Commit graph

3574 commits

Author SHA1 Message Date
Richard Henderson bb930f35b0
target/arm: Implement SVE Partition Break Group
Backports commit 35da316f5e847292ffbe7b6d16cd3988043dfe22 from qemu
2018-06-15 13:42:35 -04:00
Richard Henderson ade246e87b
target/arm: Implement SVE Integer Compare - Immediate Group
Backports commit 38cadeba0daf0f16cf2aeaa5b2752b26fb0676c5 from qemu
2018-06-15 13:35:40 -04:00
Richard Henderson 2969a38d61
target/arm: Implement SVE Integer Compare - Vectors Group
Backports commit 757f9cff1b63895bfd6fc8d66a6e52d7c40baa7b from qemu
2018-06-15 13:29:15 -04:00
Richard Henderson 7211d415a4
target/arm: Implement SVE Select Vectors Group
Backports commit d3fe4a29d754dee73cbf3cb7584db222981179ac from qemu
2018-06-15 13:17:47 -04:00
Richard Henderson 7698c1634e
target/arm: Implement SVE vector splice (predicated)
Backports commit b48ff24098c72f86e187e6abb7e9ca4de40a7fb4 from qemu
2018-06-15 13:14:33 -04:00
Richard Henderson 7d930e8515
target/arm: Implement SVE reverse within elements
Backports commit dae8fb9019d2aa6ccb151a19871df40de6c98e29 from qemu
2018-06-15 13:12:14 -04:00
Richard Henderson 53d151de58
target/arm: Implement SVE copy to vector (predicated)
Backports commit 792a557847697235037fea30eaaacb9b45b4c9e5 from qemu
2018-06-15 13:03:36 -04:00
Richard Henderson 0bb2fdd752
target/arm: Implement SVE conditionally broadcast/extract element
Backports commit ef23cb726dc32375bc2fca7ac3e9f34816f6ee13 from qemu
2018-06-15 13:01:40 -04:00
Richard Henderson 8ba3bde59b
target/arm: Implement SVE compress active elements
Backports commit 3ca879aeb3412bc2be35d01a7bedf5fada960b5d from qemu
2018-06-15 12:52:19 -04:00
Richard Henderson d9ed221567
target/arm: Implement SVE Permute - Interleaving Group
Backports commit 234b48e9c68759aea78ff5a1e49c2ba806cd1d83 from qemu
2018-06-15 12:49:42 -04:00
Richard Henderson 3722ab310b
target/arm: Implement SVE Permute - Predicates Group
Backports commit d731d8cb3c74258669211f065c918353eb7b8f4a from qemu
2018-06-15 12:44:50 -04:00
Richard Henderson c57ff23c56
target/arm: Implement SVE Permute - Unpredicated Group
Backports commit 30562ab716bcec0bf718b47b5268949856b17604 from qemu
2018-06-15 12:37:56 -04:00
Richard Henderson 4dc2b5ea79
target/arm: Extend vec_reg_offset to larger sizes
Rearrange the arithmetic so that we are agnostic about the total size
of the vector and the size of the element. This will allow us to index
up to the 32nd byte and with 16-byte elements.

Backports commit 66f2dbd783d0b6172043e3679171421b2d0bac11 from qemu
2018-06-15 12:23:35 -04:00
Peter Maydell 0a23259560
exec.c: Use stn_p() and ldn_p() instead of explicit switches
Now we have stn_p() and ldn_p() we can use them in various
functions in exec.c that used to have their own switch-on-size code.

Backports commit 6d3ede5410e05c5f6221dab1daf99164fd6bf879 from qemu
2018-06-15 12:20:59 -04:00
Peter Maydell cb879422e9
exec.c: Don't accidentally sign-extend 4-byte loads in subpage_read()
In subpage_read() we perform a load of the data into a local buffer
which we then access using ldub_p(), lduw_p(), ldl_p() or ldq_p()
depending on its size, storing the result into the uint64_t *data.
Since ldl_p() returns an 'int', this means that for the 4-byte
case we will sign-extend the data, whereas for 1 and 2 byte
reads we zero-extend it.

This ought not to matter since the caller will likely ignore values in
the high bytes of the data, but add a cast so that we're consistent.

Backports commit 22672c6075a16d1998e37686f02ed4bd2fb30f78 from qemu
2018-06-15 12:18:40 -04:00
Peter Maydell 8295b228e3
bswap: Add new stn_*_p() and ldn_*_p() memory access functions
There's a common pattern in QEMU where a function needs to perform
a data load or store of an N byte integer in a particular endianness.
At the moment this is handled by doing a switch() on the size and
calling the appropriate ld*_p or st*_p function for each size.

Provide a new family of functions ldn_*_p() and stn_*_p() which
take the size as an argument and do the switch() themselves.

Backports commit afa4f6653dca095f63f3fe7f2001e9334f5676c1 from qemu
2018-06-15 12:17:21 -04:00
Peter Maydell 61a7ac6948
cpu-defs.h: Document CPUIOTLBEntry 'addr' field
The 'addr' field in the CPUIOTLBEntry struct has a rather non-obvious
use; add a comment documenting it (reverse-engineered from what
the code that sets it is doing).

Backports commit ace4109011b4912b24e76f152e2cf010e78819c5 from qemu
2018-06-15 12:07:39 -04:00
Peter Maydell 7a6ae26346
cputlb: Pass cpu_transaction_failed() the correct physaddr
The API for cpu_transaction_failed() says that it takes the physical
address for the failed transaction. However we were actually passing
it the offset within the target MemoryRegion. We don't currently
have any target CPU implementations of this hook that require the
physical address; fix this bug so we don't get confused if we ever
do add one.

Backports commit 2d54f19401bc54b3b56d1cc44c96e4087b604b97 from qemu
2018-06-15 12:03:23 -04:00
Nicholas Piggin 1a9d9e3547
osdep: powerpc64 align memory to allow 2MB radix THP page tables
This allows KVM with the Book3S radix MMU mode to take advantage of
THP and install larger pages in the partition scope page tables (the
host translation).

Backports commit 0c1272cc7c72dfe0ef66be8f283cf67c74b58586 from qemu
2018-06-15 11:53:55 -04:00
Babu Moger d4ad9e37a2
i386: Populate AMD Processor Cache Information for cpuid 0x8000001D
Add information for cpuid 0x8000001D leaf. Populate cache topology information
for different cache types (Data Cache, Instruction Cache, L2 and L3) supported
by 0x8000001D leaf. Please refer to the Processor Programming Reference (PPR)
for AMD Family 17h Model for more details.

Backports commit 8f4202fb1080f86958782b1fca0bf0279f67d136 from qemu
2018-06-15 11:52:28 -04:00
Eduardo Habkost 7837f23cd9
i386: Clean up cache CPUID code
Always initialize CPUCaches structs with cache information, even
if legacy_cache=true. Use different CPUCaches struct for
CPUID[2], CPUID[4], and the AMD CPUID leaves.

This will simplify a lot the logic inside cpu_x86_cpuid()

Backports commit a9f27ea9adc8c695197bd08f2e938ef7b4183f07 from qemu
2018-06-15 11:51:09 -04:00
Richard Henderson 1a91edd263
target/m68k: Merge disas_m68k_insn into m68k_tr_translate_insn
Backports commit a56f36c1d2bccbc50a53fa8093b93d205607f1b8 from qemu
2018-06-15 11:40:18 -04:00
Richard Henderson a8540a30d2
target/m68k: Improve ending TB at page boundaries
Rather than limit total TB size to PAGE-32 bytes, end the TB when
near the end of a page. This should provide proper semantics of
SIGSEGV when executing near the end of a page.

Backports commit 4c7a0f6f34869b3dfe7091d28ff27a8dfbdd8b70 from qemu
2018-06-15 11:36:08 -04:00
Richard Henderson c42ca54685
target/m68k: Convert to TranslatorOps
Backports commit 11ab74b01e0a8ea4973eed89c6b90fa6e4fb9fb6 from qemu
2018-06-15 11:35:31 -04:00
Richard Henderson f4432cbca7
target/m68k: Convert to DisasContextBase
Removed ctx->insn_pc in favour of ctx->base.pc_next.
Yes, it is annoying, but didn't want to waste its 4 bytes.

Backports commit a575cbe01caecf22ab322a9baa5930a6d9e39ca6 from qemu
2018-06-15 11:25:23 -04:00
Richard Henderson 0445fcf34a
target/m68k: Rename DISAS_UPDATE and gen_lookup_tb
The name gen_lookup_tb is at odds with tcg_gen_lookup_and_goto_tb.
For these cases, we do indeed want to exit back to the main loop.
Similarly, DISAS_UPDATE performs no actual update, whereas DISAS_EXIT
does what it says.

Backports commit 4106f26e95c83b8759c3fe61a4d3a1fa740db0a9 from qemu
2018-06-15 10:50:34 -04:00
Richard Henderson 90b3770665
target/m68k: Use lookup_and_goto_tb for DISAS_JUMP
These are all indirect or out-of-page direct jumps.
We can indirectly chain to the next TB without going
back to the main loop.

Backports commit 8aaf7da9c3b1f282b5a123de3e87a2e6ca87f3b9 from qemu
2018-06-15 10:48:18 -04:00
Richard Henderson c2fe05f7d9
target/m68k: Remove DISAS_JUMP_NEXT as unused
Backports commit 707ddb5ac6f91309ff6ed6bec988ed8100846f50 from qemu
2018-06-15 10:46:26 -04:00
Richard Henderson 76b8bd614d
target/m68k: Replace DISAS_TB_JUMP with DISAS_NORETURN
We have exited the TB after using goto_tb; there is no
distinction from DISAS_NORETURN.

Backports commit 825340f5659647deb62743c3cb479ec8d78f1862 from qemu
2018-06-15 10:45:33 -04:00
Richard Henderson 3c01ea765d
target/m68k: Use DISAS_NORETURN for exceptions
The raise_exception helper does not return. Do not generate
any code following that.

Backports commit cb4add334a5a8db263c20c33c5365be3868f8967 from qemu
2018-06-15 10:44:07 -04:00
Philippe Mathieu-Daudé 145174a359
target/m68k: Add trailing '\n' to qemu_log() call
Backports commit 21528149eba03fc17f428a8e1660d8666683ca85 from qemu
2018-06-08 19:25:21 -04:00
Philippe Mathieu-Daudé 5992214b3b
target/arm: Add trailing '\n' to qemu_log() calls
Backports commit 0221c8fdf2321137b34bd4dbb2557d0725739822 from qemu
2018-06-08 19:24:38 -04:00
Fam Zheng 666130cb41
Makefile: Rename TARGET_DIRS to TARGET_LIST
To be more accurate on its purpose and make code that looks for a certain
target out of this variable more readable.

