In handle_vec_simd_shli() we have a check:
if (size > 3 && !is_q) {
unallocated_encoding(s);
return;
}
However this can never be true, because we calculate
int size = 32 - clz32(immh) - 1;
where immh is a 4 bit field which we know cannot be all-zeroes.
So the clz32() return must be in {28,29,30,31} and the resulting
size is in {0,1,2,3}, and "size > 3" is never true.
This unnecessary code confuses Coverity's analysis:
in CID 1396476 it thinks we might later index off the
end of an array because the condition implies that we
might have a size > 3.
Remove the code, and instead assert that the size is in [0..3],
since the decode that enforces that is somewhat distant from
this function.
Backports commit f6c98f91f56031141a47f86225fdc30f0f9f84fb from qemu
For a sequence of loads or stores from a single register,
little-endian operations can be promoted to an 8-byte op.
This can reduce the number of operations by a factor of 8.
Backports commit 87f9a7f0c8d5122c36743885158782c2348a6d21 from qemu
This can reduce the number of opcodes required for certain
complex forms of load-multiple (e.g. ld4.16b).
Backports commit a7d8143aed2268f147cc1abfebc848ed6282a313 from qemu
Most of the v8 extensions are self-contained within the ISAR
registers and are not implied by other feature bits, which
makes them the easiest to convert.
Backports commit 962fcbf2efe57231a9f5df0ae0f40c05e35628ba from qemu
Use the existing helpers to determine if (1) the fpu is enabled,
(2) sve state is enabled, and (3) the current sve vector length.
Backports commit ced3155141755ba244c988c72c4bde32cc819670 from qemu
These insns require u=1; failed to include that in the switch
cases. This probably happened during one of the rebases just
before final commit.
Fixes: d17b7cdcf4e
Backports commit b8a4a96db3639e17ab5e5cdc14fca4b19fbf5b3b from qemu
Also fold the FPCR/FPSR state onto the same line as PSTATE,
and mention but do not dump disabled FPU state.
Backports commit 2bf5f3f91bb4e3faa2a19aec042138a938afbf6a from qemu
Leave ARM_CP_SVE, removing ARM_CP_FPU; the sve_access_check
produced by the flag already includes fp_access_check. If
we also check ARM_CP_FPU the double fp_access_check asserts.
Backports commit 11d7870b1b4d038d7beb827f3afa72e284701351 from qemu
We've already added the helpers with an SVE patch, all that remains
is to wire up the aa64 and aa32 translators. Enable the feature
within -cpu max for CONFIG_USER_ONLY.
Backports commit 26c470a7bb4233454137de1062341ad48947f252 from qemu
For aa64 advsimd, we had been passing the pre-indexed vector.
However, sve applies the index to each 128-bit segment, so we
need to pass in the index separately.
For aa32 advsimd, the fp32 operation always has index 0, but
we failed to interpret the fp16 index correctly.
Backports commit 2cc99919a81a62589a4a6b0f365eabfead1db1a7 from qemu
Do the cast to uintptr_t within the helper, so that the compiler
can type check the pointer argument. We can also do some more
sanity checking of the index argument.
Backports commit 07ea28b41830f946de3841b0ac61a3413679feb9 from qemu
Including only 4, as-yet unimplemented, instruction patterns
so that the whole thing compiles.
Backports commit 38388f7ee3adc04a7e7246c04352451c4f8d00fb from qemu
Instead of passing env and leaving it up to the helper to get the
right fpstatus we pass it explicitly. There was already a get_fpstatus
helper for neon for the 32 bit code. We also add an get_ahp_flag() for
passing the state of the alternative FP16 format flag. This leaves
scope for later tracking the AHP state in translation flags.
Backports commit 486624fcd3eaca6165ab8401d73bbae6c0fb81c1 from qemu
All the hard work is already done by vfp_expand_imm, we just need to
make sure we pick up the correct size.
Backports commit 6ba28ddb9be37bdb67e3e38007a53ccbdcd010df from qemu
Use write_fp_dreg and clear_vec_high to zero the bits
that need zeroing for these cases.
