Commit graph

4727 commits

Author SHA1 Message Date
Peter Maydell 3fb3403b82
target/arm: Convert single-precision register moves to decodetree
Convert the "single-precision" register moves to decodetree:
* VMSR
* VMRS
* VMOV between general purpose register and single precision

Note that the VMSR/VMRS conversions make our handling of
the "should this UNDEF?" checks consistent between the two
instructions:
* VMSR to MVFR0, MVFR1, MVFR2 now UNDEF from EL0
  (previously was a nop)
* VMSR to FPSID now UNDEFs from EL0 or if VFPv3 or better
  (previously was a nop)
* VMSR to FPINST and FPINST2 now UNDEF if VFPv3 or better
  (previously would write to the register, which had no
  guest-visible effect because we always UNDEF reads)

We also tighten up the decode: we were previously underdecoding
some SBZ or SBO bits.

The conversion of VMOV_single includes the expansion out of the
gen_mov_F0_vreg()/gen_vfp_mrs() and gen_mov_vreg_F0()/gen_vfp_msr()
sequences into the simpler direct load/store of the TCG temp via
neon_{load,store}_reg32(): we know in the new function that we're
always single-precision, we don't need to use the old-and-deprecated
cpu_F0* TCG globals, and we don't happen to have the declaration of
gen_vfp_msr() and gen_vfp_mrs() at the point in the file where the
new function is.

Backports commit a9ab50011aeda2dd012da99069e078379315ea18 from qemu
2019-06-13 17:16:38 -04:00
Peter Maydell 694058da94
target/arm: Convert double-precision register moves to decodetree
Convert the "double-precision" register moves to decodetree:
this covers VMOV scalar-to-gpreg, VMOV gpreg-to-scalar and VDUP.

Note that the conversion process has tightened up a few of the
UNDEF encoding checks: we now correctly forbid:
* VMOV-to-gpr with U:opc1:opc2 == 10x00 or x0x10
* VMOV-from-gpr with opc1:opc2 == 0x10
* VDUP with B:E == 11
* VDUP with Q == 1 and Vn<0> == 1

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
The accesses of elements < 32 bits could be improved by doing
direct ld/st of the right size rather than 32-bit read-and-shift
or read-modify-write, but we leave this for later cleanup,
since this series is generally trying to stick to fixing
the decode.

Backports commit 9851ed9269d214c0c6feba960dd14ff09e6c34b4 from qemu
2019-06-13 17:11:56 -04:00
Peter Maydell 7265161108
target/arm: Add helpers for VFP register loads and stores
The current VFP code has two different idioms for
loading and storing from the VFP register file:
 1 using the gen_mov_F0_vreg() and similar functions,
   which load and store to a fixed set of TCG globals
   cpu_F0s, CPU_F0d, etc
 2 by direct calls to tcg_gen_ld_f64() and friends

We want to phase out idiom 1 (because the use of the
fixed globals is a relic of a much older version of TCG),
but idiom 2 is quite longwinded:
  tcg_gen_ld_f64(tmp, cpu_env, vfp_reg_offset(true, reg))
requires us to specify the 64-bitness twice, once in
the function name and once by passing 'true' to
vfp_reg_offset(). There's no guard against accidentally
passing the wrong flag.

Instead, let's move to a convention of accessing 64-bit
registers via the existing neon_load_reg64() and
neon_store_reg64(), and provide new neon_load_reg32()
and neon_store_reg32() for the 32-bit equivalents.

Implement the new functions and use them in the code in
translate-vfp.inc.c. We will convert the rest of the VFP
code as we do the decodetree conversion in subsequent
commits.

Backports commit 160f3b64c5cc4c8a09a1859edc764882ce6ad6bf from qemu
2019-06-13 17:01:59 -04:00
Peter Maydell 033a386ffb
target/arm: Move the VFP trans_* functions to translate-vfp.inc.c
Move the trans_*() functions we've just created from translate.c
to translate-vfp.inc.c. This is pure code motion with no textual
changes (this can be checked with 'git show --color-moved').

Backports commit f7bbb8f31f0761edbf0c64b7ab3c3f49c13612ea from qemu
2019-06-13 16:56:24 -04:00
Peter Maydell e55d31a5ac
target/arm: Convert VCVTA/VCVTN/VCVTP/VCVTM to decodetree
Convert the VCVTA/VCVTN/VCVTP/VCVTM instructions to decodetree.
trans_VCVT() is temporarily left in translate.c.

Backports commit c2a46a914cd5c38fd0ee57ff0befc1c5bde27bcf from qemu
2019-06-13 16:54:42 -04:00
Peter Maydell 9fb01cb526
target/arm: Convert VRINTA/VRINTN/VRINTP/VRINTM to decodetree
Convert the VRINTA/VRINTN/VRINTP/VRINTM instructions to decodetree.
Again, trans_VRINT() is temporarily left in translate.c.

Backports commit e3bb599d16e4678b228d80194cee328f894b1ceb from qemu
2019-06-13 16:50:36 -04:00
Peter Maydell 4501daf010
target/arm: Convert VMINNM, VMAXNM to decodetree
Convert the VMINNM and VMAXNM instructions to decodetree.
As with VSEL, we leave the trans_VMINMAXNM() function
in translate.c for the moment.

Backports commit f65988a1efdb42f9058db44297591491842e697c from qemu
2019-06-13 16:43:50 -04:00
Peter Maydell 3994dfd079
target/arm: Convert the VSEL instructions to decodetree
Convert the VSEL instructions to decodetree.
We leave trans_VSEL() in translate.c for now as this allows
the patch to show just the changes from the old handle_vsel().

In the old code the check for "do D16-D31 exist" was hidden in
the VFP_DREG macro, and assumed that VFPv3 always implied that
D16-D31 exist. In the new code we do the correct ID register test.
This gives identical behaviour for most of our CPUs, and fixes
previously incorrect handling for Cortex-R5F, Cortex-M4 and
Cortex-M33, which all implement VFPv3 or better with only 16
double-precision registers.

Backports commit b3ff4b87b4ae08120a51fe12592725e1dca8a085 from qemu
2019-06-13 16:41:22 -04:00
Peter Maydell 93adaa7de2
target/arm: Explicitly enable VFP short-vectors for aarch32 -cpu max
At the moment our -cpu max for AArch32 supports VFP short-vectors
because we always implement them, even for CPUs which should
not have them. The following commits are going to switch to
using the correct ID-register-check to enable or disable short
vector support, so we need to turn it on explicitly for -cpu max,
because Cortex-A15 doesn't implement it.

We don't enable this for the AArch64 -cpu max, because the v8A
architecture never supports short-vectors.

Backports commit 973751fd798d41402d34f9f705c0c6d1633d0cda from qemu
2019-06-13 16:38:01 -04:00
Peter Maydell 808d929d7c
target/arm: Fix Cortex-R5F MVFR values
The Cortex-R5F initfn was not correctly setting up the MVFR
ID register values. Fill these in, since some subsequent patches
will use ID register checks rather than CPU feature bit checks.

Backports commit 3de79d335c9aa7d726865e3933d9b21781032183 from qemu
2019-06-13 16:36:48 -04:00
Lioncash b3cfede44f
target/arm: Make load_cpu_offset() take a DisasContext* instead of uc_struct*
Keeps it consistent with store_cpu_offset
2019-06-13 16:35:31 -04:00
Peter Maydell 78997058e4
target/arm: Factor out VFP access checking code
Factor out the VFP access checking code so that we can use it in the
leaf functions of the decodetree decoder.

We call the function full_vfp_access_check() so we can keep
the more natural vfp_access_check() for a version which doesn't
have the 'ignore_vfp_enabled' flag -- that way almost all VFP
insns will be able to use vfp_access_check(s) and only the
special-register access function will have to use
full_vfp_access_check(s, ignore_vfp_enabled).

Backports commit 06db8196bba34776829020192ed623a0b22e6557 from qemu
2019-06-13 16:33:38 -04:00
Peter Maydell 9732ebba5c
target/arm: Add stubs for AArch32 VFP decodetree
Add the infrastructure for building and invoking a decodetree decoder
for the AArch32 VFP encodings. At the moment the new decoder covers
nothing, so we always fall back to the existing hand-written decode.

We need to have one decoder for the unconditional insns and one for
the conditional insns, as otherwise the patterns for conditional
insns would incorrectly match against the unconditional ones too.

Since translate.c is over 14,000 lines long and we're going to be
touching pretty much every line of the VFP code as part of the
decodetree conversion, we create a new translate-vfp.inc.c to hold
the code which deals with VFP in the new scheme. It should be
possible to convert this into a standalone translation unit
eventually, but the conversion process will be much simpler if we
simply #include it midway through translate.c to start with.

Backports commit 78e138bc1f672c145ef6ace74617db00eebaa2ba from qemu
2019-06-13 16:24:37 -04:00
Richard Henderson 7c03c8eb04
decodetree: Fix comparison of Field
Typo comparing the sign of the field, twice, instead of also comparing
the mask of the field (which itself encodes both position and length).

Backports commit 2c7d442743854d2c1f5475446e088bd523f4bb20 from qemu
2019-06-13 16:17:56 -04:00
Richard Henderson afaea6a291
target/arm: Fix output of PAuth Auth
The ARM pseudocode installs the error_code into the original
pointer, not the encrypted pointer. The difference applies
within the 7 bits of pac data; the result should be the sign
extension of bit 55.

Add a testcase to that effect.

Backports commit d67ebada159148bfdfde84871338738e4465e985 from qemu
2019-06-13 16:17:00 -04:00
Peter Maydell 230f8a091a
target/arm: Implement NSACR gating of floating point
The NSACR register allows secure code to configure the FPU
to be inaccessible to non-secure code. If the NSACR.CP10
bit is set then:
* NS accesses to the FPU trap as UNDEF (ie to NS EL1 or EL2)
* CPACR.{CP10,CP11} behave as if RAZ/WI
* HCPTR.{TCP11,TCP10} behave as if RAO/WI

Note that we do not implement the NSACR.NSASEDIS bit which
gates only access to Advanced SIMD, in the same way that
we don't implement the equivalent CPACR.ASEDIS and HCPTR.TASE.

Backports commit fc1120a7f5f2d4b601003205c598077d3eb11ad2 from qemu
2019-06-13 16:15:28 -04:00
Richard Henderson 7c32498b7f
target/arm: Use tcg_gen_gvec_bitsel
This replaces 3 target-specific implementations for BIT, BIF, and BSL.

Backports commit 3a7a2b4e5cf0d49cd8b14e8225af0310068b7d20 from qemu
2019-06-13 16:12:56 -04:00
Richard Henderson a1396b12f6
tcg: Fix typos in helper_gvec_sar{8,32,64}v
The loop is written with scalars, not vectors.
Use the correct type when incrementing.

Fixes: 5ee5c14cacd

Backports commit 899f08ad1d1231dbbfa67298413f05ed2679fb02 from qemu
2019-06-13 16:09:16 -04:00
Alex Bennée 938f8465a0
cputlb: cast size_t to target_ulong before using for address masks
While size_t is defined to happily access the biggest host object this
isn't the case when generating masks for 64 bit guests on 32 bit
hosts. Otherwise we end up truncating the address when we fall back to
our unaligned helper.

