path: root/target-arm/translate.c
AgeCommit message (Collapse)Author
2015-05-29target-arm: Avoid buffer overrun on UNPREDICTABLE ldrd/strdpull-target-arm-20150529Peter Maydell
A LDRD or STRD where rd is not an even number is UNPREDICTABLE. We were letting this fall through, which is OK unless rd is 15, in which case we would attempt to do a load_reg or store_reg to a nonexistent r16 for the second half of the double-word. Catch the odd-numbered-rd cases and UNDEF them instead. To do this we rearrange the structure of the code a little so we can put the UNDEF catches at the top before we've allocated TCG temporaries. Cc: qemu-stable@nongnu.org Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Message-id: 1431348973-21315-1-git-send-email-peter.maydell@linaro.org
2015-05-29target-arm: Don't halt on WFI unless we don't have any workPeter Maydell
Just NOP the WFI instruction if we have work to do. This doesn't make much difference currently (though it does avoid jumping out to the top level loop and immediately restarting), but the distinction between "halt" and "don't halt" will become more important when the decision to halt requires us to trap to a higher exception level instead. Suggested-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com> Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com>
2015-05-29target-arm: Extend FP checks to use an ELGreg Bellows
Extend the ARM disassemble context to take a target exception EL instead of a boolean enable. This change reverses the polarity of the check making a value of 0 indicate floating point enabled (no exception). Signed-off-by: Greg Bellows <greg.bellows@linaro.org> [PMM: Use a common TB flag field for AArch32 and AArch64; CPTR_EL2 exists in v7; CPTR_EL2 should trap for EL2 accesses; CPTR_EL2 should not trap for secure accesses; CPTR_EL3 should trap for EL3 accesses; CPACR traps for secure accesses should trap to EL3 if EL3 is AArch32] Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com>
2015-05-29target-arm: Add exception target el infrastructureGreg Bellows
Add a CPU state exception target EL field that will be used for communicating the EL to which an exception should be routed. Add a disassembly context field for tracking the EL3 architecture needed for determining the target exception EL. Add a target EL argument to the generic exception helper for callers to specify the EL to which the exception should be routed. Extended the helper to set the newly added CPU state exception target el. Added a function for setting the target exception EL and updated calls to helpers to call it. Signed-off-by: Greg Bellows <greg.bellows@linaro.org> Acked-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com> Message-id: 1429722561-12651-2-git-send-email-greg.bellows@linaro.org Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2015-03-16target-arm: Fix handling of STM (user) with r15 in register listPeter Maydell
The A32 encoding of LDM distinguishes LDM (user) from LDM (exception return) based on whether r15 is in the register list. However for STM (user) there is no equivalent distinction. We were incorrectly treating "r15 in list" as indicating exception return for both LDM and STM, with the result that an STM (user) involving r15 went into an infinite loop. Fix this; note that the value stored for r15 in this case is the current PC regardless of our current mode. Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Message-id: 1426015125-5521-1-git-send-email-peter.maydell@linaro.org
2015-03-13tcg: Change translator-side labels to a pointerRichard Henderson
This is improved type checking for the translators -- it's no longer possible to accidentally swap arguments to the branch functions. Note that the code generating backends still manipulate labels as int. With notable exceptions, the scope of the change is just a few lines for each target, so it's not worth building extra machinery to do this change in per-target increments. Cc: Peter Maydell <peter.maydell@linaro.org> Cc: Edgar E. Iglesias <edgar.iglesias@gmail.com> Cc: Michael Walle <michael@walle.cc> Cc: Leon Alrae <leon.alrae@imgtec.com> Cc: Anthony Green <green@moxielogic.com> Cc: Jia Liu <proljc@gmail.com> Cc: Alexander Graf <agraf@suse.de> Cc: Aurelien Jarno <aurelien@aurel32.net> Cc: Blue Swirl <blauwirbel@gmail.com> Cc: Guan Xuetao <gxt@mprc.pku.edu.cn> Cc: Paolo Bonzini <pbonzini@redhat.com> Cc: Max Filippov <jcmvbkbc@gmail.com> Reviewed-by: Bastian Koppelmann <kbastian@mail.uni-paderborn.de> Signed-off-by: Richard Henderson <rth@twiddle.net>
2015-02-12tcg: Introduce tcg_op_buf_count and tcg_op_buf_fullRichard Henderson
The method by which we count the number of ops emitted is going to change. Abstract that away into some inlines. Reviewed-by: Bastian Koppelmann <kbastian@mail.uni-paderborn.de> Signed-off-by: Richard Henderson <rth@twiddle.net>
