8 #include "qemu-common.h"
9 #include "host-utils.h"
10 #if !defined(CONFIG_USER_ONLY)
11 #include "hw/loader.h"
14 static uint32_t cortexa9_cp15_c0_c1[8] =
15 { 0x1031, 0x11, 0x000, 0, 0x00100103, 0x20000000, 0x01230000, 0x00002111 };
17 static uint32_t cortexa9_cp15_c0_c2[8] =
18 { 0x00101111, 0x13112111, 0x21232041, 0x11112131, 0x00111142, 0, 0, 0 };
20 static uint32_t cortexa8_cp15_c0_c1[8] =
21 { 0x1031, 0x11, 0x400, 0, 0x31100003, 0x20000000, 0x01202000, 0x11 };
23 static uint32_t cortexa8_cp15_c0_c2[8] =
24 { 0x00101111, 0x12112111, 0x21232031, 0x11112131, 0x00111142, 0, 0, 0 };
26 static uint32_t mpcore_cp15_c0_c1[8] =
27 { 0x111, 0x1, 0, 0x2, 0x01100103, 0x10020302, 0x01222000, 0 };
29 static uint32_t mpcore_cp15_c0_c2[8] =
30 { 0x00100011, 0x12002111, 0x11221011, 0x01102131, 0x141, 0, 0, 0 };
32 static uint32_t arm1136_cp15_c0_c1[8] =
33 { 0x111, 0x1, 0x2, 0x3, 0x01130003, 0x10030302, 0x01222110, 0 };
35 static uint32_t arm1136_cp15_c0_c2[8] =
36 { 0x00140011, 0x12002111, 0x11231111, 0x01102131, 0x141, 0, 0, 0 };
38 static uint32_t cpu_arm_find_by_name(const char *name);
40 static inline void set_feature(CPUARMState *env, int feature)
42 env->features |= 1u << feature;
45 static void cpu_reset_model_id(CPUARMState *env, uint32_t id)
47 env->cp15.c0_cpuid = id;
49 case ARM_CPUID_ARM926:
50 set_feature(env, ARM_FEATURE_V4T);
51 set_feature(env, ARM_FEATURE_V5);
52 set_feature(env, ARM_FEATURE_VFP);
53 env->vfp.xregs[ARM_VFP_FPSID] = 0x41011090;
54 env->cp15.c0_cachetype = 0x1dd20d2;
55 env->cp15.c1_sys = 0x00090078;
57 case ARM_CPUID_ARM946:
58 set_feature(env, ARM_FEATURE_V4T);
59 set_feature(env, ARM_FEATURE_V5);
60 set_feature(env, ARM_FEATURE_MPU);
61 env->cp15.c0_cachetype = 0x0f004006;
62 env->cp15.c1_sys = 0x00000078;
64 case ARM_CPUID_ARM1026:
65 set_feature(env, ARM_FEATURE_V4T);
66 set_feature(env, ARM_FEATURE_V5);
67 set_feature(env, ARM_FEATURE_VFP);
68 set_feature(env, ARM_FEATURE_AUXCR);
69 env->vfp.xregs[ARM_VFP_FPSID] = 0x410110a0;
70 env->cp15.c0_cachetype = 0x1dd20d2;
71 env->cp15.c1_sys = 0x00090078;
73 case ARM_CPUID_ARM1136_R2:
74 case ARM_CPUID_ARM1136:
75 set_feature(env, ARM_FEATURE_V4T);
76 set_feature(env, ARM_FEATURE_V5);
77 set_feature(env, ARM_FEATURE_V6);
78 set_feature(env, ARM_FEATURE_VFP);
79 set_feature(env, ARM_FEATURE_AUXCR);
80 env->vfp.xregs[ARM_VFP_FPSID] = 0x410120b4;
81 env->vfp.xregs[ARM_VFP_MVFR0] = 0x11111111;
82 env->vfp.xregs[ARM_VFP_MVFR1] = 0x00000000;
83 memcpy(env->cp15.c0_c1, arm1136_cp15_c0_c1, 8 * sizeof(uint32_t));
84 memcpy(env->cp15.c0_c2, arm1136_cp15_c0_c2, 8 * sizeof(uint32_t));
85 env->cp15.c0_cachetype = 0x1dd20d2;
86 env->cp15.c1_sys = 0x00050078;
88 case ARM_CPUID_ARM11MPCORE:
89 set_feature(env, ARM_FEATURE_V4T);
90 set_feature(env, ARM_FEATURE_V5);
91 set_feature(env, ARM_FEATURE_V6);
92 set_feature(env, ARM_FEATURE_V6K);
93 set_feature(env, ARM_FEATURE_VFP);
94 set_feature(env, ARM_FEATURE_AUXCR);
95 env->vfp.xregs[ARM_VFP_FPSID] = 0x410120b4;
96 env->vfp.xregs[ARM_VFP_MVFR0] = 0x11111111;
97 env->vfp.xregs[ARM_VFP_MVFR1] = 0x00000000;
98 memcpy(env->cp15.c0_c1, mpcore_cp15_c0_c1, 8 * sizeof(uint32_t));
99 memcpy(env->cp15.c0_c2, mpcore_cp15_c0_c2, 8 * sizeof(uint32_t));
100 env->cp15.c0_cachetype = 0x1dd20d2;
102 case ARM_CPUID_CORTEXA8:
103 set_feature(env, ARM_FEATURE_V4T);
104 set_feature(env, ARM_FEATURE_V5);
105 set_feature(env, ARM_FEATURE_V6);
106 set_feature(env, ARM_FEATURE_V6K);
107 set_feature(env, ARM_FEATURE_V7);
108 set_feature(env, ARM_FEATURE_AUXCR);
109 set_feature(env, ARM_FEATURE_THUMB2);
110 set_feature(env, ARM_FEATURE_VFP);
111 set_feature(env, ARM_FEATURE_VFP3);
112 set_feature(env, ARM_FEATURE_NEON);
113 set_feature(env, ARM_FEATURE_THUMB2EE);
114 env->vfp.xregs[ARM_VFP_FPSID] = 0x410330c0;
115 env->vfp.xregs[ARM_VFP_MVFR0] = 0x11110222;
116 env->vfp.xregs[ARM_VFP_MVFR1] = 0x00011100;
117 memcpy(env->cp15.c0_c1, cortexa8_cp15_c0_c1, 8 * sizeof(uint32_t));
118 memcpy(env->cp15.c0_c2, cortexa8_cp15_c0_c2, 8 * sizeof(uint32_t));
119 env->cp15.c0_cachetype = 0x82048004;
120 env->cp15.c0_clid = (1 << 27) | (2 << 24) | 3;
121 env->cp15.c0_ccsid[0] = 0xe007e01a; /* 16k L1 dcache. */
122 env->cp15.c0_ccsid[1] = 0x2007e01a; /* 16k L1 icache. */
123 env->cp15.c0_ccsid[2] = 0xf0000000; /* No L2 icache. */
124 env->cp15.c1_sys = 0x00c50078;
126 case ARM_CPUID_CORTEXA9:
127 set_feature(env, ARM_FEATURE_V4T);
128 set_feature(env, ARM_FEATURE_V5);
129 set_feature(env, ARM_FEATURE_V6);
130 set_feature(env, ARM_FEATURE_V6K);
131 set_feature(env, ARM_FEATURE_V7);
132 set_feature(env, ARM_FEATURE_AUXCR);
133 set_feature(env, ARM_FEATURE_THUMB2);
134 set_feature(env, ARM_FEATURE_VFP);
135 set_feature(env, ARM_FEATURE_VFP3);
136 set_feature(env, ARM_FEATURE_VFP_FP16);
137 set_feature(env, ARM_FEATURE_NEON);
138 set_feature(env, ARM_FEATURE_THUMB2EE);
139 /* Note that A9 supports the MP extensions even for
140 * A9UP and single-core A9MP (which are both different
141 * and valid configurations; we don't model A9UP).
143 set_feature(env, ARM_FEATURE_V7MP);
144 env->vfp.xregs[ARM_VFP_FPSID] = 0x41034000; /* Guess */
145 env->vfp.xregs[ARM_VFP_MVFR0] = 0x11110222;
146 env->vfp.xregs[ARM_VFP_MVFR1] = 0x01111111;
147 memcpy(env->cp15.c0_c1, cortexa9_cp15_c0_c1, 8 * sizeof(uint32_t));
148 memcpy(env->cp15.c0_c2, cortexa9_cp15_c0_c2, 8 * sizeof(uint32_t));
149 env->cp15.c0_cachetype = 0x80038003;
150 env->cp15.c0_clid = (1 << 27) | (1 << 24) | 3;
151 env->cp15.c0_ccsid[0] = 0xe00fe015; /* 16k L1 dcache. */
152 env->cp15.c0_ccsid[1] = 0x200fe015; /* 16k L1 icache. */
153 env->cp15.c1_sys = 0x00c50078;
155 case ARM_CPUID_CORTEXM3:
156 set_feature(env, ARM_FEATURE_V4T);
157 set_feature(env, ARM_FEATURE_V5);
158 set_feature(env, ARM_FEATURE_V6);
159 set_feature(env, ARM_FEATURE_THUMB2);
160 set_feature(env, ARM_FEATURE_V7);
161 set_feature(env, ARM_FEATURE_M);
162 set_feature(env, ARM_FEATURE_DIV);
164 case ARM_CPUID_ANY: /* For userspace emulation. */
165 set_feature(env, ARM_FEATURE_V4T);
166 set_feature(env, ARM_FEATURE_V5);
167 set_feature(env, ARM_FEATURE_V6);
168 set_feature(env, ARM_FEATURE_V6K);
169 set_feature(env, ARM_FEATURE_V7);
170 set_feature(env, ARM_FEATURE_THUMB2);
171 set_feature(env, ARM_FEATURE_VFP);
172 set_feature(env, ARM_FEATURE_VFP3);
173 set_feature(env, ARM_FEATURE_VFP_FP16);
174 set_feature(env, ARM_FEATURE_NEON);
175 set_feature(env, ARM_FEATURE_THUMB2EE);
176 set_feature(env, ARM_FEATURE_DIV);
177 set_feature(env, ARM_FEATURE_V7MP);
179 case ARM_CPUID_TI915T:
180 case ARM_CPUID_TI925T:
181 set_feature(env, ARM_FEATURE_V4T);
182 set_feature(env, ARM_FEATURE_OMAPCP);
183 env->cp15.c0_cpuid = ARM_CPUID_TI925T; /* Depends on wiring. */
184 env->cp15.c0_cachetype = 0x5109149;
185 env->cp15.c1_sys = 0x00000070;
186 env->cp15.c15_i_max = 0x000;
187 env->cp15.c15_i_min = 0xff0;
189 case ARM_CPUID_PXA250:
190 case ARM_CPUID_PXA255:
191 case ARM_CPUID_PXA260:
192 case ARM_CPUID_PXA261:
193 case ARM_CPUID_PXA262:
194 set_feature(env, ARM_FEATURE_V4T);
195 set_feature(env, ARM_FEATURE_V5);
196 set_feature(env, ARM_FEATURE_XSCALE);
197 /* JTAG_ID is ((id << 28) | 0x09265013) */
198 env->cp15.c0_cachetype = 0xd172172;
199 env->cp15.c1_sys = 0x00000078;
201 case ARM_CPUID_PXA270_A0:
202 case ARM_CPUID_PXA270_A1:
203 case ARM_CPUID_PXA270_B0:
204 case ARM_CPUID_PXA270_B1:
205 case ARM_CPUID_PXA270_C0:
206 case ARM_CPUID_PXA270_C5:
207 set_feature(env, ARM_FEATURE_V4T);
208 set_feature(env, ARM_FEATURE_V5);
209 set_feature(env, ARM_FEATURE_XSCALE);
210 /* JTAG_ID is ((id << 28) | 0x09265013) */
211 set_feature(env, ARM_FEATURE_IWMMXT);
212 env->iwmmxt.cregs[ARM_IWMMXT_wCID] = 0x69051000 | 'Q';
213 env->cp15.c0_cachetype = 0xd172172;
214 env->cp15.c1_sys = 0x00000078;
216 case ARM_CPUID_SA1100:
217 case ARM_CPUID_SA1110:
218 set_feature(env, ARM_FEATURE_STRONGARM);
219 env->cp15.c1_sys = 0x00000070;
222 cpu_abort(env, "Bad CPU ID: %x\n", id);
227 void cpu_reset(CPUARMState *env)
231 if (qemu_loglevel_mask(CPU_LOG_RESET)) {
232 qemu_log("CPU Reset (CPU %d)\n", env->cpu_index);
233 log_cpu_state(env, 0);
236 id = env->cp15.c0_cpuid;
237 memset(env, 0, offsetof(CPUARMState, breakpoints));
239 cpu_reset_model_id(env, id);
240 #if defined (CONFIG_USER_ONLY)
241 env->uncached_cpsr = ARM_CPU_MODE_USR;
242 /* For user mode we must enable access to coprocessors */
243 env->vfp.xregs[ARM_VFP_FPEXC] = 1 << 30;
244 if (arm_feature(env, ARM_FEATURE_IWMMXT)) {
245 env->cp15.c15_cpar = 3;
246 } else if (arm_feature(env, ARM_FEATURE_XSCALE)) {
247 env->cp15.c15_cpar = 1;
250 /* SVC mode with interrupts disabled. */
251 env->uncached_cpsr = ARM_CPU_MODE_SVC | CPSR_A | CPSR_F | CPSR_I;
252 /* On ARMv7-M the CPSR_I is the value of the PRIMASK register, and is
253 clear at reset. Initial SP and PC are loaded from ROM. */
257 env->uncached_cpsr &= ~CPSR_I;
260 /* We should really use ldl_phys here, in case the guest
261 modified flash and reset itself. However images
262 loaded via -kenrel have not been copied yet, so load the
263 values directly from there. */
264 env->regs[13] = ldl_p(rom);
267 env->regs[15] = pc & ~1;
270 env->vfp.xregs[ARM_VFP_FPEXC] = 0;
271 env->cp15.c2_base_mask = 0xffffc000u;
272 /* v7 performance monitor control register: same implementor
273 * field as main ID register, and we implement no event counters.