Fixes: https://bugs.launchpad.net/qemu/+bug/1831545

Backports commit ab7a2009df66241a3742cbdfe8f9a1f66c6af21f from qemu
2019-06-13 16:07:01 -04:00
Alex Bennée 9aef73f5fb
cputlb: use uint64_t for interim values for unaligned load
When running on 32 bit TCG backends a wide unaligned load ends up
truncating data before returning to the guest. We specifically have
the return type as uint64_t to avoid any premature truncation so we
should use the same for the interim types.

Fixes: https://bugs.launchpad.net/qemu/+bug/1830872
Fixes: eed5664238e

Backports commit 8c79b288513587e960b6b7257a9d955d5592f209 from qemu
2019-06-13 16:06:22 -04:00
Richard Henderson d7ea41c3a3
cpu: Move icount_decr to CPUNegativeOffsetState
Amusingly, we had already ignored the comment to keep this value
at the end of CPUState. This restores the minimum negative offset
from TCG_AREG0 for code generation.

For the couple of uses within qom/cpu.c, without NEED_CPU_H, add
a pointer from the CPUState object to the IcountDecr object within
CPUNegativeOffsetState.

Backports commit 5e1401969b25f676fee6b1c564441759cf967a43 from qemu
2019-06-13 15:34:28 -04:00
Richard Henderson 8f53f09a05
cpu: Introduce CPUNegativeOffsetState
Nothing in there so far, but all of the plumbing done
within the target ArchCPU state.

Backports commit 5b146dc716cfd247f99556c04e6e46fbd67565a0 from qemu
2019-06-13 15:08:25 -04:00
Richard Henderson a672b89e3b
cpu: Introduce cpu_set_cpustate_pointers
Consolidate some boilerplate from foo_cpu_initfn.

Backports commit 7506ed902eb97fe4e2a1dd16766c621d32ecc40d from qemu
2019-06-12 12:27:16 -04:00
Richard Henderson ac176ccb38
cpu: Move ENV_OFFSET to exec/gen-icount.h
Now that we have ArchCPU, we can define this generically,
in the one place that needs it.

Backports commit 677c4d69ac21961e76a386f9bfc892a44923acc0 from qemu
2019-06-12 12:20:21 -04:00
Richard Henderson a11dd94ce7
target/sparc: Use env_cpu, env_archcpu
Cleanup in the boilerplate that each target must define.
Replace sparc_env_get_cpu with env_archcpu. The combination
CPU(sparc_env_get_cpu) should have used ENV_GET_CPU to begin;
use env_cpu now.

Backports commit 5a59fbce9141c40db0f0a5a6e17583ad9189b48b from qemu
2019-06-12 12:13:03 -04:00
Richard Henderson 47b797f1bb
target/riscv: Use env_cpu, env_archcpu
Cleanup in the boilerplate that each target must define.
Replace riscv_env_get_cpu with env_archcpu. The combination
CPU(riscv_env_get_cpu) should have used ENV_GET_CPU to begin;
use env_cpu now.

Backports commit 3109cd98a6c0c618189b38a83a8aa29cb20acbce from qemu
2019-06-12 12:06:19 -04:00
Richard Henderson 5790c1648d
target/mips: Use env_cpu, env_archcpu
Cleanup in the boilerplate that each target must define.
Replace mips_env_get_cpu with env_archcpu. The combination
CPU(mips_env_get_cpu) should have used ENV_GET_CPU to begin;
use env_cpu now.

Backports commit 5a7330b35cabc9e2fd3a8577b7004b63af8c57f3 from qemu
2019-06-12 11:55:43 -04:00
Richard Henderson 585ba97389
target/m68k: Use env_cpu
Cleanup in the boilerplate that each target must define.
The combination CPU(m68k_env_get_cpu) should have used
ENV_GET_CPU to begin; use env_cpu now.

Backports commit a8d92fd869c601f723b82d9736a2d78ae640b8a2 from qemu
2019-06-12 11:51:23 -04:00
Richard Henderson 187778c781
target/i386: Use env_cpu, env_archcpu
Cleanup in the boilerplate that each target must define.
Replace x86_env_get_cpu with env_archcpu. The combination
CPU(x86_env_get_cpu) should have used ENV_GET_CPU to begin;
use env_cpu now.

Backports commit 6aa9e42f27331be34e06d4d66f92f2272868f96a from qemu
2019-06-12 11:46:35 -04:00
Richard Henderson b8bd543390
target/arm: Use env_cpu, env_archcpu
Cleanup in the boilerplate that each target must define.
Replace arm_env_get_cpu with env_archcpu. The combination
CPU(arm_env_get_cpu) should have used ENV_GET_CPU to begin;
use env_cpu now.

Backports commit 2fc0cc0e1e034582f4718b1a2d57691474ccb6aa from qemu
2019-06-12 11:34:08 -04:00
Richard Henderson 8b108f3607
cpu: Introduce env_archcpu
This will replace foo_env_get_cpu with a generic definition.
No changes to the target specific code so far.

Backports commit 083dc73d7a3cf2a75b5625fd8f0669b57a855d16 from qemu
2019-06-12 11:17:47 -04:00
Richard Henderson fbf91a6535
cpu: Replace ENV_GET_CPU with env_cpu
Now that we have both ArchCPU and CPUArchState, we can define
this generically instead of via macro in each target's cpu.h.

Backports commit 29a0af618ddd21f55df5753c3e16b0625f534b3c from qemu
2019-06-12 11:16:16 -04:00
Richard Henderson ae94fb5992
cpu: Define ArchCPU
For all targets, do this just before including exec/cpu-all.h.

Backports commit 2161a612b4e1d388046320bc464adefd6bba01a0 from qemu
2019-06-12 11:08:39 -04:00
Richard Henderson e3f1f25996
cpu: Define CPUArchState with typedef
For all targets, do this just before including exec/cpu-all.h.

Backports commit 4f7c64b3819d559417615ed2b1d028ebc1a49580 from qemu
2019-06-12 11:06:36 -04:00
Markus Armbruster 5e5197b136
Supply missing header guards
Backports applicable parts of commit
f91005e195e7e1485e60cb121731589960f1a3c9 from qemu
2019-06-12 10:59:10 -04:00
Lioncash 5ab9723787
cputlb: Filter flushes on already clean tlbs
Especially for guests with large numbers of tlbs, like ARM or PPC,
we may well not use all of them in between flush operations.
Remember which tlbs have been used since the last flush, and
avoid any useless flushing.

Backports much of 3d1523ced6060cdfe9e768a814d064067ccabfe5 from qemu
along with a bunch of updating changes.
2019-06-10 20:42:15 -04:00
Richard Henderson df2a890bd7
tcg: Split out target/arch/cpu-param.h
For all targets, into this new file move TARGET_LONG_BITS,
TARGET_PAGE_BITS, TARGET_PHYS_ADDR_SPACE_BITS,
TARGET_VIRT_ADDR_SPACE_BITS, and NB_MMU_MODES.

Include this new file from exec/cpu-defs.h.

This now removes the somewhat odd requirement that target/arch/cpu.h
defines TARGET_LONG_BITS before including exec/cpu-defs.h, so push the
bulk of the includes within target/arch/cpu.h to the top.

Backports commit 74433bf083b0766aba81534f92de13194f23ff3e from qemu
2019-06-10 19:35:46 -04:00
Aleksandar Markovic 93473b2e09
target/mips: Unroll loops in helpers for MSA logic instructions
Unroll loops in helpers for MSA logic instructions for better
performance.

Backports commit 5d161bc81877327bc0b2a6d8974e07ffdc6881a5 from qemu
2019-06-10 13:56:04 -04:00
Aleksandar Markovic 8ec1ab6807
target/mips: Outline places for future MSA helpers
Outline places for future MSA helpers to follow the same organization
as in MSA tests.

Backports commit 7471df9f9eaca7c4495d77265864d56644a08b23 from qemu
2019-06-10 13:55:12 -04:00
Aleksandar Markovic 10b0f86caf
target/mips: Fix block-comment-related issues in msa_helper.c
Fix block-comment-related issues reported by checkpatch for file
msa_helper.c.

Backports commit 7cc8a7220de39d77894edcb376378f280ec9c4c2 from qemu
2019-06-10 13:53:45 -04:00
Aleksandar Markovic b9d8008931
target/mips: Fix space-related format issues in msa_helper.c
Fix space-related format issues reported by checkpatch in file
msa_helper.c.

Backports commit de1700d316c18edcca0d5264b69863edb8c9bf0d from qemu
2019-06-10 13:52:04 -04:00
Wanpeng Li b41364fdc5
i386: Enable IA32_MISC_ENABLE MWAIT bit when exposing mwait/monitor
The CPUID.01H:ECX[bit 3] ought to mirror the value of the MSR
IA32_MISC_ENABLE MWAIT bit and as userspace has control of them
both, it is userspace's job to configure both bits to match on
the initial setup.

Backports commit 4cfd7bab3f5564f6c1a23b06f73d5aa2f957cd16 from qemu
2019-06-04 13:17:43 -04:00
Mateja Marjanovic c356f78e89
target/mips: Improve performance of certain MSA instructions
Eliminate loops for better performance.

Following MSA instructions from "UNOP" group are affected:

- NLZC.<B|H|W|D>
- NLOC.<B|H|W|D>
- PCNT.<B|H|W|D>

Following MSA instructions from "BINOP" group are affected:

- ADD_A.<B|H|W|D>
- ADDS_A.<B|H|W|D>
- ADDS_S.<B|H|W|D>
- ADDS_U.<B|H|W|D>
- ADDV.<B|H|W|D>
- ASUB_S.<B|H|W|D>
- ASUB_U.<B|H|W|D>
- AVE_S.<B|H|W|D>
- AVE_U.<B|H|W|D>
- AVER_S.<B|H|W|D>
- AVER_U.<B|H|W|D>
- BCLR.<B|H|W|D>
- BNEG.<B|H|W|D>
- BSET.<B|H|W|D>
- CEQ.<B|H|W|D>
- CLE_S.<B|H|W|D>
- CLE_U.<B|H|W|D>
- CLT_S.<B|H|W|D>
- CLT_U.<B|H|W|D>
- DIV_S.<B|H|W|D>
- DIV_U.<B|H|W|D>
- DOTP_S.<B|H|W|D>
- DOTP_U.<B|H|W|D>
- HADD_S.<B|H|W|D>
- HADD_U.<B|H|W|D>
- HSUB_S.<B|H|W|D>
- HSUB_U.<B|H|W|D>
- MAX_A.<B|H|W|D>
- MAX_S.<B|H|W|D>
- MAX_U.<B|H|W|D>
- MIN_A.<B|H|W|D>
- MIN_S.<B|H|W|D>
- MIN_U.<B|H|W|D>
- MOD_S.<B|H|W|D>
- MOD_U.<B|H|W|D>
- MUL_Q.<B|H|W|D>
- MULR_Q.<B|H|W|D>
- MULV.<B|H|W|D>
- SLL.<B|H|W|D>
- SRA.<B|H|W|D>
- SRAR.<B|H|W|D>
- SRL.<B|H|W|D>
- SRLR.<B|H|W|D>
- SUBS_S.<B|H|W|D>
- SUBS_U.<B|H|W|D>
- SUBSUS_U.<B|H|W|D>
- SUBSUU_S.<B|H|W|D>
- SUBV.<B|H|W|D>

Following MSA instructions from "TEROP" group are affected:

- BINSL.<B|H|W|D>
- BINSR.<B|H|W|D>
- DPADD_S.<B|H|W|D>
- DPADD_U.<B|H|W|D>
- DPSUB_S.<B|H|W|D>
- DPSUB_U.<B|H|W|D>
- MADD_Q.<B|H|W|D>
- MADDR_Q.<B|H|W|D>
- MADDV.<B|H|W|D>
- MSUB_Q.<B|H|W|D>
- MSUBR_Q.<B|H|W|D>
- MSUBV.<B|H|W|D>

Additionally, following MSA instructionas are also affected:

- ILVL.<B|H|W|D>
- ILVR.<B|H|W|D>
- ILVEV.<B|H|W|D>
- ILVOD.<B|H|W|D>
- PCKEV.<B|H|W|D>
- PCKOD.<B|H|W|D>

Backports commit 0df911fd7f482b796c9f10aa8e086fb3fb9f0f18 from qemu
2019-06-03 11:21:05 -04:00
Aleksandar Markovic 115e0f20c5
target/mips: Clean up lmi_helper.c
Remove several minor checkpatch warnings and errors.

