we cannot remove the call to gen_arith() in decode_RV32_64G() since it
is used to translate multiply instructions.
Backports commit b73a987b09ad5081123dc6b1e8e6c8305a1c8673 from qemu
this splits the 64-bit only instructions into its own decode file such
that we generate the decoder for these instructions only for the RISC-V
64 bit target.
Backports commit 7e45a682edc32ba90d6955215f062210531b835b from qemu
for now only LUI & AUIPC are decoded and translated. If decodetree fails, we
fall back to the old decoder.
Backports commit 2a53cff418335ccb4719e9a94fde55f6ebcc895d from qemu
Previously this would result in an exception for shifting
the field mask by a negative number.
Backports commit 2decfc95583dc28add69810eaca6ada7b4b44d3a from qemu
This is interesting for bisection, where an output file is plumbed,
but does not yet have patterns.
Backports commit 82bfac1c06cadeb5c7252734dc695d951185916c from qemu
As a consequence, the 'return false' gets pushed up one level.
This will allow us to perform some other action when the
translator returns failure.
Backports commit eb6b87fac70dd62e3f1286703db20c012e7a9611 from qemu
flatview_add_to_dispatch() registers page based on the condition of
*section*, which may looks like this:
|s|PPPPPPP|s|
where s stands for subpage and P for page.
The procedure of this function could be described as:
- register first subpage
- register page
- register last subpage
This means the procedure could be simplified into these three steps
instead of a loop iteration.
This patch refactors the function into three corresponding steps and
adds some comment to clarify it.
Backports commit 494d199727ba248c96326b4e1c97f86eb11a5ec7 from qemu
Since OpenBSD 6.0 [1], W^X is enforced by default [2].
TCG requires WX access. Disable W^X if it is available.
This fixes:
\# lm32-softmmu/qemu-system-lm32
Could not allocate dynamic translator buffer
\# sysctl kern.wxabort=1
kern.wxabort: 0 -> 1
\# lm32-softmmu/qemu-system-lm32
mmap: Not supported
Abort trap (core dumped)
\# gdb -q lm32-softmmu/qemu-system-lm32 qemu-system-lm32.core
(gdb) bt
\#0 0x000017e3c156c50a in _thread_sys___syscall () at {standard input}:5
\#1 0x000017e3c15e5d7a in *_libc_mmap (addr=Variable "addr" is not available.) at /usr/src/lib/libc/sys/mmap.c:47
\#2 0x000017e17d9abc8b in alloc_code_gen_buffer () at /usr/src/qemu/accel/tcg/translate-all.c:1064
\#3 0x000017e17d9abd04 in code_gen_alloc (tb_size=0) at /usr/src/qemu/accel/tcg/translate-all.c:1112
\#4 0x000017e17d9abe81 in tcg_exec_init (tb_size=0) at /usr/src/qemu/accel/tcg/translate-all.c:1149
\#5 0x000017e17d9897e9 in tcg_init (ms=0x17e45e456800) at /usr/src/qemu/accel/tcg/tcg-all.c:66
\#6 0x000017e17d9891b8 in accel_init_machine (acc=0x17e3c3f50800, ms=0x17e45e456800) at /usr/src/qemu/accel/accel.c:63
\#7 0x000017e17d989312 in configure_accelerator (ms=0x17e45e456800, progname=0x7f7fffff07b0 "lm32-softmmu/qemu-system-lm32") at /usr/src/qemu/accel/accel.c:111
\#8 0x000017e17d9d8616 in main (argc=1, argv=0x7f7fffff06b8, envp=0x7f7fffff06c8) at vl.c:4325
[1] https://www.openbsd.org/faq/upgrade60.html
[2] https://undeadly.org/cgi?action=article&sid=20160527203200
Backports commit 7776ea6b49873ed18a2111e25ed8a6d94bd73db8 from qemu
Intel Processor Trace required CPUID[0x14] but the cpuid_level
have no change when create a kvm guest with
e.g. "-cpu qemu64,+intel-pt
Backports relevant bits of commit
f24c3a79a415042f6dc195f029a2ba7247d14cac from qemu
This ports over the RISC-V architecture from Qemu. This is currently a
very barebones transition. No code hooking or any fancy stuff.
Currently, you can feed it instructions and query the CPU state itself.
This also allows choosing whether or not RISC-V 32-bit or RISC-V 64-bit
is desirable through Unicorn's interface as well.
Extremely basic examples of executing a single instruction have been
added to the samples directory to help demonstrate how to use the basic
functionality.