Backports commit 208ecb3e1acc8d55dab49fdf721a86d513691688 from qemu
2018-06-08 19:22:45 -04:00
Richard Henderson 10e2b13650
tcg: Pass tb and index to tcg_gen_exit_tb separately
Do the cast to uintptr_t within the helper, so that the compiler
can type check the pointer argument. We can also do some more
sanity checking of the index argument.

Backports commit 07ea28b41830f946de3841b0ac61a3413679feb9 from qemu
2018-06-07 11:56:32 -04:00
Paolo Bonzini 330bb60809
tcg: remove softfloat from --disable-tcg builds
Even though the presence of softfloat does not cause --disable-tcg builds to fail,
it is the single largest .o file in them. Remove it, since TCG is the only client.

Backports commit 8f971cf0c9265fa5d9f06a195f119237e403c0ce from qemu
2018-06-07 11:49:35 -04:00
Peter Maydell 76fd93726c
exec.c: Initialize sa_flags passed to sigaction()
Coverity points out that in the user-only version of cpu_abort() we
call sigaction() with a partially initialized struct sigaction
(CID 1005351). Correct the omission.

Backports commit 8347c18506c3f8619527d19134cb4aac071dc54a from qemu
2018-06-07 11:47:08 -04:00
Richard Henderson 533a3f6a6c
tcg: Fix helper function vs host abi for float16
Depending on the host abi, float16, aka uint16_t, values are
passed and returned either zero-extended in the host register
or with garbage at the top of the host register.

The tcg code generator has so far been assuming garbage, as that
matches the x86 abi, but this is incorrect for other host abis.
Further, target/arm has so far been assuming zero-extended results,
so that it may store the 16-bit value into a 32-bit slot with the
high 16-bits already clear.

Rectify both problems by mapping "f16" in the helper definition
to uint32_t instead of (a typedef for) uint16_t. This forces
the host compiler to assume garbage in the upper 16 bits on input
and to zero-extend the result on output.

Backports commit 6c2be133a7478e443c99757b833d0f265c48e0a6 from qemu
2018-06-02 10:10:12 -04:00
Peter Maydell 0f0b2e0bd8
target/arm: Honour FPCR.FZ in FRECPX
The FRECPX instructions should (like most other floating point operations)
honour the FPCR.FZ bit which specifies whether input denormals should
be flushed to zero (or FZ16 for the half-precision version).
We forgot to implement this, which doesn't affect the results (since
the calculation doesn't actually care about the mantissa bits) but did
mean we were failing to set the FPSR.IDC bit.

Backports commit 2cfbf36ec07f7cac1aabb3b86f1c95c8a55424ba from qemu
2018-06-02 10:02:57 -04:00
Konrad Rzeszutek Wilk a08dcb8aa6
i386: define the AMD 'virt-ssbd' CPUID feature bit (CVE-2018-3639)
AMD Zen expose the Intel equivalant to Speculative Store Bypass Disable
via the 0x80000008_EBX[25] CPUID feature bit.

This needs to be exposed to guest OS to allow them to protect
against CVE-2018-3639.

Backports commit 403503b162ffc33fb64cfefdf7b880acf41772cd from qemu
2018-05-22 16:58:25 -04:00
Konrad Rzeszutek Wilk 860411e045
i386: Define the Virt SSBD MSR and handling of it (CVE-2018-3639)
"Some AMD processors only support a non-architectural means of enabling
speculative store bypass disable (SSBD). To allow a simplified view of
this to a guest, an architectural definition has been created through a new
CPUID bit, 0x80000008_EBX[25], and a new MSR, 0xc001011f. With this, a
hypervisor can virtualize the existence of this definition and provide an
architectural method for using SSBD to a guest.

Add the new CPUID feature, the new MSR and update the existing SSBD
support to use this MSR when present." (from x86/speculation: Add virtualized
speculative store bypass disable support in Linux).

Backports commit cfeea0c021db6234c154dbc723730e81553924ff from qemu
2018-05-22 16:57:39 -04:00
Daniel P. Berrangé 795bcc7de3
i386: define the 'ssbd' CPUID feature bit (CVE-2018-3639)
New microcode introduces the "Speculative Store Bypass Disable"
CPUID feature bit. This needs to be exposed to guest OS to allow
them to protect against CVE-2018-3639.

Backports commit d19d1f965904a533998739698020ff4ee8a103da from qemu
2018-05-22 16:56:41 -04:00
Philippe Mathieu-Daudé 752fd5dd12
typedefs: Remove PcGuestInfo from qemu/typedefs.h
It is long gone since e4e8ba04c2007 ...

Backports commit 201376cb9e500f64209444cb95f566679c0f54a2 from qemu
2018-05-22 00:32:07 -04:00
Murilo Opsfelder Araujo 3a3aa9e23d
HACKING: document preference for g_new instead of g_malloc
This patch documents the preference for g_new instead of g_malloc. The
reasons were adapted from commit b45c03f585ea9bb1af76c73e82195418c294919d.

Discussion in QEMU's mailing list:
http://lists.nongnu.org/archive/html/qemu-devel/2018-05/msg03238.html

Backports commit f7c922ed3d8e3cb54febbdc594ce9f4400e0d290 from qemu
2018-05-22 00:30:50 -04:00
Emilio G. Cota 7e8902eccc
tcg: fix s/compliment/complement/ typos
Backports commit 1d349821551c2da4dfefe36c6ac17319f33ebbd5 from qemu
2018-05-22 00:29:51 -04:00
Richard Henderson 6835b2dd13
target/arm: Implement SVE Permute - Extract Group
Backports commit b94f8f60bd841c5b737185cd38263e26822f77ab from qemu
2018-05-20 05:26:55 -04:00
Richard Henderson 9917f0d536
target/arm: Implement SVE Integer Wide Immediate - Predicated Group
Backports commit f25a2361539626721dbccce14c077cad03b2e72c from qemu
2018-05-20 05:24:04 -04:00
Richard Henderson f4ecf1a152
target/arm: Implement SVE Bitwise Immediate Group
Backports commit e1fa1164f397bbd381439ed32d97d9b4b4d7eb43 from qemu
2018-05-20 05:17:53 -04:00
Richard Henderson 89038c1e4b
target/arm: Implement SVE Element Count Group
Backports commit 24e82e68341e73ec0f65534c78c13fd03395b188 from qemu
2018-05-20 05:15:35 -04:00
Richard Henderson 0249ab3f7e
target/arm: Implement SVE floating-point trig select coefficient
Backports commit a1f233f25fd502f9a5b40c14df1b4dbdda463487 from qemu
2018-05-20 05:05:20 -04:00
Richard Henderson d6c18fc788
target/arm: Implement SVE floating-point exponential accelerator
Backports commit 0762cd428fd7b471207f5cb5b4bd4bd8f141dbe0 from qemu
2018-05-20 05:01:16 -04:00
Richard Henderson cb55a3acdb
target/arm: Implement SVE Compute Vector Address Group
Backports commit 4b242d9c1b6beaf5c81d84e956243b614a4a1d84 from qemu
2018-05-20 04:57:18 -04:00
Richard Henderson 45e009269e
target/arm: Implement SVE Bitwise Shift - Unpredicated Group
Backports commit d9d78dccc86eed10ccf1c8e1ac236e41ec330b06 from qemu
2018-05-20 04:51:58 -04:00
Lioncash bf97c44a2b
target/arm: Implement SVE Stack Allocation Group 2018-05-20 04:45:53 -04:00
Richard Henderson 45a09e2f25
target/arm: Implement SVE Index Generation Group
Backports commit 9a56c9c3a955b77fe436beef7ac03c76a65fa32d from qemu
2018-05-20 04:43:01 -04:00
Richard Henderson 390bd68287
target/arm: Implement SVE Integer Arithmetic - Unpredicated Group
Backports commit fea98f9c3077e4666f6d4933030b5891fbd6bb12 from qemu
2018-05-20 04:36:54 -04:00
Richard Henderson 1730d3cff0
target/arm: Implement SVE Integer Multiply-Add Group
Backports commit 96a36e4a44bbf296ac212ed68ebf4e48d3dfb1f0 from qemu
2018-05-20 04:35:36 -04:00
Richard Henderson 32949156d2
target/arm: Implement SVE Integer Arithmetic - Unary Predicated Group
Backports commit afac6d0467c1327ad2e30a3c35347fcf5a773742 from qemu
2018-05-20 04:31:18 -04:00
Lioncash 878b862a04
target/arm: Implement SVE bitwise shift by wide elements (predicated) 2018-05-20 03:10:24 -04:00
Richard Henderson 5aa51a3a74
target/arm: Implement SVE bitwise shift by vector (predicated)
Backports commit 27721dbb7ae5e2a52f06588cf38854e4cbc613c0 from qemu
2018-05-20 03:07:02 -04:00
Richard Henderson 7bb3067b95
target/arm: Implement SVE bitwise shift by immediate (predicated)
Backports commit ccd841c3d71db6943f8b6d3d56bd2abb548ba40c from qemu
2018-05-20 03:01:07 -04:00
Richard Henderson 837e39ea63
target/arm: Implement SVE Integer Reduction Group
Excepting MOVPRFX, which isn't a reduction. Presumably it is
placed within the group because of its encoding.

Backports commit 047cec971d2791b206677b954227ea92ff7ee3db from qemu
2018-05-20 02:53:04 -04:00
Richard Henderson 331aabddeb
target/arm: Implement SVE Predicate Misc Group
Backports commit 028e2a7b876631eff165cac59eb43bdb2dcc213b and
f97cfd596ed9bd38644323cb61d19b85ac703c81 from qemu
2018-05-20 02:43:36 -04:00
Richard Henderson 65f74e3608
target/arm: Implement SVE Predicate Logical Operations Group
Backports commit 516e246a1a292f6c6f6aad5451799accbb08acd9 from qemu
2018-05-20 01:35:59 -04:00
Lioncash 1eaa2e4571
target/arm: Implement SVE predicate test 2018-05-20 01:16:16 -04:00
Richard Henderson e6a0b2c2bc
target/arm: Implement SVE Bitwise Logical - Unpredicated Group
These were the instructions that were stubbed out when
introducing the decode skeleton.

Backports commit 39eea56172e668cc4cca611ed9166779df54ac63 from qemu
2018-05-20 01:00:52 -04:00
Richard Henderson 49def4bbde
target/arm: Add SVE decode skeleton
Including only 4, as-yet unimplemented, instruction patterns
so that the whole thing compiles.