Backports commit baf50011157bf5747c623f171f93f9e3d9dff615 from qemu
2019-06-03 11:15:34 -04:00
Aleksandar Markovic 1c8614c303
target/mips: Clean up dsp_helper.c
Remove several minor checkpatch warnings and errors.

Backports commit f49ab2e1e6ca4f218cc970c937f91f9c69c95dd3 from qemu
2019-06-03 11:14:31 -04:00
Mateja Marjanovic 4b272cbe93
target/mips: Add emulation of MMI instruction PCPYUD
Add emulation of MMI instruction PCPYUD. The emulation is implemented
using TCG front end operations directly to achieve better performance.

Backports commit fd487f83ea92d790559813c5a0a719c30ca9ecde from qemu
2019-06-03 11:08:37 -04:00
Mateja Marjanovic c5e3fc601c
target/mips: Add emulation of MMI instruction PCPYLD
Add emulation of MMI instruction PCPYLD. The emulation is implemented
using TCG front end operations directly to achieve better performance.

Backports commit b87eef31f2f8047077d79c3180e9c8e762d2a50f from qemu
2019-06-03 11:05:50 -04:00
Mateja Marjanovic 7443387030
target/mips: Add emulation of MMI instruction PCPYH
Add emulation of MMI instruction PCPYH. The emulation is implemented
using TCG front end operations directly to achieve better performance.

Backports commit d3434d9f785ddaf40e0fd521ded400643ac4be09 from qemu
2019-06-03 11:03:07 -04:00
Jules Irenge 9c7f2f2e78
target/mips: realign comments to fix checkpatch warnings
Realign comments to fix warnings issued by checkpatc.pl tool
"WARNING: Block comments use a leading /* on a separate line"
within "target/mips/cpu.h" file.

Backports commit 9e72f33d854b0a817c0d2fe4bca693b76f0fe776 from qemu
2019-05-28 19:49:59 -04:00
Jules Irenge cf39970750
target/mips: add or remove space to fix checkpatch errors
Add or remove space to fix errors issued by checkpatch.pl tool
"ERROR: spaces required around that..."
"ERROR: space required after that..."
"ERROR: space required before the open parenthesis"
"ERROR: space required after that..."
"ERROR: space prohibited between function name and open parenthesis"
"ERROR: code indent should never use tabs"
"ERROR: line over 90 characters"
within "target/mips/cpu.h" file.

Backports commit 8ebf2e1a68408068c0bcd0d02a783fd12f6a9cb5 from qemu
2019-05-28 19:48:11 -04:00
Jakub Jermář 5b25eb80af
mips: Decide to map PAGE_EXEC in map_address
This commit addresses QEMU Bug #1825311:

mips_cpu_handle_mmu_fault renders all accessed pages executable

It allows finer-grained control over whether the accessed page should
be executable by moving the decision to the underlying map_address
function, which has more information for this.

As a result, pages that have the XI bit set in the TLB and are accessed
for read/write, don't suddenly end up being executable.

Fixes: https://bugs.launchpad.net/qemu/+bug/1825311
Fixes: 2fb58b73746e ('target-mips: add RI and XI fields to TLB entry')

Backports commit 7353113fa482e697a77575086a41f429a01f8dc0 from qemu
2019-05-28 19:44:28 -04:00
Mateja Marjanovic 9e8aed043e
target/mips: Refactor and fix INSERT.<B|H|W|D> instructions
The old version of the helper for the INSERT.<B|H|W|D> MSA instructions
has been replaced with four helpers that don't use switch, and change
the endianness of the given index, when executed on a big endian host.

Backports commit c1c9a10fb1f7a6782711817c167a2c20b000fc12 from qemu
2019-05-28 19:42:28 -04:00
Mateja Marjanovic d6a8d25015
target/mips: Refactor and fix COPY_U.<B|H|W> instructions
The old version of the helper for the COPY_U.<B|H|W> MSA instructions
has been replaced with four helpers that don't use switch, and change
the endianness of the given index, when executed on a big endian host.

Backports commit 41d288582782cf8d63241ecb6efa1e4160fe78f7 from qemu
2019-05-28 19:39:22 -04:00
Mateja Marjanovic 54a33d1db3
target/mips: Refactor and fix COPY_S.<B|H|W|D> instructions
The old version of the helper for the COPY_S.<B|H|W|D> MSA instructions
has been replaced with four helpers that don't use switch, and change
the endianness of the given index, when executed on a big endian host.

Backports commit 631c467461496dcf6d6a3e4c3d27a1433e96868e from qemu
2019-05-28 19:36:14 -04:00
Mateja Marjanovic 6dd651af3a
target/mips: Fix MSA instructions ST.<B|H|W|D> on big endian host
Fix the case when the host is a big endian machine, and change
the approach toward ST.<B|H|W|D> instruction helpers.

Backports commit 6decc572dcedbf298ae30f8213b39c8b842a595a from qemu
2019-05-28 19:29:27 -04:00
Mateja Marjanovic 3ee6295d7f
target/mips: Fix MSA instructions LD.<B|H|W|D> on big endian host
Fix the case when the host is a big endian machine, and change
the approach toward LD.<B|H|W|D> instruction helpers.

Backports commit 83be6b54123a8f3c529554139f1d1e43356edf8d from qemu
2019-05-28 19:27:05 -04:00
Mateja Marjanovic 1527b25428
target/mips: Make the results of MOD_<U|S>.<B|H|W|D> the same as on hardware
MSA instructions MOD_<U|S>.<B|H|W|D> when dividing by zero,
didn't return the same value when executed on a referent hardware
(FPGA MIPS 64 r6, little endian) and when executed on QEMU, which
is not a real bug, because the result when dividing by zero is
UNPREDICTABLE [1] (page 255, 256).

[1] MIPS Architecture for Programmers
Volume IV-j: The MIPS64 SIMD
Architecture Module, Revision 1.12

Backports commit cf122bf8d2732d5d8647901ebaea596668aaaa3a from qemu
2019-05-28 19:25:00 -04:00
Mateja Marjanovic d712d3f226
target/mips: Make the results of DIV_<U|S>.<B|H|W|D> the same as on hardware
MSA instructions DIV_<U|S>.<B|H|W|D> when dividing by zero,
didn't return the same value when executed on a referent hardware
(FPGA MIPS 64 r6, little endian) and when executed on QEMU, which
is not a real bug, because the result when dividing by zero is
UNPREDICTABLE [1] (page 141, 142).

[1] MIPS Architecture for Programmers
Volume IV-j: The MIPS64 SIMD
Architecture Module, Revision 1.12

Backports commit d2a40a5f6938f30f44b536e997e1e89bb62b971c from qemu
2019-05-28 19:24:26 -04:00
Jonathan Behrens 1d6acaa604
target/riscv: Only flush TLB if SATP.ASID changes
There is an analogous change for ARM here:
https://patchwork.kernel.org/patch/10649857

Backports commit 1e0d985fa9136a563168a3da66f3d17820404ee2 from qemu
2019-05-28 19:22:51 -04:00
Jonathan Behrens 7922aa54c0
target/riscv: More accurate handling of CSR
According to the spec, "All bits besides SSIP, USIP, and UEIP in the sip
register are read-only." Further, if an interrupt is not delegated to mode x,
then "the corresponding bits in xip [...] should appear to be hardwired to
zero. This patch implements both of those requirements.

Backports commit 087b051a51a0c2a5bc1e8d435a484a8896b4176b from qemu
2019-05-28 19:22:04 -04:00
Richard Henderson d1ad8bf44c
target/riscv: Add checks for several RVC reserved operands
C.ADDI16SP, C.LWSP, C.JR, C.ADDIW, C.LDSP all have reserved
operands that were not diagnosed.

Backports commit 4cc16b3b9282e04fab8e84d136540757e82af019 from qemu
2019-05-28 19:20:36 -04:00
Alistair Francis aca20201d4
target/riscv: Add the HGATP register masks
Backports commit e06431108b0b1ef6ca76398d2b0b792ea24ae6bc from qemu
2019-05-28 19:19:00 -04:00
Alistair Francis 294297b646
target/riscv: Add the HSTATUS register masks
Backports commit d28b15a4d3b1e000ec7bf9090fe870cbc5f1eb2c from qemu
2019-05-28 19:18:28 -04:00
Alistair Francis 2e6d11ee47
target/riscv: Add Hypervisor CSR macros
Add the 1.10.1 Hypervisor CSRs and remove the 1.9.1 spec versions.

Backports commit 71f09a5bb48d0c51b87e70158407ec2db4a9c6e2 from qemu
2019-05-28 19:17:54 -04:00
Alistair Francis 47e4e047bc
target/riscv: Allow setting mstatus virtulisation bits
Backports commit 1f0419cb0475eebdbefea67483e85287f3af07a7 from qemu
2019-05-28 19:17:18 -04:00
Alistair Francis c64f57c360
target/riscv: Add the MPV and MTL mstatus bits
Backports commit 49aaa3e534f5422a56313bb93c1880e70fc1da7e from qemu
2019-05-28 19:15:33 -04:00
Alistair Francis b44de569f0
target/riscv: Improve the scause logic
No functional change, just making the code easier to read.

Backports commit 16fdb8ff64374ed51b246437e13043039a8eb9f9 from qemu
2019-05-28 19:14:44 -04:00
Alistair Francis 4b0355dcfc
target/riscv: Mark privilege level 2 as reserved
Backports commit 356d74192a035c71a78a22d24812a6df6099ae40 from qemu
2019-05-28 19:12:10 -04:00
Alistair Francis ea2fee2d4d
target/riscv: Add a base 32 and 64 bit CPU
At the same time deprecate the ISA string CPUs.

It is dobtful anyone specifies the CPUs, but we are keeping them for the
Spike machine (which is about to be depreated) so we may as well just
mark them as deprecated.

Backports commit 8903bf6e6d73d03b988b4a8197132de2ad681ff5 from qemu
2019-05-28 19:11:12 -04:00
Richard Henderson 9c1212f627
target/riscv: Remove spaces from register names
These extra spaces make the "-d op" dump look weird.

Backports commit 7f9188e210aff6522a960d9669a583a3a752ddc0 from qemu
2019-05-28 19:08:50 -04:00
Richard Henderson 68ce00ac2f
target/riscv: Split gen_arith_imm into functional and temp
The tcg_gen_fooi_tl functions have some immediate constant
folding built in, which match up with some of the riscv asm
builtin macros, like mv and not.

