =
976 H2T_8 ((unsigned32) (cpu->registers[rn]));
981 *(unsigned32*)memory = H2T_4 ((unsigned32)(cpu->registers[rn]));
989 *(unsigned64*)memory =
990 H2T_8 ((unsigned64) (cpu->registers[rn]));
995 *(unsigned32*)memory = H2T_4 ((unsigned32)(cpu->registers[rn]));
1004 sim_create_inferior (SIM_DESC sd, struct bfd *abfd,
1005 char * const *argv, char * const *env)
1009 #if 0 /* FIXME: doesn't compile */
1010 printf("DBG: sim_create_inferior entered: start_address = 0x%s\n",
1019 /* override PC value set by ColdReset () */
1021 for (cpu_nr = 0; cpu_nr < sim_engine_nr_cpus (sd); cpu_nr++)
1023 sim_cpu *cpu = STATE_CPU (sd, cpu_nr);
1024 sim_cia pc = bfd_get_start_address (abfd);
1026 /* We need to undo brain-dead bfd behavior where it sign-extends
1027 addresses that are supposed to be unsigned. See the mips bfd
1028 sign_extend_vma setting. We have to check the ELF data itself
1029 in order to handle o32 & n32 ABIs. */
1030 if (abfd->tdata.elf_obj_data->elf_header->e_ident[EI_CLASS] ==
1032 pc = (unsigned32) pc;
1034 CPU_PC_SET (cpu, pc);
1038 #if 0 /* def DEBUG */
1041 /* We should really place the argv slot values into the argument
1042 registers, and onto the stack as required. However, this
1043 assumes that we have a stack defined, which is not
1044 necessarily true at the moment. */
1046 sim_io_printf(sd,"sim_create_inferior() : passed arguments ignored\n");
1047 for (cptr = argv; (cptr && *cptr); cptr++)
1048 printf("DBG: arg \"%s\"\n",*cptr);
1055 /*---------------------------------------------------------------------------*/
1056 /*-- Private simulator support interface ------------------------------------*/
1057 /*---------------------------------------------------------------------------*/
1059 /* Read a null terminated string from memory, return in a buffer */
1061 fetch_str (SIM_DESC sd,
1067 while (sim_read (sd, addr + nr, &null, 1) == 1 && null != 0)
1069 buf = NZALLOC (char, nr + 1);
1070 sim_read (sd, addr, (unsigned char *)buf, nr);
1075 /* Implements the "sim firmware" command:
1076 sim firmware NAME[@ADDRESS] --- emulate ROM monitor named NAME.
1077 NAME can be idt, pmon, or lsipmon. If omitted, ADDRESS
1078 defaults to the normal address for that monitor.
1079 sim firmware none --- don't emulate any ROM monitor. Useful
1080 if you need a clean address space. */
1082 sim_firmware_command (SIM_DESC sd, char *arg)
1084 int address_present = 0;
1087 /* Signal occurrence of this option. */
1088 firmware_option_p = 1;
1090 /* Parse out the address, if present. */
1092 char *p = strchr (arg, '@');
1096 address_present = 1;
1097 p ++; /* skip over @ */
1099 address = strtoul (p, &q, 0);
1102 sim_io_printf (sd, "Invalid address given to the"
1103 "`sim firmware NAME@ADDRESS' command: %s\n",
1110 address_present = 0;
1111 address = -1; /* Dummy value. */
1115 if (! strncmp (arg, "idt", 3))
1117 idt_monitor_base = address_present ? address : 0xBFC00000;
1118 pmon_monitor_base = 0;
1119 lsipmon_monitor_base = 0;
1121 else if (! strncmp (arg, "pmon", 4))
1123 /* pmon uses indirect calls. Hook into implied idt. */
1124 pmon_monitor_base = address_present ? address : 0xBFC00500;
1125 idt_monitor_base = pmon_monitor_base - 0x500;
1126 lsipmon_monitor_base = 0;
1128 else if (! strncmp (arg, "lsipmon", 7))
1130 /* lsipmon uses indirect calls. Hook into implied idt. */
1131 pmon_monitor_base = 0;
1132 lsipmon_monitor_base = address_present ? address : 0xBFC00200;
1133 idt_monitor_base = lsipmon_monitor_base - 0x200;
1135 else if (! strncmp (arg, "none", 4))
1137 if (address_present)
1140 "The `sim firmware none' command does "
1141 "not take an `ADDRESS' argument.\n");
1144 idt_monitor_base = 0;
1145 pmon_monitor_base = 0;
1146 lsipmon_monitor_base = 0;
1150 sim_io_printf (sd, "\
1151 Unrecognized name given to the `sim firmware NAME' command: %s\n\
1152 Recognized firmware names are: `idt', `pmon', `lsipmon', and `none'.\n",
1162 /* Simple monitor interface (currently setup for the IDT and PMON monitors) */
1164 sim_monitor (SIM_DESC sd,
1167 unsigned int reason)
1170 printf("DBG: sim_monitor: entered (reason = %d)\n",reason);
