| blob | e7f0e2bbe375e460064741583f3a218b792ccbe7 |
1 /*
2 * QEMU AVR CPU
3 *
4 * Copyright (c) 2019-2020 Michael Rolnik
5 *
6 * This library is free software; you can redistribute it and/or
7 * modify it under the terms of the GNU Lesser General Public
8 * License as published by the Free Software Foundation; either
9 * version 2.1 of the License, or (at your option) any later version.
10 *
11 * This library is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
14 * Lesser General Public License for more details.
15 *
16 * You should have received a copy of the GNU Lesser General Public
17 * License along with this library; if not, see
18 * <http://www.gnu.org/licenses/lgpl-2.1.html>
19 */
34 /*
35 * Define if you want a BREAK instruction translated to a breakpoint
36 * Active debugging connection is assumed
37 * This is for
38 * https://github.com/seharris/qemu-avr-tests/tree/master/instruction-tests
39 * tests
40 */
41 #undef BREAKPOINT_ON_BREAK
70 };
71 #define REG(x) (cpu_r[x])
79 /* This is the state at translation time. */
81 DisasContextBase base;
86 target_long npc;
89 /* Routine used to access memory */
92 /*
93 * some AVR instructions can make the following instruction to be skipped
94 * Let's name those instructions
95 * A - instruction that can skip the next one
96 * B - instruction that can be skipped. this depends on execution of A
97 * there are two scenarios
98 * 1. A and B belong to the same translation block
99 * 2. A is the last instruction in the translation block and B is the last
100 *
101 * following variables are used to simplify the skipping logic, they are
102 * used in the following manner (sketch)
103 *
104 * TCGLabel *skip_label = NULL;
105 * if (ctx->skip_cond != TCG_COND_NEVER) {
106 * skip_label = gen_new_label();
107 * tcg_gen_brcond_tl(skip_cond, skip_var0, skip_var1, skip_label);
108 * }
109 *
110 * translate(ctx);
111 *
112 * if (skip_label) {
113 * gen_set_label(skip_label);
114 * }
115 */
116 TCGv skip_var0;
117 TCGv skip_var1;
118 TCGCond skip_cond;
119 };
122 {
125 #define AVR_REG_OFFS(x) offsetof(CPUAVRState, x)
146 }
147 #undef AVR_REG_OFFS
148 }
151 {
153 }
156 {
158 }
161 {
163 }
166 {
168 }
171 {
173 }
176 {
178 }
181 {
186 }
188 }
193 /*
194 * Arithmetic Instructions
195 */
197 /*
198 * Utility functions for updating status registers:
199 *
200 * - gen_add_CHf()
201 * - gen_add_Vf()
202 * - gen_sub_CHf()
203 * - gen_sub_Vf()
204 * - gen_NSf()
205 * - gen_ZNSf()
206 *
207 */
210 {
228 }
231 {
235 /* t1 = Rd & Rr & ~R | ~Rd & ~Rr & R */
236 /* = (Rd ^ R) & ~(Rd ^ Rr) */
245 }
248 {
266 }
269 {
273 /* t1 = Rd & ~Rr & ~R | ~Rd & Rr & R */
274 /* = (Rd ^ R) & (Rd ^ R) */
283 }
286 {
289 }
292 {
295 /* update status register */
298 }
300 /*
301 * Adds two registers without the C Flag and places the result in the
302 * destination register Rd.
303 */
305 {
313 /* update status register */
318 /* update output registers */
324 }
326 /*
327 * Adds two registers and the contents of the C Flag and places the result in
328 * the destination register Rd.
329 */
331 {
340 /* update status register */
345 /* update output registers */
351 }
353 /*
354 * Adds an immediate value (0 - 63) to a register pair and places the result
355 * in the register pair. This instruction operates on the upper four register
356 * pairs, and is well suited for operations on the pointer registers. This
357 * instruction is not available in all devices. Refer to the device specific
358 * instruction set summary.
359 */
361 {
364 }
376 /* update status register */
385 /* update output registers */
393 }
395 /*
396 * Subtracts two registers and places the result in the destination
397 * register Rd.
398 */
400 {
408 /* update status register */
414 /* update output registers */
420 }
422 /*
423 * Subtracts a register and a constant and places the result in the
424 * destination register Rd. This instruction is working on Register R16 to R31
425 * and is very well suited for operations on the X, Y, and Z-pointers.
426 */
428 {
436 /* update status register */
441 /* update output registers */
448 }
450 /*
451 * Subtracts two registers and subtracts with the C Flag and places the
452 * result in the destination register Rd.
453 */
455 {
465 /* update status register */
470 /*
471 * Previous value remains unchanged when the result is zero;
472 * cleared otherwise.
473 */
476 /* update output registers */
483 }
485 /*
486 * SBCI -- Subtract Immediate with Carry
487 */
489 {
499 /* update status register */
504 /*
505 * Previous value remains unchanged when the result is zero;
506 * cleared otherwise.
507 */
510 /* update output registers */
518 }
520 /*
521 * Subtracts an immediate value (0-63) from a register pair and places the
522 * result in the register pair. This instruction operates on the upper four
523 * register pairs, and is well suited for operations on the Pointer Registers.
