Do only virtual addresses comaprisons in LL/SC sequence emulations.
Until this patch, physical addresses had been compared in SC part of
LL/SC sequence, even though such comparisons could be avoided. Getting
rid of them allows throwing away SC helpers and having common SC
implementations in user and system mode, avoiding the need for two
separate implementations selected by #ifdef CONFIG_USER_ONLY.
Correct guest software should not rely on LL/SC if they accesses the
same physical address via different virtual addresses or if page
mapping gets changed between LL/SC due to manipulating TLB entries.
MIPS Instruction Set Manual clearly says that an RMW sequence must
use the same address in the LL and SC (virtual address, physical
address, cacheability and coherency attributes must be identical).
Otherwise, the result of the SC is not predictable. This patch takes
advantage of this fact and removes the virtual->physical address
translation from SC helper.
lladdr served as Coprocessor 0 LLAddr register which captures physical
address of the most recent LL instruction, and also lladdr was used
for comparison with following SC physical address. This patch changes
the meaning of lladdr - now it will only keep the virtual address of
the most recent LL. Additionally, CP0_LLAddr field is introduced which
is the actual Coperocessor 0 LLAddr register that guest can access.
Backports commit c7c7e1e9a5e3f0a8a1dbff6e4ccfd21c2dc9f845 from qemu
Add I6500 core configuration. Note that this configuration is
supported only on best-effort basis due to the lack of certain
features in QEMU.
Backports commit ca1ffd14ed8a11ad88619c0478e5ea58f0af5137 from qemu
Extend gen_scwp() functionality to support EVA by adding an
additional argument, modify internals of the function to handle
new functionality, and accordingly change its invocations.
Backports commit 8d5388c1de8bf207316369213bd950bafa6badda from qemu
"insn_flags" bitfield was expanded from 32-bit to 64-bit in commit
f9c9cd63e3. However, this was not reflected on the second argument
of the function cpu_supports_isa(). By chance, this did not create
some wrong behavior, since the left-most halves of all instances of
the second argument are currently all zeros. However, this is still
a bug waiting to happen. Correct this by changing the type of the
second argument to be always 64-bit.
Backports commit 5b1e098128367d6ef7cb2d1e99a55fcf4fa9cdde from qemu
Rename macros for extracting 3-bit-coded GPR numbers, to achieve
better consistency with the nanoMIPS documentation.
Backports commit 99e49abf119f700bf8664b7dfc60c22d9eaf9159 from qemu
Several macros were defined twice, with identical values, so
remove duplicates.
Previously added in 80845edf37b.
This reverts commit 6bfa9f4c9cf24d6cfaaa227722e9cdcca1ad6fe9.
Backports commit 362d2e72546923f8f410733cc286ae5528c7811a from qemu
The 32 R5900 128-bit registers are split into two 64-bit halves:
the lower halves are the GPRs and the upper halves are accessible
by the R5900-specific multimedia instructions.
Backports commit a168a796e1c251787fcdf2d9ca1e9e69cb86ffcd from qemu
Add CP0 register MemoryMapID. Only data field is added.
The corresponding functionality will be added in future
patches.
Backports commit 3ef521ee9fe2d01d4bbcf3e4d5c91ed982bf3f60 from qemu
Correct existing CP0-related preprocessor constants (replace
"CPO" with "CP0" (form letter "O" to digit "0", when needed).
Besides, add preprocessor constants for CP0 subregisters.
The names of the subregisters were chosen to be in sync with
the table of corresponding assembler mnemonics found in the
documentation for I6500 and I6400 (release 1.0).
Backports commit 04992c8cd1c43ecdba39dd8c916db092db6ebae0 from qemu
Move comment containing summary of CP0 registers. Checkpatch
script reported some tabs in the resutling diff, so convert
these tabs to spaces too.
Backports commit ea9c5e836e205a87038c8153282d0b6d9234cda2 from qemu
The three-operand MADD and MADDU are specific to Sony R5900 core,
and Toshiba TX19/TX39/TX79 cores as well.
