2 /* Simulator for the MIPS architecture.
4 This file is part of the MIPS sim
6 THIS SOFTWARE IS NOT COPYRIGHTED
8 Cygnus offers the following for use in the public domain. Cygnus
9 makes no warranty with regard to the software or it's performance
10 and the user accepts the software "AS IS" with all faults.
12 CYGNUS DISCLAIMS ANY WARRANTIES, EXPRESS OR IMPLIED, WITH REGARD TO
13 THIS SOFTWARE INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
14 MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.
22 We only need to take account of the target endianness when moving data
23 between the simulator and the host. We do not need to worry about the
24 endianness of the host, since this sim code and GDB are executing in
27 The IDT monitor (found on the VR4300 board), seems to lie about
28 register contents. It seems to treat the registers as sign-extended
29 32-bit values. This cause *REAL* problems when single-stepping 64-bit
34 /* The TRACE and PROFILE manifests enable the provision of extra
35 features. If they are not defined then a simpler (quicker)
36 simulator is constructed without the required run-time checks,
38 #if 1 /* 0 to allow user build selection, 1 to force inclusion */
45 #include "sim-utils.h"
46 #include "sim-options.h"
47 #include "sim-assert.h"
70 #include "libiberty.h"
72 #include "callback.h" /* GDB simulator callback interface */
73 #include "remote-sim.h" /* GDB simulator interface */
75 #include "support.h" /* internal support manifests */
83 char* pr_addr
PARAMS ((SIM_ADDR addr
));
84 char* pr_uword64
PARAMS ((uword64 addr
));
87 #define SIGBUS SIGSEGV
90 /* Get the simulator engine description, without including the code: */
95 struct sim_state simulator
;
97 /* The following reserved instruction value is used when a simulator
98 trap is required. NOTE: Care must be taken, since this value may be
99 used in later revisions of the MIPS ISA. */
100 #define RSVD_INSTRUCTION (0x00000005)
101 #define RSVD_INSTRUCTION_MASK (0xFC00003F)
103 #define RSVD_INSTRUCTION_ARG_SHIFT 6
104 #define RSVD_INSTRUCTION_ARG_MASK 0xFFFFF
107 /* NOTE: These numbers depend on the processor architecture being
109 #define Interrupt (0)
110 #define TLBModification (1)
113 #define AddressLoad (4)
114 #define AddressStore (5)
115 #define InstructionFetch (6)
116 #define DataReference (7)
117 #define SystemCall (8)
118 #define BreakPoint (9)
119 #define ReservedInstruction (10)
120 #define CoProcessorUnusable (11)
121 #define IntegerOverflow (12) /* Arithmetic overflow (IDT monitor raises SIGFPE) */
126 /* The following exception code is actually private to the simulator
127 world. It is *NOT* a processor feature, and is used to signal
128 run-time errors in the simulator. */
129 #define SimulatorFault (0xFFFFFFFF)
131 /* The following are generic to all versions of the MIPS architecture
133 /* Memory Access Types (for CCA): */
135 #define CachedNoncoherent (1)
136 #define CachedCoherent (2)
139 #define isINSTRUCTION (1 == 0) /* FALSE */
140 #define isDATA (1 == 1) /* TRUE */
142 #define isLOAD (1 == 0) /* FALSE */
143 #define isSTORE (1 == 1) /* TRUE */
145 #define isREAL (1 == 0) /* FALSE */
146 #define isRAW (1 == 1) /* TRUE */
148 #define isTARGET (1 == 0) /* FALSE */
149 #define isHOST (1 == 1) /* TRUE */
151 /* The "AccessLength" specifications for Loads and Stores. NOTE: This
152 is the number of bytes minus 1. */
153 #define AccessLength_BYTE (0)
154 #define AccessLength_HALFWORD (1)
155 #define AccessLength_TRIPLEBYTE (2)
156 #define AccessLength_WORD (3)
157 #define AccessLength_QUINTIBYTE (4)
158 #define AccessLength_SEXTIBYTE (5)
159 #define AccessLength_SEPTIBYTE (6)
160 #define AccessLength_DOUBLEWORD (7)
161 #define AccessLength_QUADWORD (15)
164 /* FPU registers must be one of the following types. All other values
165 are reserved (and undefined). */
171 /* The following are well outside the normal acceptable format
172 range, and are used in the register status vector. */
173 fmt_unknown
= 0x10000000,
174 fmt_uninterpreted
= 0x20000000,
178 /* NOTE: We cannot avoid globals, since the GDB "sim_" interface does
179 not allow a private variable to be passed around. This means that
180 simulators under GDB can only be single-threaded. However, it would
181 be possible for the simulators to be multi-threaded if GDB allowed
182 for a private pointer to be maintained. i.e. a general "void **ptr"
183 variable that GDB passed around in the argument list to all of
184 sim_xxx() routines. It could be initialised to NULL by GDB, and
185 then updated by sim_open() and used by the other sim_xxx() support
186 functions. This would allow new features in the simulator world,
187 like storing a context - continuing execution to gather a result,
188 and then going back to the point where the context was saved and
189 changing some state before continuing. i.e. the ability to perform
190 UNDOs on simulations. It would also allow the simulation of
191 shared-memory multi-processor systems.
193 [NOTE: This is now partially implemented] */
195 static host_callback
*callback
= NULL
; /* handle onto the current callback structure */
197 /* This is nasty, since we have to rely on matching the register
198 numbers used by GDB. Unfortunately, depending on the MIPS target
199 GDB uses different register numbers. We cannot just include the
200 relevant "gdb/tm.h" link, since GDB may not be configured before
201 the sim world, and also the GDB header file requires too much other
203 /* TODO: Sort out a scheme for *KNOWING* the mapping between real
204 registers, and the numbers that GDB uses. At the moment due to the
205 order that the tools are built, we cannot rely on a configured GDB
206 world whilst constructing the simulator. This means we have to
207 assume the GDB register number mapping. */
209 #define LAST_EMBED_REGNUM (89)
212 /* To keep this default simulator simple, and fast, we use a direct
213 vector of registers. The internal simulator engine then uses
214 manifests to access the correct slot. */
215 static ut_reg registers
[LAST_EMBED_REGNUM
+ 1];
216 static int register_widths
[LAST_EMBED_REGNUM
+ 1];
218 #define GPR (®isters[0])
221 #define FGR (®isters[FGRIDX])
223 #define LO (registers[33])
224 #define HI (registers[34])
225 #define PC (registers[37])
226 #define CAUSE (registers[36])
228 #define SR (registers[SRIDX]) /* CPU status register */
230 #define FCR0 (registers[FCR0IDX]) /* really a 32bit register */
231 #define FCR31IDX (70)
232 #define FCR31 (registers[FCR31IDX]) /* really a 32bit register */
234 #define COCIDX (LAST_EMBED_REGNUM + 2) /* special case : outside the normal range */
236 /* The following are pseudonyms for standard registers */
237 #define ZERO (registers[0])
238 #define V0 (registers[2])
239 #define A0 (registers[4])
240 #define A1 (registers[5])
241 #define A2 (registers[6])
242 #define A3 (registers[7])
243 #define SP (registers[29])
244 #define RA (registers[31])
247 /* start-sanitize-r5900 */
249 The R5900 has 128 bit registers, but the hi 64 bits are only touched by
250 multimedia (MMI) instructions. The normal mips instructions just use the
251 lower 64 bits. To avoid changing the older parts of the simulator to
252 handle this weirdness, the high 64 bits of each register are kept in
253 a separate array (registers1). The high 64 bits of any register are by
254 convention refered by adding a '1' to the end of the normal register's
255 name. So LO still refers to the low 64 bits of the LO register, LO1
256 refers to the high 64 bits of that same register.
259 /* The high part of each register */
260 static ut_reg registers1
[LAST_EMBED_REGNUM
+ 1];
262 #define GPR1 (®isters1[0])
264 #define LO1 (registers1[33])
265 #define HI1 (registers1[34])
267 #define BYTES_IN_MMI_REGS (sizeof(registers[0])+sizeof(registers1[0]))
268 #define HALFWORDS_IN_MMI_REGS (BYTES_IN_MMI_REGS/2)
269 #define WORDS_IN_MMI_REGS (BYTES_IN_MMI_REGS/4)
270 #define DOUBLEWORDS_IN_MMI_REGS (BYTES_IN_MMI_REGS/8)
272 #define BYTES_IN_MIPS_REGS (sizeof(registers[0]))
273 #define HALFWORDS_IN_MIPS_REGS (BYTES_IN_MIPS_REGS/2)
274 #define WORDS_IN_MIPS_REGS (BYTES_IN_MIPS_REGS/4)
275 #define DOUBLEWORDS_IN_MIPS_REGS (BYTES_IN_MIPS_REGS/8)
279 SUB_REG_FETCH - return as lvalue some sub-part of a "register"
280 T - type of the sub part
281 TC - # of T's in the mips part of the "register"
282 I - index (from 0) of desired sub part
283 A - low part of "register"
284 A1 - high part of register
286 #define SUB_REG_FETCH(T,TC,A,A1,I) (*(((T*)(((I) < (TC)) ? (A) : (A1))) + ((I) % (TC))))
289 GPR_<type>(R,I) - return, as lvalue, the I'th <type> of general register R
290 where <type> has two letters:
291 1 is S=signed or U=unsigned
292 2 is B=byte H=halfword W=word D=doubleword
295 #define SUB_REG_SB(A,A1,I) SUB_REG_FETCH(signed char, BYTES_IN_MIPS_REGS, A, A1, I)
296 #define SUB_REG_SH(A,A1,I) SUB_REG_FETCH(signed short, HALFWORDS_IN_MIPS_REGS, A, A1, I)
297 #define SUB_REG_SW(A,A1,I) SUB_REG_FETCH(signed int, WORDS_IN_MIPS_REGS, A, A1, I)
298 #define SUB_REG_SD(A,A1,I) SUB_REG_FETCH(signed long long, DOUBLEWORDS_IN_MIPS_REGS, A, A1, I)
300 #define SUB_REG_UB(A,A1,I) SUB_REG_FETCH(unsigned char, BYTES_IN_MIPS_REGS, A, A1, I)
301 #define SUB_REG_UH(A,A1,I) SUB_REG_FETCH(unsigned short, HALFWORDS_IN_MIPS_REGS, A, A1, I)
302 #define SUB_REG_UW(A,A1,I) SUB_REG_FETCH(unsigned int, WORDS_IN_MIPS_REGS, A, A1, I)
303 #define SUB_REG_UD(A,A1,I) SUB_REG_FETCH(unsigned long long,DOUBLEWORDS_IN_MIPS_REGS, A, A1, I)
307 #define GPR_SB(R,I) SUB_REG_SB(®isters[R], ®isters1[R], I)
308 #define GPR_SH(R,I) SUB_REG_SH(®isters[R], ®isters1[R], I)
309 #define GPR_SW(R,I) SUB_REG_SW(®isters[R], ®isters1[R], I)
310 #define GPR_SD(R,I) SUB_REG_SD(®isters[R], ®isters1[R], I)
312 #define GPR_UB(R,I) SUB_REG_UB(®isters[R], ®isters1[R], I)
313 #define GPR_UH(R,I) SUB_REG_UH(®isters[R], ®isters1[R], I)
314 #define GPR_UW(R,I) SUB_REG_UW(®isters[R], ®isters1[R], I)
315 #define GPR_UD(R,I) SUB_REG_UD(®isters[R], ®isters1[R], I)
318 #define RS_SB(I) SUB_REG_SB(&rs_reg, &rs_reg1, I)
319 #define RS_SH(I) SUB_REG_SH(&rs_reg, &rs_reg1, I)
320 #define RS_SW(I) SUB_REG_SW(&rs_reg, &rs_reg1, I)
321 #define RS_SD(I) SUB_REG_SD(&rs_reg, &rs_reg1, I)
323 #define RS_UB(I) SUB_REG_UB(&rs_reg, &rs_reg1, I)
324 #define RS_UH(I) SUB_REG_UH(&rs_reg, &rs_reg1, I)
325 #define RS_UW(I) SUB_REG_UW(&rs_reg, &rs_reg1, I)
326 #define RS_UD(I) SUB_REG_UD(&rs_reg, &rs_reg1, I)
328 #define RT_SB(I) SUB_REG_SB(&rt_reg, &rt_reg1, I)
329 #define RT_SH(I) SUB_REG_SH(&rt_reg, &rt_reg1, I)
330 #define RT_SW(I) SUB_REG_SW(&rt_reg, &rt_reg1, I)
331 #define RT_SD(I) SUB_REG_SD(&rt_reg, &rt_reg1, I)
333 #define RT_UB(I) SUB_REG_UB(&rt_reg, &rt_reg1, I)
334 #define RT_UH(I) SUB_REG_UH(&rt_reg, &rt_reg1, I)
335 #define RT_UW(I) SUB_REG_UW(&rt_reg, &rt_reg1, I)
336 #define RT_UD(I) SUB_REG_UD(&rt_reg, &rt_reg1, I)
340 #define LO_SB(I) SUB_REG_SB(&LO, &LO1, I)
341 #define LO_SH(I) SUB_REG_SH(&LO, &LO1, I)
342 #define LO_SW(I) SUB_REG_SW(&LO, &LO1, I)
343 #define LO_SD(I) SUB_REG_SD(&LO, &LO1, I)
345 #define LO_UB(I) SUB_REG_UB(&LO, &LO1, I)
346 #define LO_UH(I) SUB_REG_UH(&LO, &LO1, I)
347 #define LO_UW(I) SUB_REG_UW(&LO, &LO1, I)
348 #define LO_UD(I) SUB_REG_UD(&LO, &LO1, I)
350 #define HI_SB(I) SUB_REG_SB(&HI, &HI1, I)
351 #define HI_SH(I) SUB_REG_SH(&HI, &HI1, I)
352 #define HI_SW(I) SUB_REG_SW(&HI, &HI1, I)
353 #define HI_SD(I) SUB_REG_SD(&HI, &HI1, I)
355 #define HI_UB(I) SUB_REG_UB(&HI, &HI1, I)
356 #define HI_UH(I) SUB_REG_UH(&HI, &HI1, I)
357 #define HI_UW(I) SUB_REG_UW(&HI, &HI1, I)
358 #define HI_UD(I) SUB_REG_UD(&HI, &HI1, I)
359 /* end-sanitize-r5900 */
362 /* start-sanitize-r5900 */
363 static ut_reg SA
; /* the shift amount register */
364 /* end-sanitize-r5900 */
366 static ut_reg EPC
= 0; /* Exception PC */
369 /* Keep the current format state for each register: */
370 static FP_formats fpr_state
[32];
373 /* The following are internal simulator state variables: */
374 static ut_reg IPC
= 0; /* internal Instruction PC */
375 static ut_reg DSPC
= 0; /* delay-slot PC */
378 /* TODO : these should be the bitmasks for these bits within the
379 status register. At the moment the following are VR4300
381 #define status_KSU_mask (0x3) /* mask for KSU bits */
382 #define status_KSU_shift (3) /* shift for field */
383 #define ksu_kernel (0x0)
384 #define ksu_supervisor (0x1)
385 #define ksu_user (0x2)
386 #define ksu_unknown (0x3)
388 #define status_RE (1 << 25) /* Reverse Endian in user mode */
389 #define status_FR (1 << 26) /* enables MIPS III additional FP registers */
390 #define status_SR (1 << 20) /* soft reset or NMI */
391 #define status_BEV (1 << 22) /* Location of general exception vectors */
392 #define status_TS (1 << 21) /* TLB shutdown has occurred */
393 #define status_ERL (1 << 2) /* Error level */