524 * This instruction is not available in all devices. Refer to the device
525 * specific instruction set summary.
526 */
528 {
531 }
543 /* update status register */
552 /* update output registers */
560 }
562 /*
563 * Performs the logical AND between the contents of register Rd and register
564 * Rr and places the result in the destination register Rd.
565 */
567 {
574 /* update status register */
579 /* update output registers */
585 }
587 /*
588 * Performs the logical AND between the contents of register Rd and a constant
589 * and places the result in the destination register Rd.
590 */
592 {
598 /* update status register */
603 }
605 /*
606 * Performs the logical OR between the contents of register Rd and register
607 * Rr and places the result in the destination register Rd.
608 */
610 {
617 /* update status register */
621 /* update output registers */
627 }
629 /*
630 * Performs the logical OR between the contents of register Rd and a
631 * constant and places the result in the destination register Rd.
632 */
634 {
640 /* update status register */
645 }
647 /*
648 * Performs the logical EOR between the contents of register Rd and
649 * register Rr and places the result in the destination register Rd.
650 */
652 {
658 /* update status register */
663 }
665 /*
666 * Clears the specified bits in register Rd. Performs the logical AND
667 * between the contents of register Rd and the complement of the constant mask
668 * K. The result will be placed in register Rd.
669 */
671 {
677 /* update status register */
685 }
687 /*
688 * Replaces the contents of register Rd with its two's complement; the
689 * value $80 is left unchanged.
690 */
692 {
700 /* update status register */
705 /* update output registers */
712 }
714 /*
715 * Adds one -1- to the contents of register Rd and places the result in the
716 * destination register Rd. The C Flag in SREG is not affected by the
717 * operation, thus allowing the INC instruction to be used on a loop counter in
718 * multiple-precision computations. When operating on unsigned numbers, only
719 * BREQ and BRNE branches can be expected to perform consistently. When
720 * operating on two's complement values, all signed branches are available.
721 */
723 {
729 /* update status register */
734 }
736 /*
737 * Subtracts one -1- from the contents of register Rd and places the result
738 * in the destination register Rd. The C Flag in SREG is not affected by the
739 * operation, thus allowing the DEC instruction to be used on a loop counter in
740 * multiple-precision computations. When operating on unsigned values, only
741 * BREQ and BRNE branches can be expected to perform consistently. When
742 * operating on two's complement values, all signed branches are available.
743 */
745 {
751 /* update status register */
756 }
758 /*
759 * This instruction performs 8-bit x 8-bit -> 16-bit unsigned multiplication.
760 */
762 {
765 }
777 /* update status register */
784 }
786 /*
787 * This instruction performs 8-bit x 8-bit -> 16-bit signed multiplication.
788 */
790 {
793 }
810 /* update status register */
819 }
821 /*
822 * This instruction performs 8-bit x 8-bit -> 16-bit multiplication of a
823 * signed and an unsigned number.
824 */
826 {
829 }
844 /* update status register */
852 }
854 /*
855 * This instruction performs 8-bit x 8-bit -> 16-bit unsigned
856 * multiplication and shifts the result one bit left.
857 */
859 {
862 }
872 /* update status register */
876 /* update output registers */
886 }
888 /*
889 * This instruction performs 8-bit x 8-bit -> 16-bit signed multiplication
890 * and shifts the result one bit left.
891 */
893 {
896 }
911 /* update status register */
915 /* update output registers */
926 }
928 /*
929 * This instruction performs 8-bit x 8-bit -> 16-bit signed multiplication
930 * and shifts the result one bit left.
931 */
933 {
936 }
949 /* update status register */
953 /* update output registers */
963 }
965 /*
966 * The module is an instruction set extension to the AVR CPU, performing
967 * DES iterations. The 64-bit data block (plaintext or ciphertext) is placed in
968 * the CPU register file, registers R0-R7, where LSB of data is placed in LSB
969 * of R0 and MSB of data is placed in MSB of R7. The full 64-bit key (including
970 * parity bits) is placed in registers R8- R15, organized in the register file
971 * with LSB of key in LSB of R8 and MSB of key in MSB of R15. Executing one DES
972 * instruction performs one round in the DES algorithm. Sixteen rounds must be
973 * executed in increasing order to form the correct DES ciphertext or
974 * plaintext. Intermediate results are stored in the register file (R0-R15)
975 * after each DES instruction. The instruction's operand (K) determines which
976 * round is executed, and the half carry flag (H) determines whether encryption
977 * or decryption is performed. The DES algorithm is described in
978 * "Specifications for the Data Encryption Standard" (Federal Information
979 * Processing Standards Publication 46). Intermediate results in this
980 * implementation differ from the standard because the initial permutation and
981 * the inverse initial permutation are performed each iteration. This does not
982 * affect the result in the final ciphertext or plaintext, but reduces
983 * execution time.
984 */
986 {
987 /* TODO */
990 }
995 }
997 /*
998 * Branch Instructions
999 */
1001 {
1005 }
1008 {
1011 }
1014 {
1045 }
1046 }
1049 {
1071 }
1072 }
1075 {
1085 }
1087 }
1089 /*
1090 * Relative jump to an address within PC - 2K +1 and PC + 2K (words). For
1091 * AVR microcontrollers with Program memory not exceeding 4K words (8KB) this
1092 * instruction can address the entire memory from every address location. See
1093 * also JMP.
