The TCG-specific CPU methods will be moved to a separate struct,
to make it easier to move accel-specific code outside generic CPU
code in the future. Start by moving tcg_initialize().
The new CPUClass.tcg_opts field may eventually become a pointer,
but keep it an embedded struct for now, to make code conversion
easier.
Backports e9e51b7154404efc9af8735ab87c658a9c434cfd
Vector AMOs operate as if aq and rl bits were zero on each element
with regard to ordering relative to other instructions in the same hart.
Vector AMOs provide no ordering guarantee between element operations
in the same vector AMO instruction
Backports 268fcca66bde62257960ec8d859de374315a5e3d
The unit-stride fault-only-fault load instructions are used to
vectorize loops with data-dependent exit conditions(while loops).
These instructions execute as a regular load except that they
will only take a trap on element 0.
Backports commit 022b4ecf775ffeff522eaea4f0d94edcfe00a0a9 from qemu
Vector indexed operations add the contents of each element of the
vector offset operand specified by vs2 to the base effective address
to give the effective address of each element.
Backports f732560e3551c0823cee52efba993fbb8f689a36
Vector strided operations access the first memory element at the base address,
and then access subsequent elements at address increments given by the byte
offset contained in the x register specified by rs2.
Vector unit-stride operations access elements stored contiguously in memory
starting from the base effective address. It can been seen as a special
case of strided operations.
Backports 751538d5da557e5c10e5045c2d27639580ea54a7
The internals.h keeps things that are not relevant to the actual architecture,
only to the implementation, separate.
Backports f476f17740ad42288d42dd8fedcdae8ca7007a16
vsetvl and vsetvli are two configure instructions for vl, vtype. TB flags
should update after configure instructions. The (ill, lmul, sew ) of vtype
and the bit of (VSTART == 0 && VL == VLMAX) will be placed within tb_flags.
Backports 2b7168fc43fb270fb89e1dddc17ef54714712f3a from qemu
The v0.7.1 specification does not define vector status within mstatus.
A future revision will define the privileged portion of the vector status.
Backports 8e3a1f18871e0ea251b95561fe1ec5a9bc896c4a from qemu
vlen is the vector register length in bits.
elen is the max element size in bits.
vext_spec is the vector specification version, default value is v0.7.1.
Backports 32931383270e2ca8209267ca99f23f3c5f780982 from qemu
The 32 vector registers will be viewed as a continuous memory block.
It avoids the convension between element index and (regno, offset).
Thus elements can be directly accessed by offset from the first vector
base address.
Backports ad9e5aa2ae8032f19a8293b6b8f4661c06167bf0 from qemu
Call the helper_hyp_tlb_flush() function on hfence instructions which
will generate an illegal insruction execption if we don't have
permission to flush the Hypervisor level TLBs.
Backports commit 2761db5fc20943bbd606b6fd49640ac000398de6 from qemu
The function that makes NaN-boxing when a 32-bit value is assigned
to a 64-bit FP register is split out to a helper gen_nanbox_fpr().
Then it is applied in translating of the FLW instruction.
Backports commit 354908cee1f7ff761b5fedbdb6376c378c10f941 from qemu
The RISC-V ISA spec version 1.09.1 has been deprecated in QEMU since
4.1. It's not commonly used so let's remove support for it.
Backports commit 1a9540d1f1a9c5022d9273d0244e5809679dd33b from qemu
The sifive-e34 cpu type is the same as the sifive-e31 with the
single precision floating-point extension enabled.
Backports commit d784733bf1875c1ba355c69739518f24d56f1260 from qemu
Remove the user version information. This was never used and never
publically exposed in a release of QEMU, so let's just remove it. In
future to manage versions we can extend the extension properties to
specify version.
Backports commit c9a73910c34a2147bcf6a3b5194d27abb19c2e54 from qemu
As-per RISC-V H-Extension v0.5 draft, the Stage2 SV32 page table has
12bits of VPN[1] and 10bits of VPN[0]. The additional 2bits in VPN[1]
is required to handle the 34bit intermediate physical address coming
from Stage1 SV32 page table. The 12bits of VPN[1] implies that Stage2
SV32 level-0 page table will be 16KB in size with total 4096 enteries
where each entry maps 4MB of memory (same as Stage1 SV32 page table).