These changes were mostly made in upstream unicorn for what I can guess,
was to support old versions of MSVC's compiler.
This is also a pain to maintain, since everything needs to be done
manually and can be a source of errors. It also makes it take more work
than it needs to, to backport changes from qemu.
Because of that, this change restores Qemu's organization of the
coprocessor registers.
This decoding more closely matches the ARMv8.4 Table C4-6,
Encoding table for Data Processing - Register Group.
In particular, op2 == 0 is now more than just Add/sub (with carry).
Backports commit 2fba34f70d9a81bab56e61bb99a4d6632bdfe531 from qemu
We do not need an out-of-line helper for manipulating bits in pstate.
While changing things, share the implementation of gen_ss_advance.
Backports commit 22ac3c49641f6eed93dca5b852030b4d3eacf6c4 from qemu
The EL0+UMA check is unique to DAIF. While SPSel had avoided the
check by nature of already checking EL >= 1, the other post v8.0
extensions to MSR (imm) allow EL0 and do not require UMA. Avoid
the unconditional write to pc and use raise_exception_ra to unwind.
Backports commit ff730e9666a716b669ac4a8ca7c521177d1d2b15 from qemu
Minimize the number of places that will need updating when
the virtual host extensions are added.
Backports commit 64e40755cd41fbe8cd266cf387e42ddc57a449ef from qemu
Found by inspection: Rn is the base register against which the
load began; I is the register within the mask being processed.
The exception return should of course be processed from the loaded PC.
Backports commit 9d090d17234058f55c3c439d285db78c94d7d4de from qemu
Previously we weren't even initializing the instruction table, so any
attempt at emulation would cause a segmentation fault.
This also moves the end address check after the decoding to correctly
perform exiting behavior with the new translator model.
Previously we'd be checking prior to the actual decoding if we were at
the ending address. This worked fine using the old model of the
translation process in qemu. However, this causes the wrong behavior to
occur in both ARM and Thumb/Thumb-2 modes using the newer translator
model.
Given the translator itself checks for the end address already, this
needs to be placed within arm_post_translate_insn().
This prevents the emulation process being off-by-one as well when it
comes to actually executing the instructions.
1. Create an enum name for the IPSR register.
2. Implement read and write of the IPSR via the xpsr helper functions.
Fixes#1065
Backports commit 6c319941a5462ee3a4af4593c371f5674394d6ce from unicorn.
* Added MXCSR register for reading and writing
* Changed writing for fpucw register, now the qemu rounding status is updated as well
Backports commit 256e7782ceafb1f8915da167040d5368c38f9585 from unicorn
Set up MMI code to be compiled only for TARGET_MIPS64. This is
needed so that GPRs are 64 bit, and combined with MMI registers,
they will form full 128 bit registers.
Backports commit 37b9aae2e6e005e6df206a0b4804972460806166 from qemu
Note that float16_to_float32 rightly squashes SNaN to QNaN.
But of course pickNaNMulAdd, for ARM, selects SNaNs first.
So we have to preserve SNaN long enough for the correct NaN
to be selected. Thus float16_to_float32_by_bits.
Backports commit a4e943a716d5fac923d82df3eabc65d1e3624019 from qemu
There is a set of VFP instructions which we implement in
disas_vfp_v8_insn() and gate on the ARM_FEATURE_V8 bit.
These were all first introduced in v8 for A-profile, but in
M-profile they appeared in v7M. Gate them on the MVFR2
FPMisc field instead, and rename the function appropriately.
Backports commit c0c760afe800b60b48c80ddf3509fec413594778 from qemu
Instead of gating the A32/T32 FP16 conversion instructions on
the ARM_FEATURE_VFP_FP16 flag, switch to our new approach of
looking at ID register bits. In this case MVFR1 fields FPHP
and SIMDHP indicate the presence of these insns.
This change doesn't alter behaviour for any of our CPUs.
Backports commit 602f6e42cfbfe9278be34e9b91d2ceb695837e02 from qemu
Previously this was only supported for roundAndPackFloat64.
New support in round_canonical, round_to_int, float128_round_to_int,
roundAndPackFloat32, roundAndPackInt32, roundAndPackInt64,
roundAndPackUint64. This does not include any of the floatx80 routines,
as we do not have users for that rounding mode there.
Backports commit 5d64abb32ffe558e616545819f3e53dd66335994 from qemu
Handling it just like float128_to_uint32_round_to_zero, that hopefully
is free of bugs :)
Documentation basically copied from float128_to_uint64
Backports commit e45de9922e43c1ce4f4739b62142314a13029d5c from qemu
Needed on s390x, to test for the data class of a number. So it will
gain soon a user.