1094 */
1096 {
1102 }
1104 /*
1105 * Indirect jump to the address pointed to by the Z (16 bits) Pointer
1106 * Register in the Register File. The Z-pointer Register is 16 bits wide and
1107 * allows jump within the lowest 64K words (128KB) section of Program memory.
1108 * This instruction is not available in all devices. Refer to the device
1109 * specific instruction set summary.
1110 */
1112 {
1115 }
1120 }
1122 /*
1123 * Indirect jump to the address pointed to by the Z (16 bits) Pointer
1124 * Register in the Register File and the EIND Register in the I/O space. This
1125 * instruction allows for indirect jumps to the entire 4M (words) Program
1126 * memory space. See also IJMP. This instruction is not available in all
1127 * devices. Refer to the device specific instruction set summary.
1128 */
1130 {
1133 }
1137 }
1139 /*
1140 * Jump to an address within the entire 4M (words) Program memory. See also
1141 * RJMP. This instruction is not available in all devices. Refer to the device
1142 * specific instruction set summary.0
1143 */
1145 {
1148 }
1153 }
1155 /*
1156 * Relative call to an address within PC - 2K + 1 and PC + 2K (words). The
1157 * return address (the instruction after the RCALL) is stored onto the Stack.
1158 * See also CALL. For AVR microcontrollers with Program memory not exceeding 4K
1159 * words (8KB) this instruction can address the entire memory from every
1160 * address location. The Stack Pointer uses a post-decrement scheme during
1161 * RCALL.
1162 */
1164 {
1172 }
1174 /*
1175 * Calls to a subroutine within the entire 4M (words) Program memory. The
1176 * return address (to the instruction after the CALL) will be stored onto the
1177 * Stack. See also RCALL. The Stack Pointer uses a post-decrement scheme during
1178 * CALL. This instruction is not available in all devices. Refer to the device
1179 * specific instruction set summary.
1180 */
1182 {
1185 }
1193 }
1195 /*
1196 * Indirect call of a subroutine pointed to by the Z (16 bits) Pointer
1197 * Register in the Register File and the EIND Register in the I/O space. This
1198 * instruction allows for indirect calls to the entire 4M (words) Program
1199 * memory space. See also ICALL. The Stack Pointer uses a post-decrement scheme
1200 * during EICALL. This instruction is not available in all devices. Refer to
1201 * the device specific instruction set summary.
1202 */
1204 {
1207 }
1214 }
1216 /*
1217 * Calls to a subroutine within the entire Program memory. The return
1218 * address (to the instruction after the CALL) will be stored onto the Stack.
1219 * (See also RCALL). The Stack Pointer uses a post-decrement scheme during
1220 * CALL. This instruction is not available in all devices. Refer to the device
1221 * specific instruction set summary.
1222 */
1224 {
1227 }
1236 }
1238 /*
1239 * Returns from subroutine. The return address is loaded from the STACK.
1240 * The Stack Pointer uses a preincrement scheme during RET.
1241 */
1243 {
1248 }
1250 /*
1251 * Returns from interrupt. The return address is loaded from the STACK and
1252 * the Global Interrupt Flag is set. Note that the Status Register is not
1253 * automatically stored when entering an interrupt routine, and it is not
1254 * restored when returning from an interrupt routine. This must be handled by
1255 * the application program. The Stack Pointer uses a pre-increment scheme
1256 * during RETI.
1257 */
1259 {
1263 /* Need to return to main loop to re-evaluate interrupts. */
1266 }
1268 /*
1269 * This instruction performs a compare between two registers Rd and Rr, and
1270 * skips the next instruction if Rd = Rr.
1271 */
1273 {
1278 }
1280 /*
1281 * This instruction performs a compare between two registers Rd and Rr.
1282 * None of the registers are changed. All conditional branches can be used
1283 * after this instruction.
1284 */
1286 {
1294 /* update status register */
1302 }
1304 /*
1305 * This instruction performs a compare between two registers Rd and Rr and
1306 * also takes into account the previous carry. None of the registers are
1307 * changed. All conditional branches can be used after this instruction.
1308 */
1310 {
1319 /* update status register */
1324 /*
1325 * Previous value remains unchanged when the result is zero;
1326 * cleared otherwise.
1327 */
1334 }
1336 /*
1337 * This instruction performs a compare between register Rd and a constant.
1338 * The register is not changed. All conditional branches can be used after this
1339 * instruction.
1340 */
1342 {
1351 /* update status register */
1360 }
1362 /*
1363 * This instruction tests a single bit in a register and skips the next
1364 * instruction if the bit is cleared.
1365 */
1367 {
1375 }
1377 /*
1378 * This instruction tests a single bit in a register and skips the next
1379 * instruction if the bit is set.
1380 */
1382 {
1390 }
1392 /*
1393 * This instruction tests a single bit in an I/O Register and skips the
1394 * next instruction if the bit is cleared. This instruction operates on the
1395 * lower 32 I/O Registers -- addresses 0-31.