275 env->cp15.c9_pmcr = (id & 0xff000000);
277 set_flush_to_zero(1, &env->vfp.standard_fp_status);
278 set_flush_inputs_to_zero(1, &env->vfp.standard_fp_status);
279 set_default_nan_mode(1, &env->vfp.standard_fp_status);
280 set_float_detect_tininess(float_tininess_before_rounding,
281 &env->vfp.fp_status);
282 set_float_detect_tininess(float_tininess_before_rounding,
283 &env->vfp.standard_fp_status);
287 static int vfp_gdb_get_reg(CPUState *env, uint8_t *buf, int reg)
291 /* VFP data registers are always little-endian. */
292 nregs = arm_feature(env, ARM_FEATURE_VFP3) ? 32 : 16;
294 stfq_le_p(buf, env->vfp.regs[reg]);
297 if (arm_feature(env, ARM_FEATURE_NEON)) {
298 /* Aliases for Q regs. */
301 stfq_le_p(buf, env->vfp.regs[(reg - 32) * 2]);
302 stfq_le_p(buf + 8, env->vfp.regs[(reg - 32) * 2 + 1]);
306 switch (reg - nregs) {
307 case 0: stl_p(buf, env->vfp.xregs[ARM_VFP_FPSID]); return 4;
308 case 1: stl_p(buf, env->vfp.xregs[ARM_VFP_FPSCR]); return 4;
309 case 2: stl_p(buf, env->vfp.xregs[ARM_VFP_FPEXC]); return 4;
314 static int vfp_gdb_set_reg(CPUState *env, uint8_t *buf, int reg)
318 nregs = arm_feature(env, ARM_FEATURE_VFP3) ? 32 : 16;
320 env->vfp.regs[reg] = ldfq_le_p(buf);
323 if (arm_feature(env, ARM_FEATURE_NEON)) {
326 env->vfp.regs[(reg - 32) * 2] = ldfq_le_p(buf);
327 env->vfp.regs[(reg - 32) * 2 + 1] = ldfq_le_p(buf + 8);
331 switch (reg - nregs) {
332 case 0: env->vfp.xregs[ARM_VFP_FPSID] = ldl_p(buf); return 4;
333 case 1: env->vfp.xregs[ARM_VFP_FPSCR] = ldl_p(buf); return 4;
334 case 2: env->vfp.xregs[ARM_VFP_FPEXC] = ldl_p(buf) & (1 << 30); return 4;
339 CPUARMState *cpu_arm_init(const char *cpu_model)
343 static int inited = 0;
345 id = cpu_arm_find_by_name(cpu_model);
348 env = qemu_mallocz(sizeof(CPUARMState));
352 arm_translate_init();
355 env->cpu_model_str = cpu_model;
356 env->cp15.c0_cpuid = id;
358 if (arm_feature(env, ARM_FEATURE_NEON)) {
359 gdb_register_coprocessor(env, vfp_gdb_get_reg, vfp_gdb_set_reg,
360 51, "arm-neon.xml", 0);
361 } else if (arm_feature(env, ARM_FEATURE_VFP3)) {
362 gdb_register_coprocessor(env, vfp_gdb_get_reg, vfp_gdb_set_reg,
363 35, "arm-vfp3.xml", 0);
364 } else if (arm_feature(env, ARM_FEATURE_VFP)) {
365 gdb_register_coprocessor(env, vfp_gdb_get_reg, vfp_gdb_set_reg,
366 19, "arm-vfp.xml", 0);
377 static const struct arm_cpu_t arm_cpu_names[] = {
378 { ARM_CPUID_ARM926, "arm926"},
379 { ARM_CPUID_ARM946, "arm946"},
380 { ARM_CPUID_ARM1026, "arm1026"},
381 { ARM_CPUID_ARM1136, "arm1136"},
382 { ARM_CPUID_ARM1136_R2, "arm1136-r2"},
383 { ARM_CPUID_ARM11MPCORE, "arm11mpcore"},
384 { ARM_CPUID_CORTEXM3, "cortex-m3"},
385 { ARM_CPUID_CORTEXA8, "cortex-a8"},
386 { ARM_CPUID_CORTEXA9, "cortex-a9"},
387 { ARM_CPUID_TI925T, "ti925t" },
388 { ARM_CPUID_PXA250, "pxa250" },
389 { ARM_CPUID_SA1100, "sa1100" },
390 { ARM_CPUID_SA1110, "sa1110" },
391 { ARM_CPUID_PXA255, "pxa255" },
392 { ARM_CPUID_PXA260, "pxa260" },
393 { ARM_CPUID_PXA261, "pxa261" },
394 { ARM_CPUID_PXA262, "pxa262" },
395 { ARM_CPUID_PXA270, "pxa270" },
396 { ARM_CPUID_PXA270_A0, "pxa270-a0" },
397 { ARM_CPUID_PXA270_A1, "pxa270-a1" },
398 { ARM_CPUID_PXA270_B0, "pxa270-b0" },
399 { ARM_CPUID_PXA270_B1, "pxa270-b1" },
400 { ARM_CPUID_PXA270_C0, "pxa270-c0" },
401 { ARM_CPUID_PXA270_C5, "pxa270-c5" },
402 { ARM_CPUID_ANY, "any"},
406 void arm_cpu_list(FILE *f, fprintf_function cpu_fprintf)
410 (*cpu_fprintf)(f, "Available CPUs:\n");
411 for (i = 0; arm_cpu_names[i].name; i++) {
412 (*cpu_fprintf)(f, " %s\n", arm_cpu_names[i].name);
416 /* return 0 if not found */
417 static uint32_t cpu_arm_find_by_name(const char *name)
423 for (i = 0; arm_cpu_names[i].name; i++) {
424 if (strcmp(name, arm_cpu_names[i].name) == 0) {
425 id = arm_cpu_names[i].id;
432 void cpu_arm_close(CPUARMState *env)
437 uint32_t cpsr_read(CPUARMState *env)
441 return env->uncached_cpsr | (env->NF & 0x80000000) | (ZF << 30) |
442 (env->CF << 29) | ((env->VF & 0x80000000) >> 3) | (env->QF << 27)
443 | (env->thumb << 5) | ((env->condexec_bits & 3) << 25)
444 | ((env->condexec_bits & 0xfc) << 8)
448 void cpsr_write(CPUARMState *env, uint32_t val, uint32_t mask)
450 if (mask & CPSR_NZCV) {
451 env->ZF = (~val) & CPSR_Z;
453 env->CF = (val >> 29) & 1;
454 env->VF = (val << 3) & 0x80000000;
457 env->QF = ((val & CPSR_Q) != 0);
459 env->thumb = ((val & CPSR_T) != 0);
460 if (mask & CPSR_IT_0_1) {
461 env->condexec_bits &= ~3;
462 env->condexec_bits |= (val >> 25) & 3;
464 if (mask & CPSR_IT_2_7) {
465 env->condexec_bits &= 3;
466 env->condexec_bits |= (val >> 8) & 0xfc;
468 if (mask & CPSR_GE) {
469 env->GE = (val >> 16) & 0xf;
472 if ((env->uncached_cpsr ^ val) & mask & CPSR_M) {
473 switch_mode(env, val & CPSR_M);
475 mask &= ~CACHED_CPSR_BITS;
476 env->uncached_cpsr = (env->uncached_cpsr & ~mask) | (val & mask);
479 /* Sign/zero extend */
480 uint32_t HELPER(sxtb16)(uint32_t x)
483 res = (uint16_t)(int8_t)x;
484 res |= (uint32_t)(int8_t)(x >> 16) << 16;
488 uint32_t HELPER(uxtb16)(uint32_t x)
491 res = (uint16_t)(uint8_t)x;
492 res |= (uint32_t)(uint8_t)(x >> 16) << 16;
496 uint32_t HELPER(clz)(uint32_t x)
501 int32_t HELPER(sdiv)(int32_t num, int32_t den)
505 if (num == INT_MIN && den == -1)
510 uint32_t HELPER(udiv)(uint32_t num, uint32_t den)
517 uint32_t HELPER(rbit)(uint32_t x)
519 x = ((x & 0xff000000) >> 24)
520 | ((x & 0x00ff0000) >> 8)
521 | ((x & 0x0000ff00) << 8)
522 | ((x & 0x000000ff) << 24);
523 x = ((x & 0xf0f0f0f0) >> 4)
524 | ((x & 0x0f0f0f0f) << 4);
525 x = ((x & 0x88888888) >> 3)
526 | ((x & 0x44444444) >> 1)
527 | ((x & 0x22222222) << 1)
528 | ((x & 0x11111111) << 3);
532 uint32_t HELPER(abs)(uint32_t x)
534 return ((int32_t)x < 0) ? -x : x;
537 #if defined(CONFIG_USER_ONLY)
539 void do_interrupt (CPUState *env)
541 env->exception_index = -1;
544 int cpu_arm_handle_mmu_fault (CPUState *env, target_ulong address, int rw,
545 int mmu_idx, int is_softmmu)
548 env->exception_index = EXCP_PREFETCH_ABORT;
549 env->cp15.c6_insn = address;
551 env->exception_index = EXCP_DATA_ABORT;
552 env->cp15.c6_data = address;
557 /* These should probably raise undefined insn exceptions. */
558 void HELPER(set_cp)(CPUState *env, uint32_t insn, uint32_t val)
560 int op1 = (insn >> 8) & 0xf;
561 cpu_abort(env, "cp%i insn %08x\n", op1, insn);
565 uint32_t HELPER(get_cp)(CPUState *env, uint32_t insn)
567 int op1 = (insn >> 8) & 0xf;
568 cpu_abort(env, "cp%i insn %08x\n", op1, insn);
572 void HELPER(set_cp15)(CPUState *env, uint32_t insn, uint32_t val)
574 cpu_abort(env, "cp15 insn %08x\n", insn);
577 uint32_t HELPER(get_cp15)(CPUState *env, uint32_t insn)
579 cpu_abort(env, "cp15 insn %08x\n", insn);
582 /* These should probably raise undefined insn exceptions. */
583 void HELPER(v7m_msr)(CPUState *env, uint32_t reg, uint32_t val)
585 cpu_abort(env, "v7m_mrs %d\n", reg);