Backports commit 9a9f1f59521f46e8ff4527d9a2b52f83577e2aa3 from qemu
The instruction "ucvtf v0.4h, v04h, #2", with input 0x8000u,
overflows the intermediate float16 to infinity before we have a
chance to scale the output. Use float64 as the intermediate type
so that no input argument (uint32_t in this case) can overflow
or round before scaling. Given the declared argument, the signed
int32_t function has the same problem.
When converting from float16 to integer, using u/int32_t instead
of u/int16_t means that the bounding is incorrect.
Backports commit 88808a022c06f98d81cd3f2d105a5734c5614839 from qemu
While we have some of the scalar paths for FCVT for fp16,
we failed to decode the fp16 version of these instructions.
Backports commit d0ba8e74acd299b092786ffc30b306638d395a9e from qemu
While we have some of the scalar paths for *CVF for fp16,
we failed to decode the fp16 version of these instructions.
Backports commit a6117fae4576edfe7a5a5b802a742c33112c0993 from qemu
This implements all of the v8.1-Atomics instructions except
for compare-and-swap, which is decoded elsewhere.
Backports commit 74608ea45434c9b07055b21885e093528c5ed98c from qemu
The insns in the ARMv8.1-Atomics are added to the existing
load/store exclusive and load/store reg opcode spaces.
Rearrange the top-level decoders for these to accomodate.
The Atomics insns themselves still generate Unallocated.
Backports commit 68412d2ecedbab5a43b0d346cddb27e00d724aff from qemu
While at it, use int for both num_insns and max_insns to make
sure we have same-type comparisons.
Backports commit b542683d77b4f56cef0221b267c341616d87bce9 from qemu
Path analysis shows that size == 3 && !is_q has been eliminated.
Fixes: Coverity CID1385853
Backports commit a8766e3172c1671cab297c1ef4566a3c5d094822 from qemu
The (size > 3 && !is_q) condition is identical to the preceeding test
of bit 3 in immh; eliminate it. For the benefit of Coverity, assert
that size is within the bounds we expect.
Fixes: Coverity CID1385846
Fixes: Coverity CID1385849
Fixes: Coverity CID1385852
Fixes: Coverity CID1385857
Backports commit 8dae46970532afcf93470b00e83ca9921980efc3 from qemu
The MDCR_EL2.TDE bit allows the exception level targeted by debug
exceptions to be set to EL2 for code executing at EL0. We handle
this in the arm_debug_target_el() function, but this is only used for
hardware breakpoint and watchpoint exceptions, not for the exception
generated when the guest executes an AArch32 BKPT or AArch64 BRK
instruction. We don't have enough information for a translate-time
equivalent of arm_debug_target_el(), so instead make BKPT and BRK
call a special purpose helper which can do the routing, rather than
the generic exception_with_syndrome helper.
Backports commit c900a2e62dd6dde11c8f5249b638caad05bb15be from qemu
In OE project 4.15 linux kernel boot hang was observed under
single cpu aarch64 qemu. Kernel code was in a loop waiting for
vtimer arrival, spinning in TC generated blocks, while interrupt
was pending unprocessed. This happened because when qemu tried to
handle vtimer interrupt target had interrupts disabled, as
result flag indicating TCG exit, cpu->icount_decr.u16.high,
was cleared but arm_cpu_exec_interrupt function did not call
arm_cpu_do_interrupt to process interrupt. Later when target
reenabled interrupts, it happened without exit into main loop, so
following code that waited for result of interrupt execution
run in infinite loop.
To solve the problem instructions that operate on CPU sys state
(i.e enable/disable interrupt), and marked as DISAS_UPDATE,
should be considered as DISAS_EXIT variant, and should be
forced to exit back to main loop so qemu will have a chance
processing pending CPU state updates, including pending
interrupts.
This change brings consistency with how DISAS_UPDATE is treated
in aarch32 case.
Backports commit a75a52d62418dafe462be4fe30485501d1010bb9 from qemu