1396 */
1398 {
1407 }
1409 /*
1410 * This instruction tests a single bit in an I/O Register and skips the
1411 * next instruction if the bit is set. This instruction operates on the lower
1412 * 32 I/O Registers -- addresses 0-31.
1413 */
1415 {
1424 }
1426 /*
1427 * Conditional relative branch. Tests a single bit in SREG and branches
1428 * relatively to PC if the bit is cleared. This instruction branches relatively
1429 * to PC in either direction (PC - 63 < = destination <= PC + 64). The
1430 * parameter k is the offset from PC and is represented in two's complement
1431 * form.
1432 */
1434 {
1437 TCGv var;
1466 }
1474 }
1476 /*
1477 * Conditional relative branch. Tests a single bit in SREG and branches
1478 * relatively to PC if the bit is set. This instruction branches relatively to
1479 * PC in either direction (PC - 63 < = destination <= PC + 64). The parameter k
1480 * is the offset from PC and is represented in two's complement form.
1481 */
1483 {
1486 TCGv var;
1515 }
1523 }
1525 /*
1526 * Data Transfer Instructions
1527 */
1529 /*
1530 * in the gen_set_addr & gen_get_addr functions
1531 * H assumed to be in 0x00ff0000 format
1532 * M assumed to be in 0x000000ff format
1533 * L assumed to be in 0x000000ff format
1534 */
1536 {
1544 }
1547 {
1549 }
1552 {
1554 }
1557 {
1559 }
1562 {
1569 }
1572 {
1574 }
1577 {
1579 }
1582 {
1584 }
1586 /*
1587 * Load one byte indirect from data space to register and stores an clear
1588 * the bits in data space specified by the register. The instruction can only
1589 * be used towards internal SRAM. The data location is pointed to by the Z (16
1590 * bits) Pointer Register in the Register File. Memory access is limited to the
1591 * current data segment of 64KB. To access another data segment in devices with
1592 * more than 64KB data space, the RAMPZ in register in the I/O area has to be
1593 * changed. The Z-pointer Register is left unchanged by the operation. This
1594 * instruction is especially suited for clearing status bits stored in SRAM.
1595 */
1597 {
1602 }
1603 }
1606 {
1611 }
1612 }
1614 /*
1615 * This instruction makes a copy of one register into another. The source
1616 * register Rr is left unchanged, while the destination register Rd is loaded
1617 * with a copy of Rr.
1618 */
1620 {
1627 }
1629 /*
1630 * This instruction makes a copy of one register pair into another register
1631 * pair. The source register pair Rr+1:Rr is left unchanged, while the
1632 * destination register pair Rd+1:Rd is loaded with a copy of Rr + 1:Rr. This
1633 * instruction is not available in all devices. Refer to the device specific
1634 * instruction set summary.
1635 */
1637 {
1640 }
1651 }
1653 /*
1654 * Loads an 8 bit constant directly to register 16 to 31.
1655 */
1657 {
1664 }
1666 /*
1667 * Loads one byte from the data space to a register. For parts with SRAM,
1668 * the data space consists of the Register File, I/O memory and internal SRAM
1669 * (and external SRAM if applicable). For parts without SRAM, the data space
1670 * consists of the register file only. The EEPROM has a separate address space.
1671 * A 16-bit address must be supplied. Memory access is limited to the current
1672 * data segment of 64KB. The LDS instruction uses the RAMPD Register to access
1673 * memory above 64KB. To access another data segment in devices with more than
1674 * 64KB data space, the RAMPD in register in the I/O area has to be changed.
1675 * This instruction is not available in all devices. Refer to the device
1676 * specific instruction set summary.
1677 */
1679 {
1694 }
1696 /*
1697 * Loads one byte indirect from the data space to a register. For parts
1698 * with SRAM, the data space consists of the Register File, I/O memory and
1699 * internal SRAM (and external SRAM if applicable). For parts without SRAM, the
1700 * data space consists of the Register File only. In some parts the Flash
1701 * Memory has been mapped to the data space and can be read using this command.
1702 * The EEPROM has a separate address space. The data location is pointed to by
1703 * the X (16 bits) Pointer Register in the Register File. Memory access is
1704 * limited to the current data segment of 64KB. To access another data segment
1705 * in devices with more than 64KB data space, the RAMPX in register in the I/O
1706 * area has to be changed. The X-pointer Register can either be left unchanged
1707 * by the operation, or it can be post-incremented or predecremented. These
1708 * features are especially suited for accessing arrays, tables, and Stack
1709 * Pointer usage of the X-pointer Register. Note that only the low byte of the
1710 * X-pointer is updated in devices with no more than 256 bytes data space. For
1711 * such devices, the high byte of the pointer is not used by this instruction
1712 * and can be used for other purposes. The RAMPX Register in the I/O area is
1713 * updated in parts with more than 64KB data space or more than 64KB Program
1714 * memory, and the increment/decrement is added to the entire 24-bit address on
1715 * such devices. Not all variants of this instruction is available in all
1716 * devices. Refer to the device specific instruction set summary. In the
1717 * Reduced Core tinyAVR the LD instruction can be used to achieve the same
1718 * operation as LPM since the program memory is mapped to the data memory
1719 * space.