394 #define status_RP (1 << 27) /* Reduced Power mode */
396 #define cause_BD ((unsigned)1 << 31) /* Exception in branch delay slot */
399 /* Macro to update FPSR condition-code field. This is complicated by
400 the fact that there is a hole in the index range of the bits within
401 the FCSR register. Also, the number of bits visible depends on the
402 MIPS ISA version being supported. */
403 #define SETFCC(cc,v) {\
404 int bit = ((cc == 0) ? 23 : (24 + (cc)));\
405 FCSR = ((FCSR & ~(1 << bit)) | ((v) << bit));\
407 #define GETFCC(cc) (((((cc) == 0) ? (FCSR & (1 << 23)) : (FCSR & (1 << (24 + (cc))))) != 0) ? 1 : 0)
409 /* This should be the COC1 value at the start of the preceding
411 #define PREVCOC1() ((state & simPCOC1) ? 1 : 0)
414 /* Standard FCRS bits: */
415 #define IR (0) /* Inexact Result */
416 #define UF (1) /* UnderFlow */
417 #define OF (2) /* OverFlow */
418 #define DZ (3) /* Division by Zero */
419 #define IO (4) /* Invalid Operation */
420 #define UO (5) /* Unimplemented Operation */
422 /* Get masks for individual flags: */
423 #if 1 /* SAFE version */
424 #define FP_FLAGS(b) (((unsigned)(b) < 5) ? (1 << ((b) + 2)) : 0)
425 #define FP_ENABLE(b) (((unsigned)(b) < 5) ? (1 << ((b) + 7)) : 0)
426 #define FP_CAUSE(b) (((unsigned)(b) < 6) ? (1 << ((b) + 12)) : 0)
428 #define FP_FLAGS(b) (1 << ((b) + 2))
429 #define FP_ENABLE(b) (1 << ((b) + 7))
430 #define FP_CAUSE(b) (1 << ((b) + 12))
433 #define FP_FS (1 << 24) /* MIPS III onwards : Flush to Zero */
435 #define FP_MASK_RM (0x3)
437 #define FP_RM_NEAREST (0) /* Round to nearest (Round) */
438 #define FP_RM_TOZERO (1) /* Round to zero (Trunc) */
439 #define FP_RM_TOPINF (2) /* Round to Plus infinity (Ceil) */
440 #define FP_RM_TOMINF (3) /* Round to Minus infinity (Floor) */
441 #define GETRM() (int)((FCSR >> FP_SH_RM) & FP_MASK_RM)
443 /* Slots for delayed register updates. For the moment we just have a
444 fixed number of slots (rather than a more generic, dynamic
445 system). This keeps the simulator fast. However, we only allow for
446 the register update to be delayed for a single instruction
448 #define PSLOTS (5) /* Maximum number of instruction cycles */
449 static int pending_in
;
450 static int pending_out
;
451 static int pending_total
;
452 static int pending_slot_count
[PSLOTS
];
453 static int pending_slot_reg
[PSLOTS
];
454 static ut_reg pending_slot_value
[PSLOTS
];
456 /*---------------------------------------------------------------------------*/
457 /*-- GDB simulator interface ------------------------------------------------*/
458 /*---------------------------------------------------------------------------*/
460 static void dotrace
PARAMS((FILE *tracefh
,int type
,SIM_ADDR address
,int width
,char *comment
,...));
461 static void sim_warning
PARAMS((char *fmt
,...));
462 extern void sim_error
PARAMS((char *fmt
,...));
463 static void ColdReset
PARAMS((void));
464 static int AddressTranslation
PARAMS((uword64 vAddr
,int IorD
,int LorS
,uword64
*pAddr
,int *CCA
,int host
,int raw
));
465 static void StoreMemory
PARAMS((int CCA
,int AccessLength
,uword64 MemElem
,uword64 MemElem1
,uword64 pAddr
,uword64 vAddr
,int raw
));
466 static void LoadMemory
PARAMS((uword64
*memvalp
,uword64
*memval1p
,int CCA
,int AccessLength
,uword64 pAddr
,uword64 vAddr
,int IorD
,int raw
));
467 static void SignalException
PARAMS((int exception
,...));
468 static long getnum
PARAMS((char *value
));
469 extern void sim_set_profile
PARAMS((int frequency
));
470 static unsigned int power2
PARAMS((unsigned int value
));
472 /*---------------------------------------------------------------------------*/
474 /* The following are not used for MIPS IV onwards: */
475 #define PENDING_FILL(r,v) {\
476 /* printf("DBG: FILL BEFORE pending_in = %d, pending_out = %d, pending_total = %d\n",pending_in,pending_out,pending_total); */\
477 if (pending_slot_reg[pending_in] != (LAST_EMBED_REGNUM + 1))\
478 sim_warning("Attempt to over-write pending value");\
479 pending_slot_count[pending_in] = 2;\
480 pending_slot_reg[pending_in] = (r);\
481 pending_slot_value[pending_in] = (uword64)(v);\
482 /*printf("DBG: FILL reg %d value = 0x%s\n",(r),pr_addr(v));*/\
485 if (pending_in == PSLOTS)\
487 /*printf("DBG: FILL AFTER pending_in = %d, pending_out = %d, pending_total = %d\n",pending_in,pending_out,pending_total);*/\
490 static int LLBIT
= 0;
491 /* LLBIT = Load-Linked bit. A bit of "virtual" state used by atomic
492 read-write instructions. It is set when a linked load occurs. It is
493 tested and cleared by the conditional store. It is cleared (during
494 other CPU operations) when a store to the location would no longer
495 be atomic. In particular, it is cleared by exception return
498 static int HIACCESS
= 0;
499 static int LOACCESS
= 0;
500 static int HI1ACCESS
= 0;
501 static int LO1ACCESS
= 0;
503 /* ??? The 4300 and a few other processors have interlocks on hi/lo register
504 reads, and hence do not have this problem. To avoid spurious warnings,
505 we just disable this always. */
509 /* The HIACCESS and LOACCESS counts are used to ensure that
510 corruptions caused by using the HI or LO register to close to a
511 following operation are spotted. */
512 static ut_reg HLPC
= 0;
513 /* If either of the preceding two instructions have accessed the HI or
514 LO registers, then the values they see should be
515 undefined. However, to keep the simulator world simple, we just let
516 them use the value read and raise a warning to notify the user: */
517 #define CHECKHILO(s) {\
518 if ((HIACCESS != 0) || (LOACCESS != 0) || (HI1ACCESS != 0) || (LO1ACCESS != 0))\
519 sim_warning("%s over-writing HI and LO registers values (PC = 0x%s HLPC = 0x%s)\n",(s),pr_addr(PC),pr_addr(HLPC));\
523 /* NOTE: We keep the following status flags as bit values (1 for true,
524 0 for false). This allows them to be used in binary boolean
525 operations without worrying about what exactly the non-zero true
529 #define UserMode ((((SR & status_KSU_mask) >> status_KSU_shift) == ksu_user) ? 1 : 0)
532 /* Hardware configuration. Affects endianness of LoadMemory and
533 StoreMemory and the endianness of Kernel and Supervisor mode
534 execution. The value is 0 for little-endian; 1 for big-endian. */
535 #define BigEndianMem (CURRENT_TARGET_BYTE_ORDER == BIG_ENDIAN)
536 /*(state & simBE) ? 1 : 0)*/
539 /* This is true if the host and target have different endianness. */
540 #define ByteSwapMem (CURRENT_TARGET_BYTE_ORDER != CURRENT_HOST_BYTE_ORDER)
543 /* This mode is selected if in User mode with the RE bit being set in
544 SR (Status Register). It reverses the endianness of load and store
546 #define ReverseEndian (((SR & status_RE) && UserMode) ? 1 : 0)
549 /* The endianness for load and store instructions (0=little;1=big). In
550 User mode this endianness may be switched by setting the state_RE
551 bit in the SR register. Thus, BigEndianCPU may be computed as
552 (BigEndianMem EOR ReverseEndian). */
553 #define BigEndianCPU (BigEndianMem ^ ReverseEndian) /* Already bits */
555 #if !defined(FASTSIM) || defined(PROFILE)
556 /* At the moment these values will be the same, since we do not have
557 access to the pipeline cycle count information from the simulator
559 static unsigned int instruction_fetches
= 0;
560 static unsigned int instruction_fetch_overflow
= 0;
563 /* Flags in the "state" variable: */
564 #define simHALTEX (1 << 2) /* 0 = run; 1 = halt on exception */
565 #define simHALTIN (1 << 3) /* 0 = run; 1 = halt on interrupt */
566 #define simTRACE (1 << 8) /* 0 = do nothing; 1 = trace address activity */
567 #define simPROFILE (1 << 9) /* 0 = do nothing; 1 = gather profiling samples */
568 #define simPCOC0 (1 << 17) /* COC[1] from current */
569 #define simPCOC1 (1 << 18) /* COC[1] from previous */
570 #define simDELAYSLOT (1 << 24) /* 0 = do nothing; 1 = delay slot entry exists */
571 #define simSKIPNEXT (1 << 25) /* 0 = do nothing; 1 = skip instruction */
572 #define simSIGINT (1 << 28) /* 0 = do nothing; 1 = SIGINT has occured */
573 #define simJALDELAYSLOT (1 << 29) /* 1 = in jal delay slot */
575 static unsigned int state
= 0;
577 #define DELAYSLOT() {\
578 if (state & simDELAYSLOT)\
579 sim_warning("Delay slot already activated (branch in delay slot?)");\
580 state |= simDELAYSLOT;\
583 #define JALDELAYSLOT() {\
585 state |= simJALDELAYSLOT;\
589 state &= ~simDELAYSLOT;\
590 state |= simSKIPNEXT;\
593 #define INDELAYSLOT() ((state & simDELAYSLOT) != 0)
594 #define INJALDELAYSLOT() ((state & simJALDELAYSLOT) != 0)
596 #define K0BASE (0x80000000)
597 #define K0SIZE (0x20000000)
598 #define K1BASE (0xA0000000)
599 #define K1SIZE (0x20000000)
601 /* Simple run-time monitor support */
602 static unsigned char *monitor
= NULL
;
603 static ut_reg monitor_base
= 0xBFC00000;
604 static unsigned monitor_size
= (1 << 11); /* power-of-2 */
606 static char *logfile
= NULL
; /* logging disabled by default */
607 static FILE *logfh
= NULL
;
610 static char *tracefile
= "trace.din"; /* default filename for trace log */
611 static FILE *tracefh
= NULL
;
612 static void open_trace
PARAMS((void));
616 static unsigned profile_frequency
= 256;
617 static unsigned profile_nsamples
= (128 << 10);
618 static unsigned short *profile_hist
= NULL
;
619 static ut_reg profile_minpc
;
620 static ut_reg profile_maxpc
;
621 static int profile_shift
= 0; /* address shift amount */
626 mips_option_handler (sd
, opt
, arg
)
636 tmp
= (char *)malloc(strlen(arg
) + 1);
638 callback
->printf_filtered(callback
,"Failed to allocate buffer for logfile name \"%s\"\n",optarg
);
647 callback
->printf_filtered(callback
,"Explicit model selection not yet available (Ignoring \"%s\")\n",optarg
);
652 /* Eventually the simTRACE flag could be treated as a toggle, to
653 allow external control of the program points being traced
654 (i.e. only from main onwards, excluding the run-time setup,
658 else if (strcmp (arg
, "yes") == 0)
660 else if (strcmp (arg
, "no") == 0)
664 fprintf (stderr
, "Unreconized trace option `%s'\n", arg
);
670 Simulator constructed without tracing support (for performance).\n\
671 Re-compile simulator with \"-DTRACE\" to enable this option.\n");
677 if (optarg
!= NULL
) {
679 tmp
= (char *)malloc(strlen(optarg
) + 1);
682 callback
->printf_filtered(callback
,"Failed to allocate buffer for tracefile name \"%s\"\n",optarg
);
688 callback
->printf_filtered(callback
,"Placing trace information into file \"%s\"\n",tracefile
);
700 Simulator constructed without profiling support (for performance).\n\
701 Re-compile simulator with \"-DPROFILE\" to enable this option.\n");
703 #endif /* !PROFILE */
707 profile_nsamples
= (unsigned)getnum(optarg
);
713 sim_set_profile((int)getnum(optarg
));
722 static const OPTION mips_options
[] =
724 { {"log", required_argument
, NULL
,'l'},
725 'l', "FILE", "Log file",
726 mips_option_handler
},
727 { {"name", required_argument
, NULL
,'n'},
728 'n', "MODEL", "Select arch model",
729 mips_option_handler
},
730 { {"profile", optional_argument
, NULL
,'p'},
731 'p', "on|off", "Enable profiling",
732 mips_option_handler
},
733 { {"trace", optional_argument
, NULL
,'t'},
734 't', "on|off", "Enable tracing",
735 mips_option_handler
},
736 { {"tracefile",required_argument
, NULL
,'z'},
737 'z', "FILE", "Write trace to file",
738 mips_option_handler
},
739 { {"frequency",required_argument
, NULL
,'y'},
740 'y', "FREQ", "Profile frequency",
741 mips_option_handler
},
742 { {"samples", required_argument
, NULL
,'x'},
743 'y', "SIZE", "Profile sample size",
744 mips_option_handler
},
745 { {NULL
, no_argument
, NULL
, 0}, '\0', NULL
, NULL
, NULL
}
750 interrupt_event (SIM_DESC sd
, void *data
)
752 SignalException (Interrupt
);
757 /*---------------------------------------------------------------------------*/
758 /*-- GDB simulator interface ------------------------------------------------*/
759 /*---------------------------------------------------------------------------*/
762 sim_open (kind
,cb
,argv
)
767 SIM_DESC sd
= &simulator
;
769 STATE_OPEN_KIND (sd
) = kind
;
770 STATE_MAGIC (sd
) = SIM_MAGIC_NUMBER
;
771 STATE_CALLBACK (sd
) = cb
;
773 CPU_STATE (STATE_CPU (sd
, 0)) = sd
;
775 /* FIXME: watchpoints code shouldn't need this */
776 STATE_WATCHPOINTS (sd
)->pc
= &(PC
);
777 STATE_WATCHPOINTS (sd
)->sizeof_pc
= sizeof (PC
);
778 STATE_WATCHPOINTS (sd
)->interrupt_handler
= interrupt_event
;
780 /* memory defaults (unless sim_size was here first) */
781 if (STATE_MEM_SIZE (sd
) == 0)
782 STATE_MEM_SIZE (sd
) = (2 << 20);
783 STATE_MEM_BASE (sd
) = K1BASE
;
785 if (callback
== NULL
) {
786 fprintf(stderr
,"SIM Error: sim_open() called without callbacks attached\n");
792 if (sim_pre_argv_init (sd
, argv
[0]) != SIM_RC_OK
)
794 sim_add_option_table (sd
, mips_options
);
796 /* getopt will print the error message so we just have to exit if this fails.