The "32-Bit TX System RISC TX39 Family Architecture manual"
is available at https://wiki.qemu.org/File:DSAE0022432.pdf
Backports commit 3b948f053fc588154d95228da8a6561c61c66104 from qemu
Add translation handlers for four logic MXU instructions.
It should be noted that there is an error in MXU documentation (dated
June 2017) regarding opcodes for this group of instructions. This was
confirmed by running tests on hardware, and also by looking up other
related public source trees (binutils, Android NDK). In initial MXU
patches to QEMU, opcodes for MXU logic instructions were created to
be in accordance with the MXU documentation, therefore the error from
was propagated. This patch corrects that, changing the involved code.
Besides that, as MXU was designed and implemented only for 32-bit
CPUs, corresponding preprosessor conditions were added around MXU
code, which allows more flexible implementation of MXU handlers.
Backports commit b621f0187ef789aeef733cf79e5ac83984752394 from qemu
Improve textual description of MXU extension. These are mostly
comment formatting changes.
Backports commit 84e2c895b12fb7056daeb7e5094656eae7b50d3d from qemu
Add generic naming involving generig suffixes OPTN0, OPTN1, OPTN2,
OPTN3 for four optn2 constants. Existing suffixes WW, LW, HW, XW
are not quite appropriate for some instructions using optn2.
Add missing opcodes and decoding engine for LXB, LXH, LXW, LXBU,
and LXHU instructions. They were for some reason forgotten in
previous commits. The MXU opcode list and decoding engine should
be now complete.
Backports commit c233bf07af7cf2358b69c38150dbd2e3e4a399b6 from qemu
Disable R5900 support. There are some outstanding issues related
to ABI support and emulation accuracy, that were not understood
well during review process. Disable to avoid backward compatibility
issues.
Reverts commit ed4f49ba9bb56ebca6987b1083255daf6c89b5de.
Backports commit 823f2897bdd78185f3ba33292a25105ba8bad1b5 from qemu
Explicitely mark handling of PREF instruction for R5900 as
treating the same as NOP.
Backports commit 992e8176d36882983bb04f0259f7151a36d003a1 from qemu
Avoid using check_opc_user_only() as a decision making code wrt
various architectures. Use ctx->insn_flags checks instead.
Backports commit 55fc7a69aa38f5ec726e862caf4e4394caca04a8 from qemu
MOVN, MOVZ, MFHI, MFLO, MTHI, MTLO, MULT, MULTU, DIV, DIVU, DMULT,
DMULTU, DDIV, DDIVU and JR are decoded in decode_opc_special_tx79
instead of the generic decode_opc_special_legacy.
Backports commit 9dc324ce66807cc231fe890d4031de595ad1cf72 from qemu
MFLO1, MFHI1, MTLO1 and MTHI1 are generated in gen_HILO1_tx79 instead of
the generic gen_HILO.
Backports commit 86efbfb619a42061ac6439c074cfbf52df2ef2c2 from qemu
Add prefix, suffix, operation descriptions, and other corrections
and amendments to the comment that describes MXU ASE.
Backports commit 093ade12179b6a3f679c100c0fe2a0a7d72068ba from qemu
Move MUL, S32M2I, S32I2M handling out of switch. These are all
instructions that do not depend on MXU_EN flag of MXU_CR.
Backports commit 87860df5511b972f0234a6b2cfaad5227c79b6b4 from qemu
Add support for emulating the S32I2M and S32M2I MXU instructions.
This commit also contains utility functions for reading/writing
to MXU registers. This is required for overall MXU instruction
support.
Backports commit 96992d1aa1b250c0fffc1ff2dad5e6e4f0b9815b from qemu
Add MXU decoding engine: add handlers for all instruction pools,
and main decode handler. The handlers, for now, for the purpose
of this patch, contain only sceleton in the form of a single
switch statement.
Backports commit 03f400883a1dd92fac5b0d9127b38e34c9a722d7 from qemu
Amend MXU instruction opcodes. Pool04 is actually only instruction
OPC_MXU_S16MAD. Two cases within S16MAD are recognized by 1-bit
subfield 'aptn1'.
