search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
qdev: Remove PropertyInfo range checking
[qemu-kvm.git] / target-arm / helper.c
blobbbb1d05d1099e7d6a069c2223e605d577d6eb087
1 #include "cpu.h"
2 #include "gdbstub.h"
3 #include "helper.h"
4 #include "host-utils.h"
5 #include "sysemu.h"
6
7 static int vfp_gdb_get_reg(CPUARMState *env, uint8_t *buf, int reg)
8 {
9 int nregs;
10
11 /* VFP data registers are always little-endian. */
12 nregs = arm_feature(env, ARM_FEATURE_VFP3) ? 32 : 16;
13 if (reg < nregs) {
14 stfq_le_p(buf, env->vfp.regs[reg]);
15 return 8;
16 }
17 if (arm_feature(env, ARM_FEATURE_NEON)) {
18 /* Aliases for Q regs. */
19 nregs += 16;
20 if (reg < nregs) {
21 stfq_le_p(buf, env->vfp.regs[(reg - 32) * 2]);
22 stfq_le_p(buf + 8, env->vfp.regs[(reg - 32) * 2 + 1]);
23 return 16;
24 }
25 }
26 switch (reg - nregs) {
27 case 0: stl_p(buf, env->vfp.xregs[ARM_VFP_FPSID]); return 4;
28 case 1: stl_p(buf, env->vfp.xregs[ARM_VFP_FPSCR]); return 4;
29 case 2: stl_p(buf, env->vfp.xregs[ARM_VFP_FPEXC]); return 4;
30 }
31 return 0;
32 }
33
34 static int vfp_gdb_set_reg(CPUARMState *env, uint8_t *buf, int reg)
35 {
36 int nregs;
37
38 nregs = arm_feature(env, ARM_FEATURE_VFP3) ? 32 : 16;
39 if (reg < nregs) {
40 env->vfp.regs[reg] = ldfq_le_p(buf);
41 return 8;
42 }
43 if (arm_feature(env, ARM_FEATURE_NEON)) {
44 nregs += 16;
45 if (reg < nregs) {
46 env->vfp.regs[(reg - 32) * 2] = ldfq_le_p(buf);
47 env->vfp.regs[(reg - 32) * 2 + 1] = ldfq_le_p(buf + 8);
48 return 16;
49 }
50 }
51 switch (reg - nregs) {
52 case 0: env->vfp.xregs[ARM_VFP_FPSID] = ldl_p(buf); return 4;
53 case 1: env->vfp.xregs[ARM_VFP_FPSCR] = ldl_p(buf); return 4;
54 case 2: env->vfp.xregs[ARM_VFP_FPEXC] = ldl_p(buf) & (1 << 30); return 4;
55 }
56 return 0;
57 }
58
59 ARMCPU *cpu_arm_init(const char *cpu_model)
60 {
61 ARMCPU *cpu;
62 CPUARMState *env;
63 static int inited = 0;
64
65 if (!object_class_by_name(cpu_model)) {
66 return NULL;
67 }
68 cpu = ARM_CPU(object_new(cpu_model));
69 env = &cpu->env;
70 env->cpu_model_str = cpu_model;
71 arm_cpu_realize(cpu);
72
73 if (tcg_enabled() && !inited) {
74 inited = 1;
75 arm_translate_init();
76 }
77
78 cpu_reset(CPU(cpu));
79 if (arm_feature(env, ARM_FEATURE_NEON)) {
80 gdb_register_coprocessor(env, vfp_gdb_get_reg, vfp_gdb_set_reg,
81 51, "arm-neon.xml", 0);
82 } else if (arm_feature(env, ARM_FEATURE_VFP3)) {
83 gdb_register_coprocessor(env, vfp_gdb_get_reg, vfp_gdb_set_reg,
84 35, "arm-vfp3.xml", 0);
85 } else if (arm_feature(env, ARM_FEATURE_VFP)) {
86 gdb_register_coprocessor(env, vfp_gdb_get_reg, vfp_gdb_set_reg,
87 19, "arm-vfp.xml", 0);
88 }
89 qemu_init_vcpu(env);
90 return cpu;
91 }
92
93 typedef struct ARMCPUListState {
94 fprintf_function cpu_fprintf;
95 FILE *file;
96 } ARMCPUListState;
97
98 /* Sort alphabetically by type name, except for "any". */
99 static gint arm_cpu_list_compare(gconstpointer a, gconstpointer b)
100 {
101 ObjectClass *class_a = (ObjectClass *)a;
102 ObjectClass *class_b = (ObjectClass *)b;
103 const char *name_a, *name_b;
104
105 name_a = object_class_get_name(class_a);
106 name_b = object_class_get_name(class_b);
107 if (strcmp(name_a, "any") == 0) {
108 return 1;
109 } else if (strcmp(name_b, "any") == 0) {
110 return -1;
111 } else {
112 return strcmp(name_a, name_b);
113 }
114 }
115
116 static void arm_cpu_list_entry(gpointer data, gpointer user_data)
117 {
118 ObjectClass *oc = data;
119 ARMCPUListState *s = user_data;
120
121 (*s->cpu_fprintf)(s->file, " %s\n",
122 object_class_get_name(oc));
123 }
124
125 void arm_cpu_list(FILE *f, fprintf_function cpu_fprintf)
126 {
127 ARMCPUListState s = {
128 .file = f,
129 .cpu_fprintf = cpu_fprintf,
130 };
131 GSList *list;
132
133 list = object_class_get_list(TYPE_ARM_CPU, false);
134 list = g_slist_sort(list, arm_cpu_list_compare);
135 (*cpu_fprintf)(f, "Available CPUs:\n");
136 g_slist_foreach(list, arm_cpu_list_entry, &s);
137 g_slist_free(list);
138 }
139
140 static int bad_mode_switch(CPUARMState *env, int mode)
141 {
142 /* Return true if it is not valid for us to switch to
143 * this CPU mode (ie all the UNPREDICTABLE cases in
144 * the ARM ARM CPSRWriteByInstr pseudocode).
145 */
146 switch (mode) {
147 case ARM_CPU_MODE_USR:
148 case ARM_CPU_MODE_SYS:
149 case ARM_CPU_MODE_SVC:
150 case ARM_CPU_MODE_ABT:
151 case ARM_CPU_MODE_UND:
152 case ARM_CPU_MODE_IRQ:
153 case ARM_CPU_MODE_FIQ:
154 return 0;
155 default:
156 return 1;
157 }
158 }
159
160 uint32_t cpsr_read(CPUARMState *env)
161 {
162 int ZF;
163 ZF = (env->ZF == 0);
164 return env->uncached_cpsr | (env->NF & 0x80000000) | (ZF << 30) |
165 (env->CF << 29) | ((env->VF & 0x80000000) >> 3) | (env->QF << 27)
166 | (env->thumb << 5) | ((env->condexec_bits & 3) << 25)
167 | ((env->condexec_bits & 0xfc) << 8)
168 | (env->GE << 16);
169 }
170
171 void cpsr_write(CPUARMState *env, uint32_t val, uint32_t mask)
172 {
173 if (mask & CPSR_NZCV) {
174 env->ZF = (~val) & CPSR_Z;
175 env->NF = val;
176 env->CF = (val >> 29) & 1;
177 env->VF = (val << 3) & 0x80000000;
178 }
179 if (mask & CPSR_Q)
180 env->QF = ((val & CPSR_Q) != 0);
181 if (mask & CPSR_T)
182 env->thumb = ((val & CPSR_T) != 0);
183 if (mask & CPSR_IT_0_1) {
184 env->condexec_bits &= ~3;
185 env->condexec_bits |= (val >> 25) & 3;
186 }
187 if (mask & CPSR_IT_2_7) {
188 env->condexec_bits &= 3;
189 env->condexec_bits |= (val >> 8) & 0xfc;
190 }
191 if (mask & CPSR_GE) {
192 env->GE = (val >> 16) & 0xf;
193 }
194
195 if ((env->uncached_cpsr ^ val) & mask & CPSR_M) {
196 if (bad_mode_switch(env, val & CPSR_M)) {
197 /* Attempt to switch to an invalid mode: this is UNPREDICTABLE.
198 * We choose to ignore the attempt and leave the CPSR M field
199 * untouched.
200 */
201 mask &= ~CPSR_M;
202 } else {
203 switch_mode(env, val & CPSR_M);
204 }
205 }
206 mask &= ~CACHED_CPSR_BITS;
207 env->uncached_cpsr = (env->uncached_cpsr & ~mask) | (val & mask);
208 }
209
210 /* Sign/zero extend */
211 uint32_t HELPER(sxtb16)(uint32_t x)
212 {
213 uint32_t res;
214 res = (uint16_t)(int8_t)x;
215 res |= (uint32_t)(int8_t)(x >> 16) << 16;
216 return res;
217 }
218
219 uint32_t HELPER(uxtb16)(uint32_t x)
220 {
221 uint32_t res;
222 res = (uint16_t)(uint8_t)x;
223 res |= (uint32_t)(uint8_t)(x >> 16) << 16;
224 return res;
225 }
226
227 uint32_t HELPER(clz)(uint32_t x)
228 {
229 return clz32(x);
230 }
231
232 int32_t HELPER(sdiv)(int32_t num, int32_t den)
233 {
234 if (den == 0)
235 return 0;
236 if (num == INT_MIN && den == -1)
237 return INT_MIN;
238 return num / den;
239 }
240
241 uint32_t HELPER(udiv)(uint32_t num, uint32_t den)
242 {
243 if (den == 0)
244 return 0;
245 return num / den;
246 }
247
248 uint32_t HELPER(rbit)(uint32_t x)
249 {
250 x = ((x & 0xff000000) >> 24)
251 | ((x & 0x00ff0000) >> 8)
252 | ((x & 0x0000ff00) << 8)
253 | ((x & 0x000000ff) << 24);
254 x = ((x & 0xf0f0f0f0) >> 4)
255 | ((x & 0x0f0f0f0f) << 4);
256 x = ((x & 0x88888888) >> 3)
257 | ((x & 0x44444444) >> 1)
258 | ((x & 0x22222222) << 1)
259 | ((x & 0x11111111) << 3);
260 return x;
261 }
262
263 uint32_t HELPER(abs)(uint32_t x)
264 {
265 return ((int32_t)x < 0) ? -x : x;
266 }
267
268 #if defined(CONFIG_USER_ONLY)
269
270 void do_interrupt (CPUARMState *env)
271 {
272 env->exception_index = -1;
273 }
274
275 int cpu_arm_handle_mmu_fault (CPUARMState *env, target_ulong address, int rw,
276 int mmu_idx)
277 {
278 if (rw == 2) {
279 env->exception_index = EXCP_PREFETCH_ABORT;
280 env->cp15.c6_insn = address;
281 } else {
282 env->exception_index = EXCP_DATA_ABORT;
283 env->cp15.c6_data = address;
284 }
285 return 1;
286 }
287
288 /* These should probably raise undefined insn exceptions. */
289 void HELPER(set_cp)(CPUARMState *env, uint32_t insn, uint32_t val)
290 {
291 int op1 = (insn >> 8) & 0xf;
292 cpu_abort(env, "cp%i insn %08x\n", op1, insn);
293 return;
294 }
295
296 uint32_t HELPER(get_cp)(CPUARMState *env, uint32_t insn)
297 {
298 int op1 = (insn >> 8) & 0xf;
299 cpu_abort(env, "cp%i insn %08x\n", op1, insn);
300 return 0;
301 }
302
303 void HELPER(set_cp15)(CPUARMState *env, uint32_t insn, uint32_t val)
304 {
305 cpu_abort(env, "cp15 insn %08x\n", insn);
306 }
307
308 uint32_t HELPER(get_cp15)(CPUARMState *env, uint32_t insn)
309 {
310 cpu_abort(env, "cp15 insn %08x\n", insn);
311 }
312
313 /* These should probably raise undefined insn exceptions. */
314 void HELPER(v7m_msr)(CPUARMState *env, uint32_t reg, uint32_t val)
315 {
316 cpu_abort(env, "v7m_mrs %d\n", reg);
317 }
318
319 uint32_t HELPER(v7m_mrs)(CPUARMState *env, uint32_t reg)
320 {
321 cpu_abort(env, "v7m_mrs %d\n", reg);
322 return 0;
323 }
324
325 void switch_mode(CPUARMState *env, int mode)
326 {
327 if (mode != ARM_CPU_MODE_USR)