Backports commit 38388f7ee3adc04a7e7246c04352451c4f8d00fb from qemu
2018-05-20 00:48:14 -04:00
Richard Henderson d2d8e2fc33
target/arm: Introduce translate-a64.h
Move some stuff that will be common to both translate-a64.c
and translate-sve.c.

Backports commit 8c71baedb8055beaa681823206ee3a74f9f8649a from qemu
2018-05-20 00:34:25 -04:00
Abdallah Bouassida 11149ba82b
target/arm: Add _S suffix to the secure version of a sysreg
This is a preparation for the coming feature of creating dynamically an XML
description for the ARM sysregs.
Add "_S" suffix to the secure version of sysregs that have both S and NS views
Replace (S) and (NS) by _S and _NS for the register that are manually defined,
so all the registers follow the same convention.

Backports commit 9c513e786d85cc58b8ba56a482566f759e0835b6 from qemu
2018-05-20 00:19:34 -04:00
Abdallah Bouassida 079615b2a0
target/arm: Add ARM_CP_NO_GDB as a new bit field for ARMCPRegInfo type
This is a preparation for the coming feature of creating dynamically an XML
description for the ARM sysregs.
A register has ARM_CP_NO_GDB enabled will not be shown in the dynamic XML.
This bit is enabled automatically when creating CP_ANY wildcard aliases.
This bit could be enabled manually for any register we want to remove from the
dynamic XML description.

Backports commit 1f16378718fa87d63f70d0797f4546a88d8e3dd7 from qemu
2018-05-20 00:15:56 -04:00
Richard Henderson 31b3a98233
fpu/softfloat: Define floatN_silence_nan in terms of parts_silence_nan
Isolate the target-specific choice to 3 functions instead of 6.

The code in floatx80_default_nan tried to be over-general. There are
only two targets that support this format: x86 and m68k. Thus there
is no point in inventing a mechanism for snan_bit_is_one.

Move routines that no longer have ifdefs out of softfloat-specialize.h.

Backports commit 377ed92679a2a5f838bc0a095112ea5020720fff from qemu
2018-05-20 00:13:42 -04:00
Richard Henderson 65c768593c
fpu/softfloat: Clean up parts_default_nan
Reduce the number of ifdefs. Correct the result for OpenRISC
and TriCore (although TriCore fixed in target-specific code).

Backports commit 8fb3d90203f328d1bebcf7f20934027bfc4e7f3f from qemu
2018-05-20 00:11:25 -04:00
Richard Henderson df3436b518
fpu/softfloat: Define floatN_default_nan in terms of parts_default_nan
Isolate the target-specific choice to 2 functions instead of 6.

The code in float16_default_nan was only correct for ARM, MIPS, and X86.
Though float16 support is rare among our targets.

The code in float128_default_nan was arguably wrong for Sparc. While
QEMU supports the Sparc 128-bit insns, no real cpu enables it.

The code in floatx80_default_nan tried to be over-general. There are
only two targets that support this format: x86 and m68k. Thus there
is no point in inventing a value for snan_bit_is_one.

Move routines that no longer have ifdefs out of softfloat-specialize.h.

Backports commit 0218a16e540ad416683e19dfbd52f75092507b27 from qemu
2018-05-20 00:04:20 -04:00
Richard Henderson 77bee9e8a5
fpu/softfloat: Pass FloatClass to pickNaNMulAdd
For each operand, pass a single enumeration instead of a pair of booleans.
The commit also merges multiple different ifdef-selected implementations
of pickNaNMulAdd into a single function whose body is ifdef-selected.

Backports commit 3bd2dec1a1e8fadb49e3ff2e2633f79e01a25c41 from qemu
2018-05-19 23:59:01 -04:00
Richard Henderson d03c570049
fpu/softfloat: Pass FloatClass to pickNaN
For each operand, pass a single enumeration instead of a pair of booleans.
The commit also merges multiple different ifdef-selected implementations
of pickNaN into a single function whose body is ifdef-selected.

Backports commit 4f251cfd52c7945ebd6ab0d86518b1a9aa51b10c from qemu
2018-05-19 23:49:46 -04:00
Richard Henderson 7995525f68
fpu/softfloat: Make is_nan et al available to softfloat-specialize.h
We will need these helpers within softfloat-specialize.h, so move
the definitions above the include. After specialization, they will
not always be used so mark them to avoid the Werror.

Backports commit 247d1f2190c5530fd18fe92a145d0a1985fca4e4 from qemu
2018-05-19 23:41:51 -04:00
Richard Henderson 79a4c4ed0f
fpu/softfloat: Specialize on snan_bit_is_one
Only MIPS requires snan_bit_is_one to be variable. While we are
specializing softfloat behaviour, allow other targets to eliminate
this runtime check.

Backports commit 03385dfdaaa2dc31bbd07d13244a6b037bfab4cc from qemu
2018-05-19 23:38:58 -04:00
Richard Henderson 9810a6d9d6
fpu/softfloat: Remove floatX_maybe_silence_nan
These functions are now unused.

Backports commit 5240a30dcc6ca85dc9352f351e2cc326402288ed from qemu
2018-05-19 23:29:30 -04:00
Richard Henderson 2eb50e8117
fpu/softfloat: Use float*_silence_nan in propagateFloat*NaN
We have already checked the arguments for SNaN;
we don't need to do it again.

Backports commit 4885312f47c0b3607e36d0568db3d717a79e51a3 from qemu
2018-05-19 23:27:34 -04:00
Richard Henderson 4c8b31e7fe
target/mips: Remove floatX_maybe_silence_nan from conversions
This is now handled properly by the generic softfloat code.

Backports commit 4accd4a89f776b0d2a34d1edf74c785549c7f3b9 from qemu
2018-05-19 23:25:04 -04:00
Richard Henderson 4e9ca91bb2
target/m68k: Use floatX_silence_nan when we have already checked for SNaN
Backports commit 1c0c951f717e66b4be45611c0d6661a2dff4241c from qemu
2018-05-19 23:23:56 -04:00
Richard Henderson 1b6cac4e7e
target/arm: Remove floatX_maybe_silence_nan from conversions
This is now handled properly by the generic softfloat code.

Backports commit a9d173dc603af74102c24c1c92d479ba580bbf07 from qemu
2018-05-19 23:23:09 -04:00
Richard Henderson 5e532f6d20
target/arm: Use floatX_silence_nan when we have already checked for SNaN
Backports commit d7ecc062c4e264f716ed239df931f52adb340508 from qemu
2018-05-19 23:21:28 -04:00
Alex Bennée f1f2521b38
fpu/softfloat: re-factor float to float conversions
This allows us to delete a lot of additional boilerplate
code which is no longer needed.

Backports commit 6fed16b265a4fcc810895bbca4d67e1ae7a89f07 from qemu
2018-05-19 23:16:58 -04:00
Alex Bennée e65fd25e17
fpu/softfloat: Partial support for ARM Alternative half-precision
For float16 ARM supports an alternative half-precision format which
sacrifices the ability to represent NaN/Inf in return for a higher
dynamic range. The new FloatFmt flag, arm_althp, is then used to
modify the behaviour of canonicalize and round_canonical with respect
to representation and exception raising.

Usage of this new flag waits until we re-factor float-to-float conversions.

Backports commit ca3a3d5a3141d44aa717dc11e4d33a834a85e1f6 from qemu
2018-05-19 23:02:38 -04:00
Alex Bennée 50105cf593
target/arm: squash FZ16 behaviour for conversions
The ARM ARM specifies FZ16 is suppressed for conversions. Rather than
pushing this logic into the softfloat code we can simply save the FZ
state and temporarily disable it for the softfloat call.

Backports commit 0acb9e7cb341cd767e39ec0875c8706eb2f1c359 from qemu
2018-05-19 23:00:09 -04:00
Alex Bennée 40d57900bf
target/arm: convert conversion helpers to fpst/ahp_flag
Instead of passing env and leaving it up to the helper to get the
right fpstatus we pass it explicitly. There was already a get_fpstatus
helper for neon for the 32 bit code. We also add an get_ahp_flag() for
passing the state of the alternative FP16 format flag. This leaves
scope for later tracking the AHP state in translation flags.

Backports commit 486624fcd3eaca6165ab8401d73bbae6c0fb81c1 from qemu
2018-05-19 22:58:25 -04:00
Richard Henderson e26a389129
fpu/softfloat: Replace float_class_msnan with parts_silence_nan
With a canonical representation of NaNs, we can silence an SNaN
immediately rather than delay until the final format is known.

Backports commit 0bcfbcbea548656ff930394f296589728c2a0c5d from qemu
2018-05-19 22:28:27 -04:00
Richard Henderson baf1d57071
fpu/softfloat: Replace float_class_dnan with parts_default_nan
With a canonical representation of NaNs, we can return the
default nan directly rather than delay the expansion until
the final format is known.

Note one case where we uselessly assigned to a.sign, which was
overwritten/ignored later when expanding float_class_dnan.

Backports commit f7e598e264b94d0982e647ac303108781d5eb4fa from qemu
2018-05-19 22:25:21 -04:00
Richard Henderson 97152bc427
fpu/softfloat: Introduce parts_is_snan_frac
Backports commit 298b468e4389587ab2e8599dd33eff3fbc698011 from qemu
2018-05-19 22:20:03 -04:00
Richard Henderson f89c1fc034
fpu/softfloat: Canonicalize NaN fraction
Shift the NaN fraction to a canonical position, much like we
do for the fraction of normal numbers. This will facilitate
manipulation of NaNs within the shared code paths.

Backports commit 94933df0e5c34d1a50fc950553f9c9649cae5320 from qemu
2018-05-19 22:17:44 -04:00
Richard Henderson 3873bfe133
fpu/softfloat: Move softfloat-specialize.h below FloatParts definition
We want to be able to specialize on the canonical representation.

Backports commit 0664335a6eb65d684918dd3f1a7f0a3d5b92cbe1 from qemu
2018-05-19 22:07:12 -04:00
Richard Henderson ff8fab55a2
fpu/softfloat: Split floatXX_silence_nan from floatXX_maybe_silence_nan
The new function assumes that the input is an SNaN and
does not double-check.

Backports commit d619bb98fdcda24f9ee3b7a53a4d555228dbca52 from qemu
2018-05-19 22:06:33 -04:00
Richard Henderson db3479e242
fpu/softfloat: Merge NO_SIGNALING_NANS definitions
Move the ifdef inside the relevant functions instead of
duplicating the function declarations.