2015-02-12tcg: Move emit of INDEX_op_end into gen_tb_endRichard Henderson
Reviewed-by: Bastian Koppelmann <kbastian@mail.uni-paderborn.de> Signed-off-by: Richard Henderson <rth@twiddle.net>
2015-02-05target-arm: Use correct mmu_idx for unprivileged loads and storesPeter Maydell
The MMU index to use for unprivileged loads and stores is more complicated than we currently implement: * for A64, it should be "if at EL1, access as if EL0; otherwise access at current EL" * for A32/T32, it should be "if EL2, UNPREDICTABLE; otherwise access as if at EL0". In both cases, if we want to make the access for Secure EL0 this is not the same mmu_idx as for Non-Secure EL0. Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Greg Bellows <greg.bellows@linaro.org>
2015-02-05target-arm: Define correct mmu_idx values and pass them in TB flagsPeter Maydell
We currently claim that for ARM the mmu_idx should simply be the current exception level. However this isn't actually correct -- secure EL0 and EL1 should have separate indexes from non-secure EL0 and EL1 since their VA->PA mappings may differ. We also will want an index for stage 2 translations when we properly support EL2. Define and document all seven mmu index values that we require, and pass the mmu index in the TB flags rather than exception level or priv/user bit. This change doesn't update the get_phys_addr() code, so our page table walking still assumes a simplistic "user or priv?" model for the moment. Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Greg Bellows <greg.bellows@linaro.org> --- This leaves some odd gaps in the TB flags usage. I will circle back and clean this up later (including moving the other common flags like the singlestep ones to the top of the flags word), but I didn't want to bloat this patchseries further.
2015-02-05target-arm: check that LSB <= MSB in BFI instructionKirill Batuzov
The documentation states that if LSB > MSB in BFI instruction behaviour is unpredictable. Currently QEMU crashes because of assertion failure in this case: tcg/tcg-op.h:2061: tcg_gen_deposit_i32: Assertion `len <= 32' failed. While assertion failure may meet the "unpredictable" definition this behaviour is undesirable because it allows an unprivileged guest program to crash the emulator with the OS and other programs. This patch addresses the issue by throwing illegal instruction exception if LSB > MSB. Only ARM decoder is affected because Thumb decoder already has this check in place. To reproduce issue run the following program int main(void) { asm volatile (".long 0x07c00c12" :: ); return 0; } compiled with gcc -marm -static badop_arm.c -o badop_arm Signed-off-by: Kirill Batuzov <batuzovk@ispras.ru> Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2015-01-03gen-icount: check cflags instead of use_icount globalPaolo Bonzini
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com> Signed-off-by: Pavel Dovgalyuk <pavel.dovgaluk@ispras.ru> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2015-01-03translate: check cflags instead of use_icount globalPaolo Bonzini
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com> Signed-off-by: Pavel Dovgalyuk <pavel.dovgaluk@ispras.ru> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2014-12-11target-arm: add secure state bit to CPREG hashPeter Maydell
Added additional NS-bit to CPREG hash encoding. Updated hash lookup locations to specify hash bit currently set to non-secure. Signed-off-by: Greg Bellows <greg.bellows@linaro.org> Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Message-id: 1416242878-876-7-git-send-email-greg.bellows@linaro.org [PMM: fix uses of ENCODE_CP_REG in kvm32.c to add extra argument] Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2014-12-11target-arm: add non-secure Translation Block flagSergey Fedorov
This patch is based on idea found in patch at git://github.com/jowinter/qemu-trustzone.git f3d955c6c0ed8c46bc0eb10b634201032a651dd2 by Johannes Winter <johannes.winter@iaik.tugraz.at>. The TBFLAG captures the SCR NS secure state at the time when a TB is created so the correct bank is accessed on system register accesses. Signed-off-by: Sergey Fedorov <s.fedorov@samsung.com> Signed-off-by: Fabian Aggeler <aggelerf@ethz.ch> Signed-off-by: Greg Bellows <greg.bellows@linaro.org> Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Message-id: 1416242878-876-5-git-send-email-greg.bellows@linaro.org Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2014-11-04target-arm/translate.c: Don't pass CPUARMState * to disas_arm_insn()Peter Maydell