797 FIXME: Hmmm... in the case of gdb we need getopt to call
799 if (sim_parse_args (sd
, argv
) != SIM_RC_OK
)
801 /* Uninstall the modules to avoid memory leaks,
802 file descriptor leaks, etc. */
803 sim_module_uninstall (sd
);
807 if (sim_post_argv_init (sd
) != SIM_RC_OK
)
809 /* Uninstall the modules to avoid memory leaks,
810 file descriptor leaks, etc. */
811 sim_module_uninstall (sd
);
815 /* verify assumptions the simulator made about the host type system.
816 This macro does not return if there is a problem */
820 /* Check that the host FPU conforms to IEEE 754-1985 for the SINGLE
821 and DOUBLE binary formats. This is a bit nasty, requiring that we
822 trust the explicit manifests held in the source: */
823 /* TODO: We need to cope with the simulated target and the host not
824 having the same endianness. This will require the high and low
825 words of a (double) to be swapped when converting between the
826 host and the simulated target. */
834 s
.d
= (double)523.2939453125;
836 if ((s
.i
[0] == 0 && (s
.f
[1] != (float)4.01102924346923828125
837 || s
.i
[1] != 0x40805A5A))
838 || (s
.i
[1] == 0 && (s
.f
[0] != (float)4.01102924346923828125
839 || s
.i
[0] != 0x40805A5A)))
841 fprintf(stderr
,"The host executing the simulator does not seem to have IEEE 754-1985 std FP\n");
847 /* This is NASTY, in that we are assuming the size of specific
851 for (rn
= 0; (rn
< (LAST_EMBED_REGNUM
+ 1)); rn
++) {
853 register_widths
[rn
] = GPRLEN
;
854 else if ((rn
>= FGRIDX
) && (rn
< (FGRIDX
+ 32)))
855 register_widths
[rn
] = GPRLEN
;
856 else if ((rn
>= 33) && (rn
<= 37))
857 register_widths
[rn
] = GPRLEN
;
858 else if ((rn
== SRIDX
) || (rn
== FCR0IDX
) || (rn
== FCR31IDX
) || ((rn
>= 72) && (rn
<= 89)))
859 register_widths
[rn
] = 32;
861 register_widths
[rn
] = 0;
866 if (logfile
!= NULL
) {
867 if (strcmp(logfile
,"-") == 0)
870 logfh
= fopen(logfile
,"wb+");
872 callback
->printf_filtered(callback
,"Failed to create file \"%s\", writing log information to stderr.\n",tracefile
);
878 /* FIXME: In the future both of these malloc's can be replaced by
879 calls to sim-core. */
881 /* If the host has "mmap" available we could use it to provide a
882 very large virtual address space for the simulator, since memory
883 would only be allocated within the "mmap" space as it is
884 accessed. This can also be linked to the architecture specific
885 support, required to simulate the MMU. */
886 sim_size(STATE_MEM_SIZE (sd
));
887 /* NOTE: The above will also have enabled any profiling state! */
889 /* Create the monitor address space as well */
890 monitor
= (unsigned char *)calloc(1,monitor_size
);
892 fprintf(stderr
,"Not enough VM for monitor simulation (%d bytes)\n",
896 if (state
& simTRACE
)
907 tracefh
= fopen(tracefile
,"wb+");
910 sim_warning("Failed to create file \"%s\", writing trace information to stderr.",tracefile
);
916 /* For the profile writing, we write the data in the host
917 endianness. This unfortunately means we are assuming that the
918 profile file we create is processed on the same host executing the
919 simulator. The gmon.out file format should either have an explicit
920 endianness, or a method of encoding the endianness in the file
930 if (CURRENT_HOST_BYTE_ORDER
== BIG_ENDIAN
) {
931 buff
[3] = ((val
>> 0) & 0xFF);
932 buff
[2] = ((val
>> 8) & 0xFF);
933 buff
[1] = ((val
>> 16) & 0xFF);
934 buff
[0] = ((val
>> 24) & 0xFF);
936 buff
[0] = ((val
>> 0) & 0xFF);
937 buff
[1] = ((val
>> 8) & 0xFF);
938 buff
[2] = ((val
>> 16) & 0xFF);
939 buff
[3] = ((val
>> 24) & 0xFF);
941 if (fwrite(buff
,4,1,fh
) != 1) {
942 sim_warning("Failed to write 4bytes to the profile file");
955 if (CURRENT_HOST_BYTE_ORDER
== BIG_ENDIAN
) {
956 buff
[1] = ((val
>> 0) & 0xFF);
957 buff
[0] = ((val
>> 8) & 0xFF);
959 buff
[0] = ((val
>> 0) & 0xFF);
960 buff
[1] = ((val
>> 8) & 0xFF);
962 if (fwrite(buff
,2,1,fh
) != 1) {
963 sim_warning("Failed to write 2bytes to the profile file");
970 sim_close (sd
, quitting
)
975 printf("DBG: sim_close: entered (quitting = %d)\n",quitting
);
978 /* Cannot assume sim_kill() has been called */
979 /* "quitting" is non-zero if we cannot hang on errors */
981 /* Ensure that any resources allocated through the callback
982 mechanism are released: */
983 callback
->shutdown(callback
);
986 if ((state
& simPROFILE
) && (profile_hist
!= NULL
)) {
987 FILE *pf
= fopen("gmon.out","wb");
991 sim_warning("Failed to open \"gmon.out\" profile file");
995 printf("DBG: minpc = 0x%s\n",pr_addr(profile_minpc
));
996 printf("DBG: maxpc = 0x%s\n",pr_addr(profile_maxpc
));
998 ok
= writeout32(pf
,(unsigned int)profile_minpc
);
1000 ok
= writeout32(pf
,(unsigned int)profile_maxpc
);
1002 ok
= writeout32(pf
,(profile_nsamples
* 2) + 12); /* size of sample buffer (+ header) */
1004 printf("DBG: nsamples = %d (size = 0x%08X)\n",profile_nsamples
,((profile_nsamples
* 2) + 12));
1006 for (loop
= 0; (ok
&& (loop
< profile_nsamples
)); loop
++) {
1007 ok
= writeout16(pf
,profile_hist
[loop
]);
1016 profile_hist
= NULL
;
1017 state
&= ~simPROFILE
;
1019 #endif /* PROFILE */
1022 if (tracefh
!= NULL
&& tracefh
!= stderr
)
1028 if (logfh
!= NULL
&& logfh
!= stdout
&& logfh
!= stderr
)
1032 if (STATE_MEMORY (sd
) != NULL
)
1033 free(STATE_MEMORY (sd
)); /* cfree not available on all hosts */
1034 STATE_MEMORY (sd
) = NULL
;
1041 sim_write (sd
,addr
,buffer
,size
)
1044 unsigned char *buffer
;
1048 uword64 vaddr
= (uword64
)addr
;
1050 /* Return the number of bytes written, or zero if error. */
1052 callback
->printf_filtered(callback
,"sim_write(0x%s,buffer,%d);\n",pr_addr(addr
),size
);
1055 /* We provide raw read and write routines, since we do not want to
1056 count the GDB memory accesses in our statistics gathering. */
1058 /* There is a lot of code duplication in the individual blocks
1059 below, but the variables are declared locally to a block to give
1060 the optimiser the best chance of improving the code. We have to
1061 perform slow byte reads from the host memory, to ensure that we
1062 get the data into the correct endianness for the (simulated)
1063 target memory world. */
1065 /* Mask count to get odd byte, odd halfword, and odd word out of the
1066 way. We can then perform doubleword transfers to and from the
1067 simulator memory for optimum performance. */
1068 if (index
&& (index
& 1)) {
1071 if (AddressTranslation(vaddr
,isDATA
,isSTORE
,&paddr
,&cca
,isTARGET
,isRAW
)) {
1072 uword64 value
= ((uword64
)(*buffer
++));
1073 StoreMemory(cca
,AccessLength_BYTE
,value
,0,paddr
,vaddr
,isRAW
);
1076 index
&= ~1; /* logical operations usually quicker than arithmetic on RISC systems */
1078 if (index
&& (index
& 2)) {
1081 if (AddressTranslation(vaddr
,isDATA
,isSTORE
,&paddr
,&cca
,isTARGET
,isRAW
)) {
1083 /* We need to perform the following magic to ensure that that
1084 bytes are written into same byte positions in the target memory
1085 world, regardless of the endianness of the host. */
1087 value
= ((uword64
)(*buffer
++) << 8);
1088 value
|= ((uword64
)(*buffer
++) << 0);
1090 value
= ((uword64
)(*buffer
++) << 0);
1091 value
|= ((uword64
)(*buffer
++) << 8);
1093 StoreMemory(cca
,AccessLength_HALFWORD
,value
,0,paddr
,vaddr
,isRAW
);
1098 if (index
&& (index
& 4)) {
1101 if (AddressTranslation(vaddr
,isDATA
,isSTORE
,&paddr
,&cca
,isTARGET
,isRAW
)) {
1104 value
= ((uword64
)(*buffer
++) << 24);
1105 value
|= ((uword64
)(*buffer
++) << 16);
1106 value
|= ((uword64
)(*buffer
++) << 8);
1107 value
|= ((uword64
)(*buffer
++) << 0);
1109 value
= ((uword64
)(*buffer
++) << 0);
1110 value
|= ((uword64
)(*buffer
++) << 8);
1111 value
|= ((uword64
)(*buffer
++) << 16);
1112 value
|= ((uword64
)(*buffer
++) << 24);
1114 StoreMemory(cca
,AccessLength_WORD
,value
,0,paddr
,vaddr
,isRAW
);
1119 for (;index
; index
-= 8) {
1122 if (AddressTranslation(vaddr
,isDATA
,isSTORE
,&paddr
,&cca
,isTARGET
,isRAW
)) {
1125 value
= ((uword64
)(*buffer
++) << 56);
1126 value
|= ((uword64
)(*buffer
++) << 48);
1127 value
|= ((uword64
)(*buffer
++) << 40);
1128 value
|= ((uword64
)(*buffer
++) << 32);
1129 value
|= ((uword64
)(*buffer
++) << 24);
1130 value
|= ((uword64
)(*buffer
++) << 16);
1131 value
|= ((uword64
)(*buffer
++) << 8);
1132 value
|= ((uword64
)(*buffer
++) << 0);
1134 value
= ((uword64
)(*buffer
++) << 0);
1135 value
|= ((uword64
)(*buffer
++) << 8);
1136 value
|= ((uword64
)(*buffer
++) << 16);
1137 value
|= ((uword64
)(*buffer
++) << 24);
1138 value
|= ((uword64
)(*buffer
++) << 32);
1139 value
|= ((uword64
)(*buffer
++) << 40);
1140 value
|= ((uword64
)(*buffer
++) << 48);
1141 value
|= ((uword64
)(*buffer
++) << 56);
1143 StoreMemory(cca
,AccessLength_DOUBLEWORD
,value
,0,paddr
,vaddr
,isRAW
);
1152 sim_read (sd
,addr
,buffer
,size
)
1155 unsigned char *buffer
;
1160 /* Return the number of bytes read, or zero if error. */
1162 callback
->printf_filtered(callback
,"sim_read(0x%s,buffer,%d);\n",pr_addr(addr
),size
);
1165 /* TODO: Perform same optimisation as the sim_write() code
1166 above. NOTE: This will require a bit more work since we will need
1167 to ensure that the source physical address is doubleword aligned
1168 before, and then deal with trailing bytes. */
1169 for (index
= 0; (index
< size
); index
++) {
1170 uword64 vaddr
,paddr
,value
;
1172 vaddr
= (uword64
)addr
+ index
;
1173 if (AddressTranslation(vaddr
,isDATA
,isLOAD
,&paddr
,&cca
,isTARGET
,isRAW
)) {
1174 LoadMemory(&value
,NULL
,cca
,AccessLength_BYTE
,paddr
,vaddr
,isDATA
,isRAW
);
1175 buffer
[index
] = (unsigned char)(value
&0xFF);
1184 sim_store_register (sd
,rn
,memory
)
1187 unsigned char *memory
;
1189 /* NOTE: gdb (the client) stores registers in target byte order
1190 while the simulator uses host byte order */
1192 callback
->printf_filtered(callback
,"sim_store_register(%d,*memory=0x%s);\n",rn
,pr_addr(*((SIM_ADDR
*)memory
)));
1195 /* Unfortunately this suffers from the same problem as the register
1196 numbering one. We need to know what the width of each logical
1197 register number is for the architecture being simulated. */
1199 if (register_widths
[rn
] == 0)
1200 sim_warning("Invalid register width for %d (register store ignored)",rn
);
1203 if (register_widths
[rn
] == 32)
1204 registers
[rn
] = T2H_4 (*(unsigned int*)memory
);
1206 registers
[rn
] = T2H_8 (*(uword64
*)memory
);
1213 sim_fetch_register (sd
,rn
,memory
)
1216 unsigned char *memory
;
1218 /* NOTE: gdb (the client) stores registers in target byte order
1219 while the simulator uses host byte order */
1221 callback
->printf_filtered(callback
,"sim_fetch_register(%d=0x%s,mem) : place simulator registers into memory\n",rn
,pr_addr(registers
[rn
]));
1224 if (register_widths
[rn
] == 0)
1225 sim_warning("Invalid register width for %d (register fetch ignored)",rn
);
1228 if (register_widths
[rn
] == 32)
1229 *((unsigned int *)memory
) = H2T_4 ((unsigned int)(registers
[rn
] & 0xFFFFFFFF));