Backports commit bca52234d1c04e0665f67708bcdef6d805d60adb from qemu
2018-05-19 21:59:24 -04:00
Petr Tesarik d1d09f384e
fpu/softfloat: Fix conversion from uint64 to float128
The significand is passed to normalizeRoundAndPackFloat128() as high
first, low second. The current code passes the integer first, so the
result is incorrectly shifted left by 64 bits.

This bug affects the emulation of s390x instruction CXLGBR (convert
from logical 64-bit binary-integer operand to extended BFP result).

Backports commit 6603d50648901e8b9e6d66ec1142accf0b1df1e6 from qemu
2018-05-19 21:55:59 -04:00
Babu Moger 5091ebe6fb
i386: Add new property to control cache info
The property legacy-cache will be used to control the cache information.
If user passes "-cpu legacy-cache" then older information will
be displayed even if the hardware supports new information. Otherwise
use the statically loaded cache definitions if available.

Renamed the previous cache structures to legacy_*. If there is any change in
the cache information, then it needs to be initialized in builtin_x86_defs.

Backports commit ab8f992e3e63e91be257e4e343d386dae7be4bcb from qemu
2018-05-17 19:04:56 -04:00
Babu Moger 1add2da704
i386: Initialize cache information for EPYC family processors
Initialize pre-determined cache information for EPYC processors.

Backports commit fe52acd2a054b97765963a42037f2f886545e30c from qemu
2018-05-17 19:01:19 -04:00
Babu Moger c5b8a6a704
i386: Add cache information in X86CPUDefinition
Add cache information in X86CPUDefinition and CPUX86State.

Backports commit 6aaeb05492ef668f415324f43e7d875c0f1e90b3 from qemu
2018-05-17 18:56:12 -04:00
Eduardo Habkost db87beaaa6
i386: Helpers to encode cache information consistently
Instead of having a collection of macros that need to be used in
complex expressions to build CPUID data, define a CPUCacheInfo
struct that can hold information about a given cache. Helper
functions will take a CPUCacheInfo struct as input to encode
CPUID leaves for a cache.

This will help us ensure consistency between cache information
CPUID leaves, and make the existing inconsistencies in CPUID info
more visible.

Backports commit 7e3482f824809e1f6ffeb5bb8103ba27a7d1a52a from qemu
2018-05-17 18:54:29 -04:00
Jingqi Liu 9c93f3f530
x86/cpu: Enable CLDEMOTE(Demote Cache Line) cpu feature
The CLDEMOTE instruction hints to hardware that the cache line that
contains the linear address should be moved("demoted") from
the cache(s) closest to the processor core to a level more distant
from the processor core. This may accelerate subsequent accesses
to the line by other cores in the same coherence domain,
especially if the line was written by the core that demotes the line.

Intel Snow Ridge has added new cpu feature, CLDEMOTE.
The new cpu feature needs to be exposed to guest VM.

The bit definition:
CPUID.(EAX=7,ECX=0):ECX[bit 25] CLDEMOTE

The release document ref below link:
https://software.intel.com/sites/default/files/managed/c5/15/\
architecture-instruction-set-extensions-programming-reference.pdf

Backports commit 0da0fb062841d0dcd8ba47e4a989d2e952cdf0ff from qemu
2018-05-17 18:37:17 -04:00
Boqun Feng 09b42d05fe
i386: add KnightsMill cpu model
A new cpu model called "KnightsMill" is added to model Knights Mill
processors. Compared to "Skylake-Server" cpu model, the following
features are added:

avx512_4vnniw avx512_4fmaps avx512pf avx512er avx512_vpopcntdq

and the following features are removed:

pcid invpcid clflushopt avx512dq avx512bw clwb smap rtm mpx
xsavec xgetbv1 hle

Backports commit a18495159a35e9c5973d9aa0f612a97318bf684d from qemu
2018-05-17 18:35:37 -04:00
Peter Maydell 3dddb8564f
tcg: Optionally log FPU state in TCG -d cpu logging
Usually the logging of the CPU state produced by -d cpu is sufficient
to diagnose problems, but sometimes you want to see the state of
the floating point registers as well. We don't want to enable that
by default as it adds a lot of extra data to the log; instead,
allow it to be optionally enabled via -d fpu.

Backports relevant parts of commit ae7651804748c6b479d5ae09aeac4edb9c44f76e from qemu
2018-05-15 22:31:08 -04:00
Alex Bennée 070276faf6
target/arm: Fix sqrt_f16 exception raising
We are meant to explicitly pass fpst, not cpu_env.

Backports commit 905edee9101c54cda5b72286b7f7607cf1c3c4d1 from qemu
2018-05-15 22:29:54 -04:00
Alex Bennée f8e1f71df9
target/arm: Implement FMOV (immediate) for fp16
All the hard work is already done by vfp_expand_imm, we just need to
make sure we pick up the correct size.

Backports commit 6ba28ddb9be37bdb67e3e38007a53ccbdcd010df from qemu
2018-05-15 22:28:46 -04:00
Alex Bennée cd76e7aaaa
target/arm: Implement FCSEL for fp16
These were missed out from the rest of the half-precision work.

Backports commit ace97feef3613194900d4eb9ffc6819b840fbaeb from qemu
2018-05-15 22:26:53 -04:00
Alex Bennée 80074e4745
target/arm: Implement FCMP for fp16
These where missed out from the rest of the half-precision work.

Backports commit 7a1929256ea1a03df12625e75ed571c60dca5bfb from qemu
2018-05-15 22:24:39 -04:00
Richard Henderson eeab666292
target/arm: Implement FP data-processing (3 source) for fp16
We missed all of the scalar fp16 fma operations.

Backports commit 95f9864fde6078e2d2c036a07cc4fe44f199be96 from qemu
2018-05-15 22:19:42 -04:00
Richard Henderson a614dbb3c7
target/arm: Implement FP data-processing (2 source) for fp16
We missed all of the scalar fp16 binary operations.

Backports commit b8f5171cf01420a9f0ee895c5591e9b9914f391a from qemu
2018-05-15 22:14:43 -04:00
Richard Henderson 60dfdb724b
target/arm: Introduce and use read_fp_hreg
Backports commit 3d99d931266eaeaf7e83703a53f32232cd6faad7 from qemu
2018-05-15 22:10:51 -04:00
Richard Henderson 9b42d01480
target/arm: Implement FCVT (scalar, fixed-point) for fp16
Backports commit 2752728016bef06e7c9cfb961019272859beeca4 from qemu
2018-05-15 22:08:07 -04:00
Richard Henderson 8436080518
target/arm: Implement FCVT (scalar, integer) for fp16
Backports commit 564a0632504fad840491aa9a59453f4e64a316c4 from qemu
2018-05-15 22:06:49 -04:00
Richard Henderson 75643ab1cf
target/arm: Early exit after unallocated_encoding in disas_fp_int_conv
No sense in emitting code after the exception.

Backports commit 8c738d430796edeae5e13d6daf0895c02c62bd54 from qemu
2018-05-15 21:55:42 -04:00
Richard Henderson bcaceb9bc7
target/arm: Implement FMOV (general) for fp16
Adding the fp16 moves to/from general registers.

Backports commit 68130236e30a1ec64363f4915349feee181bfbc1 from qemu
2018-05-15 21:54:32 -04:00
Peter Maydell 2629c0122e
target/arm: Fix fp_status_f16 tininess before rounding
In commit d81ce0ef2c4f105 we added an extra float_status field
fp_status_fp16 for Arm, but forgot to initialize it correctly
by setting it to float_tininess_before_rounding. This currently
will only cause problems for the new V8_FP16 feature, since the
float-to-float conversion code doesn't use it yet. The effect
would be that we failed to set the Underflow IEEE exception flag
in all the cases where we should.

Add the missing initialization.

Backports commit bcc531f0364796104df4443d17f99b5fb494eca2 from qemu
2018-05-15 21:51:48 -04:00
Peter Maydell e7656cbd7a
fpu/softfloat: Don't set Invalid for float-to-int(MAXINT)
In float-to-integer conversion, if the floating point input
converts exactly to the largest or smallest integer that
fits in to the result type, this is not an overflow.
In this situation we were producing the correct result value,
but were incorrectly setting the Invalid flag.
For example for Arm A64, "FCVTAS w0, d0" on an input of
0x41dfffffffc00000 should produce 0x7fffffff and set no flags.

Fix the boundary case to take the right half of the if()
statements.

This fixes a regression from 2.11 introduced by the softfloat
refactoring.

Backports commit 333583757c5e910b040bef793974773635ce1918 from qemu
2018-05-15 21:50:41 -04:00
Alex Bennée 99de568b7d
fpu/softfloat: int_to_float ensure r fully initialised
Reported by Coverity (CID1390635). We ensure this for uint_to_float
later on so we might as well mirror that.

Backports commit a5a5f5e2e437db6c19164b734f838a7bf9e0c5ec from qemu
2018-05-15 21:49:34 -04:00
Laurent Vivier 664396a635
m68k: fix floatx80_mod() (Coverity CID1390568)
Update the variable checked by the loop condition (expDiff).
Backport the update from Previous.

Fixes: 591596b77a ("target/m68k: add fmod/frem")

Backports commit 5a73e7f313da0e4657bcac61b533ced71b0d0224 from qemu
2018-05-15 07:44:12 -04:00
Richard Henderson 5902f32abf
target/arm: Clear SVE high bits for FMOV
Use write_fp_dreg and clear_vec_high to zero the bits
that need zeroing for these cases.

Backports commit 9a9f1f59521f46e8ff4527d9a2b52f83577e2aa3 from qemu
2018-05-14 08:43:55 -04:00
Richard Henderson 67740bbc7f
target/arm: Fix float16 to/from int16
The instruction "ucvtf v0.4h, v04h, #2", with input 0x8000u,
overflows the intermediate float16 to infinity before we have a
chance to scale the output. Use float64 as the intermediate type
so that no input argument (uint32_t in this case) can overflow
or round before scaling. Given the declared argument, the signed
int32_t function has the same problem.

When converting from float16 to integer, using u/int32_t instead
of u/int16_t means that the bounding is incorrect.

Backports commit 88808a022c06f98d81cd3f2d105a5734c5614839 from qemu
2018-05-14 08:41:20 -04:00
Richard Henderson e403957a5e
target/arm: Implement vector shifted FCVT for fp16
While we have some of the scalar paths for FCVT for fp16,
we failed to decode the fp16 version of these instructions.

