Set the priv spec version 1.11.0 as the default and allow selecting it
via the command line.
Backports commit e3147506b02edcdd7c14ebb41a10fcc3027dcc5c from qemu
1.11 defines mcountinhibit, which has the same numeric CSR value as
mucounteren from 1.09.1 but has different semantics. This patch enables
the CSR for 1.11-based targets, which is trivial to implement because
the counters in QEMU never tick (legal according to the spec).
Backports commit 747a43e818dc36bd50ef98c2b11a7c31ceb810fa from qemu
Restructure the deprecated CPUs to make it clear in the code that these
are depreated. They are already marked as deprecated in
qemu-deprecated.texi. There are no functional changes.
Backports commit c1fb65e63cfca4506a14b084afd0eca2dc464fe8 from qemu
The current implementation returns 1 (PMP check success) if the address is in
range even if the PMP entry is off. This is a bug.
For example, if there is a PMP check in S-Mode which is in range, but its PMP
entry is off, this will succeed, which it should not.
The patch fixes this bug by only checking the PMP permissions if the address is
in range and its corresponding PMP entry it not off. Otherwise, it will keep
the ret = -1 which will be checked and handled correctly at the end of the
function.
Backports commit f8162068f18f2f264a0355938784f54089234211 from qemu
The PMP should be checked when doing a page table walk, and report access
fault exception if the to-be-read PTE failed the PMP check.
Backports commit 1f447aec787bfbbd078afccae44fc4c92acb4fed from qemu
The current PMP check function checks for env->priv which is not the effective
memory privilege mode.
For example, mstatus.MPRV could be set while executing in M-Mode, and in that
case the privilege mode for the PMP check should be S-Mode rather than M-Mode
(in env->priv) if mstatus.MPP == PRV_S.
This patch passes the effective memory privilege mode to the PMP check.
Functions that call the PMP check should pass the correct memory privilege mode
after reading mstatus' MPRV/MPP or hstatus.SPRV (if Hypervisor mode exists).
Backports commit cc0fdb298517ce56c770803447f8b02a90271152 from qemu
Section 3.6 in RISC-V v1.10 privilege specification states that PMP violations
report "access exceptions." The current PMP implementation has
a bug which wrongly reports "page exceptions" on PMP violations.
This patch fixes this bug by reporting the correct PMP access exceptions
trap values.
Backports commit 635b0b0ea39a13d1a3df932452e5728aebbb3f6e from qemu
The current implementation unnecessarily checks for PMP even if MMU translation
failed. This may trigger a wrong PMP access exception instead of
a page exception.
For example, the very first instruction fetched after the first satp write in
S-Mode will trigger a PMP access fault instead of an instruction fetch page
fault.
This patch prioritises MMU exceptions over PMP exceptions and only checks for
PMP if MMU translation succeeds. This patch is required for future commits
that properly report PMP exception violations if PTW succeeds.
Backports commit e0f8fa72deba7ac7a7ae06ba25e6498aaad93ace from qemu
This patch adds support for the riscv_cpu_unassigned_access call
and will raise a load or store access fault.
Backports commit cbf5827693addaff4e4d2102afedbf078a204eb2 from qemu
A wrong address is passed to `pmp_is_in_range` while checking if a
memory access is within a PMP range.
Since the ending address of the pmp range (i.e., pmp_state.addr[i].ea)
is set to the last address in the range (i.e., pmp base + pmp size - 1),
memory accesses containg the last address in the range will always fail.
For example, assume that a PMP range is 4KB from 0x87654000 such that
the last address within the range is 0x87654fff.
1-byte access to 0x87654fff should be considered to be fully inside the
PMP range.
However the access now fails and complains partial inclusion because
pmp_is_in_range(env, i, addr + size) returns 0 whereas
pmp_is_in_range(env, i, addr) returns 1.
Backports commit 49db9fa1fd7c252596b53cf80876e06f407d09ed from qemu
Nothing in there so far, but all of the plumbing done
within the target ArchCPU state.
Backports commit 5b146dc716cfd247f99556c04e6e46fbd67565a0 from qemu
Now that we have ArchCPU, we can define this generically,
in the one place that needs it.
Backports commit 677c4d69ac21961e76a386f9bfc892a44923acc0 from qemu
Cleanup in the boilerplate that each target must define.
Replace riscv_env_get_cpu with env_archcpu. The combination
CPU(riscv_env_get_cpu) should have used ENV_GET_CPU to begin;
use env_cpu now.
Backports commit 3109cd98a6c0c618189b38a83a8aa29cb20acbce from qemu
Now that we have both ArchCPU and CPUArchState, we can define
this generically instead of via macro in each target's cpu.h.
Backports commit 29a0af618ddd21f55df5753c3e16b0625f534b3c from qemu
For all targets, into this new file move TARGET_LONG_BITS,
TARGET_PAGE_BITS, TARGET_PHYS_ADDR_SPACE_BITS,
TARGET_VIRT_ADDR_SPACE_BITS, and NB_MMU_MODES.
Include this new file from exec/cpu-defs.h.
This now removes the somewhat odd requirement that target/arch/cpu.h
defines TARGET_LONG_BITS before including exec/cpu-defs.h, so push the
bulk of the includes within target/arch/cpu.h to the top.