328 cpu_abort(env, "Tried to switch out of user mode\n");
329 }
330
331 void HELPER(set_r13_banked)(CPUARMState *env, uint32_t mode, uint32_t val)
332 {
333 cpu_abort(env, "banked r13 write\n");
334 }
335
336 uint32_t HELPER(get_r13_banked)(CPUARMState *env, uint32_t mode)
337 {
338 cpu_abort(env, "banked r13 read\n");
339 return 0;
340 }
341
342 #else
343
344 /* Map CPU modes onto saved register banks. */
345 static inline int bank_number(CPUARMState *env, int mode)
346 {
347 switch (mode) {
348 case ARM_CPU_MODE_USR:
349 case ARM_CPU_MODE_SYS:
350 return 0;
351 case ARM_CPU_MODE_SVC:
352 return 1;
353 case ARM_CPU_MODE_ABT:
354 return 2;
355 case ARM_CPU_MODE_UND:
356 return 3;
357 case ARM_CPU_MODE_IRQ:
358 return 4;
359 case ARM_CPU_MODE_FIQ:
360 return 5;
361 }
362 cpu_abort(env, "Bad mode %x\n", mode);
363 return -1;
364 }
365
366 void switch_mode(CPUARMState *env, int mode)
367 {
368 int old_mode;
369 int i;
370
371 old_mode = env->uncached_cpsr & CPSR_M;
372 if (mode == old_mode)
373 return;
374
375 if (old_mode == ARM_CPU_MODE_FIQ) {
376 memcpy (env->fiq_regs, env->regs + 8, 5 * sizeof(uint32_t));
377 memcpy (env->regs + 8, env->usr_regs, 5 * sizeof(uint32_t));
378 } else if (mode == ARM_CPU_MODE_FIQ) {
379 memcpy (env->usr_regs, env->regs + 8, 5 * sizeof(uint32_t));
380 memcpy (env->regs + 8, env->fiq_regs, 5 * sizeof(uint32_t));
381 }
382
383 i = bank_number(env, old_mode);
384 env->banked_r13[i] = env->regs[13];
385 env->banked_r14[i] = env->regs[14];
386 env->banked_spsr[i] = env->spsr;
387
388 i = bank_number(env, mode);
389 env->regs[13] = env->banked_r13[i];
390 env->regs[14] = env->banked_r14[i];
391 env->spsr = env->banked_spsr[i];
392 }
393
394 static void v7m_push(CPUARMState *env, uint32_t val)
395 {
396 env->regs[13] -= 4;
397 stl_phys(env->regs[13], val);
398 }
399
400 static uint32_t v7m_pop(CPUARMState *env)
401 {
402 uint32_t val;
403 val = ldl_phys(env->regs[13]);
404 env->regs[13] += 4;
405 return val;
406 }
407
408 /* Switch to V7M main or process stack pointer. */
409 static void switch_v7m_sp(CPUARMState *env, int process)
410 {
411 uint32_t tmp;
412 if (env->v7m.current_sp != process) {
413 tmp = env->v7m.other_sp;
414 env->v7m.other_sp = env->regs[13];
415 env->regs[13] = tmp;
416 env->v7m.current_sp = process;
417 }
418 }
419
420 static void do_v7m_exception_exit(CPUARMState *env)
421 {
422 uint32_t type;
423 uint32_t xpsr;
424
425 type = env->regs[15];
426 if (env->v7m.exception != 0)
427 armv7m_nvic_complete_irq(env->nvic, env->v7m.exception);
428
429 /* Switch to the target stack. */
430 switch_v7m_sp(env, (type & 4) != 0);
431 /* Pop registers. */
432 env->regs[0] = v7m_pop(env);
433 env->regs[1] = v7m_pop(env);
434 env->regs[2] = v7m_pop(env);
435 env->regs[3] = v7m_pop(env);
436 env->regs[12] = v7m_pop(env);
437 env->regs[14] = v7m_pop(env);
438 env->regs[15] = v7m_pop(env);
439 xpsr = v7m_pop(env);
440 xpsr_write(env, xpsr, 0xfffffdff);
441 /* Undo stack alignment. */
442 if (xpsr & 0x200)
443 env->regs[13] |= 4;
444 /* ??? The exception return type specifies Thread/Handler mode. However
445 this is also implied by the xPSR value. Not sure what to do
446 if there is a mismatch. */
447 /* ??? Likewise for mismatches between the CONTROL register and the stack
448 pointer. */
449 }
450
451 static void do_interrupt_v7m(CPUARMState *env)
452 {
453 uint32_t xpsr = xpsr_read(env);
454 uint32_t lr;
455 uint32_t addr;
456
457 lr = 0xfffffff1;
458 if (env->v7m.current_sp)
459 lr |= 4;
460 if (env->v7m.exception == 0)
461 lr |= 8;
462
463 /* For exceptions we just mark as pending on the NVIC, and let that
464 handle it. */
465 /* TODO: Need to escalate if the current priority is higher than the
466 one we're raising. */
467 switch (env->exception_index) {
468 case EXCP_UDEF:
469 armv7m_nvic_set_pending(env->nvic, ARMV7M_EXCP_USAGE);
470 return;
471 case EXCP_SWI:
472 env->regs[15] += 2;
473 armv7m_nvic_set_pending(env->nvic, ARMV7M_EXCP_SVC);
474 return;
475 case EXCP_PREFETCH_ABORT:
476 case EXCP_DATA_ABORT:
477 armv7m_nvic_set_pending(env->nvic, ARMV7M_EXCP_MEM);
478 return;
479 case EXCP_BKPT:
480 if (semihosting_enabled) {
481 int nr;
482 nr = arm_lduw_code(env->regs[15], env->bswap_code) & 0xff;
483 if (nr == 0xab) {
484 env->regs[15] += 2;
485 env->regs[0] = do_arm_semihosting(env);
486 return;
487 }
488 }
489 armv7m_nvic_set_pending(env->nvic, ARMV7M_EXCP_DEBUG);
490 return;
491 case EXCP_IRQ:
492 env->v7m.exception = armv7m_nvic_acknowledge_irq(env->nvic);
493 break;
494 case EXCP_EXCEPTION_EXIT:
495 do_v7m_exception_exit(env);
496 return;
497 default:
498 cpu_abort(env, "Unhandled exception 0x%x\n", env->exception_index);
499 return; /* Never happens. Keep compiler happy. */
500 }
501
502 /* Align stack pointer. */
503 /* ??? Should only do this if Configuration Control Register
504 STACKALIGN bit is set. */
505 if (env->regs[13] & 4) {
506 env->regs[13] -= 4;
507 xpsr |= 0x200;
508 }
509 /* Switch to the handler mode. */
510 v7m_push(env, xpsr);
511 v7m_push(env, env->regs[15]);
512 v7m_push(env, env->regs[14]);
513 v7m_push(env, env->regs[12]);
514 v7m_push(env, env->regs[3]);
515 v7m_push(env, env->regs[2]);
516 v7m_push(env, env->regs[1]);
517 v7m_push(env, env->regs[0]);
518 switch_v7m_sp(env, 0);
519 /* Clear IT bits */
520 env->condexec_bits = 0;
521 env->regs[14] = lr;
522 addr = ldl_phys(env->v7m.vecbase + env->v7m.exception * 4);
523 env->regs[15] = addr & 0xfffffffe;
524 env->thumb = addr & 1;
525 }
526
527 /* Handle a CPU exception. */
528 void do_interrupt(CPUARMState *env)
529 {
530 uint32_t addr;
531 uint32_t mask;
532 int new_mode;
533 uint32_t offset;
534
535 if (IS_M(env)) {
536 do_interrupt_v7m(env);
537 return;
538 }
539 /* TODO: Vectored interrupt controller. */
540 switch (env->exception_index) {
541 case EXCP_UDEF:
542 new_mode = ARM_CPU_MODE_UND;
543 addr = 0x04;
544 mask = CPSR_I;
545 if (env->thumb)
546 offset = 2;
547 else
548 offset = 4;
549 break;
550 case EXCP_SWI:
551 if (semihosting_enabled) {
552 /* Check for semihosting interrupt. */
553 if (env->thumb) {
554 mask = arm_lduw_code(env->regs[15] - 2, env->bswap_code) & 0xff;
555 } else {
556 mask = arm_ldl_code(env->regs[15] - 4, env->bswap_code)
557 & 0xffffff;
558 }
559 /* Only intercept calls from privileged modes, to provide some
560 semblance of security. */
561 if (((mask == 0x123456 && !env->thumb)
562 || (mask == 0xab && env->thumb))
563 && (env->uncached_cpsr & CPSR_M) != ARM_CPU_MODE_USR) {
564 env->regs[0] = do_arm_semihosting(env);
565 return;
566 }
567 }
568 new_mode = ARM_CPU_MODE_SVC;
569 addr = 0x08;
570 mask = CPSR_I;
571 /* The PC already points to the next instruction. */
572 offset = 0;
573 break;
574 case EXCP_BKPT:
575 /* See if this is a semihosting syscall. */
576 if (env->thumb && semihosting_enabled) {
577 mask = arm_lduw_code(env->regs[15], env->bswap_code) & 0xff;
578 if (mask == 0xab
579 && (env->uncached_cpsr & CPSR_M) != ARM_CPU_MODE_USR) {
580 env->regs[15] += 2;
581 env->regs[0] = do_arm_semihosting(env);
582 return;
583 }
584 }
585 env->cp15.c5_insn = 2;
586 /* Fall through to prefetch abort. */
587 case EXCP_PREFETCH_ABORT:
588 new_mode = ARM_CPU_MODE_ABT;
589 addr = 0x0c;
590 mask = CPSR_A | CPSR_I;
591 offset = 4;
592 break;
593 case EXCP_DATA_ABORT:
594 new_mode = ARM_CPU_MODE_ABT;
595 addr = 0x10;
596 mask = CPSR_A | CPSR_I;
597 offset = 8;
598 break;
599 case EXCP_IRQ:
600 new_mode = ARM_CPU_MODE_IRQ;
601 addr = 0x18;
602 /* Disable IRQ and imprecise data aborts. */
603 mask = CPSR_A | CPSR_I;
604 offset = 4;
605 break;
606 case EXCP_FIQ:
607 new_mode = ARM_CPU_MODE_FIQ;
608 addr = 0x1c;
609 /* Disable FIQ, IRQ and imprecise data aborts. */
610 mask = CPSR_A | CPSR_I | CPSR_F;
611 offset = 4;
612 break;
613 default:
614 cpu_abort(env, "Unhandled exception 0x%x\n", env->exception_index);
615 return; /* Never happens. Keep compiler happy. */
616 }
617 /* High vectors. */
618 if (env->cp15.c1_sys & (1 << 13)) {
619 addr += 0xffff0000;
620 }
621 switch_mode (env, new_mode);
622 env->spsr = cpsr_read(env);
623 /* Clear IT bits. */
624 env->condexec_bits = 0;
625 /* Switch to the new mode, and to the correct instruction set. */
626 env->uncached_cpsr = (env->uncached_cpsr & ~CPSR_M) | new_mode;
627 env->uncached_cpsr |= mask;
628 /* this is a lie, as the was no c1_sys on V4T/V5, but who cares
629 * and we should just guard the thumb mode on V4 */
630 if (arm_feature(env, ARM_FEATURE_V4T)) {
631 env->thumb = (env->cp15.c1_sys & (1 << 30)) != 0;
632 }
633 env->regs[14] = env->regs[15] + offset;
634 env->regs[15] = addr;
635 env->interrupt_request |= CPU_INTERRUPT_EXITTB;
636 }
637
638 /* Check section/page access permissions.