Backports commit d0ba8e74acd299b092786ffc30b306638d395a9e from qemu
2018-05-14 08:36:54 -04:00
Richard Henderson ad6c191d96
target/arm: Implement vector shifted SCVF/UCVF for fp16
While we have some of the scalar paths for *CVF for fp16,
we failed to decode the fp16 version of these instructions.

Backports commit a6117fae4576edfe7a5a5b802a742c33112c0993 from qemu
2018-05-14 08:31:29 -04:00
Richard Henderson 5752b2086b
target/arm: Enable ARM_FEATURE_V8_ATOMICS for user-only
Backports commit ec7f05fae36637d11de272da82ad1e6c233e77d7 from qemu
2018-05-14 08:29:59 -04:00
Richard Henderson 688d0fd0ed
target/arm: Implement CAS and CASP
Backports commit 44ac14b06fa33f60982923b6b8a3bf8dd2fea61d from qemu
2018-05-14 08:28:45 -04:00
Richard Henderson b23c543e1a
target/arm: Fill in disas_ldst_atomic
This implements all of the v8.1-Atomics instructions except
for compare-and-swap, which is decoded elsewhere.

Backports commit 74608ea45434c9b07055b21885e093528c5ed98c from qemu
2018-05-14 08:18:37 -04:00
Richard Henderson 7ae8671b5e
target/arm: Introduce ARM_FEATURE_V8_ATOMICS and initial decode
The insns in the ARMv8.1-Atomics are added to the existing
load/store exclusive and load/store reg opcode spaces.
Rearrange the top-level decoders for these to accomodate.
The Atomics insns themselves still generate Unallocated.

Backports commit 68412d2ecedbab5a43b0d346cddb27e00d724aff from qemu
2018-05-14 08:15:52 -04:00
Richard Henderson b42217fbaf
tcg: Use GEN_ATOMIC_HELPER_FN for opposite endian atomic add
Backports commit 58edf9eef9d0e99dc051367c5a446a62223ec6e4 from qemu
2018-05-14 08:07:49 -04:00
Richard Henderson de1708aadc
tcg: Introduce atomic helpers for integer min/max
Given that this atomic operation will be used by both risc-v
and aarch64, let's not duplicate code across the two targets.

Backports commit 5507c2bf35aa6b4705939349184e71afd5e058b2 from qemu
2018-05-14 08:06:42 -04:00
Richard Henderson b2af557a0f
target/arm: Use new min/max expanders
The generic expanders replace nearly identical code in the translator.

Backports commit ecb8ab8d71aab770555a6972428b711400a27248 from qemu
2018-05-14 07:34:52 -04:00
Richard Henderson eef66443b2
tcg: Introduce helpers for integer min/max
These operations are re-invented by several targets so far.
Several supported hosts have insns for these, so place the
expanders out-of-line for a future introduction of tcg opcodes.

Backports commit b87fb8cd9f9a0ba599ff79e7bf03222da02e5724 from qemu
2018-05-14 07:31:50 -04:00
Peter Maydell b22f822858
atomic.h: Work around gcc spurious "unused value" warning
Some versions of gcc produce a spurious warning if the result of
__atomic_compare_echange_n() is not used and the type involved
is a signed 8 bit value:
error: value computed is not used [-Werror=unused-value]
This has been seen on at least
gcc (Ubuntu 5.4.0-6ubuntu1~16.04.9) 5.4.0 20160609

Work around this by using an explicit cast to void to indicate
that we don't care about the return value.

We don't currently use our atomic_cmpxchg() macro on any signed
8 bit types, but the upcoming support for the Arm v8.1-Atomics
will require it.

Backports commit cd95fc28fb6d8afced0d70ce52c294d0761a9daa from qemu
2018-05-14 07:26:40 -04:00
Peter Maydell 150125de3f
softfloat: Handle default NaN mode after pickNaNMulAdd, not before
It is implementation defined whether a multiply-add of
(0,inf,qnan) or (inf,0,qnan) raises InvalidaOperation or
not, so we let the target-specific pickNaNMulAdd function
handle this. This means that we must do the "return the
default NaN in default NaN mode" check after the call,
not before. Correct the ordering, and restore the comment
from the old propagateFloat64MulAddNaN() that warned about
this corner case.

This fixes a regression from 2.11 for Arm guests where we would
incorrectly fail to set the Invalid flag for these cases.

Backports commit 1839189bbf89889076aadf0c793c1b57977b28d7 from qemu
2018-05-14 07:24:40 -04:00
Emilio G. Cota bb95f85569
target/mips: convert to TranslatorOps
Notes:

- DISAS_TOO_MANY replaces the former "break" in the translation loop.
However, care must be taken not to overwrite a previous condition
in is_jmp; that's why in translate_insn we first check is_jmp and
return if it's != DISAS_NEXT.

- Added an assert in translate_insn, before exiting due to an exception,
to make sure that is_jmp is set to DISAS_NORETURN (the exception
generation function always sets it.)

- Added an assert for the default case in is_jmp's switch.

Backports commit 18f440edfb974feaff8490d4861844b5a2b7a3b5 from qemu
2018-05-12 16:42:21 -04:00
Emilio G. Cota 2c93423acd
target/mips: use *ctx for DisasContext
No changes to the logic here; this is just to make the diff
that follows easier to read.

While at it, remove the unnecessary 'struct' in
'struct TranslationBlock'.

Note that checkpatch complains with a false positive:
ERROR: space prohibited after that '&' (ctx:WxW)
\#75: FILE: target/mips/translate.c:20220:
+ ctx->kscrexist = (env->CP0_Config4 >> CP0C4_KScrExist) & 0xff;
^

Backports commit 12be92588cf26a192f1b62846906983fc1e102a7 from qemu
2018-05-12 16:26:06 -04:00
Emilio G. Cota dae6b84c14
target/mips: convert to DisasContextBase
Backports commit eeb3bba8477cebc46c482ef37d565d54e771c2d3 from qemu
2018-05-12 16:18:00 -04:00
Emilio G. Cota de5d90f9a4
target/mips: convert to DisasJumpType
Notes:

- BS_EXCP in generate_exception_err and after hen_helper_wait
becomes DISAS_NORETURN, because we do not return after
raising an exception.

- Some uses of BS_EXCP are misleading in that they're used
only as a "not BS_STOP" exit condition, i.e. they have nothing
to do with an actual exception. For those cases, define
and use DISAS_EXIT, which is clearer. With this and the
above change, BS_EXCP goes away completely.

- fix a comment typo (s/intetrupt/interrupt/).

Backports commit b28425babc2ad4b90cd87d07a1809d3322b9c065 from qemu
2018-05-11 16:17:02 -04:00
Richard Henderson 8a416b8146
target/mips: use lookup_and_goto_ptr on BS_STOP
The TB after BS_STOP is not fixed (e.g. helper_mtc0_hwrena
changes hflags, which ends up changing the TB flags via
cpu_get_tb_cpu_state). This requires a full lookup (i.e.
with flags) via lookup_and_goto_ptr instead of gen_goto_tb,
since the latter only looks at the PC for in-page goto's. Fix it.

Backports commit cd314a7d0190a03122ca0606ecf71b4b873a22c6 from qemu.
2018-05-11 15:18:23 -04:00
Emilio G. Cota 26dc4a6682
target/sparc: convert to TranslatorOps
Notes:

- Moved the cross-page check from the end of translate_insn to
init_disas_context.

Backports commit 6e61bc941025345ab01c48d116bef60bb8990406 from qemu
2018-05-11 15:17:12 -04:00
Emilio G. Cota 7071a144c2
target/sparc: convert to DisasContextBase
Notes:

- pc and npc are left unmodified, since they can point to out-of-TB
jump targets.

- Got rid of last_pc in gen_intermediate_code(), using base.pc_next
instead. Only update pc_next (1) on a breakpoint (so that tb->size
includes the insn), and (2) after reading the current instruction
from memory. This allows us to use base.pc_next in the BP check,
which is what the translator loop does.

Backports commit af00be490b30d7f576d12ac7b2bc5406ca6fda3f from qemu
2018-05-11 14:20:49 -04:00
Emilio G. Cota 3180dcaa98
target/sparc: convert to DisasJumpType
Backports commit c5e6ccdf6c8d32d3a45d9dca4d6847dcff741882 from qemu
2018-05-11 14:03:23 -04:00
Emilio G. Cota d26bf1d446
translator: merge max_insns into DisasContextBase
While at it, use int for both num_insns and max_insns to make
sure we have same-type comparisons.

Backports commit b542683d77b4f56cef0221b267c341616d87bce9 from qemu
2018-05-11 13:59:17 -04:00
Emilio G. Cota 28cfe5dab0
target/mips: avoid integer overflow in next_page PC check
If the PC is in the last page of the address space, next_page_start
overflows to 0. Fix it.

Backports commit 6cd79443d33e6ba6b4c5b787eb713ca1cec56328 from qemu
2018-05-11 13:51:51 -04:00
Emilio G. Cota 8162e6f1c6
target/arm: avoid integer overflow in next_page PC check
If the PC is in the last page of the address space, next_page_start
overflows to 0. Fix it.

Backports commit bfe7ad5be77a6a8925a7ab1628452c8942222102 from qemu
2018-05-11 13:49:57 -04:00
Richard Henderson f417df19b7
tcg: Limit the number of ops in a TB
In 6001f7729e12 we partially attempt to address the branch
displacement overflow caused by 15fa08f845.

However, gcc/testsuite/gcc.target/aarch64/advsimd-intrinsics/vqtbX.c
is a testcase that contains a TB so large as to overflow anyway.
The limit here of 8000 ops produces a maximum output TB size of
24112 bytes on a ppc64le host with that test case. This is still
much less than the maximum forward branch distance of 32764 bytes.