1230 else /* 64bit register */
1231 *((uword64
*)memory
) = H2T_8 (registers
[rn
]);
1239 sim_info (sd
,verbose
)
1243 /* Accessed from the GDB "info files" command: */
1245 callback
->printf_filtered(callback
,"MIPS %d-bit simulator\n",(PROCESSOR_64BIT
? 64 : 32));
1247 callback
->printf_filtered(callback
,"%s endian memory model\n",
1248 (CURRENT_TARGET_BYTE_ORDER
== BIG_ENDIAN
1249 ? "Big" : "Little"));
1251 callback
->printf_filtered(callback
,"0x%08X bytes of memory at 0x%s\n",
1252 STATE_MEM_SIZE (sd
),
1253 pr_addr (STATE_MEM_BASE (sd
)));
1255 #if !defined(FASTSIM)
1256 if (instruction_fetch_overflow
!= 0)
1257 callback
->printf_filtered(callback
,"Instruction fetches = 0x%08X%08X\n",instruction_fetch_overflow
,instruction_fetches
);
1259 callback
->printf_filtered(callback
,"Instruction fetches = %d\n",instruction_fetches
);
1260 callback
->printf_filtered(callback
,"Pipeline ticks = %ld\n",
1261 (long) sim_events_time (sd
));
1262 /* It would be a useful feature, if when performing multi-cycle
1263 simulations (rather than single-stepping) we keep the start and
1264 end times of the execution, so that we can give a performance
1265 figure for the simulator. */
1266 #endif /* !FASTSIM */
1268 /* print information pertaining to MIPS ISA and architecture being simulated */
1269 /* things that may be interesting */
1270 /* instructions executed - if available */
1271 /* cycles executed - if available */
1272 /* pipeline stalls - if available */
1273 /* virtual time taken */
1274 /* profiling size */
1275 /* profiling frequency */
1283 sim_load (sd
,prog
,abfd
,from_tty
)
1291 prog_bfd
= sim_load_file (sd
,
1295 /* pass NULL for abfd, we always open our own */
1297 STATE_OPEN_KIND (sd
) == SIM_OPEN_DEBUG
);
1298 if (prog_bfd
== NULL
)
1300 sim_analyze_program (sd
, prog_bfd
);
1302 /* Configure/verify the target byte order and other runtime
1303 configuration options */
1304 sim_config (sd
, PREFERED_TARGET_BYTE_ORDER(prog_bfd
));
1306 /* (re) Write the monitor trap address handlers into the monitor
1307 (eeprom) address space. This can only be done once the target
1308 endianness has been determined. */
1311 /* Entry into the IDT monitor is via fixed address vectors, and
1312 not using machine instructions. To avoid clashing with use of
1313 the MIPS TRAP system, we place our own (simulator specific)
1314 "undefined" instructions into the relevant vector slots. */
1315 for (loop
= 0; (loop
< monitor_size
); loop
+= 4) {
1316 uword64 vaddr
= (monitor_base
+ loop
);
1319 if (AddressTranslation(vaddr
, isDATA
, isSTORE
, &paddr
, &cca
, isTARGET
, isRAW
))
1320 StoreMemory(cca
, AccessLength_WORD
,
1321 (RSVD_INSTRUCTION
| (((loop
>> 2) & RSVD_INSTRUCTION_ARG_MASK
) << RSVD_INSTRUCTION_ARG_SHIFT
)),
1322 0, paddr
, vaddr
, isRAW
);
1324 /* The PMON monitor uses the same address space, but rather than
1325 branching into it the address of a routine is loaded. We can
1326 cheat for the moment, and direct the PMON routine to IDT style
1327 instructions within the monitor space. This relies on the IDT
1328 monitor not using the locations from 0xBFC00500 onwards as its
1330 for (loop
= 0; (loop
< 24); loop
++)
1332 uword64 vaddr
= (monitor_base
+ 0x500 + (loop
* 4));
1335 unsigned int value
= ((0x500 - 8) / 8); /* default UNDEFINED reason code */
1354 case 5: /* printf */
1355 value
= ((0x500 - 16) / 8); /* not an IDT reason code */
1358 case 8: /* cliexit */
1362 case 11: /* flush_cache */
1366 /* FIXME - should monitor_base be SIM_ADDR?? */
1367 value
= ((unsigned int)monitor_base
+ (value
* 8));
1368 if (AddressTranslation(vaddr
,isDATA
,isSTORE
,&paddr
,&cca
,isTARGET
,isRAW
))
1369 StoreMemory(cca
,AccessLength_WORD
,value
,0,paddr
,vaddr
,isRAW
);
1371 sim_error("Failed to write to monitor space 0x%s",pr_addr(vaddr
));
1373 /* The LSI MiniRISC PMON has its vectors at 0x200, not 0x500. */
1375 if (AddressTranslation(vaddr
,isDATA
,isSTORE
,&paddr
,&cca
,isTARGET
,isRAW
))
1376 StoreMemory(cca
,AccessLength_WORD
,value
,0,paddr
,vaddr
,isRAW
);
1378 sim_error("Failed to write to monitor space 0x%s",pr_addr(vaddr
));
1386 sim_create_inferior (sd
, argv
,env
)
1393 printf("DBG: sim_create_inferior entered: start_address = 0x%s\n",
1398 /* If we were providing a more complete I/O, co-processor or memory
1399 simulation, we should perform any "device" initialisation at this
1400 point. This can include pre-loading memory areas with particular
1401 patterns (e.g. simulating ROM monitors). */
1404 PC
= (uword64
) STATE_START_ADDR(sd
);
1406 /* TODO: Sort this properly. SIM_ADDR may already be a 64bit value: */
1407 PC
= SIGNEXTEND(bfd_get_start_address(prog_bfd
),32);
1410 /* Prepare to execute the program to be simulated */
1411 /* argv and env are NULL terminated lists of pointers */
1414 #if 0 /* def DEBUG */
1415 callback
->printf_filtered(callback
,"sim_create_inferior() : passed arguments ignored\n");
1418 for (cptr
= argv
; (cptr
&& *cptr
); cptr
++)
1419 printf("DBG: arg \"%s\"\n",*cptr
);
1422 /* We should really place the argv slot values into the argument
1423 registers, and onto the stack as required. However, this
1424 assumes that we have a stack defined, which is not necessarily
1425 true at the moment. */
1436 /* This routine should be for terminating any existing simulation
1437 thread. Since we are single-threaded only at the moment, this is
1438 not an issue. It should *NOT* be used to terminate the
1440 #else /* do *NOT* call sim_close */
1441 sim_close(sd
, 1); /* Do not hang on errors */
1442 /* This would also be the point where any memory mapped areas used
1443 by the simulator should be released. */
1448 typedef enum {e_terminate
,e_help
,e_setmemsize
,e_reset
} e_cmds
;
1450 static struct t_sim_command
{
1454 } sim_commands
[] = {
1455 {e_help
, "help", ": Show MIPS simulator private commands"},
1456 {e_setmemsize
,"set-memory-size","<n> : Specify amount of memory simulated"},
1457 {e_reset
, "reset-system", ": Reset the simulated processor"},
1462 sim_do_command (sd
,cmd
)
1466 struct t_sim_command
*cptr
;
1468 if (callback
== NULL
) {
1469 fprintf(stderr
,"Simulator not enabled: \"target sim\" should be used to activate\n");
1473 if (!(cmd
&& *cmd
!= '\0'))
1476 /* NOTE: Accessed from the GDB "sim" commmand: */
1477 for (cptr
= sim_commands
; cptr
&& cptr
->name
; cptr
++)
1478 if (strncmp (cmd
, cptr
->name
, strlen(cptr
->name
)) == 0)
1480 cmd
+= strlen(cptr
->name
);
1482 case e_help
: /* no arguments */
1483 { /* no arguments */
1484 struct t_sim_command
*lptr
;
1485 callback
->printf_filtered(callback
,"List of MIPS simulator commands:\n");
1486 for (lptr
= sim_commands
; lptr
->name
; lptr
++)
1487 callback
->printf_filtered(callback
,"%s %s\n",lptr
->name
,lptr
->help
);
1488 sim_args_command (sd
, "help");
1492 case e_setmemsize
: /* memory size argument */
1494 unsigned int newsize
= (unsigned int)getnum(cmd
);
1499 case e_reset
: /* no arguments */
1501 /* NOTE: See the comments in sim_open() relating to device
1506 callback
->printf_filtered(callback
,"FATAL: Matched \"%s\", but failed to match command id %d.\n",cmd
,cptr
->id
);
1514 /* try for a common command when the sim specific lookup fails */
1515 if (sim_args_command (sd
, cmd
) != SIM_RC_OK
)
1516 callback
->printf_filtered(callback
,"Error: \"%s\" is not a valid MIPS simulator command.\n",cmd
);
1522 /*---------------------------------------------------------------------------*/
1523 /* NOTE: The following routines do not seem to be used by GDB at the
1524 moment. However, they may be useful to the standalone simulator
1528 /* The profiling format is described in the "gmon_out.h" header file */
1533 #if defined(PROFILE)
1534 profile_frequency
= n
;
1535 state
|= simPROFILE
;
1536 #endif /* PROFILE */
1541 sim_set_profile_size (n
)
1544 SIM_DESC sd
= &simulator
;
1545 #if defined(PROFILE)
1546 if (state
& simPROFILE
) {
1549 /* Since we KNOW that the memory banks are a power-of-2 in size: */
1550 profile_nsamples
= power2(n
);
1551 profile_minpc
= STATE_MEM_BASE (sd
);
1552 profile_maxpc
= (STATE_MEM_BASE (sd
) + STATE_MEM_SIZE (sd
));
1554 /* Just in-case we are sampling every address: NOTE: The shift
1555 right of 2 is because we only have word-aligned PC addresses. */
1556 if (profile_nsamples
> (STATE_MEM_SIZE (sd
) >> 2))
1557 profile_nsamples
= (STATE_MEM_SIZE (sd
) >> 2);
1559 /* Since we are dealing with power-of-2 values: */
1560 profile_shift
= (((STATE_MEM_SIZE (sd
) >> 2) / profile_nsamples
) - 1);
1562 bsize
= (profile_nsamples
* sizeof(unsigned short));
1563 if (profile_hist
== NULL
)
1564 profile_hist
= (unsigned short *)calloc(64,(bsize
/ 64));
1566 profile_hist
= (unsigned short *)realloc(profile_hist
,bsize
);
1567 if (profile_hist
== NULL
) {
1568 sim_warning("Failed to allocate VM for profiling buffer (0x%08X bytes)",bsize
);
1569 state
&= ~simPROFILE
;
1572 #endif /* PROFILE */
1581 SIM_DESC sd
= &simulator
;
1583 /* Used by "run", and internally, to set the simulated memory size */
1585 callback
->printf_filtered(callback
,"Zero not valid: Memory size still 0x%08X bytes\n",STATE_MEM_SIZE (sd
));
1588 newsize
= power2(newsize
);
1589 if (STATE_MEMORY (sd
) == NULL
)
1590 new = (char *)calloc(64,(STATE_MEM_SIZE (sd
) / 64));
1592 new = (char *)realloc(STATE_MEMORY (sd
),newsize
);
1594 if (STATE_MEMORY (sd
) == NULL
)
1595 sim_error("Not enough VM for simulation memory of 0x%08X bytes",STATE_MEM_SIZE (sd
));
1597 sim_warning("Failed to resize memory (still 0x%08X bytes)",STATE_MEM_SIZE (sd
));
1599 STATE_MEM_SIZE (sd
) = (unsigned)newsize
;
1600 STATE_MEMORY (sd
) = new;
1601 #if defined(PROFILE)
1602 /* Ensure that we sample across the new memory range */
1603 sim_set_profile_size(profile_nsamples
);
1604 #endif /* PROFILE */
1614 sim_io_eprintf (sd
, "Sim trace not supported");
1616 /* This routine is called by the "run" program, when detailed
1617 execution information is required. Rather than executing a single
1618 instruction, and looping around externally... we just start
1619 simulating, returning TRUE when the simulator stops (for whatever
1623 /* Ensure tracing is enabled, if available */
1624 if (tracefh
== NULL
)
1632 state
&= ~(simSTOP
| simSTEP
); /* execute until event */
1634 state
|= (simHALTEX
| simHALTIN
); /* treat interrupt event as exception */
1635 /* Start executing instructions from the current state (set
1636 explicitly by register updates, or by sim_create_inferior): */
1643 /*---------------------------------------------------------------------------*/
1644 /*-- Private simulator support interface ------------------------------------*/
1645 /*---------------------------------------------------------------------------*/
1647 /* Simple monitor interface (currently setup for the IDT and PMON monitors) */
1650 unsigned int reason
;
1652 SIM_DESC sd
= &simulator
;
1654 printf("DBG: sim_monitor: entered (reason = %d)\n",reason
