Commit graph

5385 commits

Author SHA1 Message Date
Richard Henderson 6c4a3fd06f cputlb: Fold TLB_RECHECK into TLB_INVALID_MASK
We had two different mechanisms to force a recheck of the tlb.

Before TLB_RECHECK was introduced, we had a PAGE_WRITE_INV bit
that would immediate set TLB_INVALID_MASK, which automatically
means that a second check of the tlb entry fails.

We can use the same mechanism to handle small pages.
Conserve TLB_* bits by removing TLB_RECHECK.

Backports commit 30d7e098d5c38644359820317fcf72e3e129ec53 from qemu
2020-01-14 06:20:33 -05:00
David Hildenbrand f7b61b95f0 tcg: Factor out CONFIG_USER_ONLY probe_write() from s390x code
Factor it out into common code. Similar to the !CONFIG_USER_ONLY variant,
let's not allow to cross page boundaries.

Backports commit 59e96ac6cb13951dd09afc70622858089abf3384 from qemu
2020-01-12 10:27:49 -05:00
Richard Henderson bb313206e5 cputlb: Remove double-alignment in store_helper
We have already aligned page2 to the start of the next page.
There is no reason to do that a second time.

Backports commit 5787585d0406cfd54dda0c71ea1a603347ce6e71 from qemu
2020-01-12 10:25:13 -05:00
Richard Henderson 6990b212e3 cputlb: Fix size operand for tlb_fill on unaligned store
We are currently passing the size of the full write to
the tlb_fill for the second page. Instead pass the real
size of the write to that page.

This argument is unused within all tlb_fill, except to be
logged via tracing, so in practice this makes no difference.

But in a moment we'll need the value of size2 for watchpoints,
and if we've computed the value we might as well use it.

Backports commit 8f7cd2ad4acd01242d00807e231097b3de9f0930 from qemu
2020-01-12 06:17:09 -05:00
Tony Nguyen 15eb165995 target/sparc: sun4u Invert Endian TTE bit
This bit configures endianness of PCI MMIO devices. It is used by
Solaris and OpenBSD sunhme drivers.

Tested working on OpenBSD.

Unfortunately Solaris 10 had a unrelated keyboard issue blocking
testing... another inch towards Solaris 10 on SPARC64 =)

Backports commit ccdb4c5535f41ee4da2ef158f58fca0327e50dab from qemu
2020-01-07 19:21:30 -05:00
Tony Nguyen 7eea07fe55 target/sparc: Add TLB entry with attributes
Append MemTxAttrs to interfaces so we can pass along up coming Invert
Endian TTE bit on SPARC64.

Backports commit 9bed46e67e2ee54bc596ba58063ee71a5ca40923 from qemu
2020-01-07 19:19:30 -05:00
Tony Nguyen a95927de1d cputlb: Byte swap memory transaction attribute
Notice new attribute, byte swap, and force the transaction through the
memory slow path.

Required by architectures that can invert endianness of memory
transaction, e.g. SPARC64 has the Invert Endian TTE bit.

Backports commit a26fc6f5152b47f1d7ed928f9c9d462d01ff1624 from qemu
2020-01-07 19:15:33 -05:00
Tony Nguyen 103d6f51c8 memory: Single byte swap along the I/O path
Now that MemOp has been pushed down into the memory API, and
callers are encoding endianness, we can collapse byte swaps
along the I/O path into the accelerator and target independent
adjust_endianness.

Collapsing byte swaps along the I/O path enables additional endian
inversion logic, e.g. SPARC64 Invert Endian TTE bit, with redundant
byte swaps cancelling out.

Backports commit 9bf825bf3df4ebae3af51566c8088e3f1249a910 from qemu
2020-01-07 19:12:04 -05:00
Tony Nguyen ad8957a4c3 cputlb: Replace size and endian operands for MemOp
Preparation for collapsing the two byte swaps adjust_endianness and
handle_bswap into the former.

Backports commit be5c4787e9a6eed12fd765d9e890f7cc6cd63220 from qemu
2020-01-07 19:03:51 -05:00
Tony Nguyen da98d0da4e memory: Access MemoryRegion with endianness
Preparation for collapsing the two byte swaps adjust_endianness and
handle_bswap into the former.

Call memory_region_dispatch_{read|write} with endianness encoded into
the "MemOp op" operand.

This patch does not change any behaviour as
memory_region_dispatch_{read|write} is yet to handle the endianness.

Once it does handle endianness, callers with byte swaps can collapse
them into adjust_endianness.

Backports commit d5d680cacc66ef7e3c02c81dc8f3a34eabce6dfe from qemu
2020-01-07 18:54:11 -05:00
Tony Nguyen b335c4756a exec: Hard code size with MO_{8|16|32|64}
Temporarily no-op size_memop was introduced to aid the conversion of
memory_region_dispatch_{read|write} operand "unsigned size" into
"MemOp op".

Now size_memop is implemented, again hard coded size but with
MO_{8|16|32|64}. This is more expressive and avoids size_memop calls.

Backports commit 07f0834f264a79d6225202bd35ca37f74afb8df1 from qemu
2020-01-07 18:33:15 -05:00
Tony Nguyen cb5688009e target/mips: Hard code size with MO_{8|16|32|64}
Temporarily no-op size_memop was introduced to aid the conversion of
memory_region_dispatch_{read|write} operand "unsigned size" into
"MemOp op".

Now size_memop is implemented, again hard coded size but with
MO_{8|16|32|64}. This is more expressive and avoids size_memop calls.

Backports commit 4574664677116dedb29b12150137f3888374a857 from qemu
2020-01-07 18:30:39 -05:00
Tony Nguyen 435d2e5c67 memory: Access MemoryRegion with MemOp
Convert memory_region_dispatch_{read|write} operand "unsigned size"
into a "MemOp op".

Backports commit e67c904668d82ca4416cd91d37d9f5abcceef747 from qemu
2020-01-07 18:29:27 -05:00
Tony Nguyen 3b777a2332 cputlb: Access MemoryRegion with MemOp
The memory_region_dispatch_{read|write} operand "unsigned size" is
being converted into a "MemOp op".

Convert interfaces by using no-op size_memop.

After all interfaces are converted, size_memop will be implemented
and the memory_region_dispatch_{read|write} operand "unsigned size"
will be converted into a "MemOp op".

As size_memop is a no-op, this patch does not change any behaviour.

Backports commit 4cbb198eefef41bbca703605c78875fd4fec6ef6 from qemu
2020-01-07 18:26:29 -05:00
Tony Nguyen ab64c53bd0 exec: Access MemoryRegion with MemOp
The memory_region_dispatch_{read|write} operand "unsigned size" is
being converted into a "MemOp op".

Convert interfaces by using no-op size_memop.

After all interfaces are converted, size_memop will be implemented
and the memory_region_dispatch_{read|write} operand "unsigned size"
will be converted into a "MemOp op".

As size_memop is a no-op, this patch does not change any behaviour.

Backports commit 3d9e7c3e7bf11962e1100d077e46f93f780b7310 from qemu
2020-01-07 18:25:19 -05:00
Tony Nguyen 7e9a1641c2 target/mips: Access MemoryRegion with MemOp
The memory_region_dispatch_{read|write} operand "unsigned size" is
being converted into a "MemOp op".

Convert interfaces by using no-op size_memop.

After all interfaces are converted, size_memop will be implemented
and the memory_region_dispatch_{read|write} operand "unsigned size"
will be converted into a "MemOp op".

As size_memop is a no-op, this patch does not change any behaviour.

Backports commit e501824b3f3b3650e7cb8a509064cac01bc27c82 from qemu
2020-01-07 18:21:31 -05:00
Tony Nguyen dd78f65bc6 memory: Introduce size_memop
Introduce no-op size_memop to aid preparatory conversion of
interfaces.

Once interfaces are converted, size_memop will be implemented to
return a MemOp from size in bytes.

Backports commit 66b9b24375ac215cdcbdf9e14d665395360abff4 from qemu
2020-01-07 18:19:35 -05:00
Niek Linnenbank 998714db1f arm/arm-powerctl: set NSACR.{CP11, CP10} bits in arm_set_cpu_on()
This change ensures that the FPU can be accessed in Non-Secure mode
when the CPU core is reset using the arm_set_cpu_on() function call.
The NSACR.{CP11,CP10} bits define the exception level required to
access the FPU in Non-Secure mode. Without these bits set, the CPU
will give an undefined exception trap on the first FPU access for the
secondary cores under Linux.

This is necessary because in this power-control codepath QEMU
is effectively emulating a bit of EL3 firmware, and has to set
the CPU up as the EL3 firmware would.

Fixes: fc1120a7f5

Backports commit 0c7f8c43daf6556078e51de98aa13f069e505985 from qemu
2020-01-07 18:10:29 -05:00
Marc Zyngier 9c3e512479 target/arm: Add support for missing Jazelle system registers
QEMU lacks the minimum Jazelle implementation that is required
by the architecture (everything is RAZ or RAZ/WI). Add it
together with the HCR_EL2.TID0 trapping that goes with it.

Backports commit f96f3d5f09973ef40f164cf2d5fd98ce5498b82a from qemu
2020-01-07 18:09:13 -05:00
Marc Zyngier 457934855b target/arm: Handle AArch32 CP15 trapping via HSTR_EL2
HSTR_EL2 offers a way to trap ranges of CP15 system register
accesses to EL2, and it looks like this register is completely
ignored by QEMU.

To avoid adding extra .accessfn filters all over the place (which
would have a direct performance impact), let's add a new TB flag
that gets set whenever HSTR_EL2 is non-zero and that QEMU translates
a context where this trap has a chance to apply, and only generate
the extra access check if the hypervisor is actively using this feature.

Tested with a hand-crafted KVM guest accessing CBAR.

Backports commit 5bb0a20b74ad17dee5dae38e3b8b70b383ee7c2d from qemu
2020-01-07 18:07:21 -05:00
Marc Zyngier 868de52f69 target/arm: Handle trapping to EL2 of AArch32 VMRS instructions
HCR_EL2.TID3 requires that AArch32 reads of MVFR[012] are trapped to
EL2, and HCR_EL2.TID0 does the same for reads of FPSID.
In order to handle this, introduce a new TCG helper function that
checks for these control bits before executing the VMRC instruction.

Tested with a hacked-up version of KVM/arm64 that sets the control
bits for 32bit guests.

Backports commit 9ca1d776cb49c09b09579d9edd0447542970c834 from qemu
2020-01-07 18:04:16 -05:00
Marc Zyngier 51062d3fc2 target/arm: Honor HCR_EL2.TID1 trapping requirements
HCR_EL2.TID1 mandates that access from EL1 to REVIDR_EL1, AIDR_EL1
(and their 32bit equivalents) as well as TCMTR, TLBTR are trapped
to EL2. QEMU ignores it, making it harder for a hypervisor to
virtualize the HW (though to be fair, no known hypervisor actually
cares).

Do the right thing by trapping to EL2 if HCR_EL2.TID1 is set.

Backports commit 93fbc983b29a2eb84e2f6065929caf14f99c3681 from qemu
2020-01-07 18:00:01 -05:00
Marc Zyngier d1e981c44b target/arm: Honor HCR_EL2.TID2 trapping requirements
HCR_EL2.TID2 mandates that access from EL1 to CTR_EL0, CCSIDR_EL1,
CCSIDR2_EL1, CLIDR_EL1, CSSELR_EL1 are trapped to EL2, and QEMU
completely ignores it, making it impossible for hypervisors to
virtualize the cache hierarchy.

Do the right thing by trapping to EL2 if HCR_EL2.TID2 is set.

Backports commit 630fcd4d2ba37050329e0adafdc552d656ebe2f3 from qemu
2020-01-07 17:55:40 -05:00
Christophe Lyon 1df67780cd target/arm: Add support for cortex-m7 CPU
This is derived from cortex-m4 description, adding DP support and FPv5
instructions with the corresponding flags in isar and mvfr2.

Checked that it could successfully execute
vrinta.f32 s15, s15
while cortex-m4 emulation rejects it with "illegal instruction".

Backports commit cf7beda5072e106ddce875c1996446540c5fe239 from qemu
2020-01-07 17:52:27 -05:00
Peter Maydell 4fdf05f89e Open 5.0 development tree
Backports commit ba9975025ecc85cc2a137636e667dd22a7ae3848 from qemu
2020-01-07 17:50:51 -05:00
Peter Maydell 980b9657f5 Update version for v4.2.0 release
Backports commit b0ca999a43a22b38158a222233d3f5881648bb4f from qemu
2020-01-07 17:50:25 -05:00
Peter Maydell 8002c5cb46 Update version for v4.2.0-rc5 release
Backports commit 52901abf94477b400cf88c1f70bb305e690ba2de from qemu.
2020-01-07 17:49:49 -05:00
Peter Maydell 96a92c3be3 Update version for v4.2.0-rc4 release
Backports commit 1bdc319ab5d289ce6b822e06fb2b13666fd9278e from qemu
2020-01-07 17:49:16 -05:00
Peter Maydell 7f4ea3b98f
Update version for v4.2.0-rc3 release
Backports commit 1a61a081ac33ae6cb7dd2e38d119a572f416c7f7 from qemu
2019-11-28 03:47:54 -05:00
Marc Zyngier 145d58c367
target/arm: Honor HCR_EL2.TID3 trapping requirements
HCR_EL2.TID3 mandates that access from EL1 to a long list of id
registers traps to EL2, and QEMU has so far ignored this requirement.

This breaks (among other things) KVM guests that have PtrAuth enabled,
while the hypervisor doesn't want to expose the feature to its guest.
To achieve this, KVM traps the ID registers (ID_AA64ISAR1_EL1 in this
case), and masks out the unsupported feature.

QEMU not honoring the trap request means that the guest observes
that the feature is present in the HW, starts using it, and dies
a horrible death when KVM injects an UNDEF, because the feature
*really* isn't supported.

Do the right thing by trapping to EL2 if HCR_EL2.TID3 is set.

Note that this change does not include trapping of the MVFR
registers from AArch32 (they are accessed via the VMRS
instruction and need to be handled in a different way).

Backports commit 6a4ef4e5d1084ce41fafa7d470a644b0fd3d9317 from qemu
2019-11-28 03:46:32 -05:00
Marc Zyngier 2e8c8b5a7c
target/arm: Fix ISR_EL1 tracking when executing at EL2
The ARMv8 ARM states when executing at EL2, EL3 or Secure EL1,
ISR_EL1 shows the pending status of the physical IRQ, FIQ, or
SError interrupts.

Unfortunately, QEMU's implementation only considers the HCR_EL2
bits, and ignores the current exception level. This means a hypervisor
trying to look at its own interrupt state actually sees the guest
state, which is unexpected and breaks KVM as of Linux 5.3.

Instead, check for the running EL and return the physical bits
if not running in a virtualized context.

Backports commit 7cf95aed53c8770a338617ef40d5f37d2c197853 from qemu
2019-11-28 03:41:38 -05:00
Jean-Hugues Deschênes a2194585bb
target/arm: Fix handling of cortex-m FTYPE flag in EXCRET
According to the PushStack() pseudocode in the armv7m RM,
bit 4 of the LR should be set to NOT(CONTROL.PFCA) when
an FPU is present. Current implementation is doing it for
armv8, but not for armv7. This patch makes the existing
logic applicable to both code paths.

Backports commit f900b1e5b087a02199fbb6de7038828008e9e419 from qemu
2019-11-28 03:40:37 -05:00
Lioncash eadeae183d
target/arm: Amend bad merge 2019-11-28 03:29:56 -05:00
Richard Henderson f2ec6bc22d
target/arm: Support EL0 v7m msr/mrs for CONFIG_USER_ONLY
Simply moving the non-stub helper_v7m_mrs/msr outside of
!CONFIG_USER_ONLY is not an option, because of all of the
other system-mode helpers that are called.

But we can split out a few subroutines to handle the few
EL0 accessible registers without duplicating code.

Backports commit 04c9c81b8fa2ee33f59a26265700fae6fc646062 from qemu
2019-11-28 03:29:46 -05:00
Richard Henderson df5929cb69
target/arm: Relax r13 restriction for ldrex/strex for v8.0
Armv8-A removes UNPREDICTABLE for R13 for these cases.

Backports commit d46ad79efac7aaf9f0eb9f5a96a576e9f39200e0 from qemu
2019-11-28 03:29:31 -05:00
Richard Henderson fa7a6a5d91
target/arm: Do not reject rt == rt2 for strexd
There was too much cut and paste between ldrexd and strexd,
as ldrexd does prohibit two output registers the same.

Fixes: af288228995

Backports commit 655b02646dc175dc10666459b0a1e4346fc8d46a from qemu
2019-11-28 03:29:18 -05:00
Lioncash 28e90d563a
memory: Delete memory region subregions
Allows for more graceful teardown of unicorn.
2019-11-28 03:03:11 -05:00
Tony Nguyen f75368cd0f
tcg: TCGMemOp is now accelerator independent MemOp
Preparation for collapsing the two byte swaps, adjust_endianness and
handle_bswap, along the I/O path.

Target dependant attributes are conditionalized upon NEED_CPU_H.

Backports commit 14776ab5a12972ea439c7fb2203a4c15a09094b4 from qemu
2019-11-28 03:01:12 -05:00
Peter Maydell 77d90985cc
target/sparc: Switch to do_transaction_failed() hook
Switch the SPARC target from the old unassigned_access hook to the
new do_transaction_failed hook.

This will cause the "if transaction failed" code paths added in
the previous commits to become active if the access is to an
unassigned address. In particular we'll now handle bus errors
during page table walks correctly (generating a translation
error with the right kind of fault status).

Backports commit f8c3db33a5e863291182f8862ddf81618a7c6194 from qemu
2019-11-28 02:56:50 -05:00
Peter Maydell 47dd9a5286
target/sparc: Remove unused ldl_phys from dump_mmu()
The dump_mmu() function does a ldl_phys() at the start, but
then never uses the value it loads at all. Remove the
unused code.

Backports commit 9dffeec2e003a482ca858a887d3454c6bebed91e from qemu
2019-11-28 02:56:39 -05:00
Peter Maydell 7d2ca16d7f
target/sparc: Handle bus errors in mmu_probe()
Convert the mmu_probe() function to using address_space_ldl()
rather than ldl_phys(), so we can explicitly detect memory
transaction failures.

This makes no practical difference at the moment, because
ldl_phys() will return 0 on a transaction failure, and we
treat transaction failures and 0 PDEs identically. However
the spec says that MMU probe operations are supposed to
update the fault status registers, and if we ever implement
that we'll want to distinguish the difference. For the
moment, just add a TODO comment about the bug.

Backports commit d86a9ad33c75ed795f09fb43243d0acecd583f24 from qemu
2019-11-28 02:56:32 -05:00
Peter Maydell 0d6cada970
target/sparc: Correctly handle bus errors in page table walks
Currently we use the ldl_phys() function to read page table entries.
With the unassigned_access hook in place, if these hit an unassigned
area of memory then the hook will cause us to wrongly generate
an exception with a fault address matching the address of the
page table entry.

Change to using address_space_ldl() so we can detect and correctly
handle bus errors and give them their correct behaviour of
causing a translation error with a suitable fault status register.

Note that this won't actually take effect until we switch the
over to using the do_translation_failed hook.

Backports commit 3c818dfcc271f5ba298b06f33466ab30f9a28349 from qemu
2019-11-28 02:56:25 -05:00
Peter Maydell 13ed49dd35
target/sparc: Check for transaction failures in MXCC stream ASI accesses
Currently the ld/st_asi helper functions make calls to the
ld*_phys() and st*_phys() functions for those ASIs which
imply direct accesses to physical addresses. These implicitly
rely on the unassigned_access hook to cause them to generate
an MMU fault if the access fails.

Switch to using the address_space_* functions instead, which
return a MemTxResult that we can check. This means that when
we switch SPARC over to using the do_transaction_failed hook
we'll still get the same MMU faults we did before.

This commit converts the ASIs which do MXCC stream source
and destination accesses.

It's not clear to me whether raising an MMU fault like this
is the correct behaviour if we encounter a bus error, but
we retain the same behaviour that the old unassigned_access
hook would implement.

Backports commit 776095d3cd751a58469b68f652c1ab6785f63652 from qemu
2019-11-28 02:56:17 -05:00
Peter Maydell a9e087b252
target/sparc: Check for transaction failures in MMU passthrough ASIs
Currently the ld/st_asi helper functions make calls to the
ld*_phys() and st*_phys() functions for those ASIs which
imply direct accesses to physical addresses. These implicitly
rely on the unassigned_access hook to cause them to generate
an MMU fault if the access fails.

Switch to using the address_space_* functions instead, which
return a MemTxResult that we can check. This means that when
we switch SPARC over to using the do_transaction_failed hook
we'll still get the same MMU faults we did before.

This commit converts the ASIs which do "MMU passthrough".

Backports commit b9f5fdad49c74583dcf9fcba0805b148e3992e13 from qemu
2019-11-28 02:56:11 -05:00
Peter Maydell 0b48392779
target/sparc: Factor out the body of sparc_cpu_unassigned_access()
Currently the SPARC target uses the old-style do_unassigned_access
hook. We want to switch it over to do_transaction_failed, but to do
this we must first remove all the direct calls in ldst_helper.c to
cpu_unassigned_access(). Factor out the body of the hook function's
code into a new sparc_raise_mmu_fault() and call it from the hook and
from the various places that used to call cpu_unassigned_access().

In passing, this fixes a bug where the code that raised the
MMU exception was directly calling GETPC() from a function that
was several levels deep in the callstack from the original
helper function: the new sparc_raise_mmu_fault() instead takes
the return address as an argument.

Other than the use of retaddr rather than GETPC() and a comment
format fixup, the body of the new function has no changes from
that of the old hook function.

Backports commit c9d793f44620a4793239da73f67758ce5f5ba5d0 from qemu
2019-11-28 02:56:05 -05:00
Wei Yang 813ec29d3c
exec.c: add a check between constants to see whether we could skip
The maximum level is defined as P_L2_LEVELS and skip is defined with 6
bits, which means if P_L2_LEVELS < (1 << 6), skip never exceeds the
boundary.

Since this check is between two constants, which leverages compiler
to optimize the code based on different configuration.

Backports commit 526ca2360ea1cd947f74c8c6c38b91b9d6fcfdb5 from qemu
2019-11-28 02:55:42 -05:00
Wei Yang 623632f3ac
exec.c: correct the maximum skip value during compact
skip is defined with 6 bits. So the maximum value should be (1 << 6).

Backports commit 26ca2075babd7775e246b9eb7da75d6de77eb658 from qemu
2019-11-28 02:55:31 -05:00
Wei Yang 2e55ddd339
exec.c: subpage->sub_section is already initialized to 0
In subpage_init(), we will set subpage->sub_section to
PHYS_SECTION_UNASSIGNED by subpage_register. Since
PHYS_SECTION_UNASSIGNED is defined to be 0, and we allocate subpage with
g_malloc0, this means subpage->sub_section is already initialized to 0.

This patch removes the redundant setup for a new subpage and also fix
the code style.

Backports commit b797ab1a15ba8d2b2fc4ec3e1f24d755f6855d05 from qemu
2019-11-28 02:55:23 -05:00
Wei Yang ef3cf096e7
exec.c: get nodes_nb_alloc with one MAX calculation
The purpose of these two MAX here is to get the maximum of these three
variables:

A: map->nodes_nb + nodes
B: map->nodes_nb_alloc
C: alloc_hint

We can write it like MAX(A, B, C). Since the if condition says A > B,
this means MAX(A, B, C) = MAX(A, C).

This patch just simplify the calculation a bit.

Backports commit c95cfd040078db8017f74fd3a4d6f798385d960c from qemu
2019-11-28 02:55:16 -05:00
Wei Yang 4274315278
exec.c: replace hwaddr with uint64_t for better understanding
Function phys_page_set() and phys_page_set_level() 's argument *nb*
stands for number of pages to set instead of hardware address.

This would be more proper to use uint64_t instead of hwaddr for its
type.

Backports commit 56b15076805a29673c1a90ea9c3ebef25bfcc912 from qemu
2019-11-28 02:55:08 -05:00
Peter Maydell 2faffb5af1
target/mips: Switch to do_transaction_failed() hook
Switch the MIPS target from the old unassigned_access hook to the new
do_transaction_failed hook.

Unlike the old hook, do_transaction_failed is only ever called from
the TCG memory access paths, so there is no need for the "ignore this
if we're using KVM" hack that we were previously using to work around
the way unassigned_access was called for all kinds of memory accesses
to unassigned physical addresses.

The MIPS target does not ever do direct memory reads by physical
address (via either ldl_phys etc or address_space_ldl etc), so the
only memory accesses this affects are the 'normal' guest loads and
stores, which will be handled by the new hook; their behaviour is
unchanged.

Backports commit 4f02a06d50ef0081089ed8cb3ec7c7986e3c95f8 from qemu
2019-11-28 02:54:53 -05:00
Daniel P. Berrangé 3c0bab6b11
docs: split the CODING_STYLE doc into distinct groups
Backports commit 9f8efa74d3f1cb9ceeee957ee382c2b4feb2ae30 from qemu
2019-11-28 02:54:44 -05:00
Daniel P. Berrangé 1862005570
docs: document use of automatic cleanup functions in glib
Document the use of g_autofree and g_autoptr in glib for automatic
freeing of memory.

Backports commit 821f2967562a1fdc7e52a644963163e6917c4293 from qemu
2019-11-28 02:54:35 -05:00
Daniel P. Berrangé e5c17018be
docs: merge HACKING.rst contents into CODING_STYLE.rst
The split of information between the two docs is rather arbitary and
unclear. It is simpler for contributors if all the information is in
one file.