Refactor to avoid passing a CPUARMState * to disas_arm_insn(). To do this we move the "read insn from memory" code to the callsite and pass the insn to the function instead. Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Alex Bennée <alex.bennee@linaro.org> Message-id: 1414524244-20316-6-git-send-email-peter.maydell@linaro.org Reviewed-by: Claudio Fontana <claudio.fontana@huawei.com>
2014-11-04target-arm/translate.c: Don't pass CPUARMState around in the decoderPeter Maydell
Passing the CPUARMState around in the decoder is a recipe for bugs where we accidentally generate code that depends on CPU state which isn't reflected in the TB flags. Stop doing this and instead use DisasContext as a way to pass around those bits of CPU state which are known to be safe to use. This commit simply removes initial "CPUARMState *env" parameters from various function definitions, and removes the initial "env" argument from the places where those functions are called. Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Alex Bennée <alex.bennee@linaro.org> Message-id: 1414524244-20316-5-git-send-email-peter.maydell@linaro.org Reviewed-by: Claudio Fontana <claudio.fontana@huawei.com>
2014-11-04target-arm/translate.c: Don't use IS_M()Peter Maydell
Instead of using IS_M(), use arm_dc_feature(s, ARM_FEATURE_M), so we don't need to pass CPUARMState pointers around the decoder. Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Alex Bennée <alex.bennee@linaro.org> Message-id: 1414524244-20316-4-git-send-email-peter.maydell@linaro.org Reviewed-by: Claudio Fontana <claudio.fontana@huawei.com>
2014-11-04target-arm/translate.c: Use arm_dc_feature() rather than arm_feature()Peter Maydell
Use arm_dc_feature() rather than arm_feature() to avoid using CPUARMState unnecessarily. Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Alex Bennée <alex.bennee@linaro.org> Message-id: 1414524244-20316-3-git-send-email-peter.maydell@linaro.org Reviewed-by: Claudio Fontana <claudio.fontana@huawei.com>
2014-11-04target-arm/translate.c: Use arm_dc_feature() in ENABLE_ARCH_ macrosPeter Maydell
All the places where we use the ENABLE_ARCH_* and ARCH() macros have a DisasContext* s, so switch them over to use arm_dc_feature() rather than arm_feature() so we don't need to pass the CPUARMState* env around too. Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Alex Bennée <alex.bennee@linaro.org> Message-id: 1414524244-20316-2-git-send-email-peter.maydell@linaro.org Reviewed-by: Claudio Fontana <claudio.fontana@huawei.com>
2014-10-24target-arm: rename arm_current_pl to arm_current_elGreg Bellows
Renamed the arm_current_pl CPU function to more accurately represent that it returns the ARMv8 EL rather than ARMv7 PL. Signed-off-by: Greg Bellows <greg.bellows@linaro.org> Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Message-id: 1413910544-20150-5-git-send-email-greg.bellows@linaro.org [PMM: fixed a minor merge resolution error in a couple of hunks] Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2014-10-24target-arm: correctly UNDEF writes to FPINST/FPINST2 from EL0Peter Maydell
The ARM ARM requires that the FPINST and FPINST2 VFP control registers are not accessible to code at EL0. We were already correctly implementing this for reads of these registers; add the missing check for the write code path. Reported-by: Laurent Desnogues <laurent.desnogues@gmail.com> Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Laurent Desnogues <laurent.desnogues@gmail.com> Message-id: 1412967447-20931-1-git-send-email-peter.maydell@linaro.org
2014-10-24target-arm: Add support for A32 and T32 HVC and SMC insnsPeter Maydell
Add support for HVC and SMC instructions to the A32 and T32 decoder. Using these for real exceptions to EL2 or EL3 is currently not supported (the do_interrupt routine does not handle them) but we require the instruction support to implement PSCI. Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Message-id: 1412865028-17725-6-git-send-email-peter.maydell@linaro.org
2014-09-29target-arm: Don't handle c15_cpar changes via tb_flush()Peter Maydell
At the moment we try to handle c15_cpar with the strategy of: * emit generated code which makes assumptions about its value * when the register value changes call tb_flush() to throw away the now-invalid generated code This works because XScale CPUs are always uniprocessor, but it's confusing because it suggests that the same approach can be taken for other registers. It also means we do a tb_flush() on CPU reset, which makes multithreaded linux-user binaries even more likely to fail than would otherwise be the case. Replace it with a combination of TB flags for the access checks done on cp0/cp1 for the XScale and iwMMXt instructions, plus a runtime check for cp2..cp13 coprocessor accesses. Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Message-id: 1411056959-23070-1-git-send-email-peter.maydell@linaro.org
2014-08-19target-arm: Implement ARMv8 single-stepping for AArch32 codePeter Maydell