);
1657 /* The IDT monitor actually allows two instructions per vector
1658 slot. However, the simulator currently causes a trap on each
1659 individual instruction. We cheat, and lose the bottom bit. */
1662 /* The following callback functions are available, however the
1663 monitor we are simulating does not make use of them: get_errno,
1664 isatty, lseek, rename, system, time and unlink */
1666 case 6: /* int open(char *path,int flags) */
1670 if (AddressTranslation(A0
,isDATA
,isLOAD
,&paddr
,&cca
,isHOST
,isREAL
))
1671 V0
= callback
->open(callback
,(char *)((int)paddr
),(int)A1
);
1673 sim_error("Attempt to pass pointer that does not reference simulated memory");
1677 case 7: /* int read(int file,char *ptr,int len) */
1681 if (AddressTranslation(A1
,isDATA
,isLOAD
,&paddr
,&cca
,isHOST
,isREAL
))
1682 V0
= callback
->read(callback
,(int)A0
,(char *)((int)paddr
),(int)A2
);
1684 sim_error("Attempt to pass pointer that does not reference simulated memory");
1688 case 8: /* int write(int file,char *ptr,int len) */
1692 if (AddressTranslation(A1
,isDATA
,isLOAD
,&paddr
,&cca
,isHOST
,isREAL
))
1693 V0
= callback
->write(callback
,(int)A0
,(const char *)((int)paddr
),(int)A2
);
1695 sim_error("Attempt to pass pointer that does not reference simulated memory");
1699 case 10: /* int close(int file) */
1700 V0
= callback
->close(callback
,(int)A0
);
1703 case 11: /* char inbyte(void) */
1706 if (callback
->read_stdin(callback
,&tmp
,sizeof(char)) != sizeof(char)) {
1707 sim_error("Invalid return from character read");
1715 case 12: /* void outbyte(char chr) : write a byte to "stdout" */
1717 char tmp
= (char)(A0
& 0xFF);
1718 callback
->write_stdout(callback
,&tmp
,sizeof(char));
1722 case 17: /* void _exit() */
1723 sim_warning("sim_monitor(17): _exit(int reason) to be coded");
1724 sim_engine_halt (sd
, STATE_CPU (sd
, 0), NULL
, NULL_CIA
, sim_exited
,
1725 (unsigned int)(A0
& 0xFFFFFFFF));
1728 case 28 : /* PMON flush_cache */
1731 case 55: /* void get_mem_info(unsigned int *ptr) */
1732 /* in: A0 = pointer to three word memory location */
1733 /* out: [A0 + 0] = size */
1734 /* [A0 + 4] = instruction cache size */
1735 /* [A0 + 8] = data cache size */
1738 uword64 paddr
, value
;
1742 /* NOTE: We use RAW memory writes here, but since we are not
1743 gathering statistics for the monitor calls we are simulating,
1744 it is not an issue. */
1747 if (AddressTranslation(vaddr
,isDATA
,isSTORE
,&paddr
,&cca
,isTARGET
,isREAL
)) {
1748 value
= (uword64
)STATE_MEM_SIZE (sd
);
1749 StoreMemory(cca
,AccessLength_WORD
,value
,0,paddr
,vaddr
,isRAW
);
1750 /* We re-do the address translations, in-case the block
1751 overlaps a memory boundary: */
1753 vaddr
+= (AccessLength_WORD
+ 1);
1754 if (AddressTranslation(vaddr
,isDATA
,isSTORE
,&paddr
,&cca
,isTARGET
,isREAL
)) {
1755 StoreMemory(cca
,AccessLength_WORD
,0,value
,paddr
,vaddr
,isRAW
);
1756 vaddr
+= (AccessLength_WORD
+ 1);
1757 if (AddressTranslation(vaddr
,isDATA
,isSTORE
,&paddr
,&cca
,isTARGET
,isREAL
))
1758 StoreMemory(cca
,AccessLength_WORD
,value
,0,paddr
,vaddr
,isRAW
);
1767 sim_error("Invalid pointer passed into monitor call");
1771 case 158 : /* PMON printf */
1772 /* in: A0 = pointer to format string */
1773 /* A1 = optional argument 1 */
1774 /* A2 = optional argument 2 */
1775 /* A3 = optional argument 3 */
1777 /* The following is based on the PMON printf source */
1781 /* This isn't the quickest way, since we call the host print
1782 routine for every character almost. But it does avoid
1783 having to allocate and manage a temporary string buffer. */
1784 if (AddressTranslation(A0
,isDATA
,isLOAD
,&paddr
,&cca
,isHOST
,isREAL
)) {
1785 char *s
= (char *)((int)paddr
);
1786 ut_reg
*ap
= &A1
; /* 1st argument */
1787 /* TODO: Include check that we only use three arguments (A1, A2 and A3) */
1791 enum {FMT_RJUST
, FMT_LJUST
, FMT_RJUST0
, FMT_CENTER
} fmt
= FMT_RJUST
;
1792 int width
= 0, trunc
= 0, haddot
= 0, longlong
= 0;
1795 if (strchr ("dobxXulscefg%", *s
))
1803 else if (*s
== '*') {
1808 } else if (*s
>= '1' && *s
<= '9') {
1811 for (t
= s
; isdigit (*s
); s
++);
1812 strncpy (tmp
, t
, s
- t
);
1814 n
= (unsigned int)strtol(tmp
,NULL
,10);
1820 } else if (*s
== '.')
1824 callback
->printf_filtered(callback
,"%%");
1825 } else if (*s
== 's') {
1826 if ((int)*ap
!= 0) {
1827 if (AddressTranslation(*ap
++,isDATA
,isLOAD
,&paddr
,&cca
,isHOST
,isREAL
)) {
1828 char *p
= (char *)((int)paddr
);;
1829 callback
->printf_filtered(callback
,p
);
1832 sim_error("Attempt to pass pointer that does not reference simulated memory");
1836 callback
->printf_filtered(callback
,"(null)");
1837 } else if (*s
== 'c') {
1839 callback
->printf_filtered(callback
,"%c",n
);
1847 if (strchr ("dobxXu", *s
)) {
1848 word64 lv
= (word64
) *ap
++;
1850 callback
->printf_filtered(callback
,"<binary not supported>");
1852 sprintf(tmp
,"%%%s%c",longlong
? "ll" : "",*s
);
1854 callback
->printf_filtered(callback
,tmp
,lv
);
1856 callback
->printf_filtered(callback
,tmp
,(int)lv
);
1858 } else if (strchr ("eEfgG", *s
)) {
1859 #ifdef _MSC_VER /* MSVC version 2.x can't convert from uword64 directly */
1860 double dbl
= (double)((word64
)*ap
++);
1862 double dbl
= (double)*ap
++;
1864 sprintf(tmp
,"%%%d.%d%c",width
,trunc
,*s
);
1865 callback
->printf_filtered(callback
,tmp
,dbl
);
1871 callback
->printf_filtered(callback
,"%c",*s
++);
1874 sim_error("Attempt to pass pointer that does not reference simulated memory");
1879 sim_warning("TODO: sim_monitor(%d) : PC = 0x%s",reason
,pr_addr(IPC
));
1880 sim_warning("(Arguments : A0 = 0x%s : A1 = 0x%s : A2 = 0x%s : A3 = 0x%s)",pr_addr(A0
),pr_addr(A1
),pr_addr(A2
),pr_addr(A3
));
1886 /* Store a word into memory. */
1889 store_word (vaddr
, val
)
1896 if ((vaddr
& 3) != 0)
1897 SignalException (AddressStore
);
1900 if (AddressTranslation (vaddr
, isDATA
, isSTORE
, &paddr
, &uncached
,
1903 const uword64 mask
= 7;
1907 paddr
= (paddr
& ~mask
) | ((paddr
& mask
) ^ (ReverseEndian
<< 2));
1908 byte
= (vaddr
& mask
) ^ (BigEndianCPU
<< 2);
1909 memval
= ((uword64
) val
) << (8 * byte
);
1910 StoreMemory (uncached
, AccessLength_WORD
, memval
, 0, paddr
, vaddr
,
1916 /* Load a word from memory. */
1922 if ((vaddr
& 3) != 0)
1923 SignalException (AddressLoad
);
1929 if (AddressTranslation (vaddr
, isDATA
, isLOAD
, &paddr
, &uncached
,
1932 const uword64 mask
= 0x7;
1933 const unsigned int reverse
= ReverseEndian
? 1 : 0;
1934 const unsigned int bigend
= BigEndianCPU
? 1 : 0;
1938 paddr
= (paddr
& ~mask
) | ((paddr
& mask
) ^ (reverse
<< 2));
1939 LoadMemory (&memval
,NULL
,uncached
, AccessLength_WORD
, paddr
, vaddr
,
1941 byte
= (vaddr
& mask
) ^ (bigend
<< 2);
1942 return SIGNEXTEND (((memval
>> (8 * byte
)) & 0xffffffff), 32);
1949 /* Simulate the mips16 entry and exit pseudo-instructions. These
1950 would normally be handled by the reserved instruction exception
1951 code, but for ease of simulation we just handle them directly. */
1957 int aregs
, sregs
, rreg
;
1960 printf("DBG: mips16_entry: entered (insn = 0x%08X)\n",insn
);
1963 aregs
= (insn
& 0x700) >> 8;
1964 sregs
= (insn
& 0x0c0) >> 6;
1965 rreg
= (insn
& 0x020) >> 5;
1967 /* This should be checked by the caller. */
1976 /* This is the entry pseudo-instruction. */
1978 for (i
= 0; i
< aregs
; i
++)
1979 store_word ((uword64
) (SP
+ 4 * i
), registers
[i
+ 4]);
1987 store_word ((uword64
) tsp
, RA
);
1990 for (i
= 0; i
< sregs
; i
++)
1993 store_word ((uword64
) tsp
, registers
[16 + i
]);
2001 /* This is the exit pseudo-instruction. */
2008 RA
= load_word ((uword64
) tsp
);
2011 for (i
= 0; i
< sregs
; i
++)
2014 registers
[i
+ 16] = load_word ((uword64
) tsp
);
2021 FGR
[0] = WORD64LO (GPR
[4]);
2022 fpr_state
[0] = fmt_uninterpreted
;
2024 else if (aregs
== 6)
2026 FGR
[0] = WORD64LO (GPR
[5]);
2027 FGR
[1] = WORD64LO (GPR
[4]);
2028 fpr_state
[0] = fmt_uninterpreted
;
2029 fpr_state
[1] = fmt_uninterpreted
;
2037 sim_warning(char *fmt
,...)
2043 vsprintf (buf
, fmt
, ap
);
2046 if (logfh
!= NULL
) {
2047 fprintf(logfh
,"SIM Warning: %s\n", buf
);
2049 callback
->printf_filtered(callback
,"SIM Warning: %s\n", buf
);
2051 /* This used to call SignalException with a SimulatorFault, but that causes
2052 the simulator to exit, and that is inappropriate for a warning. */
2057 sim_error(char *fmt
,...)
2063 vsprintf (buf
, fmt
, ap
);
2066 callback
->printf_filtered(callback
,"SIM Error: %s", buf
);
2067 SignalException (SimulatorFault
, buf
);
2077 /* Round *UP* to the nearest power-of-2 if not already one */
2078 if (value
!= (value
& ~(value
- 1))) {
2079 for (tmp
= value
, loop
= 0; (tmp
!= 0); loop
++)
2081 value
= (1 << loop
);
2094 num
= strtol(value
,&end
,10);
2096 callback
->printf_filtered(callback
,"Warning: Invalid number \"%s\" ignored, using zero\n",value
);
2098 if (*end
&& ((tolower(*end
) == 'k') || (tolower(*end
) == 'm'))) {
2099 if (tolower(*end
) == 'k')
2106 callback
->printf_filtered(callback
,"Warning: Spurious characters \"%s\" at end of number ignored\n",end
);
2112 /*-- trace support ----------------------------------------------------------*/
2114 /* The TRACE support is provided (if required) in the memory accessing
2115 routines. Since we are also providing the architecture specific
2116 features, the architecture simulation code can also deal with
2117 notifying the TRACE world of cache flushes, etc. Similarly we do
2118 not need to provide profiling support in the simulator engine,
2119 since we can sample in the instruction fetch control loop. By
2120 defining the TRACE manifest, we add tracing as a run-time
2124 /* Tracing by default produces "din" format (as required by
2125 dineroIII). Each line of such a trace file *MUST* have a din label
2126 and address field. The rest of the line is ignored, so comments can
2127 be included if desired. The first field is the label which must be
2128 one of the following values:
2133 3 escape record (treated as unknown access type)
2134 4 escape record (causes cache flush)
2136 The address field is a 32bit (lower-case) hexadecimal address
2137 value. The address should *NOT* be preceded by "0x".
2139 The size of the memory transfer is not important when dealing with
2140 cache lines (as long as no more than a cache line can be
2141 transferred in a single operation :-), however more information
2142 could be given following the dineroIII requirement to allow more
2143 complete memory and cache simulators to provide better
2144 results. i.e. the University of Pisa has a cache simulator that can
2145 also take bus size and speed as (variable) inputs to calculate
2146 complete system performance (a much more useful ability when trying
2147 to construct an end product, rather than a processor). They
2148 currently have an ARM version of their tool called ChARM. */
2152 void dotrace(FILE *tracefh
,int type
,SIM_ADDR address
,int width
,char *comment
,...)