Backports commit 637f39568fc0bd9848fd9d225d52ab0c4c443ed3 from qemu
2019-11-28 02:54:24 -05:00
Daniel P. Berrangé d37daf38a8
docs: convert README, CODING_STYLE and HACKING to RST syntax
Backports commit 336a7451e8803c21a2da6e7d1eca8cfb8e8b219a from qemu
2019-11-28 02:54:16 -05:00
Richard Henderson 654aaf9ebe
target/arm: Inline gen_bx_im into callers
There are only two remaining uses of gen_bx_im. In each case, we
know the destination mode -- not changing in the case of gen_jmp
or changing in the case of trans_BLX_i. Use this to simplify the
surrounding code.

For trans_BLX_i, use gen_jmp for the actual branch. For gen_jmp,
use gen_set_pc_im to set up the single-step.

Backports commit eac2f39602e0423adf56be410c9a22c31fec9a81 from qemu
2019-11-28 02:54:09 -05:00
Richard Henderson e61ca839d3
target/arm: Clean up disas_thumb_insn
Now that everything is converted, remove the rest of
the legacy decode.

Backports commit 0831403b08122b5bf801b0e3469cc63f019f60f0 from qemu
2019-11-28 02:53:59 -05:00
Richard Henderson a91de478cc
target/arm: Convert T16, long branches
Backports commit 67b54c554b39fd24f0c3aabc546e83b3082ee7ff from qemu
2019-11-28 02:53:54 -05:00
Richard Henderson 8d2fe3f6db
target/arm: Convert T16, Unconditional branch
Backports commit 8d4a4dc849a28aded8f335a25b223e8e3391b6f2 from qemu
2019-11-28 02:53:46 -05:00
Richard Henderson 482799d456
target/arm: Convert T16, Unconditional branch
Backports commit 8d4a4dc849a28aded8f335a25b223e8e3391b6f2 from qemu
2019-11-28 02:53:35 -05:00
Richard Henderson 2bc615157d
target/arm: Convert T16, load (literal)
Backports commit 46beb58efbb8a2a32f601a041aa22801a3138ece from qemu
2019-11-28 02:53:27 -05:00
Richard Henderson fad910c50b
target/arm: Convert T16, shift immediate
Backports commit 151c2f2841b01bf6fef079c9f1db15a86cae8276 from qemu
2019-11-28 02:53:18 -05:00
Richard Henderson ee96ab9ea9
target/arm: Convert T16, Miscellaneous 16-bit instructions
Backports commit 43f7e42c7d515f41ff243034f51b28267ae69938 from qemu
2019-11-28 02:53:08 -05:00
Richard Henderson dec55633dc
target/arm: Convert T16, Conditional branches, Supervisor call
Backports commit 629fcaa71ca9a5d6695d1664257b6a5327f38bd6 from qemu
2019-11-28 02:53:01 -05:00
Richard Henderson 336d6b3625
target/arm: Convert T16, push and pop
Backports commit 564b125fb9dec77e5bca9b4590786985ccc3d6cb from qemu
2019-11-28 02:52:44 -05:00
Richard Henderson 25d1de9005
target/arm: Split gen_nop_hint
Now that all callers pass a constant value, split the switch
statement into the individual trans_* functions.

Backports commit 279de61a21a1622cb875ead82d6e78c989ba2966 from qemu
2019-11-28 02:52:37 -05:00
Richard Henderson a45db7fcd1
target/arm: Convert T16, nop hints
Backports commit 56e6250ede81b4e4b4ddb623874d6c3cdad4a96d from qemu
2019-11-28 02:52:29 -05:00
Richard Henderson 676f1c8783
target/arm: Convert T16, Reverse bytes
Backports commit ae3002b0218a90f2088817c70b35d3832ec91c18 from qemu
2019-11-28 02:52:19 -05:00
Richard Henderson 692ad18e62
target/arm: Convert T16, Change processor state
Add a check for ARMv6 in trans_CPS. We had this correct in
the T16 path, but had previously forgotten the check on the
A32 and T32 paths.

Backports commit 20556e7bd6111266fbf1d81e4ff7a89bfa5795a7 from qemu
2019-11-28 02:52:13 -05:00
Richard Henderson cc7d3fe9da
target/arm: Convert T16, extract
Backports commit e6f69612cc79e2acc05dafda8695f791a916946f from qemu
2019-11-28 02:52:06 -05:00
Richard Henderson 40282af492
target/arm: Convert T16 adjust sp (immediate)
Backports commit 2e6a646d7b1304d9106baad73c655132e2736c6c from qemu
2019-11-28 02:51:54 -05:00
Richard Henderson 927fb85b51
target/arm: Convert T16 add, compare, move (two high registers)
Backports commit 90aa042115a0fe39fe4cb3bcae4c4f728e2f3fdb from qemu
2019-11-28 02:51:46 -05:00
Richard Henderson 7ca1b3f817
target/arm: Convert T16 branch and exchange
Backports commit a0ef07740425b679d010fac7d9954ae003c1b191 from qemu
2019-11-28 02:51:39 -05:00
Richard Henderson c690f562c4
target/arm: Convert T16 one low register and immediate
Backports commit 6c6d237a865041972ec5b226657398f3b3018561 from qemu
2019-11-28 02:51:31 -05:00
Richard Henderson d9184b16a9
target/arm: Convert T16 add/sub (3 low, 2 low and imm)
Backports commit c4d3095bb62bdac0b4f9cb180bd7aa0b40c2c270 from qemu
2019-11-28 02:51:24 -05:00
Richard Henderson c52cfb9aa6
target/arm: Convert T16 load/store multiple
Backports commit 6e8514ba408f3cc758cd47e2da5475d8684507ec from qemu
2019-11-28 02:51:16 -05:00
Richard Henderson 10c8008266
target/arm: Convert T16 add pc/sp (immediate)
Backports commit 1cb1323433dca657a42483b2291c1ae923a91726 from qemu
2019-11-28 02:51:08 -05:00
Richard Henderson 7f79c0f2a1
target/arm: Convert T16 load/store (immediate offset)
Backports commit 07afd747f9fdd79fabf3a51416c7d795f873d297 from qemu
2019-11-28 02:51:01 -05:00
Richard Henderson 0ed7d59e35
target/arm: Convert T16 load/store (register offset)
Backports commit d1d229179c6b011cc3fa124d4b6b649866470530 from qemu
2019-11-28 02:50:48 -05:00
Richard Henderson e30f636e8a
target/arm: Convert T16 data-processing (two low regs)
Backports commit 080c4eadcbbaf95a6fcc4668cf16e4580f2bfe11 from qemu
2019-11-28 02:50:40 -05:00
Richard Henderson 0b2f37afaf
target/arm: Add skeleton for T16 decodetree
Backports commit f97b454e9e7f5d018d34b5ea85a66cff016bd3b7 from qemu
2019-11-28 02:50:27 -05:00
Richard Henderson 19f1da260f
target/arm: Simplify disas_arm_insn
Fold away all of the cases that now just goto illegal_op,
because all of their internal bits are now in decodetree.

Backports commit 590057d969a54de5d97261701c5702b3bebc9c07 from qemu
2019-11-28 02:50:03 -05:00
Richard Henderson e402eef2f0
target/arm: Simplify disas_thumb2_insn
Fold away all of the cases that now just goto illegal_op,
because all of their internal bits are now in decodetree.

Backports commit f843e77144c9334e244a422848177f2fbef5eb05 from qemu
2019-11-28 02:48:20 -05:00
Richard Henderson 1b5c72935d
target/arm: Convert TT
Backports commit d449f174e820b15ca1a1f5f3ec19999eeb7da14c from qemu
2019-11-28 02:48:06 -05:00
Richard Henderson 0e03a1f59c
target/arm: Convert SG
Backports commit 35d240acf1b6a89558e74b490feb13267415b236 from qemu
2019-11-28 02:47:57 -05:00
Richard Henderson 0afb6ab7af
target/arm: Convert Table Branch
Backports commit 808092bbe356eef0897476be50193d0778596877 from qemu
2019-11-28 02:47:48 -05:00
Richard Henderson e6b4480ca9
target/arm: Convert Unallocated memory hint
Backports commit 610f4e1764aa2049fa1711893ff62faf777813f3 from qemu
2019-11-28 02:47:41 -05:00
Richard Henderson 4593c67444
target/arm: Convert PLI, PLD, PLDW
Backports commit beb595f657d615856fee904f1e0f74f5e1e299a3 from qemu
2019-11-28 02:47:33 -05:00
Richard Henderson 5a23a1f020
target/arm: Convert SETEND
Backports commit 48c04a5dfaf2c08e00b659a22c502ec098999cf1 from qemu
2019-11-28 02:47:26 -05:00
Richard Henderson 55390520d6
target/arm: Convert CPS (privileged)
Backports commit 52f83b9c68bdde8d3da5f49292d3561bd474651d from qemu
2019-11-28 02:47:19 -05:00
Richard Henderson 15558cfa7e
target/arm: Convert Clear-Exclusive, Barriers
Backports commit 519b84711ea36bb8a339096e207b6b9b65cd2051 from qemu
2019-11-28 02:47:11 -05:00
Richard Henderson eff475c9a9
target/arm: Convert RFE and SRS
Backports commit 885782a78c6d05932c5d8f463dc50fc8312e3eb9 from qemu
2019-11-28 02:47:04 -05:00
Richard Henderson 87ff6a8bdf
target/arm: Convert SVC
Backports commit 542f5188a14758d64f7504580a9bd3cae973f546 from qemu
2019-11-28 02:46:55 -05:00
Richard Henderson a119870e57
target/arm: Convert B, BL, BLX (immediate)
Backports commit 360144f3b99f9a626ffcc6b9d76537e3a3e0e708 from qemu
2019-11-28 02:46:47 -05:00
Richard Henderson ed9b8ad2ea
target/arm: Diagnose base == pc for LDM/STM
We have been using store_reg and not store_reg_for_load when writing
back a loaded value into the base register. At first glance this is
incorrect when base == pc, however that case is UNPREDICTABLE.

Backports commit b0e382b8cf365fed8b8c43482029ac7655961a85 from qemu
2019-11-28 02:46:40 -05:00
Richard Henderson 1a0986ee25
target/arm: Diagnose too few registers in list for LDM/STM
This has been a TODO item for quite a while. The minimum bit
count for A32 and T16 is 1, and for T32 is 2.

Backports commit 4b222545dbf30b60c033e1cd6eddda612575fd8c from qemu
2019-11-28 02:46:33 -05:00
Richard Henderson fc81b12631
target/arm: Diagnose writeback register in list for LDM for v7
Prior to v7, for the A32 encoding, this operation wrote an UNKNOWN
value back to the base register. Starting in v7 this is UNPREDICTABLE.

Backports commit 3949f4675d13c587078f8f423845a3a537a22595 from qemu
2019-11-28 02:46:24 -05:00
Richard Henderson a501800ba6
target/arm: Convert LDM, STM
This includes a minor bug fix to LDM (user), which requires
bit 21 to be 0, which means no writeback.

Backports commit c5c426d4c680f908a1e262091a17b088b5709200 from qemu
2019-11-28 02:46:04 -05:00
Richard Henderson e4ca88f9d6
target/arm: Convert MOVW, MOVT
Backports commit 8f4451274b7010c1f50e0baa5bb608f19f02b90f from qemu
2019-11-28 02:46:04 -05:00
Richard Henderson b35749e239
target/arm: Convert Signed multiply, signed and unsigned divide
Backports commit 2c7c4e090409189488149869797da4acf895bad0 from qemu
2019-11-28 02:45:33 -05:00
Richard Henderson 987641cf10
target/arm: Convert packing, unpacking, saturation, and reversal
Backports commit 46497f6af73bb33c1064d43a28a48cbb4d233a23 from qemu
2019-11-28 02:44:55 -05:00
Richard Henderson 83cced6170
target/arm: Convert Parallel addition and subtraction
Backports commit adf1a5662a47d5b5b96f4f1e440e34c26b14a154 from qemu
2019-11-28 02:44:20 -05:00
Richard Henderson 21df423e47
target/arm: Convert USAD8, USADA8, SBFX, UBFX, BFC, BFI, UDF
In op_bfx, note that tcg_gen_{,s}extract_i32 already checks
for width == 32, so we don't need to special case that here.

Backports commit 86d21e4b509a2835ed79f234f476a4c5191d435b from qemu
2019-11-28 02:44:20 -05:00
Richard Henderson dbcc67ab20
target/arm: Diagnose UNPREDICTABLE ldrex/strex cases
Backports commit af2882289951e58363d714afd16f80050685fa29 from qemu
2019-11-28 02:44:20 -05:00
Richard Henderson 3ac019eb98
target/arm: Convert Synchronization primitives
Backports commit 1efdd407a25f617129e2e0d5c009c07cbe847990 from qemu
2019-11-28 02:44:18 -05:00
Richard Henderson c794962c42
target/arm: Convert load/store (register, immediate, literal)
Backports commit 5e291fe16846d216d5a69569b1c59f497dff96e4 from qemu
2019-11-28 02:42:01 -05:00
Richard Henderson d5d98450f3
target/arm: Convert T32 ADDW/SUBW
Backports commit 145952e87fb86aaa9434d768c31eedbd323f7157 from qemu
2019-11-28 02:42:01 -05:00
Richard Henderson 7b9025910d
target/arm: Convert the rest of A32 Miscelaneous instructions
Backports commit 2cde9ea57dbc4cdee3677a1a335574537810fe2e from qemu
2019-11-28 02:42:01 -05:00
Richard Henderson be2a259d3c
target/arm: Convert ERET
Pass the T5 encoding of SUBS PC, LR, #IMM through the normal SUBS path
to make it clear exactly what's happening -- we hit ALUExceptionReturn
along that path.

Backports commit ef11bc3c461e2c650e8bef552146a4b08f81884e from qemu
2019-11-28 02:42:00 -05:00
Richard Henderson 74040da34c
target/arm: Convert CLZ
Document our choice about the T32 CONSTRAINED UNPREDICTABLE behaviour.
This matches the undocumented choice made by the legacy decoder.

Backports commit 4c97f5b2f0fa9b37f9ff497f15411d809e6fd098 from qemu
2019-11-28 02:42:00 -05:00
Richard Henderson 94968602b8
target/arm: Convert BX, BXJ, BLX (register)
Backports commit 4ed95abd700e43dee8e032f754b53bec2b047f75 from qemu
2019-11-28 02:42:00 -05:00
Richard Henderson 831e17d970
target/arm: Convert Cyclic Redundancy Check
Backports commit 6c35d53f1bde7fe327c074473c3048d6e6f15e95 from qemu
2019-11-28 02:42:00 -05:00
Richard Henderson fdd135c7d2
target/arm: Convert MRS/MSR (banked, register)
The m-profile and a-profile decodings overlap. Only return false
for the case of wrong profile; handle UNDEFINED for permission failure
directly. This ensures that we don't accidentally pass an insn that
applies to the wrong profile.

Backports commit d0b26644502103ca97093ef67749812dc1df7eea from qemu
2019-11-28 02:42:00 -05:00
Richard Henderson 571d879c49
target/arm: Convert MSR (immediate) and hints
Backports commit 6313059623dc512308681ba160ed862ac387e2fb from qemu
2019-11-28 02:41:59 -05:00
Richard Henderson a011318794
target/arm: Simplify op_smlawx for SMLAW*
By shifting the 16-bit input left by 16, we can align the desired
portion of the 48-bit product and use tcg_gen_muls2_i32.

Backports commit 485b607d4f393e0de92c922806a68aef22340c98 from qemu
2019-11-28 02:40:01 -05:00
Richard Henderson 201be7b8b1
target/arm: Simplify op_smlaxxx for SMLAL*
Since all of the inputs and outputs are i32, dispense with
the intermediate promotion to i64 and use tcg_gen_add2_i32.

Backports commit ea96b374641bc429269096d88d4e91ee544273e9 from qemu
2019-11-28 02:40:00 -05:00
Richard Henderson 543b598d45
target/arm: Convert Halfword multiply and multiply accumulate
Backports commit 26c6923de7131fa1cf223ab67131d1992dc17001 from qemu
2019-11-28 02:40:00 -05:00
Richard Henderson 44416a6794
target/arm: Convert Saturating addition and subtraction
Backports commit 6d0730a82417e3a4a1911eb8e0246f3ba996f932 from qemu
2019-11-28 02:40:00 -05:00
Richard Henderson 45566b2780
target/arm: Simplify UMAAL
Since all of the inputs and outputs are i32, dispense with
the intermediate promotion to i64 and use tcg_gen_mulu2_i32
and tcg_gen_add2_i32.

Backports commit 2409d56454f0d028619fb1002eda86bf240906dd from qemu
2019-11-28 02:40:00 -05:00
Richard Henderson 5e5ae4c0d0
target/arm: Convert multiply and multiply accumulate
Backports commit bd92fe353bda4412ffc46c0f7415207a684b45f2 from qemu
2019-11-28 02:40:00 -05:00
Richard Henderson 677cf191d2
target/arm: Convert Data Processing (immediate)
Convert the modified immediate form of the data processing insns.
For A32, we can finally remove any code that was intertwined with
the register and register-shifted-register forms.

Backports commit 581c6ebd17c8f56ad52772216e6c6d8cc8997e8b from qemu
2019-11-28 02:39:16 -05:00
Richard Henderson 1b21ced6a1
target/arm: Convert Data Processing (reg-shifted-reg)
Convert the register shifted by register form of the data
processing insns. For A32, we cannot yet remove any code
because the legacy decoder intertwines the immediate form.

Backports commit 5be2c12337f4cbdbda4efe6ab485350f730faaad from qemu
2019-11-28 02:39:16 -05:00
Richard Henderson e151696a65
target/arm: Convert Data Processing (register)
Convert the register shifted by immediate form of the data
processing insns. For A32, we cannot yet remove any code
because the legacy decoder intertwines the reg-shifted-reg
and immediate forms.

Backports commit 25ae32c558182c07fc6ad01b936e9151cbf00c44 from qemu
2019-11-28 02:38:58 -05:00
Richard Henderson 9fc793b566
target/arm: Add stubs for aa32 decodetree
Add the infrastructure that will become the new decoder.
No instructions adjusted so far.

Backports commit 51409b9e8cfe997b1ac3365df7400e0c6e844437 from qemu
2019-11-28 02:38:49 -05:00
Richard Henderson 6ec6c71d50
target/arm: Use store_reg_from_load in thumb2 code
This function already includes the test for an interworking write
to PC from a load. Change the T32 LDM implementation to match the
A32 LDM implementation.

For LDM, the reordering of the tests does not change valid
behaviour because the only case that differs is has rn == 15,
which is UNPREDICTABLE.

Backports commit 69be3e13764111737e1a7a13bb0c231e4d5be756 from qemu
2019-11-28 02:38:42 -05:00
Alex Bennée a2585ba590
include/exec/cpu-defs.h: fix typo
Backports commit 1eb21c428b1e8c9845c82c152a75d046fb19d6fe from qemu
2019-11-28 02:38:15 -05:00
Emilio G. Cota f4be234ab8
atomic_template: fix indentation in GEN_ATOMIC_HELPER
Backports commit 358f6348df5ad785c7c18be659d4ff9a2174635f from qemu
2019-11-28 02:38:07 -05:00
Emilio G. Cota ca15f620b0
tcg/README: fix typo s/afterwise/afterwards/
Afterwise is "wise after the fact", as in "hindsight".
Here we meant "afterwards" (as in "subsequently"). Fix it.
2019-11-28 02:37:51 -05:00
Richard Henderson 46a8dfff59
target/arm: Fix SMMLS argument order
The previous simplification got the order of operands to the
subtraction wrong. Since the 64-bit product is the subtrahend,
we must use a 64-bit subtract to properly compute the borrow
from the low-part of the product.

Fixes: 5f8cd06ebcf5 ("target/arm: Simplify SMMLA, SMMLAR, SMMLS, SMMLSR")

Backports commit e0a0c8322b8ebcdad674f443a3e86db8708d6738 from qemu
2019-11-20 17:24:44 -05:00
Peter Maydell 9fb54a7f72
target/arm: Take exceptions on ATS instructions when needed
The translation table walk for an ATS instruction can result in
various faults. In general these are just reported back via the
PAR_EL1 fault status fields, but in some cases the architecture
requires that the fault is turned into an exception:
* synchronous stage 2 faults of any kind during AT S1E0* and
AT S1E1* instructions executed from NS EL1 fault to EL2 or EL3
* synchronous external aborts are taken as Data Abort exceptions

(This is documented in the v8A Arm ARM DDI0487A.e D5.2.11 and
G5.13.4.)

Backports commit 0710b2fa84a4aeb925422e1e88edac49ed407c79 from qemu
2019-11-20 17:24:44 -05:00
Peter Maydell 56b54f361e
target/arm: Allow ARMCPRegInfo read/write functions to throw exceptions
Currently the only part of an ARMCPRegInfo which is allowed to cause
a CPU exception is the access function, which returns a value indicating
that some flavour of UNDEF should be generated.

For the ATS system instructions, we would like to conditionally
generate exceptions as part of the writefn, because some faults
during the page table walk (like external aborts) should cause
an exception to be raised rather than returning a value.

There are several ways we could do this:
* plumb the GETPC() value from the top level set_cp_reg/get_cp_reg
helper functions through into the readfn and writefn hooks
* add extra readfn_with_ra/writefn_with_ra hooks that take the GETPC()
value
* require the ATS instructions to provide a dummy accessfn,
which serves no purpose except to cause the code generation
to emit TCG ops to sync the CPU state
* add an ARM_CP_ flag to mark the ARMCPRegInfo as possibly
throwing an exception in its read/write hooks, and make the
codegen sync the CPU state before calling the hooks if the
flag is set

This patch opts for the last of these, as it is fairly simple
to implement and doesn't require invasive changes like updating
the readfn/writefn hook function prototype signature.

Backports commit 37ff584c15bc3e1dd2c26b1998f00ff87189538c from qemu
2019-11-20 17:24:37 -05:00
Richard Henderson 87c06b7fae
target/arm: Factor out unallocated_encoding for aarch32
Make this a static function private to translate.c.
Thus we can use the same idiom between aarch64 and aarch32
without actually sharing function implementations.

Backports commit 1ce21ba1eaf08b22da5925f3e37fc0b4322da858 from qemu
2019-11-18 23:51:45 -05:00
Richard Henderson 1f59a43544
Revert "target/arm: Use unallocated_encoding for aarch32"
Despite the fact that the text for the call to gen_exception_insn
is identical for aarch64 and aarch32, the implementation inside
gen_exception_insn is totally different.

This fixes exceptions raised from aarch64.

This reverts commit fb2d3c9a9a.
2019-11-18 23:49:47 -05:00
Aleksandar Markovic 32457b2b37
target/mips: Fix emulation of ST.W in system mode
Order of arguments in helper_ret_stl_mmu() invocations was wrong,
apparently caused by a misplaced multiline copy-and-paste.

Fixes: 6decc57 ("target/mips: Fix MSA instructions ST.<B|H|W|D> on big endian host")

Backports commit abd4393d769d9fe2333b2e83e00f911a78475943 from qemu
2019-11-18 23:47:33 -05:00
Aleksandar Markovic 84ec43131c
target/mips: Clean up handling of CP0 register 31
Clean up handling of CP0 register 31.

Backports commit 14d92efd721755cc31df328261d301177980fa89 from qemu
2019-11-18 23:46:33 -05:00
Aleksandar Markovic d012faa9bf
target/mips: Clean up handling of CP0 register 30
Clean up handling of CP0 register 30.

Backports commit 4bcf121ebb009db8d135d8819b8d5837cfd6bb37 from qemu
2019-11-18 23:43:56 -05:00
Aleksandar Markovic 6fae1432ce
target/mips: Clean up handling of CP0 register 29
Clean up handling of CP0 register 29.

Backports commit af4bb6da80d3f6c733055bb4e2a1b99a30e81d24 from qemu
2019-11-18 23:43:11 -05:00
Aleksandar Markovic 7dc128c3ad
target/mips: Clean up handling of CP0 register 28
Clean up handling of CP0 register 28.

Backports commit a30e2f218034f6215757734c8107fd47f5385dfa from qemu
2019-11-18 23:40:48 -05:00
Aleksandar Markovic 9ed9ff06ab
target/mips: Clean up handling of CP0 register 27
Clean up handling of CP0 register 27.

Backports commit 5a10873d7ddd5d84c38c6f0dd69116b93219a7c1 from qemu
2019-11-18 23:38:00 -05:00
Aleksandar Markovic 9fe6520144
target/mips: Clean up handling of CP0 register 26
Clean up handling of CP0 register 26.

Backports commit dbbf08b2892a7cf93e47f84c512953234a452cec from qemu
2019-11-18 23:37:02 -05:00
Aleksandar Markovic 7f23faefa3
target/mips: Clean up handling of CP0 register 25
Clean up handling of CP0 register 25.

Backports commit 1176b328c310dbc71501f370fe128786edc7609c from qemu
2019-11-18 23:36:02 -05:00
Aleksandar Markovic d7b34101a0
target/mips: Clean up handling of CP0 register 24
Clean up handling of CP0 register 24.

Backports commit 8d7b4b6efbab8b5286aa9f5948d3e2ce9f98aea5 from qemu
2019-11-18 23:31:37 -05:00
Aleksandar Markovic 4626d0d314
target/mips: Clean up handling of CP0 register 23
Clean up handling of CP0 register 23.

Backports commit 4cbf4b6d00aa27176f1a19b3c739423875d702fe from qemu
2019-11-18 23:30:52 -05:00
Aleksandar Markovic 6d070f1346
target/mips: Clean up handling of CP0 register 20
Clean up handling of CP0 register 20.

Backports commit 14f92b0b9ca0abe48f9a23a73e8dc413d919eab9 from qemu
2019-11-18 23:22:56 -05:00
Aleksandar Markovic 462d062240
target/mips: Clean up handling of CP0 register 19
Clean up handling of CP0 register 19.

Backports commit be274dc18ee3682bb3a2ba7e5ccd3061b103cbec from qemu
2019-11-18 23:22:07 -05:00
Aleksandar Markovic e126751cdc
target/mips: Clean up handling of CP0 register 18
Clean up handling of CP0 register 18.