588 uint32_t HELPER(v7m_mrs)(CPUState *env, uint32_t reg)
590 cpu_abort(env, "v7m_mrs %d\n", reg);
594 void switch_mode(CPUState *env, int mode)
596 if (mode != ARM_CPU_MODE_USR)
597 cpu_abort(env, "Tried to switch out of user mode\n");
600 void HELPER(set_r13_banked)(CPUState *env, uint32_t mode, uint32_t val)
602 cpu_abort(env, "banked r13 write\n");
605 uint32_t HELPER(get_r13_banked)(CPUState *env, uint32_t mode)
607 cpu_abort(env, "banked r13 read\n");
613 extern int semihosting_enabled;
615 /* Map CPU modes onto saved register banks. */
616 static inline int bank_number (int mode)
619 case ARM_CPU_MODE_USR:
620 case ARM_CPU_MODE_SYS:
622 case ARM_CPU_MODE_SVC:
624 case ARM_CPU_MODE_ABT:
626 case ARM_CPU_MODE_UND:
628 case ARM_CPU_MODE_IRQ:
630 case ARM_CPU_MODE_FIQ:
633 cpu_abort(cpu_single_env, "Bad mode %x\n", mode);
637 void switch_mode(CPUState *env, int mode)
642 old_mode = env->uncached_cpsr & CPSR_M;
643 if (mode == old_mode)
646 if (old_mode == ARM_CPU_MODE_FIQ) {
647 memcpy (env->fiq_regs, env->regs + 8, 5 * sizeof(uint32_t));
648 memcpy (env->regs + 8, env->usr_regs, 5 * sizeof(uint32_t));
649 } else if (mode == ARM_CPU_MODE_FIQ) {
650 memcpy (env->usr_regs, env->regs + 8, 5 * sizeof(uint32_t));
651 memcpy (env->regs + 8, env->fiq_regs, 5 * sizeof(uint32_t));
654 i = bank_number(old_mode);
655 env->banked_r13[i] = env->regs[13];
656 env->banked_r14[i] = env->regs[14];
657 env->banked_spsr[i] = env->spsr;
659 i = bank_number(mode);
660 env->regs[13] = env->banked_r13[i];
661 env->regs[14] = env->banked_r14[i];
662 env->spsr = env->banked_spsr[i];
665 static void v7m_push(CPUARMState *env, uint32_t val)
668 stl_phys(env->regs[13], val);
671 static uint32_t v7m_pop(CPUARMState *env)
674 val = ldl_phys(env->regs[13]);
679 /* Switch to V7M main or process stack pointer. */
680 static void switch_v7m_sp(CPUARMState *env, int process)
683 if (env->v7m.current_sp != process) {
684 tmp = env->v7m.other_sp;
685 env->v7m.other_sp = env->regs[13];
687 env->v7m.current_sp = process;
691 static void do_v7m_exception_exit(CPUARMState *env)
696 type = env->regs[15];
697 if (env->v7m.exception != 0)
698 armv7m_nvic_complete_irq(env->nvic, env->v7m.exception);
700 /* Switch to the target stack. */
701 switch_v7m_sp(env, (type & 4) != 0);
703 env->regs[0] = v7m_pop(env);
704 env->regs[1] = v7m_pop(env);
705 env->regs[2] = v7m_pop(env);
706 env->regs[3] = v7m_pop(env);
707 env->regs[12] = v7m_pop(env);
708 env->regs[14] = v7m_pop(env);
709 env->regs[15] = v7m_pop(env);
711 xpsr_write(env, xpsr, 0xfffffdff);
712 /* Undo stack alignment. */
715 /* ??? The exception return type specifies Thread/Handler mode. However
716 this is also implied by the xPSR value. Not sure what to do
717 if there is a mismatch. */
718 /* ??? Likewise for mismatches between the CONTROL register and the stack
722 static void do_interrupt_v7m(CPUARMState *env)
724 uint32_t xpsr = xpsr_read(env);
729 if (env->v7m.current_sp)
731 if (env->v7m.exception == 0)
734 /* For exceptions we just mark as pending on the NVIC, and let that
736 /* TODO: Need to escalate if the current priority is higher than the
737 one we're raising. */
738 switch (env->exception_index) {
740 armv7m_nvic_set_pending(env->nvic, ARMV7M_EXCP_USAGE);
744 armv7m_nvic_set_pending(env->nvic, ARMV7M_EXCP_SVC);
746 case EXCP_PREFETCH_ABORT:
747 case EXCP_DATA_ABORT:
748 armv7m_nvic_set_pending(env->nvic, ARMV7M_EXCP_MEM);
751 if (semihosting_enabled) {
753 nr = lduw_code(env->regs[15]) & 0xff;
756 env->regs[0] = do_arm_semihosting(env);
760 armv7m_nvic_set_pending(env->nvic, ARMV7M_EXCP_DEBUG);
763 env->v7m.exception = armv7m_nvic_acknowledge_irq(env->nvic);
765 case EXCP_EXCEPTION_EXIT:
766 do_v7m_exception_exit(env);
769 cpu_abort(env, "Unhandled exception 0x%x\n", env->exception_index);
770 return; /* Never happens. Keep compiler happy. */
773 /* Align stack pointer. */
774 /* ??? Should only do this if Configuration Control Register
775 STACKALIGN bit is set. */
776 if (env->regs[13] & 4) {
780 /* Switch to the handler mode. */
782 v7m_push(env, env->regs[15]);
783 v7m_push(env, env->regs[14]);
784 v7m_push(env, env->regs[12]);
785 v7m_push(env, env->regs[3]);
786 v7m_push(env, env->regs[2]);
787 v7m_push(env, env->regs[1]);
788 v7m_push(env, env->regs[0]);
789 switch_v7m_sp(env, 0);
790 env->uncached_cpsr &= ~CPSR_IT;
792 addr = ldl_phys(env->v7m.vecbase + env->v7m.exception * 4);
793 env->regs[15] = addr & 0xfffffffe;
794 env->thumb = addr & 1;
797 /* Handle a CPU exception. */
798 void do_interrupt(CPUARMState *env)
806 do_interrupt_v7m(env);
809 /* TODO: Vectored interrupt controller. */
810 switch (env->exception_index) {
812 new_mode = ARM_CPU_MODE_UND;
821 if (semihosting_enabled) {
822 /* Check for semihosting interrupt. */
824 mask = lduw_code(env->regs[15] - 2) & 0xff;
826 mask = ldl_code(env->regs[15] - 4) & 0xffffff;
828 /* Only intercept calls from privileged modes, to provide some
829 semblance of security. */
830 if (((mask == 0x123456 && !env->thumb)
831 || (mask == 0xab && env->thumb))
832 && (env->uncached_cpsr & CPSR_M) != ARM_CPU_MODE_USR) {
833 env->regs[0] = do_arm_semihosting(env);
837 new_mode = ARM_CPU_MODE_SVC;
840 /* The PC already points to the next instruction. */
844 /* See if this is a semihosting syscall. */
845 if (env->thumb && semihosting_enabled) {
846 mask = lduw_code(env->regs[15]) & 0xff;
848 && (env->uncached_cpsr & CPSR_M) != ARM_CPU_MODE_USR) {
850 env->regs[0] = do_arm_semihosting(env);
854 env->cp15.c5_insn = 2;
855 /* Fall through to prefetch abort. */
856 case EXCP_PREFETCH_ABORT:
857 new_mode = ARM_CPU_MODE_ABT;
859 mask = CPSR_A | CPSR_I;
862 case EXCP_DATA_ABORT:
863 new_mode = ARM_CPU_MODE_ABT;
865 mask = CPSR_A | CPSR_I;
869 new_mode = ARM_CPU_MODE_IRQ;
871 /* Disable IRQ and imprecise data aborts. */
872 mask = CPSR_A | CPSR_I;
876 new_mode = ARM_CPU_MODE_FIQ;
878 /* Disable FIQ, IRQ and imprecise data aborts. */
879 mask = CPSR_A | CPSR_I | CPSR_F;
883 cpu_abort(env, "Unhandled exception 0x%x\n", env->exception_index);
884 return; /* Never happens. Keep compiler happy. */
887 if (env->cp15.c1_sys & (1 << 13)) {
890 switch_mode (env, new_mode);
891 env->spsr = cpsr_read(env);
893 env->condexec_bits = 0;
894 /* Switch to the new mode, and to the correct instruction set. */
895 env->uncached_cpsr = (env->uncached_cpsr & ~CPSR_M) | new_mode;
896 env->uncached_cpsr |= mask;
897 /* this is a lie, as the was no c1_sys on V4T/V5, but who cares
898 * and we should just guard the thumb mode on V4 */
899 if (arm_feature(env, ARM_FEATURE_V4T)) {
900 env->thumb = (env->cp15.c1_sys & (1 << 30)) != 0;
902 env->regs[14] = env->regs[15] + offset;
903 env->regs[15] = addr;
904 env->interrupt_request |= CPU_INTERRUPT_EXITTB;
907 /* Check section/page access permissions.