ARMv8 single-stepping requires the exception level that controls the single-stepping to be in AArch64 execution state, but the code being stepped may be in AArch64 or AArch32. Implement the necessary support code for single-stepping AArch32 code. Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com>
2014-08-19target-arm: Don't allow AArch32 to access RES0 CPSR bitsPeter Maydell
The CPSR has a new-in-v8 execution state bit (IL), and also some state which has effects in AArch32 but appears only in the SPSR format (SS) but is RES0 in the CPSR. Add the IL bit to CPSR_EXEC, and enforce that guest direct reads and writes to CPSR can't read or write the RES0 bits, so the guest can't get at the SS bit which we store in uncached_cpsr. This includes not permitting exception returns to copy reserved bits from an SPSR into CPSR. Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com>
2014-08-12trace: [tcg] Include TCG-tracing header on all targetsLluís Vilanova
Signed-off-by: Lluís Vilanova <vilanova@ac.upc.edu> Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2014-06-09target-arm: Delete unused iwmmxt_msadb helperpull-target-arm-20140609-1Peter Maydell
The iwmmxt_msadb helper and its corresponding gen function are unused; delete them. (This function appears to have never been used right back to the initial implementation of iwMMXt; it is identical to iwmmxt_madduq, and is presumably an accidental remnant from the initial development.) Reviewed-by: Peter Crosthwaite <peter.crosthwaite@xilinx.com> Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Message-id: 1401822125-1822-1-git-send-email-peter.maydell@linaro.org
2014-06-09target-arm: A32/T32: Mask CRC value in calling code, not helperPeter Maydell
Bring the 32-bit CRC helper functions into line with the A64 ones, by masking the high bytes of the value in the calling code rather than the helper. This is more efficient since we can determine the mask at translation time. Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Message-id: 1401458125-27977-7-git-send-email-peter.maydell@linaro.org
2014-06-09target-arm: add support for v8 VMULL.P64 instructionPeter Maydell
Add support for the VMULL.P64 polynomial 64x64 to 128 bit multiplication instruction in the A32/T32 instruction sets; this is part of the v8 Crypto Extensions. To do this we have to move the neon_pmull_64_{lo,hi} helpers from helper-a64.c into neon_helper.c so they can be used by the AArch32 translator. Inspired-by: Ard Biesheuvel <ard.biesheuvel@linaro.org> Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Message-id: 1401386724-26529-4-git-send-email-peter.maydell@linaro.org
2014-06-09target-arm: Allow 3reg_wide undefreq to encode more bad size optionsPeter Maydell
The current undefreq field in the neon_3reg_wide handling allows us to encode "UNDEF if size != 0" and "UNDEF if size == 0". This is no longer sufficient with the advent of 64-bit polynomial VMULL, which means we want to UNDEF if size == 1. Change the undefreq encoding to use separate bits for all of "UNDEF if size == 0", "UNDEF if size == 1" and "UNDEF if size == 2". Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Message-id: 1401386724-26529-3-git-send-email-peter.maydell@linaro.org
2014-06-09target-arm: add support for v8 SHA1 and SHA256 instructionsArd Biesheuvel
This adds support for the SHA1 and SHA256 instructions that are available on some v8 implementations of Aarch32. Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org> Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Message-id: 1401386724-26529-2-git-send-email-peter.maydell@linaro.org [PMM: * rebase * fix bad indent * add a missing UNDEF check for Q!=1 in the 3-reg SHA1/SHA256 case * use g_assert_not_reached() * don't re-extract bit 6 for the 2-reg-misc encodings * set the ELF HWCAP2 bits for the new features ] Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2014-06-05target-arm: move arm_*_code to a separate filePaolo Bonzini
These will soon require cpu_ldst.h, so move them out of cpu.h. Reviewed-by: Richard Henderson <rth@twiddle.net> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2014-05-28tcg: Invert the inclusion of helper.hRichard Henderson
Rather than include helper.h with N values of GEN_HELPER, include a secondary file that sets up the macros to include helper.h. This minimizes the files that must be rebuilt when changing the macros for file N. Reviewed-by: Alex Bennée <alex.bennee@linaro.org> Signed-off-by: Richard Henderson <rth@twiddle.net>
2014-05-27target-arm: Add SPSR entries for EL2/HYP and EL3/MONEdgar E. Iglesias
Reviewed-by: Peter Crosthwaite <peter.crosthwaite@xilinx.com> Signed-off-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com> Message-id: 1400980132-25949-12-git-send-email-edgar.iglesias@gmail.com Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2014-05-27target-arm: A32: Use get_mem_index for load/storesEdgar E. Iglesias