1173 /* The IDT monitor actually allows two instructions per vector
1174 slot. However, the simulator currently causes a trap on each
1175 individual instruction. We cheat, and lose the bottom bit. */
1178 /* The following callback functions are available, however the
1179 monitor we are simulating does not make use of them: get_errno,
1180 isatty, lseek, rename, system, time and unlink */
1184 case 6: /* int open(char *path,int flags) */
1186 char *path = fetch_str (sd, A0);
1187 V0 = sim_io_open (sd, path, (int)A1);
1192 case 7: /* int read(int file,char *ptr,int len) */
1196 char *buf = zalloc (nr);
1197 V0 = sim_io_read (sd, fd, buf, nr);
1198 sim_write (sd, A1, (unsigned char *)buf, nr);
1203 case 8: /* int write(int file,char *ptr,int len) */
1207 char *buf = zalloc (nr);
1208 sim_read (sd, A1, (unsigned char *)buf, nr);
1209 V0 = sim_io_write (sd, fd, buf, nr);
1211 sim_io_flush_stdout (sd);
1213 sim_io_flush_stderr (sd);
1218 case 10: /* int close(int file) */
1220 V0 = sim_io_close (sd, (int)A0);
1224 case 2: /* Densan monitor: char inbyte(int waitflag) */
1226 if (A0 == 0) /* waitflag == NOWAIT */
1227 V0 = (unsigned_word)-1;
1229 /* Drop through to case 11 */
1231 case 11: /* char inbyte(void) */
1234 /* ensure that all output has gone... */
1235 sim_io_flush_stdout (sd);
1236 if (sim_io_read_stdin (sd, &tmp, sizeof(char)) != sizeof(char))
1238 sim_io_error(sd,"Invalid return from character read");
1239 V0 = (unsigned_word)-1;
1242 V0 = (unsigned_word)tmp;
1246 case 3: /* Densan monitor: void co(char chr) */
1247 case 12: /* void outbyte(char chr) : write a byte to "stdout" */
1249 char tmp = (char)(A0 & 0xFF);
1250 sim_io_write_stdout (sd, &tmp, sizeof(char));
1254 case 17: /* void _exit() */
1256 sim_io_eprintf (sd, "sim_monitor(17): _exit(int reason) to be coded\n");
1257 sim_engine_halt (SD, CPU, NULL, NULL_CIA, sim_exited,
1258 (unsigned int)(A0 & 0xFFFFFFFF));
1262 case 28: /* PMON flush_cache */
1265 case 55: /* void get_mem_info(unsigned int *ptr) */
1266 /* in: A0 = pointer to three word memory location */
1267 /* out: [A0 + 0] = size */
1268 /* [A0 + 4] = instruction cache size */
1269 /* [A0 + 8] = data cache size */
1272 unsigned_4 zero = 0;
1273 address_word mem_size;
1274 sim_memopt *entry, *match = NULL;
1276 /* Search for memory region mapped to KSEG0 or KSEG1. */
1277 for (entry = STATE_MEMOPT (sd);
1279 entry = entry->next)
1281 if ((entry->addr == K0BASE || entry->addr == K1BASE)
1282 && (!match || entry->level < match->level))
1287 for (alias = entry->alias;
1289 alias = alias->next)
1290 if ((alias->addr == K0BASE || alias->addr == K1BASE)
1291 && (!match || entry->level < match->level))
1296 /* Get region size, limit to KSEG1 size (512MB). */
1297 SIM_ASSERT (match != NULL);
1298 mem_size = (match->modulo != 0
1299 ? match->modulo : match->nr_bytes);
1300 if (mem_size > K1SIZE)
1305 sim_write (sd, A0 + 0, (unsigned char *)&value, 4);
1306 sim_write (sd, A0 + 4, (unsigned char *)&zero, 4);
1307 sim_write (sd, A0 + 8, (unsigned char *)&zero, 4);
1308 /* sim_io_eprintf (sd, "sim: get_mem_info() deprecated\n"); */
1312 case 158: /* PMON printf */
1313 /* in: A0 = pointer to format string */
1314 /* A1 = optional argument 1 */
1315 /* A2 = optional argument 2 */
1316 /* A3 = optional argument 3 */
1318 /* The following is based on the PMON printf source */
1320 address_word s = A0;
1322 signed_word *ap = &A1; /* 1st argument */
1323 /* This isn't the quickest way, since we call the host print
1324 routine for every character almost. But it does avoid
1325 having to allocate and manage a temporary string buffer. */
1326 /* TODO: Include check that we only use three arguments (A1,
1328 while (sim_read (sd, s++, &c, 1) && c != '\0')
1333 enum {FMT_RJUST, FMT_LJUST, FMT_RJUST0, FMT_CENTER} fmt = FMT_RJUST;
1334 int width = 0, trunc = 0, haddot = 0, longlong = 0;
1335 while (sim_read (sd, s++, &c, 1) && c != '\0')
1337 if (strchr ("dobxXulscefg%", c))
1352 else if (c >= '1' && c <= '9')
1356 while (sim_read (sd, s++, &c, 1) == 1 && isdigit (c))
1359 n = (unsigned int)strtol(tmp,NULL,10);
1372 sim_io_printf (sd, "%%");
1377 address_word p = *ap++;