908 Returns the page protection flags, or zero if the access is not
910 static inline int check_ap(CPUState *env, int ap, int domain, int access_type,
916 return PAGE_READ | PAGE_WRITE;
918 if (access_type == 1)
925 if (access_type == 1)
927 switch ((env->cp15.c1_sys >> 8) & 3) {
929 return is_user ? 0 : PAGE_READ;
936 return is_user ? 0 : PAGE_READ | PAGE_WRITE;
941 return PAGE_READ | PAGE_WRITE;
943 return PAGE_READ | PAGE_WRITE;
944 case 4: /* Reserved. */
947 return is_user ? 0 : prot_ro;
951 if (!arm_feature (env, ARM_FEATURE_V7))
959 static uint32_t get_level1_table_address(CPUState *env, uint32_t address)
963 if (address & env->cp15.c2_mask)
964 table = env->cp15.c2_base1 & 0xffffc000;
966 table = env->cp15.c2_base0 & env->cp15.c2_base_mask;
968 table |= (address >> 18) & 0x3ffc;
972 static int get_phys_addr_v5(CPUState *env, uint32_t address, int access_type,
973 int is_user, uint32_t *phys_ptr, int *prot,
974 target_ulong *page_size)
984 /* Pagetable walk. */
985 /* Lookup l1 descriptor. */
986 table = get_level1_table_address(env, address);
987 desc = ldl_phys(table);
989 domain = (env->cp15.c3 >> ((desc >> 4) & 0x1e)) & 3;
991 /* Section translation fault. */
995 if (domain == 0 || domain == 2) {
997 code = 9; /* Section domain fault. */
999 code = 11; /* Page domain fault. */
1004 phys_addr = (desc & 0xfff00000) | (address & 0x000fffff);
1005 ap = (desc >> 10) & 3;
1007 *page_size = 1024 * 1024;
1009 /* Lookup l2 entry. */
1011 /* Coarse pagetable. */
1012 table = (desc & 0xfffffc00) | ((address >> 10) & 0x3fc);
1014 /* Fine pagetable. */
1015 table = (desc & 0xfffff000) | ((address >> 8) & 0xffc);
1017 desc = ldl_phys(table);
1019 case 0: /* Page translation fault. */
1022 case 1: /* 64k page. */
1023 phys_addr = (desc & 0xffff0000) | (address & 0xffff);
1024 ap = (desc >> (4 + ((address >> 13) & 6))) & 3;
1025 *page_size = 0x10000;
1027 case 2: /* 4k page. */
1028 phys_addr = (desc & 0xfffff000) | (address & 0xfff);
1029 ap = (desc >> (4 + ((address >> 13) & 6))) & 3;
1030 *page_size = 0x1000;
1032 case 3: /* 1k page. */
1034 if (arm_feature(env, ARM_FEATURE_XSCALE)) {
1035 phys_addr = (desc & 0xfffff000) | (address & 0xfff);
1037 /* Page translation fault. */
1042 phys_addr = (desc & 0xfffffc00) | (address & 0x3ff);
1044 ap = (desc >> 4) & 3;
1048 /* Never happens, but compiler isn't smart enough to tell. */
1053 *prot = check_ap(env, ap, domain, access_type, is_user);
1055 /* Access permission fault. */
1059 *phys_ptr = phys_addr;
1062 return code | (domain << 4);
1065 static int get_phys_addr_v6(CPUState *env, uint32_t address, int access_type,
1066 int is_user, uint32_t *phys_ptr, int *prot,
1067 target_ulong *page_size)
1078 /* Pagetable walk. */
1079 /* Lookup l1 descriptor. */
1080 table = get_level1_table_address(env, address);
1081 desc = ldl_phys(table);
1084 /* Section translation fault. */
1088 } else if (type == 2 && (desc & (1 << 18))) {
1092 /* Section or page. */
1093 domain = (desc >> 4) & 0x1e;
1095 domain = (env->cp15.c3 >> domain) & 3;
1096 if (domain == 0 || domain == 2) {
1098 code = 9; /* Section domain fault. */
1100 code = 11; /* Page domain fault. */
1104 if (desc & (1 << 18)) {
1106 phys_addr = (desc & 0xff000000) | (address & 0x00ffffff);
1107 *page_size = 0x1000000;
1110 phys_addr = (desc & 0xfff00000) | (address & 0x000fffff);
1111 *page_size = 0x100000;
1113 ap = ((desc >> 10) & 3) | ((desc >> 13) & 4);
1114 xn = desc & (1 << 4);
1117 /* Lookup l2 entry. */
1118 table = (desc & 0xfffffc00) | ((address >> 10) & 0x3fc);
1119 desc = ldl_phys(table);
1120 ap = ((desc >> 4) & 3) | ((desc >> 7) & 4);
1122 case 0: /* Page translation fault. */
1125 case 1: /* 64k page. */
1126 phys_addr = (desc & 0xffff0000) | (address & 0xffff);
1127 xn = desc & (1 << 15);
1128 *page_size = 0x10000;
1130 case 2: case 3: /* 4k page. */
1131 phys_addr = (desc & 0xfffff000) | (address & 0xfff);
1133 *page_size = 0x1000;
1136 /* Never happens, but compiler isn't smart enough to tell. */
1142 *prot = PAGE_READ | PAGE_WRITE | PAGE_EXEC;
1144 if (xn && access_type == 2)
1147 /* The simplified model uses AP[0] as an access control bit. */
1148 if ((env->cp15.c1_sys & (1 << 29)) && (ap & 1) == 0) {
1149 /* Access flag fault. */
1150 code = (code == 15) ? 6 : 3;
1153 *prot = check_ap(env, ap, domain, access_type, is_user);
1155 /* Access permission fault. */
1162 *phys_ptr = phys_addr;
1165 return code | (domain << 4);
1168 static int get_phys_addr_mpu(CPUState *env, uint32_t address, int access_type,
1169 int is_user, uint32_t *phys_ptr, int *prot)
1175 *phys_ptr = address;
1176 for (n = 7; n >= 0; n--) {
1177 base = env->cp15.c6_region[n];
1178 if ((base & 1) == 0)
1180 mask = 1 << ((base >> 1) & 0x1f);
1181 /* Keep this shift separate from the above to avoid an
1182 (undefined) << 32. */
1183 mask = (mask << 1) - 1;
1184 if (((base ^ address) & ~mask) == 0)
1190 if (access_type == 2) {
1191 mask = env->cp15.c5_insn;
1193 mask = env->cp15.c5_data;
1195 mask = (mask >> (n * 4)) & 0xf;
1202 *prot = PAGE_READ | PAGE_WRITE;
1207 *prot |= PAGE_WRITE;
1210 *prot = PAGE_READ | PAGE_WRITE;
1221 /* Bad permission. */
1228 static inline int get_phys_addr(CPUState *env, uint32_t address,
1229 int access_type, int is_user,
1230 uint32_t *phys_ptr, int *prot,
1231 target_ulong *page_size)
1233 /* Fast Context Switch Extension. */
1234 if (address < 0x02000000)
1235 address += env->cp15.c13_fcse;
1237 if ((env->cp15.c1_sys & 1) == 0) {
1238 /* MMU/MPU disabled. */
1239 *phys_ptr = address;
1240 *prot = PAGE_READ | PAGE_WRITE | PAGE_EXEC;
1241 *page_size = TARGET_PAGE_SIZE;
1243 } else if (arm_feature(env, ARM_FEATURE_MPU)) {
1244 *page_size = TARGET_PAGE_SIZE;
1245 return get_phys_addr_mpu(env, address, access_type, is_user, phys_ptr,
1247 } else if (env->cp15.c1_sys & (1 << 23)) {
1248 return get_phys_addr_v6(env, address, access_type, is_user, phys_ptr,
1251 return get_phys_addr_v5(env, address, access_type, is_user, phys_ptr,
1256 int cpu_arm_handle_mmu_fault (CPUState *env, target_ulong address,
1257 int access_type, int mmu_idx, int is_softmmu)
1260 target_ulong page_size;
1264 is_user = mmu_idx == MMU_USER_IDX;
1265 ret = get_phys_addr(env, address, access_type, is_user, &phys_addr, &prot,
1268 /* Map a single [sub]page. */
1269 phys_addr &= ~(uint32_t)0x3ff;
1270 address &= ~(uint32_t)0x3ff;
1271 tlb_set_page (env, address, phys_addr, prot, mmu_idx, page_size);
1275 if (access_type == 2) {
1276 env->cp15.c5_insn = ret;
1277 env->cp15.c6_insn = address;
1278 env->exception_index = EXCP_PREFETCH_ABORT;
1280 env->cp15.c5_data = ret;
1281 if (access_type == 1 && arm_feature(env, ARM_FEATURE_V6))
1282 env->cp15.c5_data |= (1 << 11);
1283 env->cp15.c6_data = address;
1284 env->exception_index = EXCP_DATA_ABORT;
1289 target_phys_addr_t cpu_get_phys_page_debug(CPUState *env, target_ulong addr)
1292 target_ulong page_size;
1296 ret = get_phys_addr(env, addr, 0, 0, &phys_addr, &prot, &page_size);
1304 void HELPER(set_cp)(CPUState *env, uint32_t insn, uint32_t val)
1306 int cp_num = (insn >> 8) & 0xf;
1307 int cp_info = (insn >> 5) & 7;
1308 int src = (insn >> 16) & 0xf;
1309 int operand = insn & 0xf;
1311 if (env->cp[cp_num].cp_write)
1312 env->cp[cp_num].cp_write(env->cp[cp_num].opaque,
1313 cp_info, src, operand, val);
1316 uint32_t HELPER(get_cp)(CPUState *env, uint32_t insn)
1318 int cp_num = (insn >> 8) & 0xf;
1319 int cp_info = (insn >> 5) & 7;
1320 int dest = (insn >> 16) & 0xf;
1321 int operand = insn & 0xf;
1323 if (env->cp[cp_num].cp_read)
1324 return env->cp[cp_num].cp_read(env->cp[cp_num].opaque,
1325 cp_info, dest, operand);
1329 /* Return basic MPU access permission bits. */
1330 static uint32_t simple_mpu_ap_bits(uint32_t val)
1337 for (i = 0; i < 16; i += 2) {
1338 ret |= (val >> i) & mask;
1344 /* Pad basic MPU access permission bits to extended format. */
1345 static uint32_t extended_mpu_ap_bits(uint32_t val)
1352 for (i = 0; i < 16; i += 2) {
1353 ret |= (val & mask) << i;
1359 void HELPER(set_cp15)(CPUState *env, uint32_t insn, uint32_t val)
1365 op1 = (insn >> 21) & 7;
1366 op2 = (insn >> 5) & 7;
1368 switch ((insn >> 16) & 0xf) {
1371 if (arm_feature(env, ARM_FEATURE_XSCALE))