639 Returns the page protection flags, or zero if the access is not
640 permitted. */
641 static inline int check_ap(CPUARMState *env, int ap, int domain_prot,
642 int access_type, int is_user)
643 {
644 int prot_ro;
645
646 if (domain_prot == 3) {
647 return PAGE_READ | PAGE_WRITE;
648 }
649
650 if (access_type == 1)
651 prot_ro = 0;
652 else
653 prot_ro = PAGE_READ;
654
655 switch (ap) {
656 case 0:
657 if (access_type == 1)
658 return 0;
659 switch ((env->cp15.c1_sys >> 8) & 3) {
660 case 1:
661 return is_user ? 0 : PAGE_READ;
662 case 2:
663 return PAGE_READ;
664 default:
665 return 0;
666 }
667 case 1:
668 return is_user ? 0 : PAGE_READ | PAGE_WRITE;
669 case 2:
670 if (is_user)
671 return prot_ro;
672 else
673 return PAGE_READ | PAGE_WRITE;
674 case 3:
675 return PAGE_READ | PAGE_WRITE;
676 case 4: /* Reserved. */
677 return 0;
678 case 5:
679 return is_user ? 0 : prot_ro;
680 case 6:
681 return prot_ro;
682 case 7:
683 if (!arm_feature (env, ARM_FEATURE_V6K))
684 return 0;
685 return prot_ro;
686 default:
687 abort();
688 }
689 }
690
691 static uint32_t get_level1_table_address(CPUARMState *env, uint32_t address)
692 {
693 uint32_t table;
694
695 if (address & env->cp15.c2_mask)
696 table = env->cp15.c2_base1 & 0xffffc000;
697 else
698 table = env->cp15.c2_base0 & env->cp15.c2_base_mask;
699
700 table |= (address >> 18) & 0x3ffc;
701 return table;
702 }
703
704 static int get_phys_addr_v5(CPUARMState *env, uint32_t address, int access_type,
705 int is_user, uint32_t *phys_ptr, int *prot,
706 target_ulong *page_size)
707 {
708 int code;
709 uint32_t table;
710 uint32_t desc;
711 int type;
712 int ap;
713 int domain;
714 int domain_prot;
715 uint32_t phys_addr;
716
717 /* Pagetable walk. */
718 /* Lookup l1 descriptor. */
719 table = get_level1_table_address(env, address);
720 desc = ldl_phys(table);
721 type = (desc & 3);
722 domain = (desc >> 5) & 0x0f;
723 domain_prot = (env->cp15.c3 >> (domain * 2)) & 3;
724 if (type == 0) {
725 /* Section translation fault. */
726 code = 5;
727 goto do_fault;
728 }
729 if (domain_prot == 0 || domain_prot == 2) {
730 if (type == 2)
731 code = 9; /* Section domain fault. */
732 else
733 code = 11; /* Page domain fault. */
734 goto do_fault;
735 }
736 if (type == 2) {
737 /* 1Mb section. */
738 phys_addr = (desc & 0xfff00000) | (address & 0x000fffff);
739 ap = (desc >> 10) & 3;
740 code = 13;
741 *page_size = 1024 * 1024;
742 } else {
743 /* Lookup l2 entry. */
744 if (type == 1) {
745 /* Coarse pagetable. */
746 table = (desc & 0xfffffc00) | ((address >> 10) & 0x3fc);
747 } else {
748 /* Fine pagetable. */
749 table = (desc & 0xfffff000) | ((address >> 8) & 0xffc);
750 }
751 desc = ldl_phys(table);
752 switch (desc & 3) {
753 case 0: /* Page translation fault. */
754 code = 7;
755 goto do_fault;
756 case 1: /* 64k page. */
757 phys_addr = (desc & 0xffff0000) | (address & 0xffff);
758 ap = (desc >> (4 + ((address >> 13) & 6))) & 3;
759 *page_size = 0x10000;
760 break;
761 case 2: /* 4k page. */
762 phys_addr = (desc & 0xfffff000) | (address & 0xfff);
763 ap = (desc >> (4 + ((address >> 13) & 6))) & 3;
764 *page_size = 0x1000;
765 break;
766 case 3: /* 1k page. */
767 if (type == 1) {
768 if (arm_feature(env, ARM_FEATURE_XSCALE)) {
769 phys_addr = (desc & 0xfffff000) | (address & 0xfff);
770 } else {
771 /* Page translation fault. */
772 code = 7;
773 goto do_fault;
774 }
775 } else {
776 phys_addr = (desc & 0xfffffc00) | (address & 0x3ff);
777 }
778 ap = (desc >> 4) & 3;
779 *page_size = 0x400;
780 break;
781 default:
782 /* Never happens, but compiler isn't smart enough to tell. */
783 abort();
784 }
785 code = 15;
786 }
787 *prot = check_ap(env, ap, domain_prot, access_type, is_user);
788 if (!*prot) {
789 /* Access permission fault. */
790 goto do_fault;
791 }
792 *prot |= PAGE_EXEC;
793 *phys_ptr = phys_addr;
794 return 0;
795 do_fault:
796 return code | (domain << 4);
797 }
798
799 static int get_phys_addr_v6(CPUARMState *env, uint32_t address, int access_type,
800 int is_user, uint32_t *phys_ptr, int *prot,
801 target_ulong *page_size)
802 {
803 int code;
804 uint32_t table;
805 uint32_t desc;
806 uint32_t xn;
807 int type;
808 int ap;
809 int domain;
810 int domain_prot;
811 uint32_t phys_addr;
812
813 /* Pagetable walk. */
814 /* Lookup l1 descriptor. */
815 table = get_level1_table_address(env, address);
816 desc = ldl_phys(table);
817 type = (desc & 3);
818 if (type == 0) {
819 /* Section translation fault. */
820 code = 5;
821 domain = 0;
822 goto do_fault;
823 } else if (type == 2 && (desc & (1 << 18))) {
824 /* Supersection. */
825 domain = 0;
826 } else {
827 /* Section or page. */
828 domain = (desc >> 5) & 0x0f;
829 }
830 domain_prot = (env->cp15.c3 >> (domain * 2)) & 3;
831 if (domain_prot == 0 || domain_prot == 2) {
832 if (type == 2)
833 code = 9; /* Section domain fault. */
834 else
835 code = 11; /* Page domain fault. */
836 goto do_fault;
837 }
838 if (type == 2) {
839 if (desc & (1 << 18)) {
840 /* Supersection. */
841 phys_addr = (desc & 0xff000000) | (address & 0x00ffffff);
842 *page_size = 0x1000000;
843 } else {
844 /* Section. */
845 phys_addr = (desc & 0xfff00000) | (address & 0x000fffff);
846 *page_size = 0x100000;
847 }
848 ap = ((desc >> 10) & 3) | ((desc >> 13) & 4);
849 xn = desc & (1 << 4);
850 code = 13;
851 } else {
852 /* Lookup l2 entry. */
853 table = (desc & 0xfffffc00) | ((address >> 10) & 0x3fc);
854 desc = ldl_phys(table);
855 ap = ((desc >> 4) & 3) | ((desc >> 7) & 4);
856 switch (desc & 3) {
857 case 0: /* Page translation fault. */
858 code = 7;
859 goto do_fault;
860 case 1: /* 64k page. */
861 phys_addr = (desc & 0xffff0000) | (address & 0xffff);
862 xn = desc & (1 << 15);
863 *page_size = 0x10000;
864 break;
865 case 2: case 3: /* 4k page. */
866 phys_addr = (desc & 0xfffff000) | (address & 0xfff);
867 xn = desc & 1;
868 *page_size = 0x1000;
869 break;
870 default:
871 /* Never happens, but compiler isn't smart enough to tell. */
872 abort();
873 }
874 code = 15;
875 }
876 if (domain_prot == 3) {
877 *prot = PAGE_READ | PAGE_WRITE | PAGE_EXEC;
878 } else {
879 if (xn && access_type == 2)
880 goto do_fault;
881
882 /* The simplified model uses AP[0] as an access control bit. */
883 if ((env->cp15.c1_sys & (1 << 29)) && (ap & 1) == 0) {
884 /* Access flag fault. */
885 code = (code == 15) ? 6 : 3;
886 goto do_fault;
887 }
888 *prot = check_ap(env, ap, domain_prot, access_type, is_user);
889 if (!*prot) {
890 /* Access permission fault. */
891 goto do_fault;
892 }
893 if (!xn) {
894 *prot |= PAGE_EXEC;
895 }
896 }
897 *phys_ptr = phys_addr;
898 return 0;
899 do_fault:
900 return code | (domain << 4);
901 }
902
903 static int get_phys_addr_mpu(CPUARMState *env, uint32_t address, int access_type,
904 int is_user, uint32_t *phys_ptr, int *prot)
905 {
906 int n;
907 uint32_t mask;
908 uint32_t base;
909
910 *phys_ptr = address;
911 for (n = 7; n >= 0; n--) {
912 base = env->cp15.c6_region[n];
913 if ((base & 1) == 0)
914 continue;
915 mask = 1 << ((base >> 1) & 0x1f);
916 /* Keep this shift separate from the above to avoid an
917 (undefined) << 32. */
918 mask = (mask << 1) - 1;
919 if (((base ^ address) & ~mask) == 0)
920 break;
921 }
922 if (n < 0)
923 return 2;
924
925 if (access_type == 2) {
926 mask = env->cp15.c5_insn;
927 } else {
928 mask = env->cp15.c5_data;
929 }
930 mask = (mask >> (n * 4)) & 0xf;
931 switch (mask) {
932 case 0:
933 return 1;
934 case 1:
935 if (is_user)
936 return 1;
937 *prot = PAGE_READ | PAGE_WRITE;
938 break;
939 case 2:
940 *prot = PAGE_READ;
941 if (!is_user)
942 *prot |= PAGE_WRITE;
943 break;
944 case 3:
945 *prot = PAGE_READ | PAGE_WRITE;
946 break;
947 case 5:
948 if (is_user)
949 return 1;
950 *prot = PAGE_READ;
951 break;
952 case 6:
953 *prot = PAGE_READ;
954 break;
955 default:
956 /* Bad permission. */
957 return 1;
958 }
959 *prot |= PAGE_EXEC;
960 return 0;
961 }
962
963 static inline int get_phys_addr(CPUARMState *env, uint32_t address,
964 int access_type, int is_user,
965 uint32_t *phys_ptr, int *prot,
966 target_ulong *page_size)
967 {
968 /* Fast Context Switch Extension. */
969 if (address < 0x02000000)
970 address += env->cp15.c13_fcse;
971
972 if ((env->cp15.c1_sys & 1) == 0) {
973 /* MMU/MPU disabled. */
974 *phys_ptr = address;
975 *prot = PAGE_READ | PAGE_WRITE | PAGE_EXEC;
976 *page_size = TARGET_PAGE_SIZE;
977 return 0;
978 } else if (arm_feature(env, ARM_FEATURE_MPU)) {
979 *page_size = TARGET_PAGE_SIZE;
980 return get_phys_addr_mpu(env, address, access_type, is_user, phys_ptr,
981 prot);
982 } else if (env->cp15.c1_sys & (1 << 23)) {
983 return get_phys_addr_v6(env, address, access_type, is_user, phys_ptr,
984 prot, page_size);
985 } else {
986 return get_phys_addr_v5(env, address, access_type, is_user, phys_ptr,
987 prot, page_size);
988 }
989 }
990
991 int cpu_arm_handle_mmu_fault (CPUARMState *env, target_ulong address,
992 int access_type, int mmu_idx)
993 {
994 uint32_t phys_addr;
995 target_ulong page_size;
996 int prot;
997 int ret, is_user;
998
999 is_user = mmu_idx == MMU_USER_IDX;
1000 ret = get_phys_addr(env, address, access_type, is_user, &phys_addr, &prot,
1001 &page_size);
1002 if (ret == 0) {
1003 /* Map a single [sub]page. */
1004 phys_addr &= ~(uint32_t)0x3ff;
1005 address &= ~(uint32_t)0x3ff;
1006 tlb_set_page (env, address, phys_addr, prot, mmu_idx, page_size);
1007 return 0;
1008 }
1009
1010 if (access_type == 2) {
1011 env->cp15.c5_insn = ret;
1012 env->cp15.c6_insn = address;
1013 env->exception_index = EXCP_PREFETCH_ABORT;
1014 } else {
1015 env->cp15.c5_data = ret;
1016 if (access_type == 1 && arm_feature(env, ARM_FEATURE_V6))
1017 env->cp15.c5_data |= (1 << 11);
1018 env->cp15.c6_data = address;
1019 env->exception_index = EXCP_DATA_ABORT;
1020 }
1021 return 1;
1022 }
1023
1024 target_phys_addr_t cpu_get_phys_page_debug(CPUARMState *env, target_ulong addr)
1025 {
1026 uint32_t phys_addr;
1027 target_ulong page_size;
1028 int prot;
1029 int ret;
1030
1031 ret = get_phys_addr(env, addr, 0, 0, &phys_addr, &prot, &page_size);
1032
1033 if (ret != 0)
1034 return -1;
1035
1036 return phys_addr;
1037 }
1038
1039 void HELPER(set_cp)(CPUARMState *env, uint32_t insn, uint32_t val)
1040 {
1041 int cp_num = (insn >> 8) & 0xf;
1042 int cp_info = (insn >> 5) & 7;
1043 int src = (insn >> 16) & 0xf;
1044 int operand = insn & 0xf;
1045
1046 if (env->cp[cp_num].cp_write)
1047 env->cp[cp_num].cp_write(env->cp[cp_num].opaque,
1048 cp_info, src, operand, val);
1049 }
1050
1051 uint32_t HELPER(get_cp)(CPUARMState *env, uint32_t insn)
1052 {
1053 int cp_num = (insn >> 8) & 0xf;
1054 int cp_info = (insn >> 5) & 7;
1055 int dest = (insn >> 16) & 0xf;
1056 int operand = insn & 0xf;
1057
1058 if (env->cp[cp_num].cp_read)
1059 return env->cp[cp_num].cp_read(env->cp[cp_num].opaque,
1060 cp_info, dest, operand);
1061 return 0;
1062 }
1063
1064 /* Return basic MPU access permission bits. */
1065 static uint32_t simple_mpu_ap_bits(uint32_t val)
1066 {
1067 uint32_t ret;
1068 uint32_t mask;
1069 int i;
1070 ret = 0;
1071 mask = 3;
1072 for (i = 0; i < 16; i += 2) {
1073 ret |= (val >> i) & mask;
1074 mask <<= 2;
1075 }
1076 return ret;
1077 }
1078
1079 /* Pad basic MPU access permission bits to extended format. */
1080 static uint32_t extended_mpu_ap_bits(uint32_t val)
1081 {
1082 uint32_t ret;
1083 uint32_t mask;
1084 int i;
1085 ret = 0;
1086 mask = 3;
1087 for (i = 0; i < 16; i += 2) {
1088 ret |= (val & mask) << i;
1089 mask <<= 2;
1090 }
1091 return ret;
1092 }
1093
1094 void HELPER(set_cp15)(CPUARMState *env, uint32_t insn, uint32_t val)
1095 {
1096 int op1;
1097 int op2;
1098 int crm;
1099
1100 op1 = (insn >> 21) & 7;
1101 op2 = (insn >> 5) & 7;