Backports commit e8dcfe825a51c5e963813343ec4112f06a0acf68 from qemu
2019-11-18 23:21:19 -05:00
Aleksandar Markovic 0424d7bd24
target/mips: Clean up handling of CP0 register 17
Clean up handling of CP0 register 17.

Backports commit 706ce142056b1304ea21db53b73d128295771a71 from qemu
2019-11-18 23:18:16 -05:00
Aleksandar Markovic 04de1c3a5e
target/mips: Clean up handling of CP0 register 16
Clean up handling of CP0 register 16.

Backports commit 433efb4cca1d942b6849be953ea166b492e9bb59 from qemu
2019-11-18 23:14:41 -05:00
Aleksandar Markovic e54d2617a1
target/mips: Clean up handling of CP0 register 15
Clean up handling of CP0 register 15.

Backports commit 4466cd49e53d3a4418a0f27ea9ff335fd9aed180 from qemu
2019-11-18 23:11:46 -05:00
Aleksandar Markovic 41133450de
target/mips: Clean up handling of CP0 register 14
Clean up handling of CP0 register 14.

Backports commit 35e4b54d90b07736d24d736c50f236231cde929f from qemu
2019-11-18 23:10:19 -05:00
Aleksandar Markovic dc1e7c4467
target/mips: Clean up handling of CP0 register 13
Clean up handling of CP0 register 13.

Backports commit e3c7559d8902fbb9857fb94fc5391f258cc3c4d1 from qemu
2019-11-18 23:08:20 -05:00
Aleksandar Markovic 3f76658fd8
target/mips: Clean up handling of CP0 register 12
Clean up handling of CP0 register 12.

Backports commit 2b0848674b4143bf5b2b6f7de6b8587dd52c31dd from qemu
2019-11-18 23:06:38 -05:00
Aleksandar Markovic 5812937c52
target/mips: Clean up handling of CP0 register 11
Clean up handling of CP0 register 11.

Backports commit f5f3834ff0f7d237fa9d5c67544ae5f5d49eaaf7 from qemu
2019-11-18 23:04:18 -05:00
Aleksandar Markovic 16e817b003
target/mips: Clean up handling of CP0 register 10
Clean up handling of CP0 register 10.

Backports commit 860ffef0477a92f1944f10528887fa5e74e6535d from qemu
2019-11-18 23:03:25 -05:00
Aleksandar Markovic 11d02fc0b7
target/mips: Clean up handling of CP0 register 9
Clean up handling of CP0 register 9.

Backports commit e5a98a7232e10632032be8f896ce0aaf171b6fd5 from qemu
2019-11-18 23:01:54 -05:00
Aleksandar Markovic f4015517ab
target/mips: Clean up handling of CP0 register 8
Clean up handling of CP0 register 8.

Backports commit 67d167d2d83d059932c99c077b402b94339c8cf0 from qemu
2019-11-18 22:59:32 -05:00
Aleksandar Markovic 38f0e31950
target/mips: Clean up handling of CP0 register 7
Clean up handling of CP0 register 7.

Backports commit 143a9875e51a358924154ffa76135ca29415dfb5 from qemu
2019-11-18 22:55:22 -05:00
Aleksandar Markovic 95fa7aae61
target/mips: Clean up handling of CP0 register 6
Clean up handling of CP0 register 6.

Backports commit 9023594b4081585518faf9b144bce62067381990 from qemu
2019-11-18 22:54:26 -05:00
Aleksandar Markovic 49eeba113e
target/mips: Clean up handling of CP0 register 5
Clean up handling of CP0 register 5.

Backports commit a1e76353e389f93e63bf1175c8422e5e7759662e from qemu
2019-11-18 22:51:19 -05:00
Aleksandar Markovic 11ac98331a
target/mips: Clean up handling of CP0 register 4
Clean up handling of CP0 register 4.

Backports commit 020fe379093deb116d72174268335d60133f0e26 from qemu
2019-11-18 22:46:46 -05:00
Aleksandar Markovic d96b3d06c4
target/mips: Clean up handling of CP0 register 3
Clean up handling of CP0 register 3.

Backports commit acd3731632c5737eaeb230d76fd55ce871a33439 from qemu
2019-11-18 22:42:17 -05:00
Aleksandar Markovic 8644845898
target/mips: Clean up handling of CP0 register 2
Clean up handling of CP0 register 2.

Backports commit 6d27d5bd73489a0560a6613e2b5633e221999db9 from qemu
2019-11-18 22:38:46 -05:00
Aleksandar Markovic 9450b71a13
target/mips: Clean up handling of CP0 register 1
Clean up handling of CP0 register 1

Backports commit 30deb4605bf0bb4cc0682216002dfed738bd5700 from qemu
2019-11-18 22:33:29 -05:00
Aleksandar Markovic 47adeabf87
target/mips: Clean up handling of CP0 register 0
Clean up handling of CP0 register 0.

Backports commit 1b142da5f82a8fcdc7783a418592de654d5c6052 from qemu
2019-11-18 22:25:31 -05:00
Marc-André Lureau effccae2d9
configure: remove AUTOCONF_HOST
This is a left-over from commit
c12b6d70e384c769ca372e15ffd19b3e9f563662 ("pixman: drop submodule")

Backports commit fbb04e760f4818a1ba9cfde0a2571a15cd4f49f7 from qemu
2019-11-18 22:19:47 -05:00
Carlo Marcelo Arenas Belón 467617cd8a
configure: remove obsoleted variable
9b9c37c364 ("tcg-sparc: Assume v9 cpu always, i.e. force v8plus in
32-bit mode.", 2012-09-21) removed the need for this variable and
most of the references to it, but this one.

Remove defunct code, no effect or functionality change expected.

Backports commit edd318b7a3c54321ead363ffc1e22ebac5785f1d from qemu
2019-11-18 22:08:27 -05:00
Jing Liu 61be812bfb
x86: Intel AVX512_BF16 feature enabling
Intel CooperLake cpu adds AVX512_BF16 instruction, defining as
CPUID.(EAX=7,ECX=1):EAX[bit 05].

The patch adds a property for setting the subleaf of CPUID leaf 7 in
case that people would like to specify it.

The release spec link as follows,
https://software.intel.com/sites/default/files/managed/c5/15/\
architecture-instruction-set-extensions-programming-reference.pdf

Backports commit 80db491da4ce8b199e0e8d1e23943b20aab82f69 from qemu
2019-11-18 22:06:57 -05:00
Peter Maydell 5899803c3c
target/i386: Return 'indefinite integer value' for invalid SSE fp->int conversions
The x86 architecture requires that all conversions from floating
point to integer which raise the 'invalid' exception (infinities of
both signs, NaN, and all values which don't fit in the destination
integer) return what the x86 spec calls the "indefinite integer
value", which is 0x8000_0000 for 32-bits or 0x8000_0000_0000_0000 for
64-bits. The softfloat functions return the more usual behaviour of
positive overflows returning the maximum value that fits in the
destination integer format and negative overflows returning the
minimum value that fits.

Wrap the softfloat functions in x86-specific versions which
detect the 'invalid' condition and return the indefinite integer.

Note that we don't use these wrappers for the 3DNow! pf2id and pf2iw
instructions, which do return the minimum value that fits in
an int32 if the input float is a large negative number.

Fixes: https://bugs.launchpad.net/qemu/+bug/1815423

Backports commit 1e8a98b53867f61da9ca09f411288e2085d323c4 from qemu
2019-11-18 21:48:03 -05:00
tony.nguyen@bt.com b4c2c94602
configure: Define target access alignment in configure
This patch moves the define of target access alignment earlier from
target/foo/cpu.h to configure.

Suggested in Richard Henderson's reply to "[PATCH 1/4] tcg: TCGMemOp is now
accelerator independent MemOp"

Backports commit 52bf9771fdfce98e98cea36a17a18915be6f6b7f from qemu
2019-11-18 21:41:35 -05:00
Wanpeng Li c041f5f2cc
target-i386: adds PV_SCHED_YIELD CPUID feature bit
Adds PV_SCHED_YIELD CPUID feature bit.

Backports commit b896c4b50da107bf0d40e6215d4ee20daf64723b from qemu
2019-11-18 21:38:26 -05:00
Aleksandar Markovic 551b3db088
target/mips: Style improvements in translate.c
Fixes mostly errors and warnings reported by 'checkpatch.pl -f'.

Backports commit 71375b59241a27b75d287b9216e5e82e43d763d8 from qemu
2019-11-18 21:36:30 -05:00
Aleksandar Markovic cf6adb51e0
target/mips: Style improvements in cpu.c
Fixes mostly errors and warnings reported by 'checkpatch.pl -f'.

Backports commit cf02a1164815ed6682c21070ddc95b88c31ff476 from qemu
2019-11-18 21:25:54 -05:00
Aleksandar Markovic 780b748780
target/mips: Style improvements in cp0_timer.c
Fixes mostly errors and warnings reported by 'checkpatch.pl -f'.

Backports commit 2f0d0196721d207297ce00a6cb39fc52005ccc7a from qemu
2019-11-18 21:24:37 -05:00
Richard Henderson 8767d64b66
target/riscv: Remove redundant declaration pragmas
These are now generated by decodetree itself.

Backports commit 59a3a1c0c211640e18b058a1b0444154c4eb6f99 from qemu
2019-11-18 21:22:09 -05:00
Richard Henderson b33a5bd513
decodetree: Suppress redundant declaration warnings
We can tell that a decodetree input file is "secondary" when it
uses an argument set marked "!extern". This indicates that at
least one of the insn translation functions will have already
been declared by the "primary" input file, but given only the
secondary we cannot tell which.

Avoid redundant declaration warnings by suppressing them with pragmas.

Backports commit c692079597d98337b6f25deff7599afe39b2a468 from qemu
2019-11-18 21:21:30 -05:00
Richard Henderson 6e2358ab60
decodetree: Allow !function with no input bits
Call this form a "parameter", returning a value extracted
from the DisasContext.

Backports commit 94597b6146f30f949f2c454f424082a2b0f55a0e from qemu
2019-11-18 21:21:25 -05:00
Alex Bennée 14b401f0bf
target/riscv: rationalise softfloat includes
We should avoid including the whole of softfloat headers in cpu.h and
explicitly include it only where we will be calling softfloat
functions. We can use the -types.h and -helpers.h in cpu.h for the few
bits that are global.

Backports commit 135b03cb9defbd080b8834b30e3d45bed00c6137 from qemu
2019-11-18 21:17:03 -05:00
Alex Bennée 3afb3723c7
target/mips: rationalise softfloat includes
We should avoid including the whole of softfloat headers in cpu.h and
explicitly include it only where we will be calling softfloat
functions. We can use the -types.h in cpu.h for the few bits that are
global. We also move the restore_snan_bit_mode into internal.h and
include -helpers.h there.

Backports commit 502700d0674919309a19bfd016ea0680c6b7747d from qemu
2019-11-18 21:15:19 -05:00
Alex Bennée 9d83300f3e
fpu: rename softfloat-specialize.h -> .inc.c
This is not a normal header and should only be included in the main
softfloat.c file to bring in the various target specific
specialisations. Indeed as it contains non-inlined C functions it is
not even a legal header. Rename it to match our included C convention.

Backports commit 00f43279a3e5e7ea3a0fa853157863663e838e2e from qemu
2019-11-18 21:12:30 -05:00
Alex Bennée 064f50cdf6
fpu: make softfloat-macros self-contained
The macros use the "flags" type and to be consistent if anyone just
needs the macros we should bring in the header we need. There is an
outstanding TODO to audit the use of "flags" and replace with bool at
which point this include could be dropped.

Backports commit 5937fb63a92d54cc4e5270256e4387c4d3a70091 from qemu
2019-11-18 21:10:39 -05:00
Alex Bennée 5ab2ac8dac
fpu: move inline helpers into a separate header
There are a bunch of users of the inline helpers who do not need
access to the entire softfloat API. Move those inline helpers into a
new header file which can be included without bringing in the rest of
the world.

Backports commit e34c47ea3fb5f324b58db117b3c010a494c8d6ca from qemu
2019-11-18 21:09:02 -05:00
Alex Bennée be878fb0e9
fpu: remove the LIT64 macro
Now the rest of the code has been cleaned up we can remove this.

Backports commit 472038ccf5d69ebcad44d835488a36ee640c219f from qemu
2019-11-18 21:06:55 -05:00
Alex Bennée affde8930a
target/m68k: replace LIT64 with UINT64_C macros
In our quest to eliminate the home rolled LIT64 macro we fixup usage
inside for m68k's many constants.

Backports commit e23263004d5fea809ad0f78c523f498e04ba788f from qemu
2019-11-18 21:05:59 -05:00
Alex Bennée dbddafe2df
fpu: replace LIT64 with UINT64_C macros
In our quest to eliminate the home rolled LIT64 macro we fixup usage
inside the softfloat code. While we are at it we remove some of the
extraneous spaces to closer fit the house style.

Backports commit e932112420f063776f2b9d9e5512830cd6890a7a from qemu
2019-11-18 20:57:12 -05:00
Alex Bennée 6eb3c9ee79
fpu: use min/max values from stdint.h for integral overflow
Remove some more use of LIT64 while making the meaning more clear. We
also avoid the need of casts as the results by definition fit into the
return type.

Backports commit 2c217da0fc9f1127bda804e2a500b8138b02c581 from qemu
2019-11-18 20:45:40 -05:00
Alex Bennée 0d573763c9
fpu: convert float[16/32/64]_squash_denormal to new modern style
This also allows us to remove the extractFloat16exp/frac helpers. We
avoid using the floatXX_pack_raw functions as they are slight overkill
for masking out all but the top bit of the number. The generated code
is almost exactly the same as makes no difference to the
pre-conversion code.

Backports commit e6b405fe00d8e6424a58492b37a1656d1ef0929b from qemu
2019-11-18 20:42:06 -05:00
Alex Bennée e5c799cd3c
fpu: replace LIT64 usage with UINT64_C for specialize constants
We have a wrapper that does the right thing from stdint.h so lets use
it for our constants in softfloat-specialize.h

Backports commit f7e81a945737631c19405a39d510d2284257c3ff from qemu
2019-11-18 20:39:03 -05:00
Richard Henderson 9d2a3064af
target/arm: Use tcg_gen_extrh_i64_i32 to extract the high word
Separate shift + extract low will result in one extra insn
for hosts like RISC-V, MIPS, and Sparc.

Backports commit 664b7e3b97d6376f3329986c465b3782458b0f8b from qemu
2019-11-18 20:36:19 -05:00
Richard Henderson 93c016a3e7
target/arm: Simplify SMMLA, SMMLAR, SMMLS, SMMLSR
All of the inputs to these instructions are 32-bits. Rather than
extend each input to 64-bits and then extract the high 32-bits of
the output, use tcg_gen_muls2_i32 and other 32-bit generator functions.

Backports commit 5f8cd06ebcf57420be8fea4574de2e074de46709 from qemu
2019-11-18 20:31:12 -05:00
Richard Henderson 4a1cc16eef
target/arm: Use tcg_gen_rotri_i32 for gen_swap_half
Rotate is the more compact and obvious way to swap 16-bit
elements of a 32-bit word.

Backports commit adefba76e8bf10dfb342094d2f5debfeedb1a74d from qemu
2019-11-18 20:27:12 -05:00
Richard Henderson 751ab7b24b
target/arm: Use ror32 instead of open-coding the operation
The helper function is more documentary, and also already
handles the case of rotate by zero.

Backports commit dd861b3f29be97a9e3cdb9769dcbc0c7d7825185 from qemu
2019-11-18 20:25:51 -05:00
Richard Henderson df4c773ed2
target/arm: Remove redundant shift tests
The immediate shift generator functions already test for,
and eliminate, the case of a shift by zero.

Backports commit 464eaa9571fae5867d9aea7d7209c091c8a50223 from qemu
2019-11-18 20:24:39 -05:00
Richard Henderson 4dd30ebfbd
target/arm: Use tcg_gen_deposit_i32 for PKHBT, PKHTB
Use deposit as the composit operation to merge the
bits from the two inputs.

Backports commit d1f8755fc93911f5b27246b1da794542d222fa1b from qemu
2019-11-18 20:22:00 -05:00
Richard Henderson 25ccd28e78
target/arm: Use tcg_gen_extract_i32 for shifter_out_im
Extract is a compact combination of shift + and.

Backports commit 191f4bfe8d6cf0c7d5cd7f84cd7076e32e3745dd from qemu
2019-11-18 20:19:40 -05:00
Andrew Jones ad63ee7509
target/arm/cpu: Use div-round-up to determine predicate register array size
Unless we're guaranteed to always increase ARM_MAX_VQ by a multiple of
four, then we should use DIV_ROUND_UP to ensure we get an appropriate
array size.

Backports commit 46417784d21c89446763f2047228977bdc267895 from qemu
2019-11-18 20:16:46 -05:00
Andrew Jones bb8b3bc42b
target/arm/helper: zcr: Add build bug next to value range assumption
The current implementation of ZCR_ELx matches the architecture, only
implementing the lower four bits, with the rest RAZ/WI. This puts
a strict limit on ARM_MAX_VQ of 16. Make sure we don't let ARM_MAX_VQ
grow without a corresponding update here.

Backports commit 7b351d98709d3f77d6bb18562e1bf228862b0d57 from qemu
2019-11-18 20:14:42 -05:00
Richard Henderson 3d3d56056b
target/arm: Remove helper_double_saturate
Replace x = double_saturate(y) with x = add_saturate(y, y).
There is no need for a separate more specialized helper.

Backports commit 640581a06d14e2d0d3c3ba79b916de6bc43578b0 from qemu
2019-11-18 20:13:21 -05:00
Richard Henderson fb2d3c9a9a
target/arm: Use unallocated_encoding for aarch32
Promote this function from aarch64 to fully general use.
Use it to unify the code sequences for generating illegal
opcode exceptions.

Backports commit 3cb36637157088892e9e33ddb1034bffd1251d3b from qemu
2019-11-18 20:10:50 -05:00
Richard Henderson d562bea784
target/arm: Remove offset argument to gen_exception_bkpt_insn
Unlike the other more generic gen_exception{,_internal}_insn
interfaces, breakpoints always refer to the current instruction.

Backports commit 06bcbda3f64d464b6ecac789bce4bd69f199cd68 from qemu
2019-11-18 20:05:45 -05:00
Richard Henderson f19b4df20d
target/arm: Replace offset with pc in gen_exception_internal_insn
The offset is variable depending on the instruction set.
Passing in the actual value is clearer in intent.

Backpors commit aee828e7541a5895669ade3a4b6978382b6b094a from qemu
2019-11-18 20:05:23 -05:00
Richard Henderson 00fbadf637
target/arm: Replace s->pc with s->base.pc_next
We must update s->base.pc_next when we return from the translate_insn
hook to the main translator loop. By incrementing s->base.pc_next
immediately after reading the insn word, "pc_next" contains the address
of the next instruction throughout translation.

All remaining uses of s->pc are referencing the address of the next insn,
so this is now a simple global replacement. Remove the "s->pc" field.

Backports commit a04159166b880b505ccadc16f2fe84169806883d from qemu
2019-11-18 17:32:53 -05:00
Richard Henderson 7d1fcef722
target/arm: Remove redundant s->pc & ~1
The thumb bit has already been removed from s->pc, and is always even.

Backports commit 4818c3743b0e0095fdcecd24457da9b3443730ab from qemu
2019-11-18 17:32:53 -05:00
Richard Henderson a2e60445de
target/arm: Introduce add_reg_for_lit
Provide a common routine for the places that require ALIGN(PC, 4)
as the base address as opposed to plain PC. The two are always
the same for A32, but the difference is meaningful for thumb mode.

Backports commit 16e0d8234ef9291747332d2c431e46808a060472 from qemu
2019-11-18 17:32:49 -05:00
Richard Henderson 1c0914e58c
target/arm: Introduce read_pc
We currently have 3 different ways of computing the architectural
value of "PC" as seen in the ARM ARM.

The value of s->pc has been incremented past the current insn,
but that is all. Thus for a32, PC = s->pc + 4; for t32, PC = s->pc;
for t16, PC = s->pc + 2. These differing computations make it
impossible at present to unify the various code paths.

With the newly introduced s->pc_curr, we can compute the correct
value for all cases, using the formula given in the ARM ARM.

This changes the behaviour for load_reg() and load_reg_var()
when called with reg==15 from a 32-bit Thumb instruction:
previously they would have returned the incorrect value
of pc_curr + 6, and now they will return the architecturally
correct value of PC, which is pc_curr + 4. This will not
affect well-behaved guest software, because all of the places
we call these functions from T32 code are instructions where
using r15 is UNPREDICTABLE. Using the architectural PC value
here is more consistent with the T16 and A32 behaviour.

Backports commit fdbcf6329d0c2984c55d7019419a72bf8e583c36 from qemu
2019-11-18 17:04:50 -05:00
Richard Henderson 0048f3e887
target/arm: Introduce pc_curr
Add a new field to retain the address of the instruction currently
being translated. The 32-bit uses are all within subroutines used
by a32 and t32. This will become less obvious when t16 support is
merged with a32+t32, and having a clear definition will help.

Convert aarch64 as well for consistency. Note that there is one
instance of a pre-assert fprintf that used the wrong value for the
address of the current instruction.

Backports commit 43722a6d4f0c92f7e7e1e291580039b0f9789df1 from qemu
2019-11-18 16:58:40 -05:00
Richard Henderson 1aa3c685a8
target/arm: Pass in pc to thumb_insn_is_16bit
This function is used in two different contexts, and it will be
clearer if the function is given the address to which it applies.

Backports commit 331b1ca616cb708db30dab68e3262d286e687f24 from qemu
2019-11-18 16:52:35 -05:00
Peter Maydell c61e22627d
target/arm: Fix routing of singlestep exceptions
When generating an architectural single-step exception we were
routing it to the "default exception level", which is to say
the same exception level we execute at except that EL0 exceptions
go to EL1. This is incorrect because the debug exception level
can be configured by the guest for situations such as single
stepping of EL0 and EL1 code by EL2.

We have to track the target debug exception level in the TB
flags, because it is dependent on CPU state like HCR_EL2.TGE
and MDCR_EL2.TDE. (That we were previously calling the
arm_debug_target_el() function to determine dc->ss_same_el
is itself a bug, though one that would only have manifested
as incorrect syndrome information.) Since we are out of TB
flag bits unless we want to expand into the cs_base field,
we share some bits with the M-profile only HANDLER and
STACKCHECK bits, since only A-profile has this singlestep.

Fixes: https://bugs.launchpad.net/qemu/+bug/1838913

Backports commit 8bd587c1066f4456ddfe611b571d9439a947d74c from qemu
2019-11-18 16:50:15 -05:00
Peter Maydell 3f531fac61
target/arm: Factor out 'generate singlestep exception' function
Factor out code to 'generate a singlestep exception', which is
currently repeated in four places.

To do this we need to also pull the identical copies of the
gen-exception() function out of translate-a64.c and translate.c
into translate.h.

(There is a bug in the code: we're taking the exception to the wrong
target EL. This will be simpler to fix if there's only one place to
do it.)

Backports commit c1d5f50f094ab204accfacc2ee6aafc9601dd5c4 from qemu
2019-11-18 16:47:08 -05:00
Alex Bennée 0d6ed39333
target/arm: generate a custom MIDR for -cpu max
While most features are now detected by probing the ID_* registers
kernels can (and do) use MIDR_EL1 for working out of they have to
apply errata. This can trip up warnings in the kernel as it tries to
work out if it should apply workarounds to features that don't
actually exist in the reported CPU type.

Avoid this problem by synthesising our own MIDR value.

Backports commit 2bd5f41c00686a1f847a60824d0375f3df2c26bf from qemu
2019-11-18 16:42:51 -05:00
Markus Armbruster bb1f47545c
typedefs: Separate incomplete types and function types
While there, rewrite the obsolete file comment.

Backports commit 2a28720d773df2193c9fb633c02092cca107a9e5 from qemu
2019-11-18 16:42:51 -05:00
Peter Maydell f773fd7fef
Open 4.2 development tree
Backports commit f8f2eac4e5de8ce8ef17591ee1b84904437be25b from qemu
2019-11-18 16:42:51 -05:00
Michael Roth 867b7dcd08
Update version for 4.1.1 release
Backports commit 99c5874a9b6c9f70aef285d6eff85d4f46de3c52 from qemu
2019-11-18 16:42:51 -05:00
Dr. David Alan Gilbert 0b8add4e6f
memory: Provide an equality function for MemoryRegionSections
Provide a comparison function that checks all the fields are the same.

Backports commit 42b6571357a083f721a27daa6dfdc69e4bd516bd from qemu
2019-11-18 16:42:50 -05:00
Dr. David Alan Gilbert 3807ec09de
memory: Align MemoryRegionSections fields
MemoryRegionSection includes an Int128 'size' field;
on some platforms the compiler causes an alignment of this to
a 128bit boundary, leaving 8 bytes of dead space.
This deadspace can be filled with junk.

Move the size field to the top avoiding unnecessary alignment.

Backports commit c0aca9352d51c102c55fe29ce5c1bf8e74a5183e from qemu
2019-11-18 16:42:47 -05:00
Christophe Lyon 8264cb84fe
target/arm: Allow reading flags from FPSCR for M-profile
rt==15 is a special case when reading the flags: it means the
destination is APSR. This patch avoids rejecting vmrs apsr_nzcv, fpscr
as illegal instruction.

Backports commit cdc6896659b85f7ed8f7552850312e55170de0c5 from qemu
2019-11-18 16:32:06 -05:00
Peter Maydell 3fc86e1901
target/arm: Don't abort on M-profile exception return in linux-user mode
An attempt to do an exception-return (branch to one of the magic
addresses) in linux-user mode for M-profile should behave like
a normal branch, because linux-user mode is always going to be
in 'handler' mode. This used to work, but we broke it when we added
support for the M-profile security extension in commit d02a8698d7ae2bfed.