A number is considered normal if the exponent is neither 0 nor all 1's.
That can be checked by adding 1 to the exponent, and comparing against
>= 2 after dropping an eventual overflow into the sign bit.
While at it, convert the other floatXX_is_normal functions to use a
similar, less error prone calculation, as suggested by Richard H.
Backports commit 47393181604d507f4fe2a15a65b1eede0f974d6a from qemu
Especially when dealing with out-of-line gvec helpers, it is often
helpful to specify some vector pointers as constant. E.g. when
we have two inputs and one output, marking the two inputs as consts
pointers helps to avoid bugs.
Const pointers can be specified via "cptr", however behave in TCG just
like ordinary pointers. We can specify helpers like:
DEF_HELPER_FLAGS_4(gvec_vbperm, TCG_CALL_NO_RWG, void, ptr, cptr, cptr, i32)
void HELPER(gvec_vbperm)(void *v1, const void *v2, const void *v3,
uint32_t desc)
And make sure that here, only v1 will be written (as long as const is
not casted away, of course).
Backports commit 8c6edfdd90522caa4fc429144d393aba5b99f584 from qemu
The last update to this file was 9 years ago. In the meantime,
4 of the 6 ideas have actually been completed. The lat two do
not actually make sense anymore.
Backports commit 9e564a1dde5abc7ae4cebc115142f685d98938d7 from qemu
There are lots of special cases within these insns. Split the
major argument decode/loading/saving into no_output (compares),
rd_is_dp, and rm_is_dp.
We still need to special case argument load for compare (rd as
input, rm as zero) and vcvt fixed (rd as input+output), but lots
of special cases do disappear.
Now that we have a full switch at the beginning, hoist the ISA
checks from the code generation.
Backports commit e80941bd64cc388554770fd72334e9e7d459a1ef from qemu
Move all of the fp helpers out of helper.c into a new file.
This is code movement only. Since helper.c has no copyright
header, take the one from cpu.h for the new file.
Backports commit 37356079fcdb34e13abbed8ea0c00ca880c31247 from qemu
For opcodes 0-5, move some if conditions into the structure
of a switch statement. For opcodes 6 & 7, decode everything
at once with a second switch.
Backports commit 3c3ff68492c2d00bd8cb39ed2d02bdaf5caf5cb8 from qemu
This was introduced by
commit bf8d09694ccc07487cd73d7562081fdaec3370c8
target/arm: Don't clear supported PMU events when initializing PMCEID1
and identified by Coverity (CID 1398645).
Backports commit 67da43d668320e1bcb0a0195aaf2de4ff2a001a0 from qemu
The "background region" for a v8M MPU is a default which will be used
(if enabled, and if the access is privileged) if the access does
not match any specific MPU region. We were incorrectly using it
always (by putting the condition at the wrong nesting level). This
meant that we would always return the default background permissions
rather than the correct permissions for a specific region, and also
that we would not return the right information in response to a
TT instruction.
Move the check for the background region to the same place in the
logic as the equivalent v8M MPUCheck() pseudocode puts it.
This in turn means we must adjust the condition we use to detect
matches in multiple regions to avoid false-positives.
Backports commit cff21316c666c8053b1f425577e324038d0ca30d from qemu
The next commit wants to generate qapi-emit-events.{c.h}. To enable
that, extend QAPISchemaModularCVisitor to support additional "system
modules", i.e. modules that don't correspond to a (user-defined) QAPI
schema module.
Backports commit c2e196a9b41235a308fb6d1c516aa91ba0a807c8 from qemu
We neglect to call .visit_module() for the special module we use for
built-ins. Harmless, but clean it up anyway. The
tests/qapi-schema/*.out now show the built-in module as 'module None'.
Subclasses of QAPISchemaModularCVisitor need to ._add_module() this
special module to enable code generation for built-ins. When this
hasn't been done, QAPISchemaModularCVisitor.visit_module() does
nothing for the special module. That looks like built-ins could
accidentally be generated into the wrong module when a subclass
neglects to call ._add_module(). Can't happen, because built-ins are
all visited before any other module. But that's non-obvious. Switch
off code generation explicitly.
Rename QAPISchemaModularCVisitor._begin_module() to
._begin_user_module().
New QAPISchemaModularCVisitor._is_builtin_module(), for clarity.