1373 if (arm_feature(env, ARM_FEATURE_OMAPCP))
1375 if (arm_feature(env, ARM_FEATURE_V7)
1376 && op1 == 2 && crm == 0 && op2 == 0) {
1377 env->cp15.c0_cssel = val & 0xf;
1381 case 1: /* System configuration. */
1382 if (arm_feature(env, ARM_FEATURE_OMAPCP))
1386 if (!arm_feature(env, ARM_FEATURE_XSCALE) || crm == 0)
1387 env->cp15.c1_sys = val;
1388 /* ??? Lots of these bits are not implemented. */
1389 /* This may enable/disable the MMU, so do a TLB flush. */
1392 case 1: /* Auxiliary control register. */
1393 if (arm_feature(env, ARM_FEATURE_XSCALE)) {
1394 env->cp15.c1_xscaleauxcr = val;
1397 /* Not implemented. */
1400 if (arm_feature(env, ARM_FEATURE_XSCALE))
1402 if (env->cp15.c1_coproc != val) {
1403 env->cp15.c1_coproc = val;
1404 /* ??? Is this safe when called from within a TB? */
1412 case 2: /* MMU Page table control / MPU cache control. */
1413 if (arm_feature(env, ARM_FEATURE_MPU)) {
1416 env->cp15.c2_data = val;
1419 env->cp15.c2_insn = val;
1427 env->cp15.c2_base0 = val;
1430 env->cp15.c2_base1 = val;
1434 env->cp15.c2_control = val;
1435 env->cp15.c2_mask = ~(((uint32_t)0xffffffffu) >> val);
1436 env->cp15.c2_base_mask = ~((uint32_t)0x3fffu >> val);
1443 case 3: /* MMU Domain access control / MPU write buffer control. */
1445 tlb_flush(env, 1); /* Flush TLB as domain not tracked in TLB */
1447 case 4: /* Reserved. */
1449 case 5: /* MMU Fault status / MPU access permission. */
1450 if (arm_feature(env, ARM_FEATURE_OMAPCP))
1454 if (arm_feature(env, ARM_FEATURE_MPU))
1455 val = extended_mpu_ap_bits(val);
1456 env->cp15.c5_data = val;
1459 if (arm_feature(env, ARM_FEATURE_MPU))
1460 val = extended_mpu_ap_bits(val);
1461 env->cp15.c5_insn = val;
1464 if (!arm_feature(env, ARM_FEATURE_MPU))
1466 env->cp15.c5_data = val;
1469 if (!arm_feature(env, ARM_FEATURE_MPU))
1471 env->cp15.c5_insn = val;
1477 case 6: /* MMU Fault address / MPU base/size. */
1478 if (arm_feature(env, ARM_FEATURE_MPU)) {
1481 env->cp15.c6_region[crm] = val;
1483 if (arm_feature(env, ARM_FEATURE_OMAPCP))
1487 env->cp15.c6_data = val;
1489 case 1: /* ??? This is WFAR on armv6 */
1491 env->cp15.c6_insn = val;
1498 case 7: /* Cache control. */
1499 env->cp15.c15_i_max = 0x000;
1500 env->cp15.c15_i_min = 0xff0;
1504 /* No cache, so nothing to do except VA->PA translations. */
1505 if (arm_feature(env, ARM_FEATURE_V6K)) {
1508 if (arm_feature(env, ARM_FEATURE_V7)) {
1509 env->cp15.c7_par = val & 0xfffff6ff;
1511 env->cp15.c7_par = val & 0xfffff1ff;
1516 target_ulong page_size;
1518 int ret, is_user = op2 & 2;
1519 int access_type = op2 & 1;
1522 /* Other states are only available with TrustZone */
1525 ret = get_phys_addr(env, val, access_type, is_user,
1526 &phys_addr, &prot, &page_size);
1528 /* We do not set any attribute bits in the PAR */
1529 if (page_size == (1 << 24)
1530 && arm_feature(env, ARM_FEATURE_V7)) {
1531 env->cp15.c7_par = (phys_addr & 0xff000000) | 1 << 1;
1533 env->cp15.c7_par = phys_addr & 0xfffff000;
1536 env->cp15.c7_par = ((ret & (10 << 1)) >> 5) |
1537 ((ret & (12 << 1)) >> 6) |
1538 ((ret & 0xf) << 1) | 1;
1545 case 8: /* MMU TLB control. */
1547 case 0: /* Invalidate all. */
1550 case 1: /* Invalidate single TLB entry. */
1551 tlb_flush_page(env, val & TARGET_PAGE_MASK);
1553 case 2: /* Invalidate on ASID. */
1554 tlb_flush(env, val == 0);
1556 case 3: /* Invalidate single entry on MVA. */
1557 /* ??? This is like case 1, but ignores ASID. */
1565 if (arm_feature(env, ARM_FEATURE_OMAPCP))
1567 if (arm_feature(env, ARM_FEATURE_STRONGARM))
1568 break; /* Ignore ReadBuffer access */
1570 case 0: /* Cache lockdown. */
1572 case 0: /* L1 cache. */
1575 env->cp15.c9_data = val;
1578 env->cp15.c9_insn = val;
1584 case 1: /* L2 cache. */
1585 /* Ignore writes to L2 lockdown/auxiliary registers. */
1591 case 1: /* TCM memory region registers. */
1592 /* Not implemented. */
1594 case 12: /* Performance monitor control */
1595 /* Performance monitors are implementation defined in v7,
1596 * but with an ARM recommended set of registers, which we
1597 * follow (although we don't actually implement any counters)
1599 if (!arm_feature(env, ARM_FEATURE_V7)) {
1603 case 0: /* performance monitor control register */
1604 /* only the DP, X, D and E bits are writable */
1605 env->cp15.c9_pmcr &= ~0x39;
1606 env->cp15.c9_pmcr |= (val & 0x39);
1608 case 1: /* Count enable set register */
1610 env->cp15.c9_pmcnten |= val;
1612 case 2: /* Count enable clear */
1614 env->cp15.c9_pmcnten &= ~val;
1616 case 3: /* Overflow flag status */
1617 env->cp15.c9_pmovsr &= ~val;
1619 case 4: /* Software increment */
1620 /* RAZ/WI since we don't implement the software-count event */
1622 case 5: /* Event counter selection register */
1623 /* Since we don't implement any events, writing to this register
1624 * is actually UNPREDICTABLE. So we choose to RAZ/WI.
1631 case 13: /* Performance counters */
1632 if (!arm_feature(env, ARM_FEATURE_V7)) {
1636 case 0: /* Cycle count register: not implemented, so RAZ/WI */
1638 case 1: /* Event type select */
1639 env->cp15.c9_pmxevtyper = val & 0xff;
1641 case 2: /* Event count register */
1642 /* Unimplemented (we have no events), RAZ/WI */
1648 case 14: /* Performance monitor control */
1649 if (!arm_feature(env, ARM_FEATURE_V7)) {
1653 case 0: /* user enable */
1654 env->cp15.c9_pmuserenr = val & 1;
1655 /* changes access rights for cp registers, so flush tbs */
1658 case 1: /* interrupt enable set */
1659 /* We have no event counters so only the C bit can be changed */
1661 env->cp15.c9_pminten |= val;
1663 case 2: /* interrupt enable clear */
1665 env->cp15.c9_pminten &= ~val;
1673 case 10: /* MMU TLB lockdown. */
1674 /* ??? TLB lockdown not implemented. */
1676 case 12: /* Reserved. */
1678 case 13: /* Process ID. */
1681 /* Unlike real hardware the qemu TLB uses virtual addresses,
1682 not modified virtual addresses, so this causes a TLB flush.
1684 if (env->cp15.c13_fcse != val)
1686 env->cp15.c13_fcse = val;
1689 /* This changes the ASID, so do a TLB flush. */
1690 if (env->cp15.c13_context != val
1691 && !arm_feature(env, ARM_FEATURE_MPU))
1693 env->cp15.c13_context = val;
1699 case 14: /* Reserved. */
1701 case 15: /* Implementation specific. */
1702 if (arm_feature(env, ARM_FEATURE_XSCALE)) {
1703 if (op2 == 0 && crm == 1) {
1704 if (env->cp15.c15_cpar != (val & 0x3fff)) {
1705 /* Changes cp0 to cp13 behavior, so needs a TB flush. */
1707 env->cp15.c15_cpar = val & 0x3fff;
1713 if (arm_feature(env, ARM_FEATURE_OMAPCP)) {
1717 case 1: /* Set TI925T configuration. */
1718 env->cp15.c15_ticonfig = val & 0xe7;
1719 env->cp15.c0_cpuid = (val & (1 << 5)) ? /* OS_TYPE bit */
1720 ARM_CPUID_TI915T : ARM_CPUID_TI925T;
1722 case 2: /* Set I_max. */
1723 env->cp15.c15_i_max = val;
1725 case 3: /* Set I_min. */
1726 env->cp15.c15_i_min = val;
1728 case 4: /* Set thread-ID. */
1729 env->cp15.c15_threadid = val & 0xffff;
1731 case 8: /* Wait-for-interrupt (deprecated). */
1732 cpu_interrupt(env, CPU_INTERRUPT_HALT);
1742 /* ??? For debugging only. Should raise illegal instruction exception. */
1743 cpu_abort(env, "Unimplemented cp15 register write (c%d, c%d, {%d, %d})\n",
1744 (insn >> 16) & 0xf, crm, op1, op2);
1747 uint32_t HELPER(get_cp15)(CPUState *env, uint32_t insn)
1753 op1 = (insn >> 21) & 7;
1754 op2 = (insn >> 5) & 7;
1756 switch ((insn >> 16) & 0xf) {
1757 case 0: /* ID codes. */
1763 case 0: /* Device ID. */
1764 return env->cp15.c0_cpuid;
1765 case 1: /* Cache Type. */
1766 return env->cp15.c0_cachetype;
1767 case 2: /* TCM status. */
1769 case 3: /* TLB type register. */
1770 return 0; /* No lockable TLB entries. */
1772 /* The MPIDR was standardised in v7; prior to
1773 * this it was implemented only in the 11MPCore.
1774 * For all other pre-v7 cores it does not exist.
1776 if (arm_feature(env, ARM_FEATURE_V7) ||
1777 ARM_CPUID(env) == ARM_CPUID_ARM11MPCORE) {
1778 int mpidr = env->cpu_index;
1779 /* We don't support setting cluster ID ([8..11])
1780 * so these bits always RAZ.
1782 if (arm_feature(env, ARM_FEATURE_V7MP)) {
1784 /* Cores which are uniprocessor (non-coherent)
1785 * but still implement the MP extensions set
1786 * bit 30. (For instance, A9UP.) However we do
1787 * not currently model any of those cores.