1379 while (sim_read (sd, p++, &ch, 1) == 1 && ch != '\0')
1380 sim_io_printf(sd, "%c", ch);
1383 sim_io_printf(sd,"(null)");
1386 sim_io_printf (sd, "%c", (int)*ap++);
1391 sim_read (sd, s++, &c, 1);
1395 sim_read (sd, s++, &c, 1);
1398 if (strchr ("dobxXu", c))
1400 word64 lv = (word64) *ap++;
1402 sim_io_printf(sd,"<binary not supported>");
1405 sprintf (tmp, "%%%s%c", longlong ? "ll" : "", c);
1407 sim_io_printf(sd, tmp, lv);
1409 sim_io_printf(sd, tmp, (int)lv);
1412 else if (strchr ("eEfgG", c))
1414 double dbl = *(double*)(ap++);
1415 sprintf (tmp, "%%%d.%d%c", width, trunc, c);
1416 sim_io_printf (sd, tmp, dbl);
1422 sim_io_printf(sd, "%c", c);
1428 /* Unknown reason. */
1434 /* Store a word into memory. */
1437 store_word (SIM_DESC sd,
1443 address_word paddr = vaddr;
1445 if ((vaddr & 3) != 0)
1446 SignalExceptionAddressStore ();
1449 const uword64 mask = 7;
1453 paddr = (paddr & ~mask) | ((paddr & mask) ^ (ReverseEndian << 2));
1454 byte = (vaddr & mask) ^ (BigEndianCPU << 2);
1455 memval = ((uword64) val) << (8 * byte);
1456 StoreMemory (AccessLength_WORD, memval, 0, paddr, vaddr,
1461 /* Load a word from memory. */
1464 load_word (SIM_DESC sd,
1469 if ((vaddr & 3) != 0)
1471 SIM_CORE_SIGNAL (SD, cpu, cia, read_map, AccessLength_WORD+1, vaddr, read_transfer, sim_core_unaligned_signal);
1475 address_word paddr = vaddr;
1476 const uword64 mask = 0x7;
1477 const unsigned int reverse = ReverseEndian ? 1 : 0;
1478 const unsigned int bigend = BigEndianCPU ? 1 : 0;
1482 paddr = (paddr & ~mask) | ((paddr & mask) ^ (reverse << 2));
1483 LoadMemory (&memval, NULL, AccessLength_WORD, paddr, vaddr, isDATA,
1485 byte = (vaddr & mask) ^ (bigend << 2);
1486 return EXTEND32 (memval >> (8 * byte));
1492 /* Simulate the mips16 entry and exit pseudo-instructions. These
1493 would normally be handled by the reserved instruction exception
1494 code, but for ease of simulation we just handle them directly. */
1497 mips16_entry (SIM_DESC sd,
1502 int aregs, sregs, rreg;
1505 printf("DBG: mips16_entry: entered (insn = 0x%08X)\n",insn);
1508 aregs = (insn & 0x700) >> 8;
1509 sregs = (insn & 0x0c0) >> 6;
1510 rreg = (insn & 0x020) >> 5;
1512 /* This should be checked by the caller. */
1521 /* This is the entry pseudo-instruction. */
1523 for (i = 0; i < aregs; i++)
1524 store_word (SD, CPU, cia, (uword64) (SP + 4 * i), GPR[i + 4]);
1532 store_word (SD, CPU, cia, (uword64) tsp, RA);
1535 for (i = 0; i < sregs; i++)
1538 store_word (SD, CPU, cia, (uword64) tsp, GPR[16 + i]);
1546 /* This is the exit pseudo-instruction. */
1553 RA = load_word (SD, CPU, cia, (uword64) tsp);
1556 for (i = 0; i < sregs; i++)
1559 GPR[i + 16] = load_word (SD, CPU, cia, (uword64) tsp);
1564 if (CURRENT_FLOATING_POINT == HARD_FLOATING_POINT)
1568 FGR[0] = WORD64LO (GPR[4]);
1569 FPR_STATE[0] = fmt_uninterpreted;
1571 else if (aregs == 6)
1573 FGR[0] = WORD64LO (GPR[5]);
1574 FGR[1] = WORD64LO (GPR[4]);
1575 FPR_STATE[0] = fmt_uninterpreted;
1576 FPR_STATE[1] = fmt_uninterpreted;
1585 /*-- trace support ----------------------------------------------------------*/
1587 /* The trace support is provided (if required) in the memory accessing
1588 routines. Since we are also providing the architecture specific
1589 features, the architecture simulation code can also deal with
1590 notifying the trace world of cache flushes, etc. Similarly we do
1591 not need to provide profiling support in the simulator engine,
1592 since we can sample in the instruction fetch control loop. By
1593 defining the trace manifest, we add tracing as a run-time
1596 #if WITH_TRACE_ANY_P
1597 /* Tracing by default produces "din" format (as required by
1598 dineroIII). Each line of such a trace file *MUST* have a din label
1599 and address field. The rest of the line is ignored, so comments can
1600 be included if desired. The first field is the label which must be
1601 one of the following values:
1606 3 escape record (treated as unknown access type)
1607 4 escape record (causes cache flush)
1609 The address field is a 32bit (lower-case) hexadecimal address
1610 value. The address should *NOT* be preceded by "0x".