Backports commit dcac64711ea906e844ae60a5927e5580f7252c1e from qemu
Fortunately, the functions affected are so far only called from SVE,
so there is no tail to be cleared. But as we convert more of AdvSIMD
to gvec, this will matter.
Backports commit d8efe78e8039511b95c23d75bb48eca6873fbb0f from qemu
For same-sign saturation, we have tcg vector operations. We can
compute the QC bit by comparing the saturated value against the
unsaturated value.
Backports commit 89e68b575e138d0af1435f11a8ffcd8779c237bd from qemu
Change the representation of this field such that it is easy
to set from vector code.
Backports commit a4d5846245c5e029e5aa3945a9bda1de1c3fedbf from qemu
Given that we mask bits properly on set, there is no reason
to mask them again on get. We failed to clear the exception
status bits, 0x9f, which means that the wrong value would be
returned on get. Except in the (probably normal) case in which
the set clears all of the bits.
Simplify the code in set to also clear the RES0 bits.
Backports commit 18aaa59c622208743565307668a2100ab24f7de9 from qemu
Minimize the code within a macro by splitting out a helper function.
Use deposit32 instead of manual bit manipulation.
Backports commit 55a889456ef78f3f9b8eae9846c2f1453b1dd77b from qemu
The 32-bit PMIN/PMAX has been decomposed to scalars,
and so can be trivially expanded inline.
Backports commit 9ecd3c5c1651fa7f9adbedff4806a2da0b50490c from qemu
Since we're now handling a == b generically, we no longer need
to do it by hand within target/arm/.
Backports commit 2900847ff4c862887af750935a875059615f509a from qemu
There are a whole bunch more registers in the CPUID space which are
currently not used but are exposed as RAZ. To avoid too much
duplication we expand ARMCPRegUserSpaceInfo to understand glob
patterns so we only need one entry to tweak whole ranges of registers.
Backports commit d040242effe47850060d2ef1c461ff637d88a84d from qemu
As this is a single register we could expose it with a simple ifdef
but we use the existing modify_arm_cp_regs mechanism for consistency.
Backports commit 522641660c3de64ed8322b8636c58625cd564a3f from qemu
A number of CPUID registers are exposed to userspace by modern Linux
kernels thanks to the "ARM64 CPU Feature Registers" ABI. For QEMU's
user-mode emulation we don't need to emulate the kernels trap but just
return the value the trap would have done. To avoid too much #ifdef
hackery we process ARMCPRegInfo with a new helper (modify_arm_cp_regs)
before defining the registers. The modify routine is driven by a
simple data structure which describes which bits are exported and
which are fixed.
Backports commit 6c5c0fec29bbfe36c64eca1edfd8455be46b77c6 from qemu
Although technically not visible to userspace the kernel does make
them visible via a trap and emulate ABI. We provide a new permission
mask (PL0U_R) which maps to PL0_R for CONFIG_USER builds and adjust
the minimum permission check accordingly.
Backports commit b5bd7440422bb66deaceb812bb9287a6a3cdf10c from qemu
The lo,hi order is different from the comments. And in commit
1ec182c33379 ("target/arm: Convert to HAVE_CMPXCHG128"), it changes
the original code logic. So just restore the old code logic before this
commit:
do_paired_cmpxchg64_be():
cmpv = int128_make128(env->exclusive_high, env->exclusive_val);
newv = int128_make128(new_hi, new_lo);
This fixes a bug that would only be visible for big-endian
AArch64 guest code.
Fixes: 1ec182c33379 ("target/arm: Convert to HAVE_CMPXCHG128")
Backports commit abd5abc58c5d4c9bd23427b0998a44eb87ed47a2 from qemu
HACR_EL2 is a register with IMPDEF behaviour, which allows
implementation specific trapping to EL2. Implement it as RAZ/WI,
since QEMU's implementation has no extra traps. This also
matches what h/w implementations like Cortex-A53 and A57 do.
Backports commit 831a2fca343ebcd6651eab9102bd7a36b77da65d from qemu
This bug was introduced in:
commit 5ecdd3e47cadae83a62dc92b472f1fe163b56f59
target/arm: Finish implementation of PM[X]EVCNTR and PM[X]EVTYPER
Backports commit 62c7ec3488fe0dcbabffd543f458914e27736115 from qemu
Completely rewrite conditional stores handling. Use cmpxchg.
This eliminates need for separate implementations of SC instruction
emulation for user and system emulation.