In that commit we allowed even handler-mode calls to magic return
values to be checked for and dealt with by causing an
EXCP_EXCEPTION_EXIT exception to be taken, because this is
needed for the FNC_RETURN return-from-non-secure-function-call
handling. For system mode we added a check in do_v7m_exception_exit()
to make any spurious calls from Handler mode behave correctly, but
forgot that linux-user mode would also be affected.

How an attempted return-from-non-secure-function-call in linux-user
mode should be handled is not clear -- on real hardware it would
result in return to secure code (not to the Linux kernel) which
could then handle the error in any way it chose. For QEMU we take
the simple approach of treating this erroneous return the same way
it would be handled on a CPU without the security extensions --
treat it as a normal branch.

The upshot of all this is that for linux-user mode we should never
do any of the bx_excret magic, so the code change is simple.

This ought to be a weird corner case that only affects broken guest
code (because Linux user processes should never be attempting to do
exception returns or NS function returns), except that the code that
assigns addresses in RAM for the process and stack in our linux-user
code does not attempt to avoid this magic address range, so
legitimate code attempting to return to a trampoline routine on the
stack can fall into this case. This change fixes those programs,
but we should also look at restricting the range of memory we
use for M-profile linux-user guests to the area that would be
real RAM in hardware.

Backports commit 9027d3fba605d8f6093342ebe4a1da450d374630 from qemu
2019-11-18 16:30:43 -05:00
Peter Maydell 8f7f19ce43
target/arm: Free TCG temps in trans_VMOV_64_sp()
The function neon_store_reg32() doesn't free the TCG temp that it
is passed, so the caller must do that. We got this right in most
places but forgot to free the TCG temps in trans_VMOV_64_sp().

Backports commit 38fb634853ac6547326d9f88b9a068d9fc6b4ad4 from qemu
2019-11-18 16:27:21 -05:00
Peter Maydell 96f2342a21
Update version for v4.1.0 release
Backports commit 9e06029aea3b2eca1d5261352e695edc1e7d7b8b from qemu
2019-11-18 16:25:50 -05:00
Peter Maydell 0f45c5565f
Update version for v4.1.0-rc5 release
Backports commit f28ed74fd116491e31329044d140fde4aa23b2a0 from qemu
2019-11-18 16:25:18 -05:00
naq 6768d02191
x86: setup FS & GS base
Backports commit b90427e8d8ac1c98f4817c0bcb5cd2a66c8eaed1 from unicorn.
2019-08-08 20:26:45 -04:00
kj.xwings.l 038b4f3345
Removed hardcoded CP0C3_ULRI (#1098)
* activate CP0C3_ULRI for CONFIG3, mips

* updated with mips patches

* updated with mips patches

* remove hardcoded config3

* git ignore vscode

* fix spacing issue and turn on floating point

Backports most of commit 24f55a7973278f20f0de21b904851d99d4716263 from
unicorn. Ignores internal core modifications, as this would be
special-casing non-upstreamed behavior.
2019-08-08 20:08:57 -04:00
Ryan Houdek deeeb1d0b9
Fixes register reading and writing for XMM8-15 on x86-64 (#1090)
Backports commit ae6e3c193d569180c6ada3ac2b01c11aef34e714 from unicorn
2019-08-08 20:01:23 -04:00
Peter Maydell 8ddcbd349a
Update version for v4.1.0-rc4 release
Backports commit 864ab314f1d924129d06ac7b571f105a2b76a4b2 from qemu
2019-08-08 19:57:53 -04:00
Peter Maydell c6041bf94b
target/arm: Avoid bogus NSACR traps on M-profile without Security Extension
In Arm v8.0 M-profile CPUs without the Security Extension and also in
v7M CPUs, there is no NSACR register. However, the code we have to handle
the FPU does not always check whether the ARM_FEATURE_M_SECURITY bit
is set before testing whether env->v7m.nsacr permits access to the
FPU. This means that for a CPU with an FPU but without the Security
Extension we would always take a bogus fault when trying to stack
the FPU registers on an exception entry.

We could fix this by adding extra feature bit checks for all uses,
but it is simpler to just make the internal value of nsacr 0xcff
("all non-secure accesses allowed"), since this is not guest
visible when the Security Extension is not present. This allows
us to continue to follow the Arm ARM pseudocode which takes a
similar approach. (In particular, in the v8.1 Arm ARM the register
is documented as reading as 0xcff in this configuration.)

Fixes: https://bugs.launchpad.net/qemu/+bug/1838475

Backports commit 02ac2f7f613b47f6a5b397b20ab0e6b2e7fb89fa from qemu
2019-08-08 19:56:56 -04:00
Peter Maydell db7053c382
Update version for v4.1.0-rc3 release
Backports commit 3bd6cbbb181b6ae60a1d1f33ccd325b45f71aa2a from qemu
2019-08-08 19:56:12 -04:00
Lioncash 59d808cf21
target/arm: Supply uc_struct instance to tcg_enabled() 2019-08-08 19:55:12 -04:00
Peter Maydell ecd3f0a5df
target/arm: Deliver BKPT/BRK exceptions to correct exception level
Most Arm architectural debug exceptions (eg watchpoints) are ignored
if the configured "debug exception level" is below the current
exception level (so for example EL1 can't arrange to get debug exceptions
for EL2 execution). Exceptions generated by the BRK or BPKT instructions
are a special case -- they must always cause an exception, so if
we're executing above the debug exception level then we
must take them to the current exception level.

This fixes a bug where executing BRK at EL2 could result in an
exception being taken at EL1 (which is strictly forbidden by the
architecture).

Fixes: https://bugs.launchpad.net/qemu/+bug/1838277

Backports commit 987a23224218fa3bb3aa0024ad236dcf29ebde9e from qemu
2019-08-08 19:53:30 -04:00
Paul Lai 3b8e2180e7
i386: Fix Snowridge CPU model name and features
Changing the name to Snowridge from SnowRidge-Server.
There is no client model of Snowridge, so "-Server" is unnecessary.

Removing CPUID_EXT_VMX from Snowridge cpu feature list.

Backports commit ff656fcd338a70c4d9783a800733c4ab3806e5b0 from qemu
2019-08-08 19:52:23 -04:00
Peter Maydell a89fe5e865
Update version for v4.1.0-rc2 release
Backports commit bf8b024372bf8abf5a9f40bfa65eeefad23ff988 from qemu
2019-08-08 19:51:38 -04:00
Aleksandar Markovic e2bc3161b4
target/mips: Fix emulation of MSA pack instructions on big endian hosts
Fix emulation of MSA pack instructions on big endian hosts.

Backports commit 51229582583a4b64e93f2655153d905e4d8583d2 from qemu
2019-08-08 19:51:34 -04:00
Aleksandar Markovic 812f3e4fed
target/mips: Add 'fall through' comments for handling nanoMips' SHXS, SWXS
This was found by GCC 8.3 static analysis.

Missed in commit fb32f8c8560.

Backports commit 45152d050213a1221a5a900283976454bf6308bf from qemu
2019-08-08 19:45:25 -04:00
Peter Maydell fbbd582fb9
target/arm: Limit ID register assertions to TCG
In arm_cpu_realizefn() we make several assertions about the values of
guest ID registers:
* if the CPU provides AArch32 v7VE or better it must advertise the
ARM_DIV feature
* if the CPU provides AArch32 A-profile v6 or better it must
advertise the Jazelle feature

These are essentially consistency checks that our ID register
specifications in cpu.c didn't accidentally miss out a feature,
because increasingly the TCG emulation gates features on the values
in ID registers rather than using old-style checks of ARM_FEATURE_FOO
bits.

Unfortunately, these asserts can cause problems if we're running KVM,
because in that case we don't control the values of the ID registers
-- we read them from the host kernel. In particular, if the host
kernel is older than 4.15 then it doesn't expose the ID registers via
the KVM_GET_ONE_REG ioctl, and we set up dummy values for some
registers and leave the rest at zero. (See the comment in
target/arm/kvm64.c kvm_arm_get_host_cpu_features().) This set of
dummy values is not sufficient to pass our assertions, and so on
those kernels running an AArch32 guest on AArch64 will assert.

We could provide a more sophisticated set of dummy ID registers in
this case, but that still leaves the possibility of a host CPU which
reports bogus ID register values that would cause us to assert. It's
more robust to only do these ID register checks if we're using TCG,
as that is the only case where this is truly a QEMU code bug.

Backports commit 8f4821d77e465bc2ef77302d47640d5a43d92b30 from qemu
2019-08-08 19:44:16 -04:00
Philippe Mathieu-Daudé 9bd010263a
target/arm: Add missing break statement for Hypervisor Trap Exception
Reported by GCC9 when building with -Wimplicit-fallthrough=2:

target/arm/helper.c: In function ‘arm_cpu_do_interrupt_aarch32_hyp’:
target/arm/helper.c:7958:14: error: this statement may fall through [-Werror=implicit-fallthrough=]
7958 | addr = 0x14;
| ~~~~~^~~~~~
target/arm/helper.c:7959:5: note: here
7959 | default:
| ^~~~~~~
cc1: all warnings being treated as errors

Backports commit 9bbb4ef991fa93323f87769a6e217c2b9273a128 from qemu
2019-08-08 19:43:01 -04:00
Denis V. Lunev 556806ad2b
i386: indicate that 'pconfig' feature was removed intentionally
pconfig feature was added in 5131dc433df and removed in 712f807e196.
This patch mark this feature as known to QEMU and removed by
intentinally. This follows the convention of 9ccb9784b57 and f1a23522b03
dealing with 'osxsave' and 'ospke'.

Backports commit 2924ab02c28ce8d32da144a6ae8bfc5a8d7e072b from qemu
2019-08-08 19:41:55 -04:00
Peter Maydell 19ed270ec4
Update version for v4.1.0-rc1 release
Backports commit 0b18cfb8f1828c905139b54c8644b0d8f4aad879 from qemu
2019-08-08 19:41:03 -04:00
King Wang f02b6492a5
memory: unref the memory region in simplify flatview
The memory region reference is increased when insert a range
into flatview range array, then decreased by destroy flatview.
If some flat range merged by flatview_simplify, the memory region
reference can not be decreased by destroy flatview any more.

In this case, start virtual machine by the command line:
qemu-system-x86_64
-name guest=ubuntu,debug-threads=on
-machine pc,accel=kvm,usb=off,dump-guest-core=off
-cpu host
-m 16384
-realtime mlock=off
-smp 8,sockets=2,cores=4,threads=1
-object memory-backend-file,id=ram-node0,prealloc=yes,mem-path=/dev/hugepages,share=yes,size=8589934592
-numa node,nodeid=0,cpus=0-3,memdev=ram-node0
-object memory-backend-file,id=ram-node1,prealloc=yes,mem-path=/dev/hugepages,share=yes,size=8589934592
-numa node,nodeid=1,cpus=4-7,memdev=ram-node1
-no-user-config
-nodefaults
-rtc base=utc
-no-shutdown
-boot strict=on
-device piix3-usb-uhci,id=usb,bus=pci.0,addr=0x1.0x2
-device virtio-scsi-pci,id=scsi0,bus=pci.0,addr=0x2
-device virtio-serial-pci,id=virtio-serial0,bus=pci.0,addr=0x3
-drive file=ubuntu.qcow2,format=qcow2,if=none,id=drive-virtio-disk0,cache=none,aio=native
-device virtio-blk-pci,scsi=off,bus=pci.0,addr=0x4,drive=drive-virtio-disk0,id=virtio-disk0,bootindex=1
-chardev pty,id=charserial0
-device isa-serial,chardev=charserial0,id=serial0
-device usb-tablet,id=input0,bus=usb.0,port=1
-vnc 0.0.0.0:0
-device VGA,id=video0,vgamem_mb=16,bus=pci.0,addr=0x5
-device virtio-balloon-pci,id=balloon0,bus=pci.0,addr=0x6
-msg timestamp=on

And run the script in guest OS:
while true
do
setpci -s 00:06.0 04.b=03
setpci -s 00:06.0 04.b=07
done

I found the reference of node0 HostMemoryBackendFile is a big one.
(gdb) p numa_info[0]->node_memdev->parent.ref
$6 = 1636278
(gdb)

Backports commit 838ec1177c45812ff177a35ff93990e9eb7f70c3 from qemu
2019-08-08 19:39:34 -04:00
Aleksandar Markovic 572c95e709
target/mips: Add missing 'break' for certain cases of MTTR handling
This was found by GCC 8.3 static analysis.

Fixes: ead9360e2fb

Backports commit 0d0304f2c4967c892a3216638fc4cb078afa2b44 from qemu
2019-08-08 19:38:18 -04:00
Aleksandar Markovic 720aff63da
target/mips: Add missing 'break' for certain cases of MFTR handling
This was found by GCC 8.3 static analysis.

Fixes: ead9360e2fb

Backports commit f1fadbb27af04115c9d24e0902d88a38d0266854 from qemu
2019-08-08 19:37:34 -04:00
Aleksandar Markovic b2aa75be33
target/mips: Add missing 'break' for a case of MTHC0 handling
This was found by GCC 8.3 static analysis.

Fixes: 5fb2dcd1792

Backports commit ab8c34105a0ddd0c05159fb76919a18de8df4e8f from qemu
2019-08-08 19:36:39 -04:00
Peter Maydell cdb9422f3a
target/arm: NS BusFault on vector table fetch escalates to NS HardFault
In the M-profile architecture, when we do a vector table fetch and it
fails, we need to report a HardFault. Whether this is a Secure HF or
a NonSecure HF depends on several things. If AIRCR.BFHFNMINS is 0
then HF is always Secure, because there is no NonSecure HardFault.
Otherwise, the answer depends on whether the 'underlying exception'
(MemManage, BusFault, SecureFault) targets Secure or NonSecure. (In
the pseudocode, this is handled in the Vector() function: the final
exc.isSecure is calculated by looking at the exc.isSecure from the
exception returned from the memory access, not the isSecure input
argument.)

We weren't doing this correctly, because we were looking at
the target security domain of the exception we were trying to
load the vector table entry for. This produces errors of two kinds:
* a load from the NS vector table which hits the "NS access
to S memory" SecureFault should end up as a Secure HardFault,
but we were raising an NS HardFault
* a load from the S vector table which causes a BusFault
should raise an NS HardFault if BFHFNMINS == 1 (because
in that case all BusFaults are NonSecure), but we were raising
a Secure HardFault

Correct the logic.

We also fix a comment error where we claimed that we might
be escalating MemManage to HardFault, and forgot about SecureFault.
(Vector loads can never hit MPU access faults, because they're
always aligned and always use the default address map.)

Backports commit 51c9122e92b776a3f16af0b9282f1dc5012e2a19 from qemu
2019-08-08 19:32:53 -04:00
Peter Maydell 8ec683b874
target/arm: Set VFP-related MVFR0 fields for arm926 and arm1026
The ARMv5 architecture didn't specify detailed per-feature ID
registers. Now that we're using the MVFR0 register fields to
gate the existence of VFP instructions, we need to set up
the correct values in the cpu->isar structure so that we still
provide an FPU to the guest.

This fixes a regression in the arm926 and arm1026 CPUs, which
are the only ones that both have VFP and are ARMv5 or earlier.
This regression was introduced by the VFP refactoring, and more
specifically by commits 1120827fa182f0e76 and 266bd25c485597c,
which accidentally disabled VFP short-vector support and
double-precision support on these CPUs.

Backports commit cb7cef8b32033f6284a47d797edd5c19c5491698 from qemu
2019-08-08 19:29:56 -04:00
Alex Bennée f893ff0b89
target/arm: report ARMv8-A FP support for AArch32 -cpu max
When we converted to using feature bits in 602f6e42cfbf we missed out
the fact (dp && arm_dc_feature(s, ARM_FEATURE_V8)) was supported for
-cpu max configurations. This caused a regression in the GCC test
suite. Fix this by setting the appropriate bits in mvfr1.FPHP to
report ARMv8-A with FP support (but not ARMv8.2-FP16).

Fixes: https://bugs.launchpad.net/qemu/+bug/1836078

Backports commit 45b1a243b81a7c9ae56235937280711dd9914ca7 from qemu
2019-08-08 19:28:39 -04:00
Richard Henderson ec81aef8c0
include/qemu/atomic.h: Add signal_barrier
We have some potential race conditions vs our user-exec signal
handler that will be solved with this barrier.

Backports commit 359896dfa4e9707e1acea99129d324250fccab04 from qemu
2019-08-08 19:26:41 -04:00
Richard Henderson d291a311ee
tcg/aarch64: Fix output of extract2 opcodes
This patch fixes two problems:
(1) The inputs to the EXTR insn were reversed,
(2) The input constraints use rZ, which means that we need to use
the REG0 macro in order to supply XZR for a constant 0 input.

Fixes: 464c2969d5d

Backports commit 1789d4274b851fb8fdf4a947ce5474c63e813d0d from qemu
2019-08-08 19:25:37 -04:00
Richard Henderson b2d75f4955
tcg: Fix constant folding of INDEX_op_extract2_i32
On a 64-bit host, discard any replications of the 32-bit
sign bit when performing the shift and merge.

Backports commit 80f4d7c3ae216c191fb403e149bcba88d6aa40bb from qemu
2019-08-08 19:25:01 -04:00
Peter Maydell 3ee580d58f
Update version for v4.1.0-rc0 release
Backports commit 6df2cdf44a82426f7a59dcb03f0dd2181ed7fdfa from qemu
2019-08-08 19:23:58 -04:00
Richard Henderson 955661ad7b
tcg: Fix expansion of INDEX_op_not_vec
This operation can always be emitted, even if we need to
fall back to xor. Adjust the assertions to match.

Backports commit 11978f6f58f1d3d66429f7ff897524f693d823ce from qemu
2019-08-08 19:23:03 -04:00
Philippe Mathieu-Daudé 6f8c8046d8
target/arm/vfp_helper: Call set_fpscr_to_host before updating to FPSCR
In commit e9d652824b0 we extracted the vfp_set_fpscr_to_host()
function but failed at calling it in the correct place, we call
it after xregs[ARM_VFP_FPSCR] is modified.

Fix by calling this function before we update FPSCR.

Backports commit 85795187f416326f87177cabc39fae1911f04c50 from qemu
2019-08-08 19:21:28 -04:00
Richard Henderson c687259bf6
target/arm: Fix sve_zcr_len_for_el
Off by one error in the EL2 and EL3 tests. Remove the test
against EL3 entirely, since it must always be true.

Backports commit 6a02a73211c5bc634fccd652777230954b83ccba from qemu
2019-08-08 19:20:35 -04:00
Eduardo Habkost 9f2ff9a66f
i386: Add Cascadelake-Server-v2 CPU model
Add new version of Cascadelake-Server CPU model, setting
stepping=5 and enabling the IA32_ARCH_CAPABILITIES MSR
with some flags.

The new feature will introduce a new host software requirement,
breaking our CPU model runnability promises. This means we can't
enable the new CPU model version by default in QEMU 4.1, because
management software isn't ready yet to resolve CPU model aliases.
This is why "pc-*-4.1" will keep returning Cascadelake-Server-v1
if "-cpu Cascadelake-Server" is specified.

Includes a test case to ensure the right combinations of
machine-type + CPU model + command-line feature flags will work
as expected.

Backports commit fd63c6d1a5f77d689ee06f6561677c012a988223 from qemu
2019-08-08 19:18:21 -04:00
Eduardo Habkost 54993f7479
i386: Replace -noTSX, -IBRS, -IBPB CPU models with aliases
The old CPU models will be just aliases for specific versions of
the original CPU models.

Backports commit 53db89d93bebe70a3e7f4c45933deffcf3e7cb62 from qemu
2019-08-08 19:14:26 -04:00
Eduardo Habkost 0128e34fdf
i386: Define -IBRS, -noTSX, -IBRS versions of CPU models
Add versions of CPU models that are equivalent to their -IBRS,
-noTSX and -IBRS variants.

The separate variants will eventually be removed and become
aliases for these CPU versions.

Backports commit d86a708815c3bec0b934760e6bdab7eb647087b8 from qemu
2019-08-08 19:08:32 -04:00
Eduardo Habkost e5e5c2fd6c
i386: Register versioned CPU models
Add support for registration of multiple versions of CPU models.

The existing CPU models will be registered with a "-v1" suffix.

The -noTSX, -IBRS, and -IBPB CPU model variants will become
versions of the original models in a separate patch, so
make sure we register no versions for them.

Backports commit dcafd1ef0af227ef87f7a6dec8fc66d7d2e2442d from qemu
2019-08-08 19:01:35 -04:00
Paul Lai 1e48962847
i386: Introduce SnowRidge CPU model
SnowRidge CPU supports Accelerator Infrastrcture Architecture (MOVDIRI,
MOVDIR64B), CLDEMOTE and SPLIT_LOCK_DISABLE.

MOVDIRI, MOVDIR64B, and CLDEMOTE are found via CPUID.
The availability of SPLIT_LOCK_DISABLE is check via msr access

References can be found in either:
https://software.intel.com/en-us/articles/intel-sdm
https://software.intel.com/en-us/download/intel-architecture-instruction-set-extensions-and-future-features-programming-reference

Backports commit 0b18874bd216f3237740d5cbd64f39cf1e02addf from qemu
2019-08-08 18:26:09 -04:00
Like Xu 2c424e691c
target/i386: Add CPUID.1F generation support for multi-dies PCMachine
The CPUID.1F as Intel V2 Extended Topology Enumeration Leaf would be
exposed if guests want to emulate multiple software-visible die within
each package. Per Intel's SDM, the 0x1f is a superset of 0xb, thus they
can be generated by almost same code as 0xb except die_offset setting.

If the number of dies per package is greater than 1, the cpuid_min_level
would be adjusted to 0x1f regardless of whether the host supports CPUID.1F.
Likewise, the CPUID.1F wouldn't be exposed if env->nr_dies < 2.

Backports commit a94e1428991f741e2c6636e7c8df7f8d1905d983 from qemu
2019-08-08 18:24:46 -04:00
Like Xu d2410074d8
i386: Update new x86_apicid parsing rules with die_offset support
In new sockets/dies/cores/threads model, the apicid of logical cpu could
imply die level info of guest cpu topology thus x86_apicid_from_cpu_idx()
need to be refactored with #dies value, so does apicid_*_offset().

To keep semantic compatibility, the legacy pkg_offset which helps to
generate CPUIDs such as 0x3 for L3 cache should be mapping to die_offset.

Backports commit d65af288a84d8bf8c27e55d45545f52f016c08a7 from qemu
2019-08-08 18:22:03 -04:00
Lioncash a82e4efa24
i386/cpu: Consolidate die-id validity in smp context
The field die_id (default as 0) and has_die_id are introduced to X86CPU.
Following the legacy smp check rules, the die_id validity is added to
the same contexts as leagcy smp variables such as hmp_hotpluggable_cpus(),
machine_set_cpu_numa_node(), cpu_slot_to_string() and pc_cpu_pre_plug().

Backports relevant bits from 176d2cda0dee9f4f78f604ad72d6a111e8e38f3b
from qemu
2019-08-08 18:14:27 -04:00
Like Xu efd887b992
i386: Add die-level cpu topology to x86CPU on PCMachine
The die-level as the first PC-specific cpu topology is added to the leagcy
cpu topology model, which has one die per package implicitly and only the
numbers of sockets/cores/threads are configurable.

In the new model with die-level support, the total number of logical
processors (including offline) on board will be calculated as:

\#cpus = #sockets * #dies * #cores * #threads

and considering compatibility, the default value for #dies would be
initialized to one in x86_cpu_initfn() and pc_machine_initfn().

Backports commit c26ae610811e8d52f4fc73e3ae0a8bc4a24d6763 from qemu
2019-08-08 18:10:42 -04:00
Peter Maydell 1f4c3d6bcc
target/arm: Correct VMOV_imm_dp handling of short vectors
Coverity points out (CID 1402195) that the loop in trans_VMOV_imm_dp()
that iterates over the destination registers in a short-vector VMOV
accidentally throws away the returned updated register number
from vfp_advance_dreg(). Add the missing assignment. (We got this
correct in trans_VMOV_imm_sp().)

Backports commit 89a11ff756410aecb87d2c774df6e45dbf4105c1 from qemu
2019-08-08 18:08:55 -04:00
Peter Maydell 0d89bce217
target/arm: Execute Thumb instructions when their condbits are 0xf
Thumb instructions in an IT block are set up to be conditionally
executed depending on a set of condition bits encoded into the IT
bits of the CPSR/XPSR. The architecture specifies that if the
condition bits are 0b1111 this means "always execute" (like 0b1110),
not "never execute"; we were treating it as "never execute". (See
the ConditionHolds() pseudocode in both the A-profile and M-profile
Arm ARM.)

This is a bit of an obscure corner case, because the only legal
way to get to an 0b1111 set of condbits is to do an exception
return which sets the XPSR/CPSR up that way. An IT instruction
which encodes a condition sequence that would include an 0b1111 is
UNPREDICTABLE, and for v8A the CONSTRAINED UNPREDICTABLE choices
for such an IT insn are to NOP, UNDEF, or treat 0b1111 like 0b1110.
Add a comment noting that we take the latter option.

Backports commit 5529de1e5512c05276825fa8b922147663fd6eac from qemu
2019-08-08 18:07:57 -04:00
Peter Maydell 9d01d50db8
target/arm: Use _ra versions of cpu_stl_data() in v7M helpers
In the various helper functions for v7M/v8M instructions, use
the _ra versions of cpu_stl_data() and friends. Otherwise we
may get wrong behaviour or an assert() due to not being able
to locate the TB if there is an exception on the memory access
or if it performs an IO operation when in icount mode

Backports commit 2884fbb60412049ec92389039ae716b32057382e from qemu
2019-08-08 18:06:23 -04:00
Philippe Mathieu-Daudé bde186433d
target/arm/helper: Move M profile routines to m_helper.c
In preparation for supporting TCG disablement on ARM, we move most
of TCG related v7m/v8m helpers and APIs into their own file.