1720 */
1722 {
1731 }
1734 {
1746 }
1749 {
1760 }
1762 /*
1763 * Loads one byte indirect with or without displacement from the data space
1764 * to a register. For parts with SRAM, the data space consists of the Register
1765 * File, I/O memory and internal SRAM (and external SRAM if applicable). For
1766 * parts without SRAM, the data space consists of the Register File only. In
1767 * some parts the Flash Memory has been mapped to the data space and can be
1768 * read using this command. The EEPROM has a separate address space. The data
1769 * location is pointed to by the Y (16 bits) Pointer Register in the Register
1770 * File. Memory access is limited to the current data segment of 64KB. To
1771 * access another data segment in devices with more than 64KB data space, the
1772 * RAMPY in register in the I/O area has to be changed. The Y-pointer Register
1773 * can either be left unchanged by the operation, or it can be post-incremented
1774 * or predecremented. These features are especially suited for accessing
1775 * arrays, tables, and Stack Pointer usage of the Y-pointer Register. Note that
1776 * only the low byte of the Y-pointer is updated in devices with no more than
1777 * 256 bytes data space. For such devices, the high byte of the pointer is not
1778 * used by this instruction and can be used for other purposes. The RAMPY
1779 * Register in the I/O area is updated in parts with more than 64KB data space
1780 * or more than 64KB Program memory, and the increment/decrement/displacement
1781 * is added to the entire 24-bit address on such devices. Not all variants of
1782 * this instruction is available in all devices. Refer to the device specific
1783 * instruction set summary. In the Reduced Core tinyAVR the LD instruction can
1784 * be used to achieve the same operation as LPM since the program memory is
1785 * mapped to the data memory space.
1786 */
1788 {
1800 }
1803 {
1814 }
1817 {
1827 }
1829 /*
1830 * Loads one byte indirect with or without displacement from the data space
1831 * to a register. For parts with SRAM, the data space consists of the Register
1832 * File, I/O memory and internal SRAM (and external SRAM if applicable). For
1833 * parts without SRAM, the data space consists of the Register File only. In
1834 * some parts the Flash Memory has been mapped to the data space and can be
1835 * read using this command. The EEPROM has a separate address space. The data
1836 * location is pointed to by the Z (16 bits) Pointer Register in the Register
1837 * File. Memory access is limited to the current data segment of 64KB. To
1838 * access another data segment in devices with more than 64KB data space, the
1839 * RAMPZ in register in the I/O area has to be changed. The Z-pointer Register
1840 * can either be left unchanged by the operation, or it can be post-incremented
1841 * or predecremented. These features are especially suited for Stack Pointer
1842 * usage of the Z-pointer Register, however because the Z-pointer Register can
1843 * be used for indirect subroutine calls, indirect jumps and table lookup, it
1844 * is often more convenient to use the X or Y-pointer as a dedicated Stack
1845 * Pointer. Note that only the low byte of the Z-pointer is updated in devices
1846 * with no more than 256 bytes data space. For such devices, the high byte of
1847 * the pointer is not used by this instruction and can be used for other
1848 * purposes. The RAMPZ Register in the I/O area is updated in parts with more
1849 * than 64KB data space or more than 64KB Program memory, and the
1850 * increment/decrement/displacement is added to the entire 24-bit address on
1851 * such devices. Not all variants of this instruction is available in all
1852 * devices. Refer to the device specific instruction set summary. In the
1853 * Reduced Core tinyAVR the LD instruction can be used to achieve the same
1854 * operation as LPM since the program memory is mapped to the data memory
1855 * space. For using the Z-pointer for table lookup in Program memory see the
1856 * LPM and ELPM instructions.
1857 */
1859 {
1871 }
1874 {
1886 }
1889 {
1899 }
1901 /*
1902 * Stores one byte from a Register to the data space. For parts with SRAM,
1903 * the data space consists of the Register File, I/O memory and internal SRAM
1904 * (and external SRAM if applicable). For parts without SRAM, the data space
1905 * consists of the Register File only. The EEPROM has a separate address space.
1906 * A 16-bit address must be supplied. Memory access is limited to the current
1907 * data segment of 64KB. The STS instruction uses the RAMPD Register to access
1908 * memory above 64KB. To access another data segment in devices with more than
1909 * 64KB data space, the RAMPD in register in the I/O area has to be changed.
1910 * This instruction is not available in all devices. Refer to the device
1911 * specific instruction set summary.
1912 */
1914 {
1928 }
1930 /*
1931 * Stores one byte indirect from a register to data space. For parts with SRAM,
1932 * the data space consists of the Register File, I/O memory, and internal SRAM
1933 * (and external SRAM if applicable). For parts without SRAM, the data space
1934 * consists of the Register File only. The EEPROM has a separate address space.
1935 *
1936 * The data location is pointed to by the X (16 bits) Pointer Register in the
1937 * Register File. Memory access is limited to the current data segment of 64KB.
1938 * To access another data segment in devices with more than 64KB data space, the
1939 * RAMPX in register in the I/O area has to be changed.