2154 if (state
& simTRACE
) {
2156 fprintf(tracefh
,"%d %s ; width %d ; ",
2160 va_start(ap
,comment
);
2161 vfprintf(tracefh
,comment
,ap
);
2163 fprintf(tracefh
,"\n");
2165 /* NOTE: Since the "din" format will only accept 32bit addresses, and
2166 we may be generating 64bit ones, we should put the hi-32bits of the
2167 address into the comment field. */
2169 /* TODO: Provide a buffer for the trace lines. We can then avoid
2170 performing writes until the buffer is filled, or the file is
2173 /* NOTE: We could consider adding a comment field to the "din" file
2174 produced using type 3 markers (unknown access). This would then
2175 allow information about the program that the "din" is for, and
2176 the MIPs world that was being simulated, to be placed into the
2183 /*---------------------------------------------------------------------------*/
2184 /*-- simulator engine -------------------------------------------------------*/
2185 /*---------------------------------------------------------------------------*/
2190 /* RESET: Fixed PC address: */
2191 PC
= (((uword64
)0xFFFFFFFF<<32) | 0xBFC00000);
2192 /* The reset vector address is in the unmapped, uncached memory space. */
2194 SR
&= ~(status_SR
| status_TS
| status_RP
);
2195 SR
|= (status_ERL
| status_BEV
);
2197 #if defined(HASFPU) && (GPRLEN == (64))
2198 /* Cheat and allow access to the complete register set immediately: */
2199 SR
|= status_FR
; /* 64bit registers */
2200 #endif /* HASFPU and 64bit FP registers */
2202 /* Ensure that any instructions with pending register updates are
2206 for (loop
= 0; (loop
< PSLOTS
); loop
++)
2207 pending_slot_reg
[loop
] = (LAST_EMBED_REGNUM
+ 1);
2208 pending_in
= pending_out
= pending_total
= 0;
2212 /* Initialise the FPU registers to the unknown state */
2215 for (rn
= 0; (rn
< 32); rn
++)
2216 fpr_state
[rn
] = fmt_uninterpreted
;
2223 /* Description from page A-22 of the "MIPS IV Instruction Set" manual (revision 3.1) */
2224 /* Translate a virtual address to a physical address and cache
2225 coherence algorithm describing the mechanism used to resolve the
2226 memory reference. Given the virtual address vAddr, and whether the
2227 reference is to Instructions ot Data (IorD), find the corresponding
2228 physical address (pAddr) and the cache coherence algorithm (CCA)
2229 used to resolve the reference. If the virtual address is in one of
2230 the unmapped address spaces the physical address and the CCA are
2231 determined directly by the virtual address. If the virtual address
2232 is in one of the mapped address spaces then the TLB is used to
2233 determine the physical address and access type; if the required
2234 translation is not present in the TLB or the desired access is not
2235 permitted the function fails and an exception is taken.
2237 NOTE: This function is extended to return an exception state. This,
2238 along with the exception generation is used to notify whether a
2239 valid address translation occured */
2242 AddressTranslation(vAddr
,IorD
,LorS
,pAddr
,CCA
,host
,raw
)
2251 SIM_DESC sd
= &simulator
;
2252 int res
= -1; /* TRUE : Assume good return */
2255 callback
->printf_filtered(callback
,"AddressTranslation(0x%s,%s,%s,...);\n",pr_addr(vAddr
),(IorD
? "isDATA" : "isINSTRUCTION"),(LorS
? "iSTORE" : "isLOAD"));
2258 /* Check that the address is valid for this memory model */
2260 /* For a simple (flat) memory model, we simply pass virtual
2261 addressess through (mostly) unchanged. */
2262 vAddr
&= 0xFFFFFFFF;
2264 /* Treat the kernel memory spaces identically for the moment: */
2265 if ((STATE_MEM_BASE (sd
) == K1BASE
) && (vAddr
>= K0BASE
) && (vAddr
< (K0BASE
+ K0SIZE
)))
2266 vAddr
+= (K1BASE
- K0BASE
);
2268 /* Also assume that the K1BASE memory wraps. This is required to
2269 allow the PMON run-time __sizemem() routine to function (without
2270 having to provide exception simulation). NOTE: A kludge to work
2271 around the fact that the monitor memory is currently held in the
2273 if (((vAddr
< monitor_base
) || (vAddr
>= (monitor_base
+ monitor_size
))) && (vAddr
>= K1BASE
&& vAddr
< (K1BASE
+ K1SIZE
)))
2274 vAddr
= (K1BASE
| (vAddr
& (STATE_MEM_SIZE (sd
) - 1)));
2276 *pAddr
= vAddr
; /* default for isTARGET */
2277 *CCA
= Uncached
; /* not used for isHOST */
2279 /* NOTE: This is a duplicate of the code that appears in the
2280 LoadMemory and StoreMemory functions. They should be merged into
2281 a single function (that can be in-lined if required). */
2282 if ((vAddr
>= STATE_MEM_BASE (sd
)) && (vAddr
< (STATE_MEM_BASE (sd
) + STATE_MEM_SIZE (sd
)))) {
2284 *pAddr
= (int)&STATE_MEMORY (sd
)[((unsigned int)(vAddr
- STATE_MEM_BASE (sd
)) & (STATE_MEM_SIZE (sd
) - 1))];
2285 } else if ((vAddr
>= monitor_base
) && (vAddr
< (monitor_base
+ monitor_size
))) {
2287 *pAddr
= (int)&monitor
[((unsigned int)(vAddr
- monitor_base
) & (monitor_size
- 1))];
2290 sim_warning("Failed: AddressTranslation(0x%s,%s,%s,...) IPC = 0x%s",pr_addr(vAddr
),(IorD
? "isDATA" : "isINSTRUCTION"),(LorS
? "isSTORE" : "isLOAD"),pr_addr(IPC
));
2292 res
= 0; /* AddressTranslation has failed */
2293 *pAddr
= (SIM_ADDR
)-1;
2294 if (!raw
) /* only generate exceptions on real memory transfers */
2295 SignalException((LorS
== isSTORE
) ? AddressStore
: AddressLoad
);
2298 /* This is a normal occurance during gdb operation, for instance trying
2299 to print parameters at function start before they have been setup,
2300 and hence we should not print a warning except when debugging the
2302 sim_warning("AddressTranslation for %s %s from 0x%s failed",(IorD
? "data" : "instruction"),(LorS
? "store" : "load"),pr_addr(vAddr
));
2309 /* Description from page A-23 of the "MIPS IV Instruction Set" manual (revision 3.1) */
2310 /* Prefetch data from memory. Prefetch is an advisory instruction for
2311 which an implementation specific action is taken. The action taken
2312 may increase performance, but must not change the meaning of the
2313 program, or alter architecturally-visible state. */
2316 Prefetch(CCA
,pAddr
,vAddr
,DATA
,hint
)
2324 callback
->printf_filtered(callback
,"Prefetch(%d,0x%s,0x%s,%d,%d);\n",CCA
,pr_addr(pAddr
),pr_addr(vAddr
),DATA
,hint
);
2327 /* For our simple memory model we do nothing */
2331 /* Description from page A-22 of the "MIPS IV Instruction Set" manual (revision 3.1) */
2332 /* Load a value from memory. Use the cache and main memory as
2333 specified in the Cache Coherence Algorithm (CCA) and the sort of
2334 access (IorD) to find the contents of AccessLength memory bytes
2335 starting at physical location pAddr. The data is returned in the
2336 fixed width naturally-aligned memory element (MemElem). The
2337 low-order two (or three) bits of the address and the AccessLength
2338 indicate which of the bytes within MemElem needs to be given to the
2339 processor. If the memory access type of the reference is uncached
2340 then only the referenced bytes are read from memory and valid
2341 within the memory element. If the access type is cached, and the
2342 data is not present in cache, an implementation specific size and
2343 alignment block of memory is read and loaded into the cache to
2344 satisfy a load reference. At a minimum, the block is the entire
2347 LoadMemory(memvalp
,memval1p
,CCA
,AccessLength
,pAddr
,vAddr
,IorD
,raw
)
2357 SIM_DESC sd
= &simulator
;
2362 if (STATE_MEMORY (sd
) == NULL
)
2363 callback
->printf_filtered(callback
,"DBG: LoadMemory(%p,%p,%d,%d,0x%s,0x%s,%s,%s)\n",memvalp
,memval1p
,CCA
,AccessLength
,pr_addr(pAddr
),pr_addr(vAddr
),(IorD
? "isDATA" : "isINSTRUCTION"),(raw
? "isRAW" : "isREAL"));
2366 #if defined(WARN_MEM)
2367 if (CCA
!= uncached
)
2368 sim_warning("LoadMemory CCA (%d) is not uncached (currently all accesses treated as cached)",CCA
);
2370 if (((pAddr
& LOADDRMASK
) + AccessLength
) > LOADDRMASK
) {
2371 /* In reality this should be a Bus Error */
2372 sim_error("AccessLength of %d would extend over %dbit aligned boundary for physical address 0x%s\n",AccessLength
,(LOADDRMASK
+ 1)<<2,pr_addr(pAddr
));
2374 #endif /* WARN_MEM */
2376 /* Decide which physical memory locations are being dealt with. At
2377 this point we should be able to split the pAddr bits into the
2378 relevant address map being simulated. If the "raw" variable is
2379 set, the memory read being performed should *NOT* update any I/O
2380 state or affect the CPU state. This also includes avoiding
2381 affecting statistics gathering. */
2383 /* If instruction fetch then we need to check that the two lo-order
2384 bits are zero, otherwise raise a InstructionFetch exception: */
2385 if ((IorD
== isINSTRUCTION
)
2386 && ((pAddr
& 0x3) != 0)
2387 && (((pAddr
& 0x1) != 0) || ((vAddr
& 0x1) == 0)))
2388 SignalException(InstructionFetch
);
2390 unsigned int index
= 0;
2391 unsigned char *mem
= NULL
;
2395 dotrace(tracefh
,((IorD
== isDATA
) ? 0 : 2),(unsigned int)(pAddr
&0xFFFFFFFF),(AccessLength
+ 1),"load%s",((IorD
== isDATA
) ? "" : " instruction"));
2398 /* NOTE: Quicker methods of decoding the address space can be used
2399 when a real memory map is being simulated (i.e. using hi-order
2400 address bits to select device). */
2401 if ((pAddr
>= STATE_MEM_BASE (sd
)) && (pAddr
< (STATE_MEM_BASE (sd
) + STATE_MEM_SIZE (sd
)))) {
2402 index
= ((unsigned int)(pAddr
- STATE_MEM_BASE (sd
)) & (STATE_MEM_SIZE (sd
) - 1));
2403 mem
= STATE_MEMORY (sd
);
2404 } else if ((pAddr
>= monitor_base
) && (pAddr
< (monitor_base
+ monitor_size
))) {
2405 index
= ((unsigned int)(pAddr
- monitor_base
) & (monitor_size
- 1));
2409 sim_error("Simulator memory not found for physical address 0x%s\n",pr_addr(pAddr
));
2411 /* If we obtained the endianness of the host, and it is the same
2412 as the target memory system we can optimise the memory
2413 accesses. However, without that information we must perform
2414 slow transfer, and hope that the compiler optimisation will
2415 merge successive loads. */
2417 /* In reality we should always be loading a doubleword value (or
2418 word value in 32bit memory worlds). The external code then
2419 extracts the required bytes. However, to keep performance
2420 high we only load the required bytes into the relevant
2423 switch (AccessLength
) { /* big-endian memory */
2424 case AccessLength_QUADWORD
:
2425 value1
|= ((uword64
)mem
[index
++] << 56);
2426 case 14: /* AccessLength is one less than datalen */
2427 value1
|= ((uword64
)mem
[index
++] << 48);
2429 value1
|= ((uword64
)mem
[index
++] << 40);
2431 value1
|= ((uword64
)mem
[index
++] << 32);
2433 value1
|= ((unsigned int)mem
[index
++] << 24);
2435 value1
|= ((unsigned int)mem
[index
++] << 16);
2437 value1
|= ((unsigned int)mem
[index
++] << 8);
2439 value1
|= mem
[index
];
2441 case AccessLength_DOUBLEWORD
:
2442 value
|= ((uword64
)mem
[index
++] << 56);
2443 case AccessLength_SEPTIBYTE
:
2444 value
|= ((uword64
)mem
[index
++] << 48);
2445 case AccessLength_SEXTIBYTE
:
2446 value
|= ((uword64
)mem
[index
++] << 40);
2447 case AccessLength_QUINTIBYTE
:
2448 value
|= ((uword64
)mem
[index
++] << 32);
2449 case AccessLength_WORD
:
2450 value
|= ((unsigned int)mem
[index
++] << 24);
2451 case AccessLength_TRIPLEBYTE
:
2452 value
|= ((unsigned int)mem
[index
++] << 16);
2453 case AccessLength_HALFWORD
:
2454 value
|= ((unsigned int)mem
[index
++] << 8);
2455 case AccessLength_BYTE
:
2456 value
|= mem
[index