1792 /* otherwise fall through to the unimplemented-reg case */
1797 if (!arm_feature(env, ARM_FEATURE_V6))
1799 return env->cp15.c0_c1[op2];
1801 if (!arm_feature(env, ARM_FEATURE_V6))
1803 return env->cp15.c0_c2[op2];
1804 case 3: case 4: case 5: case 6: case 7:
1810 /* These registers aren't documented on arm11 cores. However
1811 Linux looks at them anyway. */
1812 if (!arm_feature(env, ARM_FEATURE_V6))
1816 if (!arm_feature(env, ARM_FEATURE_V7))
1821 return env->cp15.c0_ccsid[env->cp15.c0_cssel];
1823 return env->cp15.c0_clid;
1829 if (op2 != 0 || crm != 0)
1831 return env->cp15.c0_cssel;
1835 case 1: /* System configuration. */
1836 if (arm_feature(env, ARM_FEATURE_OMAPCP))
1839 case 0: /* Control register. */
1840 return env->cp15.c1_sys;
1841 case 1: /* Auxiliary control register. */
1842 if (arm_feature(env, ARM_FEATURE_XSCALE))
1843 return env->cp15.c1_xscaleauxcr;
1844 if (!arm_feature(env, ARM_FEATURE_AUXCR))
1846 switch (ARM_CPUID(env)) {
1847 case ARM_CPUID_ARM1026:
1849 case ARM_CPUID_ARM1136:
1850 case ARM_CPUID_ARM1136_R2:
1852 case ARM_CPUID_ARM11MPCORE:
1854 case ARM_CPUID_CORTEXA8:
1856 case ARM_CPUID_CORTEXA9:
1861 case 2: /* Coprocessor access register. */
1862 if (arm_feature(env, ARM_FEATURE_XSCALE))
1864 return env->cp15.c1_coproc;
1868 case 2: /* MMU Page table control / MPU cache control. */
1869 if (arm_feature(env, ARM_FEATURE_MPU)) {
1872 return env->cp15.c2_data;
1875 return env->cp15.c2_insn;
1883 return env->cp15.c2_base0;
1885 return env->cp15.c2_base1;
1887 return env->cp15.c2_control;
1892 case 3: /* MMU Domain access control / MPU write buffer control. */
1893 return env->cp15.c3;
1894 case 4: /* Reserved. */
1896 case 5: /* MMU Fault status / MPU access permission. */
1897 if (arm_feature(env, ARM_FEATURE_OMAPCP))
1901 if (arm_feature(env, ARM_FEATURE_MPU))
1902 return simple_mpu_ap_bits(env->cp15.c5_data);
1903 return env->cp15.c5_data;
1905 if (arm_feature(env, ARM_FEATURE_MPU))
1906 return simple_mpu_ap_bits(env->cp15.c5_data);
1907 return env->cp15.c5_insn;
1909 if (!arm_feature(env, ARM_FEATURE_MPU))
1911 return env->cp15.c5_data;
1913 if (!arm_feature(env, ARM_FEATURE_MPU))
1915 return env->cp15.c5_insn;
1919 case 6: /* MMU Fault address. */
1920 if (arm_feature(env, ARM_FEATURE_MPU)) {
1923 return env->cp15.c6_region[crm];
1925 if (arm_feature(env, ARM_FEATURE_OMAPCP))
1929 return env->cp15.c6_data;
1931 if (arm_feature(env, ARM_FEATURE_V6)) {
1932 /* Watchpoint Fault Adrress. */
1933 return 0; /* Not implemented. */
1935 /* Instruction Fault Adrress. */
1936 /* Arm9 doesn't have an IFAR, but implementing it anyway
1937 shouldn't do any harm. */
1938 return env->cp15.c6_insn;
1941 if (arm_feature(env, ARM_FEATURE_V6)) {
1942 /* Instruction Fault Adrress. */
1943 return env->cp15.c6_insn;
1951 case 7: /* Cache control. */
1952 if (crm == 4 && op1 == 0 && op2 == 0) {
1953 return env->cp15.c7_par;
1955 /* FIXME: Should only clear Z flag if destination is r15. */
1958 case 8: /* MMU TLB control. */
1962 case 0: /* Cache lockdown */
1964 case 0: /* L1 cache. */
1965 if (arm_feature(env, ARM_FEATURE_OMAPCP)) {
1970 return env->cp15.c9_data;
1972 return env->cp15.c9_insn;
1976 case 1: /* L2 cache */
1980 /* L2 Lockdown and Auxiliary control. */
1986 case 12: /* Performance monitor control */
1987 if (!arm_feature(env, ARM_FEATURE_V7)) {
1991 case 0: /* performance monitor control register */
1992 return env->cp15.c9_pmcr;
1993 case 1: /* count enable set */
1994 case 2: /* count enable clear */
1995 return env->cp15.c9_pmcnten;
1996 case 3: /* overflow flag status */
1997 return env->cp15.c9_pmovsr;
1998 case 4: /* software increment */
1999 case 5: /* event counter selection register */
2000 return 0; /* Unimplemented, RAZ/WI */
2004 case 13: /* Performance counters */
2005 if (!arm_feature(env, ARM_FEATURE_V7)) {
2009 case 1: /* Event type select */
2010 return env->cp15.c9_pmxevtyper;
2011 case 0: /* Cycle count register */
2012 case 2: /* Event count register */
2013 /* Unimplemented, so RAZ/WI */
2018 case 14: /* Performance monitor control */
2019 if (!arm_feature(env, ARM_FEATURE_V7)) {
2023 case 0: /* user enable */
2024 return env->cp15.c9_pmuserenr;
2025 case 1: /* interrupt enable set */
2026 case 2: /* interrupt enable clear */
2027 return env->cp15.c9_pminten;
2035 case 10: /* MMU TLB lockdown. */
2036 /* ??? TLB lockdown not implemented. */
2038 case 11: /* TCM DMA control. */
2039 case 12: /* Reserved. */
2041 case 13: /* Process ID. */
2044 return env->cp15.c13_fcse;
2046 return env->cp15.c13_context;
2050 case 14: /* Reserved. */
2052 case 15: /* Implementation specific. */
2053 if (arm_feature(env, ARM_FEATURE_XSCALE)) {
2054 if (op2 == 0 && crm == 1)
2055 return env->cp15.c15_cpar;
2059 if (arm_feature(env, ARM_FEATURE_OMAPCP)) {
2063 case 1: /* Read TI925T configuration. */
2064 return env->cp15.c15_ticonfig;
2065 case 2: /* Read I_max. */
2066 return env->cp15.c15_i_max;
2067 case 3: /* Read I_min. */
2068 return env->cp15.c15_i_min;
2069 case 4: /* Read thread-ID. */
2070 return env->cp15.c15_threadid;
2071 case 8: /* TI925T_status */
2074 /* TODO: Peripheral port remap register:
2075 * On OMAP2 mcr p15, 0, rn, c15, c2, 4 sets up the interrupt
2076 * controller base address at $rn & ~0xfff and map size of
2077 * 0x200 << ($rn & 0xfff), when MMU is off. */
2083 /* ??? For debugging only. Should raise illegal instruction exception. */
2084 cpu_abort(env, "Unimplemented cp15 register read (c%d, c%d, {%d, %d})\n",
2085 (insn >> 16) & 0xf, crm, op1, op2);
2089 void HELPER(set_r13_banked)(CPUState *env, uint32_t mode, uint32_t val)
2091 if ((env->uncached_cpsr & CPSR_M) == mode) {
2092 env->regs[13] = val;
2094 env->banked_r13[bank_number(mode)] = val;
2098 uint32_t HELPER(get_r13_banked)(CPUState *env, uint32_t mode)
2100 if ((env->uncached_cpsr & CPSR_M) == mode) {
2101 return env->regs[13];
2103 return env->banked_r13[bank_number(mode)];
2107 uint32_t HELPER(v7m_mrs)(CPUState *env, uint32_t reg)
2111 return xpsr_read(env) & 0xf8000000;
2113 return xpsr_read(env) & 0xf80001ff;
2115 return xpsr_read(env) & 0xff00fc00;
2117 return xpsr_read(env) & 0xff00fdff;
2119 return xpsr_read(env) & 0x000001ff;
2121 return xpsr_read(env) & 0x0700fc00;
2123 return xpsr_read(env) & 0x0700edff;
2125 return env->v7m.current_sp ? env->v7m.other_sp : env->regs[13];
2127 return env->v7m.current_sp ? env->regs[13] : env->v7m.other_sp;
2128 case 16: /* PRIMASK */
2129 return (env->uncached_cpsr & CPSR_I) != 0;
2130 case 17: /* BASEPRI */
2131 case 18: /* BASEPRI_MAX */
2132 return env->v7m.basepri;
2133 case 19: /* FAULTMASK */
2134 return (env->uncached_cpsr & CPSR_F) != 0;
2135 case 20: /* CONTROL */
2136 return env->v7m.control;
2138 /* ??? For debugging only. */
2139 cpu_abort(env, "Unimplemented system register read (%d)\n", reg);
2144 void HELPER(v7m_msr)(CPUState *env, uint32_t reg, uint32_t val)
2148 xpsr_write(env, val, 0xf8000000);
2151 xpsr_write(env, val, 0xf8000000);
2154 xpsr_write(env, val, 0xfe00fc00);
2157 xpsr_write(env, val, 0xfe00fc00);
2160 /* IPSR bits are readonly. */
2163 xpsr_write(env, val, 0x0600fc00);
2166 xpsr_write(env, val, 0x0600fc00);
2169 if (env->v7m.current_sp)
2170 env->v7m.other_sp = val;
2172 env->regs[13] = val;
2175 if (env->v7m.current_sp)
2176 env->regs[13] = val;
2178 env->v7m.other_sp = val;
2180 case 16: /* PRIMASK */
2182 env->uncached_cpsr |= CPSR_I;
2184 env->uncached_cpsr &= ~CPSR_I;
2186 case 17: /* BASEPRI */
2187 env->v7m.basepri = val & 0xff;
2189 case 18: /* BASEPRI_MAX */
2191 if (val != 0 && (val < env->v7m.basepri || env->v7m.basepri == 0))
2192 env->v7m.basepri = val;
2194 case 19: /* FAULTMASK */
2196 env->uncached_cpsr |= CPSR_F;
2198 env->uncached_cpsr &= ~CPSR_F;
2200 case 20: /* CONTROL */
2201 env->v7m.control = val & 3;
2202 switch_v7m_sp(env, (val & 2) != 0);
2205 /* ??? For debugging only. */
2206 cpu_abort(env, "Unimplemented system register write (%d)\n", reg);
2211 void cpu_arm_set_cp_io(CPUARMState *env, int cpnum,
2212 ARMReadCPFunc *cp_read, ARMWriteCPFunc *cp_write,
2215 if (cpnum < 0 || cpnum > 14) {
2216 cpu_abort(env, "Bad coprocessor number: %i\n", cpnum);
2220 env->cp[cpnum].cp_read = cp_read;
2221 env->cp[cpnum].cp_write = cp_write;
2222 env->cp[cpnum].opaque = opaque;
2227 /* Note that signed overflow is undefined in C. The following routines are
2228 careful to use unsigned types where modulo arithmetic is required.
2229 Failure to do so _will_ break on newer gcc. */
2231 /* Signed saturating arithmetic. */
2233 /* Perform 16-bit signed saturating addition. */
2234 static inline uint16_t add16_sat(uint16_t a, uint16_t b)
2239 if (((res ^ a) & 0x8000) && !((a ^ b) & 0x8000)) {
2248 /* Perform 8-bit signed saturating addition. */
2249 static inline uint8_t add8_sat(uint8_t a, uint8_t b)
2254 if (((res ^ a) & 0x80) && !((a ^ b) & 0x80)) {
2263 /* Perform 16-bit signed saturating subtraction. */
2264 static inline uint16_t sub16_sat(uint16_t a, uint16_t b)
2269 if (((res ^ a) & 0x8000) && ((a ^ b) & 0x8000)) {
2278 /* Perform 8-bit signed saturating subtraction. */
2279 static inline uint8_t sub8_sat(uint8_t a, uint8_t b)
2284 if (((res ^ a) & 0x80) && ((a ^ b) & 0x80)) {
2293 #define ADD16(a, b, n) RESULT(add16_sat(a, b), n, 16);
2294 #define SUB16(a, b, n) RESULT(sub16_sat(a, b), n, 16);