1102 crm = insn & 0xf;
1103 switch ((insn >> 16) & 0xf) {
1104 case 0:
1105 /* ID codes. */
1106 if (arm_feature(env, ARM_FEATURE_XSCALE))
1107 break;
1108 if (arm_feature(env, ARM_FEATURE_OMAPCP))
1109 break;
1110 if (arm_feature(env, ARM_FEATURE_V7)
1111 && op1 == 2 && crm == 0 && op2 == 0) {
1112 env->cp15.c0_cssel = val & 0xf;
1113 break;
1114 }
1115 goto bad_reg;
1116 case 1: /* System configuration. */
1117 if (arm_feature(env, ARM_FEATURE_V7)
1118 && op1 == 0 && crm == 1 && op2 == 0) {
1119 env->cp15.c1_scr = val;
1120 break;
1121 }
1122 if (arm_feature(env, ARM_FEATURE_OMAPCP))
1123 op2 = 0;
1124 switch (op2) {
1125 case 0:
1126 if (!arm_feature(env, ARM_FEATURE_XSCALE) || crm == 0)
1127 env->cp15.c1_sys = val;
1128 /* ??? Lots of these bits are not implemented. */
1129 /* This may enable/disable the MMU, so do a TLB flush. */
1130 tlb_flush(env, 1);
1131 break;
1132 case 1: /* Auxiliary control register. */
1133 if (arm_feature(env, ARM_FEATURE_XSCALE)) {
1134 env->cp15.c1_xscaleauxcr = val;
1135 break;
1136 }
1137 /* Not implemented. */
1138 break;
1139 case 2:
1140 if (arm_feature(env, ARM_FEATURE_XSCALE))
1141 goto bad_reg;
1142 if (env->cp15.c1_coproc != val) {
1143 env->cp15.c1_coproc = val;
1144 /* ??? Is this safe when called from within a TB? */
1145 tb_flush(env);
1146 }
1147 break;
1148 default:
1149 goto bad_reg;
1150 }
1151 break;
1152 case 2: /* MMU Page table control / MPU cache control. */
1153 if (arm_feature(env, ARM_FEATURE_MPU)) {
1154 switch (op2) {
1155 case 0:
1156 env->cp15.c2_data = val;
1157 break;
1158 case 1:
1159 env->cp15.c2_insn = val;
1160 break;
1161 default:
1162 goto bad_reg;
1163 }
1164 } else {
1165 switch (op2) {
1166 case 0:
1167 env->cp15.c2_base0 = val;
1168 break;
1169 case 1:
1170 env->cp15.c2_base1 = val;
1171 break;
1172 case 2:
1173 val &= 7;
1174 env->cp15.c2_control = val;
1175 env->cp15.c2_mask = ~(((uint32_t)0xffffffffu) >> val);
1176 env->cp15.c2_base_mask = ~((uint32_t)0x3fffu >> val);
1177 break;
1178 default:
1179 goto bad_reg;
1180 }
1181 }
1182 break;
1183 case 3: /* MMU Domain access control / MPU write buffer control. */
1184 env->cp15.c3 = val;
1185 tlb_flush(env, 1); /* Flush TLB as domain not tracked in TLB */
1186 break;
1187 case 4: /* Reserved. */
1188 goto bad_reg;
1189 case 5: /* MMU Fault status / MPU access permission. */
1190 if (arm_feature(env, ARM_FEATURE_OMAPCP))
1191 op2 = 0;
1192 switch (op2) {
1193 case 0:
1194 if (arm_feature(env, ARM_FEATURE_MPU))
1195 val = extended_mpu_ap_bits(val);
1196 env->cp15.c5_data = val;
1197 break;
1198 case 1:
1199 if (arm_feature(env, ARM_FEATURE_MPU))
1200 val = extended_mpu_ap_bits(val);
1201 env->cp15.c5_insn = val;
1202 break;
1203 case 2:
1204 if (!arm_feature(env, ARM_FEATURE_MPU))
1205 goto bad_reg;
1206 env->cp15.c5_data = val;
1207 break;
1208 case 3:
1209 if (!arm_feature(env, ARM_FEATURE_MPU))
1210 goto bad_reg;
1211 env->cp15.c5_insn = val;
1212 break;
1213 default:
1214 goto bad_reg;
1215 }
1216 break;
1217 case 6: /* MMU Fault address / MPU base/size. */
1218 if (arm_feature(env, ARM_FEATURE_MPU)) {
1219 if (crm >= 8)
1220 goto bad_reg;
1221 env->cp15.c6_region[crm] = val;
1222 } else {
1223 if (arm_feature(env, ARM_FEATURE_OMAPCP))
1224 op2 = 0;
1225 switch (op2) {
1226 case 0:
1227 env->cp15.c6_data = val;
1228 break;
1229 case 1: /* ??? This is WFAR on armv6 */
1230 case 2:
1231 env->cp15.c6_insn = val;
1232 break;
1233 default:
1234 goto bad_reg;
1235 }
1236 }
1237 break;
1238 case 7: /* Cache control. */
1239 env->cp15.c15_i_max = 0x000;
1240 env->cp15.c15_i_min = 0xff0;
1241 if (op1 != 0) {
1242 goto bad_reg;
1243 }
1244 /* No cache, so nothing to do except VA->PA translations. */
1245 if (arm_feature(env, ARM_FEATURE_VAPA)) {
1246 switch (crm) {
1247 case 4:
1248 if (arm_feature(env, ARM_FEATURE_V7)) {
1249 env->cp15.c7_par = val & 0xfffff6ff;
1250 } else {
1251 env->cp15.c7_par = val & 0xfffff1ff;
1252 }
1253 break;
1254 case 8: {
1255 uint32_t phys_addr;
1256 target_ulong page_size;
1257 int prot;
1258 int ret, is_user = op2 & 2;
1259 int access_type = op2 & 1;
1260
1261 if (op2 & 4) {
1262 /* Other states are only available with TrustZone */
1263 goto bad_reg;
1264 }
1265 ret = get_phys_addr(env, val, access_type, is_user,
1266 &phys_addr, &prot, &page_size);
1267 if (ret == 0) {
1268 /* We do not set any attribute bits in the PAR */
1269 if (page_size == (1 << 24)
1270 && arm_feature(env, ARM_FEATURE_V7)) {
1271 env->cp15.c7_par = (phys_addr & 0xff000000) | 1 << 1;
1272 } else {
1273 env->cp15.c7_par = phys_addr & 0xfffff000;
1274 }
1275 } else {
1276 env->cp15.c7_par = ((ret & (10 << 1)) >> 5) |
1277 ((ret & (12 << 1)) >> 6) |
1278 ((ret & 0xf) << 1) | 1;
1279 }
1280 break;
1281 }
1282 }
1283 }
1284 break;
1285 case 8: /* MMU TLB control. */
1286 switch (op2) {
1287 case 0: /* Invalidate all (TLBIALL) */
1288 tlb_flush(env, 1);
1289 break;
1290 case 1: /* Invalidate single TLB entry by MVA and ASID (TLBIMVA) */
1291 tlb_flush_page(env, val & TARGET_PAGE_MASK);
1292 break;
1293 case 2: /* Invalidate by ASID (TLBIASID) */
1294 tlb_flush(env, val == 0);
1295 break;
1296 case 3: /* Invalidate single entry by MVA, all ASIDs (TLBIMVAA) */
1297 tlb_flush_page(env, val & TARGET_PAGE_MASK);
1298 break;
1299 default:
1300 goto bad_reg;
1301 }
1302 break;
1303 case 9:
1304 if (arm_feature(env, ARM_FEATURE_OMAPCP))
1305 break;
1306 if (arm_feature(env, ARM_FEATURE_STRONGARM))
1307 break; /* Ignore ReadBuffer access */
1308 switch (crm) {
1309 case 0: /* Cache lockdown. */
1310 switch (op1) {
1311 case 0: /* L1 cache. */
1312 switch (op2) {
1313 case 0:
1314 env->cp15.c9_data = val;
1315 break;
1316 case 1:
1317 env->cp15.c9_insn = val;
1318 break;
1319 default:
1320 goto bad_reg;
1321 }
1322 break;
1323 case 1: /* L2 cache. */
1324 /* Ignore writes to L2 lockdown/auxiliary registers. */
1325 break;
1326 default:
1327 goto bad_reg;
1328 }
1329 break;
1330 case 1: /* TCM memory region registers. */
1331 /* Not implemented. */
1332 goto bad_reg;
1333 case 12: /* Performance monitor control */
1334 /* Performance monitors are implementation defined in v7,
1335 * but with an ARM recommended set of registers, which we
1336 * follow (although we don't actually implement any counters)
1337 */
1338 if (!arm_feature(env, ARM_FEATURE_V7)) {
1339 goto bad_reg;
1340 }
1341 switch (op2) {
1342 case 0: /* performance monitor control register */
1343 /* only the DP, X, D and E bits are writable */
1344 env->cp15.c9_pmcr &= ~0x39;
1345 env->cp15.c9_pmcr |= (val & 0x39);
1346 break;
1347 case 1: /* Count enable set register */
1348 val &= (1 << 31);
1349 env->cp15.c9_pmcnten |= val;
1350 break;
1351 case 2: /* Count enable clear */
1352 val &= (1 << 31);
1353 env->cp15.c9_pmcnten &= ~val;
1354 break;
1355 case 3: /* Overflow flag status */
1356 env->cp15.c9_pmovsr &= ~val;
1357 break;
1358 case 4: /* Software increment */
1359 /* RAZ/WI since we don't implement the software-count event */
1360 break;
1361 case 5: /* Event counter selection register */
1362 /* Since we don't implement any events, writing to this register
1363 * is actually UNPREDICTABLE. So we choose to RAZ/WI.
1364 */
1365 break;
1366 default:
1367 goto bad_reg;
1368 }
1369 break;
1370 case 13: /* Performance counters */
1371 if (!arm_feature(env, ARM_FEATURE_V7)) {
1372 goto bad_reg;
1373 }
1374 switch (op2) {
1375 case 0: /* Cycle count register: not implemented, so RAZ/WI */
1376 break;
1377 case 1: /* Event type select */
1378 env->cp15.c9_pmxevtyper = val & 0xff;
1379 break;
1380 case 2: /* Event count register */
1381 /* Unimplemented (we have no events), RAZ/WI */
1382 break;
1383 default:
1384 goto bad_reg;
1385 }
1386 break;
1387 case 14: /* Performance monitor control */
1388 if (!arm_feature(env, ARM_FEATURE_V7)) {
1389 goto bad_reg;
1390 }
1391 switch (op2) {
1392 case 0: /* user enable */
1393 env->cp15.c9_pmuserenr = val & 1;
1394 /* changes access rights for cp registers, so flush tbs */
1395 tb_flush(env);
1396 break;
1397 case 1: /* interrupt enable set */
1398 /* We have no event counters so only the C bit can be changed */
1399 val &= (1 << 31);
1400 env->cp15.c9_pminten |= val;
1401 break;
1402 case 2: /* interrupt enable clear */
1403 val &= (1 << 31);
1404 env->cp15.c9_pminten &= ~val;
1405 break;
1406 }
1407 break;
1408 default:
1409 goto bad_reg;
1410 }
1411 break;
1412 case 10: /* MMU TLB lockdown. */
1413 /* ??? TLB lockdown not implemented. */
1414 break;
1415 case 12: /* Reserved. */
1416 goto bad_reg;
1417 case 13: /* Process ID. */
1418 switch (op2) {
1419 case 0:
1420 /* Unlike real hardware the qemu TLB uses virtual addresses,
1421 not modified virtual addresses, so this causes a TLB flush.
1422 */
1423 if (env->cp15.c13_fcse != val)
1424 tlb_flush(env, 1);
1425 env->cp15.c13_fcse = val;
1426 break;
1427 case 1:
1428 /* This changes the ASID, so do a TLB flush. */
1429 if (env->cp15.c13_context != val
1430 && !arm_feature(env, ARM_FEATURE_MPU))
1431 tlb_flush(env, 0);
1432 env->cp15.c13_context = val;
1433 break;
1434 default:
1435 goto bad_reg;
1436 }
1437 break;
1438 case 14: /* Generic timer */
1439 if (arm_feature(env, ARM_FEATURE_GENERIC_TIMER)) {
1440 /* Dummy implementation: RAZ/WI for all */
1441 break;
1442 }
1443 goto bad_reg;
1444 case 15: /* Implementation specific. */
1445 if (arm_feature(env, ARM_FEATURE_XSCALE)) {
1446 if (op2 == 0 && crm == 1) {
1447 if (env->cp15.c15_cpar != (val & 0x3fff)) {
1448 /* Changes cp0 to cp13 behavior, so needs a TB flush. */
1449 tb_flush(env);
1450 env->cp15.c15_cpar = val & 0x3fff;
1451 }
1452 break;
1453 }
1454 goto bad_reg;
1455 }
1456 if (arm_feature(env, ARM_FEATURE_OMAPCP)) {
1457 switch (crm) {
1458 case 0:
1459 break;
1460 case 1: /* Set TI925T configuration. */
1461 env->cp15.c15_ticonfig = val & 0xe7;
1462 env->cp15.c0_cpuid = (val & (1 << 5)) ? /* OS_TYPE bit */
1463 ARM_CPUID_TI915T : ARM_CPUID_TI925T;
1464 break;
1465 case 2: /* Set I_max. */
1466 env->cp15.c15_i_max = val;
1467 break;
1468 case 3: /* Set I_min. */
1469 env->cp15.c15_i_min = val;
1470 break;
1471 case 4: /* Set thread-ID. */
1472 env->cp15.c15_threadid = val & 0xffff;
1473 break;
1474 case 8: /* Wait-for-interrupt (deprecated). */
1475 cpu_interrupt(env, CPU_INTERRUPT_HALT);
1476 break;
1477 default:
1478 goto bad_reg;
1479 }
1480 }
1481 if (ARM_CPUID(env) == ARM_CPUID_CORTEXA9) {
1482 switch (crm) {
1483 case 0:
1484 if ((op1 == 0) && (op2 == 0)) {
1485 env->cp15.c15_power_control = val;
1486 } else if ((op1 == 0) && (op2 == 1)) {
1487 env->cp15.c15_diagnostic = val;
1488 } else if ((op1 == 0) && (op2 == 2)) {
1489 env->cp15.c15_power_diagnostic = val;
1490 }
1491 default:
1492 break;
1493 }
1494 }
1495 break;
1496 }
1497 return;
1498 bad_reg:
1499 /* ??? For debugging only. Should raise illegal instruction exception. */
1500 cpu_abort(env, "Unimplemented cp15 register write (c%d, c%d, {%d, %d})\n",
1501 (insn >> 16) & 0xf, crm, op1, op2);
1502 }
1503
1504 uint32_t HELPER(get_cp15)(CPUARMState *env, uint32_t insn)
1505 {
1506 int op1;
1507 int op2;
1508 int crm;
1509
1510 op1 = (insn >> 21) & 7;
1511 op2 = (insn >> 5) & 7;
1512 crm = insn & 0xf;
1513 switch ((insn >> 16) & 0xf) {
1514 case 0: /* ID codes. */
1515 switch (op1) {
1516 case 0:
1517 switch (crm) {
1518 case 0:
1519 switch (op2) {
1520 case 0: /* Device ID. */
1521 return env->cp15.c0_cpuid;
1522 case 1: /* Cache Type. */
1523 return env->cp15.c0_cachetype;
1524 case 2: /* TCM status. */
1525 return 0;
1526 case 3: /* TLB type register. */
1527 return 0; /* No lockable TLB entries. */
1528 case 5: /* MPIDR */
1529 /* The MPIDR was standardised in v7; prior to
1530 * this it was implemented only in the 11MPCore.