Note: It is easier to review this commit using the 'histogram'
diff algorithm:

$ git diff --diff-algorithm=histogram ...
or
$ git diff --histogram ...

Backports commit 7aab5a8c8bb525ea390b4ebc17ab82c0835cfdb6 from qemu
2019-08-08 18:04:08 -04:00
Philippe Mathieu-Daudé 199e2f8a7d
target/arm: Restrict semi-hosting to TCG
Semihosting hooks either SVC or HLT instructions, and inside KVM
both of those go to EL1, ie to the guest, and can't be trapped to
KVM.

Let check_for_semihosting() return False when not running on TCG.

backports commit 91f78c58da9ba78c8ed00f5d822b701765be8499 from qemu
2019-08-08 17:48:34 -04:00
Philippe Mathieu-Daudé 6295fd7156
target/arm: Move debug routines to debug_helper.c
These routines are TCG specific.

Backports commit 9dd5cca42448770a940fa2145f1ff18cdc7b01a9 from qemu
2019-08-08 17:46:56 -04:00
Markus Armbruster db741bdfbb
Makefile: Rename targets for make recursion
We make a few sub-directories recursively, in particular
$(TARGET_DIRS).

For goal "all", we do it the nice way: "all" has a prerequisite
subdir-T for each T in $(TARGET_DIRS), and T's recipe runs make
recursively. Behaves nicely with -j and -k.

For other goals such as "clean" and "install", the recipe runs make
recursively in a for loop. Ignores -j and -k.

The next commit will fix that for "clean" and "install". This commit
prepares the ground by renaming the targets we use for "all" to
include the goal for the sub-make. This will permit reusing them for
goals other than "all".

Targets subdir-T for T in $(TARGET_DIRS) run "make all" in T. Rename
to T/all, and declare phony.

Targets romsubdir-R for R in $(ROMS) run "make" in pc-bios/R. Default
goal is "all" for all R. Rename to pc-bios/R/all, and declare phony.

The remainder are renamed just for consistency.

Target subdir-dtc runs "make libbft/libfdt.a" in dtc. Rename to
dtc/all, and declare phony.

Target subdir-capstone runs make $(BUILD_DIR)/capstone/$(LIBCAPSTONE)
in $(SRC_PATH)/capstone. Rename to capstone/all, and declare phony.

Target subdir-slirp runs "make" in $(SRC_PATH)/slirp. Default goal is
all, which builds $(BUILD_DIR)/libslirp.a. Rename to slirp/all, and
declare phony.

Backports commit 3b8593eeaa5778ae118f0cc2837e615acd13baeb from qemu
2019-08-08 17:26:49 -04:00
Markus Armbruster e972e593c6
Makefile: Remove code to smooth transition to config.status
When commit bdf523e6923 made configure generate config.status, it
added a fallback to Makefile to smooth the transition, with a TODO
"code can be removed after QEMU 1.7." It's been more than five years.
Remove it.

Backports commit cdb69b08f984b7cca2acb1989c8eae79390a23f3 from qemu
2019-08-08 17:21:21 -04:00
Eduardo Habkost 0bf3c3755a
Deprecate Python 2 support
Python 2 will reach end of life in January 1 2020. Declare it as
deprecated.

Backports commit e5abf59eae5990296c243202f95f801495c52e76 from qemu
2019-08-08 17:16:26 -04:00
Joel Sing 14c6ed2cca
RISC-V: Clear load reservations on context switch and SC
This prevents a load reservation from being placed in one context/process,
then being used in another, resulting in an SC succeeding incorrectly and
breaking atomics.

Backports commit c13b169f1a3dd158d6c75727cdc388f95988db39 from qemu
2019-08-08 17:15:45 -04:00
Palmer Dabbelt 4a3d8417ca
RISC-V: Add support for the Zicsr extension
The various CSR instructions have been split out of the base ISA as part
of the ratification process. This patch adds a Zicsr argument, which
disables all the CSR instructions.

Backports commit 591bddea8d874e1500921de0353818e5586618f5 from qemu
2019-08-08 17:10:34 -04:00
Palmer Dabbelt 5b59f956b3
RISC-V: Add support for the Zifencei extension
fence.i has been split out of the base ISA as part of the ratification
process. This patch adds a Zifencei argument, which disables the
fence.i instruction.

Backports commit 50fba816cd226001bec3e495c39879deb2fa5432 from qemu
2019-08-08 17:09:09 -04:00
Alistair Francis e006204543
target/riscv: Set privledge spec 1.11.0 as default
Set the priv spec version 1.11.0 as the default and allow selecting it
via the command line.

Backports commit e3147506b02edcdd7c14ebb41a10fcc3027dcc5c from qemu
2019-08-08 17:05:40 -04:00
Alistair Francis 2ed6459e98
target/riscv: Add the mcountinhibit CSR
1.11 defines mcountinhibit, which has the same numeric CSR value as
mucounteren from 1.09.1 but has different semantics. This patch enables
the CSR for 1.11-based targets, which is trivial to implement because
the counters in QEMU never tick (legal according to the spec).

Backports commit 747a43e818dc36bd50ef98c2b11a7c31ceb810fa from qemu
2019-08-08 17:04:52 -04:00
Alistair Francis 4934db3de6
target/riscv: Add the privledge spec version 1.11.0
Add support for the ratified RISC-V privledge spec.

Backports commit 6729dbbd420696fcf69cf2c86bdfc66e072058ce from qemu
2019-08-08 17:03:33 -04:00
Alistair Francis 9241c2c842
target/riscv: Restructure deprecatd CPUs
Restructure the deprecated CPUs to make it clear in the code that these
are depreated. They are already marked as deprecated in
qemu-deprecated.texi. There are no functional changes.

Backports commit c1fb65e63cfca4506a14b084afd0eca2dc464fe8 from qemu
2019-08-08 17:01:22 -04:00
Hesham Almatary 39bfe52bc6
RISC-V: Fix a PMP check with the correct access size
The PMP check should be of the memory access size rather
than TARGET_PAGE_SIZE.

Backports commit db21e6f72721996ddf1948c35a8ee35238089da4 from qemu
2019-08-08 16:57:03 -04:00
Hesham Almatary e648455989
RISC-V: Fix a PMP bug where it succeeds even if PMP entry is off
The current implementation returns 1 (PMP check success) if the address is in
range even if the PMP entry is off. This is a bug.

For example, if there is a PMP check in S-Mode which is in range, but its PMP
entry is off, this will succeed, which it should not.

The patch fixes this bug by only checking the PMP permissions if the address is
in range and its corresponding PMP entry it not off. Otherwise, it will keep
the ret = -1 which will be checked and handled correctly at the end of the
function.

Backports commit f8162068f18f2f264a0355938784f54089234211 from qemu
2019-08-08 16:55:52 -04:00
Hesham Almatary e0592a9a58
RISC-V: Check PMP during Page Table Walks
The PMP should be checked when doing a page table walk, and report access
fault exception if the to-be-read PTE failed the PMP check.

Backports commit 1f447aec787bfbbd078afccae44fc4c92acb4fed from qemu
2019-08-08 16:54:45 -04:00
Hesham Almatary 614c2954b0
RISC-V: Check for the effective memory privilege mode during PMP checks
The current PMP check function checks for env->priv which is not the effective
memory privilege mode.

For example, mstatus.MPRV could be set while executing in M-Mode, and in that
case the privilege mode for the PMP check should be S-Mode rather than M-Mode
(in env->priv) if mstatus.MPP == PRV_S.

This patch passes the effective memory privilege mode to the PMP check.
Functions that call the PMP check should pass the correct memory privilege mode
after reading mstatus' MPRV/MPP or hstatus.SPRV (if Hypervisor mode exists).

Backports commit cc0fdb298517ce56c770803447f8b02a90271152 from qemu
2019-08-08 16:52:57 -04:00
Hesham Almatary e8edd4d109
RISC-V: Raise access fault exceptions on PMP violations
Section 3.6 in RISC-V v1.10 privilege specification states that PMP violations
report "access exceptions." The current PMP implementation has
a bug which wrongly reports "page exceptions" on PMP violations.

This patch fixes this bug by reporting the correct PMP access exceptions
trap values.

Backports commit 635b0b0ea39a13d1a3df932452e5728aebbb3f6e from qemu
2019-08-08 16:50:57 -04:00
Hesham Almatary f597727171
RISC-V: Only Check PMP if MMU translation succeeds
The current implementation unnecessarily checks for PMP even if MMU translation
failed. This may trigger a wrong PMP access exception instead of
a page exception.

For example, the very first instruction fetched after the first satp write in
S-Mode will trigger a PMP access fault instead of an instruction fetch page
fault.

This patch prioritises MMU exceptions over PMP exceptions and only checks for
PMP if MMU translation succeeds. This patch is required for future commits
that properly report PMP exception violations if PTW succeeds.

Backports commit e0f8fa72deba7ac7a7ae06ba25e6498aaad93ace from qemu
2019-08-08 16:49:06 -04:00
Michael Clark 6ab36ed89e
target/riscv: Implement riscv_cpu_unassigned_access
This patch adds support for the riscv_cpu_unassigned_access call
and will raise a load or store access fault.

Backports commit cbf5827693addaff4e4d2102afedbf078a204eb2 from qemu
2019-08-08 16:48:02 -04:00
Dayeol Lee 6528c78fd5
target/riscv: Fix PMP range boundary address bug
A wrong address is passed to `pmp_is_in_range` while checking if a
memory access is within a PMP range.
Since the ending address of the pmp range (i.e., pmp_state.addr[i].ea)
is set to the last address in the range (i.e., pmp base + pmp size - 1),
memory accesses containg the last address in the range will always fail.

For example, assume that a PMP range is 4KB from 0x87654000 such that
the last address within the range is 0x87654fff.
1-byte access to 0x87654fff should be considered to be fully inside the
PMP range.
However the access now fails and complains partial inclusion because
pmp_is_in_range(env, i, addr + size) returns 0 whereas
pmp_is_in_range(env, i, addr) returns 1.

Backports commit 49db9fa1fd7c252596b53cf80876e06f407d09ed from qemu
2019-08-08 16:42:24 -04:00
Aleksandar Markovic 1e148beb0e
target/mips: Correct helper for MSA FCLASS.<W|D> instructions
Correct helper for MSA FCLASS.<W|D> instructions.

Backports commit 698c5752c4e618dc17b4c78dfa566896c7bce5ef from qemu
2019-08-08 16:30:15 -04:00
Aleksandar Markovic bf194f980c
target/mips: Unroll loops for MSA float max/min instructions
Slight preformance improvement for MSA float max/min instructions.

Backports commit 807e6773a5eba62054843b13d96ff778b90aba09 from qemu
2019-08-08 16:28:49 -04:00
Aleksandar Markovic dd747162e5
target/mips: Correct comments in msa_helper.c
Fix some errors in comments for MSA helpers.

Backports commit 44da090ba02e60515aa0dc72b30ecc6f56aea771 from qemu
2019-08-08 16:24:47 -04:00
Aleksandar Markovic 87edd2a82a
target/mips: Correct comments in translate.c
Fix some checkpatch comment-related warnings.

Backports commit 7480515fcc1b0f7119953d89e93b8507127aeb62 from qemu
2019-08-08 16:23:02 -04:00
Philippe Mathieu-Daudé fa2a772c7b
target/arm: Declare some M-profile functions publicly
In the next commit we will split the M-profile functions from this
file. Some function will be called out of helper.c. Declare them in
the "internals.h" header.

Backports commit 787a7e76c2e93a48c47b324fea592c9910a70483 from qemu
2019-08-08 15:37:01 -04:00
Philippe Mathieu-Daudé 4eacf0ce98
target/arm: Restrict PSCI to TCG
Under KVM, the kernel gets the HVC call and handle the PSCI requests.

Backports commit 21fbea8c8af72817d8e21570fa4edbfae417341b from qemu
2019-08-08 15:32:19 -04:00
Philippe Mathieu-Daudé 5aaf004bb2
target/arm/vfp_helper: Restrict the SoftFloat use to TCG
This code is specific to the SoftFloat floating-point
implementation, which is only used by TCG.

Backports commit 4a15527c9feecfd2fa2807d5e698abbc19feb35f from qemu
2019-08-08 15:30:47 -04:00
Philippe Mathieu-Daudé 4e214e5d64
target/arm/vfp_helper: Extract vfp_set_fpscr_from_host()
The vfp_set_fpscr() helper contains code specific to the host
floating point implementation (here the SoftFloat library).
Extract this code to vfp_set_fpscr_from_host().

Backports commit 0c6ad94809b37a1f0f1f75d3cd0e4a24fb77e65c from qemu
2019-08-08 15:28:38 -04:00
Philippe Mathieu-Daudé 2b5d731f56
target/arm/vfp_helper: Extract vfp_set_fpscr_to_host()
The vfp_set_fpscr() helper contains code specific to the host
floating point implementation (here the SoftFloat library).
Extract this code to vfp_set_fpscr_to_host().

Backports commit e9d652824b05845f143ef4797d707fae47d4b3ed from qemu
2019-08-08 15:27:27 -04:00
Philippe Mathieu-Daudé 76bae63014
target/arm/vfp_helper: Move code around
To ease the review of the next commit,
move the vfp_exceptbits_to_host() function directly after
vfp_exceptbits_from_host(). Amusingly the diff shows we
are moving vfp_get_fpscr().

Backports commit 20e62dd8c831c9065ed4a8e64813c93ad61c50d7 from qemu.
2019-08-08 15:26:03 -04:00
Philippe Mathieu-Daudé 91e264823e
target/arm: Move TLB related routines to tlb_helper.c
These routines are TCG specific.
The arm_deliver_fault() function is only used within the new
helper. Make it static.

Backports commit e21b551cb652663f2f2405a64d63ef6b4a1042b7 from qemu
2019-08-08 15:24:26 -04:00
Philippe Mathieu-Daudé 1af5deaf52
target/arm: Declare get_phys_addr() function publicly
In the next commit we will split the TLB related routines of
this file, and this function will also be called in the new
file. Declare it in the "internals.h" header.

Backports commit ebae861fc6c385a7bcac72dde4716be06e6776f1 from qemu
2019-08-08 15:14:45 -04:00
Samuel Ortiz 9296465289
target/arm: Move the DC ZVA helper into op_helper
Those helpers are a software implementation of the ARM v8 memory zeroing
op code. They should be moved to the op helper file, which is going to
eventually be built only when TCG is enabled.

Backports commit 6cdca173ef81a9dbcee9e142f1a5a34ad9c44b75 from qemu
2019-08-08 15:10:46 -04:00
Lioncash 9bf229ede1
header_gen: Add missing vfp_expand_imm entry to arm_symbols
Prevents multiple definition errors when building 32-bit ARM frontends.
2019-08-08 15:07:21 -04:00
Philippe Mathieu-Daudé f77b60d7e9
target/arm: Fix coding style issues
Since we'll move this code around, fix its style first.

Backports commit 9798ac7162c8a720c5d28f4d1fc9e03c7ab4f015 from qemu
2019-08-08 15:05:57 -04:00
Philippe Mathieu-Daudé 4f71266524
target/arm: Fix multiline comment syntax
Since commit 8c06fbdf36b checkpatch.pl enforce a new multiline
comment syntax. Since we'll move this code around, fix its style
first.

Backports commit 9a223097e44d5320f5e0546710263f22d11f12fc from qemu
2019-08-08 15:05:37 -04:00
Philippe Mathieu-Daudé 0a5152caf8
target/arm/helper: Remove unused include
Backports commit 2c8ec397f8438eea5e52be4898dfcf12a1f88267 from qemu
2019-08-08 14:43:57 -04:00
Philippe Mathieu-Daudé 8a0bae93ff
target/arm: Add copyright boilerplate
Backports commit ed3baad15b0b0edc480373f9c1d805d6b8e7e78c from qemu
2019-08-08 14:43:32 -04:00
Philippe Mathieu-Daudé b028a37fdb
target/arm: Makefile cleanup (softmmu)
Group SOFTMMU objects together.
Since PSCI is TCG specific, keep it separate.

Backports commit b601e0cd78c2c57548a468c6fdb566d514c05b89 from qemu
2019-08-08 14:42:00 -04:00
Philippe Mathieu-Daudé 348b813c03
target/arm: Makefile cleanup (ARM)
Group ARM objects together, TCG related ones at the bottom.
This will help when restricting TCG-only objects.

Backports commit 07774d584267488c8c2f104ae5b552791961908a from qemu
2019-08-08 14:39:52 -04:00
Lioncash 76d33b34e1
target/arm: Fix bad patch merge in arm_tr_init_disas_context 2019-08-08 14:37:38 -04:00
Philippe Mathieu-Daudé 5c0cff59f2
target/arm: Makefile cleanup (Aarch64)
Group Aarch64 rules together, TCG related ones at the bottom.
This will help when restricting TCG-only objects.

Backports commit 87f4f183484dba7a460c59e99dac0dbb9f42ed87 from qemu
2019-08-08 14:31:24 -04:00
Antonio Ospite f9beb7fe4a
configure: disallow spaces and colons in source path and build path
The configure script breaks when the qemu source directory is in a path
containing white spaces, in particular the list of targets is not
correctly generated when calling "./configure --help" because of how the
default_target_list variable is built.

In addition to that, *building* qemu from a directory with spaces breaks
some assumptions in the Makefiles, even if the original source path does
not contain spaces like in the case of an out-of-tree build, or when
symlinks are involved.

To avoid these issues, refuse to run the configure script and the
Makefile if there are spaces or colons in the source path or the build
path, taking as inspiration what the kbuild system in linux does.

Buglink: https://bugs.launchpad.net/qemu/+bug/1817345

Backports commit 4ace32e22713ffd79deb221ae0134652c7c15428 from qemu
2019-08-08 14:29:24 -04:00
Lucien Murray-Pitts ac6ee425d3
m68k comments break patch submission due to being incorrectly formatted
Altering all comments in target/m68k to match Qemu coding styles so that future
patches wont fail due to style breaches.

Backports commit 808d77bc5f878a666035d478480b8ed229bd49fe from qemu
2019-08-08 14:26:45 -04:00
Aleksandar Markovic 977e53b921
target/mips: Fix emulation of ILVR.<B|H|W> on big endian host
Fix emulation of ILVR.<B|H|W> on big endian host by applying
mapping of data element indexes from one endian to another.

Backports commit 14f5d874bcd533054648bb7cc767c7169eaf2f1c from qemu
2019-06-30 20:03:23 -04:00
Aleksandar Markovic f7fc20c9ee
target/mips: Fix emulation of ILVL.<B|H|W> on big endian host
Fix emulation of ILVL.<B|H|W> on big endian host by applying
mapping of data element indexes from one endian to another.

Backports commit 8e74bceb00120b23f0931e4e4478d1b10e0970d4 from qemu
2019-06-30 20:02:12 -04:00
Aleksandar Markovic 929bd90968
target/mips: Fix emulation of ILVOD.<B|H|W> on big endian host
Fix emulation of ILVOD.<B|H|W> on big endian host by applying
mapping of data element indexes from one endian to another.

Backports commit b000169e4ed44a3925b6fd22fa0dd6e22bb02b81 from qemu
2019-06-30 19:54:35 -04:00
Aleksandar Markovic 17dd65b771
target/mips: Fix emulation of ILVEV.<B|H|W> on big endian host
Fix emulation of ILVEV.<B|H|W> on big endian host by applying
mapping of data element indexes from one endian to another.

Backports commit 98880cb5a669a35b5bc75432027f2b9fff566aea from qemu
2019-06-30 19:52:14 -04:00
Aleksandar Markovic e9dc22c280
target/mips: Fix if-else-switch-case arms checkpatch errors in translate.c
Remove if-else-switch-case-arms-related checkpatch errors.

Backports commit 1f8929d241c5461f3e98d52f54bcdadd35554448 from qemu
2019-06-30 19:42:16 -04:00
Aleksandar Markovic 1e52cb8fa1
target/mips: Fix some space checkpatch errors in translate.c
Remove some space-related checkpatch warning.

Backports commit 235785e8347558f36be21aa99efa1ba517ecc827 from qemu
2019-06-30 19:34:41 -04:00
Lioncash 802c626145
Revert "cputlb: Filter flushes on already clean tlbs"
This reverts commit 5ab9723787.
2019-06-30 19:21:20 -04:00
Xiaoyao Li 576be63f06
target/i386: define a new MSR based feature word - FEAT_CORE_CAPABILITY
MSR IA32_CORE_CAPABILITY is a feature-enumerating MSR, which only
enumerates the feature split lock detection (via bit 5) by now.

The existence of MSR IA32_CORE_CAPABILITY is enumerated by CPUID.7_0:EDX[30].

The latest kernel patches about them can be found here:
https://lkml.org/lkml/2019/4/24/1909

Backports commit 597360c0d8ebda9ca6f239db724a25bddec62b2f from qemu
2019-06-25 18:59:52 -05:00
Peter Maydell fa19f96e8c
target/arm: Check for dp support for dp VFM, not sp
In commit 1120827fa182f0e7622 we accidentally put the
"UNDEF unless FPU has double-precision support" check in
the single-precision VFM function. Put it in the dp
function where it belongs.

Backports commit 34bea4edb9bbe8edf4b8606276482acdff5ca58b from qemu
2019-06-25 18:56:34 -05:00
Peter Maydell dc1f2247ec
target/arm: Only implement doubles if the FPU supports them
The architecture permits FPUs which have only single-precision
support, not double-precision; Cortex-M4 and Cortex-M33 are
both like that. Add the necessary checks on the MVFR0 FPDP
field so that we UNDEF any double-precision instructions on
CPUs like this.

Note that even if FPDP==0 the insns like VMOV-to/from-gpreg,
VLDM/VSTM, VLDR/VSTR which take double precision registers
still exist.

Backports commit 1120827fa182f0e76226df7ffe7a86598d1df54f from qemu
2019-06-25 18:55:25 -05:00
Peter Maydell cfac686c95
target/arm: Fix typos in trans function prototypes
In several places cut and paste errors meant we were using the wrong
type for the 'arg' struct in trans_ functions called by the
decodetree decoder, because we were using the _sp version of the
struct in the _dp function. These were harmless, because the two
structs were identical and so decodetree made them typedefs of the
same underlying structure (and we'd have had a compile error if they
were not harmless), but we should clean them up anyway.

Backports commit 83655223ac6143a563e981906ce13fd6f2cfbefd from qemu
2019-06-25 18:48:34 -05:00
Peter Maydell 318a1ddf39
target/arm: Remove unused cpu_F0s, cpu_F0d, cpu_F1s, cpu_F1d
Remove the now unused TCG globals cpu_F0s, cpu_F0d, cpu_F1s, cpu_F1d.

cpu_M0 is still used by the iwmmxt code, and cpu_V0 and
cpu_V1 are used by both iwmmxt and Neon.

Backports commit d9eea52c67c04c58ecceba6ffe5a93d1d02051fa from qemu
2019-06-25 18:45:53 -05:00
Peter Maydell 74168c20f2
target/arm: Stop using deprecated functions in NEON_2RM_VCVT_F32_F16
Remove some old constructns from NEON_2RM_VCVT_F16_F32 code:
* don't use CPU_F0s
* don't use tcg_gen_st_f32

Backports commit b66f6b9981004bbf120b8d17c20f92785179bdf2 from qemu
2019-06-25 18:43:40 -05:00
Peter Maydell 8ae25f6e4c
target/arm: stop using deprecated functions in NEON_2RM_VCVT_F16_F32
Remove some old constructs from NEON_2RM_VCVT_F16_F32 code:
* don't use cpu_F0s
* don't use tcg_gen_ld_f32

Backports commit 58f2682eee738e8890f9cfe858e0f4f68b00d45d from qemu
2019-06-25 18:39:43 -05:00
Peter Maydell d419fbc270
target/arm: Stop using cpu_F0s in Neon VCVT fixed-point ops
Stop using cpu_F0s in the Neon VCVT fixed-point operations.

Backports commit c253dd7832bc6b4e140a0da56410a9336cce05bc from qemu
2019-06-25 18:35:33 -05:00
Peter Maydell 46216ae382
target/arm: Stop using cpu_F0s for Neon f32/s32 VCVT
Stop using cpu_F0s for the Neon f32/s32 VCVT operations.
Since this is the last user of cpu_F0s in the Neon 2rm-op
loop, we can remove the handling code for it too.

Backports commit 60737ed5785b9c1c6f1c85575dfdd1e9eec91878 from qemu
2019-06-25 18:32:32 -05:00
Peter Maydell 2fbe9c1d1d
target/arm: Stop using cpu_F0s for NEON_2RM_VRECPE_F and NEON_2RM_VRSQRTE_F
Stop using cpu_F0s for NEON_2RM_VRECPE_F and NEON_2RM_VRSQRTE_F.

Backports commit 9a011fece7201f8e268c982df8c7836f3335bbe6 from qemu
2019-06-25 18:29:22 -05:00
Peter Maydell f82ea34369
target/arm: Stop using cpu_F0s for NEON_2RM_VCVT[ANPM][US]
Stop using cpu_F0s for the NEON_2RM_VCVT[ANPM][US] ops.

Backports commit 30bf0a018f6c706913c8c0ea57b386907f4229be from qemu
2019-06-25 18:28:03 -05:00
Peter Maydell 0d4535bf16
target/arm: Stop using cpu_F0s for NEON_2RM_VRINT*
Switch NEON_2RM_VRINT* away from using cpu_F0s.

Backports commit 3b52ad1fae804acdc2fdc41b418a65249beae430 from qemu
2019-06-25 18:26:24 -05:00
Peter Maydell a62cbc7ac5
target/arm: Stop using cpu_F0s for NEON_2RM_VNEG_F
Switch NEON_2RM_VABS_F away from using cpu_F0s.

Backports commit cedcc96fc7c8e520a190a010ac97dbb53e57d7d2 from qemu
2019-06-25 18:24:01 -05:00
Peter Maydell 63d7f92eba
target/arm: Stop using cpu_F0s for NEON_2RM_VABS_F
Where Neon instructions are floating point operations, we
mostly use the old VFP utility functions like gen_vfp_abs()
which work on the TCG globals cpu_F0s and cpu_F1s. The
Neon for-each-element loop conditionally loads the inputs
into either a plain old TCG temporary for most operations
or into cpu_F0s for float operations, and similarly stores
back either cpu_F0s or the temporary.