];
2460 index
+= (AccessLength
+ 1);
2461 switch (AccessLength
) { /* little-endian memory */
2462 case AccessLength_QUADWORD
:
2463 value1
|= ((uword64
)mem
[--index
] << 56);
2464 case 14: /* AccessLength is one less than datalen */
2465 value1
|= ((uword64
)mem
[--index
] << 48);
2467 value1
|= ((uword64
)mem
[--index
] << 40);
2469 value1
|= ((uword64
)mem
[--index
] << 32);
2471 value1
|= ((uword64
)mem
[--index
] << 24);
2473 value1
|= ((uword64
)mem
[--index
] << 16);
2475 value1
|= ((uword64
)mem
[--index
] << 8);
2477 value1
|= ((uword64
)mem
[--index
] << 0);
2479 case AccessLength_DOUBLEWORD
:
2480 value
|= ((uword64
)mem
[--index
] << 56);
2481 case AccessLength_SEPTIBYTE
:
2482 value
|= ((uword64
)mem
[--index
] << 48);
2483 case AccessLength_SEXTIBYTE
:
2484 value
|= ((uword64
)mem
[--index
] << 40);
2485 case AccessLength_QUINTIBYTE
:
2486 value
|= ((uword64
)mem
[--index
] << 32);
2487 case AccessLength_WORD
:
2488 value
|= ((uword64
)mem
[--index
] << 24);
2489 case AccessLength_TRIPLEBYTE
:
2490 value
|= ((uword64
)mem
[--index
] << 16);
2491 case AccessLength_HALFWORD
:
2492 value
|= ((uword64
)mem
[--index
] << 8);
2493 case AccessLength_BYTE
:
2494 value
|= ((uword64
)mem
[--index
] << 0);
2500 printf("DBG: LoadMemory() : (offset %d) : value = 0x%s%s\n",
2501 (int)(pAddr
& LOADDRMASK
),pr_uword64(value1
),pr_uword64(value
));
2504 /* TODO: We could try and avoid the shifts when dealing with raw
2505 memory accesses. This would mean updating the LoadMemory and
2506 StoreMemory routines to avoid shifting the data before
2507 returning or using it. */
2508 if (AccessLength
<= AccessLength_DOUBLEWORD
) {
2509 if (!raw
) { /* do nothing for raw accessess */
2511 value
<<= (((7 - (pAddr
& LOADDRMASK
)) - AccessLength
) * 8);
2512 else /* little-endian only needs to be shifted up to the correct byte offset */
2513 value
<<= ((pAddr
& LOADDRMASK
) * 8);
2518 printf("DBG: LoadMemory() : shifted value = 0x%s%s\n",
2519 pr_uword64(value1
),pr_uword64(value
));
2525 if (memval1p
) *memval1p
= value1
;
2529 /* Description from page A-23 of the "MIPS IV Instruction Set" manual
2531 /* Store a value to memory. The specified data is stored into the
2532 physical location pAddr using the memory hierarchy (data caches and
2533 main memory) as specified by the Cache Coherence Algorithm
2534 (CCA). The MemElem contains the data for an aligned, fixed-width
2535 memory element (word for 32-bit processors, doubleword for 64-bit
2536 processors), though only the bytes that will actually be stored to
2537 memory need to be valid. The low-order two (or three) bits of pAddr
2538 and the AccessLength field indicates which of the bytes within the
2539 MemElem data should actually be stored; only these bytes in memory
2543 StoreMemory(CCA
,AccessLength
,MemElem
,MemElem1
,pAddr
,vAddr
,raw
)
2547 uword64 MemElem1
; /* High order 64 bits */
2552 SIM_DESC sd
= &simulator
;
2554 callback
->printf_filtered(callback
,"DBG: StoreMemory(%d,%d,0x%s,0x%s,0x%s,0x%s,%s)\n",CCA
,AccessLength
,pr_uword64(MemElem
),pr_uword64(MemElem1
),pr_addr(pAddr
),pr_addr(vAddr
),(raw
? "isRAW" : "isREAL"));
2557 #if defined(WARN_MEM)
2558 if (CCA
!= uncached
)
2559 sim_warning("StoreMemory CCA (%d) is not uncached (currently all accesses treated as cached)",CCA
);
2561 if (((pAddr
& LOADDRMASK
) + AccessLength
) > LOADDRMASK
)
2562 sim_error("AccessLength of %d would extend over %dbit aligned boundary for physical address 0x%s\n",AccessLength
,(LOADDRMASK
+ 1)<<2,pr_addr(pAddr
));
2563 #endif /* WARN_MEM */
2567 dotrace(tracefh
,1,(unsigned int)(pAddr
&0xFFFFFFFF),(AccessLength
+ 1),"store");
2570 /* See the comments in the LoadMemory routine about optimising
2571 memory accesses. Also if we wanted to make the simulator smaller,
2572 we could merge a lot of this code with the LoadMemory
2573 routine. However, this would slow the simulator down with
2574 run-time conditionals. */
2576 unsigned int index
= 0;
2577 unsigned char *mem
= NULL
;
2579 if ((pAddr
>= STATE_MEM_BASE (sd
)) && (pAddr
< (STATE_MEM_BASE (sd
) + STATE_MEM_SIZE (sd
)))) {
2580 index
= ((unsigned int)(pAddr
- STATE_MEM_BASE (sd
)) & (STATE_MEM_SIZE (sd
) - 1));
2581 mem
= STATE_MEMORY (sd
);
2582 } else if ((pAddr
>= monitor_base
) && (pAddr
< (monitor_base
+ monitor_size
))) {
2583 index
= ((unsigned int)(pAddr
- monitor_base
) & (monitor_size
- 1));
2588 sim_error("Simulator memory not found for physical address 0x%s\n",pr_addr(pAddr
));
2593 printf("DBG: StoreMemory: offset = %d MemElem = 0x%s%s\n",(unsigned int)(pAddr
& LOADDRMASK
),pr_uword64(MemElem1
),pr_uword64(MemElem
));
2596 if (AccessLength
<= AccessLength_DOUBLEWORD
) {
2599 shift
= ((7 - AccessLength
) * 8);
2600 else /* real memory access */
2601 shift
= ((pAddr
& LOADDRMASK
) * 8);
2604 /* no need to shift raw little-endian data */
2606 MemElem
>>= ((pAddr
& LOADDRMASK
) * 8);
2611 printf("DBG: StoreMemory: shift = %d MemElem = 0x%s%s\n",shift
,pr_uword64(MemElem1
),pr_uword64(MemElem
));
2615 switch (AccessLength
) { /* big-endian memory */
2616 case AccessLength_QUADWORD
:
2617 mem
[index
++] = (unsigned char)(MemElem1
>> 56);
2620 mem
[index
++] = (unsigned char)(MemElem1
>> 56);
2623 mem
[index
++] = (unsigned char)(MemElem1
>> 56);
2626 mem
[index
++] = (unsigned char)(MemElem1
>> 56);
2629 mem
[index
++] = (unsigned char)(MemElem1
>> 56);
2632 mem
[index
++] = (unsigned char)(MemElem1
>> 56);
2635 mem
[index
++] = (unsigned char)(MemElem1
>> 56);
2638 mem
[index
++] = (unsigned char)(MemElem1
>> 56);
2640 case AccessLength_DOUBLEWORD
:
2641 mem
[index
++] = (unsigned char)(MemElem
>> 56);
2643 case AccessLength_SEPTIBYTE
:
2644 mem
[index
++] = (unsigned char)(MemElem
>> 56);
2646 case AccessLength_SEXTIBYTE
:
2647 mem
[index
++] = (unsigned char)(MemElem
>> 56);
2649 case AccessLength_QUINTIBYTE
:
2650 mem
[index
++] = (unsigned char)(MemElem
>> 56);
2652 case AccessLength_WORD
:
2653 mem
[index
++] = (unsigned char)(MemElem
>> 56);
2655 case AccessLength_TRIPLEBYTE
:
2656 mem
[index
++] = (unsigned char)(MemElem
>> 56);
2658 case AccessLength_HALFWORD
:
2659 mem
[index
++] = (unsigned char)(MemElem
>> 56);
2661 case AccessLength_BYTE
:
2662 mem
[index
++] = (unsigned char)(MemElem
>> 56);
2666 index
+= (AccessLength
+ 1);
2667 switch (AccessLength
) { /* little-endian memory */
2668 case AccessLength_QUADWORD
:
2669 mem
[--index
] = (unsigned char)(MemElem1
>> 56);
2671 mem
[--index
] = (unsigned char)(MemElem1
>> 48);
2673 mem
[--index
] = (unsigned char)(MemElem1
>> 40);
2675 mem
[--index
] = (unsigned char)(MemElem1
>> 32);
2677 mem
[--index
] = (unsigned char)(MemElem1
>> 24);
2679 mem
[--index
] = (unsigned char)(MemElem1
>> 16);
2681 mem
[--index
] = (unsigned char)(MemElem1
>> 8);
2683 mem
[--index
] = (unsigned char)(MemElem1
>> 0);
2685 case AccessLength_DOUBLEWORD
:
2686 mem
[--index
] = (unsigned char)(MemElem
>> 56);
2687 case AccessLength_SEPTIBYTE
:
2688 mem
[--index
] = (unsigned char)(MemElem
>> 48);
2689 case AccessLength_SEXTIBYTE
:
2690 mem
[--index
] = (unsigned char)(MemElem
>> 40);
2691 case AccessLength_QUINTIBYTE
:
2692 mem
[--index
] = (unsigned char)(MemElem
>> 32);
2693 case AccessLength_WORD
:
2694 mem
[--index
] = (unsigned char)(MemElem
>> 24);
2695 case AccessLength_TRIPLEBYTE
:
2696 mem
[--index
] = (unsigned char)(MemElem
>> 16);
2697 case AccessLength_HALFWORD
:
2698 mem
[--index
] = (unsigned char)(MemElem
>> 8);
2699 case AccessLength_BYTE
:
2700 mem
[--index
] = (unsigned char)(MemElem
>> 0);
2711 /* Description from page A-26 of the "MIPS IV Instruction Set" manual (revision 3.1) */
2712 /* Order loads and stores to synchronise shared memory. Perform the
2713 action necessary to make the effects of groups of synchronizable
2714 loads and stores indicated by stype occur in the same order for all
2717 SyncOperation(stype
)
2721 callback
->printf_filtered(callback
,"SyncOperation(%d) : TODO\n",stype
);
2726 /* Description from page A-26 of the "MIPS IV Instruction Set" manual (revision 3.1) */
2727 /* Signal an exception condition. This will result in an exception
2728 that aborts the instruction. The instruction operation pseudocode
2729 will never see a return from this function call. */
2732 SignalException (int exception
,...)
2734 SIM_DESC sd
= &simulator
;
2735 /* Ensure that any active atomic read/modify/write operation will fail: */
2738 switch (exception
) {
2739 /* TODO: For testing purposes I have been ignoring TRAPs. In
2740 reality we should either simulate them, or allow the user to
2741 ignore them at run-time. */
2743 sim_warning("Ignoring instruction TRAP (PC 0x%s)",pr_addr(IPC
));
2746 case ReservedInstruction
:
2749 unsigned int instruction
;
2750 va_start(ap
,exception
);
2751 instruction
= va_arg(ap
,unsigned int);
2753 /* Provide simple monitor support using ReservedInstruction
2754 exceptions. The following code simulates the fixed vector
2755 entry points into the IDT monitor by causing a simulator
2756 trap, performing the monitor operation, and returning to
2757 the address held in the $ra register (standard PCS return
2758 address). This means we only need to pre-load the vector
2759 space with suitable instruction values. For systems were
2760 actual trap instructions are used, we would not need to
2761 perform this magic. */
2762 if ((instruction
& RSVD_INSTRUCTION_MASK
) == RSVD_INSTRUCTION
) {
2763 sim_monitor( ((instruction
>> RSVD_INSTRUCTION_ARG_SHIFT
) & RSVD_INSTRUCTION_ARG_MASK
) );
2764 PC
= RA
; /* simulate the return from the vector entry */
2765 /* NOTE: This assumes that a branch-and-link style
2766 instruction was used to enter the vector (which is the
2767 case with the current IDT monitor). */
2768 sim_engine_restart (sd
, STATE_CPU (sd
, 0), NULL
, NULL_CIA
);
2770 /* Look for the mips16 entry and exit instructions, and
2771 simulate a handler for them. */
2772 else if ((IPC
& 1) != 0
2773 && (instruction
& 0xf81f) == 0xe809
2774 && (instruction
& 0x0c0) != 0x0c0) {
2775 mips16_entry (instruction
);
2776 sim_engine_restart (sd
, STATE_CPU (sd
, 0), NULL
, NULL_CIA
);
2777 } /* else fall through to normal exception processing */
2778 sim_warning("ReservedInstruction 0x%08X at IPC = 0x%s",instruction
,pr_addr(IPC
));
2783 if (exception
!= BreakPoint
)
2784 callback
->printf_filtered(callback
,"DBG: SignalException(%d) IPC = 0x%s\n",exception
,pr_addr(IPC
));
2786 /* Store exception code into current exception id variable (used
2789 /* TODO: If not simulating exceptions then stop the simulator
2790 execution. At the moment we always stop the simulation. */
2791 /* state |= (simSTOP | simEXCEPTION); */
2793 /* Keep a copy of the current A0 in-case this is the program exit
2795 if (exception
== BreakPoint
) {
2797 unsigned int instruction
;
2798 va_start(ap
,exception
);
2799 instruction
= va_arg(ap
,unsigned int);
2801 /* Check for our special terminating BREAK: */
2802 if ((instruction
& 0x03FFFFC0) == 0x03ff0000) {
2803 sim_engine_halt (sd
, STATE_CPU (sd
, 0), NULL
, NULL_CIA
,
2804 sim_exited
, (unsigned int)(A0
& 0xFFFFFFFF));
2808 /* Store exception code into current exception id variable (used
2810 CAUSE
= (exception
<< 2);
2811 if (state
& simDELAYSLOT
) {
2813 EPC
= (IPC
- 4); /* reference the branch instruction */
2816 /* The following is so that the simulator will continue from the
2817 exception address on breakpoint operations. */