1531 * For all other pre-v7 cores it does not exist.
1532 */
1533 if (arm_feature(env, ARM_FEATURE_V7) ||
1534 ARM_CPUID(env) == ARM_CPUID_ARM11MPCORE) {
1535 int mpidr = env->cpu_index;
1536 /* We don't support setting cluster ID ([8..11])
1537 * so these bits always RAZ.
1538 */
1539 if (arm_feature(env, ARM_FEATURE_V7MP)) {
1540 mpidr |= (1 << 31);
1541 /* Cores which are uniprocessor (non-coherent)
1542 * but still implement the MP extensions set
1543 * bit 30. (For instance, A9UP.) However we do
1544 * not currently model any of those cores.
1545 */
1546 }
1547 return mpidr;
1548 }
1549 /* otherwise fall through to the unimplemented-reg case */
1550 default:
1551 goto bad_reg;
1552 }
1553 case 1:
1554 if (!arm_feature(env, ARM_FEATURE_V6))
1555 goto bad_reg;
1556 return env->cp15.c0_c1[op2];
1557 case 2:
1558 if (!arm_feature(env, ARM_FEATURE_V6))
1559 goto bad_reg;
1560 return env->cp15.c0_c2[op2];
1561 case 3: case 4: case 5: case 6: case 7:
1562 return 0;
1563 default:
1564 goto bad_reg;
1565 }
1566 case 1:
1567 /* These registers aren't documented on arm11 cores. However
1568 Linux looks at them anyway. */
1569 if (!arm_feature(env, ARM_FEATURE_V6))
1570 goto bad_reg;
1571 if (crm != 0)
1572 goto bad_reg;
1573 if (!arm_feature(env, ARM_FEATURE_V7))
1574 return 0;
1575
1576 switch (op2) {
1577 case 0:
1578 return env->cp15.c0_ccsid[env->cp15.c0_cssel];
1579 case 1:
1580 return env->cp15.c0_clid;
1581 case 7:
1582 return 0;
1583 }
1584 goto bad_reg;
1585 case 2:
1586 if (op2 != 0 || crm != 0)
1587 goto bad_reg;
1588 return env->cp15.c0_cssel;
1589 default:
1590 goto bad_reg;
1591 }
1592 case 1: /* System configuration. */
1593 if (arm_feature(env, ARM_FEATURE_V7)
1594 && op1 == 0 && crm == 1 && op2 == 0) {
1595 return env->cp15.c1_scr;
1596 }
1597 if (arm_feature(env, ARM_FEATURE_OMAPCP))
1598 op2 = 0;
1599 switch (op2) {
1600 case 0: /* Control register. */
1601 return env->cp15.c1_sys;
1602 case 1: /* Auxiliary control register. */
1603 if (arm_feature(env, ARM_FEATURE_XSCALE))
1604 return env->cp15.c1_xscaleauxcr;
1605 if (!arm_feature(env, ARM_FEATURE_AUXCR))
1606 goto bad_reg;
1607 switch (ARM_CPUID(env)) {
1608 case ARM_CPUID_ARM1026:
1609 return 1;
1610 case ARM_CPUID_ARM1136:
1611 case ARM_CPUID_ARM1136_R2:
1612 case ARM_CPUID_ARM1176:
1613 return 7;
1614 case ARM_CPUID_ARM11MPCORE:
1615 return 1;
1616 case ARM_CPUID_CORTEXA8:
1617 return 2;
1618 case ARM_CPUID_CORTEXA9:
1619 case ARM_CPUID_CORTEXA15:
1620 return 0;
1621 default:
1622 goto bad_reg;
1623 }
1624 case 2: /* Coprocessor access register. */
1625 if (arm_feature(env, ARM_FEATURE_XSCALE))
1626 goto bad_reg;
1627 return env->cp15.c1_coproc;
1628 default:
1629 goto bad_reg;
1630 }
1631 case 2: /* MMU Page table control / MPU cache control. */
1632 if (arm_feature(env, ARM_FEATURE_MPU)) {
1633 switch (op2) {
1634 case 0:
1635 return env->cp15.c2_data;
1636 break;
1637 case 1:
1638 return env->cp15.c2_insn;
1639 break;
1640 default:
1641 goto bad_reg;
1642 }
1643 } else {
1644 switch (op2) {
1645 case 0:
1646 return env->cp15.c2_base0;
1647 case 1:
1648 return env->cp15.c2_base1;
1649 case 2:
1650 return env->cp15.c2_control;
1651 default:
1652 goto bad_reg;
1653 }
1654 }
1655 case 3: /* MMU Domain access control / MPU write buffer control. */
1656 return env->cp15.c3;
1657 case 4: /* Reserved. */
1658 goto bad_reg;
1659 case 5: /* MMU Fault status / MPU access permission. */
1660 if (arm_feature(env, ARM_FEATURE_OMAPCP))
1661 op2 = 0;
1662 switch (op2) {
1663 case 0:
1664 if (arm_feature(env, ARM_FEATURE_MPU))
1665 return simple_mpu_ap_bits(env->cp15.c5_data);
1666 return env->cp15.c5_data;
1667 case 1:
1668 if (arm_feature(env, ARM_FEATURE_MPU))
1669 return simple_mpu_ap_bits(env->cp15.c5_insn);
1670 return env->cp15.c5_insn;
1671 case 2:
1672 if (!arm_feature(env, ARM_FEATURE_MPU))
1673 goto bad_reg;
1674 return env->cp15.c5_data;
1675 case 3:
1676 if (!arm_feature(env, ARM_FEATURE_MPU))
1677 goto bad_reg;
1678 return env->cp15.c5_insn;
1679 default:
1680 goto bad_reg;
1681 }
1682 case 6: /* MMU Fault address. */
1683 if (arm_feature(env, ARM_FEATURE_MPU)) {
1684 if (crm >= 8)
1685 goto bad_reg;
1686 return env->cp15.c6_region[crm];
1687 } else {
1688 if (arm_feature(env, ARM_FEATURE_OMAPCP))
1689 op2 = 0;
1690 switch (op2) {
1691 case 0:
1692 return env->cp15.c6_data;
1693 case 1:
1694 if (arm_feature(env, ARM_FEATURE_V6)) {
1695 /* Watchpoint Fault Adrress. */
1696 return 0; /* Not implemented. */
1697 } else {
1698 /* Instruction Fault Adrress. */
1699 /* Arm9 doesn't have an IFAR, but implementing it anyway
1700 shouldn't do any harm. */
1701 return env->cp15.c6_insn;
1702 }
1703 case 2:
1704 if (arm_feature(env, ARM_FEATURE_V6)) {
1705 /* Instruction Fault Adrress. */
1706 return env->cp15.c6_insn;
1707 } else {
1708 goto bad_reg;
1709 }
1710 default:
1711 goto bad_reg;
1712 }
1713 }
1714 case 7: /* Cache control. */
1715 if (crm == 4 && op1 == 0 && op2 == 0) {
1716 return env->cp15.c7_par;
1717 }
1718 /* FIXME: Should only clear Z flag if destination is r15. */
1719 env->ZF = 0;
1720 return 0;
1721 case 8: /* MMU TLB control. */
1722 goto bad_reg;
1723 case 9:
1724 switch (crm) {
1725 case 0: /* Cache lockdown */
1726 switch (op1) {
1727 case 0: /* L1 cache. */
1728 if (arm_feature(env, ARM_FEATURE_OMAPCP)) {
1729 return 0;
1730 }
1731 switch (op2) {
1732 case 0:
1733 return env->cp15.c9_data;
1734 case 1:
1735 return env->cp15.c9_insn;
1736 default:
1737 goto bad_reg;
1738 }
1739 case 1: /* L2 cache */
1740 /* L2 Lockdown and Auxiliary control. */
1741 switch (op2) {
1742 case 0:
1743 /* L2 cache lockdown (A8 only) */
1744 return 0;
1745 case 2:
1746 /* L2 cache auxiliary control (A8) or control (A15) */
1747 if (ARM_CPUID(env) == ARM_CPUID_CORTEXA15) {
1748 /* Linux wants the number of processors from here.
1749 * Might as well set the interrupt-controller bit too.
1750 */
1751 return ((smp_cpus - 1) << 24) | (1 << 23);
1752 }
1753 return 0;
1754 case 3:
1755 /* L2 cache extended control (A15) */
1756 return 0;
1757 default:
1758 goto bad_reg;
1759 }
1760 default:
1761 goto bad_reg;
1762 }
1763 break;
1764 case 12: /* Performance monitor control */
1765 if (!arm_feature(env, ARM_FEATURE_V7)) {
1766 goto bad_reg;
1767 }
1768 switch (op2) {
1769 case 0: /* performance monitor control register */
1770 return env->cp15.c9_pmcr;
1771 case 1: /* count enable set */
1772 case 2: /* count enable clear */
1773 return env->cp15.c9_pmcnten;
1774 case 3: /* overflow flag status */
1775 return env->cp15.c9_pmovsr;
1776 case 4: /* software increment */
1777 case 5: /* event counter selection register */
1778 return 0; /* Unimplemented, RAZ/WI */
1779 default:
1780 goto bad_reg;
1781 }
1782 case 13: /* Performance counters */
1783 if (!arm_feature(env, ARM_FEATURE_V7)) {
1784 goto bad_reg;
1785 }
1786 switch (op2) {
1787 case 1: /* Event type select */
1788 return env->cp15.c9_pmxevtyper;
1789 case 0: /* Cycle count register */
1790 case 2: /* Event count register */
1791 /* Unimplemented, so RAZ/WI */
1792 return 0;
1793 default:
1794 goto bad_reg;
1795 }
1796 case 14: /* Performance monitor control */
1797 if (!arm_feature(env, ARM_FEATURE_V7)) {
1798 goto bad_reg;
1799 }
1800 switch (op2) {
1801 case 0: /* user enable */
1802 return env->cp15.c9_pmuserenr;
1803 case 1: /* interrupt enable set */
1804 case 2: /* interrupt enable clear */
1805 return env->cp15.c9_pminten;
1806 default:
1807 goto bad_reg;
1808 }
1809 default:
1810 goto bad_reg;
1811 }
1812 break;
1813 case 10: /* MMU TLB lockdown. */
1814 /* ??? TLB lockdown not implemented. */
1815 return 0;
1816 case 11: /* TCM DMA control. */
1817 case 12: /* Reserved. */
1818 goto bad_reg;
1819 case 13: /* Process ID. */
1820 switch (op2) {
1821 case 0:
1822 return env->cp15.c13_fcse;
1823 case 1:
1824 return env->cp15.c13_context;
1825 default:
1826 goto bad_reg;
1827 }
1828 case 14: /* Generic timer */
1829 if (arm_feature(env, ARM_FEATURE_GENERIC_TIMER)) {
1830 /* Dummy implementation: RAZ/WI for all */
1831 return 0;
1832 }
1833 goto bad_reg;
1834 case 15: /* Implementation specific. */
1835 if (arm_feature(env, ARM_FEATURE_XSCALE)) {
1836 if (op2 == 0 && crm == 1)
1837 return env->cp15.c15_cpar;
1838
1839 goto bad_reg;
1840 }
1841 if (arm_feature(env, ARM_FEATURE_OMAPCP)) {
1842 switch (crm) {
1843 case 0:
1844 return 0;
1845 case 1: /* Read TI925T configuration. */
1846 return env->cp15.c15_ticonfig;
1847 case 2: /* Read I_max. */
1848 return env->cp15.c15_i_max;
1849 case 3: /* Read I_min. */
1850 return env->cp15.c15_i_min;
1851 case 4: /* Read thread-ID. */
1852 return env->cp15.c15_threadid;
1853 case 8: /* TI925T_status */
1854 return 0;
1855 }
1856 /* TODO: Peripheral port remap register:
1857 * On OMAP2 mcr p15, 0, rn, c15, c2, 4 sets up the interrupt
1858 * controller base address at $rn & ~0xfff and map size of
1859 * 0x200 << ($rn & 0xfff), when MMU is off. */
1860 goto bad_reg;
1861 }
1862 if (ARM_CPUID(env) == ARM_CPUID_CORTEXA9) {
1863 switch (crm) {
1864 case 0:
1865 if ((op1 == 4) && (op2 == 0)) {
1866 /* The config_base_address should hold the value of
1867 * the peripheral base. ARM should get this from a CPU