Avoid using IS_USER directly as the MMU-idx to simplify future changes to the MMU layout. Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com> Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Message-id: 1400980132-25949-5-git-send-email-edgar.iglesias@gmail.com Message-id: 1400805738-11889-6-git-send-email-edgar.iglesias@gmail.com [PMM: parts relating to LDRT/STRT moved into earlier patches] Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2014-05-27target-arm/translate.c: Use get_mem_index() for SRS memory accessesPeter Maydell
The SRS instruction was using a hardcoded 0 for the memory accesses. This happens to be OK since the SRS instruction is UNPREDICTABLE in User and System modes, but is awkward if we want to rearrange the MMU index uses. Switch to using get_mem_index() like all the other accesses. Reviewed-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com> Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Message-id: 1400980132-25949-4-git-send-email-edgar.iglesias@gmail.com
2014-05-27target-arm/translate.c: Clean up mmu index handling for ldrt/strtPeter Maydell
Clean up the mmu index handling for ldrt/strt insns: instead of a flag 'user' indicating whether to treat the store as user mode or not, use 'memidx' to indicate the correct memory index to use. Reviewed-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com> Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Message-id: 1400980132-25949-3-git-send-email-edgar.iglesias@gmail.com
2014-04-17arm: translate.c: Fix smlald InstructionPeter Crosthwaite
The smlald (and probably smlsld) instruction was doing incorrect sign extensions of the operands amongst 64bit result calculation. The instruction psuedo-code is: operand2 = if m_swap then ROR(R[m],16) else R[m]; product1 = SInt(R[n]<15:0>) * SInt(operand2<15:0>); product2 = SInt(R[n]<31:16>) * SInt(operand2<31:16>); result = product1 + product2 + SInt(R[dHi]:R[dLo]); R[dHi] = result<63:32>; R[dLo] = result<31:0>; The result calculation should be done in 64 bit arithmetic, and hence product1 and product2 should be sign extended to 64b before calculation. The current implementation was adding product1 and product2 together then sign-extending the intermediate result leading to false negatives. E.G. if product1 = product2 = 0x4000000, their sum = 0x80000000, which will be incorrectly interpreted as -ve on sign extension. We fix by doing the 64b extensions on both product1 and product2 before any addition/subtraction happens. We also fix where we were possibly incorrectly setting the Q saturation flag for SMLSLD, which the ARM ARM specifically says is not set. Reported-by: Christina Smith <christina.smith@xilinx.com> Signed-off-by: Peter Crosthwaite <peter.crosthwaite@xilinx.com> Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Message-id: 2cddb6f5a15be4ab8d2160f3499d128ae93d304d.1397704570.git.peter.crosthwaite@xilinx.com Cc: qemu-stable@nongnu.org Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2014-04-17target-arm: Dump 32-bit CPU state if 64 bit CPU is in AArch32Peter Maydell
For system mode, we may have a 64 bit CPU which is currently executing in AArch32 state; if we're dumping CPU state to the logs we should therefore show the correct state for the current execution state, rather than hardwiring it based on the type of the CPU. For consistency with how we handle translation, we leave the 32 bit dump function as the default, and have it hand off control to the 64 bit dump code if we're in AArch64 mode. Reported-by: Rob Herring <rob.herring@linaro.org> Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2014-04-17target-arm: Implement ARMv8 MVFR registersPeter Maydell
For ARMv8 there are two changes to the MVFR media feature registers: * there is a new MVFR2 which is accessible from 32 bit code * 64 bit code accesses these via the usual sysreg instructions rather than with a floating-point specific instruction Implement this. Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Peter Crosthwaite <peter.crosthwaite@xilinx.com>
2014-04-17target-arm: Fix VFP enables for AArch32 EL0 under AArch64 EL1Peter Maydell