Backports commit abebf92597186be2bc48d487235da28b1127860f from qemu
2018-05-11 11:25:01 -04:00
Richard Henderson 33f7f6f09a
tcg/i386: Fix dup_vec in non-AVX2 codepath
The VPUNPCKLD* instructions are all "non-destructive source",
indicated by "NDS" in the encoding string in the x86 ISA manual.
This means that they take two source operands, one of which is
encoded in the VEX.vvvv field. We were incorrectly treating them
as if they were destructive-source and passing 0 as the 'v'
argument of tcg_out_vex_modrm(). This meant we were always
using %xmm0 as one of the source operands, causing incorrect
results if the register allocator happened to want to use
something else. For instance the input AArch64 insn:
DUP v26.16b, w21
which becomes TCG IR ops:
dup_vec v128,e8,tmp2,x21
st_vec v128,e8,tmp2,env,$0xa40
was assembled to:
0x607c568c: c4 c1 7a 7e 86 e8 00 00 vmovq 0xe8(%r14), %xmm0
0x607c5694: 00
0x607c5695: c5 f9 60 c8 vpunpcklbw %xmm0, %xmm0, %xmm1
0x607c5699: c5 f9 61 c9 vpunpcklwd %xmm1, %xmm0, %xmm1
0x607c569d: c5 f9 70 c9 00 vpshufd $0, %xmm1, %xmm1
0x607c56a2: c4 c1 7a 7f 8e 40 0a 00 vmovdqu %xmm1, 0xa40(%r14)
0x607c56aa: 00

when the vpunpcklwd insn should be "%xmm1, %xmm1, %xmm1".
This resulted in our incorrectly setting the output vector to
q26=0000320000003200:0000320000003200
when given an input of x21 == 0000000002803200
rather than the expected all-zeroes.

Pass the correct source register number to tcg_out_vex_modrm()
for these insns.

Backports commit 7eb30ef0ba2eb59e7430d4848ae8d4bf4e50f768 from qemu
2018-05-11 11:22:38 -04:00
Richard Henderson 991683af73
target/m68k: Fix build Werror with gcc 8.0.1
The Werror stems from the compiler finding a path through the second
switch via a missing default case in which src1 is uninitialized, and
not being able to prove that the missing default case is unreachable
due to the first switch.

Simplify the second switch to merge default with OS_LONG,
which returns directly. This removes the unreachable path.

Backports commit 5cbc61110738accb16ff8ed1f08a32906d02790f from qemu.
2018-05-11 10:37:45 -04:00
Peter Maydell ca9b601d0d
target/arm: Implement v8M VLLDM and VLSTM
For v8M the instructions VLLDM and VLSTM support lazy saving
and restoring of the secure floating-point registers. Even
if the floating point extension is not implemented, these
instructions must act as NOPs in Secure state, so they can
be used as part of the secure-to-nonsecure call sequence.

Fixes: https://bugs.launchpad.net/qemu/+bug/1768295

Backports commit b1e5336a9899016c53d59eba53ebf6abcc21995c from qemu
2018-05-08 08:29:12 -04:00
Mathew Maidment 06da6ae3c8
target/arm: Correct MPUIR privilege level in register_cp_regs_for_features() conditional case
The duplication of id_tlbtr_reginfo was unintentionally added within
3281af8114c6b8ead02f08b58e3c36895c1ea047 which should have been
id_mpuir_reginfo.

The effect was that for OMAP and StrongARM CPUs we would
incorrectly UNDEF writes to MPUIR rather than NOPing them.

Backports commit 100061121c1f69a672ce7bb3e9e3781f8018f9f6 from qemu
2018-05-08 08:27:40 -04:00
Richard Henderson 5940a36394
target/arm: Tidy condition in disas_simd_two_reg_misc
Path analysis shows that size == 3 && !is_q has been eliminated.

Fixes: Coverity CID1385853

Backports commit a8766e3172c1671cab297c1ef4566a3c5d094822 from qemu
2018-05-08 08:26:31 -04:00
Richard Henderson cb324fd039
target/arm: Tidy conditions in handle_vec_simd_shri
The (size > 3 && !is_q) condition is identical to the preceeding test
of bit 3 in immh; eliminate it. For the benefit of Coverity, assert
that size is within the bounds we expect.

Fixes: Coverity CID1385846
Fixes: Coverity CID1385849
Fixes: Coverity CID1385852
Fixes: Coverity CID1385857

Backports commit 8dae46970532afcf93470b00e83ca9921980efc3 from qemu
2018-05-08 08:25:37 -04:00
Marc-André Lureau 0087625b7e
qobject: Modify qobject_ref() to return obj
For convenience and clarity, make it possible to call qobject_ref() at
the time when the reference is associated with a variable, or
argument, by making qobject_ref() return the same pointer as given.
Use that to simplify the callers.

Backports commit f5a74a5a50387c6f980b2e2f94f062487a1826da from qemu
2018-05-04 10:24:10 -04:00
Marc-André Lureau ab4528c1e4
qobject: Replace qobject_incref/QINCREF qobject_decref/QDECREF
Now that we can safely call QOBJECT() on QObject * as well as its
subtypes, we can have macros qobject_ref() / qobject_unref() that work
everywhere instead of having to use QINCREF() / QDECREF() for QObject
and qobject_incref() / qobject_decref() for its subtypes.

The replacement is mechanical, except I broke a long line, and added a
cast in monitor_qmp_cleanup_req_queue_locked(). Unlike
qobject_decref(), qobject_unref() doesn't accept void *.

Note that the new macros evaluate their argument exactly once, thus no
need to shout them.

Backports commit cb3e7f08aeaab0ab13e629ce8496dca150a449ba from qemu
2018-05-04 10:16:07 -04:00
Marc-André Lureau f4b3c5d0bd
qobject: use a QObjectBase_ struct
By moving the base fields to a QObjectBase_, QObject can be a type
which also has a 'base' field. This allows writing a generic QOBJECT()
macro that will work with any QObject type, including QObject
itself. The container_of() macro ensures that the object to cast has a
QObjectBase_ base field, giving some type safety guarantees. QObject
must have no members but QObjectBase_ base, or else QOBJECT() breaks.

QObjectBase_ is not a typedef and uses a trailing underscore to make
it obvious it is not for normal use and to avoid potential abuse.

Backports commit 3d3eacaeccaab718ea0e2ddaa578bfae9e311c59 from qemu
2018-05-04 10:11:24 -04:00
Marc-André Lureau 2ca916e106
qobject: Ensure base is at offset 0
All QObject types have the base QObject as their first field. This
allows the simplification of qobject_to().

Backports commit 7ee9edfdb117da47c86c9764d90f0be11a648666 from qemu
2018-05-04 09:54:36 -04:00
Laurent Vivier ec12091943
tcg: workaround branch instruction overflow in tcg_out_qemu_ld/st
ppc64 uses a BC instruction to call the tcg_out_qemu_ld/st
slow path. BC instruction uses a relative address encoded
on 14 bits.

The slow path functions are added at the end of the generated
instructions buffer, in the reverse order of the callers.
So more we have slow path functions more the distance between
the caller (BC) and the function increases.

This patch changes the behavior to generate the functions in
the same order of the callers.

Backports commit 6001f7729e12dd1d810291e4cbf83cee8e07441d from qemu
2018-05-03 15:09:07 -04:00
Richard Henderson 2150745db4
tcg: Improve TCGv_ptr support
Drop TCGV_PTR_TO_NAT and TCGV_NAT_TO_PTR internal macros.

Add tcg_temp_local_new_ptr, tcg_gen_brcondi_ptr, tcg_gen_ext_i32_ptr,
tcg_gen_trunc_i64_ptr, tcg_gen_extu_ptr_i64, tcg_gen_trunc_ptr_i32.

Use inlines instead of macros where possible.

Backports commit 5bfa803448638a45542441fd6b7cc1241403ea72 from qemu
2018-05-03 15:05:43 -04:00
Richard Henderson 4fa9ea2ae1
tcg: Allow wider vectors for cmp and mul
In db432672, we allow wide inputs for operations such as add.
However, in 212be173 and 3774030a we didn't do the same for
compare and multiply.

Backports commit 9a938d86b04025ac605db0ea9819e5896bf576ec from qemu
2018-05-03 14:42:57 -04:00
Henry Wertz 090e2e9d0e
tcg/arm: Fix memory barrier encoding
I found with qemu 2.11.x or newer that I would get an illegal instruction
error running some Intel binaries on my ARM chromebook. On investigation,
I found it was quitting on memory barriers.

qemu instruction:
mb $0x31
was translating as:
0x604050cc: 5bf07ff5 blpl #0x600250a8

After patch it gives:
0x604050cc: f57ff05b dmb ish

In short, I found INSN_DMB_ISH (memory barrier for ARMv7) appeared to be
correct based on online docs, but due to some endian-related shenanigans it
had to be byte-swapped to suit qemu; it appears INSN_DMB_MCR (memory
barrier for ARMv6) also should be byte swapped (and this patch does so).
I have not checked for correctness of aarch64's barrier instruction.

Backports commit 3f814b803797c007abfe5c4041de754e01723031 from qemu
2018-05-03 14:41:36 -04:00
Richard Henderson 16a55143dc
tcg: Document INDEX_mul[us]h_*
Backports commit d103021269ca9307ed7ca0d845d2b9e6c387509a from qemu
2018-05-03 14:40:49 -04:00
Laurent Vivier 97c8507f00
m68k: remove dead code (Coverity CID1390617)
floatx80_sin() and floatx80_cos() are derived from one
sincos() function. They have both unused code coming from
their common origin. Remove it.

Backports commit 6361d2984ce88912976a34e1797a5ad5139c649b from qemu
2018-05-01 11:44:18 -04:00
Laurent Vivier ebf0c8f9ca
m68k: Fix floatx80_lognp1 (Coverity CID1390587)
return the result of packFloatx80() instead of
dropping it.

Backports commit 981348af5c3c72335d95f6877abf702d80176eb3 from qemu
2018-05-01 11:41:07 -04:00
Pavel Dovgalyuk bf16c6daee
m68k: fix subx mem, mem instruction
This patch fixes decrement of the pointers for subx mem, mem instructions.
Without the patch pointers are decremented by OS_* constant value instead of
retrieving the corresponding data size and using it as a decrement.

Backports commit 355d4d1c00e708907ff391c24ca708f1c9c06bf0 from qemu
2018-05-01 11:40:00 -04:00
Aaron Lindsay d3e7bbffea
target/arm: Make PMOVSCLR and PMUSERENR 64 bits wide
This is a bug fix to ensure 64-bit reads of these registers don't read
adjacent data.

Backports commit e4e91a217c17fff4045dd4b423cdcb471b3d6a0e from qemu
2018-04-26 09:25:09 -04:00
Aaron Lindsay 4ed7524444
target/arm: Fix bitmask for PMCCFILTR writes
It was shifted to the left one bit too few.

Backports commit ac57fd24cd864d42e7551f82266bc0930bd39547 from qemu
2018-04-26 09:23:04 -04:00
Aaron Lindsay 99a0be89a8
target/arm: Add pre-EL change hooks
Because the design of the PMU requires that the counter values be
converted between their delta and guest-visible forms for mode
filtering, an additional hook which occurs before the EL is changed is
necessary.