1612 The size of the memory transfer is not important when dealing with
1613 cache lines (as long as no more than a cache line can be
1614 transferred in a single operation :-), however more information
1615 could be given following the dineroIII requirement to allow more
1616 complete memory and cache simulators to provide better
1617 results. i.e. the University of Pisa has a cache simulator that can
1618 also take bus size and speed as (variable) inputs to calculate
1619 complete system performance (a much more useful ability when trying
1620 to construct an end product, rather than a processor). They
1621 currently have an ARM version of their tool called ChARM. */
1625 dotrace (SIM_DESC sd,
1633 if (STATE & simTRACE) {
1635 fprintf(tracefh,"%d %s ; width %d ; ",
1639 va_start(ap,comment);
1640 vfprintf(tracefh,comment,ap);
1642 fprintf(tracefh,"\n");
1644 /* NOTE: Since the "din" format will only accept 32bit addresses, and
1645 we may be generating 64bit ones, we should put the hi-32bits of the
1646 address into the comment field. */
1648 /* TODO: Provide a buffer for the trace lines. We can then avoid
1649 performing writes until the buffer is filled, or the file is
1652 /* NOTE: We could consider adding a comment field to the "din" file
1653 produced using type 3 markers (unknown access). This would then
1654 allow information about the program that the "din" is for, and
1655 the MIPs world that was being simulated, to be placed into the
1660 #endif /* WITH_TRACE_ANY_P */
1662 /*---------------------------------------------------------------------------*/
1663 /*-- simulator engine -------------------------------------------------------*/
1664 /*---------------------------------------------------------------------------*/
1667 ColdReset (SIM_DESC sd)
1670 for (cpu_nr = 0; cpu_nr < sim_engine_nr_cpus (sd); cpu_nr++)
1672 sim_cpu *cpu = STATE_CPU (sd, cpu_nr);
1673 /* RESET: Fixed PC address: */
1674 PC = (unsigned_word) UNSIGNED64 (0xFFFFFFFFBFC00000);
1675 /* The reset vector address is in the unmapped, uncached memory space. */
1677 SR &= ~(status_SR | status_TS | status_RP);
1678 SR |= (status_ERL | status_BEV);
1680 /* Cheat and allow access to the complete register set immediately */
1681 if (CURRENT_FLOATING_POINT == HARD_FLOATING_POINT
1682 && WITH_TARGET_WORD_BITSIZE == 64)
1683 SR |= status_FR; /* 64bit registers */
1685 /* Ensure that any instructions with pending register updates are
1687 PENDING_INVALIDATE();
1689 /* Initialise the FPU registers to the unknown state */
1690 if (CURRENT_FLOATING_POINT == HARD_FLOATING_POINT)
1693 for (rn = 0; (rn < 32); rn++)
1694 FPR_STATE[rn] = fmt_uninterpreted;
1697 /* Initialise the Config0 register. */
1698 C0_CONFIG = 0x80000000 /* Config1 present */
1699 | 2; /* KSEG0 uncached */
1700 if (WITH_TARGET_WORD_BITSIZE == 64)
1702 /* FIXME Currently mips/sim-main.c:address_translation()
1703 truncates all addresses to 32-bits. */
1704 if (0 && WITH_TARGET_ADDRESS_BITSIZE == 64)
1705 C0_CONFIG |= (2 << 13); /* MIPS64, 64-bit addresses */
1707 C0_CONFIG |= (1 << 13); /* MIPS64, 32-bit addresses */
1710 C0_CONFIG |= 0x00008000; /* Big Endian */
1717 /* Description from page A-26 of the "MIPS IV Instruction Set" manual (revision 3.1) */
1718 /* Signal an exception condition. This will result in an exception
1719 that aborts the instruction. The instruction operation pseudocode
1720 will never see a return from this function call. */
1723 signal_exception (SIM_DESC sd,
1731 sim_io_printf(sd,"DBG: SignalException(%d) PC = 0x%s\n",exception,pr_addr(cia));
1734 /* Ensure that any active atomic read/modify/write operation will fail: */
1737 /* Save registers before interrupt dispatching */
1738 #ifdef SIM_CPU_EXCEPTION_TRIGGER
1739 SIM_CPU_EXCEPTION_TRIGGER(sd, cpu, cia);
1742 switch (exception) {
1744 case DebugBreakPoint:
1745 if (! (Debug & Debug_DM))
1751 Debug |= Debug_DBD; /* signaled from within in delay slot */
1752 DEPC = cia - 4; /* reference the branch instruction */
1756 Debug &= ~Debug_DBD; /* not signaled from within a delay slot */
1760 Debug |= Debug_DM; /* in debugging mode */
1761 Debug |= Debug_DBp; /* raising a DBp exception */
1763 sim_engine_restart (SD, CPU, NULL, NULL_CIA);
1767 case ReservedInstruction:
1770 unsigned int instruction;
1771 va_start(ap,exception);
1772 instruction = va_arg(ap,unsigned int);
1774 /* Provide simple monitor support using ReservedInstruction
1775 exceptions. The following code simulates the fixed vector