Switch NEON_2RM_VABS_F away from using cpu_F0s, and
update neon_2rm_is_float_op() accordingly.

Backports commit fd8a68cdcf81d70eebf866a132e9780d4108da9c from qemu
2019-06-25 18:22:05 -05:00
Peter Maydell ba0ddd3459
target/arm: Use vfp_expand_imm() for AArch32 VFP VMOV_imm
The AArch32 VMOV (immediate) instruction uses the same VFP encoded
immediate format we already handle in vfp_expand_imm(). Use that
function rather than hand-decoding it.

Backports commit 9bee50b498410ed6466018b26464d7384c7879e9 from qemu
2019-06-25 18:20:19 -05:00
Peter Maydell b2dc290454
target/arm: Move vfp_expand_imm() to translate.[ch]
We want to use vfp_expand_imm() in the AArch32 VFP decode;
move it from the a64-only header/source file to the
AArch32 one (which is always compiled even for AArch64).

Backports commit d6a092d479333b5f20a647a912a31b0102d37335 from qemu
2019-06-25 18:17:49 -05:00
Peter Maydell 021da28bfd
target/arm: Fix short-vector increment behaviour
For VFP short vectors, the VFP registers are divided into a
series of banks: for single-precision these are s0-s7, s8-s15,
s16-s23 and s24-s31; for double-precision they are d0-d3,
d4-d7, ... d28-d31. Some banks are "scalar" meaning that
use of a register within them triggers a pure-scalar or
mixed vector-scalar operation rather than a full vector
operation. The scalar banks are s0-s7, d0-d3 and d16-d19.
When using a bank as part of a vector operation, we
iterate through it, increasing the register number by
the specified stride each time, and wrapping around to
the beginning of the bank.

Unfortunately our calculation of the "increment" part of this
was incorrect:
vd = ((vd + delta_d) & (bank_mask - 1)) | (vd & bank_mask)
will only do the intended thing if bank_mask has exactly
one set high bit. For instance for doubles (bank_mask = 0xc),
if we start with vd = 6 and delta_d = 2 then vd is updated
to 12 rather than the intended 4.

This only causes problems in the unlikely case that the
starting register is not the first in its bank: if the
register number doesn't have to wrap around then the
expression happens to give the right answer.

Fix this bug by abstracting out the "check whether register
is in a scalar bank" and "advance register within bank"
operations to utility functions which use the right
bit masking operations

Backports commit 18cf951af9a27ae573a6fa17f9d0c103f7b7679b from qemu
2019-06-13 19:44:27 -04:00
Peter Maydell 1a0d31c05e
target/arm: Convert float-to-integer VCVT insns to decodetree
Convert the float-to-integer VCVT instructions to decodetree.
Since these are the last unconverted instructions, we can
delete the old decoder structure entirely now.

Backports commit 3111bfc2da6ba0c8396dc97ca479942d711c6146 from qemu
2019-06-13 19:40:02 -04:00
Peter Maydell f6c67559d4
target/arm: Convert VCVT fp/fixed-point conversion insns to decodetree
Convert the VCVT (between floating-point and fixed-point) instructions
to decodetree.

Backports commit e3d6f4290c788e850c64815f0b3e331600a4bcc0 from qemu
2019-06-13 19:35:51 -04:00
Peter Maydell c66d477359
target/arm: Convert VJCVT to decodetree
Convert the VJCVT instruction to decodetree.

Backports commit 92073e947487e2109f3dfebfeaa48d6323cbd981 from qemu
2019-06-13 19:31:35 -04:00
Peter Maydell 7be9e6f9b4
target/arm: Convert integer-to-float insns to decodetree
Convert the VCVT integer-to-float instructions to decodetree.

Backports commit 8fc9d8918cde342c71923e361b9f2193e36ed18b from qemu
2019-06-13 19:20:41 -04:00
Peter Maydell e0e4f99103
target/arm: Convert double-single precision conversion insns to decodetree
Convert the VCVT double/single precision conversion insns to decodetree.

Backports commit 6ed7e49c3693ed8411773c4880f42b2932beb12d from qemu
2019-06-13 19:18:01 -04:00
Peter Maydell ab9d0235ed
target/arm: Convert VFP round insns to decodetree
Convert the VFP round-to-integer instructions VRINTR, VRINTZ and
VRINTX to decodetree.

These instructions were only introduced as part of the "VFP misc"
additions in v8A, so we check this. The old decoder's implementation
was incorrectly providing them even for v7A CPUs.

Backports commit e25155f55dc4abb427a88dfe58bbbc550fe7d643 from qemu
2019-06-13 19:15:05 -04:00
Peter Maydell 9e842a0f2a
target/arm: Convert the VCVT-to-f16 insns to decodetree
Convert the VCVTT and VCVTB instructions which convert from
f32 and f64 to f16 to decodetree.

Since we're no longer constrained to the old decoder's style
using cpu_F0s and cpu_F0d we can perform a direct 16 bit
store of the right half of the input single-precision register
rather than doing a load/modify/store sequence on the full
32 bits.

Backports commit cdfd14e86ab0b1ca29a702d13a8e4af2e902a9bf from qemu
2019-06-13 19:03:59 -04:00
Peter Maydell 7d927b2d0e
target/arm: Convert the VCVT-from-f16 insns to decodetree
Convert the VCVTT, VCVTB instructions that deal with conversion
from half-precision floats to f32 or 64 to decodetree.

Since we're no longer constrained to the old decoder's style
using cpu_F0s and cpu_F0d we can perform a direct 16 bit
load of the right half of the input single-precision register
rather than loading the full 32 bits and then doing a
separate shift or sign-extension.

Backports commit b623d803dda805f07aadcbf098961fde27315c19 from qemu
2019-06-13 19:00:23 -04:00
Peter Maydell e6cc2616d2
target/arm: Convert VFP comparison insns to decodetree
Convert the VFP comparison instructions to decodetree.

Note that comparison instructions should not honour the VFP
short-vector length and stride information: they are scalar-only
operations. This applies to all the 2-operand instructions except
for VMOV, VABS, VNEG and VSQRT. (In the old decoder this is
implemented via the "if (op == 15 && rn > 3) { veclen = 0; }" check.)

Backports commit 386bba2368842fc74388a3c1651c6c0c0c70adbd from qemu
2019-06-13 18:55:53 -04:00
Peter Maydell a75a3e321f
target/arm: Convert VMOV (register) to decodetree
Backports commit 17552b979ebb9848a534c25ebed18a1072710058 from qemu
2019-06-13 18:49:49 -04:00
Peter Maydell ee30962891
target/arm: Convert VSQRT to decodetree
Convert the VSQRT instruction to decodetree.

Backports commit b8474540cbce4e2fa45010416375d1bcbe86dc15 from qemu
2019-06-13 18:47:32 -04:00
Peter Maydell 7aea3da6b7
target/arm: Convert VNEG to decodetree
Convert the VNEG instruction to decodetree.

Backports commit 1882651afdb0ca44f0631192fbe65a71c660d809 from qemu
2019-06-13 18:43:50 -04:00
Peter Maydell 1032d86ad3
target/arm: Convert VABS to decodetree
Convert the VFP VABS instruction to decodetree.

Unlike the 3-op versions, we don't pass fpst to the VFPGen2OpSPFn or
VFPGen2OpDPFn because none of the operations which use this format
and support short vectors will need it.

Backports commit 90287e22c987e9840704345ed33d237cbe759dd9 from qemu
2019-06-13 18:41:43 -04:00
Peter Maydell 7a16bc6876
target/arm: Convert VMOV (imm) to decodetree
Convert the VFP VMOV (immediate) instruction to decodetree.

Backports commit b518c753f0b94e14e01e97b4ec42c100dafc0cc2 from qemu
2019-06-13 18:37:58 -04:00
Peter Maydell 0ebb6b8b90
target/arm: Convert VFP fused multiply-add insns to decodetree
Convert the VFP fused multiply-add instructions (VFNMA, VFNMS,
VFMA, VFMS) to decodetree.

Note that in the old decode structure we were implementing
these to honour the VFP vector stride/length. These instructions
were introduced in VFPv4, and in the v7A architecture they
are UNPREDICTABLE if the vector stride or length are non-zero.
In v8A they must UNDEF if stride or length are non-zero, like
all VFP instructions; we choose to UNDEF always.

Backports commit d4893b01d23060845ee3855bc96626e16aad9ab5 from qemu
2019-06-13 18:24:36 -04:00
Peter Maydell 321bcc822b
target/arm: Convert VDIV to decodetree
Convert the VDIV instruction to decodetree.

Backports commit 519ee7ae31e050eb0ff9ad35c213f0bd7ab1c03e from qemu
2019-06-13 18:19:47 -04:00
Peter Maydell 76c74bc657
target/arm: Convert VSUB to decodetree
Convert the VSUB instruction to decodetree.

Backports commit 8fec9a119264b7936503abce3c106fad7e3ccb76 from qemu.
2019-06-13 18:18:00 -04:00
Peter Maydell f56f0342ad
target/arm: Convert VADD to decodetree
Convert the VADD instruction to decodetree.

Backports commit ce28b303716e7eca3f3765bf6776d722ebbe1122 from qemu
2019-06-13 18:15:52 -04:00
Peter Maydell 06584edf61
target/arm: Convert VNMUL to decodetree
Convert the VNMUL instruction to decodetree.

Backports commit 43c4be1236c105090d134540da1036073d157cd4 from qemu
2019-06-13 18:14:16 -04:00
Peter Maydell 2c5e102017
target/arm: Convert VMUL to decodetree
Convert the VMUL instruction to decodetree.

Backports commit 88c5188ced60e9f2b8cc3af3b9bc4a8031c8c996 from qemu
2019-06-13 18:12:03 -04:00
Peter Maydell b26b6a12a2
target/arm: Convert VFP VNMLA to decodetree
Convert the VFP VNMLA instruction to decodetree.

Backports commit 8a483533adc1bdc2decb8f456dbe930a2d245a8b from qemu
2019-06-13 18:09:57 -04:00
Peter Maydell 638b90de31
target/arm: Convert VFP VNMLS to decodetree
Convert the VFP VNMLS instruction to decodetree.

Backports commit c54a416cc6d60efbc79dd37aaf0c8918c05b5815 from qemu
2019-06-13 18:06:59 -04:00
Peter Maydell 67ad40ffa4
target/arm: Convert VFP VMLS to decodetree
Convert the VFP VMLS instruction to decodetree.

Backports commit e7258280d46af4ab6a0cc93ccfe8f6614defb4b7 from qemu
2019-06-13 18:02:37 -04:00
Peter Maydell edf81eb214
target/arm: Convert VFP VMLA to decodetree
Convert the VFP VMLA instruction to decodetree.

This is the first of the VFP 3-operand data processing instructions,
so we include in this patch the code which loops over the elements
for an old-style VFP vector operation. The existing code to do this
looping uses the deprecated cpu_F0s/F0d/F1s/F1d TCG globals; since
we are going to be converting instructions one at a time anyway
we can take the opportunity to make the new loop use TCG temporaries,
which means we can do that conversion one operation at a time
rather than needing to do it all in one go.

We include an UNDEF check which was missing in the old code:
short-vector operations (with stride or length non-zero) were
deprecated in v7A and must UNDEF in v8A, so if the MVFR0 FPShVec
field does not indicate that support for short vectors is present
we UNDEF the operations that would use them. (This is a change
of behaviour for Cortex-A7, Cortex-A15 and the v8 CPUs, which
previously were all incorrectly allowing short-vector operations.)

Note that the conversion fixes a bug in the old code for the
case of VFP short-vector "mixed scalar/vector operations". These
happen where the destination register is in a vector bank but
but the second operand is in a scalar bank. For example
vmla.f64 d10, d1, d16 with length 2 stride 2
is equivalent to the pair of scalar operations
vmla.f64 d10, d1, d16
vmla.f64 d8, d3, d16
where the destination and first input register cycle through
their vector but the second input is scalar (d16). In the
old decoder the gen_vfp_F1_mul() operation uses cpu_F1{s,d}
as a temporary output for the multiply, which trashes the
second input operand. For the fully-scalar case (where we
never do a second iteration) and the fully-vector case
(where the loop loads the new second input operand) this
doesn't matter, but for the mixed scalar/vector case we
will end up using the wrong value for later loop iterations.
In the new code we use TCG temporaries and so avoid the bug.
This bug is present for all the multiply-accumulate insns
that operate on short vectors: VMLA, VMLS, VNMLA, VNMLS.

Note 2: the expression used to calculate the next register
number in the vector bank is not in fact correct; we leave
this behaviour unchanged from the old decoder and will
fix this bug later in the series.

Backports commit 266bd25c485597c94209bfdb3891c1d0c573c164 from qemu
2019-06-13 17:59:16 -04:00
Peter Maydell 93fe4cbe9e
target/arm: Remove VLDR/VSTR/VLDM/VSTM use of cpu_F0s and cpu_F0d
Expand out the sequences in the new decoder VLDR/VSTR/VLDM/VSTM trans
functions which perform the memory accesses by going via the TCG
globals cpu_F0s and cpu_F0d, to use local TCG temps instead.

Backports commit 3993d0407dff7233e42f2251db971e126a0497e9 from qemu
2019-06-13 17:31:28 -04:00
Peter Maydell ff7042567e
target/arm: Convert the VFP load/store multiple insns to decodetree
Convert the VFP load/store multiple insns to decodetree.
This includes tightening up the UNDEF checking for pre-VFPv3
CPUs which only have D0-D15 : they now UNDEF for any access
to D16-D31, not merely when the smallest register in the
transfer list is in D16-D31.

This conversion does not try to share code between the single
precision and the double precision versions; this looks a bit
duplicative of code, but it leaves the door open for a future
refactoring which gets rid of the use of the "F0" registers
by inlining the various functions like gen_vfp_ld() and
gen_mov_F0_reg() which are hiding "if (dp) { ... } else { ... }"
conditionalisation.

Backports commit fa288de272c5c8a66d5eb683b123706a52bc7ad6 from qemu
2019-06-13 17:26:52 -04:00
Peter Maydell 6f0633ce80
target/arm: Convert VFP VLDR and VSTR to decodetree
Convert the VFP single load/store insns VLDR and VSTR to decodetree.

Backports commit 79b02a3b5231c5b8cd31e50cd549968dd0a05c49 from qemu
2019-06-13 17:22:48 -04:00
Peter Maydell fe98885ff2
target/arm: Convert VFP two-register transfer insns to decodetree
Convert the VFP two-register transfer instructions to decodetree
(in the v8 Arm ARM these are the "Advanced SIMD and floating-point
64-bit move" encoding group).

Again, we expand out the sequences involving gen_vfp_msr() and
gen_msr_vfp().

Backports commit 81f681106eabe21c55118a5a41999fb7387fb714 from qemu
2019-06-13 17:20:00 -04:00
Peter Maydell 3fb3403b82
target/arm: Convert single-precision register moves to decodetree
Convert the "single-precision" register moves to decodetree:
* VMSR
* VMRS
* VMOV between general purpose register and single precision

Note that the VMSR/VMRS conversions make our handling of
the "should this UNDEF?" checks consistent between the two
instructions:
* VMSR to MVFR0, MVFR1, MVFR2 now UNDEF from EL0
  (previously was a nop)
* VMSR to FPSID now UNDEFs from EL0 or if VFPv3 or better
  (previously was a nop)
* VMSR to FPINST and FPINST2 now UNDEF if VFPv3 or better
  (previously would write to the register, which had no
  guest-visible effect because we always UNDEF reads)

We also tighten up the decode: we were previously underdecoding
some SBZ or SBO bits.

The conversion of VMOV_single includes the expansion out of the
gen_mov_F0_vreg()/gen_vfp_mrs() and gen_mov_vreg_F0()/gen_vfp_msr()
sequences into the simpler direct load/store of the TCG temp via
neon_{load,store}_reg32(): we know in the new function that we're
always single-precision, we don't need to use the old-and-deprecated
cpu_F0* TCG globals, and we don't happen to have the declaration of
gen_vfp_msr() and gen_vfp_mrs() at the point in the file where the
new function is.

Backports commit a9ab50011aeda2dd012da99069e078379315ea18 from qemu
2019-06-13 17:16:38 -04:00
Peter Maydell 694058da94
target/arm: Convert double-precision register moves to decodetree
Convert the "double-precision" register moves to decodetree:
this covers VMOV scalar-to-gpreg, VMOV gpreg-to-scalar and VDUP.

Note that the conversion process has tightened up a few of the
UNDEF encoding checks: we now correctly forbid:
* VMOV-to-gpr with U:opc1:opc2 == 10x00 or x0x10
* VMOV-from-gpr with opc1:opc2 == 0x10
* VDUP with B:E == 11
* VDUP with Q == 1 and Vn<0> == 1

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
The accesses of elements < 32 bits could be improved by doing
direct ld/st of the right size rather than 32-bit read-and-shift
or read-modify-write, but we leave this for later cleanup,
since this series is generally trying to stick to fixing
the decode.

Backports commit 9851ed9269d214c0c6feba960dd14ff09e6c34b4 from qemu
2019-06-13 17:11:56 -04:00
Peter Maydell 7265161108
target/arm: Add helpers for VFP register loads and stores
The current VFP code has two different idioms for
loading and storing from the VFP register file:
 1 using the gen_mov_F0_vreg() and similar functions,
   which load and store to a fixed set of TCG globals
   cpu_F0s, CPU_F0d, etc
 2 by direct calls to tcg_gen_ld_f64() and friends

We want to phase out idiom 1 (because the use of the
fixed globals is a relic of a much older version of TCG),
but idiom 2 is quite longwinded:
  tcg_gen_ld_f64(tmp, cpu_env, vfp_reg_offset(true, reg))
requires us to specify the 64-bitness twice, once in
the function name and once by passing 'true' to
vfp_reg_offset(). There's no guard against accidentally
passing the wrong flag.

Instead, let's move to a convention of accessing 64-bit
registers via the existing neon_load_reg64() and
neon_store_reg64(), and provide new neon_load_reg32()
and neon_store_reg32() for the 32-bit equivalents.

Implement the new functions and use them in the code in
translate-vfp.inc.c. We will convert the rest of the VFP
code as we do the decodetree conversion in subsequent
commits.

Backports commit 160f3b64c5cc4c8a09a1859edc764882ce6ad6bf from qemu
2019-06-13 17:01:59 -04:00
Peter Maydell 033a386ffb
target/arm: Move the VFP trans_* functions to translate-vfp.inc.c
Move the trans_*() functions we've just created from translate.c
to translate-vfp.inc.c. This is pure code motion with no textual
changes (this can be checked with 'git show --color-moved').

Backports commit f7bbb8f31f0761edbf0c64b7ab3c3f49c13612ea from qemu
2019-06-13 16:56:24 -04:00
Peter Maydell e55d31a5ac
target/arm: Convert VCVTA/VCVTN/VCVTP/VCVTM to decodetree
Convert the VCVTA/VCVTN/VCVTP/VCVTM instructions to decodetree.
trans_VCVT() is temporarily left in translate.c.

Backports commit c2a46a914cd5c38fd0ee57ff0befc1c5bde27bcf from qemu
2019-06-13 16:54:42 -04:00
Peter Maydell 9fb01cb526
target/arm: Convert VRINTA/VRINTN/VRINTP/VRINTM to decodetree
Convert the VRINTA/VRINTN/VRINTP/VRINTM instructions to decodetree.
Again, trans_VRINT() is temporarily left in translate.c.

Backports commit e3bb599d16e4678b228d80194cee328f894b1ceb from qemu
2019-06-13 16:50:36 -04:00
Peter Maydell 4501daf010
target/arm: Convert VMINNM, VMAXNM to decodetree
Convert the VMINNM and VMAXNM instructions to decodetree.
As with VSEL, we leave the trans_VMINMAXNM() function
in translate.c for the moment.

Backports commit f65988a1efdb42f9058db44297591491842e697c from qemu
2019-06-13 16:43:50 -04:00
Peter Maydell 3994dfd079
target/arm: Convert the VSEL instructions to decodetree
Convert the VSEL instructions to decodetree.
We leave trans_VSEL() in translate.c for now as this allows
the patch to show just the changes from the old handle_vsel().

In the old code the check for "do D16-D31 exist" was hidden in
the VFP_DREG macro, and assumed that VFPv3 always implied that
D16-D31 exist. In the new code we do the correct ID register test.
This gives identical behaviour for most of our CPUs, and fixes
previously incorrect handling for Cortex-R5F, Cortex-M4 and
Cortex-M33, which all implement VFPv3 or better with only 16
double-precision registers.

Backports commit b3ff4b87b4ae08120a51fe12592725e1dca8a085 from qemu
2019-06-13 16:41:22 -04:00
Peter Maydell 93adaa7de2
target/arm: Explicitly enable VFP short-vectors for aarch32 -cpu max
At the moment our -cpu max for AArch32 supports VFP short-vectors
because we always implement them, even for CPUs which should
not have them. The following commits are going to switch to
using the correct ID-register-check to enable or disable short
vector support, so we need to turn it on explicitly for -cpu max,
because Cortex-A15 doesn't implement it.

We don't enable this for the AArch64 -cpu max, because the v8A
architecture never supports short-vectors.

Backports commit 973751fd798d41402d34f9f705c0c6d1633d0cda from qemu
2019-06-13 16:38:01 -04:00
Peter Maydell 808d929d7c
target/arm: Fix Cortex-R5F MVFR values
The Cortex-R5F initfn was not correctly setting up the MVFR
ID register values. Fill these in, since some subsequent patches
will use ID register checks rather than CPU feature bit checks.

Backports commit 3de79d335c9aa7d726865e3933d9b21781032183 from qemu
2019-06-13 16:36:48 -04:00
Lioncash b3cfede44f
target/arm: Make load_cpu_offset() take a DisasContext* instead of uc_struct*
Keeps it consistent with store_cpu_offset
2019-06-13 16:35:31 -04:00
Peter Maydell 78997058e4
target/arm: Factor out VFP access checking code
Factor out the VFP access checking code so that we can use it in the
leaf functions of the decodetree decoder.

We call the function full_vfp_access_check() so we can keep
the more natural vfp_access_check() for a version which doesn't
have the 'ignore_vfp_enabled' flag -- that way almost all VFP
insns will be able to use vfp_access_check(s) and only the
special-register access function will have to use
full_vfp_access_check(s, ignore_vfp_enabled).

Backports commit 06db8196bba34776829020192ed623a0b22e6557 from qemu
2019-06-13 16:33:38 -04:00
Peter Maydell 9732ebba5c
target/arm: Add stubs for AArch32 VFP decodetree
Add the infrastructure for building and invoking a decodetree decoder
for the AArch32 VFP encodings. At the moment the new decoder covers
nothing, so we always fall back to the existing hand-written decode.

We need to have one decoder for the unconditional insns and one for
the conditional insns, as otherwise the patterns for conditional
insns would incorrectly match against the unconditional ones too.

Since translate.c is over 14,000 lines long and we're going to be
touching pretty much every line of the VFP code as part of the
decodetree conversion, we create a new translate-vfp.inc.c to hold
the code which deals with VFP in the new scheme. It should be
possible to convert this into a standalone translation unit
eventually, but the conversion process will be much simpler if we
simply #include it midway through translate.c to start with.

Backports commit 78e138bc1f672c145ef6ace74617db00eebaa2ba from qemu
2019-06-13 16:24:37 -04:00
Richard Henderson 7c03c8eb04
decodetree: Fix comparison of Field
Typo comparing the sign of the field, twice, instead of also comparing
the mask of the field (which itself encodes both position and length).

Backports commit 2c7d442743854d2c1f5475446e088bd523f4bb20 from qemu
2019-06-13 16:17:56 -04:00
Richard Henderson afaea6a291
target/arm: Fix output of PAuth Auth
The ARM pseudocode installs the error_code into the original
pointer, not the encrypted pointer. The difference applies
within the 7 bits of pac data; the result should be the sign
extension of bit 55.

Add a testcase to that effect.

Backports commit d67ebada159148bfdfde84871338738e4465e985 from qemu
2019-06-13 16:17:00 -04:00
Peter Maydell 230f8a091a
target/arm: Implement NSACR gating of floating point
The NSACR register allows secure code to configure the FPU
to be inaccessible to non-secure code. If the NSACR.CP10
bit is set then:
* NS accesses to the FPU trap as UNDEF (ie to NS EL1 or EL2)
* CPACR.{CP10,CP11} behave as if RAZ/WI
* HCPTR.{TCP11,TCP10} behave as if RAO/WI

Note that we do not implement the NSACR.NSASEDIS bit which
gates only access to Advanced SIMD, in the same way that
we don't implement the equivalent CPACR.ASEDIS and HCPTR.TASE.

Backports commit fc1120a7f5f2d4b601003205c598077d3eb11ad2 from qemu
2019-06-13 16:15:28 -04:00
Richard Henderson 7c32498b7f
target/arm: Use tcg_gen_gvec_bitsel
This replaces 3 target-specific implementations for BIT, BIF, and BSL.

Backports commit 3a7a2b4e5cf0d49cd8b14e8225af0310068b7d20 from qemu
2019-06-13 16:12:56 -04:00
Richard Henderson a1396b12f6
tcg: Fix typos in helper_gvec_sar{8,32,64}v
The loop is written with scalars, not vectors.
Use the correct type when incrementing.

Fixes: 5ee5c14cacd

Backports commit 899f08ad1d1231dbbfa67298413f05ed2679fb02 from qemu
2019-06-13 16:09:16 -04:00
Alex Bennée 938f8465a0
cputlb: cast size_t to target_ulong before using for address masks
While size_t is defined to happily access the biggest host object this
isn't the case when generating masks for 64 bit guests on 32 bit
hosts. Otherwise we end up truncating the address when we fall back to
our unaligned helper.