Backports commit b5c53d1b3886387874f8c8582b205aeb3e4c3df6 from qemu
2018-04-26 09:21:54 -04:00
Aaron Lindsay 8caf217d26
target/arm: Support multiple EL change hooks
Backports commit 08267487c99e8150382420936ab72c1e0ad74ce3 from qemu
2018-04-26 09:16:09 -04:00
Aaron Lindsay dfe1f54920
target/arm: Fetch GICv3 state directly from CPUARMState
This eliminates the need for fetching it from el_change_hook_opaque, and
allows for supporting multiple el_change_hooks without having to hack
something together to find the registered opaque belonging to GICv3.

Backports commit d5a5e4c93dae0dc3feb402cf7ee78d846da1a7e1 from qemu
2018-04-26 09:10:32 -04:00
Aaron Lindsay 1228bcf45d
target/arm: Mask PMU register writes based on PMCR_EL0.N
This is in preparation for enabling counters other than PMCCNTR

Backports commit 7ece99b17e832065236c07a158dfac62619ef99b from qemu
2018-04-26 09:09:12 -04:00
Aaron Lindsay e1d021ad74
target/arm: Treat PMCCNTR as alias of PMCCNTR_EL0
They share the same underlying state

Backports commit 169c893874977eee8303a6dad4a3f25c5464858f from qemu
2018-04-26 09:07:50 -04:00
Aaron Lindsay e1bffbf7df
target/arm: Check PMCNTEN for whether PMCCNTR is enabled
Backports commit ccbc0e338486b21cb0eb52e52cd309bbbe6a7507 from qemu
2018-04-26 09:07:02 -04:00
Peter Maydell 43e7478d3f
target/arm: Use v7m_stack_read() for reading the frame signature
In commit 95695effe8caa552b8f2 we changed the v7M/v8M stack
pop code to use a new v7m_stack_read() function that checks
whether the read should fail due to an MPU or bus abort.
We missed one call though, the one which reads the signature
word for the callee-saved register part of the frame.

Correct the omission.

Backports commit 4818bad98c8212fbbb0525d10761b6b65279ab92 from qemu
2018-04-26 09:02:11 -04:00
Peter Maydell bec50934ad
target/arm: Remove stale TODO comment
Remove a stale TODO comment -- we have now made the arm_ldl_ptw()
and arm_ldq_ptw() functions propagate physical memory read errors
out to their callers.

Backports commit 145772707fe80395b87c244ccf5699a756f1946b from qemu
2018-04-26 09:00:08 -04:00
Richard Henderson 76e343ef55
fpu: Bound increment for scalbn
Without bounding the increment, we can overflow exp either here
in scalbn_decomposed or when adding the bias in round_canonical.
This can result in e.g. underflowing to 0 instead of overflowing
to infinity.

The old softfloat code did bound the increment.

Backports commit ce8d4082054519f2eaac39958edde502860a7fc6 from qemu
2018-04-18 09:21:03 -04:00
Alex Bennée af6a0b7c14
fpu/softfloat: check for Inf / x or 0 / x before /0
The re-factoring of div_floats changed the order of checking meaning
an operation like -inf/0 erroneously raises the divbyzero flag.
IEEE-754 (2008) specifies this should only occur for operations on
finite operands.

We fix this by moving the check on the dividend being Inf/0 to before
the divisor is zero check.

Backports commit 9cb4e398c2f95c1e837fe9c570e124a55259f725 from qemu
2018-04-18 09:19:28 -04:00
Pavel Dovgalyuk fe353764e9
m68k: fix exception stack frame for 68000
68000 CPUs do not save format in the exception stack frame.
This patch adds feature checking to prevent format saving for 68000.
m68k_ret() already includes this modification, this patch fixes
the exception processing function too.

Backports commit 000761dc0c97d70e7314db3e8f52783880325a22 from qemu
2018-04-16 13:49:56 -04:00
Alex Bennée 9517a002da
fpu/softfloat: raise float_invalid for NaN/Inf in round_to_int_and_pack
The re-factor broke the raising of INVALID when NaN/Inf is passed to
the float_to_int conversion functions. round_to_uint_and_pack got this
right for NaN but also missed out the Inf handling.

Fixes https://bugs.launchpad.net/qemu/+bug/1759264

Backports commit 801bc56336a127d9b351b3a2cc0336e4d0cb2686 from qemu
2018-04-16 13:48:17 -04:00
Emilio G. Cota 74b7fe484c
softfloat: fix {min, max}nummag for same-abs-value inputs
Before 8936006 ("fpu/softfloat: re-factor minmax", 2018-02-21),
we used to return +Zero for maxnummag(-Zero,+Zero); after that
commit, we return -Zero.

Fix it by making {min,max}nummag consistent with {min,max}num,
deferring to the latter when the absolute value of the operands
is the same.

With this fix we now pass fp-test.

Backports commit 6245327a367292b354489c54e965646823023919 from qemu
2018-04-16 13:46:29 -04:00
Peter Maydell 778d0c47df
tcg/mips: Handle large offsets from target env to tlb_table
The MIPS TCG target makes the assumption that the offset from the
target env pointer to the tlb_table is less than about 64K. This
used to be true, but gradual addition of features to the Arm
target means that it's no longer true there. This results in
the build-time assertion failing:

In file included from /home/pm215/qemu/include/qemu/osdep.h:36:0,
from /home/pm215/qemu/tcg/tcg.c:28:
/home/pm215/qemu/tcg/mips/tcg-target.inc.c: In function ‘tcg_out_tlb_load’:
/home/pm215/qemu/include/qemu/compiler.h:90:36: error: static assertion failed: "not expecting: offsetof(CPUArchState, tlb_table[NB_MMU_MODES - 1][1]) > 0x7ff0 + 0x7fff"
^
/home/pm215/qemu/include/qemu/compiler.h:98:30: note: in expansion of macro ‘QEMU_BUILD_BUG_MSG’
^
/home/pm215/qemu/tcg/mips/tcg-target.inc.c:1236:9: note: in expansion of macro ‘QEMU_BUILD_BUG_ON’
QEMU_BUILD_BUG_ON(offsetof(CPUArchState,
^
/home/pm215/qemu/rules.mak:66: recipe for target 'tcg/tcg.o' failed

An ideal long term approach would be to rearrange the CPU state
so that the tlb_table was not so far along it, but this is tricky
because it would move it from the "not cleared on CPU reset" part
of the struct to the "cleared on CPU reset" part. As a simple fix
for the 2.12 release, make the MIPS TCG target handle an arbitrary
offset by emitting more add instructions. This will mean an extra
instruction in the fastpath for TCG loads and stores for the
affected guests (currently just aarch64-softmmu)

Backports commit 161dfd1e7fad1203840c0390f235030eba3fd23c from qemu
2018-04-16 13:44:39 -04:00
Pavel Dovgalyuk b4bf3c776b
icount: fix cpu_restore_state_from_tb for non-tb-exit cases
In icount mode, instructions that access io memory spaces in the middle
of the translation block invoke TB recompilation. After recompilation,
such instructions become last in the TB and are allowed to access io
memory spaces.

When the code includes instruction like i386 'xchg eax, 0xffffd080'
which accesses APIC, QEMU goes into an infinite loop of the recompilation.

This instruction includes two memory accesses - one read and one write.
After the first access, APIC calls cpu_report_tpr_access, which restores
the CPU state to get the current eip. But cpu_restore_state_from_tb
resets the cpu->can_do_io flag which makes the second memory access invalid.
Therefore the second memory access causes a recompilation of the block.
Then these operations repeat again and again.

This patch moves resetting cpu->can_do_io flag from
cpu_restore_state_from_tb to cpu_loop_exit* functions.

It also adds a parameter for cpu_restore_state which controls restoring
icount. There is no need to restore icount when we only query CPU state
without breaking the TB. Restoring it in such cases leads to the
incorrect flow of the virtual time.

In most cases new parameter is true (icount should be recalculated).
But there are two cases in i386 and openrisc when the CPU state is only
queried without the need to break the TB. This patch fixes both of
these cases.

Backports commit afd46fcad2dceffda35c0586f5723c127b6e09d8 from qemu
2018-04-11 20:05:40 -04:00
Alex Bennée 4074587775
accel/tcg/translate-all: expand cpu_restore_state addr check
We are still seeing signals during translation time when we walk over
a page protection boundary. This expands the check to ensure the host
PC is inside the code generation buffer. The original suggestion was
to check versus tcg_ctx.code_gen_ptr but as we now segment the
translation buffer we have to settle for just a general check for
being inside.

I've also fixed up the declaration to make it clear it can deal with
invalid addresses. A later patch will fix up the call sites.

Backports commit d25f2a72272b9ffe0d06710d6217d1169bc2cc7d from qemu
2018-04-11 19:53:57 -04:00
Richard Henderson bc8e85a1c5
fpu: Fix rounding mode for floatN_to_uintM_round_to_zero
We incorrectly passed in the current rounding mode
instead of float_round_to_zero.

Backports commit bd49e6027cbc207c87633c7add3ebd7d3474cd35 from qemu
2018-04-11 19:36:12 -04:00
Richard Henderson 49476ebf5e
tcg: Introduce tcg_set_insn_start_param
The parameters for tcg_gen_insn_start are target_ulong, which may be split
into two TCGArg parameters for storage in the opcode on 32-bit hosts.

Fixes the ARM target and its direct use of tcg_set_insn_param, which would
set the wrong argument in the 64-on-32 case.

Backports commit 9743cd5736263e90d312b2c33bd739ffe1eae70d from qemu
2018-04-11 19:34:18 -04:00
Peter Maydell 8f26d8e556
target/arm: Report unsupported MPU region sizes more clearly
Currently our PMSAv7 and ARMv7M MPU implementation cannot handle
MPU region sizes smaller than our TARGET_PAGE_SIZE. However we
report that in a slightly confusing way:

DRSR[3]: No support for MPU (sub)region alignment of 9 bits. Minimum is 10

The problem is not the alignment of the region, but its size;
tweak the error message to say so:
DRSR[3]: No support for MPU (sub)region size of 512 bytes. Minimum is 1024.

Backports commit 8aec759b45fa6986c0b159cb27353d6abb0d5d73 from qemu
2018-04-11 19:32:16 -04:00
Onur Sahin 18e6b1549f
target-arm: Check undefined opcodes for SWP in A32 decoder
Make sure we are not treating architecturally Undefined instructions
as a SWP, by verifying the opcodes as per section A8.8.229 of ARMv7-A
specification. Bits [21:20] must be zero for this to be a SWP or SWPB.
We also choose to UNDEF for the architecturally UNPREDICTABLE case of
bits [11:8] not being zero.