1868 * object property, but that support isn't available in
1869 * December 2011. Default to 0 for now and board models
1870 * that care can set it by a private hook */
1871 return env->cp15.c15_config_base_address;
1872 } else if ((op1 == 0) && (op2 == 0)) {
1873 /* power_control should be set to maximum latency. Again,
1874 default to 0 and set by private hook */
1875 return env->cp15.c15_power_control;
1876 } else if ((op1 == 0) && (op2 == 1)) {
1877 return env->cp15.c15_diagnostic;
1878 } else if ((op1 == 0) && (op2 == 2)) {
1879 return env->cp15.c15_power_diagnostic;
1880 }
1881 break;
1882 case 1: /* NEON Busy */
1883 return 0;
1884 case 5: /* tlb lockdown */
1885 case 6:
1886 case 7:
1887 if ((op1 == 5) && (op2 == 2)) {
1888 return 0;
1889 }
1890 break;
1891 default:
1892 break;
1893 }
1894 goto bad_reg;
1895 }
1896 return 0;
1897 }
1898 bad_reg:
1899 /* ??? For debugging only. Should raise illegal instruction exception. */
1900 cpu_abort(env, "Unimplemented cp15 register read (c%d, c%d, {%d, %d})\n",
1901 (insn >> 16) & 0xf, crm, op1, op2);
1902 return 0;
1903 }
1904
1905 void HELPER(set_r13_banked)(CPUARMState *env, uint32_t mode, uint32_t val)
1906 {
1907 if ((env->uncached_cpsr & CPSR_M) == mode) {
1908 env->regs[13] = val;
1909 } else {
1910 env->banked_r13[bank_number(env, mode)] = val;
1911 }
1912 }
1913
1914 uint32_t HELPER(get_r13_banked)(CPUARMState *env, uint32_t mode)
1915 {
1916 if ((env->uncached_cpsr & CPSR_M) == mode) {
1917 return env->regs[13];
1918 } else {
1919 return env->banked_r13[bank_number(env, mode)];
1920 }
1921 }
1922
1923 uint32_t HELPER(v7m_mrs)(CPUARMState *env, uint32_t reg)
1924 {
1925 switch (reg) {
1926 case 0: /* APSR */
1927 return xpsr_read(env) & 0xf8000000;
1928 case 1: /* IAPSR */
1929 return xpsr_read(env) & 0xf80001ff;
1930 case 2: /* EAPSR */
1931 return xpsr_read(env) & 0xff00fc00;
1932 case 3: /* xPSR */
1933 return xpsr_read(env) & 0xff00fdff;
1934 case 5: /* IPSR */
1935 return xpsr_read(env) & 0x000001ff;
1936 case 6: /* EPSR */
1937 return xpsr_read(env) & 0x0700fc00;
1938 case 7: /* IEPSR */
1939 return xpsr_read(env) & 0x0700edff;
1940 case 8: /* MSP */
1941 return env->v7m.current_sp ? env->v7m.other_sp : env->regs[13];
1942 case 9: /* PSP */
1943 return env->v7m.current_sp ? env->regs[13] : env->v7m.other_sp;
1944 case 16: /* PRIMASK */
1945 return (env->uncached_cpsr & CPSR_I) != 0;
1946 case 17: /* BASEPRI */
1947 case 18: /* BASEPRI_MAX */
1948 return env->v7m.basepri;
1949 case 19: /* FAULTMASK */
1950 return (env->uncached_cpsr & CPSR_F) != 0;
1951 case 20: /* CONTROL */
1952 return env->v7m.control;
1953 default:
1954 /* ??? For debugging only. */
1955 cpu_abort(env, "Unimplemented system register read (%d)\n", reg);
1956 return 0;
1957 }
1958 }
1959
1960 void HELPER(v7m_msr)(CPUARMState *env, uint32_t reg, uint32_t val)
1961 {
1962 switch (reg) {
1963 case 0: /* APSR */
1964 xpsr_write(env, val, 0xf8000000);
1965 break;
1966 case 1: /* IAPSR */
1967 xpsr_write(env, val, 0xf8000000);
1968 break;
1969 case 2: /* EAPSR */
1970 xpsr_write(env, val, 0xfe00fc00);
1971 break;
1972 case 3: /* xPSR */
1973 xpsr_write(env, val, 0xfe00fc00);
1974 break;
1975 case 5: /* IPSR */
1976 /* IPSR bits are readonly. */
1977 break;
1978 case 6: /* EPSR */
1979 xpsr_write(env, val, 0x0600fc00);
1980 break;
1981 case 7: /* IEPSR */
1982 xpsr_write(env, val, 0x0600fc00);
1983 break;
1984 case 8: /* MSP */
1985 if (env->v7m.current_sp)
1986 env->v7m.other_sp = val;
1987 else
1988 env->regs[13] = val;
1989 break;
1990 case 9: /* PSP */
1991 if (env->v7m.current_sp)
1992 env->regs[13] = val;
1993 else
1994 env->v7m.other_sp = val;
1995 break;
1996 case 16: /* PRIMASK */
1997 if (val & 1)
1998 env->uncached_cpsr |= CPSR_I;
1999 else
2000 env->uncached_cpsr &= ~CPSR_I;
2001 break;
2002 case 17: /* BASEPRI */
2003 env->v7m.basepri = val & 0xff;
2004 break;
2005 case 18: /* BASEPRI_MAX */
2006 val &= 0xff;
2007 if (val != 0 && (val < env->v7m.basepri || env->v7m.basepri == 0))
2008 env->v7m.basepri = val;
2009 break;
2010 case 19: /* FAULTMASK */
2011 if (val & 1)
2012 env->uncached_cpsr |= CPSR_F;
2013 else
2014 env->uncached_cpsr &= ~CPSR_F;
2015 break;
2016 case 20: /* CONTROL */
2017 env->v7m.control = val & 3;
2018 switch_v7m_sp(env, (val & 2) != 0);
2019 break;
2020 default:
2021 /* ??? For debugging only. */
2022 cpu_abort(env, "Unimplemented system register write (%d)\n", reg);
2023 return;
2024 }
2025 }
2026
2027 void cpu_arm_set_cp_io(CPUARMState *env, int cpnum,
2028 ARMReadCPFunc *cp_read, ARMWriteCPFunc *cp_write,
2029 void *opaque)
2030 {
2031 if (cpnum < 0 || cpnum > 14) {
2032 cpu_abort(env, "Bad coprocessor number: %i\n", cpnum);
2033 return;
2034 }
2035
2036 env->cp[cpnum].cp_read = cp_read;
2037 env->cp[cpnum].cp_write = cp_write;
2038 env->cp[cpnum].opaque = opaque;
2039 }
2040
2041 #endif
2042
2043 /* Note that signed overflow is undefined in C. The following routines are
2044 careful to use unsigned types where modulo arithmetic is required.
2045 Failure to do so _will_ break on newer gcc. */
2046
2047 /* Signed saturating arithmetic. */
2048
2049 /* Perform 16-bit signed saturating addition. */
2050 static inline uint16_t add16_sat(uint16_t a, uint16_t b)
2051 {
2052 uint16_t res;
2053
2054 res = a + b;
2055 if (((res ^ a) & 0x8000) && !((a ^ b) & 0x8000)) {
2056 if (a & 0x8000)
2057 res = 0x8000;
2058 else
2059 res = 0x7fff;
2060 }
2061 return res;
2062 }
2063
2064 /* Perform 8-bit signed saturating addition. */
2065 static inline uint8_t add8_sat(uint8_t a, uint8_t b)
2066 {
2067 uint8_t res;
2068
2069 res = a + b;
2070 if (((res ^ a) & 0x80) && !((a ^ b) & 0x80)) {
2071 if (a & 0x80)
2072 res = 0x80;
2073 else
2074 res = 0x7f;
2075 }
2076 return res;
2077 }
2078
2079 /* Perform 16-bit signed saturating subtraction. */
2080 static inline uint16_t sub16_sat(uint16_t a, uint16_t b)
2081 {
2082 uint16_t res;
2083
2084 res = a - b;
2085 if (((res ^ a) & 0x8000) && ((a ^ b) & 0x8000)) {
2086 if (a & 0x8000)
2087 res = 0x8000;
2088 else
2089 res = 0x7fff;
2090 }
2091 return res;
2092 }
2093
2094 /* Perform 8-bit signed saturating subtraction. */
2095 static inline uint8_t sub8_sat(uint8_t a, uint8_t b)
2096 {
2097 uint8_t res;
2098
2099 res = a - b;
2100 if (((res ^ a) & 0x80) && ((a ^ b) & 0x80)) {
2101 if (a & 0x80)
2102 res = 0x80;
2103 else
2104 res = 0x7f;
2105 }
2106 return res;
2107 }
2108
2109 #define ADD16(a, b, n) RESULT(add16_sat(a, b), n, 16);
2110 #define SUB16(a, b, n) RESULT(sub16_sat(a, b), n, 16);
2111 #define ADD8(a, b, n) RESULT(add8_sat(a, b), n, 8);
2112 #define SUB8(a, b, n) RESULT(sub8_sat(a, b), n, 8);
2113 #define PFX q
2114
2115 #include "op_addsub.h"
2116
2117 /* Unsigned saturating arithmetic. */
2118 static inline uint16_t add16_usat(uint16_t a, uint16_t b)
2119 {
2120 uint16_t res;
2121 res = a + b;
2122 if (res < a)
2123 res = 0xffff;
2124 return res;
2125 }
2126
2127 static inline uint16_t sub16_usat(uint16_t a, uint16_t b)
2128 {
2129 if (a > b)
2130 return a - b;
2131 else
2132 return 0;
2133 }
2134
2135 static inline uint8_t add8_usat(uint8_t a, uint8_t b)
2136 {
2137 uint8_t res;
2138 res = a + b;
2139 if (res < a)
2140 res = 0xff;
2141 return res;
2142 }
2143
2144 static inline uint8_t sub8_usat(uint8_t a, uint8_t b)
2145 {
2146 if (a > b)
2147 return a - b;
2148 else
2149 return 0;
2150 }
2151
2152 #define ADD16(a, b, n) RESULT(add16_usat(a, b), n, 16);
2153 #define SUB16(a, b, n) RESULT(sub16_usat(a, b), n, 16);
2154 #define ADD8(a, b, n) RESULT(add8_usat(a, b), n, 8);
2155 #define SUB8(a, b, n) RESULT(sub8_usat(a, b), n, 8);
2156 #define PFX uq
2157
2158 #include "op_addsub.h"
2159
2160 /* Signed modulo arithmetic. */
2161 #define SARITH16(a, b, n, op) do { \
2162 int32_t sum; \
2163 sum = (int32_t)(int16_t)(a) op (int32_t)(int16_t)(b); \
2164 RESULT(sum, n, 16); \
2165 if (sum >= 0) \
2166 ge |= 3 << (n * 2); \
2167 } while(0)
2168
2169 #define SARITH8(a, b, n, op) do { \
2170 int32_t sum; \
2171 sum = (int32_t)(int8_t)(a) op (int32_t)(int8_t)(b); \
2172 RESULT(sum, n, 8); \
2173 if (sum >= 0) \
2174 ge |= 1 << n; \
2175 } while(0)
2176
2177
2178 #define ADD16(a, b, n) SARITH16(a, b, n, +)
2179 #define SUB16(a, b, n) SARITH16(a, b, n, -)
2180 #define ADD8(a, b, n) SARITH8(a, b, n, +)
2181 #define SUB8(a, b, n) SARITH8(a, b, n, -)
2182 #define PFX s
2183 #define ARITH_GE
2184
2185 #include "op_addsub.h"
2186
2187 /* Unsigned modulo arithmetic. */
2188 #define ADD16(a, b, n) do { \
2189 uint32_t sum; \
2190 sum = (uint32_t)(uint16_t)(a) + (uint32_t)(uint16_t)(b); \
2191 RESULT(sum, n, 16); \
2192 if ((sum >> 16) == 1) \
2193 ge |= 3 << (n * 2); \
2194 } while(0)
2195
2196 #define ADD8(a, b, n) do { \
2197 uint32_t sum; \
2198 sum = (uint32_t)(uint8_t)(a) + (uint32_t)(uint8_t)(b); \
2199 RESULT(sum, n, 8); \
2200 if ((sum >> 8) == 1) \
2201 ge |= 1 << n; \
2202 } while(0)
2203
2204 #define SUB16(a, b, n) do { \
2205 uint32_t sum; \
2206 sum = (uint32_t)(uint16_t)(a) - (uint32_t)(uint16_t)(b); \
2207 RESULT(sum, n, 16); \
2208 if ((sum >> 16) == 0) \
2209 ge |= 3 << (n * 2); \
2210 } while(0)
2211
2212 #define SUB8(a, b, n) do { \
2213 uint32_t sum; \
2214 sum = (uint32_t)(uint8_t)(a) - (uint32_t)(uint8_t)(b); \