Backports commit 598aa1160c3d17ab9271daf1f69d093ebada3f25 from qemu
2019-05-28 19:07:53 -04:00
Richard Henderson a62b4e5def
target/riscv: Split RVC32 and RVC64 insns into separate files
This eliminates all functions in insn_trans/trans_rvc.inc.c,
so the entire file can be removed.

Backports commit 0e68e240a9bd3b44a91cd6012f0e2bf2a43b9fe2 from qemu
2019-05-28 19:00:23 -04:00
Richard Henderson a968769d26
target/riscv: Use pattern groups in insn16.decode
This eliminates about half of the complicated decode
bits within insn_trans/trans_rvc.inc.c.

Backports commit c2cfb97c01a3636867c1a4a24f8a99fd8c6bed28 from qemu
2019-05-28 18:55:28 -04:00
Richard Henderson 8360c1fa3b
target/riscv: Merge argument decode for RVC shifti
Special handling for IMM==0 is the only difference between
RVC shifti and RVI shifti. This can be handled with !function.

Backports commit 6cafec92f1c862a9754ef6a28be68ba7178a284d from qemu
2019-05-28 18:52:50 -04:00
Richard Henderson dc087c4c0c
target/riscv: Merge argument sets for insn32 and insn16
In some cases this allows us to directly use the insn32
translator function. In some cases we still need a shim.

Backports commit e1d455dd91c935c714412dafeb24db947429a929 from qemu
2019-05-28 18:50:48 -04:00
Richard Henderson cb2ce66814
target/riscv: Use --static-decode for decodetree
The generated functions are only used within translate.c
and do not need to be global, or declared.

Backports commit 81770255581bd210c57b86a6e808628ab8d0c543 from qemu
2019-05-28 18:45:23 -04:00
Richard Henderson d51505f6e9
target/riscv: Name the argument sets for all of insn32 formats
Backports commit e761799796ac2211b9706753c459e117e7be58fa from qemu
2019-05-28 18:36:53 -04:00
Fabien Chouteau 7e6d37b51d
RISC-V: fix single stepping over ret and other branching instructions
This patch introduces wrappers around the tcg_gen_exit_tb() and
tcg_gen_lookup_and_goto_ptr() functions that handle single stepping,
i.e. call gen_exception_debug() when single stepping is enabled.

Theses functions are then used instead of the originals, bringing single
stepping handling in places where it was previously ignored such as jalr
and system branch instructions (ecall, mret, sret, etc.).

Backports commit 6e2716d8ca4edf3597307accef7af36e8ad966eb from qemu
2019-05-28 18:35:07 -04:00
Jonathan Behrens 25c0333213
target/riscv: Do not allow sfence.vma from user mode
The 'sfence.vma' instruction is privileged, and should only ever be allowed
when executing in supervisor mode or higher.

Backports commit b86f4167630802128d94f3c89043d97d2f4c2546 from qemu
2019-05-28 18:29:46 -04:00
Richard Henderson 67f0af4282
tcg/aarch64: Allow immediates for vector ORR and BIC
The allows immediates to be used for ORR and BIC,
as well as the trivial inversions, ORC and AND.

Backports commit 9e27f58b9902834dffc0d66d9eb62f78d9c2a632 from qemu
2019-05-24 18:47:07 -04:00
Richard Henderson 5ecfba4fe6
tcg/aarch64: Build vector immediates with two insns
Use MOVI+ORR or MVNI+BIC in order to build some vector constants,
as opposed to dropping them to the constant pool. This includes
all 16-bit constants and a similar set of 32-bit constants.

Backports commit 02f3a5b4744885258758d07ebe09cf965de78bcf from qemu
2019-05-24 18:43:54 -04:00
Richard Henderson 06058ef648
tcg/aarch64: Use MVNI in tcg_out_dupi_vec
The compliment of a subset of immediates can be computed
with a single instruction.

Backports commit 7e308e003e5b6ddd3130e09711e1d33693230696 from qemu
2019-05-24 18:42:40 -04:00
Richard Henderson c18ec586dc
tcg/aarch64: Split up is_fimm
There are several sub-classes of vector immediate, and only MOVI
can use them all. This will enable usage of MVNI and ORRI, which
use progressively fewer sub-classes.

This patch adds no new functionality, merely splits the function
and moves part of the logic into tcg_out_dupi_vec.

Backports commit 984fdcee342473dfe797897758929dad654693c8 from qemu
2019-05-24 18:41:37 -04:00
Richard Henderson 0ea4c05dc3
tcg/aarch64: Support vector bitwise select value
The instruction set has 3 insns that perform the same operation,
only varying in which operand must overlap the destination. We
can represent the operation without overlap and choose based on
the operands seen.

Backports commit a9e434a5dc16f71ee156428619fc3c3765b68f26 from qemu
2019-05-24 18:38:37 -04:00
Richard Henderson c79510378f
tcg/i386: Use umin/umax in expanding unsigned compare
Using umin(a, b) == a as an expansion for TCG_COND_LEU is a
better alternative to (a - INT_MIN) <= (b - INT_MIN).

Backports commit ebcfb91abed8c0fb180a968b9004419c208dcc02 from qemu
2019-05-24 18:36:32 -04:00
Richard Henderson ffdbc1a233
tcg/i386: Remove expansion for missing minmax
This is now handled by code within tcg-op-vec.c.

Backports commit 3ec3538a45f2fead475b0cca6945092c87927b4f from qemu
2019-05-24 18:34:44 -04:00
Richard Henderson 68cb096196
tcg/i386: Support vector comparison select value
We already had backend support for this feature. Expand the new
cmpsel opcode using vpblendb. The combination allows us to avoid
an extra NOT for some comparison codes.

Backports commit 904c5e19672778cc3349f4975437cfdf3371abb6 from qemu
2019-05-24 18:33:16 -04:00
Richard Henderson a868533297
tcg: Add TCG_OPF_NOT_PRESENT if TCG_TARGET_HAS_foo is negative
If INDEX_op_foo is always expanded by tcg_expand_vec_op, then
there may be no reasonable set of constraints to return from
tcg_target_op_def for that opcode.

Let TCG_TARGET_HAS_foo be specified as -1 in that case. Thus a
boolean test for TCG_TARGET_HAS_foo is true, but we will not
assert within process_op_defs when no constraints are specified.

Compare this with tcg_can_emit_vec_op, which already uses this
tri-state indication.

Backports commit 25c012b4009256505be3430480954a0233de343e from qemu
2019-05-24 18:28:11 -04:00
Richard Henderson 568da655c6
tcg: Expand vector minmax using cmp+cmpsel
Provide a generic fallback for the min/max operations.

Backports commit 72b4c792c7a576d9246207a8e9a940ed9e191722 from qemu
2019-05-24 18:26:53 -04:00
Richard Henderson 56d35e80aa
tcg: Introduce do_op3_nofail for vector expansion
This makes do_op3 match do_op2 in allowing for failure,
and thus fall back expansions.

Backports commit 17f79944ebeace8bf43047a33b7775ba5ed9070e from qemu
2019-05-24 18:24:44 -04:00
Richard Henderson 2ea6dfbd63
tcg: Add support for vector compare select
Perform a per-element conditional move. This combination operation is
easier to implement on some host vector units than plain cmp+bitsel.
Omit the usual gvec interface, as this is intended to be used by
target-specific gvec expansion call-backs.

Backports commit f75da2988eb2457fa23d006d573220c5c680ec4e from qemu
2019-05-24 18:21:13 -04:00
Richard Henderson ca58be9cb4
tcg: Add support for vector bitwise select
This operation performs d = (b & a) | (c & ~a), and is present
on a majority of host vector units. Include gvec expanders.

Backports commit 38dc12947ec9106237f9cdbd428792c985cd86ae from qemu
2019-05-24 18:15:10 -04:00
Richard Henderson fa363c3d6d
tcg: Fix missing checks and clears in tcg_gen_gvec_dup_mem
The paths through tcg_gen_dup_mem_vec and through MO_128 were
missing the check_size_align. The path through MO_128 was also
missing the expand_clr. This last was not visible because the
only user is ARM SVE, which would set oprsz == maxsz, and not
require the clear.

Fix by adding the check_size_align and using do_dup directly
instead of duplicating the check in tcg_gen_gvec_dup_{i32,i64}.

Backports commit 532ba368a13712724137228b5e7e9435994d25e1 from qemu
2019-05-24 18:07:28 -04:00
Richard Henderson 60cfe541b2
tcg/i386: Fix dupi/dupm for avx1 and 32-bit hosts
The VBROADCASTSD instruction only allows %ymm registers as destination.
Rather than forcing VEX.L and writing to the entire 256-bit register,
revert to using MOVDDUP with an %xmm register. This is sufficient for
an avx1 host since we do not support TCG_TYPE_V256 for that case.

Also fix the 32-bit avx2, which should have used VPBROADCASTW.

Fixes: 1e262b49b533

Backports commit 7b60ef3264e9627ac6efb34e9a6130647e9b55c0 from qemu
2019-05-24 18:04:08 -04:00
Alistair Francis f8f3e50372
target/arm: Fix vector operation segfault
Commit 89e68b575 "target/arm: Use vector operations for saturation"
causes this abort() when booting QEMU ARM with a Cortex-A15:

0 0x00007ffff4c2382f in raise () at /usr/lib/libc.so.6
1 0x00007ffff4c0e672 in abort () at /usr/lib/libc.so.6
2 0x00005555559c1839 in disas_neon_data_insn (insn=<optimized out>, s=<optimized out>) at ./target/arm/translate.c:6673
3 0x00005555559c1839 in disas_neon_data_insn (s=<optimized out>, insn=<optimized out>) at ./target/arm/translate.c:6386
4 0x00005555559cd8a4 in disas_arm_insn (insn=4081107068, s=0x7fffe59a9510) at ./target/arm/translate.c:9289
5 0x00005555559cd8a4 in arm_tr_translate_insn (dcbase=0x7fffe59a9510, cpu=<optimized out>) at ./target/arm/translate.c:13612
6 0x00005555558d1d39 in translator_loop (ops=0x5555561cc580 <arm_translator_ops>, db=0x7fffe59a9510, cpu=0x55555686a2f0, tb=<optimized out>, max_insns=<optimized out>) at ./accel/tcg/translator.c:96
7 0x00005555559d10d4 in gen_intermediate_code (cpu=cpu@entry=0x55555686a2f0, tb=tb@entry=0x7fffd7840080 <code_gen_buffer+126091347>, max_insns=max_insns@entry=512) at ./target/arm/translate.c:13901
8 0x00005555558d06b9 in tb_gen_code (cpu=cpu@entry=0x55555686a2f0, pc=3067096216, cs_base=0, flags=192, cflags=-16252928, cflags@entry=524288) at ./accel/tcg/translate-all.c:1736
9 0x00005555558ce467 in tb_find (cf_mask=524288, tb_exit=1, last_tb=0x7fffd783e640 <code_gen_buffer+126084627>, cpu=0x1) at ./accel/tcg/cpu-exec.c:407
10 0x00005555558ce467 in cpu_exec (cpu=cpu@entry=0x55555686a2f0) at ./accel/tcg/cpu-exec.c:728
11 0x000055555588b0cf in tcg_cpu_exec (cpu=0x55555686a2f0) at ./cpus.c:1431
12 0x000055555588d223 in qemu_tcg_cpu_thread_fn (arg=0x55555686a2f0) at ./cpus.c:1735
13 0x000055555588d223 in qemu_tcg_cpu_thread_fn (arg=arg@entry=0x55555686a2f0) at ./cpus.c:1709
14 0x0000555555d2629a in qemu_thread_start (args=<optimized out>) at ./util/qemu-thread-posix.c:502
15 0x00007ffff4db8a92 in start_thread () at /usr/lib/libpthread.