Backports commit c4869ca630a57f4269bb932ec7f719cef5bc79b8 from qemu
2018-04-11 19:30:50 -04:00
Eugene Minibaev 87180dd231
Add missing bit for SSE instr in VEX decoding
The 2-byte VEX prefix imples a leading 0Fh opcode byte.

Backports commit e0014d4b3a955cfd8d517674703bfa87f340290a from qemu
2018-04-10 08:49:15 -04:00
Alexandro Sanchez Bach 4a1de154ef
target/i386: Fix andn instruction
In commit 7073fbada733c8d10992f00772c9b9299d740e9b, the `andn` instruction
was implemented via `tcg_gen_andc` but passes the operands in the wrong
order:
- X86 defines `andn dest,src1,src2` as: dest = ~src1 & src2
- TCG defines `andc dest,src1,src2` as: dest = src1 & ~src2

The following simple test shows the issue:

int main(void) {
uint32_t ret = 0;
__asm (
"mov $0xFF00, %%ecx\n"
"mov $0x0F0F, %%eax\n"
"andn %%ecx, %%eax, %%ecx\n"
"mov %%ecx, %0\n"
: "=r" (ret));
printf("%08X\n", ret);
return 0;
}

This patch fixes the problem by simply swapping the order of the two last
arguments in `tcg_gen_andc_tl`.

Backports commit 5cd10051c2e02b7a86eae49919d6c65a87dbea46 from qemu
2018-04-10 08:48:05 -04:00
Richard Henderson e0903adacf
tcg: Fix out-of-line generic vector compares
A mistake in the type passed to sizeof, that happens to work
when the out-of-line fallback itself is using host vectors,
but fails when using only the base types.

Backports commit 6cb1d3b8517572031a22675280ec642972cdb395 from qemu
2018-04-07 23:05:19 -04:00
Laurent Vivier b25de410a9
tcg: fix 16-byte vector operations detection
configure tries to detect if the compiler
supports 16-byte vector operations.

As stated in the comment of the detection
program, there is a problem with the system
compiler on GCC on Centos 7.

This program doesn't actually detect the problem
with GCC on RHEL7 on PPC64LE (Red Hat 4.8.5-28).

This patch updates the test to look more like
it is in QEMU helpers, and now detects the problem.

The error reported is:

CC ppc64-softmmu/accel/tcg/tcg-runtime-gvec.o
..//accel/tcg/tcg-runtime-gvec.c: In function ‘helper_gvec_shl8i’:
../accel/tcg/tcg-runtime-gvec.c:558:26: internal compiler error: in emit_move_insn, at expr.c:3495
*(vec8 *)(d + i) = *(vec8 *)(a + i) << shift;
^
Fixes: db43267 "tcg: Add generic vector expanders"

Backports commit 74912f6dad207bfdd5bfa8c6012c364ea9405fc7 from qemu
2018-04-07 23:03:11 -04:00
Richard Henderson c2e46f2931
tcg: Mark muluh_i64 and mulsh_i64 as 64-bit ops
Failure to do so results in the tcg optimizer sign-extending
any constant fold from 32-bits. This turns out to be visible
in the RISC-V testsuite using a host that emits these opcodes
(e.g. any non-x86_64).

Backports commit f2f1dde75160cac6ede330f3db50dc817d01a2d6 from qemu
2018-03-29 14:03:00 -04:00
Peter Maydell 92b5817d92
target/arm: Always set FAR to a known unknown value for debug exceptions
For debug exceptions due to breakpoints or the BKPT instruction which
are taken to AArch32, the Fault Address Register is architecturally
UNKNOWN. We were using that as license to simply not set
env->exception.vaddress, but this isn't correct, because it will
expose to the guest whatever old value was in that field when
arm_cpu_do_interrupt_aarch32() writes it to the guest IFSR. That old
value might be a FAR for a previous guest EL2 or secure exception, in
which case we shouldn't show it to an EL1 or non-secure exception
handler. It might also be a non-deterministic value, which is bad
for record-and-replay.

Clear env->exception.vaddress before taking breakpoint debug
exceptions, to avoid this minor information leak.

Backports commit 548f514cf89dd9ab39c0cb4c063097bccf141fdd from qemu
2018-03-25 16:38:14 -04:00
Peter Maydell d6eafe5982
target/arm: Set FSR for BKPT, BRK when raising exception
Now that we have a helper function specifically for the BRK and
BKPT instructions, we can set the exception.fsr there rather
than in arm_cpu_do_interrupt_aarch32(). This allows us to
use our new arm_debug_exception_fsr() helper.

In particular this fixes a bug where we were hardcoding the
short-form IFSR value, which is wrong if the target exception
level has LPAE enabled.

Fixes: https://bugs.launchpad.net/qemu/+bug/1756927

Backports commit 62b94f31d0df75187bb00684fc29e8639eacc0c5 from qemu
2018-03-25 16:36:51 -04:00
Peter Maydell 16c0c2d253
target/arm: Factor out code to calculate FSR for debug exceptions
When a debug exception is taken to AArch32, it appears as a Prefetch
Abort, and the Instruction Fault Status Register (IFSR) must be set.
The IFSR has two possible formats, depending on whether LPAE is in
use. Factor out the code in arm_debug_excp_handler() which picks
an FSR value into its own utility function, update it to use
arm_fi_to_lfsc() and arm_fi_to_sfsc() rather than hard-coded constants,
and use the correct condition to select long or short format.

In particular this fixes a bug where we could select the short
format because we're at EL0 and the EL1 translation regime is
not using LPAE, but then route the debug exception to EL2 because
of MDCR_EL2.TDE and hand EL2 the wrong format FSR.

Backports commit 81621d9ab8a0f07956e67850b15eebf6d6992eec from qemu
2018-03-25 16:35:27 -04:00
Peter Maydell 7a3ee5fd95
target/arm: Honour MDCR_EL2.TDE when routing exceptions due to BKPT/BRK
The MDCR_EL2.TDE bit allows the exception level targeted by debug
exceptions to be set to EL2 for code executing at EL0. We handle
this in the arm_debug_target_el() function, but this is only used for
hardware breakpoint and watchpoint exceptions, not for the exception
generated when the guest executes an AArch32 BKPT or AArch64 BRK
instruction. We don't have enough information for a translate-time
equivalent of arm_debug_target_el(), so instead make BKPT and BRK
call a special purpose helper which can do the routing, rather than
the generic exception_with_syndrome helper.

Backports commit c900a2e62dd6dde11c8f5249b638caad05bb15be from qemu
2018-03-25 16:33:04 -04:00
Victor Kamensky ecd2ecb590
arm/translate-a64: treat DISAS_UPDATE as variant of DISAS_EXIT
In OE project 4.15 linux kernel boot hang was observed under
single cpu aarch64 qemu. Kernel code was in a loop waiting for
vtimer arrival, spinning in TC generated blocks, while interrupt
was pending unprocessed. This happened because when qemu tried to
handle vtimer interrupt target had interrupts disabled, as
result flag indicating TCG exit, cpu->icount_decr.u16.high,
was cleared but arm_cpu_exec_interrupt function did not call
arm_cpu_do_interrupt to process interrupt. Later when target
reenabled interrupts, it happened without exit into main loop, so
following code that waited for result of interrupt execution
run in infinite loop.

To solve the problem instructions that operate on CPU sys state
(i.e enable/disable interrupt), and marked as DISAS_UPDATE,
should be considered as DISAS_EXIT variant, and should be
forced to exit back to main loop so qemu will have a chance
processing pending CPU state updates, including pending
interrupts.

This change brings consistency with how DISAS_UPDATE is treated
in aarch32 case.

Backports commit a75a52d62418dafe462be4fe30485501d1010bb9 from qemu
2018-03-25 16:27:27 -04:00
Lioncash 1c4c5a9403
softfloat-specialize: Perform comparison pass with qemu
Ensures code and formatting are similar
2018-03-21 13:27:59 -04:00
Lioncash ba874ef639
softfloat: Perform comparison pass with qemu
Ensure that the code and formatting are similar.
2018-03-21 13:26:09 -04:00
Lioncash 2dc6364de9
object: Add assert to ensure uc is not null 2018-03-21 12:47:44 -04:00
Lioncash a0c39b4996
translate-all: Fix missing #elif condition in alloc_code_gen_buffer 2018-03-21 12:46:03 -04:00
Lioncash b65302b377
qemu-thread-win32: Prevent null pointer dereference in win32_start_routine 2018-03-21 12:42:44 -04:00
Lioncash 43fe0c8a1c
memory: Protect against use-after-free 2018-03-21 09:40:33 -04:00
Bharata B Rao 309b85548f
cpu: Convert cpu_index into a bitmap
Currently CPUState::cpu_index is monotonically increasing and a newly
created CPU always gets the next higher index. The next available
index is calculated by counting the existing number of CPUs. This is
fine as long as we only add CPUs, but there are architectures which
are starting to support CPU removal, too. For an architecture like PowerPC
which derives its CPU identifier (device tree ID) from cpu_index, the
existing logic of generating cpu_index values causes problems.

With the currently proposed method of handling vCPU removal by parking
the vCPU fd in QEMU
(Ref: http://lists.gnu.org/archive/html/qemu-devel/2015-02/msg02604.html),
generating cpu_index this way will not work for PowerPC.

This patch changes the way cpu_index is handed out by maintaining
a bit map of the CPUs that tracks both addition and removal of CPUs.

The CPU bitmap allocation logic is part of cpu_exec_init(), which is
called by instance_init routines of various CPU targets. Newly added
cpu_exec_exit() API handles the deallocation part and this routine is
called from generic CPU instance_finalize.

Note: This new CPU enumeration is for !CONFIG_USER_ONLY only.
CONFIG_USER_ONLY continues to have the old enumeration logic.

Backports commit b7bca7333411bd19c449147e8202ae6b0e4a8e09 from qemu
2018-03-21 08:06:07 -04:00
Bharata B Rao e373c001fa
cpu: Add Error argument to cpu_exec_init()
Add an Error argument to cpu_exec_init() to let users collect the
error. This is in preparation to change the CPU enumeration logic
in cpu_exec_init(). With the new enumeration logic, cpu_exec_init()
can fail if cpu_index values corresponding to max_cpus have already
been handed out.

Since all current callers of cpu_exec_init() are from instance_init,
use error_abort Error argument to abort in case of an error.

Backports commit 5a790cc4b942e651fec7edc597c19b637fad5a76 from qemu
2018-03-21 07:50:33 -04:00