2215 RESULT(sum, n, 8); \
2216 if ((sum >> 8) == 0) \
2217 ge |= 1 << n; \
2218 } while(0)
2219
2220 #define PFX u
2221 #define ARITH_GE
2222
2223 #include "op_addsub.h"
2224
2225 /* Halved signed arithmetic. */
2226 #define ADD16(a, b, n) \
2227 RESULT(((int32_t)(int16_t)(a) + (int32_t)(int16_t)(b)) >> 1, n, 16)
2228 #define SUB16(a, b, n) \
2229 RESULT(((int32_t)(int16_t)(a) - (int32_t)(int16_t)(b)) >> 1, n, 16)
2230 #define ADD8(a, b, n) \
2231 RESULT(((int32_t)(int8_t)(a) + (int32_t)(int8_t)(b)) >> 1, n, 8)
2232 #define SUB8(a, b, n) \
2233 RESULT(((int32_t)(int8_t)(a) - (int32_t)(int8_t)(b)) >> 1, n, 8)
2234 #define PFX sh
2235
2236 #include "op_addsub.h"
2237
2238 /* Halved unsigned arithmetic. */
2239 #define ADD16(a, b, n) \
2240 RESULT(((uint32_t)(uint16_t)(a) + (uint32_t)(uint16_t)(b)) >> 1, n, 16)
2241 #define SUB16(a, b, n) \
2242 RESULT(((uint32_t)(uint16_t)(a) - (uint32_t)(uint16_t)(b)) >> 1, n, 16)
2243 #define ADD8(a, b, n) \
2244 RESULT(((uint32_t)(uint8_t)(a) + (uint32_t)(uint8_t)(b)) >> 1, n, 8)
2245 #define SUB8(a, b, n) \
2246 RESULT(((uint32_t)(uint8_t)(a) - (uint32_t)(uint8_t)(b)) >> 1, n, 8)
2247 #define PFX uh
2248
2249 #include "op_addsub.h"
2250
2251 static inline uint8_t do_usad(uint8_t a, uint8_t b)
2252 {
2253 if (a > b)
2254 return a - b;
2255 else
2256 return b - a;
2257 }
2258
2259 /* Unsigned sum of absolute byte differences. */
2260 uint32_t HELPER(usad8)(uint32_t a, uint32_t b)
2261 {
2262 uint32_t sum;
2263 sum = do_usad(a, b);
2264 sum += do_usad(a >> 8, b >> 8);
2265 sum += do_usad(a >> 16, b >>16);
2266 sum += do_usad(a >> 24, b >> 24);
2267 return sum;
2268 }
2269
2270 /* For ARMv6 SEL instruction. */
2271 uint32_t HELPER(sel_flags)(uint32_t flags, uint32_t a, uint32_t b)
2272 {
2273 uint32_t mask;
2274
2275 mask = 0;
2276 if (flags & 1)
2277 mask |= 0xff;
2278 if (flags & 2)
2279 mask |= 0xff00;
2280 if (flags & 4)
2281 mask |= 0xff0000;
2282 if (flags & 8)
2283 mask |= 0xff000000;
2284 return (a & mask) | (b & ~mask);
2285 }
2286
2287 uint32_t HELPER(logicq_cc)(uint64_t val)
2288 {
2289 return (val >> 32) | (val != 0);
2290 }
2291
2292 /* VFP support. We follow the convention used for VFP instrunctions:
2293 Single precition routines have a "s" suffix, double precision a
2294 "d" suffix. */
2295
2296 /* Convert host exception flags to vfp form. */
2297 static inline int vfp_exceptbits_from_host(int host_bits)
2298 {
2299 int target_bits = 0;
2300
2301 if (host_bits & float_flag_invalid)
2302 target_bits |= 1;
2303 if (host_bits & float_flag_divbyzero)
2304 target_bits |= 2;
2305 if (host_bits & float_flag_overflow)
2306 target_bits |= 4;
2307 if (host_bits & (float_flag_underflow | float_flag_output_denormal))
2308 target_bits |= 8;
2309 if (host_bits & float_flag_inexact)
2310 target_bits |= 0x10;
2311 if (host_bits & float_flag_input_denormal)
2312 target_bits |= 0x80;
2313 return target_bits;
2314 }
2315
2316 uint32_t HELPER(vfp_get_fpscr)(CPUARMState *env)
2317 {
2318 int i;
2319 uint32_t fpscr;
2320
2321 fpscr = (env->vfp.xregs[ARM_VFP_FPSCR] & 0xffc8ffff)
2322 | (env->vfp.vec_len << 16)
2323 | (env->vfp.vec_stride << 20);
2324 i = get_float_exception_flags(&env->vfp.fp_status);
2325 i |= get_float_exception_flags(&env->vfp.standard_fp_status);
2326 fpscr |= vfp_exceptbits_from_host(i);
2327 return fpscr;
2328 }
2329
2330 uint32_t vfp_get_fpscr(CPUARMState *env)
2331 {
2332 return HELPER(vfp_get_fpscr)(env);
2333 }
2334
2335 /* Convert vfp exception flags to target form. */
2336 static inline int vfp_exceptbits_to_host(int target_bits)
2337 {
2338 int host_bits = 0;
2339
2340 if (target_bits & 1)
2341 host_bits |= float_flag_invalid;
2342 if (target_bits & 2)
2343 host_bits |= float_flag_divbyzero;
2344 if (target_bits & 4)
2345 host_bits |= float_flag_overflow;
2346 if (target_bits & 8)
2347 host_bits |= float_flag_underflow;
2348 if (target_bits & 0x10)
2349 host_bits |= float_flag_inexact;
2350 if (target_bits & 0x80)
2351 host_bits |= float_flag_input_denormal;
2352 return host_bits;
2353 }
2354
2355 void HELPER(vfp_set_fpscr)(CPUARMState *env, uint32_t val)
2356 {
2357 int i;
2358 uint32_t changed;
2359
2360 changed = env->vfp.xregs[ARM_VFP_FPSCR];
2361 env->vfp.xregs[ARM_VFP_FPSCR] = (val & 0xffc8ffff);
2362 env->vfp.vec_len = (val >> 16) & 7;
2363 env->vfp.vec_stride = (val >> 20) & 3;
2364
2365 changed ^= val;
2366 if (changed & (3 << 22)) {
2367 i = (val >> 22) & 3;
2368 switch (i) {
2369 case 0:
2370 i = float_round_nearest_even;
2371 break;
2372 case 1:
2373 i = float_round_up;
2374 break;
2375 case 2:
2376 i = float_round_down;
2377 break;
2378 case 3:
2379 i = float_round_to_zero;
2380 break;
2381 }
2382 set_float_rounding_mode(i, &env->vfp.fp_status);
2383 }
2384 if (changed & (1 << 24)) {
2385 set_flush_to_zero((val & (1 << 24)) != 0, &env->vfp.fp_status);
2386 set_flush_inputs_to_zero((val & (1 << 24)) != 0, &env->vfp.fp_status);
2387 }
2388 if (changed & (1 << 25))
2389 set_default_nan_mode((val & (1 << 25)) != 0, &env->vfp.fp_status);
2390
2391 i = vfp_exceptbits_to_host(val);
2392 set_float_exception_flags(i, &env->vfp.fp_status);
2393 set_float_exception_flags(0, &env->vfp.standard_fp_status);
2394 }
2395
2396 void vfp_set_fpscr(CPUARMState *env, uint32_t val)
2397 {
2398 HELPER(vfp_set_fpscr)(env, val);
2399 }
2400
2401 #define VFP_HELPER(name, p) HELPER(glue(glue(vfp_,name),p))
2402
2403 #define VFP_BINOP(name) \
2404 float32 VFP_HELPER(name, s)(float32 a, float32 b, void *fpstp) \
2405 { \
2406 float_status *fpst = fpstp; \
2407 return float32_ ## name(a, b, fpst); \
2408 } \
2409 float64 VFP_HELPER(name, d)(float64 a, float64 b, void *fpstp) \
2410 { \
2411 float_status *fpst = fpstp; \
2412 return float64_ ## name(a, b, fpst); \
2413 }
2414 VFP_BINOP(add)
2415 VFP_BINOP(sub)
2416 VFP_BINOP(mul)
2417 VFP_BINOP(div)
2418 #undef VFP_BINOP
2419
2420 float32 VFP_HELPER(neg, s)(float32 a)
2421 {
2422 return float32_chs(a);
2423 }
2424
2425 float64 VFP_HELPER(neg, d)(float64 a)
2426 {
2427 return float64_chs(a);
2428 }
2429
2430 float32 VFP_HELPER(abs, s)(float32 a)
2431 {
2432 return float32_abs(a);
2433 }
2434
2435 float64 VFP_HELPER(abs, d)(float64 a)
2436 {
2437 return float64_abs(a);
2438 }
2439
2440 float32 VFP_HELPER(sqrt, s)(float32 a, CPUARMState *env)
2441 {
2442 return float32_sqrt(a, &env->vfp.fp_status);
2443 }
2444
2445 float64 VFP_HELPER(sqrt, d)(float64 a, CPUARMState *env)
2446 {
2447 return float64_sqrt(a, &env->vfp.fp_status);
2448 }
2449
2450 /* XXX: check quiet/signaling case */
2451 #define DO_VFP_cmp(p, type) \
2452 void VFP_HELPER(cmp, p)(type a, type b, CPUARMState *env) \
2453 { \
2454 uint32_t flags; \
2455 switch(type ## _compare_quiet(a, b, &env->vfp.fp_status)) { \
2456 case 0: flags = 0x6; break; \
2457 case -1: flags = 0x8; break; \
2458 case 1: flags = 0x2; break; \
2459 default: case 2: flags = 0x3; break; \
2460 } \
2461 env->vfp.xregs[ARM_VFP_FPSCR] = (flags << 28) \
2462 | (env->vfp.xregs[ARM_VFP_FPSCR] & 0x0fffffff); \
2463 } \
2464 void VFP_HELPER(cmpe, p)(type a, type b, CPUARMState *env) \
2465 { \
2466 uint32_t flags; \
2467 switch(type ## _compare(a, b, &env->vfp.fp_status)) { \
2468 case 0: flags = 0x6; break; \
2469 case -1: flags = 0x8; break; \
2470 case 1: flags = 0x2; break; \
2471 default: case 2: flags = 0x3; break; \
2472 } \
2473 env->vfp.xregs[ARM_VFP_FPSCR] = (flags << 28) \
2474 | (env->vfp.xregs[ARM_VFP_FPSCR] & 0x0fffffff); \
2475 }
2476 DO_VFP_cmp(s, float32)
2477 DO_VFP_cmp(d, float64)
2478 #undef DO_VFP_cmp
2479
2480 /* Integer to float and float to integer conversions */
2481
2482 #define CONV_ITOF(name, fsz, sign) \
2483 float##fsz HELPER(name)(uint32_t x, void *fpstp) \
2484 { \
2485 float_status *fpst = fpstp; \
2486 return sign##int32_to_##float##fsz((sign##int32_t)x, fpst); \
2487 }
2488
2489 #define CONV_FTOI(name, fsz, sign, round) \
2490 uint32_t HELPER(name)(float##fsz x, void *fpstp) \
2491 { \
2492 float_status *fpst = fpstp; \
2493 if (float##fsz##_is_any_nan(x)) { \
2494 float_raise(float_flag_invalid, fpst); \
2495 return 0; \
2496 } \
2497 return float##fsz##_to_##sign##int32##round(x, fpst); \
2498 }
2499
2500 #define FLOAT_CONVS(name, p, fsz, sign) \
2501 CONV_ITOF(vfp_##name##to##p, fsz, sign) \
2502 CONV_FTOI(vfp_to##name##p, fsz, sign, ) \
2503 CONV_FTOI(vfp_to##name##z##p, fsz, sign, _round_to_zero)
2504
2505 FLOAT_CONVS(si, s, 32, )
2506 FLOAT_CONVS(si, d, 64, )
2507 FLOAT_CONVS(ui, s, 32, u)
2508 FLOAT_CONVS(ui, d, 64, u)
2509
2510 #undef CONV_ITOF
2511 #undef CONV_FTOI
2512 #undef FLOAT_CONVS
2513
2514 /* floating point conversion */
2515 float64 VFP_HELPER(fcvtd, s)(float32 x, CPUARMState *env)
2516 {
2517 float64 r = float32_to_float64(x, &env->vfp.fp_status);
2518 /* ARM requires that S<->D conversion of any kind of NaN generates
2519 * a quiet NaN by forcing the most significant frac bit to 1.
2520 */
2521 return float64_maybe_silence_nan(r);
2522 }
2523
2524 float32 VFP_HELPER(fcvts, d)(float64 x, CPUARMState *env)
2525 {
2526 float32 r = float64_to_float32(x, &env->vfp.fp_status);
2527 /* ARM requires that S<->D conversion of any kind of NaN generates
2528 * a quiet NaN by forcing the most significant frac bit to 1.