Backports commit eab0bdb07cbed1131be2d1f541059c7b96b05e32 from qemu
Define a bit for MXU in insn_flags. This is the first non-MIPS
(third party) ASE supported in QEMU for MIPS, so it is placed in
the section "bits 56-63: vendor-specific ASEs".
Backports commit a031ac61619294ae473a78d1834e757fad8b59e5 from qemu
Define and initialize the 16 MXU registers - 15 general computational
register, and 1 control register). There is also a zero register, but
it does not have any corresponding variable.
Backports commit eb5559f67dc8dc12335dd996877bb6daaea32eb2 from qemu.
Implement emulation of nanoMIPS EVA instructions. They are all
part of P.LS.E0 instruction pool, or one of its subpools.
Backports commit d046a9ea1b8877a570a8b12a2d0125ec59fe5b22 from qemu
Opcode for ALIGN and DALIGN must be in fact ranges of opcodes, to
allow paremeter 'bp' to occupy two and three bits, respectively.
Backports commit 373ecd3823f949fd550ec49685299e287af5753e from qemu
Replace MIPS32 with MIPS, since the file covers all generations
of MIPS architectures.
Backports commit ab99e0e44bc7b0e2e52d9083a673866b18470536 from qemu
The primary purpose of this change is to support programs compiled by
GCC for the R5900 target and thereby run R5900 Linux distributions, for
example Gentoo.
GCC in version 7.3, by itself, by inspection of the GCC source code
and inspection of the generated machine code, for the R5900 target,
only emits two instructions that are specific to the R5900: the three-
operand MULT and MULTU. GCC and libc also emit certain MIPS III
instructions that are not part of the R5900 ISA. They are normally
trapped and emulated by the Linux kernel, and therefore need to be
treated accordingly by QEMU.
A program compiled by GCC is taken to mean source code compiled by GCC
under the restrictions above. One can, with the apparent limitations,
with a bit of effort obtain a fully functioning operating system such
as R5900 Gentoo. Strictly speaking, programs need not be compiled by
GCC to make use of this change.
Instructions and other facilities of the R5900 not implemented by this
change are intended to signal provisional exceptions. One such example
is the FPU that is not compliant with IEEE 754-1985 in system mode. It
is therefore provisionally disabled. In user space the FPU is trapped
and emulated by IEEE 754-1985 compliant software in the kernel, and
this is handled accordingly by QEMU. Another example is the 93
multimedia instructions specific to the R5900 that generate provisional
reserved instruction exception signals.
One of the benefits of running a Linux distribution under QEMU is that
programs can be compiled with a native compiler, where the host and
target are the same, as opposed to a cross-compiler, where they are
not the same. This is especially important in cases where the target
hardware does not have the resources to run a native compiler.
Problems with cross-compilation are often related to host and target
differences in integer sizes, pointer sizes, endianness, machine code,
ABI, etc. Sometimes cross-compilation is not even supported by the
build script for a given package. One effective way to avoid those
problems is to replace the cross-compiler with a native compiler. This
change of compilation methods does not resolve the inherent problems
with cross-compilation.
The native compiler naturally replaces the cross-compiler, because one
typically uses one or the other, and preferably the native compiler
when the circumstances admit this. The native compiler is also a good
test case for the R5900 QEMU user mode. Additionally, Gentoo is well-
known for compiling and installing its packages from sources.
This change has been tested with Gentoo compiled for R5900, including
native compilation of several packages under QEMU.
Backports commit ed4f49ba9bb56ebca6987b1083255daf6c89b5de from qemu.
The Linux kernel traps certain reserved instruction exceptions to
emulate the corresponding instructions. QEMU plays the role of the
kernel in user mode, so those traps are emulated by accepting the
instructions.
This change adds the function check_insn_opc_user_only to signal a
reserved instruction exception for flagged CPUs in QEMU system mode.
The MIPS III instructions DMULT[U], DDIV[U], LL[D] and SC[D] are not
implemented in R5900 hardware. They are trapped and emulated by the
Linux kernel and, accordingly, therefore QEMU user only instructions.