Fixes: https://bugs.launchpad.net/qemu/+bug/1831545

Backports commit ab7a2009df66241a3742cbdfe8f9a1f66c6af21f from qemu
2019-06-13 16:07:01 -04:00
Alex Bennée 9aef73f5fb
cputlb: use uint64_t for interim values for unaligned load
When running on 32 bit TCG backends a wide unaligned load ends up
truncating data before returning to the guest. We specifically have
the return type as uint64_t to avoid any premature truncation so we
should use the same for the interim types.

Fixes: https://bugs.launchpad.net/qemu/+bug/1830872
Fixes: eed5664238e

Backports commit 8c79b288513587e960b6b7257a9d955d5592f209 from qemu
2019-06-13 16:06:22 -04:00
Richard Henderson d7ea41c3a3
cpu: Move icount_decr to CPUNegativeOffsetState
Amusingly, we had already ignored the comment to keep this value
at the end of CPUState. This restores the minimum negative offset
from TCG_AREG0 for code generation.

For the couple of uses within qom/cpu.c, without NEED_CPU_H, add
a pointer from the CPUState object to the IcountDecr object within
CPUNegativeOffsetState.

Backports commit 5e1401969b25f676fee6b1c564441759cf967a43 from qemu
2019-06-13 15:34:28 -04:00
Richard Henderson 8f53f09a05
cpu: Introduce CPUNegativeOffsetState
Nothing in there so far, but all of the plumbing done
within the target ArchCPU state.

Backports commit 5b146dc716cfd247f99556c04e6e46fbd67565a0 from qemu
2019-06-13 15:08:25 -04:00
Richard Henderson a672b89e3b
cpu: Introduce cpu_set_cpustate_pointers
Consolidate some boilerplate from foo_cpu_initfn.

Backports commit 7506ed902eb97fe4e2a1dd16766c621d32ecc40d from qemu
2019-06-12 12:27:16 -04:00
Richard Henderson ac176ccb38
cpu: Move ENV_OFFSET to exec/gen-icount.h
Now that we have ArchCPU, we can define this generically,
in the one place that needs it.

Backports commit 677c4d69ac21961e76a386f9bfc892a44923acc0 from qemu
2019-06-12 12:20:21 -04:00
Richard Henderson a11dd94ce7
target/sparc: Use env_cpu, env_archcpu
Cleanup in the boilerplate that each target must define.
Replace sparc_env_get_cpu with env_archcpu. The combination
CPU(sparc_env_get_cpu) should have used ENV_GET_CPU to begin;
use env_cpu now.

Backports commit 5a59fbce9141c40db0f0a5a6e17583ad9189b48b from qemu
2019-06-12 12:13:03 -04:00
Richard Henderson 47b797f1bb
target/riscv: Use env_cpu, env_archcpu
Cleanup in the boilerplate that each target must define.
Replace riscv_env_get_cpu with env_archcpu. The combination
CPU(riscv_env_get_cpu) should have used ENV_GET_CPU to begin;
use env_cpu now.

Backports commit 3109cd98a6c0c618189b38a83a8aa29cb20acbce from qemu
2019-06-12 12:06:19 -04:00
Richard Henderson 5790c1648d
target/mips: Use env_cpu, env_archcpu
Cleanup in the boilerplate that each target must define.
Replace mips_env_get_cpu with env_archcpu. The combination
CPU(mips_env_get_cpu) should have used ENV_GET_CPU to begin;
use env_cpu now.

Backports commit 5a7330b35cabc9e2fd3a8577b7004b63af8c57f3 from qemu
2019-06-12 11:55:43 -04:00
Richard Henderson 585ba97389
target/m68k: Use env_cpu
Cleanup in the boilerplate that each target must define.
The combination CPU(m68k_env_get_cpu) should have used
ENV_GET_CPU to begin; use env_cpu now.

Backports commit a8d92fd869c601f723b82d9736a2d78ae640b8a2 from qemu
2019-06-12 11:51:23 -04:00
Richard Henderson 187778c781
target/i386: Use env_cpu, env_archcpu
Cleanup in the boilerplate that each target must define.
Replace x86_env_get_cpu with env_archcpu. The combination
CPU(x86_env_get_cpu) should have used ENV_GET_CPU to begin;
use env_cpu now.

Backports commit 6aa9e42f27331be34e06d4d66f92f2272868f96a from qemu
2019-06-12 11:46:35 -04:00
Richard Henderson b8bd543390
target/arm: Use env_cpu, env_archcpu
Cleanup in the boilerplate that each target must define.
Replace arm_env_get_cpu with env_archcpu. The combination
CPU(arm_env_get_cpu) should have used ENV_GET_CPU to begin;
use env_cpu now.

Backports commit 2fc0cc0e1e034582f4718b1a2d57691474ccb6aa from qemu
2019-06-12 11:34:08 -04:00
Richard Henderson 8b108f3607
cpu: Introduce env_archcpu
This will replace foo_env_get_cpu with a generic definition.
No changes to the target specific code so far.

Backports commit 083dc73d7a3cf2a75b5625fd8f0669b57a855d16 from qemu
2019-06-12 11:17:47 -04:00
Richard Henderson fbf91a6535
cpu: Replace ENV_GET_CPU with env_cpu
Now that we have both ArchCPU and CPUArchState, we can define
this generically instead of via macro in each target's cpu.h.

Backports commit 29a0af618ddd21f55df5753c3e16b0625f534b3c from qemu
2019-06-12 11:16:16 -04:00
Richard Henderson ae94fb5992
cpu: Define ArchCPU
For all targets, do this just before including exec/cpu-all.h.

Backports commit 2161a612b4e1d388046320bc464adefd6bba01a0 from qemu
2019-06-12 11:08:39 -04:00
Richard Henderson e3f1f25996
cpu: Define CPUArchState with typedef
For all targets, do this just before including exec/cpu-all.h.

Backports commit 4f7c64b3819d559417615ed2b1d028ebc1a49580 from qemu
2019-06-12 11:06:36 -04:00
Markus Armbruster 5e5197b136
Supply missing header guards
Backports applicable parts of commit
f91005e195e7e1485e60cb121731589960f1a3c9 from qemu
2019-06-12 10:59:10 -04:00
Lioncash 5ab9723787
cputlb: Filter flushes on already clean tlbs
Especially for guests with large numbers of tlbs, like ARM or PPC,
we may well not use all of them in between flush operations.
Remember which tlbs have been used since the last flush, and
avoid any useless flushing.

Backports much of 3d1523ced6060cdfe9e768a814d064067ccabfe5 from qemu
along with a bunch of updating changes.
2019-06-10 20:42:15 -04:00
Richard Henderson df2a890bd7
tcg: Split out target/arch/cpu-param.h
For all targets, into this new file move TARGET_LONG_BITS,
TARGET_PAGE_BITS, TARGET_PHYS_ADDR_SPACE_BITS,
TARGET_VIRT_ADDR_SPACE_BITS, and NB_MMU_MODES.

Include this new file from exec/cpu-defs.h.

This now removes the somewhat odd requirement that target/arch/cpu.h
defines TARGET_LONG_BITS before including exec/cpu-defs.h, so push the
bulk of the includes within target/arch/cpu.h to the top.

Backports commit 74433bf083b0766aba81534f92de13194f23ff3e from qemu
2019-06-10 19:35:46 -04:00
Aleksandar Markovic 93473b2e09
target/mips: Unroll loops in helpers for MSA logic instructions
Unroll loops in helpers for MSA logic instructions for better
performance.

Backports commit 5d161bc81877327bc0b2a6d8974e07ffdc6881a5 from qemu
2019-06-10 13:56:04 -04:00
Aleksandar Markovic 8ec1ab6807
target/mips: Outline places for future MSA helpers
Outline places for future MSA helpers to follow the same organization
as in MSA tests.

Backports commit 7471df9f9eaca7c4495d77265864d56644a08b23 from qemu
2019-06-10 13:55:12 -04:00
Aleksandar Markovic 10b0f86caf
target/mips: Fix block-comment-related issues in msa_helper.c
Fix block-comment-related issues reported by checkpatch for file
msa_helper.c.

Backports commit 7cc8a7220de39d77894edcb376378f280ec9c4c2 from qemu
2019-06-10 13:53:45 -04:00
Aleksandar Markovic b9d8008931
target/mips: Fix space-related format issues in msa_helper.c
Fix space-related format issues reported by checkpatch in file
msa_helper.c.

Backports commit de1700d316c18edcca0d5264b69863edb8c9bf0d from qemu
2019-06-10 13:52:04 -04:00
Wanpeng Li b41364fdc5
i386: Enable IA32_MISC_ENABLE MWAIT bit when exposing mwait/monitor
The CPUID.01H:ECX[bit 3] ought to mirror the value of the MSR
IA32_MISC_ENABLE MWAIT bit and as userspace has control of them
both, it is userspace's job to configure both bits to match on
the initial setup.

Backports commit 4cfd7bab3f5564f6c1a23b06f73d5aa2f957cd16 from qemu
2019-06-04 13:17:43 -04:00
Mateja Marjanovic c356f78e89
target/mips: Improve performance of certain MSA instructions
Eliminate loops for better performance.

Following MSA instructions from "UNOP" group are affected:

- NLZC.<B|H|W|D>
- NLOC.<B|H|W|D>
- PCNT.<B|H|W|D>

Following MSA instructions from "BINOP" group are affected:

- ADD_A.<B|H|W|D>
- ADDS_A.<B|H|W|D>
- ADDS_S.<B|H|W|D>
- ADDS_U.<B|H|W|D>
- ADDV.<B|H|W|D>
- ASUB_S.<B|H|W|D>
- ASUB_U.<B|H|W|D>
- AVE_S.<B|H|W|D>
- AVE_U.<B|H|W|D>
- AVER_S.<B|H|W|D>
- AVER_U.<B|H|W|D>
- BCLR.<B|H|W|D>
- BNEG.<B|H|W|D>
- BSET.<B|H|W|D>
- CEQ.<B|H|W|D>
- CLE_S.<B|H|W|D>
- CLE_U.<B|H|W|D>
- CLT_S.<B|H|W|D>
- CLT_U.<B|H|W|D>
- DIV_S.<B|H|W|D>
- DIV_U.<B|H|W|D>
- DOTP_S.<B|H|W|D>
- DOTP_U.<B|H|W|D>
- HADD_S.<B|H|W|D>
- HADD_U.<B|H|W|D>
- HSUB_S.<B|H|W|D>
- HSUB_U.<B|H|W|D>
- MAX_A.<B|H|W|D>
- MAX_S.<B|H|W|D>
- MAX_U.<B|H|W|D>
- MIN_A.<B|H|W|D>
- MIN_S.<B|H|W|D>
- MIN_U.<B|H|W|D>
- MOD_S.<B|H|W|D>
- MOD_U.<B|H|W|D>
- MUL_Q.<B|H|W|D>
- MULR_Q.<B|H|W|D>
- MULV.<B|H|W|D>
- SLL.<B|H|W|D>
- SRA.<B|H|W|D>
- SRAR.<B|H|W|D>
- SRL.<B|H|W|D>
- SRLR.<B|H|W|D>
- SUBS_S.<B|H|W|D>
- SUBS_U.<B|H|W|D>
- SUBSUS_U.<B|H|W|D>
- SUBSUU_S.<B|H|W|D>
- SUBV.<B|H|W|D>

Following MSA instructions from "TEROP" group are affected:

- BINSL.<B|H|W|D>
- BINSR.<B|H|W|D>
- DPADD_S.<B|H|W|D>
- DPADD_U.<B|H|W|D>
- DPSUB_S.<B|H|W|D>
- DPSUB_U.<B|H|W|D>
- MADD_Q.<B|H|W|D>
- MADDR_Q.<B|H|W|D>
- MADDV.<B|H|W|D>
- MSUB_Q.<B|H|W|D>
- MSUBR_Q.<B|H|W|D>
- MSUBV.<B|H|W|D>

Additionally, following MSA instructionas are also affected:

- ILVL.<B|H|W|D>
- ILVR.<B|H|W|D>
- ILVEV.<B|H|W|D>
- ILVOD.<B|H|W|D>
- PCKEV.<B|H|W|D>
- PCKOD.<B|H|W|D>

Backports commit 0df911fd7f482b796c9f10aa8e086fb3fb9f0f18 from qemu
2019-06-03 11:21:05 -04:00
Aleksandar Markovic 115e0f20c5
target/mips: Clean up lmi_helper.c
Remove several minor checkpatch warnings and errors.

Backports commit baf50011157bf5747c623f171f93f9e3d9dff615 from qemu
2019-06-03 11:15:34 -04:00
Aleksandar Markovic 1c8614c303
target/mips: Clean up dsp_helper.c
Remove several minor checkpatch warnings and errors.

Backports commit f49ab2e1e6ca4f218cc970c937f91f9c69c95dd3 from qemu
2019-06-03 11:14:31 -04:00
Mateja Marjanovic 4b272cbe93
target/mips: Add emulation of MMI instruction PCPYUD
Add emulation of MMI instruction PCPYUD. The emulation is implemented
using TCG front end operations directly to achieve better performance.

Backports commit fd487f83ea92d790559813c5a0a719c30ca9ecde from qemu
2019-06-03 11:08:37 -04:00
Mateja Marjanovic c5e3fc601c
target/mips: Add emulation of MMI instruction PCPYLD
Add emulation of MMI instruction PCPYLD. The emulation is implemented
using TCG front end operations directly to achieve better performance.

Backports commit b87eef31f2f8047077d79c3180e9c8e762d2a50f from qemu
2019-06-03 11:05:50 -04:00
Mateja Marjanovic 7443387030
target/mips: Add emulation of MMI instruction PCPYH
Add emulation of MMI instruction PCPYH. The emulation is implemented
using TCG front end operations directly to achieve better performance.

Backports commit d3434d9f785ddaf40e0fd521ded400643ac4be09 from qemu
2019-06-03 11:03:07 -04:00
Jules Irenge 9c7f2f2e78
target/mips: realign comments to fix checkpatch warnings
Realign comments to fix warnings issued by checkpatc.pl tool
"WARNING: Block comments use a leading /* on a separate line"
within "target/mips/cpu.h" file.

Backports commit 9e72f33d854b0a817c0d2fe4bca693b76f0fe776 from qemu
2019-05-28 19:49:59 -04:00
Jules Irenge cf39970750
target/mips: add or remove space to fix checkpatch errors
Add or remove space to fix errors issued by checkpatch.pl tool
"ERROR: spaces required around that..."
"ERROR: space required after that..."
"ERROR: space required before the open parenthesis"
"ERROR: space required after that..."
"ERROR: space prohibited between function name and open parenthesis"
"ERROR: code indent should never use tabs"
"ERROR: line over 90 characters"
within "target/mips/cpu.h" file.

Backports commit 8ebf2e1a68408068c0bcd0d02a783fd12f6a9cb5 from qemu
2019-05-28 19:48:11 -04:00
Jakub Jermář 5b25eb80af
mips: Decide to map PAGE_EXEC in map_address
This commit addresses QEMU Bug #1825311:

mips_cpu_handle_mmu_fault renders all accessed pages executable

It allows finer-grained control over whether the accessed page should
be executable by moving the decision to the underlying map_address
function, which has more information for this.

As a result, pages that have the XI bit set in the TLB and are accessed
for read/write, don't suddenly end up being executable.

Fixes: https://bugs.launchpad.net/qemu/+bug/1825311
Fixes: 2fb58b73746e ('target-mips: add RI and XI fields to TLB entry')

Backports commit 7353113fa482e697a77575086a41f429a01f8dc0 from qemu
2019-05-28 19:44:28 -04:00
Mateja Marjanovic 9e8aed043e
target/mips: Refactor and fix INSERT.<B|H|W|D> instructions
The old version of the helper for the INSERT.<B|H|W|D> MSA instructions
has been replaced with four helpers that don't use switch, and change
the endianness of the given index, when executed on a big endian host.

Backports commit c1c9a10fb1f7a6782711817c167a2c20b000fc12 from qemu
2019-05-28 19:42:28 -04:00
Mateja Marjanovic d6a8d25015
target/mips: Refactor and fix COPY_U.<B|H|W> instructions
The old version of the helper for the COPY_U.<B|H|W> MSA instructions
has been replaced with four helpers that don't use switch, and change
the endianness of the given index, when executed on a big endian host.

Backports commit 41d288582782cf8d63241ecb6efa1e4160fe78f7 from qemu
2019-05-28 19:39:22 -04:00
Mateja Marjanovic 54a33d1db3
target/mips: Refactor and fix COPY_S.<B|H|W|D> instructions
The old version of the helper for the COPY_S.<B|H|W|D> MSA instructions
has been replaced with four helpers that don't use switch, and change
the endianness of the given index, when executed on a big endian host.

Backports commit 631c467461496dcf6d6a3e4c3d27a1433e96868e from qemu
2019-05-28 19:36:14 -04:00
Mateja Marjanovic 6dd651af3a
target/mips: Fix MSA instructions ST.<B|H|W|D> on big endian host
Fix the case when the host is a big endian machine, and change
the approach toward ST.<B|H|W|D> instruction helpers.

Backports commit 6decc572dcedbf298ae30f8213b39c8b842a595a from qemu
2019-05-28 19:29:27 -04:00
Mateja Marjanovic 3ee6295d7f
target/mips: Fix MSA instructions LD.<B|H|W|D> on big endian host
Fix the case when the host is a big endian machine, and change
the approach toward LD.<B|H|W|D> instruction helpers.

Backports commit 83be6b54123a8f3c529554139f1d1e43356edf8d from qemu
2019-05-28 19:27:05 -04:00
Mateja Marjanovic 1527b25428
target/mips: Make the results of MOD_<U|S>.<B|H|W|D> the same as on hardware
MSA instructions MOD_<U|S>.<B|H|W|D> when dividing by zero,
didn't return the same value when executed on a referent hardware
(FPGA MIPS 64 r6, little endian) and when executed on QEMU, which
is not a real bug, because the result when dividing by zero is
UNPREDICTABLE [1] (page 255, 256).

[1] MIPS Architecture for Programmers
Volume IV-j: The MIPS64 SIMD
Architecture Module, Revision 1.12

Backports commit cf122bf8d2732d5d8647901ebaea596668aaaa3a from qemu
2019-05-28 19:25:00 -04:00
Mateja Marjanovic d712d3f226
target/mips: Make the results of DIV_<U|S>.<B|H|W|D> the same as on hardware
MSA instructions DIV_<U|S>.<B|H|W|D> when dividing by zero,
didn't return the same value when executed on a referent hardware
(FPGA MIPS 64 r6, little endian) and when executed on QEMU, which
is not a real bug, because the result when dividing by zero is
UNPREDICTABLE [1] (page 141, 142).

[1] MIPS Architecture for Programmers
Volume IV-j: The MIPS64 SIMD
Architecture Module, Revision 1.12

Backports commit d2a40a5f6938f30f44b536e997e1e89bb62b971c from qemu
2019-05-28 19:24:26 -04:00
Jonathan Behrens 1d6acaa604
target/riscv: Only flush TLB if SATP.ASID changes
There is an analogous change for ARM here:
https://patchwork.kernel.org/patch/10649857

Backports commit 1e0d985fa9136a563168a3da66f3d17820404ee2 from qemu
2019-05-28 19:22:51 -04:00
Jonathan Behrens 7922aa54c0
target/riscv: More accurate handling of CSR
According to the spec, "All bits besides SSIP, USIP, and UEIP in the sip
register are read-only." Further, if an interrupt is not delegated to mode x,
then "the corresponding bits in xip [...] should appear to be hardwired to
zero. This patch implements both of those requirements.

Backports commit 087b051a51a0c2a5bc1e8d435a484a8896b4176b from qemu
2019-05-28 19:22:04 -04:00
Richard Henderson d1ad8bf44c
target/riscv: Add checks for several RVC reserved operands
C.ADDI16SP, C.LWSP, C.JR, C.ADDIW, C.LDSP all have reserved
operands that were not diagnosed.

Backports commit 4cc16b3b9282e04fab8e84d136540757e82af019 from qemu
2019-05-28 19:20:36 -04:00
Alistair Francis aca20201d4
target/riscv: Add the HGATP register masks
Backports commit e06431108b0b1ef6ca76398d2b0b792ea24ae6bc from qemu
2019-05-28 19:19:00 -04:00
Alistair Francis 294297b646
target/riscv: Add the HSTATUS register masks
Backports commit d28b15a4d3b1e000ec7bf9090fe870cbc5f1eb2c from qemu
2019-05-28 19:18:28 -04:00
Alistair Francis 2e6d11ee47
target/riscv: Add Hypervisor CSR macros
Add the 1.10.1 Hypervisor CSRs and remove the 1.9.1 spec versions.

Backports commit 71f09a5bb48d0c51b87e70158407ec2db4a9c6e2 from qemu
2019-05-28 19:17:54 -04:00
Alistair Francis 47e4e047bc
target/riscv: Allow setting mstatus virtulisation bits
Backports commit 1f0419cb0475eebdbefea67483e85287f3af07a7 from qemu
2019-05-28 19:17:18 -04:00
Alistair Francis c64f57c360
target/riscv: Add the MPV and MTL mstatus bits
Backports commit 49aaa3e534f5422a56313bb93c1880e70fc1da7e from qemu
2019-05-28 19:15:33 -04:00
Alistair Francis b44de569f0
target/riscv: Improve the scause logic
No functional change, just making the code easier to read.

Backports commit 16fdb8ff64374ed51b246437e13043039a8eb9f9 from qemu
2019-05-28 19:14:44 -04:00
Alistair Francis 4b0355dcfc
target/riscv: Mark privilege level 2 as reserved
Backports commit 356d74192a035c71a78a22d24812a6df6099ae40 from qemu
2019-05-28 19:12:10 -04:00
Alistair Francis ea2fee2d4d
target/riscv: Add a base 32 and 64 bit CPU
At the same time deprecate the ISA string CPUs.

It is dobtful anyone specifies the CPUs, but we are keeping them for the
Spike machine (which is about to be depreated) so we may as well just
mark them as deprecated.

Backports commit 8903bf6e6d73d03b988b4a8197132de2ad681ff5 from qemu
2019-05-28 19:11:12 -04:00
Richard Henderson 9c1212f627
target/riscv: Remove spaces from register names
These extra spaces make the "-d op" dump look weird.

Backports commit 7f9188e210aff6522a960d9669a583a3a752ddc0 from qemu
2019-05-28 19:08:50 -04:00
Richard Henderson 68ce00ac2f
target/riscv: Split gen_arith_imm into functional and temp
The tcg_gen_fooi_tl functions have some immediate constant
folding built in, which match up with some of the riscv asm
builtin macros, like mv and not.

Backports commit 598aa1160c3d17ab9271daf1f69d093ebada3f25 from qemu
2019-05-28 19:07:53 -04:00
Richard Henderson a62b4e5def
target/riscv: Split RVC32 and RVC64 insns into separate files
This eliminates all functions in insn_trans/trans_rvc.inc.c,
so the entire file can be removed.

Backports commit 0e68e240a9bd3b44a91cd6012f0e2bf2a43b9fe2 from qemu
2019-05-28 19:00:23 -04:00
Richard Henderson a968769d26
target/riscv: Use pattern groups in insn16.decode
This eliminates about half of the complicated decode
bits within insn_trans/trans_rvc.inc.c.

Backports commit c2cfb97c01a3636867c1a4a24f8a99fd8c6bed28 from qemu
2019-05-28 18:55:28 -04:00
Richard Henderson 8360c1fa3b
target/riscv: Merge argument decode for RVC shifti
Special handling for IMM==0 is the only difference between
RVC shifti and RVI shifti. This can be handled with !function.

Backports commit 6cafec92f1c862a9754ef6a28be68ba7178a284d from qemu
2019-05-28 18:52:50 -04:00
Richard Henderson dc087c4c0c
target/riscv: Merge argument sets for insn32 and insn16
In some cases this allows us to directly use the insn32
translator function. In some cases we still need a shim.

Backports commit e1d455dd91c935c714412dafeb24db947429a929 from qemu
2019-05-28 18:50:48 -04:00
Richard Henderson cb2ce66814
target/riscv: Use --static-decode for decodetree
The generated functions are only used within translate.c
and do not need to be global, or declared.

Backports commit 81770255581bd210c57b86a6e808628ab8d0c543 from qemu
2019-05-28 18:45:23 -04:00
Richard Henderson d51505f6e9
target/riscv: Name the argument sets for all of insn32 formats
Backports commit e761799796ac2211b9706753c459e117e7be58fa from qemu
2019-05-28 18:36:53 -04:00
Fabien Chouteau 7e6d37b51d
RISC-V: fix single stepping over ret and other branching instructions
This patch introduces wrappers around the tcg_gen_exit_tb() and
tcg_gen_lookup_and_goto_ptr() functions that handle single stepping,
i.e. call gen_exception_debug() when single stepping is enabled.

Theses functions are then used instead of the originals, bringing single
stepping handling in places where it was previously ignored such as jalr
and system branch instructions (ecall, mret, sret, etc.).

Backports commit 6e2716d8ca4edf3597307accef7af36e8ad966eb from qemu
2019-05-28 18:35:07 -04:00
Jonathan Behrens 25c0333213
target/riscv: Do not allow sfence.vma from user mode
The 'sfence.vma' instruction is privileged, and should only ever be allowed
when executing in supervisor mode or higher.

Backports commit b86f4167630802128d94f3c89043d97d2f4c2546 from qemu
2019-05-28 18:29:46 -04:00
Richard Henderson 67f0af4282
tcg/aarch64: Allow immediates for vector ORR and BIC
The allows immediates to be used for ORR and BIC,
as well as the trivial inversions, ORC and AND.