This patch ensures that we don't hit the abort() in the second switch
case in disas_neon_data_insn() as we will return from the first case.

Backports commit 2f143d3ad1c05e91cf2cdf5de06d59a80a95e6c8 from qemu
2019-05-24 18:02:32 -04:00
Richard Henderson 9287750362
target/arm: Simplify BFXIL expansion
The mask implied by the extract is redundant with the one
implied by the deposit. Also, fix spelling of BFXIL.

Backports commit 87eb65a3c45c788a309986d48170a54a0d1c0705 from qemu
2019-05-24 18:01:26 -04:00
Richard Henderson 1778828644
target/arm: Use extract2 for EXTR
This is, after all, how we implement extract2 in tcg/aarch64.

Backports commit 80ac954c369e7e61bd1ed00cef07b63e11f9c734 from qemu
2019-05-24 17:58:58 -04:00
Richard Henderson 0412b3be8a
target/i386: Implement CPUID_EXT_RDRAND
We now have an interface for guest visible random numbers.

Backports commit 369fd5ca66810b2ddb16e23a497eabe59385eceb from qemu with
the actual RNG portion disabled for the time being.
2019-05-23 15:12:50 -04:00
Richard Henderson 3dd7358a53
target/arm: Implement ARMv8.5-RNG
Use the newly introduced infrastructure for guest random numbers.

Backports commit de390645675966cce113bf5394445bc1f8d07c85 from qemu

(with the actual RNG portion disabled to preserve determinism for the
time being).
2019-05-23 15:03:23 -04:00
Richard Henderson a8df33c37c
target/arm: Put all PAC keys into a structure
This allows us to use a single syscall to initialize them all.

Backports commit 108b3ba891408c4dce93df78261ec4aca38c0e2e from qemu
2019-05-23 14:54:06 -04:00
Paolo Bonzini 1341e371a8
target/i386: add MDS-NO feature
Microarchitectural Data Sampling is a hardware vulnerability which allows
unprivileged speculative access to data which is available in various CPU
internal buffers.

Some Intel processors use the ARCH_CAP_MDS_NO bit in the
IA32_ARCH_CAPABILITIES
MSR to report that they are not vulnerable, make it available to
guests.

Backports commit 20140a82c67467f53814ca197403d5e1b561a5e5 from qemu
2019-05-23 14:49:20 -04:00
Paolo Bonzini a4f2517f46
target/i386: define md-clear bit
md-clear is a new CPUID bit which is set when microcode provides the
mechanism to invoke a flush of various exploitable CPU buffers by invoking
the VERW instruction.

Backports commit b2ae52101fca7f9547ac2f388085dbc58f8fe1c0 from qemu
2019-05-23 14:48:18 -04:00
Philippe Mathieu-Daudé 4a1b8d64bd
target/m68k: Optimize rotate_x() using extract_i32()
Optimize rotate_x() using tcg_gen_extract_i32(). We can now free the
'sz' tcg_temp earlier. Since it is allocated with tcg_const_i32(),
free it with tcg_temp_free_i32().

Backports commit 60d3d0cfeb1658d2827d6a4f0df27252bb36baba from qemu
2019-05-17 12:07:07 -04:00
Philippe Mathieu-Daudé 3c6cb445a0
target/m68k: Fix a tcg_temp leak
The function gen_get_ccr() returns a tcg_temp created with
tcg_temp_new(). Free it with tcg_temp_free().

Backports commit 44c64e90950adf9efe7f4235a32eb868d1290ebb from qemu
2019-05-17 12:05:11 -04:00
Philippe Mathieu-Daudé a72a53c2d9
target/m68k: Reduce the l1 TCGLabel scope
Backports commit 89fa312be0dfd8b4c539c8763796e785c6b00b46 from qemu
2019-05-17 12:03:37 -04:00
Peter Maydell 3fb64fd5a2
target/m68k: Switch to transaction_failed hook
Switch the m68k target from the old unassigned_access hook
to the transaction_failed hook.

The notable difference is that rather than it being called
for all physical memory accesses which fail (including
those made by DMA devices or by the gdbstub), it is only
called for those made by the CPU via its MMU. (In previous
commits we put in explicit checks for the direct physical
loads made by the target/m68k code which will no longer
be handled by calling the unassigned_access hook.)

Backports commit e1aaf3a88e95ab007445281e2b2f6e3c8da47f22 from qemu
2019-05-17 12:01:40 -04:00
Peter Maydell ab63f1a102
target/m68k: In get_physical_address() check for memory access failures
In get_physical_address(), use address_space_ldl() and
address_space_stl() instead of ldl_phys() and stl_phys().
This allows us to check whether the memory access failed.
For the moment, we simply return -1 in this case;
add a TODO comment that we should ideally generate the
appropriate kind of fault.

Backports commit adcf0bf017351776510121e47b9226095836023c from qemu
2019-05-17 11:59:01 -04:00
Richard Henderson 2a4a7b9391
tcg: Use tlb_fill probe from tlb_vaddr_to_host
Most of the existing users would continue around a loop which
would fault the tlb entry in via a normal load/store.

But for AArch64 SVE we have an existing emulation bug wherein we
would mark the first element of a no-fault vector load as faulted
(within the FFR, not via exception) just because we did not have
its address in the TLB. Now we can properly only mark it as faulted
if there really is no valid, readable translation, while still not
raising an exception. (Note that beyond the first element of the
vector, the hardware may report a fault for any reason whatsoever;
with at least one element loaded, forward progress is guaranteed.)

Backports commit 4811e9095c0491bc6f5450e5012c9c4796b9e59d from qemu
2019-05-16 18:27:03 -04:00
Laurent Vivier 8cdfed1032
linux-user: fix 32bit g2h()/h2g()
sparc32plus has 64bit long type but only 32bit virtual address space.

For instance, "apt-get upgrade" failed because of a mmap()/msync()
sequence.

mmap() returned 0xff252000 but msync() used g2h(0xffffffffff252000)
to find the host address. The "(target_ulong)" in g2h() doesn't fix the
address because it is 64bit long.

This patch introduces an "abi_ptr" that is set to uint32_t
if the virtual address space is addressed using 32bit in the linux-user
case. It stays set to target_ulong with softmmu case.

Backports commit 3e23de15237c81fe7af7c3ffa299a6ae5fec7d43 from qemu
2019-05-16 18:20:55 -04:00
Richard Henderson e736ef3238
tcg: Remove CPUClass::handle_mmu_fault
This hook is now completely replaced by tlb_fill.

Backports commit 69963f5709a0645934c169784820d0bee22208ba from qemu
2019-05-16 18:12:17 -04:00
Lioncash fcaa52c1fe
tcg: Synchronize with qemu
Resolves any formatting discrepancies and bad merges that slipped
through.
2019-05-16 18:11:08 -04:00
Richard Henderson dab0061a0d
tcg: Use CPUClass::tlb_fill in cputlb.c
We can now use the CPUClass hook instead of a named function.

Create a static tlb_fill function to avoid other changes within
cputlb.c. This also isolates the asserts within. Remove the
named tlb_fill function from all of the targets.

Backports commit c319dc13579a92937bffe02ad2c9f1a550e73973 from qemu
2019-05-16 17:35:37 -04:00
Richard Henderson 5d83199931
target/sparc: Convert to CPUClass::tlb_fill
Backports commit e84942f2ceaa79430414f2cb68d77c044dadca96 from qemu
2019-05-16 17:29:35 -04:00
Richard Henderson e98c731550
target/riscv: Convert to CPUClass::tlb_fill
Note that env->pc is removed from the qemu_log as that value is garbage.
The PC isn't recovered until cpu_restore_state, called from
cpu_loop_exit_restore, called from riscv_raise_exception.

Backports commit 8a4ca3c10a96be6ed7f023b685b688c4d409bbcb from qemu
2019-05-16 17:24:01 -04:00
Richard Henderson 14d48974a4
target/mips: Convert to CPUClass::tlb_fill
Note that env->active_tc.PC is removed from the qemu_log as that value
is garbage. The PC isn't recovered until cpu_restore_state, called from
cpu_loop_exit_restore, called from do_raise_exception_err.

Backports commit 931d019f5b2e7bbacb162869497123be402ddd86 from qemu
2019-05-16 17:19:47 -04:00
Richard Henderson 49cb8cfe5b
target/mips: Tidy control flow in mips_cpu_handle_mmu_fault
Since the only non-negative TLBRET_* value is TLBRET_MATCH,
the subsequent test for ret < 0 is useless. Use early return
to allow subsequent blocks to be unindented.

Backports commit e38f4eb63020075432cb77bf48398187809cf4a3 from qemu
2019-05-16 17:15:33 -04:00
Richard Henderson f175e89ca2
target/mips: Pass a valid error to raise_mmu_exception for user-only
At present we give ret = 0, or TLBRET_MATCH. This gets matched
by the default case, which falls through to TLBRET_BADADDR.
However, it makes more sense to use a proper value. All of the
tlb-related exceptions are handled identically in cpu_loop.c,
so TLBRET_BADADDR is as good as any other. Retain it.

Backports commit 995ffde9622c01f5b307cab47f9bd7962ac09db2 from qemu
2019-05-16 17:14:02 -04:00
Richard Henderson 52998fe46d
target/m68k: Convert to CPUClass::tlb_fill
Backports commit fe5f7b1b3a2317f598687218c348b54e02a75e1f from qemu
2019-05-16 17:12:41 -04:00
Richard Henderson fe9ac6e1c4
target/i386: Convert to CPUClass::tlb_fill
We do not support probing, but we do not need it yet either.

Backports commit 5d0044212c375c0696baef7bba13699277dac5b5 from qemu
2019-05-16 17:08:14 -04:00
Richard Henderson 31ecdb5341
target/arm: Convert to CPUClass::tlb_fill
Backports commit 7350d553b5066abdc662045d7db5cdb73d0f9d53 from qemu
2019-05-16 16:55:12 -04:00
Richard Henderson 1f30062c41
tcg: Add CPUClass::tlb_fill
This hook will replace the (user-only mode specific) handle_mmu_fault
hook, and the (system mode specific) tlb_fill function.

The handle_mmu_fault hook was written as if there was a valid
way to recover from an mmu fault, and had 3 possible return states.
In reality, the only valid action is to raise an exception,
return to the main loop, and deliver the SIGSEGV to the guest.

Note that all of the current implementations of handle_mmu_fault
for guests which support linux-user do in fact only ever return 1,
which is the signal to return to the main loop.

Using the hook for system mode requires that all targets be converted,
so for now the hook is (optionally) used only from user-only mode.

Backports commit da6bbf8513e621a8fc2fd315d77318f36547474d from qemu
2019-05-16 16:46:19 -04:00
Richard Henderson de260cfbd6
tcg/aarch64: Do not advertise minmax for MO_64
The min/max instructions are not available for 64-bit elements.