1776 entry points into the IDT monitor by causing a simulator
1777 trap, performing the monitor operation, and returning to
1778 the address held in the $ra register (standard PCS return
1779 address). This means we only need to pre-load the vector
1780 space with suitable instruction values. For systems were
1781 actual trap instructions are used, we would not need to
1782 perform this magic. */
1783 if ((instruction & RSVD_INSTRUCTION_MASK) == RSVD_INSTRUCTION)
1785 int reason = (instruction >> RSVD_INSTRUCTION_ARG_SHIFT) & RSVD_INSTRUCTION_ARG_MASK;
1786 if (!sim_monitor (SD, CPU, cia, reason))
1787 sim_io_error (sd, "sim_monitor: unhandled reason = %d, pc = 0x%s\n", reason, pr_addr (cia));
1789 /* NOTE: This assumes that a branch-and-link style
1790 instruction was used to enter the vector (which is the
1791 case with the current IDT monitor). */
1792 sim_engine_restart (SD, CPU, NULL, RA);
1794 /* Look for the mips16 entry and exit instructions, and
1795 simulate a handler for them. */
1796 else if ((cia & 1) != 0
1797 && (instruction & 0xf81f) == 0xe809
1798 && (instruction & 0x0c0) != 0x0c0)
1800 mips16_entry (SD, CPU, cia, instruction);
1801 sim_engine_restart (sd, NULL, NULL, NULL_CIA);
1803 /* else fall through to normal exception processing */
1804 sim_io_eprintf(sd,"ReservedInstruction at PC = 0x%s\n", pr_addr (cia));
1808 /* Store exception code into current exception id variable (used
1811 /* TODO: If not simulating exceptions then stop the simulator
1812 execution. At the moment we always stop the simulation. */
1814 #ifdef SUBTARGET_R3900
1815 /* update interrupt-related registers */
1817 /* insert exception code in bits 6:2 */
1818 CAUSE = LSMASKED32(CAUSE, 31, 7) | LSINSERTED32(exception, 6, 2);
1819 /* shift IE/KU history bits left */
1820 SR = LSMASKED32(SR, 31, 4) | LSINSERTED32(LSEXTRACTED32(SR, 3, 0), 5, 2);
1822 if (STATE & simDELAYSLOT)
1824 STATE &= ~simDELAYSLOT;
1826 EPC = (cia - 4); /* reference the branch instruction */
1831 if (SR & status_BEV)
1832 PC = (signed)0xBFC00000 + 0x180;
1834 PC = (signed)0x80000000 + 0x080;
1836 /* See figure 5-17 for an outline of the code below */
1837 if (! (SR & status_EXL))
1839 CAUSE = (exception << 2);
1840 if (STATE & simDELAYSLOT)
1842 STATE &= ~simDELAYSLOT;
1844 EPC = (cia - 4); /* reference the branch instruction */
1848 /* FIXME: TLB et.al. */
1849 /* vector = 0x180; */
1853 CAUSE = (exception << 2);
1854 /* vector = 0x180; */
1857 /* Store exception code into current exception id variable (used
1860 if (SR & status_BEV)
1861 PC = (signed)0xBFC00200 + 0x180;
1863 PC = (signed)0x80000000 + 0x180;
1866 switch ((CAUSE >> 2) & 0x1F)
1869 /* Interrupts arrive during event processing, no need to
1875 #ifdef SUBTARGET_3900
1876 /* Exception vector: BEV=0 BFC00000 / BEF=1 BFC00000 */
1877 PC = (signed)0xBFC00000;
1878 #endif /* SUBTARGET_3900 */
1881 case TLBModification:
1886 case InstructionFetch:
1888 /* The following is so that the simulator will continue from the
1889 exception handler address. */
1890 sim_engine_halt (SD, CPU, NULL, PC,
1891 sim_stopped, SIM_SIGBUS);
1893 case ReservedInstruction:
1894 case CoProcessorUnusable:
1896 sim_engine_halt (SD, CPU, NULL, PC,
1897 sim_stopped, SIM_SIGILL);
1899 case IntegerOverflow:
1901 sim_engine_halt (SD, CPU, NULL, PC,
1902 sim_stopped, SIM_SIGFPE);
1905 sim_engine_halt (SD, CPU, NULL, PC, sim_stopped, SIM_SIGTRAP);
1910 sim_engine_restart (SD, CPU, NULL, PC);
1915 sim_engine_halt (SD, CPU, NULL, PC,
1916 sim_stopped, SIM_SIGTRAP);
1918 default: /* Unknown internal exception */
1920 sim_engine_halt (SD, CPU, NULL, PC,
1921 sim_stopped, SIM_SIGABRT);
1925 case SimulatorFault:
1929 va_start(ap,exception);
1930 msg = va_arg(ap,char *);
1932 sim_engine_abort (SD, CPU, NULL_CIA,
1933 "FATAL: Simulator error \"%s\"\n",msg);
1942 /* This function implements what the MIPS32 and MIPS64 ISAs define as
1943 "UNPREDICTABLE" behaviour.
1945 About UNPREDICTABLE behaviour they say: "UNPREDICTABLE results
1946 may vary from processor implementation to processor implementation,
1947 instruction to instruction, or as a function of time on the same
1948 implementation or instruction. Software can never depend on results
1949 that are UNPREDICTABLE. ..." (MIPS64 Architecture for Programmers
1950 Volume II, The MIPS64 Instruction Set. MIPS Document MD00087 revision
1953 For UNPREDICTABLE behaviour, we print a message, if possible print
1954 the offending instructions mips.igen instruction name (provided by
1955 the caller), and stop the simulator.