Backports commit 9e27f58b9902834dffc0d66d9eb62f78d9c2a632 from qemu
2019-05-24 18:47:07 -04:00
Richard Henderson 5ecfba4fe6
tcg/aarch64: Build vector immediates with two insns
Use MOVI+ORR or MVNI+BIC in order to build some vector constants,
as opposed to dropping them to the constant pool. This includes
all 16-bit constants and a similar set of 32-bit constants.

Backports commit 02f3a5b4744885258758d07ebe09cf965de78bcf from qemu
2019-05-24 18:43:54 -04:00
Richard Henderson 06058ef648
tcg/aarch64: Use MVNI in tcg_out_dupi_vec
The compliment of a subset of immediates can be computed
with a single instruction.

Backports commit 7e308e003e5b6ddd3130e09711e1d33693230696 from qemu
2019-05-24 18:42:40 -04:00
Richard Henderson c18ec586dc
tcg/aarch64: Split up is_fimm
There are several sub-classes of vector immediate, and only MOVI
can use them all. This will enable usage of MVNI and ORRI, which
use progressively fewer sub-classes.

This patch adds no new functionality, merely splits the function
and moves part of the logic into tcg_out_dupi_vec.

Backports commit 984fdcee342473dfe797897758929dad654693c8 from qemu
2019-05-24 18:41:37 -04:00
Richard Henderson 0ea4c05dc3
tcg/aarch64: Support vector bitwise select value
The instruction set has 3 insns that perform the same operation,
only varying in which operand must overlap the destination. We
can represent the operation without overlap and choose based on
the operands seen.

Backports commit a9e434a5dc16f71ee156428619fc3c3765b68f26 from qemu
2019-05-24 18:38:37 -04:00
Richard Henderson c79510378f
tcg/i386: Use umin/umax in expanding unsigned compare
Using umin(a, b) == a as an expansion for TCG_COND_LEU is a
better alternative to (a - INT_MIN) <= (b - INT_MIN).

Backports commit ebcfb91abed8c0fb180a968b9004419c208dcc02 from qemu
2019-05-24 18:36:32 -04:00
Richard Henderson ffdbc1a233
tcg/i386: Remove expansion for missing minmax
This is now handled by code within tcg-op-vec.c.

Backports commit 3ec3538a45f2fead475b0cca6945092c87927b4f from qemu
2019-05-24 18:34:44 -04:00
Richard Henderson 68cb096196
tcg/i386: Support vector comparison select value
We already had backend support for this feature. Expand the new
cmpsel opcode using vpblendb. The combination allows us to avoid
an extra NOT for some comparison codes.

Backports commit 904c5e19672778cc3349f4975437cfdf3371abb6 from qemu
2019-05-24 18:33:16 -04:00
Richard Henderson a868533297
tcg: Add TCG_OPF_NOT_PRESENT if TCG_TARGET_HAS_foo is negative
If INDEX_op_foo is always expanded by tcg_expand_vec_op, then
there may be no reasonable set of constraints to return from
tcg_target_op_def for that opcode.

Let TCG_TARGET_HAS_foo be specified as -1 in that case. Thus a
boolean test for TCG_TARGET_HAS_foo is true, but we will not
assert within process_op_defs when no constraints are specified.

Compare this with tcg_can_emit_vec_op, which already uses this
tri-state indication.

Backports commit 25c012b4009256505be3430480954a0233de343e from qemu
2019-05-24 18:28:11 -04:00
Richard Henderson 568da655c6
tcg: Expand vector minmax using cmp+cmpsel
Provide a generic fallback for the min/max operations.

Backports commit 72b4c792c7a576d9246207a8e9a940ed9e191722 from qemu
2019-05-24 18:26:53 -04:00
Richard Henderson 56d35e80aa
tcg: Introduce do_op3_nofail for vector expansion
This makes do_op3 match do_op2 in allowing for failure,
and thus fall back expansions.

Backports commit 17f79944ebeace8bf43047a33b7775ba5ed9070e from qemu
2019-05-24 18:24:44 -04:00
Richard Henderson 2ea6dfbd63
tcg: Add support for vector compare select
Perform a per-element conditional move. This combination operation is
easier to implement on some host vector units than plain cmp+bitsel.
Omit the usual gvec interface, as this is intended to be used by
target-specific gvec expansion call-backs.

Backports commit f75da2988eb2457fa23d006d573220c5c680ec4e from qemu
2019-05-24 18:21:13 -04:00
Richard Henderson ca58be9cb4
tcg: Add support for vector bitwise select
This operation performs d = (b & a) | (c & ~a), and is present
on a majority of host vector units. Include gvec expanders.

Backports commit 38dc12947ec9106237f9cdbd428792c985cd86ae from qemu
2019-05-24 18:15:10 -04:00
Richard Henderson fa363c3d6d
tcg: Fix missing checks and clears in tcg_gen_gvec_dup_mem
The paths through tcg_gen_dup_mem_vec and through MO_128 were
missing the check_size_align. The path through MO_128 was also
missing the expand_clr. This last was not visible because the
only user is ARM SVE, which would set oprsz == maxsz, and not
require the clear.

Fix by adding the check_size_align and using do_dup directly
instead of duplicating the check in tcg_gen_gvec_dup_{i32,i64}.

Backports commit 532ba368a13712724137228b5e7e9435994d25e1 from qemu
2019-05-24 18:07:28 -04:00
Richard Henderson 60cfe541b2
tcg/i386: Fix dupi/dupm for avx1 and 32-bit hosts
The VBROADCASTSD instruction only allows %ymm registers as destination.
Rather than forcing VEX.L and writing to the entire 256-bit register,
revert to using MOVDDUP with an %xmm register. This is sufficient for
an avx1 host since we do not support TCG_TYPE_V256 for that case.

Also fix the 32-bit avx2, which should have used VPBROADCASTW.

Fixes: 1e262b49b533

Backports commit 7b60ef3264e9627ac6efb34e9a6130647e9b55c0 from qemu
2019-05-24 18:04:08 -04:00
Alistair Francis f8f3e50372
target/arm: Fix vector operation segfault
Commit 89e68b575 "target/arm: Use vector operations for saturation"
causes this abort() when booting QEMU ARM with a Cortex-A15:

0 0x00007ffff4c2382f in raise () at /usr/lib/libc.so.6
1 0x00007ffff4c0e672 in abort () at /usr/lib/libc.so.6
2 0x00005555559c1839 in disas_neon_data_insn (insn=<optimized out>, s=<optimized out>) at ./target/arm/translate.c:6673
3 0x00005555559c1839 in disas_neon_data_insn (s=<optimized out>, insn=<optimized out>) at ./target/arm/translate.c:6386
4 0x00005555559cd8a4 in disas_arm_insn (insn=4081107068, s=0x7fffe59a9510) at ./target/arm/translate.c:9289
5 0x00005555559cd8a4 in arm_tr_translate_insn (dcbase=0x7fffe59a9510, cpu=<optimized out>) at ./target/arm/translate.c:13612
6 0x00005555558d1d39 in translator_loop (ops=0x5555561cc580 <arm_translator_ops>, db=0x7fffe59a9510, cpu=0x55555686a2f0, tb=<optimized out>, max_insns=<optimized out>) at ./accel/tcg/translator.c:96
7 0x00005555559d10d4 in gen_intermediate_code (cpu=cpu@entry=0x55555686a2f0, tb=tb@entry=0x7fffd7840080 <code_gen_buffer+126091347>, max_insns=max_insns@entry=512) at ./target/arm/translate.c:13901
8 0x00005555558d06b9 in tb_gen_code (cpu=cpu@entry=0x55555686a2f0, pc=3067096216, cs_base=0, flags=192, cflags=-16252928, cflags@entry=524288) at ./accel/tcg/translate-all.c:1736
9 0x00005555558ce467 in tb_find (cf_mask=524288, tb_exit=1, last_tb=0x7fffd783e640 <code_gen_buffer+126084627>, cpu=0x1) at ./accel/tcg/cpu-exec.c:407
10 0x00005555558ce467 in cpu_exec (cpu=cpu@entry=0x55555686a2f0) at ./accel/tcg/cpu-exec.c:728
11 0x000055555588b0cf in tcg_cpu_exec (cpu=0x55555686a2f0) at ./cpus.c:1431
12 0x000055555588d223 in qemu_tcg_cpu_thread_fn (arg=0x55555686a2f0) at ./cpus.c:1735
13 0x000055555588d223 in qemu_tcg_cpu_thread_fn (arg=arg@entry=0x55555686a2f0) at ./cpus.c:1709
14 0x0000555555d2629a in qemu_thread_start (args=<optimized out>) at ./util/qemu-thread-posix.c:502
15 0x00007ffff4db8a92 in start_thread () at /usr/lib/libpthread.

This patch ensures that we don't hit the abort() in the second switch
case in disas_neon_data_insn() as we will return from the first case.

Backports commit 2f143d3ad1c05e91cf2cdf5de06d59a80a95e6c8 from qemu
2019-05-24 18:02:32 -04:00
Richard Henderson 9287750362
target/arm: Simplify BFXIL expansion
The mask implied by the extract is redundant with the one
implied by the deposit. Also, fix spelling of BFXIL.

Backports commit 87eb65a3c45c788a309986d48170a54a0d1c0705 from qemu
2019-05-24 18:01:26 -04:00
Richard Henderson 1778828644
target/arm: Use extract2 for EXTR
This is, after all, how we implement extract2 in tcg/aarch64.

Backports commit 80ac954c369e7e61bd1ed00cef07b63e11f9c734 from qemu
2019-05-24 17:58:58 -04:00
Richard Henderson 0412b3be8a
target/i386: Implement CPUID_EXT_RDRAND
We now have an interface for guest visible random numbers.

Backports commit 369fd5ca66810b2ddb16e23a497eabe59385eceb from qemu with
the actual RNG portion disabled for the time being.
2019-05-23 15:12:50 -04:00
Richard Henderson 3dd7358a53
target/arm: Implement ARMv8.5-RNG
Use the newly introduced infrastructure for guest random numbers.

Backports commit de390645675966cce113bf5394445bc1f8d07c85 from qemu

(with the actual RNG portion disabled to preserve determinism for the
time being).
2019-05-23 15:03:23 -04:00
Richard Henderson a8df33c37c
target/arm: Put all PAC keys into a structure
This allows us to use a single syscall to initialize them all.

Backports commit 108b3ba891408c4dce93df78261ec4aca38c0e2e from qemu
2019-05-23 14:54:06 -04:00
Paolo Bonzini 1341e371a8
target/i386: add MDS-NO feature
Microarchitectural Data Sampling is a hardware vulnerability which allows
unprivileged speculative access to data which is available in various CPU
internal buffers.

Some Intel processors use the ARCH_CAP_MDS_NO bit in the
IA32_ARCH_CAPABILITIES
MSR to report that they are not vulnerable, make it available to
guests.

Backports commit 20140a82c67467f53814ca197403d5e1b561a5e5 from qemu
2019-05-23 14:49:20 -04:00
Paolo Bonzini a4f2517f46
target/i386: define md-clear bit
md-clear is a new CPUID bit which is set when microcode provides the
mechanism to invoke a flush of various exploitable CPU buffers by invoking
the VERW instruction.

Backports commit b2ae52101fca7f9547ac2f388085dbc58f8fe1c0 from qemu
2019-05-23 14:48:18 -04:00
Philippe Mathieu-Daudé 4a1b8d64bd
target/m68k: Optimize rotate_x() using extract_i32()
Optimize rotate_x() using tcg_gen_extract_i32(). We can now free the
'sz' tcg_temp earlier. Since it is allocated with tcg_const_i32(),
free it with tcg_temp_free_i32().

Backports commit 60d3d0cfeb1658d2827d6a4f0df27252bb36baba from qemu
2019-05-17 12:07:07 -04:00
Philippe Mathieu-Daudé 3c6cb445a0
target/m68k: Fix a tcg_temp leak
The function gen_get_ccr() returns a tcg_temp created with
tcg_temp_new(). Free it with tcg_temp_free().

Backports commit 44c64e90950adf9efe7f4235a32eb868d1290ebb from qemu
2019-05-17 12:05:11 -04:00
Philippe Mathieu-Daudé a72a53c2d9
target/m68k: Reduce the l1 TCGLabel scope
Backports commit 89fa312be0dfd8b4c539c8763796e785c6b00b46 from qemu
2019-05-17 12:03:37 -04:00
Peter Maydell 3fb64fd5a2
target/m68k: Switch to transaction_failed hook
Switch the m68k target from the old unassigned_access hook
to the transaction_failed hook.

The notable difference is that rather than it being called
for all physical memory accesses which fail (including
those made by DMA devices or by the gdbstub), it is only
called for those made by the CPU via its MMU. (In previous
commits we put in explicit checks for the direct physical
loads made by the target/m68k code which will no longer
be handled by calling the unassigned_access hook.)

Backports commit e1aaf3a88e95ab007445281e2b2f6e3c8da47f22 from qemu
2019-05-17 12:01:40 -04:00
Peter Maydell ab63f1a102
target/m68k: In get_physical_address() check for memory access failures
In get_physical_address(), use address_space_ldl() and
address_space_stl() instead of ldl_phys() and stl_phys().
This allows us to check whether the memory access failed.
For the moment, we simply return -1 in this case;
add a TODO comment that we should ideally generate the
appropriate kind of fault.

Backports commit adcf0bf017351776510121e47b9226095836023c from qemu
2019-05-17 11:59:01 -04:00
Richard Henderson 2a4a7b9391
tcg: Use tlb_fill probe from tlb_vaddr_to_host
Most of the existing users would continue around a loop which
would fault the tlb entry in via a normal load/store.

But for AArch64 SVE we have an existing emulation bug wherein we
would mark the first element of a no-fault vector load as faulted
(within the FFR, not via exception) just because we did not have
its address in the TLB. Now we can properly only mark it as faulted
if there really is no valid, readable translation, while still not
raising an exception. (Note that beyond the first element of the
vector, the hardware may report a fault for any reason whatsoever;
with at least one element loaded, forward progress is guaranteed.)

Backports commit 4811e9095c0491bc6f5450e5012c9c4796b9e59d from qemu
2019-05-16 18:27:03 -04:00
Laurent Vivier 8cdfed1032
linux-user: fix 32bit g2h()/h2g()
sparc32plus has 64bit long type but only 32bit virtual address space.

For instance, "apt-get upgrade" failed because of a mmap()/msync()
sequence.

mmap() returned 0xff252000 but msync() used g2h(0xffffffffff252000)
to find the host address. The "(target_ulong)" in g2h() doesn't fix the
address because it is 64bit long.

This patch introduces an "abi_ptr" that is set to uint32_t
if the virtual address space is addressed using 32bit in the linux-user
case. It stays set to target_ulong with softmmu case.

Backports commit 3e23de15237c81fe7af7c3ffa299a6ae5fec7d43 from qemu
2019-05-16 18:20:55 -04:00
Richard Henderson e736ef3238
tcg: Remove CPUClass::handle_mmu_fault
This hook is now completely replaced by tlb_fill.

Backports commit 69963f5709a0645934c169784820d0bee22208ba from qemu
2019-05-16 18:12:17 -04:00
Lioncash fcaa52c1fe
tcg: Synchronize with qemu
Resolves any formatting discrepancies and bad merges that slipped
through.
2019-05-16 18:11:08 -04:00
Richard Henderson dab0061a0d
tcg: Use CPUClass::tlb_fill in cputlb.c
We can now use the CPUClass hook instead of a named function.

Create a static tlb_fill function to avoid other changes within
cputlb.c. This also isolates the asserts within. Remove the
named tlb_fill function from all of the targets.

Backports commit c319dc13579a92937bffe02ad2c9f1a550e73973 from qemu
2019-05-16 17:35:37 -04:00
Richard Henderson 5d83199931
target/sparc: Convert to CPUClass::tlb_fill
Backports commit e84942f2ceaa79430414f2cb68d77c044dadca96 from qemu
2019-05-16 17:29:35 -04:00
Richard Henderson e98c731550
target/riscv: Convert to CPUClass::tlb_fill
Note that env->pc is removed from the qemu_log as that value is garbage.
The PC isn't recovered until cpu_restore_state, called from
cpu_loop_exit_restore, called from riscv_raise_exception.

Backports commit 8a4ca3c10a96be6ed7f023b685b688c4d409bbcb from qemu
2019-05-16 17:24:01 -04:00
Richard Henderson 14d48974a4
target/mips: Convert to CPUClass::tlb_fill
Note that env->active_tc.PC is removed from the qemu_log as that value
is garbage. The PC isn't recovered until cpu_restore_state, called from
cpu_loop_exit_restore, called from do_raise_exception_err.

Backports commit 931d019f5b2e7bbacb162869497123be402ddd86 from qemu
2019-05-16 17:19:47 -04:00
Richard Henderson 49cb8cfe5b
target/mips: Tidy control flow in mips_cpu_handle_mmu_fault
Since the only non-negative TLBRET_* value is TLBRET_MATCH,
the subsequent test for ret < 0 is useless. Use early return
to allow subsequent blocks to be unindented.

Backports commit e38f4eb63020075432cb77bf48398187809cf4a3 from qemu
2019-05-16 17:15:33 -04:00
Richard Henderson f175e89ca2
target/mips: Pass a valid error to raise_mmu_exception for user-only
At present we give ret = 0, or TLBRET_MATCH. This gets matched
by the default case, which falls through to TLBRET_BADADDR.
However, it makes more sense to use a proper value. All of the
tlb-related exceptions are handled identically in cpu_loop.c,
so TLBRET_BADADDR is as good as any other. Retain it.

Backports commit 995ffde9622c01f5b307cab47f9bd7962ac09db2 from qemu
2019-05-16 17:14:02 -04:00
Richard Henderson 52998fe46d
target/m68k: Convert to CPUClass::tlb_fill
Backports commit fe5f7b1b3a2317f598687218c348b54e02a75e1f from qemu
2019-05-16 17:12:41 -04:00
Richard Henderson fe9ac6e1c4
target/i386: Convert to CPUClass::tlb_fill
We do not support probing, but we do not need it yet either.

Backports commit 5d0044212c375c0696baef7bba13699277dac5b5 from qemu
2019-05-16 17:08:14 -04:00
Richard Henderson 31ecdb5341
target/arm: Convert to CPUClass::tlb_fill
Backports commit 7350d553b5066abdc662045d7db5cdb73d0f9d53 from qemu
2019-05-16 16:55:12 -04:00
Richard Henderson 1f30062c41
tcg: Add CPUClass::tlb_fill
This hook will replace the (user-only mode specific) handle_mmu_fault
hook, and the (system mode specific) tlb_fill function.

The handle_mmu_fault hook was written as if there was a valid
way to recover from an mmu fault, and had 3 possible return states.
In reality, the only valid action is to raise an exception,
return to the main loop, and deliver the SIGSEGV to the guest.

Note that all of the current implementations of handle_mmu_fault
for guests which support linux-user do in fact only ever return 1,
which is the signal to return to the main loop.

Using the hook for system mode requires that all targets be converted,
so for now the hook is (optionally) used only from user-only mode.

Backports commit da6bbf8513e621a8fc2fd315d77318f36547474d from qemu
2019-05-16 16:46:19 -04:00
Richard Henderson de260cfbd6
tcg/aarch64: Do not advertise minmax for MO_64
The min/max instructions are not available for 64-bit elements.

Backports commit a7b6d286cfb5205b9f5330aefc5727269b3d810f from qemu
2019-05-16 16:44:34 -04:00
Richard Henderson 552e48f14e
target/arm: Use tcg_gen_abs_i64 and tcg_gen_gvec_abs
Backports commit 4e027a710673f5d4dc6cff88728bcfd32e4c47b0 from qemu
2019-05-16 16:43:02 -04:00
Richard Henderson 7c9b3a9021
tcg/aarch64: Support vector absolute value
Backports commit a456394ae540f852cd0d10fd693fe9f33598dc01 from qemu
2019-05-16 16:39:14 -04:00
Richard Henderson fd35490991
tcg/i386: Support vector absolute value
Backports commit 18f9b65f1a4225dd314cb9b0a8dea968c5bc2ef3 from qemu
2019-05-16 16:37:33 -04:00
Richard Henderson 6d5e7856ff
tcg: Add support for vector absolute value
Backports commit bcefc90208f8a1d6f619d61c2647281d92277015 from qemu
2019-05-16 16:33:43 -04:00
Richard Henderson 6d1730048d
tcg: Add support for integer absolute value
Remove a function of the same name from target/arm/.
Use a branchless implementation of abs gleaned from gcc.

Backports commit ff1f11f7f8710a768f9313f24bd7f509d3db27e5 from qemu
2019-05-16 16:25:15 -04:00
Richard Henderson 18b3df6e4e
tcg/i386: Support vector scalar shift opcodes
Backports commit 0a8d7a3bf5a149a82450eef555fd61728703dd84 from qemu
2019-05-16 16:19:44 -04:00
Richard Henderson 79b9dc559e
tcg: Add gvec expanders for vector shift by scalar
Allow expansion either via shift by scalar or by replicating
the scalar for shift by vector.

Backports commit b4578cd91cda4cef1c413304353ca6dc5b957b60 from qemu
2019-05-16 16:17:58 -04:00
Richard Henderson 0217ee7b24
tcg/aarch64: Support vector variable shift opcodes
Backports commit 79525dfd08262d8de10d271f17e5a4096ef96d16 from qemu
2019-05-16 15:58:54 -04:00
Richard Henderson f793ec847d
tcg/i386: Support vector variable shift opcodes
Backports commit a2ce146a06807fe1d1a81e878b8f249ff1e14038 from qemu
2019-05-16 15:53:33 -04:00
Richard Henderson 8c17687934
tcg: Add gvec expanders for variable shift
The gvec expanders perform a modulo on the shift count. If the target
requires alternate behaviour, then it cannot use the generic gvec
expanders anyway, and will have to have its own custom code.

Backports commit 5ee5c14cacda27e904cd6b0d9e7ffe1acff42838 from qemu
2019-05-16 15:51:09 -04:00
Richard Henderson 66e6bea084
tcg: Add INDEX_op_dupm_vec
Allow the backend to expand dup from memory directly, instead of
forcing the value into a temp first. This is especially important
if integer/vector register moves do not exist.

Note that officially tcg_out_dupm_vec is allowed to fail.
If it did, we could fix this up relatively easily:

VECE == 32/64:
Load the value into a vector register, then dup.
Both of these must work.

VECE == 8/16:
If the value happens to be at an offset such that an aligned
load would place the desired value in the least significant
end of the register, go ahead and load w/garbage in high bits.

Load the value w/INDEX_op_ld{8,16}_i32.
Attempt a move directly to vector reg, which may fail.
Store the value into the backing store for OTS.
Load the value into the vector reg w/TCG_TYPE_I32, which must work.
Duplicate from the vector reg into itself, which must work.

All of which is well and good, except that all supported
hosts can support dupm for all vece, so all of the failure
paths would be dead code and untestable.

Backports commit 37ee55a081b7863ffab2151068dd1b2f11376914 from qemu
2019-05-16 15:38:02 -04:00
Richard Henderson fd7a67e4a7
tcg/aarch64: Implement tcg_out_dupm_vec
The LD1R instruction does all the work. Note that the only
useful addressing mode is a base register with no offset.

Backports commit f23e5e15edfd49d5dd72cab2ed2d85ac354b2eeb from qemu
2019-05-16 15:29:04 -04:00
Richard Henderson a6fd4e2345
tcg/i386: Implement tcg_out_dupm_vec
At the same time, improve tcg_out_dupi_vec wrt broadcast
from the constant pool.

Backports commit 1e262b49b5331441f697461e4305fe06719758a7 from qemu
2019-05-16 15:27:15 -04:00
Richard Henderson d4e7c6a8c5
tcg: Add tcg_out_dupm_vec to the backend interface
Currently stubbed out in all backends that support vectors.

Backports commit d6ecb4a978b718dbe108a9fa9ecccc8b7f7cb579 from qemu
2019-05-16 15:24:48 -04:00
Richard Henderson cf238d3544
tcg: Manually expand INDEX_op_dup_vec
This case is similar to INDEX_op_mov_* in that we need to do
different things depending on the current location of the source.

Backports commit bab1671f0fa928fd678a22f934739f06fd5fd035 from qemu
2019-05-16 15:22:29 -04:00
Richard Henderson 3d20e1678c
tcg: Promote tcg_out_{dup,dupi}_vec to backend interface
The i386 backend already has these functions, and the aarch64 backend
could easily split out one. Nothing is done with these functions yet,
but this will aid register allocation of INDEX_op_dup_vec in a later patch.

Adjust the aarch64 tcg_out_dupi_vec signature to match the new interface.

Backports commit e7632cfa8b76cdbbc1c76e8737338ef5844e7d60 from qemu
2019-05-16 15:18:48 -04:00
Richard Henderson d58d9ad16e
tcg: Support cross-class moves without instruction support
PowerPC Altivec does not support direct moves between vector registers
and general registers. So when tcg_out_mov fails, we can use the
backing memory for the temporary to perform the move.

Backports commit 240c08d0998f402c325fce489de0d14831048128 from qemu
2019-05-16 15:16:23 -04:00
Richard Henderson f86bd1c5d6
tcg: Return bool success from tcg_out_mov
This patch merely changes the interface, aborting on all failures,
of which there are currently none.

Backports commit 78113e83e0007e869c9f0cb4c0497a77538988e3 from qemu
2019-05-16 15:14:42 -04:00
Richard Henderson f7d9ee8451
tcg/arm: Use tcg_out_mov_reg in tcg_out_mov
We have a function that takes an additional condition parameter
over the standard backend interface. It already takes care of
eliding no-op moves.

Backports commit c16f52b2c5d91c36e121795bd3b386cea0b7573c from qemu
2019-05-16 15:10:52 -04:00
Richard Henderson fef5700c9c
tcg: Assert fixed_reg is read-only
The only fixed_reg is cpu_env, and it should not be modified
during any TB. Therefore code that tries to special-case moves
into a fixed_reg is dead. Remove it.

Backports commit d63e3b6e694ad6c887be135dddb9cd4893f1a844 from qemu
2019-05-16 15:09:37 -04:00