Backports commit 96631327be14c4f54cc31f873c278d9ffedd1e00 from qemu
The R5900 is taken to be MIPS III with certain modifications. From
MIPS IV it implements the instructions MOVN, MOVZ and PREF.
Backports commit 5601e6217d90ed322b4b9a6d68e8db607db91842 from qemu
The three-operand MULT and MULTU are the only R5900-specific
instructions emitted by GCC 7.3. The R5900 also implements the three-
operand MADD and MADDU instructions, but they are omitted in QEMU for
now since they are absent in programs compiled by current GCC versions.
Likewise, the R5900-specific pipeline 1 instruction variants MULT1,
MULTU1, DIV1, DIVU1, MADD1, MADDU1, MFHI1, MFLO1, MTHI1 and MTLO1
are omitted here as well.
Backports commit 21e8e8b230af38b6bd8c953fa5f31e4a5a128e1c from qemu
The R5900 implements the 64-bit MIPS III instruction set except
DMULT, DMULTU, DDIV, DDIVU, LL, SC, LLD and SCD. The MIPS IV
instructions MOVN, MOVZ and PREF are implemented. It has the
R5900-specific three-operand instructions MADD, MADDU, MULT and
MULTU as well as pipeline 1 versions MULT1, MULTU1, DIV1, DIVU1,
MADD1, MADDU1, MFHI1, MFLO1, MTHI1 and MTLO1. A set of 93 128-bit
multimedia instructions specific to the R5900 is also implemented.
The Toshiba TX System RISC TX79 Core Architecture manual:
https://wiki.qemu.org/File:C790.pdf
describes the C790 processor that is a follow-up to the R5900. There
are a few notable differences in that the R5900 FPU
- is not IEEE 754-1985 compliant,
- does not implement double format, and
- its machine code is nonstandard.
Backports commit 6f692818a7b53630702d25a709cd61282fd139ad from qemu
Fix misplaced 'break' in handling of NM_SHRA_R_PH. Found by
Coverity (CID 1395627).
Backports commit d5ebcbaf09e8c14e62b2966446195be5eeabcbab from qemu
Fix emulation of microMIPS R6 <SELEQZ|SELNEZ>.<D|S> instructions.
Their handling was permuted.
Backports commit fdac60cd0458f34b2e79d74a55bec10836e26471 from qemu
Implement hardware page table walker. This implementation is
limiter only to MIPS32.
Backports commit 074cfcb4daedf59ccbbbc83c24eee80e0e8f4c71 from qemu
Add reset state for PWSize and PWField registers. The reset state
is different for pre-R6 and R6 (and post-R6) ISAa
Backports commit 630107955757b9dfc5c09f105caa267eded2e3b1 from qemu
Add PWCtl register (CP0 Register 5, Select 6).
The PWCtl register configures hardware page table walking for TLB
refills.
This register is required for the hardware page walker feature. It
exists only if Config3 PW bit is set to 1. It contains following
fields:
PWEn (31) - Hardware Page Table walker enable
PWDirExt (30) - If 1, 4-th level implemented (MIPS64 only)
XK (28) - If 1, walker handles xkseg (MIPS64 only)
XS (27) - If 1, walker handles xsseg (MIPS64 only)
XU (26) - If 1, walker handles xuseg (MIPS64 only)
DPH (7) - Dual Page format of Huge Page support
HugePg (6) - Huge Page PTE supported in Directory levels
PSn (5..0) - Bit position of PTEvld in Huge Page PTE
Backports commit 103be64c26c166f12b3e1308edadef3443723ff1 from qemu
Add PWSize register (CP0 Register 5, Select 7).
The PWSize register configures hardware page table walking for TLB
refills.
This register is required for the hardware page walker feature. It
exists only if Config3 PW bit is set to 1. It contains following
fields:
BDW (37..32) Base Directory index width (MIPS64 only)
GDW (29..24) Global Directory index width
UDW (23..18) Upper Directory index width
MDW (17..12) Middle Directory index width
PTW (11..6 ) Page Table index width
PTEW ( 5..0 ) Left shift applied to the Page Table index
Backports commit 20b28ebc49945583d7191b57755cfd92433de9ff from qemu
Add PWField register (CP0 Register 5, Select 6).