1940 *
1941 * The X-pointer Register can either be left unchanged by the operation, or it
1942 * can be post-incremented or pre-decremented. These features are especially
1943 * suited for accessing arrays, tables, and Stack Pointer usage of the
1944 * X-pointer Register. Note that only the low byte of the X-pointer is updated
1945 * in devices with no more than 256 bytes data space. For such devices, the high
1946 * byte of the pointer is not used by this instruction and can be used for other
1947 * purposes. The RAMPX Register in the I/O area is updated in parts with more
1948 * than 64KB data space or more than 64KB Program memory, and the increment /
1949 * decrement is added to the entire 24-bit address on such devices.
1950 */
1952 {
1961 }
1964 {
1975 }
1978 {
1989 }
1991 /*
1992 * Stores one byte indirect with or without displacement from a register to data
1993 * space. For parts with SRAM, the data space consists of the Register File, I/O
1994 * memory, and internal SRAM (and external SRAM if applicable). For parts
1995 * without SRAM, the data space consists of the Register File only. The EEPROM
1996 * has a separate address space.
1997 *
1998 * The data location is pointed to by the Y (16 bits) Pointer Register in the
1999 * Register File. Memory access is limited to the current data segment of 64KB.
2000 * To access another data segment in devices with more than 64KB data space, the
2001 * RAMPY in register in the I/O area has to be changed.
2002 *
2003 * The Y-pointer Register can either be left unchanged by the operation, or it
2004 * can be post-incremented or pre-decremented. These features are especially
2005 * suited for accessing arrays, tables, and Stack Pointer usage of the Y-pointer
2006 * Register. Note that only the low byte of the Y-pointer is updated in devices
2007 * with no more than 256 bytes data space. For such devices, the high byte of
2008 * the pointer is not used by this instruction and can be used for other
2009 * purposes. The RAMPY Register in the I/O area is updated in parts with more
2010 * than 64KB data space or more than 64KB Program memory, and the increment /
2011 * decrement / displacement is added to the entire 24-bit address on such
2012 * devices.
2013 */
2015 {
2026 }
2029 {
2040 }
2043 {
2053 }
2055 /*
2056 * Stores one byte indirect with or without displacement from a register to data
2057 * space. For parts with SRAM, the data space consists of the Register File, I/O
2058 * memory, and internal SRAM (and external SRAM if applicable). For parts
2059 * without SRAM, the data space consists of the Register File only. The EEPROM
2060 * has a separate address space.
2061 *
2062 * The data location is pointed to by the Y (16 bits) Pointer Register in the
2063 * Register File. Memory access is limited to the current data segment of 64KB.
2064 * To access another data segment in devices with more than 64KB data space, the
2065 * RAMPY in register in the I/O area has to be changed.
2066 *
2067 * The Y-pointer Register can either be left unchanged by the operation, or it
2068 * can be post-incremented or pre-decremented. These features are especially
2069 * suited for accessing arrays, tables, and Stack Pointer usage of the Y-pointer
2070 * Register. Note that only the low byte of the Y-pointer is updated in devices
2071 * with no more than 256 bytes data space. For such devices, the high byte of
2072 * the pointer is not used by this instruction and can be used for other
2073 * purposes. The RAMPY Register in the I/O area is updated in parts with more
2074 * than 64KB data space or more than 64KB Program memory, and the increment /
2075 * decrement / displacement is added to the entire 24-bit address on such
2076 * devices.
2077 */
2079 {
2091 }
2094 {
2106 }
2109 {
2119 }
2121 /*
2122 * Loads one byte pointed to by the Z-register into the destination
2123 * register Rd. This instruction features a 100% space effective constant
2124 * initialization or constant data fetch. The Program memory is organized in
2125 * 16-bit words while the Z-pointer is a byte address. Thus, the least
2126 * significant bit of the Z-pointer selects either low byte (ZLSB = 0) or high
2127 * byte (ZLSB = 1). This instruction can address the first 64KB (32K words) of
2128 * Program memory. The Zpointer Register can either be left unchanged by the
2129 * operation, or it can be incremented. The incrementation does not apply to
2130 * the RAMPZ Register.
2131 *
2132 * Devices with Self-Programming capability can use the LPM instruction to read
2133 * the Fuse and Lock bit values.
2134 */
2136 {
2139 }
2153 }
2156 {
2159 }
2173 }
2176 {
2179 }
2197 }
2199 /*
2200 * Loads one byte pointed to by the Z-register and the RAMPZ Register in
2201 * the I/O space, and places this byte in the destination register Rd. This
2202 * instruction features a 100% space effective constant initialization or
2203 * constant data fetch. The Program memory is organized in 16-bit words while
2204 * the Z-pointer is a byte address. Thus, the least significant bit of the
2205 * Z-pointer selects either low byte (ZLSB = 0) or high byte (ZLSB = 1). This
2206 * instruction can address the entire Program memory space. The Z-pointer
2207 * Register can either be left unchanged by the operation, or it can be
2208 * incremented. The incrementation applies to the entire 24-bit concatenation
2209 * of the RAMPZ and Z-pointer Registers.
2210 *
2211 * Devices with Self-Programming capability can use the ELPM instruction to
2212 * read the Fuse and Lock bit value.