Backports commit a7b6d286cfb5205b9f5330aefc5727269b3d810f from qemu
2019-05-16 16:44:34 -04:00
Richard Henderson 552e48f14e
target/arm: Use tcg_gen_abs_i64 and tcg_gen_gvec_abs
Backports commit 4e027a710673f5d4dc6cff88728bcfd32e4c47b0 from qemu
2019-05-16 16:43:02 -04:00
Richard Henderson 7c9b3a9021
tcg/aarch64: Support vector absolute value
Backports commit a456394ae540f852cd0d10fd693fe9f33598dc01 from qemu
2019-05-16 16:39:14 -04:00
Richard Henderson fd35490991
tcg/i386: Support vector absolute value
Backports commit 18f9b65f1a4225dd314cb9b0a8dea968c5bc2ef3 from qemu
2019-05-16 16:37:33 -04:00
Richard Henderson 6d5e7856ff
tcg: Add support for vector absolute value
Backports commit bcefc90208f8a1d6f619d61c2647281d92277015 from qemu
2019-05-16 16:33:43 -04:00
Richard Henderson 6d1730048d
tcg: Add support for integer absolute value
Remove a function of the same name from target/arm/.
Use a branchless implementation of abs gleaned from gcc.

Backports commit ff1f11f7f8710a768f9313f24bd7f509d3db27e5 from qemu
2019-05-16 16:25:15 -04:00
Richard Henderson 18b3df6e4e
tcg/i386: Support vector scalar shift opcodes
Backports commit 0a8d7a3bf5a149a82450eef555fd61728703dd84 from qemu
2019-05-16 16:19:44 -04:00
Richard Henderson 79b9dc559e
tcg: Add gvec expanders for vector shift by scalar
Allow expansion either via shift by scalar or by replicating
the scalar for shift by vector.

Backports commit b4578cd91cda4cef1c413304353ca6dc5b957b60 from qemu
2019-05-16 16:17:58 -04:00
Richard Henderson 0217ee7b24
tcg/aarch64: Support vector variable shift opcodes
Backports commit 79525dfd08262d8de10d271f17e5a4096ef96d16 from qemu
2019-05-16 15:58:54 -04:00
Richard Henderson f793ec847d
tcg/i386: Support vector variable shift opcodes
Backports commit a2ce146a06807fe1d1a81e878b8f249ff1e14038 from qemu
2019-05-16 15:53:33 -04:00
Richard Henderson 8c17687934
tcg: Add gvec expanders for variable shift
The gvec expanders perform a modulo on the shift count. If the target
requires alternate behaviour, then it cannot use the generic gvec
expanders anyway, and will have to have its own custom code.

Backports commit 5ee5c14cacda27e904cd6b0d9e7ffe1acff42838 from qemu
2019-05-16 15:51:09 -04:00
Richard Henderson 66e6bea084
tcg: Add INDEX_op_dupm_vec
Allow the backend to expand dup from memory directly, instead of
forcing the value into a temp first. This is especially important
if integer/vector register moves do not exist.

Note that officially tcg_out_dupm_vec is allowed to fail.
If it did, we could fix this up relatively easily:

VECE == 32/64:
Load the value into a vector register, then dup.
Both of these must work.

VECE == 8/16:
If the value happens to be at an offset such that an aligned
load would place the desired value in the least significant
end of the register, go ahead and load w/garbage in high bits.

Load the value w/INDEX_op_ld{8,16}_i32.
Attempt a move directly to vector reg, which may fail.
Store the value into the backing store for OTS.
Load the value into the vector reg w/TCG_TYPE_I32, which must work.
Duplicate from the vector reg into itself, which must work.

All of which is well and good, except that all supported
hosts can support dupm for all vece, so all of the failure
paths would be dead code and untestable.

Backports commit 37ee55a081b7863ffab2151068dd1b2f11376914 from qemu
2019-05-16 15:38:02 -04:00
Richard Henderson fd7a67e4a7
tcg/aarch64: Implement tcg_out_dupm_vec
The LD1R instruction does all the work. Note that the only
useful addressing mode is a base register with no offset.

Backports commit f23e5e15edfd49d5dd72cab2ed2d85ac354b2eeb from qemu
2019-05-16 15:29:04 -04:00
Richard Henderson a6fd4e2345
tcg/i386: Implement tcg_out_dupm_vec
At the same time, improve tcg_out_dupi_vec wrt broadcast
from the constant pool.

Backports commit 1e262b49b5331441f697461e4305fe06719758a7 from qemu
2019-05-16 15:27:15 -04:00
Richard Henderson d4e7c6a8c5
tcg: Add tcg_out_dupm_vec to the backend interface
Currently stubbed out in all backends that support vectors.

Backports commit d6ecb4a978b718dbe108a9fa9ecccc8b7f7cb579 from qemu
2019-05-16 15:24:48 -04:00
Richard Henderson cf238d3544
tcg: Manually expand INDEX_op_dup_vec
This case is similar to INDEX_op_mov_* in that we need to do
different things depending on the current location of the source.

Backports commit bab1671f0fa928fd678a22f934739f06fd5fd035 from qemu
2019-05-16 15:22:29 -04:00
Richard Henderson 3d20e1678c
tcg: Promote tcg_out_{dup,dupi}_vec to backend interface
The i386 backend already has these functions, and the aarch64 backend
could easily split out one. Nothing is done with these functions yet,
but this will aid register allocation of INDEX_op_dup_vec in a later patch.

Adjust the aarch64 tcg_out_dupi_vec signature to match the new interface.

Backports commit e7632cfa8b76cdbbc1c76e8737338ef5844e7d60 from qemu
2019-05-16 15:18:48 -04:00
Richard Henderson d58d9ad16e
tcg: Support cross-class moves without instruction support
PowerPC Altivec does not support direct moves between vector registers
and general registers. So when tcg_out_mov fails, we can use the
backing memory for the temporary to perform the move.

Backports commit 240c08d0998f402c325fce489de0d14831048128 from qemu
2019-05-16 15:16:23 -04:00
Richard Henderson f86bd1c5d6
tcg: Return bool success from tcg_out_mov
This patch merely changes the interface, aborting on all failures,
of which there are currently none.

Backports commit 78113e83e0007e869c9f0cb4c0497a77538988e3 from qemu
2019-05-16 15:14:42 -04:00
Richard Henderson f7d9ee8451
tcg/arm: Use tcg_out_mov_reg in tcg_out_mov
We have a function that takes an additional condition parameter
over the standard backend interface. It already takes care of
eliding no-op moves.

Backports commit c16f52b2c5d91c36e121795bd3b386cea0b7573c from qemu
2019-05-16 15:10:52 -04:00
Richard Henderson fef5700c9c
tcg: Assert fixed_reg is read-only
The only fixed_reg is cpu_env, and it should not be modified
during any TB. Therefore code that tries to special-case moves
into a fixed_reg is dead. Remove it.

Backports commit d63e3b6e694ad6c887be135dddb9cd4893f1a844 from qemu
2019-05-16 15:09:37 -04:00
Richard Henderson c54b2776f6
tcg: Specify optional vector requirements with a list
Replace the single opcode in .opc with a null-terminated
array in .opt_opc. We still require that all opcodes be
used with the same .vece.

Validate the contents of this list with CONFIG_DEBUG_TCG.
All tcg_gen_*_vec functions will check any list active
during .fniv expansion. Swap the active list in and out
as we expand other opcodes, or take control away from the
front-end function.

Convert all existing vector aware front ends.

Backports commit 53229a7703eeb2bbe101a19a33ef22aaf960c65b from qemu
2019-05-16 15:05:02 -04:00
Richard Henderson 37762fd92b
tcg: Allow add_vec, sub_vec, neg_vec, not_vec to be expanded
PowerPC Altivec does not support add and subtract of 64-bit elements.
Prepare for that configuration by not assuming the operation is
universally supported.

Backports commit ce27c5d1a38e93da38653af71fb468c5eded4c7b from qemu
2019-05-16 14:33:18 -04:00
Richard Henderson 9a9b681b38
tcg: Do not recreate INDEX_op_neg_vec unless supported
Use tcg_can_emit_vec_op instead of just TCG_TARGET_HAS_neg_vec,
so that we check the type and vece for the actual operation.

Backports commit ac383dde33405106469d04a78de1d76f1a730cb1 from qemu
2019-05-16 14:28:41 -04:00
David Hildenbrand f3b4a64d27
tcg: Implement tcg_gen_gvec_3i()
Let's add tcg_gen_gvec_3i(), similar to tcg_gen_gvec_2i(), however
without introducing "gen_helper_gvec_3i *fnoi", as it isn't needed
for now.

Backports commit e1227bb6e59173117f094a6a13b998587b45c928 from qemu
2019-05-16 14:26:50 -04:00
Markus Armbruster 1b2c8c44d5
Clean up ill-advised or unusual header guards
Leading underscores are ill-advised because such identifiers are
reserved. Trailing underscores are merely ugly. Strip both.

Our header guards commonly end in _H. Normalize the exceptions.

Done with scripts/clean-header-guards.pl.

Backports commit a8b991b52dcde75ab5065046653626951aac666d from qemu
2019-05-14 08:02:53 -04:00
Richard Henderson 9a02741c13
cputlb: Do unaligned store recursion to outermost function
This is less tricky than for loads, because we always fall
back to single byte stores to implement unaligned stores.

Backports commit 4601f8d10d7628bcaf2a8179af36e04b42879e91 from qemu
2019-05-14 07:45:15 -04:00
Richard Henderson bcab6f1719
cputlb: Do unaligned load recursion to outermost function
If we attempt to recurse from load_helper back to load_helper,
even via intermediary, we do not get all of the constants
expanded away as desired.

But if we recurse back to the original helper (or a shim that
has a consistent function signature), the operands are folded
away as desired.

Backports commit 2dd926067867c2dd19e66d31a7990e8eea7258f6 from qemu
2019-05-14 07:43:31 -04:00
Richard Henderson f12f36aebd
cputlb: Drop attribute flatten
Going to approach this problem via __attribute__((always_inline))
instead, but full conversion will take several steps.

Backports commit fc1bc777910dc14a3db4e2ad66f3e536effc297d from qemu
2019-05-14 07:33:39 -04:00
Richard Henderson 7991cd601f
cputlb: Move TLB_RECHECK handling into load/store_helper
Having this in io_readx/io_writex meant that we forgot to
re-compute index after tlb_fill. It also means we can use
the normal aligned memory load path. It also fixes a bug
in that we had cached a use of index across a tlb_fill.

Backports commit f1be36969de2fb9b6b64397db1098f115210fcd9 from qemu
2019-05-14 07:28:15 -04:00
Alex Bennée ccee796272
accel/tcg: demacro cputlb
Instead of expanding a series of macros to generate the load/store
helpers we move stuff into common functions and rely on the compiler
to eliminate the dead code for each variant.

Backports commit eed5664238ea5317689cf32426d9318686b2b75c from qemu
2019-05-14 07:28:11 -04:00
Peter Maydell 26cb1b8767
target/arm: Stop using variable length array in dc_zva
Currently the dc_zva helper function uses a variable length
array. In fact we know (as the comment above remarks) that
the length of this array is bounded because the architecture
limits the block size and QEMU limits the target page size.
Use a fixed array size and assert that we don't run off it.