2295 #define ADD8(a, b, n) RESULT(add8_sat(a, b), n, 8);
2296 #define SUB8(a, b, n) RESULT(sub8_sat(a, b), n, 8);
2299 #include "op_addsub.h"
2301 /* Unsigned saturating arithmetic. */
2302 static inline uint16_t add16_usat(uint16_t a, uint16_t b)
2311 static inline uint16_t sub16_usat(uint16_t a, uint16_t b)
2319 static inline uint8_t add8_usat(uint8_t a, uint8_t b)
2328 static inline uint8_t sub8_usat(uint8_t a, uint8_t b)
2336 #define ADD16(a, b, n) RESULT(add16_usat(a, b), n, 16);
2337 #define SUB16(a, b, n) RESULT(sub16_usat(a, b), n, 16);
2338 #define ADD8(a, b, n) RESULT(add8_usat(a, b), n, 8);
2339 #define SUB8(a, b, n) RESULT(sub8_usat(a, b), n, 8);
2342 #include "op_addsub.h"
2344 /* Signed modulo arithmetic. */
2345 #define SARITH16(a, b, n, op) do { \
2347 sum = (int32_t)(int16_t)(a) op (int32_t)(int16_t)(b); \
2348 RESULT(sum, n, 16); \
2350 ge |= 3 << (n * 2); \
2353 #define SARITH8(a, b, n, op) do { \
2355 sum = (int32_t)(int8_t)(a) op (int32_t)(int8_t)(b); \
2356 RESULT(sum, n, 8); \
2362 #define ADD16(a, b, n) SARITH16(a, b, n, +)
2363 #define SUB16(a, b, n) SARITH16(a, b, n, -)
2364 #define ADD8(a, b, n) SARITH8(a, b, n, +)
2365 #define SUB8(a, b, n) SARITH8(a, b, n, -)
2369 #include "op_addsub.h"
2371 /* Unsigned modulo arithmetic. */
2372 #define ADD16(a, b, n) do { \
2374 sum = (uint32_t)(uint16_t)(a) + (uint32_t)(uint16_t)(b); \
2375 RESULT(sum, n, 16); \
2376 if ((sum >> 16) == 1) \
2377 ge |= 3 << (n * 2); \
2380 #define ADD8(a, b, n) do { \
2382 sum = (uint32_t)(uint8_t)(a) + (uint32_t)(uint8_t)(b); \
2383 RESULT(sum, n, 8); \
2384 if ((sum >> 8) == 1) \
2388 #define SUB16(a, b, n) do { \
2390 sum = (uint32_t)(uint16_t)(a) - (uint32_t)(uint16_t)(b); \
2391 RESULT(sum, n, 16); \
2392 if ((sum >> 16) == 0) \
2393 ge |= 3 << (n * 2); \
2396 #define SUB8(a, b, n) do { \
2398 sum = (uint32_t)(uint8_t)(a) - (uint32_t)(uint8_t)(b); \
2399 RESULT(sum, n, 8); \
2400 if ((sum >> 8) == 0) \
2407 #include "op_addsub.h"
2409 /* Halved signed arithmetic. */
2410 #define ADD16(a, b, n) \
2411 RESULT(((int32_t)(int16_t)(a) + (int32_t)(int16_t)(b)) >> 1, n, 16)
2412 #define SUB16(a, b, n) \
2413 RESULT(((int32_t)(int16_t)(a) - (int32_t)(int16_t)(b)) >> 1, n, 16)
2414 #define ADD8(a, b, n) \
2415 RESULT(((int32_t)(int8_t)(a) + (int32_t)(int8_t)(b)) >> 1, n, 8)
2416 #define SUB8(a, b, n) \
2417 RESULT(((int32_t)(int8_t)(a) - (int32_t)(int8_t)(b)) >> 1, n, 8)
2420 #include "op_addsub.h"
2422 /* Halved unsigned arithmetic. */
2423 #define ADD16(a, b, n) \
2424 RESULT(((uint32_t)(uint16_t)(a) + (uint32_t)(uint16_t)(b)) >> 1, n, 16)
2425 #define SUB16(a, b, n) \
2426 RESULT(((uint32_t)(uint16_t)(a) - (uint32_t)(uint16_t)(b)) >> 1, n, 16)
2427 #define ADD8(a, b, n) \
2428 RESULT(((uint32_t)(uint8_t)(a) + (uint32_t)(uint8_t)(b)) >> 1, n, 8)
2429 #define SUB8(a, b, n) \
2430 RESULT(((uint32_t)(uint8_t)(a) - (uint32_t)(uint8_t)(b)) >> 1, n, 8)
2433 #include "op_addsub.h"
2435 static inline uint8_t do_usad(uint8_t a, uint8_t b)
2443 /* Unsigned sum of absolute byte differences. */
2444 uint32_t HELPER(usad8)(uint32_t a, uint32_t b)
2447 sum = do_usad(a, b);
2448 sum += do_usad(a >> 8, b >> 8);
2449 sum += do_usad(a >> 16, b >>16);
2450 sum += do_usad(a >> 24, b >> 24);
2454 /* For ARMv6 SEL instruction. */
2455 uint32_t HELPER(sel_flags)(uint32_t flags, uint32_t a, uint32_t b)
2468 return (a & mask) | (b & ~mask);
2471 uint32_t HELPER(logicq_cc)(uint64_t val)
2473 return (val >> 32) | (val != 0);
2476 /* VFP support. We follow the convention used for VFP instrunctions:
2477 Single precition routines have a "s" suffix, double precision a
2480 /* Convert host exception flags to vfp form. */
2481 static inline int vfp_exceptbits_from_host(int host_bits)
2483 int target_bits = 0;
2485 if (host_bits & float_flag_invalid)
2487 if (host_bits & float_flag_divbyzero)
2489 if (host_bits & float_flag_overflow)
2491 if (host_bits & (float_flag_underflow | float_flag_output_denormal))
2493 if (host_bits & float_flag_inexact)
2494 target_bits |= 0x10;
2495 if (host_bits & float_flag_input_denormal)
2496 target_bits |= 0x80;
2500 uint32_t HELPER(vfp_get_fpscr)(CPUState *env)
2505 fpscr = (env->vfp.xregs[ARM_VFP_FPSCR] & 0xffc8ffff)
2506 | (env->vfp.vec_len << 16)
2507 | (env->vfp.vec_stride << 20);
2508 i = get_float_exception_flags(&env->vfp.fp_status);
2509 i |= get_float_exception_flags(&env->vfp.standard_fp_status);
2510 fpscr |= vfp_exceptbits_from_host(i);
2514 uint32_t vfp_get_fpscr(CPUState *env)
2516 return HELPER(vfp_get_fpscr)(env);
2519 /* Convert vfp exception flags to target form. */
2520 static inline int vfp_exceptbits_to_host(int target_bits)
2524 if (target_bits & 1)
2525 host_bits |= float_flag_invalid;
2526 if (target_bits & 2)
2527 host_bits |= float_flag_divbyzero;
2528 if (target_bits & 4)
2529 host_bits |= float_flag_overflow;
2530 if (target_bits & 8)
2531 host_bits |= float_flag_underflow;
2532 if (target_bits & 0x10)
2533 host_bits |= float_flag_inexact;
2534 if (target_bits & 0x80)
2535 host_bits |= float_flag_input_denormal;
2539 void HELPER(vfp_set_fpscr)(CPUState *env, uint32_t val)
2544 changed = env->vfp.xregs[ARM_VFP_FPSCR];
2545 env->vfp.xregs[ARM_VFP_FPSCR] = (val & 0xffc8ffff);
2546 env->vfp.vec_len = (val >> 16) & 7;
2547 env->vfp.vec_stride = (val >> 20) & 3;
2550 if (changed & (3 << 22)) {
2551 i = (val >> 22) & 3;
2554 i = float_round_nearest_even;
2560 i = float_round_down;
2563 i = float_round_to_zero;
2566 set_float_rounding_mode(i, &env->vfp.fp_status);
2568 if (changed & (1 << 24)) {
2569 set_flush_to_zero((val & (1 << 24)) != 0, &env->vfp.fp_status);
2570 set_flush_inputs_to_zero((val & (1 << 24)) != 0, &env->vfp.fp_status);
2572 if (changed & (1 << 25))
2573 set_default_nan_mode((val & (1 << 25)) != 0, &env->vfp.fp_status);
2575 i = vfp_exceptbits_to_host(val);
2576 set_float_exception_flags(i, &env->vfp.fp_status);
2577 set_float_exception_flags(0, &env->vfp.standard_fp_status);
2580 void vfp_set_fpscr(CPUState *env, uint32_t val)
2582 HELPER(vfp_set_fpscr)(env, val);
2585 #define VFP_HELPER(name, p) HELPER(glue(glue(vfp_,name),p))
2587 #define VFP_BINOP(name) \
2588 float32 VFP_HELPER(name, s)(float32 a, float32 b, void *fpstp) \
2590 float_status *fpst = fpstp; \
2591 return float32_ ## name(a, b, fpst); \
2593 float64 VFP_HELPER(name, d)(float64 a, float64 b, void *fpstp) \
2595 float_status *fpst = fpstp; \
2596 return float64_ ## name(a, b, fpst); \
2604 float32 VFP_HELPER(neg, s)(float32 a)
2606 return float32_chs(a);
2609 float64 VFP_HELPER(neg, d)(float64 a)
2611 return float64_chs(a);
2614 float32 VFP_HELPER(abs, s)(float32 a)
2616 return float32_abs(a);
2619 float64 VFP_HELPER(abs, d)(float64 a)
2621 return float64_abs(a);
2624 float32 VFP_HELPER(sqrt, s)(float32 a, CPUState *env)
2626 return float32_sqrt(a, &env->vfp.fp_status);
2629 float64 VFP_HELPER(sqrt, d)(float64 a, CPUState *env)
2631 return float64_sqrt(a, &env->vfp.fp_status);
2634 /* XXX: check quiet/signaling case */
2635 #define DO_VFP_cmp(p, type) \
2636 void VFP_HELPER(cmp, p)(type a, type b, CPUState *env) \
2639 switch(type ## _compare_quiet(a, b, &env->vfp.fp_status)) { \
2640 case 0: flags = 0x6; break; \
2641 case -1: flags = 0x8; break; \
2642 case 1: flags = 0x2; break; \
2643 default: case 2: flags = 0x3; break; \
2645 env->vfp.xregs[ARM_VFP_FPSCR] = (flags << 28) \
2646 | (env->vfp.xregs[ARM_VFP_FPSCR] & 0x0fffffff); \
2648 void VFP_HELPER(cmpe, p)(type a, type b, CPUState *env) \
2651 switch(type ## _compare(a, b, &env->vfp.fp_status)) { \
2652 case 0: flags = 0x6; break; \
2653 case -1: flags = 0x8; break; \
2654 case 1: flags = 0x2; break; \
2655 default: case 2: flags = 0x3; break; \
2657 env->vfp.xregs[ARM_VFP_FPSCR] = (flags << 28) \
2658 | (env->vfp.xregs[ARM_VFP_FPSCR] & 0x0fffffff); \
2660 DO_VFP_cmp(s, float32)
2661 DO_VFP_cmp(d, float64)
2664 /* Integer to float and float to integer conversions */
2666 #define CONV_ITOF(name, fsz, sign) \
2667 float##fsz HELPER(name)(uint32_t x, void *fpstp) \
2669 float_status *fpst = fpstp; \
2670 return sign##int32_to_##float##fsz(x, fpst); \
2673 #define CONV_FTOI(name, fsz, sign, round) \
2674 uint32_t HELPER(name)(float##fsz x, void *fpstp) \
2676 float_status *fpst = fpstp; \
2677 if (float##fsz##_is_any_nan(x)) { \
2678 float_raise(float_flag_invalid, fpst); \
2681 return float##fsz##_to_##sign##int32##round(x, fpst); \
2684 #define FLOAT_CONVS(name, p, fsz, sign) \
2685 CONV_ITOF(vfp_##name##to##p, fsz, sign) \
2686 CONV_FTOI(vfp_to##name##p, fsz, sign, ) \
2687 CONV_FTOI(vfp_to##name##z##p, fsz, sign, _round_to_zero)
2689 FLOAT_CONVS(si, s, 32, )
2690 FLOAT_CONVS(si, d, 64, )
2691 FLOAT_CONVS(ui, s, 32, u)
2692 FLOAT_CONVS(ui, d, 64, u)
2698 /* floating point conversion */
2699 float64 VFP_HELPER(fcvtd, s)(float32 x, CPUState *env)
2701 float64 r = float32_to_float64(x, &env->vfp.fp_status);
2702 /* ARM requires that S<->D conversion of any kind of NaN generates
2703 * a quiet NaN by forcing the most significant frac bit to 1.
2705 return float64_maybe_silence_nan(r);
2708 float32 VFP_HELPER(fcvts, d)(float64 x, CPUState *env)
2710 float32 r = float64_to_float32(x, &env->vfp.fp_status);
2711 /* ARM requires that S<->D conversion of any kind of NaN generates
2712 * a quiet NaN by forcing the most significant frac bit to 1.