The PWField register configures hardware page table walking for TLB
refills.
This register is required for the hardware page walker feature. It
exists only if Config3 PW bit is set to 1. It contains following
fields:
MIPS64:
BDI (37..32) - Base Directory index
GDI (29..24) - Global Directory index
UDI (23..18) - Upper Directory index
MDI (17..12) - Middle Directory index
PTI (11..6 ) - Page Table index
PTEI ( 5..0 ) - Page Table Entry shift
MIPS32:
GDW (29..24) - Global Directory index
UDW (23..18) - Upper Directory index
MDW (17..12) - Middle Directory index
PTW (11..6 ) - Page Table index
PTEW ( 5..0 ) - Page Table Entry shift
Backports commit fa75ad1459f4f6abbeb6d375a812dfad61320f58 from qemu
Add PWBase register (CP0 Register 5, Select 5).
The PWBase register contains the Page Table Base virtual address.
This register is required for the hardware page walker feature. It
exists only if Config3 PW bit is set to 1.
Backports commit 5e31fdd59fda5c4ba9eb0daadc2a26273a29a0b6 from qemu
Add field corresponding to CP0 Config2 to DisasContext. This is
needed for availability control via Config2 bits.
Backports commit 49735f76db25bf10f57973d5249f17151b801760 from qemu
Do following replacements:
ASE_DSPR2 -> ASE_DSP_R2
ASE_DSPR3 -> ASE_DSP_R3
MIPS_HFLAG_DSPR2 -> MIPS_HFLAG_DSP_R2
MIPS_HFLAG_DSPR3 -> MIPS_HFLAG_DSP_R3
check_dspr2() -> check_dsp_r2()
check_dspr3() -> check_dsp_r3()
and several other similar minor replacements.
Backports commit 908f6be1b9cbc270470230f805d6f7474ab3178d from qemu
Add infrastructure for availability control for DSP R3 ASE MIPS
instructions. Only BPOSGE32C currently belongs to DSP R3 ASE, but
this is likely to be changed in near future.
Backports commit 59e781fbf13a2dede15437d055b09d7ea120dcac from qemu
Increase the size of insn_flags holder size to 64 bits. This is
needed for future extensions since existing bits are almost all used.
Backports commit f9c9cd63e3dd84c5f052deec880ec92046bbe305 from qemu
Add a comment that contains a list all MXU instructions,
expressed in assembler mnemonics.
Backports commit 1d0e663c5f25345a6702d8a83c051b83f3462299 from qemu
Add a comment before each CP0 register section in CPUMIPSState
definition, thus visually separating these sections.
Backports commit 50e7edc5ac25af2faaacd1f91e177c7de7d696c3 from qemu
Add a comment with an overview of CP0 registers close to the
definition of their corresponding fields in CPUMIPSState.
Backports commit a86d421e18d58b32d6eaba1e79160e2b4e5a0a6c from qemu
Update BadInstr and BadInstrX registers for nanoMIPS. The same
support for pre-nanoMIPS remains unimplemented.
Backports commit 7a5f784aa215df6bf5d674b4003f8df43bf3b2d4 from qemu
Use bits from configuration registers for availability control
of MT ASE instructions, rather than only ISA_MT bit in insn_flags.
This is done by adding a field in hflags for MT bit, and adding
functions check_mt() and check_cp0_mt().
Backports commit 9affc1c59279f482ff145e0371926f79b6448e3e from qemu
Implement support for nanoMIPS LLWP/SCWP instructions. Beside
adding core functionality of these instructions, this patch adds
support for availability control via configuration bit XNP.
Backports commit 0b16dcd180bdbe3add9edea42c2374d427882661 from qemu
Add CP0_Config3 and CP0_Config5 to DisasContext structure. This is
needed for implementing availability control of various instructions.