The get_physical_address() function is broken for Stage2 SV32 level-0
page table because it incorrectly computes output physical address for
Stage2 SV32 level-0 page table entry.
The root cause of the issue is that get_physical_address() uses the
"widened" variable to compute level-0 physical address mapping which
changes level-0 mapping size (instead of 4MB). We should use the
"widened" variable only for computing index of Stage2 SV32 level-0
page table.
Backports commit ee79e7cd47ef47074d7c20c221321c5d31d3683d from qemu
Take the result of stage-1 and stage-2 page table walks and AND the two
protection flags together. This way we require both to set permissions
instead of just stage-2.
Backports commit 8f67cd6db7375f9133d900b13b300931fbc2e1d8 from qemu
When doing the fist of a two stage lookup (Hypervisor extensions) don't
set the current protection flags from the second stage lookup of the
base address PTE.
Backports commit 384728905441279e54fa3d714b11bf1b1bcbfd27 from qemu
Currently riscv_cpu_local_irq_pending is used to find out pending
interrupt and VS mode interrupts are being shifted to represent
S mode interrupts in this function. So when the cause returned by
this function is passed to riscv_cpu_do_interrupt to actually
forward the interrupt, the VS mode forwarding check does not work
as intended and interrupt is actually forwarded to hypervisor. This
patch fixes this issue.
Backports commit c5969a3a3c2cb9ea02ffb7e86acb059d3cf8c264 from qemu
As reported in: https://bugs.launchpad.net/qemu/+bug/1851939 we weren't
correctly handling illegal instructions based on the value of MSTATUS_TSR
and the current privledge level.
This patch fixes the issue raised in the bug by raising an illegal
instruction if TSR is set and we are in S-Mode.
Backports commit ed5abf46b3c414ef58e647145f19b3966700b206 from qemu
Currently, TIME CSRs are emulated only for user-only mode. This
patch add TIME CSRs emulation for privileged mode.
For privileged mode, the TIME CSRs will return value provided
by rdtime callback which is registered by QEMU machine/platform
emulation (i.e. CLINT emulation). If rdtime callback is not
available then the monitor (i.e. OpenSBI) will trap-n-emulate
TIME CSRs in software.
We see 25+% performance improvement in hackbench numbers when
TIME CSRs are not trap-n-emulated.
Backports commit c695724868ce4049fd79c5a509880dbdf171e744 from qemu
Add a helper macro MSTATUS_MPV_ISSET() which will determine if the
MSTATUS_MPV bit is set for both 32-bit and 64-bit RISC-V.
Backports commit e44b50b5b2e508fdd24915ab0e44ac49685e1de3 from qemu
mark_fs_dirty() is the only place in translate.c that uses the
virt_enabled bool. Let's respect the contents of MSTATUS.MPRV and
HSTATUS.SPRV when setting the bool as this is used for performing
floating point operations when V=0.
Backports commit ae84dd0ab7eaf7e98cd6ee05b2063cce8ff9bc02 from qemu
When the Hypervisor extension is in use we only enable floating point
support when both status and vsstatus have enabled floating point
support.
Backports commit 29409c1d921d607873268671bf11a088efb5558e from qemu
The hret instruction does not exist in the new spec versions, so remove
it from QEMU.
Backports commit 0736febb2d0e1bb503ca07091c16a16e78480366 from qemu
To ensure our TLB isn't out-of-date we flush it on all virt mode
changes. Unlike priv mode this isn't saved in the mmu_idx as all
guests share V=1. The easiest option is just to flush on all changes.
Backports commit eccc5a12c2fd1c646c69a1e7de29183b7a559973 from qemu
Add a FORCE_HS_EXCEP mode to the RISC-V virtulisation status. This bit
specifies if an exeption should be taken to HS mode no matter the
current delegation status. This is used when an exeption must be taken
to HS mode, such as when handling interrupts.
Backports commit c7b1bbc80fc2af17395d3986c346fd2307e57829 from qemu
Add the Hypervisor CSRs to CPUState and at the same time (to avoid
bisect issues) update the CSR macros for the v0.5 Hyp spec.