Backports commit 63159601fb3e396b28da14cbb71e50ed3f5a0331 from qemu
2019-05-09 17:48:25 -04:00
Peter Maydell 7861820e94
target/arm: Implement XPSR GE bits
In the M-profile architecture, if the CPU implements the DSP extension
then the XPSR has GE bits, in the same way as the A-profile CPSR. When
we added DSP extension support we forgot to add support for reading
and writing the GE bits, which are stored in env->GE. We did put in
the code to add XPSR_GE to the mask of bits to update in the v7m_msr
helper, but forgot it in v7m_mrs. We also must not allow the XPSR we
pull off the stack on exception return to set the nonexistent GE bits.
Correct these errors:
* read and write env->GE in xpsr_read() and xpsr_write()
* only set GE bits on exception return if DSP present
* read GE bits for MRS if DSP present

Backports commit f1e2598c46d480c9e21213a244bc514200762828 from qemu
2019-05-09 17:46:31 -04:00
Cao Jiaxi bcb1270f23
osdep: Fix mingw compilation regarding stdio formats
I encountered the following compilation error on mingw:

/mnt/d/qemu/include/qemu/osdep.h:97:9: error: '__USE_MINGW_ANSI_STDIO' macro redefined [-Werror,-Wmacro-redefined]
\#define __USE_MINGW_ANSI_STDIO 1
^
/mnt/d/llvm-mingw/aarch64-w64-mingw32/include/_mingw.h:433:9: note: previous definition is here
\#define __USE_MINGW_ANSI_STDIO 0 /* was not defined so it should be 0 */

It turns out that __USE_MINGW_ANSI_STDIO must be set before any
system headers are included, not just before stdio.h.

Backports commit 946376c21be1cd9dcc3c7936b204b113781603f7 from qemu
2019-05-09 17:44:14 -04:00
Cao Jiaxi 3922118434
util/cacheinfo: Use uint64_t on LLP64 model to satisfy Windows ARM64
Windows ARM64 uses LLP64 model, which breaks current assumptions.

Backports commit 8041336ef74e19ca607c1601016333c986de8f9c from qemu
2019-05-09 17:43:27 -04:00
Lioncash a71c027063
decodetree: Add DisasContext argument to !function expanders
This does require adjusting all existing users.

Backports commit 451e4ffdb0003ab5ed0d98bd37b385c076aba183 from qemu
2019-05-09 17:40:45 -04:00
Richard Henderson 9030870a8f
decodetree: Expand a decode_load function
Read the instruction, loading no more bytes than necessary.

Backports commit 70e0711ab18fa48279cd2c8cc570b57f38648598 from qemu
2019-05-09 17:35:20 -04:00
Richard Henderson a98e70e791
decodetree: Initial support for variable-length ISAs
Assuming that the ISA clearly describes how to determine
the length of the instruction, and the ISA has a reasonable
maximum instruction length, the input to the decoder can be
right-justified in an appropriate insn word.

This is not 100% convenient, as out-of-line %fields are
numbered relative to the maximum instruction length, but
this appears to still be usable.

Backports commit 17560e9349ff1fcce814184b37993f92378cf0c4 from qemu
2019-05-09 17:32:38 -04:00
Richard Henderson 8fdd009a9d
tcg: Remove CF_IGNORE_ICOUNT
Now that we have curr_cflags, we can include CF_USE_ICOUNT
early and then remove it as necessary.

Backports commit 416986d3f97329655e30da7271a2d11c6d707b06 from qemu
2019-05-06 00:57:09 -04:00
Richard Henderson 12f9def3a2
tcg: Add CF_LAST_IO + CF_USE_ICOUNT to CF_HASH_MASK
These flags are used by target/*/translate.c,
and affect code generation.

Backports commit 0cf8a44c2f56ba884c2f6db47d27fbb24975daa3 from qemu
2019-05-06 00:53:35 -04:00
Emilio G. Cota b1b069e8ad
cpu-exec: lookup/generate TB outside exclusive region during step_atomic
Now that all code generation has been converted to check CF_PARALLEL, we can
generate !CF_PARALLEL code without having yet set !parallel_cpus --
and therefore without having to be in the exclusive region during
cpu_exec_step_atomic.

While at it, merge cpu_exec_step into cpu_exec_step_atomic.

Backports commit ac03ee5331612e44beb393df2b578c951d27dc0d from qemu
2019-05-06 00:52:43 -04:00
Emilio G. Cota c1e26c4e35
tcg: check CF_PARALLEL instead of parallel_cpus
Thereby decoupling the resulting translated code from the current state
of the system.

The tb->cflags field is not passed to tcg generation functions. So
we add a field to TCGContext, storing there a copy of tb->cflags.

Most architectures have <= 32 registers, which results in a 4-byte hole
in TCGContext. Use this hole for the new field.

Backports commit e82d5a2460b0e176128027651ff9b104e4bdf5cc from qemu
2019-05-06 00:52:08 -04:00
Emilio G. Cota 175a5223ad
target/sparc: check CF_PARALLEL instead of parallel_cpus
Thereby decoupling the resulting translated code from the current state
of the system.

Backports commit 87d757d60d66d5ee1608460b0f1e07e2b758db9c from qemu
2019-05-06 00:43:21 -04:00
Emilio G. Cota 77ccb4918d
target/m68k: check CF_PARALLEL instead of parallel_cpus
Thereby decoupling the resulting translated code from the current state
of the system.

Backports commit f0ddf11b23260f0af84fb529486a8f9ba2d19401 from qemu
2019-05-06 00:42:16 -04:00
Emilio G. Cota ad2a4edd76
target/i386: check CF_PARALLEL instead of parallel_cpus
Thereby decoupling the resulting translated code from the current state
of the system.

Backports commit b5e3b4c2aca8eb5a9cfeedfb273af623f17c3731 from qemu
2019-05-04 22:45:49 -04:00
Emilio G. Cota 1715f382b4
target/arm: check CF_PARALLEL instead of parallel_cpus
Thereby decoupling the resulting translated code from the current state
of the system.

Backports commit 2399d4e7cec22ecf1c51062d2ebfd45220dbaace from qemu
2019-05-04 22:44:32 -04:00
Richard Henderson 4a858100f4
tcg: Include CF_COUNT_MASK in CF_HASH_MASK
Backports commit cdfef1715c779eb528d633e8b76cbc8a10e71ac8 from qemu
2019-05-04 22:31:32 -04:00
Richard Henderson 30c0950567
tcg: Add CPUState cflags_next_tb
We were generating code during tb_invalidate_phys_page_range,
check_watchpoint, cpu_io_recompile, and (seemingly) discarding
the TB, assuming that it would magically be picked up during
the next iteration through the cpu_exec loop.

Instead, record the desired cflags in CPUState so that we request
the proper TB so that there is no more magic.

Backports commit 9b990ee5a3cc6aa38f81266fb0c6ef37a36c45b9 from qemu
2019-05-04 22:30:22 -04:00
Richard Henderson ee1ddf4a92
tcg: define CF_PARALLEL and use it for TB hashing along with CF_COUNT_MASK
This will enable us to decouple code translation from the value
of parallel_cpus at any given time. It will also help us minimize
TB flushes when generating code via EXCP_ATOMIC.

Note that the declaration of parallel_cpus is brought to exec-all.h
to be able to define there the "curr_cflags" inline.

Backports commit 4e2ca83e71b51577b06b1468e836556912bd5b6e from qemu
2019-05-04 22:22:06 -04:00
Lioncash cc37db76b6
tcg: Synchronize with qemu 2019-05-04 21:40:23 -04:00
Daniel P. Berrangé aec899b73e
configure: automatically pick python3 is available
Unless overridden via an env var or configure arg, QEMU will only look
for the 'python' binary in $PATH. This is unhelpful on distros which
are only shipping Python 3.x (eg Fedora) in their default install as,
if they comply with PEP 394, the bare 'python' binary won't exist.

This changes configure so that by default it will search for all three
common python binaries, preferring to find Python 3.x versions.

Backports commit faf441429adfe5767be52c5dcdb8bc03161d064f from qemu
2019-05-03 11:36:36 -04:00
Thomas Huth 73176e89ce
configure: Remove old *-config-devices.mak.d files when running configure
When running "make" in a build directory from the pre-Kconfig merge time,
the build process currently fails with:

make: *** No rule to make target `.../default-configs/pci.mak',
needed by `aarch64-softmmu/config-devices.mak'. Stop.

To make sure that this problem at least goes away when the user runs
"configure" (or "sh config.status") again, we have to make sure that
we re-generate the .mak.d files. Thus remove the old stale files
while running the configure script.

Backports commit 9c79024225af6b3ae04ea2dd94a5e5c4132a9e65 from qemu
2019-05-03 11:33:56 -04:00
Thomas Huth 7107f72cc6
configure: Add -Wno-typedef-redefinition to CFLAGS (for Clang)
Without the -Wno-typedef-redefinition option, clang complains if a typedef
gets redefined in gnu99 mode (since this is officially a C11 feature). This
used to also happen with older versions of GCC, but since we've bumped our
minimum GCC version to 4.8, all versions of GCC that we support do not seem
to issue this warning in gnu99 mode anymore. So this has become a common
problem for people who only test their code with GCC - they do not notice
the issue until they submit their patches and suddenly patchew or a
maintainer complains.

Now that we do not urgently need to keep the code clean from typedef
redefintions anymore with recent versions of GCC, we can ease the
situation with clang, too, and simply shut these warnings off for good.

Backports commit e6e90feedb706b1b92827a5977b37e1e8defb8ef from qemu
2019-05-03 11:33:06 -04:00
Eduardo Habkost 42c35d968a
accel: Remove unused AccelClass::available field
The field is not used anymore, we can remove it.

Backports commit 8d006d4bc2ab4f72877d8bd47cba9aa8d24b54d0 from qemu
2019-05-03 11:31:27 -04:00
Peter Maydell d4549fccfb
target/arm: Enable FPU for Cortex-M4 and Cortex-M33
Enable the FPU by default for the Cortex-M4 and Cortex-M33.

Backports commit 14fd0c31e26b88a2189b3f459b864d5e1faf302a from qemu
2019-04-30 11:29:26 -04:00
Peter Maydell 77ae3982b4
target/arm: Implement VLLDM for v7M CPUs with an FPU
Implement the VLLDM instruction for v7M for the FPU present cas.

Backports commit 956fe143b4f254356496a0a1c479fa632376dfec from qemu
2019-04-30 11:27:54 -04:00
Peter Maydell b483951046
target/arm: Implement VLSTM for v7M CPUs with an FPU
Implement the VLSTM instruction for v7M for the FPU present case.

Backports commit 019076b036da4444494de38388218040d9d3a26c from qemu
2019-04-30 11:25:44 -04:00
Peter Maydell a976d7642a
target/arm: Implement M-profile lazy FP state preservation
The M-profile architecture floating point system supports
lazy FP state preservation, where FP registers are not
pushed to the stack when an exception occurs but are instead
only saved if and when the first FP instruction in the exception
handler is executed. Implement this in QEMU, corresponding
to the check of LSPACT in the pseudocode ExecuteFPCheck().