2529 */
2530 return float32_maybe_silence_nan(r);
2531 }
2532
2533 /* VFP3 fixed point conversion. */
2534 #define VFP_CONV_FIX(name, p, fsz, itype, sign) \
2535 float##fsz HELPER(vfp_##name##to##p)(uint##fsz##_t x, uint32_t shift, \
2536 void *fpstp) \
2537 { \
2538 float_status *fpst = fpstp; \
2539 float##fsz tmp; \
2540 tmp = sign##int32_to_##float##fsz((itype##_t)x, fpst); \
2541 return float##fsz##_scalbn(tmp, -(int)shift, fpst); \
2542 } \
2543 uint##fsz##_t HELPER(vfp_to##name##p)(float##fsz x, uint32_t shift, \
2544 void *fpstp) \
2545 { \
2546 float_status *fpst = fpstp; \
2547 float##fsz tmp; \
2548 if (float##fsz##_is_any_nan(x)) { \
2549 float_raise(float_flag_invalid, fpst); \
2550 return 0; \
2551 } \
2552 tmp = float##fsz##_scalbn(x, shift, fpst); \
2553 return float##fsz##_to_##itype##_round_to_zero(tmp, fpst); \
2554 }
2555
2556 VFP_CONV_FIX(sh, d, 64, int16, )
2557 VFP_CONV_FIX(sl, d, 64, int32, )
2558 VFP_CONV_FIX(uh, d, 64, uint16, u)
2559 VFP_CONV_FIX(ul, d, 64, uint32, u)
2560 VFP_CONV_FIX(sh, s, 32, int16, )
2561 VFP_CONV_FIX(sl, s, 32, int32, )
2562 VFP_CONV_FIX(uh, s, 32, uint16, u)
2563 VFP_CONV_FIX(ul, s, 32, uint32, u)
2564 #undef VFP_CONV_FIX
2565
2566 /* Half precision conversions. */
2567 static float32 do_fcvt_f16_to_f32(uint32_t a, CPUARMState *env, float_status *s)
2568 {
2569 int ieee = (env->vfp.xregs[ARM_VFP_FPSCR] & (1 << 26)) == 0;
2570 float32 r = float16_to_float32(make_float16(a), ieee, s);
2571 if (ieee) {
2572 return float32_maybe_silence_nan(r);
2573 }
2574 return r;
2575 }
2576
2577 static uint32_t do_fcvt_f32_to_f16(float32 a, CPUARMState *env, float_status *s)
2578 {
2579 int ieee = (env->vfp.xregs[ARM_VFP_FPSCR] & (1 << 26)) == 0;
2580 float16 r = float32_to_float16(a, ieee, s);
2581 if (ieee) {
2582 r = float16_maybe_silence_nan(r);
2583 }
2584 return float16_val(r);
2585 }
2586
2587 float32 HELPER(neon_fcvt_f16_to_f32)(uint32_t a, CPUARMState *env)
2588 {
2589 return do_fcvt_f16_to_f32(a, env, &env->vfp.standard_fp_status);
2590 }
2591
2592 uint32_t HELPER(neon_fcvt_f32_to_f16)(float32 a, CPUARMState *env)
2593 {
2594 return do_fcvt_f32_to_f16(a, env, &env->vfp.standard_fp_status);
2595 }
2596
2597 float32 HELPER(vfp_fcvt_f16_to_f32)(uint32_t a, CPUARMState *env)
2598 {
2599 return do_fcvt_f16_to_f32(a, env, &env->vfp.fp_status);
2600 }
2601
2602 uint32_t HELPER(vfp_fcvt_f32_to_f16)(float32 a, CPUARMState *env)
2603 {
2604 return do_fcvt_f32_to_f16(a, env, &env->vfp.fp_status);
2605 }
2606
2607 #define float32_two make_float32(0x40000000)
2608 #define float32_three make_float32(0x40400000)
2609 #define float32_one_point_five make_float32(0x3fc00000)
2610
2611 float32 HELPER(recps_f32)(float32 a, float32 b, CPUARMState *env)
2612 {
2613 float_status *s = &env->vfp.standard_fp_status;
2614 if ((float32_is_infinity(a) && float32_is_zero_or_denormal(b)) ||
2615 (float32_is_infinity(b) && float32_is_zero_or_denormal(a))) {
2616 if (!(float32_is_zero(a) || float32_is_zero(b))) {
2617 float_raise(float_flag_input_denormal, s);
2618 }
2619 return float32_two;
2620 }
2621 return float32_sub(float32_two, float32_mul(a, b, s), s);
2622 }
2623
2624 float32 HELPER(rsqrts_f32)(float32 a, float32 b, CPUARMState *env)
2625 {
2626 float_status *s = &env->vfp.standard_fp_status;
2627 float32 product;
2628 if ((float32_is_infinity(a) && float32_is_zero_or_denormal(b)) ||
2629 (float32_is_infinity(b) && float32_is_zero_or_denormal(a))) {
2630 if (!(float32_is_zero(a) || float32_is_zero(b))) {
2631 float_raise(float_flag_input_denormal, s);
2632 }
2633 return float32_one_point_five;
2634 }
2635 product = float32_mul(a, b, s);
2636 return float32_div(float32_sub(float32_three, product, s), float32_two, s);
2637 }
2638
2639 /* NEON helpers. */
2640
2641 /* Constants 256 and 512 are used in some helpers; we avoid relying on
2642 * int->float conversions at run-time. */
2643 #define float64_256 make_float64(0x4070000000000000LL)
2644 #define float64_512 make_float64(0x4080000000000000LL)
2645
2646 /* The algorithm that must be used to calculate the estimate
2647 * is specified by the ARM ARM.
2648 */
2649 static float64 recip_estimate(float64 a, CPUARMState *env)
2650 {
2651 /* These calculations mustn't set any fp exception flags,
2652 * so we use a local copy of the fp_status.
2653 */
2654 float_status dummy_status = env->vfp.standard_fp_status;
2655 float_status *s = &dummy_status;
2656 /* q = (int)(a * 512.0) */
2657 float64 q = float64_mul(float64_512, a, s);
2658 int64_t q_int = float64_to_int64_round_to_zero(q, s);
2659
2660 /* r = 1.0 / (((double)q + 0.5) / 512.0) */
2661 q = int64_to_float64(q_int, s);
2662 q = float64_add(q, float64_half, s);
2663 q = float64_div(q, float64_512, s);
2664 q = float64_div(float64_one, q, s);
2665
2666 /* s = (int)(256.0 * r + 0.5) */
2667 q = float64_mul(q, float64_256, s);
2668 q = float64_add(q, float64_half, s);
2669 q_int = float64_to_int64_round_to_zero(q, s);
2670
2671 /* return (double)s / 256.0 */
2672 return float64_div(int64_to_float64(q_int, s), float64_256, s);
2673 }
2674
2675 float32 HELPER(recpe_f32)(float32 a, CPUARMState *env)
2676 {
2677 float_status *s = &env->vfp.standard_fp_status;
2678 float64 f64;
2679 uint32_t val32 = float32_val(a);
2680
2681 int result_exp;
2682 int a_exp = (val32 & 0x7f800000) >> 23;
2683 int sign = val32 & 0x80000000;
2684
2685 if (float32_is_any_nan(a)) {
2686 if (float32_is_signaling_nan(a)) {
2687 float_raise(float_flag_invalid, s);
2688 }
2689 return float32_default_nan;
2690 } else if (float32_is_infinity(a)) {
2691 return float32_set_sign(float32_zero, float32_is_neg(a));
2692 } else if (float32_is_zero_or_denormal(a)) {
2693 if (!float32_is_zero(a)) {
2694 float_raise(float_flag_input_denormal, s);
2695 }
2696 float_raise(float_flag_divbyzero, s);
2697 return float32_set_sign(float32_infinity, float32_is_neg(a));
2698 } else if (a_exp >= 253) {
2699 float_raise(float_flag_underflow, s);
2700 return float32_set_sign(float32_zero, float32_is_neg(a));
2701 }
2702
2703 f64 = make_float64((0x3feULL << 52)
2704 | ((int64_t)(val32 & 0x7fffff) << 29));
2705
2706 result_exp = 253 - a_exp;
2707
2708 f64 = recip_estimate(f64, env);
2709
2710 val32 = sign
2711 | ((result_exp & 0xff) << 23)
2712 | ((float64_val(f64) >> 29) & 0x7fffff);
2713 return make_float32(val32);
2714 }
2715
2716 /* The algorithm that must be used to calculate the estimate
2717 * is specified by the ARM ARM.
2718 */
2719 static float64 recip_sqrt_estimate(float64 a, CPUARMState *env)
2720 {
2721 /* These calculations mustn't set any fp exception flags,
2722 * so we use a local copy of the fp_status.
2723 */
2724 float_status dummy_status = env->vfp.standard_fp_status;
2725 float_status *s = &dummy_status;
2726 float64 q;
2727 int64_t q_int;
2728
2729 if (float64_lt(a, float64_half, s)) {
2730 /* range 0.25 <= a < 0.5 */
2731
2732 /* a in units of 1/512 rounded down */
2733 /* q0 = (int)(a * 512.0); */
2734 q = float64_mul(float64_512, a, s);
2735 q_int = float64_to_int64_round_to_zero(q, s);
2736
2737 /* reciprocal root r */
2738 /* r = 1.0 / sqrt(((double)q0 + 0.5) / 512.0); */
2739 q = int64_to_float64(q_int, s);
2740 q = float64_add(q, float64_half, s);
2741 q = float64_div(q, float64_512, s);
2742 q = float64_sqrt(q, s);
2743 q = float64_div(float64_one, q, s);
2744 } else {
2745 /* range 0.5 <= a < 1.0 */
2746
2747 /* a in units of 1/256 rounded down */
2748 /* q1 = (int)(a * 256.0); */
2749 q = float64_mul(float64_256, a, s);
2750 int64_t q_int = float64_to_int64_round_to_zero(q, s);
2751
2752 /* reciprocal root r */
2753 /* r = 1.0 /sqrt(((double)q1 + 0.5) / 256); */
2754 q = int64_to_float64(q_int, s);
2755 q = float64_add(q, float64_half, s);
2756 q = float64_div(q, float64_256, s);
2757 q = float64_sqrt(q, s);
2758 q = float64_div(float64_one, q, s);
2759 }
2760 /* r in units of 1/256 rounded to nearest */
2761 /* s = (int)(256.0 * r + 0.5); */
2762
2763 q = float64_mul(q, float64_256,s );
2764 q = float64_add(q, float64_half, s);
2765 q_int = float64_to_int64_round_to_zero(q, s);
2766
2767 /* return (double)s / 256.0;*/
2768 return float64_div(int64_to_float64(q_int, s), float64_256, s);
2769 }
2770
2771 float32 HELPER(rsqrte_f32)(float32 a, CPUARMState *env)
2772 {
2773 float_status *s = &env->vfp.standard_fp_status;
2774 int result_exp;
2775 float64 f64;
2776 uint32_t val;
2777 uint64_t val64;
2778
2779 val = float32_val(a);
2780
2781 if (float32_is_any_nan(a)) {
2782 if (float32_is_signaling_nan(a)) {
2783 float_raise(float_flag_invalid, s);
2784 }
2785 return float32_default_nan;
2786 } else if (float32_is_zero_or_denormal(a)) {
2787 if (!float32_is_zero(a)) {
2788 float_raise(float_flag_input_denormal, s);
2789 }
2790 float_raise(float_flag_divbyzero, s);
2791 return float32_set_sign(float32_infinity, float32_is_neg(a));
2792 } else if (float32_is_neg(a)) {
2793 float_raise(float_flag_invalid, s);
2794 return float32_default_nan;
2795 } else if (float32_is_infinity(a)) {
2796 return float32_zero;
2797 }
2798
2799 /* Normalize to a double-precision value between 0.25 and 1.0,
2800 * preserving the parity of the exponent. */
2801 if ((val & 0x800000) == 0) {
2802 f64 = make_float64(((uint64_t)(val & 0x80000000) << 32)
2803 | (0x3feULL << 52)
2804 | ((uint64_t)(val & 0x7fffff) << 29));
2805 } else {
2806 f64 = make_float64(((uint64_t)(val & 0x80000000) << 32)
2807 | (0x3fdULL << 52)
2808 | ((uint64_t)(val & 0x7fffff) << 29));
2809 }
2810
2811 result_exp = (380 - ((val & 0x7f800000) >> 23)) / 2;
2812
2813 f64 = recip_sqrt_estimate(f64, env);
2814
2815 val64 = float64_val(f64);
2816
2817 val = ((result_exp & 0xff) << 23)
2818 | ((val64 >> 29) & 0x7fffff);
2819 return make_float32(val);
2820 }
2821
2822 uint32_t HELPER(recpe_u32)(uint32_t a, CPUARMState *env)
2823 {
2824 float64 f64;
2825
2826 if ((a & 0x80000000) == 0) {
2827 return 0xffffffff;
2828 }
2829
2830 f64 = make_float64((0x3feULL << 52)
2831 | ((int64_t)(a & 0x7fffffff) << 21));
2832
2833 f64 = recip_estimate (f64, env);
2834
2835 return 0x80000000 | ((float64_val(f64) >> 21) & 0x7fffffff);
2836 }
2837
2838 uint32_t HELPER(rsqrte_u32)(uint32_t a, CPUARMState *env)
2839 {
2840 float64 f64;
2841
2842 if ((a & 0xc0000000) == 0) {
2843 return 0xffffffff;
2844 }
2845
2846 if (a & 0x80000000) {
2847 f64 = make_float64((0x3feULL << 52)
2848 | ((uint64_t)(a & 0x7fffffff) << 21));
2849 } else { /* bits 31-30 == '01' */
2850 f64 = make_float64((0x3fdULL << 52)
2851 | ((uint64_t)(a & 0x3fffffff) << 22));
2852 }
2853
2854 f64 = recip_sqrt_estimate(f64, env);
2855
2856 return 0x80000000 | ((float64_val(f64) >> 21) & 0x7fffffff);
2857 }
2858
2859 /* VFPv4 fused multiply-accumulate */
2860 float32 VFP_HELPER(muladd, s)(float32 a, float32 b, float32 c, void *fpstp)
2861 {
2862 float_status *fpst = fpstp;
2863 return float32_muladd(a, b, c, 0, fpst);
2864 }
2865
2866 float64 VFP_HELPER(muladd, d)(float64 a, float64 b, float64 c, void *fpstp)
2867 {
2868 float_status *fpst = fpstp;
2869 return float64_muladd(a, b, c, 0, fpst);
2870 }
2871
2872 void HELPER(set_teecr)(CPUARMState *env, uint32_t val)
2873 {
2874 val &= 1;
2875 if (env->teecr != val) {
2876 env->teecr = val;
2877 tb_flush(env);
2878 }
2879 }
QEMU modified to work with kvm