Backports commit bd023ce33b85d73791b7bc78fd04a8115c60995e from qemu
The MIP CSR is a xlen CSR, it was only 32-bits to allow atomic access.
Now that we don't use atomics for MIP we can change this back to a xlen
CSR.
Backports commit 028616130d5f0abc8a3b96f28963da51a875024b from qemu
When executing an xRET instruction, supposing xPP holds the
value y, xIE is set to xPIE; the privilege mode is changed to y;
xPIE is set to 1. But QEMU sets xPIE to 0 incorrectly.
Backports commit a37f21c27d3e2342c2080aafd4cfe7e949612428 from qemu
Preparation for collapsing the two byte swaps, adjust_endianness and
handle_bswap, along the I/O path.
Target dependant attributes are conditionalized upon NEED_CPU_H.
Backports commit 14776ab5a12972ea439c7fb2203a4c15a09094b4 from qemu
We should avoid including the whole of softfloat headers in cpu.h and
explicitly include it only where we will be calling softfloat
functions. We can use the -types.h and -helpers.h in cpu.h for the few
bits that are global.
Backports commit 135b03cb9defbd080b8834b30e3d45bed00c6137 from qemu
This prevents a load reservation from being placed in one context/process,
then being used in another, resulting in an SC succeeding incorrectly and
breaking atomics.
Backports commit c13b169f1a3dd158d6c75727cdc388f95988db39 from qemu
The various CSR instructions have been split out of the base ISA as part
of the ratification process. This patch adds a Zicsr argument, which
disables all the CSR instructions.
Backports commit 591bddea8d874e1500921de0353818e5586618f5 from qemu
fence.i has been split out of the base ISA as part of the ratification
process. This patch adds a Zifencei argument, which disables the
fence.i instruction.
Backports commit 50fba816cd226001bec3e495c39879deb2fa5432 from qemu
Set the priv spec version 1.11.0 as the default and allow selecting it
via the command line.
Backports commit e3147506b02edcdd7c14ebb41a10fcc3027dcc5c from qemu
1.11 defines mcountinhibit, which has the same numeric CSR value as
mucounteren from 1.09.1 but has different semantics. This patch enables
the CSR for 1.11-based targets, which is trivial to implement because
the counters in QEMU never tick (legal according to the spec).
Backports commit 747a43e818dc36bd50ef98c2b11a7c31ceb810fa from qemu
Restructure the deprecated CPUs to make it clear in the code that these
are depreated. They are already marked as deprecated in
qemu-deprecated.texi. There are no functional changes.
Backports commit c1fb65e63cfca4506a14b084afd0eca2dc464fe8 from qemu
The current implementation returns 1 (PMP check success) if the address is in
range even if the PMP entry is off. This is a bug.
For example, if there is a PMP check in S-Mode which is in range, but its PMP
entry is off, this will succeed, which it should not.
The patch fixes this bug by only checking the PMP permissions if the address is
in range and its corresponding PMP entry it not off. Otherwise, it will keep
the ret = -1 which will be checked and handled correctly at the end of the
function.
Backports commit f8162068f18f2f264a0355938784f54089234211 from qemu
The PMP should be checked when doing a page table walk, and report access
fault exception if the to-be-read PTE failed the PMP check.
Backports commit 1f447aec787bfbbd078afccae44fc4c92acb4fed from qemu
The current PMP check function checks for env->priv which is not the effective
memory privilege mode.
For example, mstatus.MPRV could be set while executing in M-Mode, and in that
case the privilege mode for the PMP check should be S-Mode rather than M-Mode
(in env->priv) if mstatus.MPP == PRV_S.
This patch passes the effective memory privilege mode to the PMP check.
Functions that call the PMP check should pass the correct memory privilege mode
after reading mstatus' MPRV/MPP or hstatus.SPRV (if Hypervisor mode exists).
Backports commit cc0fdb298517ce56c770803447f8b02a90271152 from qemu
Section 3.6 in RISC-V v1.10 privilege specification states that PMP violations
report "access exceptions." The current PMP implementation has
a bug which wrongly reports "page exceptions" on PMP violations.
This patch fixes this bug by reporting the correct PMP access exceptions
trap values.