Backports commit 74433bf083b0766aba81534f92de13194f23ff3e from qemu
According to the spec, "All bits besides SSIP, USIP, and UEIP in the sip
register are read-only." Further, if an interrupt is not delegated to mode x,
then "the corresponding bits in xip [...] should appear to be hardwired to
zero. This patch implements both of those requirements.
Backports commit 087b051a51a0c2a5bc1e8d435a484a8896b4176b from qemu
C.ADDI16SP, C.LWSP, C.JR, C.ADDIW, C.LDSP all have reserved
operands that were not diagnosed.
Backports commit 4cc16b3b9282e04fab8e84d136540757e82af019 from qemu
At the same time deprecate the ISA string CPUs.
It is dobtful anyone specifies the CPUs, but we are keeping them for the
Spike machine (which is about to be depreated) so we may as well just
mark them as deprecated.
Backports commit 8903bf6e6d73d03b988b4a8197132de2ad681ff5 from qemu
The tcg_gen_fooi_tl functions have some immediate constant
folding built in, which match up with some of the riscv asm
builtin macros, like mv and not.
Backports commit 598aa1160c3d17ab9271daf1f69d093ebada3f25 from qemu
This eliminates all functions in insn_trans/trans_rvc.inc.c,
so the entire file can be removed.
Backports commit 0e68e240a9bd3b44a91cd6012f0e2bf2a43b9fe2 from qemu
This eliminates about half of the complicated decode
bits within insn_trans/trans_rvc.inc.c.
Backports commit c2cfb97c01a3636867c1a4a24f8a99fd8c6bed28 from qemu
Special handling for IMM==0 is the only difference between
RVC shifti and RVI shifti. This can be handled with !function.
Backports commit 6cafec92f1c862a9754ef6a28be68ba7178a284d from qemu
In some cases this allows us to directly use the insn32
translator function. In some cases we still need a shim.
Backports commit e1d455dd91c935c714412dafeb24db947429a929 from qemu
The generated functions are only used within translate.c
and do not need to be global, or declared.
Backports commit 81770255581bd210c57b86a6e808628ab8d0c543 from qemu
This patch introduces wrappers around the tcg_gen_exit_tb() and
tcg_gen_lookup_and_goto_ptr() functions that handle single stepping,
i.e. call gen_exception_debug() when single stepping is enabled.
Theses functions are then used instead of the originals, bringing single
stepping handling in places where it was previously ignored such as jalr
and system branch instructions (ecall, mret, sret, etc.).
Backports commit 6e2716d8ca4edf3597307accef7af36e8ad966eb from qemu
The 'sfence.vma' instruction is privileged, and should only ever be allowed
when executing in supervisor mode or higher.
Backports commit b86f4167630802128d94f3c89043d97d2f4c2546 from qemu
We can now use the CPUClass hook instead of a named function.
Create a static tlb_fill function to avoid other changes within
cputlb.c. This also isolates the asserts within. Remove the
named tlb_fill function from all of the targets.
Backports commit c319dc13579a92937bffe02ad2c9f1a550e73973 from qemu
Note that env->pc is removed from the qemu_log as that value is garbage.
The PC isn't recovered until cpu_restore_state, called from
cpu_loop_exit_restore, called from riscv_raise_exception.
Backports commit 8a4ca3c10a96be6ed7f023b685b688c4d409bbcb from qemu
Leading underscores are ill-advised because such identifiers are
reserved. Trailing underscores are merely ugly. Strip both.
Our header guards commonly end in _H. Normalize the exceptions.
Done with scripts/clean-header-guards.pl.
Backports commit a8b991b52dcde75ab5065046653626951aac666d from qemu
In order to handle TB's that translate to too much code, we
need to place the control of the length of the translation
in the hands of the code gen master loop.
Backports commit 8b86d6d25807e13a63ab6ea879f976b9f18cc45a from qemu
While running the GCC test suite against 4.0.0-rc0, Kito found a
regression introduced by the decodetree conversion that caused divuw and
remuw to sign-extend their inputs. The ISA manual says they are
supposed to be zero extended:
DIVW and DIVUW instructions are only valid for RV64, and divide the
lower 32 bits of rs1 by the lower 32 bits of rs2, treating them as
signed and unsigned integers respectively, placing the 32-bit
quotient in rd, sign-extended to 64 bits. REMW and REMUW
instructions are only valid for RV64, and provide the corresponding
signed and unsigned remainder operations respectively. Both REMW
and REMUW always sign-extend the 32-bit result to 64 bits, including
on a divide by zero.
Here's Kito's reduced test case from the GCC test suite
unsigned calc_mp(unsigned mod)
{
unsigned a,b,c;
c=-1;
a=c/mod;
b=0-a*mod;
if (b > mod) { a += 1; b-=mod; }
return b;
}
int main(int argc, char *argv[])
{
unsigned x = 1234;
unsigned y = calc_mp(x);
if ((sizeof (y) == 4 && y != 680)
|| (sizeof (y) == 2 && y != 134))
abort ();
exit (0);
}
I haven't done any other testing on this, but it does fix the test case.
Backports commit f17e02cd3731bdfe2942d1d0b2a92f26da02408c from qemu