1957 XXX FIXME: eventually, stopping the simulator should be made conditional
1958 on a command-line option. */
1960 unpredictable_action(sim_cpu *cpu, address_word cia)
1962 SIM_DESC sd = CPU_STATE(cpu);
1964 sim_io_eprintf(sd, "UNPREDICTABLE: PC = 0x%s\n", pr_addr (cia));
1965 sim_engine_halt (SD, CPU, NULL, cia, sim_stopped, SIM_SIGABRT);
1969 /*-- co-processor support routines ------------------------------------------*/
1972 CoProcPresent(unsigned int coproc_number)
1974 /* Return TRUE if simulator provides a model for the given co-processor number */
1979 cop_lw (SIM_DESC sd,
1984 unsigned int memword)
1989 if (CURRENT_FLOATING_POINT == HARD_FLOATING_POINT)
1992 printf("DBG: COP_LW: memword = 0x%08X (uword64)memword = 0x%s\n",memword,pr_addr(memword));
1994 StoreFPR(coproc_reg,fmt_uninterpreted_32,(uword64)memword);
1999 #if 0 /* this should be controlled by a configuration option */
2000 sim_io_printf(sd,"COP_LW(%d,%d,0x%08X) at PC = 0x%s : TODO (architecture specific)\n",coproc_num,coproc_reg,memword,pr_addr(cia));
2009 cop_ld (SIM_DESC sd,
2018 printf("DBG: COP_LD: coproc_num = %d, coproc_reg = %d, value = 0x%s : PC = 0x%s\n", coproc_num, coproc_reg, pr_uword64(memword), pr_addr(cia) );
2021 switch (coproc_num) {
2023 if (CURRENT_FLOATING_POINT == HARD_FLOATING_POINT)
2025 StoreFPR(coproc_reg,fmt_uninterpreted_64,memword);
2030 #if 0 /* this message should be controlled by a configuration option */
2031 sim_io_printf(sd,"COP_LD(%d,%d,0x%s) at PC = 0x%s : TODO (architecture specific)\n",coproc_num,coproc_reg,pr_addr(memword),pr_addr(cia));
2043 cop_sw (SIM_DESC sd,
2049 unsigned int value = 0;
2054 if (CURRENT_FLOATING_POINT == HARD_FLOATING_POINT)
2056 value = (unsigned int)ValueFPR(coproc_reg,fmt_uninterpreted_32);
2061 #if 0 /* should be controlled by configuration option */
2062 sim_io_printf(sd,"COP_SW(%d,%d) at PC = 0x%s : TODO (architecture specific)\n",coproc_num,coproc_reg,pr_addr(cia));
2071 cop_sd (SIM_DESC sd,
2081 if (CURRENT_FLOATING_POINT == HARD_FLOATING_POINT)
2083 value = ValueFPR(coproc_reg,fmt_uninterpreted_64);
2088 #if 0 /* should be controlled by configuration option */
2089 sim_io_printf(sd,"COP_SD(%d,%d) at PC = 0x%s : TODO (architecture specific)\n",coproc_num,coproc_reg,pr_addr(cia));
2101 decode_coproc (SIM_DESC sd,
2104 unsigned int instruction,
2113 case 0: /* standard CPU control and cache registers */
2115 /* R4000 Users Manual (second edition) lists the following CP0
2117 CODE><-RT><RD-><--TAIL--->
2118 DMFC0 Doubleword Move From CP0 (VR4100 = 01000000001tttttddddd00000000000)
2119 DMTC0 Doubleword Move To CP0 (VR4100 = 01000000101tttttddddd00000000000)
2120 MFC0 word Move From CP0 (VR4100 = 01000000000tttttddddd00000000000)
2121 MTC0 word Move To CP0 (VR4100 = 01000000100tttttddddd00000000000)
2122 TLBR Read Indexed TLB Entry (VR4100 = 01000010000000000000000000000001)
2123 TLBWI Write Indexed TLB Entry (VR4100 = 01000010000000000000000000000010)
2124 TLBWR Write Random TLB Entry (VR4100 = 01000010000000000000000000000110)