Backports commit ab77fc611bf004dfd25ecad5b2c11261e32012e9 from qemu
Implement emulation of nanoMIPS EXTW instruction. EXTW instruction
is similar to the MIPS r6 ALIGN instruction, except that it counts
the other way and in bits instead of bytes. We therefore generalise
gen_align() function into a new gen_align_bits() function (which
counts in bits instead of bytes and optimises when bits = size of
the word), and implement gen_align() and a new gen_ext() based on
that. Since we need to know the word size to check for when the
number of bits == the word size, the opc argument is replaced with
a wordsz argument (either 32 or 64).
Backports commit 821f2008c3c708e0e33158039ab55673a0f04519 from qemu
Added a helper for ROTX based on the pseudocode from the
architecture spec. This instraction was not present in previous
MIPS instruction sets.
Backports commit e222f5067269392af489731221750976d0cf3c05 from qemu
Add emulation of nanoMIPS instructions situated in pool p_lsx, and
emulation of LSA instruction as well.
Backports commit eac5266459fb83e70fbf33f95c7c846f89df5c6a from qemu
Add emulation of SAVE16 and RESTORE.JRC16 instructions. Routines
gen_save(), gen_restore(), and gen_adjust_sp() are provided to support
this feature.
This patch at the same time provides function gen_op_addr_addi(). This
function will be used in emulation of some other nanoMIPS instructions.
Backports commit bf0718c59a4b27dd01346a7b5b9a183ed1b18fb7 from qemu
Add empty body and invocation of decode_nanomips_opc() if the bit
ISA_NANOMIPS32 is set in ctx->insn_flags.
Backports commit c533c0f4741be62501ef6c7f6ce77ffbfc2e4964 from qemu
Only if Config3.ISA is 3 (microMIPS), the mode should be switched in
cpu_state_reset(). Config3.ISA is 1 for nanoMIPS processors, and no mode
change should happen.
Backports commit 0bbc0396809f6caaaf96863dafe738e94f9b73ea from qemu
Add nanoMIPS opcodes. nanoMIPS instruction are organized by so-called
instruction pools. Each pool contains a set of opcodes, that in turn
can be instruction opcodes or instruction pool opcodes.
Backports commit 261c95a0e98e5e9b13c9c005a991b7e7dc27f38a from qemu
MFHC0 and MTHC0 used to handle EntryLo0 and EntryLo1 registers only,
and placing ELPA flag checks before switch statement were technically
correct. However, after adding handling more registers, these checks
should be moved to act only in cases of handling EntryLo0 and
EntryLo1.
Backports commit 59488dda1f16c0259bc2610d8d71686ef436c649 from qemu
Update CP0 registers Config0, Config1, Config2, Config3,
Config4, and Config5 bit definitions.
Some of these bits will be utilized by upcoming nanoMIPS changes.
Backports commit 0413d7a55a8161ebd33541ba1df4285bf180c583 from qemu
Fix two instances of shadow variables. This cleans up entire file
translate.c from shadow variables.
Backports commit e1555d7ddf2c86fb92165e47eb092f1f5fa9e8bd from qemu
Mark switch fallthroughs with comments, in cases fallthroughs
are intentional.
The comments "/* fall through */" are interpreted by compilers and
other tools, and they will not issue warnings in such cases. For gcc,
the warning is turnend on by -Wimplicit-fallthrough. With this patch,
there will be no such warnings in target/mips directory. If such
warning appears in future, it should be checked if it is intentional,
and, if yes, marked with a comment similar to those from this patch.
The comment must be just before next "case", otherwise gcc won't
understand it.
Backports commit 146dd620db815558938433eb9f57a571d424d2c6 from qemu
Remove "range style" case statements to make code analysis easier.
This patch handles cases when the values in the range in question
were not properly defined.
Backports commit c38a1d52233c85976eeed99c9015e881de8cd68e from qemu
Remove "range style" case statements to make code analysis easier.
This is needed also for some upcoming nanoMIPS-related refactorings.
Backports commit c2e19f3c2b1a1bb5f4fc3c55ee8cfa28dde9b810 from qemu
Offset can be larger than 16 bit from nanoMIPS,
and immediate field can be larger than 16 bits as well.
Backports commit 72e1f16f18fe62504f8f25d7a3f6813b24b221be from qemu