Backports commit e33cf0f8d8c9998a7616684f9d6aa0d181b88803 from qemu
2019-04-30 11:21:50 -04:00
Peter Maydell 72e5ae480d
target/arm: Add lazy-FP-stacking support to v7m_stack_write()
Pushing registers to the stack for v7M needs to handle three cases:
* the "normal" case where we pend exceptions
* an "ignore faults" case where we set FSR bits but
do not pend exceptions (this is used when we are
handling some kinds of derived exception on exception entry)
* a "lazy FP stacking" case, where different FSR bits
are set and the exception is pended differently

Implement this by changing the existing flag argument that
tells us whether to ignore faults or not into an enum that
specifies which of the 3 modes we should handle.

Backports commit a356dacf647506bccdf8ecd23574246a8bf615ac from qemu
2019-04-30 10:59:53 -04:00
Peter Maydell b1d6bd2792
target/arm: New function armv7m_nvic_set_pending_lazyfp()
In the v7M architecture, if an exception is generated in the process
of doing the lazy stacking of FP registers, the handling of
possible escalation to HardFault is treated differently to the normal
approach: it works based on the saved information about exception
readiness that was stored in the FPCCR when the stack frame was
created. Provide a new function armv7m_nvic_set_pending_lazyfp()
which pends exceptions during lazy stacking, and implements
this logic.

This corresponds to the pseudocode TakePreserveFPException().

Backports the relevant parts of commit
a99ba8ab1601904e0fa20325192fc850362ce80e from qemu
2019-04-30 10:56:54 -04:00
Peter Maydell 3fff653e20
target/arm: New helper function arm_v7m_mmu_idx_all()
Add a new helper function which returns the MMU index to use
for v7M, where the caller specifies all of the security
state, privilege level and whether the execution priority
is negative, and reimplement the existing
arm_v7m_mmu_idx_for_secstate_and_priv() in terms of it.

We are going to need this for the lazy-FP-stacking code.

Backports commit fa6252a988dbe440cd6087bf93cbe0887f0c401b from qemu
2019-04-30 10:54:26 -04:00
Peter Maydell 719231b4c0
target/arm: Activate M-profile floating point context when FPCCR.ASPEN is set
The M-profile FPCCR.ASPEN bit indicates that automatic floating-point
context preservation is enabled. Before executing any floating-point
instruction, if FPCCR.ASPEN is set and the CONTROL FPCA/SFPA bits
indicate that there is no active floating point context then we
must create a new context (by initializing FPSCR and setting
FPCA/SFPA to indicate that the context is now active). In the
pseudocode this is handled by ExecuteFPCheck().

Implement this with a new TB flag which tracks whether we
need to create a new FP context.

Backports commit 6000531e19964756673a5f4b694a649ef883605a from qemu
2019-04-30 10:51:31 -04:00
Peter Maydell 87c8c0fde7
target/arm: Set FPCCR.S when executing M-profile floating point insns
The M-profile FPCCR.S bit indicates the security status of
the floating point context. In the pseudocode ExecuteFPCheck()
function it is unconditionally set to match the current
security state whenever a floating point instruction is
executed.

Implement this by adding a new TB flag which tracks whether
FPCCR.S is different from the current security state, so
that we only need to emit the code to update it in the
less-common case when it is not already set correctly.

Note that we will add the handling for the other work done
by ExecuteFPCheck() in later commits.

Backports commit 6d60c67a1a03be32c3342aff6604cdc5095088d1 from qemu
2019-04-30 10:50:17 -04:00
Peter Maydell 8d726490ff
target/arm: Overlap VECSTRIDE and XSCALE_CPAR TB flags
We are close to running out of TB flags for AArch32; we could
start using the cs_base word, but before we do that we can
economise on our usage by sharing the same bits for the VFP
VECSTRIDE field and the XScale XSCALE_CPAR field. This
works because no XScale CPU ever had VFP.

Backports commit ea7ac69d124c94c6e5579145e727adec9ccbefef from qemu
2019-04-30 10:45:14 -04:00
Peter Maydell 3c1f3548c4
target/arm: Move NS TBFLAG from bit 19 to bit 6
Move the NS TBFLAG down from bit 19 to bit 6, which has not
been used since commit c1e3781090b9d36c60 in 2015, when we
started passing the entire MMU index in the TB flags rather
than just a 'privilege level' bit.

This rearrangement is not strictly necessary, but means that
we can put M-profile-only bits next to each other rather
than scattered across the flag word.

Backports commit 7fbb535f7aeb22896fedfcf18a1eeff48165f1d7 from qemu
2019-04-30 10:41:04 -04:00
Peter Maydell 86776d451e
target/arm: Handle floating point registers in exception return
Handle floating point registers in exception return.
This corresponds to pseudocode functions ValidateExceptionReturn(),
ExceptionReturn(), PopStack() and ConsumeExcStackFrame().

Backports commit 6808c4d2d2826920087533f517472c09edc7b0d2 from qemu
2019-04-30 10:40:12 -04:00
Peter Maydell 2244bb085a
target/arm: Allow for floating point in callee stack integrity check
The magic value pushed onto the callee stack as an integrity
check is different if floating point is present.

Backports commit 0dc51d66fcfcc4c72011cdafb401fd876ca216e7 from qemu
2019-04-30 10:36:58 -04:00
Peter Maydell 746d377221
target/arm: Clean excReturn bits when tail chaining
The TailChain() pseudocode specifies that a tail chaining
exception should sanitize the excReturn all-ones bits and
(if there is no FPU) the excReturn FType bits; we weren't
doing this.

Backports commit 60fba59a2f9a092a44b688df5d058cdd6dd9c276 from qemu
2019-04-30 10:35:36 -04:00
Peter Maydell ca0ac5dca9
target/arm: Clear CONTROL.SFPA in BXNS and BLXNS
For v8M floating point support, transitions from Secure
to Non-secure state via BLNS and BLXNS must clear the
CONTROL.SFPA bit. (This corresponds to the pseudocode
BranchToNS() function.)

Backports commit 3cd6726f0ba7cc77342ee721bd86094e13b2a42a from qemu
2019-04-30 10:33:25 -04:00
Peter Maydell c7f5633cfe
target/arm: Implement v7m_update_fpccr()
Implement the code which updates the FPCCR register on an
exception entry where we are going to use lazy FP stacking.
We have to defer to the NVIC to determine whether the
various exceptions are currently ready or not.

Backports commit b593c2b81287040ab6f452afec6281e2f7ee487b from qemu
2019-04-30 10:32:12 -04:00
Peter Maydell 065e60503f
target/arm: Handle floating point registers in exception entry
Handle floating point registers in exception entry.
This corresponds to the FP-specific parts of the pseudocode
functions ActivateException() and PushStack().

We defer the code corresponding to UpdateFPCCR() to a later patch.

Backports commit 0ed377a8013f40653a83f6ad2c9693897522d7dc from qemu
2019-04-30 10:25:23 -04:00
Peter Maydell c164a9f191
target/arm/helper: don't return early for STKOF faults during stacking
Currently the code in v7m_push_stack() which detects a violation
of the v8M stack limit simply returns early if it does so. This
is OK for the current integer-only code, but won't work for the
floating point handling we're about to add. We need to continue
executing the rest of the function so that we check for other
exceptions like not having permission to use the FPU and so
that we correctly set the FPCCR state if we are doing lazy
stacking. Refactor to avoid the early return.

Backports commit 3432c79a4e7345818d2defcf9e61a1bcb2907f9f from qemu
2019-04-30 10:22:36 -04:00
Peter Maydell 05add081a3
target/arm: Handle SFPA and FPCA bits in reads and writes of CONTROL
The M-profile CONTROL register has two bits -- SFPA and FPCA --
which relate to floating-point support, and should be RES0 otherwise.
Handle them correctly in the MSR/MRS register access code.
Neither is banked between security states, so they are stored
in v7m.control[M_REG_S] regardless of current security state.

Backports commit 2e1c5bcd32014c9ede1b604ae6c2c653de17fc53 from qemu
2019-04-30 10:21:24 -04:00
Peter Maydell c0cebeb5b5
target/arm: Clear CONTROL_S.SFPA in SG insn if FPU present
If the floating point extension is present, then the SG instruction
must clear the CONTROL_S.SFPA bit. Implement this.

(On a no-FPU system the bit will always be zero, so we don't need
to make the clearing of the bit conditional on ARM_FEATURE_VFP.)

Backports commit 1702071302934af77a072b7ee7c5eadc45b37573 from qemu
2019-04-30 10:20:45 -04:00
Peter Maydell 89baa5cffa
target/arm: Decode FP instructions for M profile
Correct the decode of the M-profile "coprocessor and
floating-point instructions" space:
* op0 == 0b11 is always unallocated
* if the CPU has an FPU then all insns with op1 == 0b101
are floating point and go to disas_vfp_insn()

For the moment we leave VLLDM and VLSTM as NOPs; in
a later commit we will fill in the proper implementation
for the case where an FPU is present.

Backports commit 8859ba3c9625e7ceb5599f457a344bcd7c5e112b from qemu
2019-04-30 10:19:45 -04:00
Peter Maydell 18bb21c035
target/arm: Honour M-profile FP enable bits
Like AArch64, M-profile floating point has no FPEXC enable
bit to gate floating point; so always set the VFPEN TB flag.

M-profile also has CPACR and NSACR similar to A-profile;
they behave slightly differently:
* the CPACR is banked between Secure and Non-Secure
* if the NSACR forces a trap then this is taken to
the Secure state, not the Non-Secure state

Honour the CPACR and NSACR settings. The NSACR handling
requires us to borrow the exception.target_el field
(usually meaningless for M profile) to distinguish the
NOCP UsageFault taken to Secure state from the more
usual fault taken to the current security state.

Backports commit d87513c0abcbcd856f8e1dee2f2d18903b2c3ea2 from qemu
2019-04-30 10:18:21 -04:00
Peter Maydell c6bb8d483d
target/arm: Disable most VFP sysregs for M-profile
The only "system register" that M-profile floating point exposes
via the VMRS/VMRS instructions is FPSCR, and it does not have
the odd special case for rd==15. Add a check to ensure we only
expose FPSCR.

Backports commit ef9aae2522c22c05df17dd898099dd5c3f20d688 from qemu
2019-04-30 10:15:25 -04:00
Peter Maydell a4f332f3e9
target/arm: Implement dummy versions of M-profile FP-related registers
The M-profile floating point support has three associated config
registers: FPCAR, FPCCR and FPDSCR. It also makes the registers
CPACR and NSACR have behaviour other than reads-as-zero.
Add support for all of these as simple reads-as-written registers.
We will hook up actual functionality later.

The main complexity here is handling the FPCCR register, which
has a mix of banked and unbanked bits.

Note that we don't share storage with the A-profile
cpu->cp15.nsacr and cpu->cp15.cpacr_el1, though the behaviour
is quite similar, for two reasons:
* the M profile CPACR is banked between security states
* it preserves the invariant that M profile uses no state
inside the cp15 substruct

Backports commit d33abe82c7c9847284a23e575e1078cccab540b5 from qemu
2019-04-30 10:13:41 -04:00
Peter Maydell 978cd9c524
target/arm: Make sure M-profile FPSCR RES0 bits are not settable
Enforce that for M-profile various FPSCR bits which are RES0 there
but have defined meanings on A-profile are never settable. This
ensures that M-profile code can't enable the A-profile behaviour
(notably vector length/stride handling) by accident.

Backports commit 5bcf8ed9401e62c73158ba110864ee1375558bf7 from qemu
2019-04-30 10:12:17 -04:00