2125 TLBP Probe TLB for Matching Entry (VR4100 = 01000010000000000000000000001000)
2126 CACHE Cache operation (VR4100 = 101111bbbbbpppppiiiiiiiiiiiiiiii)
2127 ERET Exception return (VR4100 = 01000010000000000000000000011000)
2129 if (((op == cp0_mfc0) || (op == cp0_mtc0) /* MFC0 / MTC0 */
2130 || (op == cp0_dmfc0) || (op == cp0_dmtc0)) /* DMFC0 / DMTC0 */
2133 switch (rd) /* NOTEs: Standard CP0 registers */
2135 /* 0 = Index R4000 VR4100 VR4300 */
2136 /* 1 = Random R4000 VR4100 VR4300 */
2137 /* 2 = EntryLo0 R4000 VR4100 VR4300 */
2138 /* 3 = EntryLo1 R4000 VR4100 VR4300 */
2139 /* 4 = Context R4000 VR4100 VR4300 */
2140 /* 5 = PageMask R4000 VR4100 VR4300 */
2141 /* 6 = Wired R4000 VR4100 VR4300 */
2142 /* 8 = BadVAddr R4000 VR4100 VR4300 */
2143 /* 9 = Count R4000 VR4100 VR4300 */
2144 /* 10 = EntryHi R4000 VR4100 VR4300 */
2145 /* 11 = Compare R4000 VR4100 VR4300 */
2146 /* 12 = SR R4000 VR4100 VR4300 */
2147 #ifdef SUBTARGET_R3900
2149 /* 3 = Config R3900 */
2151 /* 7 = Cache R3900 */
2153 /* 15 = PRID R3900 */
2159 /* 8 = BadVAddr R4000 VR4100 VR4300 */
2160 if (op == cp0_mfc0 || op == cp0_dmfc0)
2161 GPR[rt] = (signed_word) (signed_address) COP0_BADVADDR;
2163 COP0_BADVADDR = GPR[rt];
2166 #endif /* SUBTARGET_R3900 */
2168 if (op == cp0_mfc0 || op == cp0_dmfc0)
2173 /* 13 = Cause R4000 VR4100 VR4300 */
2175 if (op == cp0_mfc0 || op == cp0_dmfc0)
2180 /* 14 = EPC R4000 VR4100 VR4300 */
2182 if (op == cp0_mfc0 || op == cp0_dmfc0)
2183 GPR[rt] = (signed_word) (signed_address) EPC;
2187 /* 15 = PRId R4000 VR4100 VR4300 */
2188 #ifdef SUBTARGET_R3900
2191 if (op == cp0_mfc0 || op == cp0_dmfc0)
2197 /* 16 = Config R4000 VR4100 VR4300 */
2199 if (op == cp0_mfc0 || op == cp0_dmfc0)
2200 GPR[rt] = C0_CONFIG;
2202 /* only bottom three bits are writable */
2203 C0_CONFIG = (C0_CONFIG & ~0x7) | (GPR[rt] & 0x7);
2206 #ifdef SUBTARGET_R3900
2209 if (op == cp0_mfc0 || op == cp0_dmfc0)
2215 /* 17 = LLAddr R4000 VR4100 VR4300 */
2217 /* 18 = WatchLo R4000 VR4100 VR4300 */
2218 /* 19 = WatchHi R4000 VR4100 VR4300 */
2219 /* 20 = XContext R4000 VR4100 VR4300 */
2220 /* 26 = PErr or ECC R4000 VR4100 VR4300 */
2221 /* 27 = CacheErr R4000 VR4100 */
2222 /* 28 = TagLo R4000 VR4100 VR4300 */
2223 /* 29 = TagHi R4000 VR4100 VR4300 */
2224 /* 30 = ErrorEPC R4000 VR4100 VR4300 */
2225 if (STATE_VERBOSE_P(SD))
2227 "Warning: PC 0x%lx:interp.c decode_coproc DEADC0DE\n",
2228 (unsigned long)cia);
2229 GPR[rt] = 0xDEADC0DE; /* CPR[0,rd] */
2230 /* CPR[0,rd] = GPR[rt]; */
2232 if (op == cp0_mfc0 || op == cp0_dmfc0)
2233 GPR[rt] = (signed_word) (signed32) COP0_GPR[rd];
2235 COP0_GPR[rd] = GPR[rt];
2238 sim_io_printf(sd,"Warning: MFC0 %d,%d ignored, PC=%08x (architecture specific)\n",rt,rd, (unsigned)cia);
2240 sim_io_printf(sd,"Warning: MTC0 %d,%d ignored, PC=%08x (architecture specific)\n",rt,rd, (unsigned)cia);
2244 else if ((op == cp0_mfc0 || op == cp0_dmfc0)
2247 /* [D]MFC0 RT,C0_CONFIG,SEL */
2255 /* MIPS32 r/o Config1:
2258 /* MIPS16 implemented.