Backports commit 33a07fa2db66376e6ee780d4a8b064dc5118cf34 from qemu
Do only virtual addresses comaprisons in LL/SC sequence emulations.
Until this patch, physical addresses had been compared in SC part of
LL/SC sequence, even though such comparisons could be avoided. Getting
rid of them allows throwing away SC helpers and having common SC
implementations in user and system mode, avoiding the need for two
separate implementations selected by #ifdef CONFIG_USER_ONLY.
Correct guest software should not rely on LL/SC if they accesses the
same physical address via different virtual addresses or if page
mapping gets changed between LL/SC due to manipulating TLB entries.
MIPS Instruction Set Manual clearly says that an RMW sequence must
use the same address in the LL and SC (virtual address, physical
address, cacheability and coherency attributes must be identical).
Otherwise, the result of the SC is not predictable. This patch takes
advantage of this fact and removes the virtual->physical address
translation from SC helper.
lladdr served as Coprocessor 0 LLAddr register which captures physical
address of the most recent LL instruction, and also lladdr was used
for comparison with following SC physical address. This patch changes
the meaning of lladdr - now it will only keep the virtual address of
the most recent LL. Additionally, CP0_LLAddr field is introduced which
is the actual Coperocessor 0 LLAddr register that guest can access.
Backports commit c7c7e1e9a5e3f0a8a1dbff6e4ccfd21c2dc9f845 from qemu
We are failing to take into account that tlb_fill() can cause a
TLB resize, which renders prior TLB entry pointers/indices stale.
Fix it by re-doing the TLB entry lookups immediately after tlb_fill.
Fixes: 86e1eff8bc ("tcg: introduce dynamic TLB sizing", 2019-01-28)
Backports commit 6d967cb86d5b4a60ba15b497126b621ce9ca6609 from qemu
Due to a cut/paste error in the original implementation, the unsigned
vector saturating arithmetic was erroneously being calculated as signed
vector saturating arithmetic.
Fixes: 8ffafbcec2 ("tcg/i386: Implement vector saturating arithmetic")
Backports commit 3115584d39afe8cf2a84a40549029f53792abca5 from qemu
Currently, a jump to a label that is not defined anywhere will
be emitted not be relocated. This results in a jump to a random
jump target. With tcg debugging, print a diagnostic to the -d op
file and abort.
This could help debug or detect errors like
c2d9644e6d ("target/arm: Fix crash on conditional instruction in an IT block")
Backports commit bef16ab4e641636b4e85c3d863b4257ce0be4e6f from qemu
Without this patch, gcc might up the Input/Output registers and
cause unpredictable error.
Fixes: 1ec182c33379 ("target/arm: Convert to HAVE_CMPXCHG128")
Backports commit 7400d6938c6d455c4eba2b80c06d60c8fa5c5ba3 from qemu
This reverts commit 5131dc433df54b37e8e918d8fba7fe10344e7a7b.
For new instruction 'PCONFIG' will not be exposed to guest.
Backports commit 712f807e1965c8f1f1da5bbec2b92a8c540e6631 from qemu
Processor tracing is not yet implemented for KVM and it will be an
opt in feature requiring a special module parameter.
Disable it, because it is wrong to enable it by default and
it is impossible that no one has ever used it.
Backports commit 4c257911dcc7c4189768e9651755c849ce9db4e8 from qemu
PCONFIG is not available to guests; it must be specifically enabled
using the PCONFIG_ENABLE execution control. Disable it, because
no one can ever use it.
Backports commit 76e5a4d58357b9d077afccf7f7c82e17f733b722 from qemu
The {IOE, DZE, OFE, UFE, IXE, IDE} bits in the FPSCR/FPCR are for
enabling trapped IEEE floating point exceptions (where IEEE exception
conditions cause a CPU exception rather than updating the FPSR status
bits). QEMU doesn't implement this (and nor does the hardware we're
modelling), but for implementations which don't implement trapped
exception handling these control bits are supposed to be RAZ/WI.
This allows guest code to test for whether the feature is present
by trying to write to the bit and checking whether it sticks.
QEMU is incorrectly making these bits read as written. Make them
RAZ/WI as the architecture requires.
In particular this was causing problems for the NetBSD automatic
test suite.
Backports commit a15945d98d3a3390c3da344d1b47218e91e49d8b from qemu
This has been enabled in the linux kernel since v3.11
(commit d50240a5f6cea, 2013-09-03,
"arm64: mm: permit use of tagged pointers at EL0").
Backports commit f6a148fef63698826e69ca91cc11877ab1ed786f from qemu