2213 */
2215 {
2218 }
2228 }
2231 {
2234 }
2244 }
2247 {
2250 }
2262 }
2264 /*
2265 * SPM can be used to erase a page in the Program memory, to write a page
2266 * in the Program memory (that is already erased), and to set Boot Loader Lock
2267 * bits. In some devices, the Program memory can be written one word at a time,
2268 * in other devices an entire page can be programmed simultaneously after first
2269 * filling a temporary page buffer. In all cases, the Program memory must be
2270 * erased one page at a time. When erasing the Program memory, the RAMPZ and
2271 * Z-register are used as page address. When writing the Program memory, the
2272 * RAMPZ and Z-register are used as page or word address, and the R1:R0
2273 * register pair is used as data(1). When setting the Boot Loader Lock bits,
2274 * the R1:R0 register pair is used as data. Refer to the device documentation
2275 * for detailed description of SPM usage. This instruction can address the
2276 * entire Program memory.
2277 *
2278 * The SPM instruction is not available in all devices. Refer to the device
2279 * specific instruction set summary.
2280 *
2281 * Note: 1. R1 determines the instruction high byte, and R0 determines the
2282 * instruction low byte.
2283 */
2285 {
2286 /* TODO */
2289 }
2292 }
2295 {
2296 /* TODO */
2299 }
2302 }
2304 /*
2305 * Loads data from the I/O Space (Ports, Timers, Configuration Registers,
2306 * etc.) into register Rd in the Register File.
2307 */
2309 {
2318 }
2320 /*
2321 * Stores data from register Rr in the Register File to I/O Space (Ports,
2322 * Timers, Configuration Registers, etc.).
2323 */
2325 {
2334 }
2336 /*
2337 * This instruction stores the contents of register Rr on the STACK. The
2338 * Stack Pointer is post-decremented by 1 after the PUSH. This instruction is
2339 * not available in all devices. Refer to the device specific instruction set
2340 * summary.
2341 */
2343 {
2350 }
2352 /*
2353 * This instruction loads register Rd with a byte from the STACK. The Stack
2354 * Pointer is pre-incremented by 1 before the POP. This instruction is not
2355 * available in all devices. Refer to the device specific instruction set
2356 * summary.
2357 */
2359 {
2360 /*
2361 * Using a temp to work around some strange behaviour:
2362 * tcg_gen_addi_tl(cpu_sp, cpu_sp, 1);
2363 * gen_data_load(ctx, Rd, cpu_sp);
2364 * seems to cause the add to happen twice.
2365 * This doesn't happen if either the add or the load is removed.
2366 */
2375 }
2377 /*
2378 * Exchanges one byte indirect between register and data space. The data
2379 * location is pointed to by the Z (16 bits) Pointer Register in the Register
2380 * File. Memory access is limited to the current data segment of 64KB. To
2381 * access another data segment in devices with more than 64KB data space, the
2382 * RAMPZ in register in the I/O area has to be changed.
2383 *
2384 * The Z-pointer Register is left unchanged by the operation. This instruction
2385 * is especially suited for writing/reading status bits stored in SRAM.
2386 */
2388 {
2391 }
2405 }
2407 /*
2408 * Load one byte indirect from data space to register and set bits in data
2409 * space specified by the register. The instruction can only be used towards
2410 * internal SRAM. The data location is pointed to by the Z (16 bits) Pointer
2411 * Register in the Register File. Memory access is limited to the current data
2412 * segment of 64KB. To access another data segment in devices with more than
2413 * 64KB data space, the RAMPZ in register in the I/O area has to be changed.
2414 *
2415 * The Z-pointer Register is left unchanged by the operation. This instruction
2416 * is especially suited for setting status bits stored in SRAM.
2417 */
2419 {
2422 }
2439 }
2441 /*
2442 * Load one byte indirect from data space to register and stores and clear
2443 * the bits in data space specified by the register. The instruction can
2444 * only be used towards internal SRAM. The data location is pointed to by
2445 * the Z (16 bits) Pointer Register in the Register File. Memory access is
2446 * limited to the current data segment of 64KB. To access another data
2447 * segment in devices with more than 64KB data space, the RAMPZ in register
2448 * in the I/O area has to be changed.
2449 *
2450 * The Z-pointer Register is left unchanged by the operation. This instruction
2451 * is especially suited for clearing status bits stored in SRAM.
2452 */
2454 {
2457 }
2474 }
2477 /*
2478 * Load one byte indirect from data space to register and toggles bits in
2479 * the data space specified by the register. The instruction can only be used
2480 * towards SRAM. The data location is pointed to by the Z (16 bits) Pointer
2481 * Register in the Register File. Memory access is limited to the current data
2482 * segment of 64KB. To access another data segment in devices with more than
2483 * 64KB data space, the RAMPZ in register in the I/O area has to be changed.
2484 *
2485 * The Z-pointer Register is left unchanged by the operation. This instruction
2486 * is especially suited for changing status bits stored in SRAM.
2487 */
2489 {
2492 }
2509 }
2511 /*
2512 * Bit and Bit-test Instructions
2513 */
2515 {
2520 }
2522 /*
2523 * Shifts all bits in Rd one place to the right. Bit 7 is cleared. Bit 0 is
2524 * loaded into the C Flag of the SREG. This operation effectively divides an
2525 * unsigned value by two. The C Flag can be used to round the result.