2259 XXX How to check configuration? */
2261 if (CURRENT_FLOATING_POINT == HARD_FLOATING_POINT)
2262 /* MDMX & FPU implemented */
2266 /* MIPS32 r/o Config2:
2271 /* MIPS32 r/o Config3:
2272 SmartMIPS implemented. */
2278 else if (op == cp0_eret && sel == 0x18)
2281 if (SR & status_ERL)
2283 /* Oops, not yet available */
2284 sim_io_printf(sd,"Warning: ERET when SR[ERL] set not handled yet");
2294 else if (op == cp0_rfe && sel == 0x10)
2297 #ifdef SUBTARGET_R3900
2298 /* TX39: Copy IEp/KUp -> IEc/KUc, and IEo/KUo -> IEp/KUp */
2300 /* shift IE/KU history bits right */
2301 SR = LSMASKED32(SR, 31, 4) | LSINSERTED32(LSEXTRACTED32(SR, 5, 2), 3, 0);
2303 /* TODO: CACHE register */
2304 #endif /* SUBTARGET_R3900 */
2306 else if (op == cp0_deret && sel == 0x1F)
2314 sim_io_eprintf(sd,"Unrecognised COP0 instruction 0x%08X at PC = 0x%s : No handler present\n",instruction,pr_addr(cia));
2315 /* TODO: When executing an ERET or RFE instruction we should
2316 clear LLBIT, to ensure that any out-standing atomic
2317 read/modify/write sequence fails. */
2321 case 2: /* co-processor 2 */
2328 sim_io_eprintf(sd, "COP2 instruction 0x%08X at PC = 0x%s : No handler present\n",
2329 instruction,pr_addr(cia));
2334 case 1: /* should not occur (FPU co-processor) */
2335 case 3: /* should not occur (FPU co-processor) */
2336 SignalException(ReservedInstruction,instruction);
2344 /* This code copied from gdb's utils.c. Would like to share this code,
2345 but don't know of a common place where both could get to it. */
2347 /* Temporary storage using circular buffer */
2353 static char buf[NUMCELLS][CELLSIZE];
2355 if (++cell>=NUMCELLS) cell=0;
2359 /* Print routines to handle variable size regs, etc */
2361 /* Eliminate warning from compiler on 32-bit systems */
2362 static int thirty_two = 32;
2365 pr_addr (SIM_ADDR addr)
2367 char *paddr_str=get_cell();
2368 switch (sizeof(addr))
2371 sprintf(paddr_str,"%08lx%08lx",
2372 (unsigned long)(addr>>thirty_two),(unsigned long)(addr&0xffffffff));
2375 sprintf(paddr_str,"%08lx",(unsigned long)addr);
2378 sprintf(paddr_str,"%04x",(unsigned short)(addr&0xffff));
2381 sprintf(paddr_str,"%x",addr);
2387 pr_uword64 (uword64 addr)
2389 char *paddr_str=get_cell();
2390 sprintf(paddr_str,"%08lx%08lx",
2391 (unsigned long)(addr>>thirty_two),(unsigned long)(addr&0xffffffff));
2397 mips_core_signal (SIM_DESC sd,
2403 transfer_type transfer,
2404 sim_core_signals sig)
2406 const char *copy = (transfer == read_transfer ? "read" : "write");
2407 address_word ip = CIA_ADDR (cia);
2411 case sim_core_unmapped_signal:
2412 sim_io_eprintf (sd, "mips-core: %d byte %s to unmapped address 0x%lx at 0x%lx\n",
2414 (unsigned long) addr, (unsigned long) ip);
2415 COP0_BADVADDR = addr;
2416 SignalExceptionDataReference();
2419 case sim_core_unaligned_signal:
2420 sim_io_eprintf (sd, "mips-core: %d byte %s to unaligned address 0x%lx at 0x%lx\n",
2422 (unsigned long) addr, (unsigned long) ip);
2423 COP0_BADVADDR = addr;
2424 if(transfer == read_transfer)
2425 SignalExceptionAddressLoad();
2427 SignalExceptionAddressStore();
2431 sim_engine_abort (sd, cpu, cia,
2432 "mips_core_signal - internal error - bad switch");
2438 mips_cpu_exception_trigger(SIM_DESC sd, sim_cpu* cpu, address_word cia)
2440 ASSERT(cpu != NULL);
2442 if(cpu->exc_suspended > 0)
2443 sim_io_eprintf(sd, "Warning, nested exception triggered (%d)\n", cpu->exc_suspended);
2446 memcpy(cpu->exc_trigger_registers, cpu->registers, sizeof(cpu->exc_trigger_registers));
2447 cpu->exc_suspended = 0;
2451 mips_cpu_exception_suspend(SIM_DESC sd, sim_cpu* cpu, int exception)
2453 ASSERT(cpu != NULL);
2455 if(cpu->exc_suspended > 0)
2456 sim_io_eprintf(sd, "Warning, nested exception signal (%d then %d)\n",
2457 cpu->exc_suspended, exception);
2459 memcpy(cpu->exc_suspend_registers, cpu->registers, sizeof(cpu->exc_suspend_registers));
2460 memcpy(cpu->registers, cpu->exc_trigger_registers, sizeof(cpu->registers));
2461 cpu->exc_suspended = exception;
2465 mips_cpu_exception_resume(SIM_DESC sd, sim_cpu* cpu, int exception)
2467 ASSERT(cpu != NULL);
2469 if(exception == 0 && cpu->exc_suspended > 0)
2471 /* warn not for breakpoints */
2472 if(cpu->exc_suspended != sim_signal_to_host(sd, SIM_SIGTRAP))
2473 sim_io_eprintf(sd, "Warning, resuming but ignoring pending exception signal (%d)\n",
2474 cpu->exc_suspended);
2476 else if(exception != 0 && cpu->exc_suspended > 0)
2478 if(exception != cpu->exc_suspended)
2479 sim_io_eprintf(sd, "Warning, resuming with mismatched exception signal (%d vs %d)\n",
2480 cpu->exc_suspended, exception);
2482 memcpy(cpu->registers, cpu->exc_suspend_registers, sizeof(cpu->registers));
2484 else if(exception != 0 && cpu->exc_suspended == 0)
2486 sim_io_eprintf(sd, "Warning, ignoring spontanous exception signal (%d)\n", exception);
2488 cpu->exc_suspended = 0;
2492 /*---------------------------------------------------------------------------*/
2493 /*> EOF interp.c <*/
projects / external / binutils.git / blob