2714 return float32_maybe_silence_nan(r);
2717 /* VFP3 fixed point conversion. */
2718 #define VFP_CONV_FIX(name, p, fsz, itype, sign) \
2719 float##fsz HELPER(vfp_##name##to##p)(uint##fsz##_t x, uint32_t shift, \
2722 float_status *fpst = fpstp; \
2724 tmp = sign##int32_to_##float##fsz((itype##_t)x, fpst); \
2725 return float##fsz##_scalbn(tmp, -(int)shift, fpst); \
2727 uint##fsz##_t HELPER(vfp_to##name##p)(float##fsz x, uint32_t shift, \
2730 float_status *fpst = fpstp; \
2732 if (float##fsz##_is_any_nan(x)) { \
2733 float_raise(float_flag_invalid, fpst); \
2736 tmp = float##fsz##_scalbn(x, shift, fpst); \
2737 return float##fsz##_to_##itype##_round_to_zero(tmp, fpst); \
2740 VFP_CONV_FIX(sh, d, 64, int16, )
2741 VFP_CONV_FIX(sl, d, 64, int32, )
2742 VFP_CONV_FIX(uh, d, 64, uint16, u)
2743 VFP_CONV_FIX(ul, d, 64, uint32, u)
2744 VFP_CONV_FIX(sh, s, 32, int16, )
2745 VFP_CONV_FIX(sl, s, 32, int32, )
2746 VFP_CONV_FIX(uh, s, 32, uint16, u)
2747 VFP_CONV_FIX(ul, s, 32, uint32, u)
2750 /* Half precision conversions. */
2751 static float32 do_fcvt_f16_to_f32(uint32_t a, CPUState *env, float_status *s)
2753 int ieee = (env->vfp.xregs[ARM_VFP_FPSCR] & (1 << 26)) == 0;
2754 float32 r = float16_to_float32(make_float16(a), ieee, s);
2756 return float32_maybe_silence_nan(r);
2761 static uint32_t do_fcvt_f32_to_f16(float32 a, CPUState *env, float_status *s)
2763 int ieee = (env->vfp.xregs[ARM_VFP_FPSCR] & (1 << 26)) == 0;
2764 float16 r = float32_to_float16(a, ieee, s);
2766 r = float16_maybe_silence_nan(r);
2768 return float16_val(r);
2771 float32 HELPER(neon_fcvt_f16_to_f32)(uint32_t a, CPUState *env)
2773 return do_fcvt_f16_to_f32(a, env, &env->vfp.standard_fp_status);
2776 uint32_t HELPER(neon_fcvt_f32_to_f16)(float32 a, CPUState *env)
2778 return do_fcvt_f32_to_f16(a, env, &env->vfp.standard_fp_status);
2781 float32 HELPER(vfp_fcvt_f16_to_f32)(uint32_t a, CPUState *env)
2783 return do_fcvt_f16_to_f32(a, env, &env->vfp.fp_status);
2786 uint32_t HELPER(vfp_fcvt_f32_to_f16)(float32 a, CPUState *env)
2788 return do_fcvt_f32_to_f16(a, env, &env->vfp.fp_status);
2791 #define float32_two make_float32(0x40000000)
2792 #define float32_three make_float32(0x40400000)
2793 #define float32_one_point_five make_float32(0x3fc00000)
2795 float32 HELPER(recps_f32)(float32 a, float32 b, CPUState *env)
2797 float_status *s = &env->vfp.standard_fp_status;
2798 if ((float32_is_infinity(a) && float32_is_zero_or_denormal(b)) ||
2799 (float32_is_infinity(b) && float32_is_zero_or_denormal(a))) {
2800 if (!(float32_is_zero(a) || float32_is_zero(b))) {
2801 float_raise(float_flag_input_denormal, s);
2805 return float32_sub(float32_two, float32_mul(a, b, s), s);
2808 float32 HELPER(rsqrts_f32)(float32 a, float32 b, CPUState *env)
2810 float_status *s = &env->vfp.standard_fp_status;
2812 if ((float32_is_infinity(a) && float32_is_zero_or_denormal(b)) ||
2813 (float32_is_infinity(b) && float32_is_zero_or_denormal(a))) {
2814 if (!(float32_is_zero(a) || float32_is_zero(b))) {
2815 float_raise(float_flag_input_denormal, s);
2817 return float32_one_point_five;
2819 product = float32_mul(a, b, s);
2820 return float32_div(float32_sub(float32_three, product, s), float32_two, s);
2825 /* Constants 256 and 512 are used in some helpers; we avoid relying on
2826 * int->float conversions at run-time. */
2827 #define float64_256 make_float64(0x4070000000000000LL)
2828 #define float64_512 make_float64(0x4080000000000000LL)
2830 /* The algorithm that must be used to calculate the estimate
2831 * is specified by the ARM ARM.
2833 static float64 recip_estimate(float64 a, CPUState *env)
2835 /* These calculations mustn't set any fp exception flags,
2836 * so we use a local copy of the fp_status.
2838 float_status dummy_status = env->vfp.standard_fp_status;
2839 float_status *s = &dummy_status;
2840 /* q = (int)(a * 512.0) */
2841 float64 q = float64_mul(float64_512, a, s);
2842 int64_t q_int = float64_to_int64_round_to_zero(q, s);
2844 /* r = 1.0 / (((double)q + 0.5) / 512.0) */
2845 q = int64_to_float64(q_int, s);
2846 q = float64_add(q, float64_half, s);
2847 q = float64_div(q, float64_512, s);
2848 q = float64_div(float64_one, q, s);
2850 /* s = (int)(256.0 * r + 0.5) */
2851 q = float64_mul(q, float64_256, s);
2852 q = float64_add(q, float64_half, s);
2853 q_int = float64_to_int64_round_to_zero(q, s);
2855 /* return (double)s / 256.0 */
2856 return float64_div(int64_to_float64(q_int, s), float64_256, s);
2859 float32 HELPER(recpe_f32)(float32 a, CPUState *env)
2861 float_status *s = &env->vfp.standard_fp_status;
2863 uint32_t val32 = float32_val(a);
2866 int a_exp = (val32 & 0x7f800000) >> 23;
2867 int sign = val32 & 0x80000000;
2869 if (float32_is_any_nan(a)) {
2870 if (float32_is_signaling_nan(a)) {
2871 float_raise(float_flag_invalid, s);
2873 return float32_default_nan;
2874 } else if (float32_is_infinity(a)) {
2875 return float32_set_sign(float32_zero, float32_is_neg(a));
2876 } else if (float32_is_zero_or_denormal(a)) {
2877 if (!float32_is_zero(a)) {
2878 float_raise(float_flag_input_denormal, s);
2880 float_raise(float_flag_divbyzero, s);
2881 return float32_set_sign(float32_infinity, float32_is_neg(a));
2882 } else if (a_exp >= 253) {
2883 float_raise(float_flag_underflow, s);
2884 return float32_set_sign(float32_zero, float32_is_neg(a));
2887 f64 = make_float64((0x3feULL << 52)
2888 | ((int64_t)(val32 & 0x7fffff) << 29));
2890 result_exp = 253 - a_exp;
2892 f64 = recip_estimate(f64, env);
2895 | ((result_exp & 0xff) << 23)
2896 | ((float64_val(f64) >> 29) & 0x7fffff);
2897 return make_float32(val32);
2900 /* The algorithm that must be used to calculate the estimate
2901 * is specified by the ARM ARM.
2903 static float64 recip_sqrt_estimate(float64 a, CPUState *env)
2905 /* These calculations mustn't set any fp exception flags,
2906 * so we use a local copy of the fp_status.
2908 float_status dummy_status = env->vfp.standard_fp_status;
2909 float_status *s = &dummy_status;
2913 if (float64_lt(a, float64_half, s)) {
2914 /* range 0.25 <= a < 0.5 */
2916 /* a in units of 1/512 rounded down */
2917 /* q0 = (int)(a * 512.0); */
2918 q = float64_mul(float64_512, a, s);
2919 q_int = float64_to_int64_round_to_zero(q, s);
2921 /* reciprocal root r */
2922 /* r = 1.0 / sqrt(((double)q0 + 0.5) / 512.0); */
2923 q = int64_to_float64(q_int, s);
2924 q = float64_add(q, float64_half, s);
2925 q = float64_div(q, float64_512, s);
2926 q = float64_sqrt(q, s);
2927 q = float64_div(float64_one, q, s);
2929 /* range 0.5 <= a < 1.0 */
2931 /* a in units of 1/256 rounded down */
2932 /* q1 = (int)(a * 256.0); */
2933 q = float64_mul(float64_256, a, s);
2934 int64_t q_int = float64_to_int64_round_to_zero(q, s);
2936 /* reciprocal root r */
2937 /* r = 1.0 /sqrt(((double)q1 + 0.5) / 256); */
2938 q = int64_to_float64(q_int, s);
2939 q = float64_add(q, float64_half, s);
2940 q = float64_div(q, float64_256, s);
2941 q = float64_sqrt(q, s);
2942 q = float64_div(float64_one, q, s);
2944 /* r in units of 1/256 rounded to nearest */
2945 /* s = (int)(256.0 * r + 0.5); */
2947 q = float64_mul(q, float64_256,s );
2948 q = float64_add(q, float64_half, s);
2949 q_int = float64_to_int64_round_to_zero(q, s);
2951 /* return (double)s / 256.0;*/
2952 return float64_div(int64_to_float64(q_int, s), float64_256, s);
2955 float32 HELPER(rsqrte_f32)(float32 a, CPUState *env)
2957 float_status *s = &env->vfp.standard_fp_status;
2963 val = float32_val(a);
2965 if (float32_is_any_nan(a)) {
2966 if (float32_is_signaling_nan(a)) {
2967 float_raise(float_flag_invalid, s);
2969 return float32_default_nan;
2970 } else if (float32_is_zero_or_denormal(a)) {
2971 if (!float32_is_zero(a)) {
2972 float_raise(float_flag_input_denormal, s);
2974 float_raise(float_flag_divbyzero, s);
2975 return float32_set_sign(float32_infinity, float32_is_neg(a));
2976 } else if (float32_is_neg(a)) {
2977 float_raise(float_flag_invalid, s);
2978 return float32_default_nan;
2979 } else if (float32_is_infinity(a)) {
2980 return float32_zero;
2983 /* Normalize to a double-precision value between 0.25 and 1.0,
2984 * preserving the parity of the exponent. */
2985 if ((val & 0x800000) == 0) {
2986 f64 = make_float64(((uint64_t)(val & 0x80000000) << 32)
2988 | ((uint64_t)(val & 0x7fffff) << 29));
2990 f64 = make_float64(((uint64_t)(val & 0x80000000) << 32)
2992 | ((uint64_t)(val & 0x7fffff) << 29));
2995 result_exp = (380 - ((val & 0x7f800000) >> 23)) / 2;
2997 f64 = recip_sqrt_estimate(f64, env);
2999 val64 = float64_val(f64);
3001 val = ((val64 >> 63) & 0x80000000)
3002 | ((result_exp & 0xff) << 23)
3003 | ((val64 >> 29) & 0x7fffff);
3004 return make_float32(val);
3007 uint32_t HELPER(recpe_u32)(uint32_t a, CPUState *env)
3011 if ((a & 0x80000000) == 0) {
3015 f64 = make_float64((0x3feULL << 52)
3016 | ((int64_t)(a & 0x7fffffff) << 21));
3018 f64 = recip_estimate (f64, env);
3020 return 0x80000000 | ((float64_val(f64) >> 21) & 0x7fffffff);
3023 uint32_t HELPER(rsqrte_u32)(uint32_t a, CPUState *env)
3027 if ((a & 0xc0000000) == 0) {
3031 if (a & 0x80000000) {
3032 f64 = make_float64((0x3feULL << 52)
3033 | ((uint64_t)(a & 0x7fffffff) << 21));
3034 } else { /* bits 31-30 == '01' */
3035 f64 = make_float64((0x3fdULL << 52)
3036 | ((uint64_t)(a & 0x3fffffff) << 22));
3039 f64 = recip_sqrt_estimate(f64, env);
3041 return 0x80000000 | ((float64_val(f64) >> 21) & 0x7fffffff);
3044 void HELPER(set_teecr)(CPUState *env, uint32_t val)
3047 if (env->teecr != val) {
projects / sdk / emulator / qemu.git / blob