The current A32/T32 decoder bases its "is VFP/Neon enabled?" check on the FPSCR.EN bit. This is correct if EL1 is AArch32, but for an AArch64 EL1 the logic is different: it must act as if FPSCR.EN is always set. Instead, trapping must happen according to CPACR bits for cp10/cp11; these cover all of FP/Neon, including the FPSCR/FPSID/MVFR register accesses which FPSCR.EN does not affect. Add support for CPACR checks (which are also required for ARMv7, but were unimplemented because Linux happens not to use them) and make sure they generate exceptions with the correct syndrome. We actually return incorrect syndrome information for cases where FP is disabled but the specific instruction bit pattern is unallocated: strictly these should be the Uncategorized exception, not a "SIMD disabled" exception. This should be mostly harmless, and the structure of the A32/T32 VFP/Neon decoder makes it painful to put the 'FP disabled?' checks in the right places. Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Peter Crosthwaite <peter.crosthwaite@xilinx.com>
2014-04-17target-arm: Add support for generating exceptions with syndrome informationPeter Maydell
Add new helpers exception_with_syndrome (for generating an exception with syndrome information) and exception_uncategorized (for generating an exception with "Unknown or Uncategorized Reason", which have a syndrome register value of zero), and use them to generate the correct syndrome information for exceptions which are raised directly from generated code. This patch includes moving the A32/T32 gen_exception_insn functions further up in the source file; they will be needed for "VFP/Neon disabled" exception generation later. Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Peter Crosthwaite <peter.crosthwaite@xilinx.com>
2014-04-17target-arm: Provide correct syndrome information for cpreg access trapsPeter Maydell
For exceptions taken to AArch64, if a coprocessor/system register access fails due to a trap or enable bit then the syndrome information must include details of the failing instruction (crn/crm/opc1/opc2 fields, etc). Make the decoder construct the syndrome information at translate time so it can be passed at runtime to the access-check helper function and used as required. Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Peter Crosthwaite <peter.crosthwaite@xilinx.com>
2014-04-17target-arm: Split out private-to-target functions into internals.hPeter Maydell
Currently cpu.h defines a mixture of functions and types needed by the rest of QEMU and those needed only by files within target-arm/. Split the latter out into a new header so they aren't needlessly exposed further than required. Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Peter Crosthwaite <peter.crosthwaite@xilinx.com>
2014-03-17target-arm: A64: Add [UF]RSQRTE (reciprocal root estimate)Alex Bennée
This adds support for [UF]RSQRTE instructions. It utilises the existing NEON helpers with some changes. The changes include an explicit passing of fpstatus (so the correct one is used between arm32 and aarch64), denormilzation, more correct error handling and also proper scaling of the fraction going into the estimate. Signed-off-by: Alex Bennée <alex.bennee@linaro.org> Reviewed-by: Richard Henderson <rth@twiddle.net> Message-id: 1394822294-14837-25-git-send-email-peter.maydell@linaro.org Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2014-03-17target-arm: A64: Implement AdvSIMD reciprocal estimate insns URECPE, FRECPEAlex Bennée
Implement URECPE and FRECPE instructions in both scalar and vector forms. The actual reciprocal estimate function is shared with the A32/T32 Neon code. However in A64 we aren't using the Neon "standard FPSCR value" so extra checks are necessary to handle non-squashed denormal inputs which can never happen for A32/T32. Calling conventions for the helpers are thus modified to pass the fpst directly; we mark the helpers as TCG_CALL_NO_RWG since we're changing the declarations anyway. Signed-off-by: Alex Bennée <alex.bennee@linaro.org> Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Richard Henderson <rth@twiddle.net> Message-id: 1394822294-14837-21-git-send-email-peter.maydell@linaro.org
2014-03-17target-arm: A64: Implement PMULL instructionPeter Maydell
Implement the PMULL instruction; this is the last unimplemented insn in the three-reg-diff group. Note that PMULL with size 3 is considered part of the AES part of the crypto extensions (see the ID_AA64ISAR0_EL1 register definition in the v8 ARM ARM), so it isn't necessary to burn an extra feature bit on it, even though we're using more feature bits than a single "crypto extension present/not present" toggle. Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Richard Henderson <rth@twiddle.net> Message-id: 1394822294-14837-2-git-send-email-peter.maydell@linaro.org
2014-03-13exec: Change cpu_abort() argument to CPUStateAndreas Färber
Signed-off-by: Andreas Färber <afaerber@suse.de>
2014-03-13cpu: Move breakpoints field from CPU_COMMON to CPUStateAndreas Färber
Most targets were using offsetof(CPUFooState, breakpoints) to determine how much of CPUFooState to clear on reset. Use the next field after CPU_COMMON instead, if any, or sizeof(CPUFooState) otherwise. Signed-off-by: Andreas Färber <afaerber@suse.de>