Backports commit 635b0b0ea39a13d1a3df932452e5728aebbb3f6e from qemu
The current implementation unnecessarily checks for PMP even if MMU translation
failed. This may trigger a wrong PMP access exception instead of
a page exception.
For example, the very first instruction fetched after the first satp write in
S-Mode will trigger a PMP access fault instead of an instruction fetch page
fault.
This patch prioritises MMU exceptions over PMP exceptions and only checks for
PMP if MMU translation succeeds. This patch is required for future commits
that properly report PMP exception violations if PTW succeeds.
Backports commit e0f8fa72deba7ac7a7ae06ba25e6498aaad93ace from qemu
This patch adds support for the riscv_cpu_unassigned_access call
and will raise a load or store access fault.
Backports commit cbf5827693addaff4e4d2102afedbf078a204eb2 from qemu
A wrong address is passed to `pmp_is_in_range` while checking if a
memory access is within a PMP range.
Since the ending address of the pmp range (i.e., pmp_state.addr[i].ea)
is set to the last address in the range (i.e., pmp base + pmp size - 1),
memory accesses containg the last address in the range will always fail.
For example, assume that a PMP range is 4KB from 0x87654000 such that
the last address within the range is 0x87654fff.
1-byte access to 0x87654fff should be considered to be fully inside the
PMP range.
However the access now fails and complains partial inclusion because
pmp_is_in_range(env, i, addr + size) returns 0 whereas
pmp_is_in_range(env, i, addr) returns 1.
Backports commit 49db9fa1fd7c252596b53cf80876e06f407d09ed from qemu
Nothing in there so far, but all of the plumbing done
within the target ArchCPU state.
Backports commit 5b146dc716cfd247f99556c04e6e46fbd67565a0 from qemu
Now that we have ArchCPU, we can define this generically,
in the one place that needs it.
Backports commit 677c4d69ac21961e76a386f9bfc892a44923acc0 from qemu
Cleanup in the boilerplate that each target must define.
Replace riscv_env_get_cpu with env_archcpu. The combination
CPU(riscv_env_get_cpu) should have used ENV_GET_CPU to begin;
use env_cpu now.
Backports commit 3109cd98a6c0c618189b38a83a8aa29cb20acbce from qemu
Now that we have both ArchCPU and CPUArchState, we can define
this generically instead of via macro in each target's cpu.h.
Backports commit 29a0af618ddd21f55df5753c3e16b0625f534b3c from qemu
For all targets, into this new file move TARGET_LONG_BITS,
TARGET_PAGE_BITS, TARGET_PHYS_ADDR_SPACE_BITS,
TARGET_VIRT_ADDR_SPACE_BITS, and NB_MMU_MODES.
Include this new file from exec/cpu-defs.h.
This now removes the somewhat odd requirement that target/arch/cpu.h
defines TARGET_LONG_BITS before including exec/cpu-defs.h, so push the
bulk of the includes within target/arch/cpu.h to the top.
Backports commit 74433bf083b0766aba81534f92de13194f23ff3e from qemu
According to the spec, "All bits besides SSIP, USIP, and UEIP in the sip
register are read-only." Further, if an interrupt is not delegated to mode x,
then "the corresponding bits in xip [...] should appear to be hardwired to
zero. This patch implements both of those requirements.
Backports commit 087b051a51a0c2a5bc1e8d435a484a8896b4176b from qemu
C.ADDI16SP, C.LWSP, C.JR, C.ADDIW, C.LDSP all have reserved
operands that were not diagnosed.
Backports commit 4cc16b3b9282e04fab8e84d136540757e82af019 from qemu
At the same time deprecate the ISA string CPUs.
It is dobtful anyone specifies the CPUs, but we are keeping them for the
Spike machine (which is about to be depreated) so we may as well just
mark them as deprecated.
Backports commit 8903bf6e6d73d03b988b4a8197132de2ad681ff5 from qemu
The tcg_gen_fooi_tl functions have some immediate constant
folding built in, which match up with some of the riscv asm
builtin macros, like mv and not.
Backports commit 598aa1160c3d17ab9271daf1f69d093ebada3f25 from qemu
This eliminates all functions in insn_trans/trans_rvc.inc.c,
so the entire file can be removed.