2526 */
2528 {
2534 /* update status register */
2541 }
2543 /*
2544 * Shifts all bits in Rd one place to the right. The C Flag is shifted into
2545 * bit 7 of Rd. Bit 0 is shifted into the C Flag. This operation, combined
2546 * with ASR, effectively divides multi-byte signed values by two. Combined with
2547 * LSR it effectively divides multi-byte unsigned values by two. The Carry Flag
2548 * can be used to round the result.
2549 */
2551 {
2557 /* update status register */
2560 /* update output register */
2564 /* update status register */
2570 }
2572 /*
2573 * Shifts all bits in Rd one place to the right. Bit 7 is held constant. Bit 0
2574 * is loaded into the C Flag of the SREG. This operation effectively divides a
2575 * signed value by two without changing its sign. The Carry Flag can be used to
2576 * round the result.
2577 */
2579 {
2583 /* update status register */
2586 /* update output register */
2591 /* update status register */
2597 }
2599 /*
2600 * Swaps high and low nibbles in a register.
2601 */
2603 {
2618 }
2620 /*
2621 * Sets a specified bit in an I/O Register. This instruction operates on
2622 * the lower 32 I/O Registers -- addresses 0-31.
2623 */
2625 {
2637 }
2639 /*
2640 * Clears a specified bit in an I/O Register. This instruction operates on
2641 * the lower 32 I/O Registers -- addresses 0-31.
2642 */
2644 {
2656 }
2658 /*
2659 * Stores bit b from Rd to the T Flag in SREG (Status Register).
2660 */
2662 {
2669 }
2671 /*
2672 * Copies the T Flag in the SREG (Status Register) to bit b in register Rd.
2673 */
2675 {
2686 }
2688 /*
2689 * Sets a single Flag or bit in SREG.
2690 */
2692 {
2718 }
2721 }
2723 /*
2724 * Clears a single Flag in SREG.
2725 */
2727 {
2753 }
2756 }
2758 /*
2759 * MCU Control Instructions
2760 */
2762 /*
2763 * The BREAK instruction is used by the On-chip Debug system, and is
2764 * normally not used in the application software. When the BREAK instruction is
2765 * executed, the AVR CPU is set in the Stopped Mode. This gives the On-chip
2766 * Debugger access to internal resources. If any Lock bits are set, or either
2767 * the JTAGEN or OCDEN Fuses are unprogrammed, the CPU will treat the BREAK
2768 * instruction as a NOP and will not enter the Stopped mode. This instruction
2769 * is not available in all devices. Refer to the device specific instruction
2770 * set summary.
2771 */
2773 {
2776 }
2778 #ifdef BREAKPOINT_ON_BREAK
2782 #else
2783 /* NOP */
2784 #endif
2787 }
2789 /*
2790 * This instruction performs a single cycle No Operation.
2791 */
2793 {
2795 /* NOP */
2798 }
2800 /*
2801 * This instruction sets the circuit in sleep mode defined by the MCU
2802 * Control Register.
2803 */
2805 {
2809 }
2811 /*
2812 * This instruction resets the Watchdog Timer. This instruction must be
2813 * executed within a limited time given by the WD prescaler. See the Watchdog
2814 * Timer hardware specification.
2815 */
2817 {
2821 }
2823 /*
2824 * Core translation mechanism functions:
2825 *
2826 * - translate()
2827 * - canonicalize_skip()
2828 * - gen_intermediate_code()
2829 * - restore_state_to_opc()
2830 *
2831 */
2833 {
2839 }
2840 }
2842 /* Standardize the cpu_skip condition to NE. */
2844 {
2847 /* Normal case: cpu_skip is known to be false. */
2851 /*
2852 * Breakpoint case: cpu_skip is known to be true, via TB_FLAGS_SKIP.
2853 * The breakpoint is on the instruction being skipped, at the start
2854 * of the TranslationBlock. No need to update.
2855 */
2864 }
2868 /* Convert to a NE condition vs 0. */
2875 }
2878 }
2881 }
2884 {
2897 }
2900 /*
2901 * This flag is set by ST/LD instruction we will regenerate it ONLY
2902 * with mem/cpu memory access instead of mem access
2903 */
2905 }
2906 }
2909 {
2910 }
2913 {
2917 }
2920 {
2924 /* Conditionally skip the next instruction, if indicated. */
2928 /*
2929 * Copy cpu_skip so that we may zero it before the branch.
2930 * This ensures that cpu_skip is non-zero after the label
2931 * if and only if the skipped insn itself sets a skip.
2932 */
2936 }
2943 }
2946 }
2963 }
2967 }
2968 }
2975 }
2976 }
2977 }
2980 {
2983 /*
2984 * Because we disable interrupts while env->skip is set,
2985 * we must return to the main loop to re-evaluate afterward.
2986 */
2997 /* Note gen_goto_tb checks singlestep. */
3000 }
3002 /* fall through */
3007 }
3008 /* fall through */
3014 }
3015 }
3019 {
3022 }
3031 };
3035 {
3036 DisasContext dc = { };
3038 }