Backports commit 0e68e240a9bd3b44a91cd6012f0e2bf2a43b9fe2 from qemu
This eliminates about half of the complicated decode
bits within insn_trans/trans_rvc.inc.c.
Backports commit c2cfb97c01a3636867c1a4a24f8a99fd8c6bed28 from qemu
Special handling for IMM==0 is the only difference between
RVC shifti and RVI shifti. This can be handled with !function.
Backports commit 6cafec92f1c862a9754ef6a28be68ba7178a284d from qemu
In some cases this allows us to directly use the insn32
translator function. In some cases we still need a shim.
Backports commit e1d455dd91c935c714412dafeb24db947429a929 from qemu
The generated functions are only used within translate.c
and do not need to be global, or declared.
Backports commit 81770255581bd210c57b86a6e808628ab8d0c543 from qemu
This patch introduces wrappers around the tcg_gen_exit_tb() and
tcg_gen_lookup_and_goto_ptr() functions that handle single stepping,
i.e. call gen_exception_debug() when single stepping is enabled.
Theses functions are then used instead of the originals, bringing single
stepping handling in places where it was previously ignored such as jalr
and system branch instructions (ecall, mret, sret, etc.).
Backports commit 6e2716d8ca4edf3597307accef7af36e8ad966eb from qemu
The 'sfence.vma' instruction is privileged, and should only ever be allowed
when executing in supervisor mode or higher.
Backports commit b86f4167630802128d94f3c89043d97d2f4c2546 from qemu
We can now use the CPUClass hook instead of a named function.
Create a static tlb_fill function to avoid other changes within
cputlb.c. This also isolates the asserts within. Remove the
named tlb_fill function from all of the targets.
Backports commit c319dc13579a92937bffe02ad2c9f1a550e73973 from qemu
Note that env->pc is removed from the qemu_log as that value is garbage.
The PC isn't recovered until cpu_restore_state, called from
cpu_loop_exit_restore, called from riscv_raise_exception.
Backports commit 8a4ca3c10a96be6ed7f023b685b688c4d409bbcb from qemu
Leading underscores are ill-advised because such identifiers are
reserved. Trailing underscores are merely ugly. Strip both.
Our header guards commonly end in _H. Normalize the exceptions.
Done with scripts/clean-header-guards.pl.
Backports commit a8b991b52dcde75ab5065046653626951aac666d from qemu
In order to handle TB's that translate to too much code, we
need to place the control of the length of the translation
in the hands of the code gen master loop.
Backports commit 8b86d6d25807e13a63ab6ea879f976b9f18cc45a from qemu
While running the GCC test suite against 4.0.0-rc0, Kito found a
regression introduced by the decodetree conversion that caused divuw and
remuw to sign-extend their inputs. The ISA manual says they are
supposed to be zero extended:
DIVW and DIVUW instructions are only valid for RV64, and divide the
lower 32 bits of rs1 by the lower 32 bits of rs2, treating them as
signed and unsigned integers respectively, placing the 32-bit
quotient in rd, sign-extended to 64 bits. REMW and REMUW
instructions are only valid for RV64, and provide the corresponding
signed and unsigned remainder operations respectively. Both REMW
and REMUW always sign-extend the 32-bit result to 64 bits, including
on a divide by zero.
Here's Kito's reduced test case from the GCC test suite
unsigned calc_mp(unsigned mod)
{
unsigned a,b,c;
c=-1;
a=c/mod;
b=0-a*mod;
if (b > mod) { a += 1; b-=mod; }
return b;
}
int main(int argc, char *argv[])
{
unsigned x = 1234;
unsigned y = calc_mp(x);
if ((sizeof (y) == 4 && y != 680)
|| (sizeof (y) == 2 && y != 134))
abort ();
exit (0);
}
I haven't done any other testing on this, but it does fix the test case.
Backports commit f17e02cd3731bdfe2942d1d0b2a92f26da02408c from qemu
If vectored interrupts are enabled (bits[1:0]
of mtvec/stvec == 1) then use the following
logic for trap entry address calculation:
pc = mtvec + cause * 4
In addition to adding support for vectored interrupts
this patch simplifies the interrupt delivery logic
by making sync/async cause decoding and encoding
steps distinct.
The cause code and the sign bit indicating sync/async
is split at the beginning of the function and fixed
cause is renamed to cause. The MSB setting for async
traps is delayed until setting mcause/scause to allow
redundant variables to be eliminated. Some variables
are renamed for conciseness and moved so that decls
are at the start of the block.
Backports commit acbbb94e5730c9808830938e869d243014e2923a from qemu
This effectively changes riscv_cpu_update_mip
from edge to level. i.e. cpu_interrupt or
cpu_reset_interrupt are called regardless of
the current interrupt level.
Fixes WFI doesn't return when a IPI is issued:
- https://github.com/riscv/riscv-qemu/issues/132
To test:
1) Apply RISC-V Linux CPU hotplug patch:
- http://lists.infradead.org/pipermail/linux-riscv/2018-May/000603.html
2) Enable CONFIG_CPU_HOTPLUG in linux .config
3) Try to offline and online cpus:
echo 1 > /sys/devices/system/cpu/cpu2/online
echo 0 > /sys/devices/system/cpu/cpu2/online
echo 1 > /sys/devices/system/cpu/cpu2/online
Backports commit d26f5a423438e579d3ff0ca35e44edb966a36233 from qemu
This change checks elf_flags for EF_RISCV_RVE and if
present uses the RVE linux syscall ABI which uses t0
for the syscall number instead of a7.
Warn and exit if a non-RVE ABI binary is run on a
cpu with the RVE extension as it is incompatible.
Backports relevant parts of 5836c3eccedb6dfab16b8f606f2de24b8938b69c
from qemu
We can't allow the supervisor to control SEIP as this would allow the
supervisor to clear a pending external interrupt which will result in
lost a interrupt in the case a PLIC is attached. The SEIP bit must be
hardware controlled when a PLIC is attached.
This logic was previously hard-coded so SEIP was always masked even
if no PLIC was attached. This patch adds riscv_cpu_claim_interrupts
so that the PLIC can register control of SEIP. In the case of models
without a PLIC (spike), the SEIP bit remains software controlled.
This interface allows for hardware control of supervisor timer and
software interrupts by other interrupt controller models.
Backports commit e3e7039cc24ecf47d81c091e8bb04552d6564ad8 from qemu
Add a debugger field to CPURISCVState. Add riscv_csrrw_debug function
to set it. Disable mode checks when debugger field true.
Backports commit 753e3fe207db08ce0ef0405e8452c3397c9b9308 from qemu
This adds some missing CSR_* register macros, and documents some as being
priv v1.9.1 specific.
Backports commit 8e73df6aa3f2f0e5c26c03a94a88406616291815 from qemu
during the refactor to decodetree we removed the manual decoding that is
necessary for c.jal/c.addiw and removed the translation of c.flw/c.ld
and c.fsw/c.sd. This reintroduces the manual parsing and the
omited implementation.
Backports commit f330433b3633647b047cfa418c2ca4d18fda69c7 from qemu
with all 16 bit insns moved to decodetree no path is falling back to
gen_system(), so we can remove it.
Backports commit 8f7bc273868939f0821e07fb23792db63d45bffb from qemu
manual decoding in gen_arith() is not necessary with decodetree. For now
the function is called trans_arith as the original gen_arith still
exists. The former will be renamed to gen_arith as soon as the old
gen_arith can be removed.
Backports commit f2ab1728675772cd475a33f4df3d2f68a22c188f from qemu
gen_arith_imm() does a lot of decoding manually, which was hard to read
in case of the shift instructions and is not necessary anymore with
decodetree.
Backports commit 7a50d3e2ae7f13b24fe55990ea0b8ddcbbb43130 from qemu
With decodetree we don't need to convert RISC-V opcodes into to MemOps
as the old gen_store() did.
Backports commit bce8a342a1f0919479d18ec812b100136daa746b from qemu
With decodetree we don't need to convert RISC-V opcodes into to MemOps
as the old gen_load() did.
Backports commit 98898b20e9cca462843c22ad952c216ffd57d654 from qemu
We now utilizes argument-sets of decodetree such that no manual
decoding is necessary.
Backports commit 090cc2c898a04e42350eabf1bcf7d245471603f9 from qemu