2819 switch ((CAUSE
>> 2) & 0x1F)
2822 sim_engine_halt (sd
, STATE_CPU (sd
, 0), NULL
, NULL_CIA
,
2823 sim_stopped
, SIGINT
);
2825 case TLBModification
:
2830 case InstructionFetch
:
2832 sim_engine_halt (sd
, STATE_CPU (sd
, 0), NULL
, NULL_CIA
,
2833 sim_stopped
, SIGBUS
);
2835 case ReservedInstruction
:
2836 case CoProcessorUnusable
:
2837 sim_engine_halt (sd
, STATE_CPU (sd
, 0), NULL
, NULL_CIA
,
2838 sim_stopped
, SIGILL
);
2840 case IntegerOverflow
:
2842 sim_engine_halt (sd
, STATE_CPU (sd
, 0), NULL
, NULL_CIA
,
2843 sim_stopped
, SIGFPE
);
2849 sim_engine_halt (sd
, STATE_CPU (sd
, 0), NULL
, NULL_CIA
,
2850 sim_stopped
, SIGTRAP
);
2852 default : /* Unknown internal exception */
2853 sim_engine_halt (sd
, STATE_CPU (sd
, 0), NULL
, NULL_CIA
,
2854 sim_stopped
, SIGQUIT
);
2858 case SimulatorFault
:
2862 va_start(ap
,exception
);
2863 msg
= va_arg(ap
,char *);
2865 sim_engine_abort (sd
, STATE_CPU (sd
, 0), NULL_CIA
,
2866 "FATAL: Simulator error \"%s\"\n",msg
);
2873 #if defined(WARN_RESULT)
2874 /* Description from page A-26 of the "MIPS IV Instruction Set" manual (revision 3.1) */
2875 /* This function indicates that the result of the operation is
2876 undefined. However, this should not affect the instruction
2877 stream. All that is meant to happen is that the destination
2878 register is set to an undefined result. To keep the simulator
2879 simple, we just don't bother updating the destination register, so
2880 the overall result will be undefined. If desired we can stop the
2881 simulator by raising a pseudo-exception. */
2885 sim_warning("UndefinedResult: IPC = 0x%s",pr_addr(IPC
));
2886 #if 0 /* Disabled for the moment, since it actually happens a lot at the moment. */
2891 #endif /* WARN_RESULT */
2894 CacheOp(op
,pAddr
,vAddr
,instruction
)
2898 unsigned int instruction
;
2900 #if 1 /* stop warning message being displayed (we should really just remove the code) */
2901 static int icache_warning
= 1;
2902 static int dcache_warning
= 1;
2904 static int icache_warning
= 0;
2905 static int dcache_warning
= 0;
2908 /* If CP0 is not useable (User or Supervisor mode) and the CP0
2909 enable bit in the Status Register is clear - a coprocessor
2910 unusable exception is taken. */
2912 callback
->printf_filtered(callback
,"TODO: Cache availability checking (PC = 0x%s)\n",pr_addr(IPC
));
2916 case 0: /* instruction cache */
2918 case 0: /* Index Invalidate */
2919 case 1: /* Index Load Tag */
2920 case 2: /* Index Store Tag */
2921 case 4: /* Hit Invalidate */
2923 case 6: /* Hit Writeback */
2924 if (!icache_warning
)
2926 sim_warning("Instruction CACHE operation %d to be coded",(op
>> 2));
2932 SignalException(ReservedInstruction
,instruction
);
2937 case 1: /* data cache */
2939 case 0: /* Index Writeback Invalidate */
2940 case 1: /* Index Load Tag */
2941 case 2: /* Index Store Tag */
2942 case 3: /* Create Dirty */
2943 case 4: /* Hit Invalidate */
2944 case 5: /* Hit Writeback Invalidate */
2945 case 6: /* Hit Writeback */
2946 if (!dcache_warning
)
2948 sim_warning("Data CACHE operation %d to be coded",(op
>> 2));
2954 SignalException(ReservedInstruction
,instruction
);
2959 default: /* unrecognised cache ID */
2960 SignalException(ReservedInstruction
,instruction
);
2967 /*-- FPU support routines ---------------------------------------------------*/
2969 #if defined(HASFPU) /* Only needed when building FPU aware simulators */
2972 #define SizeFGR() (GPRLEN)
2974 /* They depend on the CPU being simulated */
2975 #define SizeFGR() ((PROCESSOR_64BIT && ((SR & status_FR) == 1)) ? 64 : 32)
2978 /* Numbers are held in normalized form. The SINGLE and DOUBLE binary
2979 formats conform to ANSI/IEEE Std 754-1985. */
2980 /* SINGLE precision floating:
2981 * seeeeeeeefffffffffffffffffffffff
2983 * e = 8bits = exponent
2984 * f = 23bits = fraction
2986 /* SINGLE precision fixed:
2987 * siiiiiiiiiiiiiiiiiiiiiiiiiiiiiii
2989 * i = 31bits = integer
2991 /* DOUBLE precision floating:
2992 * seeeeeeeeeeeffffffffffffffffffffffffffffffffffffffffffffffffffff
2994 * e = 11bits = exponent
2995 * f = 52bits = fraction
2997 /* DOUBLE precision fixed:
2998 * siiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiii
3000 * i = 63bits = integer
3003 /* Extract sign-bit: */
3004 #define FP_S_s(v) (((v) & ((unsigned)1 << 31)) ? 1 : 0)
3005 #define FP_D_s(v) (((v) & ((uword64)1 << 63)) ? 1 : 0)
3006 /* Extract biased exponent: */
3007 #define FP_S_be(v) (((v) >> 23) & 0xFF)
3008 #define FP_D_be(v) (((v) >> 52) & 0x7FF)
3009 /* Extract unbiased Exponent: */
3010 #define FP_S_e(v) (FP_S_be(v) - 0x7F)
3011 #define FP_D_e(v) (FP_D_be(v) - 0x3FF)
3012 /* Extract complete fraction field: */
3013 #define FP_S_f(v) ((v) & ~((unsigned)0x1FF << 23))
3014 #define FP_D_f(v) ((v) & ~((uword64)0xFFF << 52))
3015 /* Extract numbered fraction bit: */
3016 #define FP_S_fb(b,v) (((v) & (1 << (23 - (b)))) ? 1 : 0)
3017 #define FP_D_fb(b,v) (((v) & (1 << (52 - (b)))) ? 1 : 0)
3019 /* Explicit QNaN values used when value required: */
3020 #define FPQNaN_SINGLE (0x7FBFFFFF)
3021 #define FPQNaN_WORD (0x7FFFFFFF)
3022 #define FPQNaN_DOUBLE (((uword64)0x7FF7FFFF << 32) | 0xFFFFFFFF)
3023 #define FPQNaN_LONG (((uword64)0x7FFFFFFF << 32) | 0xFFFFFFFF)
3025 /* Explicit Infinity values used when required: */
3026 #define FPINF_SINGLE (0x7F800000)
3027 #define FPINF_DOUBLE (((uword64)0x7FF00000 << 32) | 0x00000000)
3029 #if 1 /* def DEBUG */
3030 #define RMMODE(v) (((v) == FP_RM_NEAREST) ? "Round" : (((v) == FP_RM_TOZERO) ? "Trunc" : (((v) == FP_RM_TOPINF) ? "Ceil" : "Floor")))
3031 #define DOFMT(v) (((v) == fmt_single) ? "single" : (((v) == fmt_double) ? "double" : (((v) == fmt_word) ? "word" : (((v) == fmt_long) ? "long" : (((v) == fmt_unknown) ? "<unknown>" : (((v) == fmt_uninterpreted) ? "<uninterpreted>" : "<format error>"))))))
3042 /* Treat unused register values, as fixed-point 64bit values: */
3043 if ((fmt
== fmt_uninterpreted
) || (fmt
== fmt_unknown
))
3045 /* If request to read data as "uninterpreted", then use the current
3047 fmt
= fpr_state
[fpr
];
3052 /* For values not yet accessed, set to the desired format: */
3053 if (fpr_state
[fpr
] == fmt_uninterpreted
) {
3054 fpr_state
[fpr
] = fmt
;
3056 printf("DBG: Register %d was fmt_uninterpreted. Now %s\n",fpr
,DOFMT(fmt
));
3059 if (fmt
!= fpr_state
[fpr
]) {
3060 sim_warning("FPR %d (format %s) being accessed with format %s - setting to unknown (PC = 0x%s)",fpr
,DOFMT(fpr_state
[fpr
]),DOFMT(fmt
),pr_addr(IPC
));
3061 fpr_state
[fpr
] = fmt_unknown
;
3064 if (fpr_state
[fpr
] == fmt_unknown
) {
3065 /* Set QNaN value: */
3068 value
= FPQNaN_SINGLE
;
3072 value
= FPQNaN_DOUBLE
;
3076 value
= FPQNaN_WORD
;
3080 value
= FPQNaN_LONG
;
3087 } else if (SizeFGR() == 64) {
3091 value
= (FGR
[fpr
] & 0xFFFFFFFF);
3094 case fmt_uninterpreted
:
3108 value
= (FGR
[fpr
] & 0xFFFFFFFF);
3111 case fmt_uninterpreted
:
3114 if ((fpr
& 1) == 0) { /* even registers only */
3115 value
= ((((uword64
)FGR
[fpr
+1]) << 32) | (FGR
[fpr
] & 0xFFFFFFFF));
3117 SignalException (ReservedInstruction
, 0);
3128 SignalException(SimulatorFault
,"Unrecognised FP format in ValueFPR()");
3131 printf("DBG: ValueFPR: fpr = %d, fmt = %s, value = 0x%s : PC = 0x%s : SizeFGR() = %d\n",fpr
,DOFMT(fmt
),pr_addr(value
),pr_addr(IPC
),SizeFGR());
3138 StoreFPR(fpr
,fmt
,value
)
3146 printf("DBG: StoreFPR: fpr = %d, fmt = %s, value = 0x%s : PC = 0x%s : SizeFGR() = %d\n",fpr
,DOFMT(fmt
),pr_addr(value
),pr_addr(IPC
),SizeFGR());
3149 if (SizeFGR() == 64) {
3153 FGR
[fpr
] = (((uword64
)0xDEADC0DE << 32) | (value
& 0xFFFFFFFF));
3154 fpr_state
[fpr
] = fmt
;
3157 case fmt_uninterpreted
:
3161 fpr_state
[fpr
] = fmt
;
3165 fpr_state
[fpr
] = fmt_unknown
;
3173 FGR
[fpr
] = (value
& 0xFFFFFFFF);
3174 fpr_state
[fpr
] = fmt
;
3177 case fmt_uninterpreted
:
3180 if ((fpr
& 1) == 0) { /* even register number only */
3181 FGR
[fpr
+1] = (value
>> 32);
3182 FGR
[fpr
] = (value
& 0xFFFFFFFF);
3183 fpr_state
[fpr
+ 1] = fmt
;
3184 fpr_state
[fpr
] = fmt
;
3186 fpr_state
[fpr
] = fmt_unknown
;
3187 fpr_state
[fpr
+ 1] = fmt_unknown
;
3188 SignalException (ReservedInstruction
, 0);
3193 fpr_state
[fpr
] = fmt_unknown
;
3198 #if defined(WARN_RESULT)
3201 #endif /* WARN_RESULT */
3204 SignalException(SimulatorFault
,"Unrecognised FP format in StoreFPR()");
3207 printf("DBG: StoreFPR: fpr[%d] = 0x%s (format %s)\n",fpr
,pr_addr(FGR
[fpr
]),DOFMT(fmt
));
3220 /* Check if (((E - bias) == (E_max + 1)) && (fraction != 0)). We
3221 know that the exponent field is biased... we we cheat and avoid
3222 removing the bias value. */
3225 boolean
= ((FP_S_be(op
) == 0xFF) && (FP_S_f(op
) != 0));
3226 /* We could use "FP_S_fb(1,op)" to ascertain whether we are
3227 dealing with a SNaN or QNaN */
3230 boolean
= ((FP_D_be(op
) == 0x7FF) && (FP_D_f(op
) != 0));
3231 /* We could use "FP_S_fb(1,op)" to ascertain whether we are
3232 dealing with a SNaN or QNaN */
3235 boolean
= (op
== FPQNaN_WORD
);
3238 boolean
= (op
== FPQNaN_LONG
);
3241 fprintf (stderr
, "Bad switch\n");
3246 printf("DBG: NaN: returning %d for 0x%s (format = %s)\n",boolean
,pr_addr(op
),DOFMT(fmt
));
3260 printf("DBG: Infinity: format %s 0x%s (PC = 0x%s)\n",DOFMT(fmt
),pr_addr(op
),pr_addr(IPC
));
3263 /* Check if (((E - bias) == (E_max + 1)) && (fraction == 0)). We
3264 know that the exponent field is biased... we we cheat and avoid
3265 removing the bias value. */
3268 boolean
= ((FP_S_be(op
) == 0xFF) && (FP_S_f(op
) == 0));
3271 boolean
= ((FP_D_be(op
) == 0x7FF) && (FP_D_f(op
) == 0));
3274 printf("DBG: TODO: unrecognised format (%s) for Infinity check\n",DOFMT(fmt
));
3279 printf("DBG: Infinity: returning %d for 0x%s (format = %s)\n",boolean
,pr_addr(op
),DOFMT(fmt
));
3293 /* Argument checking already performed by the FPCOMPARE code */
3296 printf("DBG: Less: %s: op1 = 0x%s : op2 = 0x%s\n",DOFMT(fmt
),pr_addr(op1
),pr_addr(op2
));
3299 /* The format type should already have been checked: */
3303 unsigned int wop1
= (unsigned int)op1
;
3304 unsigned int wop2
= (unsigned int)op2
;
3305 boolean
= (*(float *)&wop1
< *(float *)&wop2
);
3309 boolean
= (*(double *)&op1
< *(double *)&op2
);
3312 fprintf (stderr
, "Bad switch\n");
3317 printf("DBG: Less: returning %d (format = %s)\n",boolean
,DOFMT(fmt
));
3331 /* Argument checking already performed by the FPCOMPARE code */
3334 printf("DBG: Equal: %s: op1 = 0x%s : op2 = 0x%s\n",DOFMT(fmt
),pr_addr(op1
),pr_addr(op2
));
3337 /* The format type should already have been checked: */
3340 boolean
= ((op1
& 0xFFFFFFFF) == (op2
& 0xFFFFFFFF));
3343 boolean
= (op1
== op2
);
3346 fprintf (stderr
, "Bad switch\n");
3351 printf("DBG: Equal: returning %d (format = %s)\n",boolean
,DOFMT(fmt
));
3358 AbsoluteValue(op
,fmt
)
3365 printf("DBG: AbsoluteValue: %s: op = 0x%s\n",DOFMT(fmt
),pr_addr(op
));
3368 /* The format type should already have been checked: */
3372 unsigned int wop
= (unsigned int)op
;
3373 float tmp
= ((float)fabs((double)*(float *)&wop
));
3374 result
= (uword64
)*(unsigned int *)&tmp
;
3379 double tmp
= (fabs(*(double *)&op
));
3380 result
= *(uword64
*)&tmp
;
3383 fprintf (stderr
, "Bad switch\n");
3398 printf("DBG: Negate: %s: op = 0x%s\n",DOFMT(fmt
),pr_addr(op
));
3401 /* The format type should already have been checked: */
3405 unsigned int wop
= (unsigned int)op
;
3406 float tmp
= ((float)0.0 - *(float *)&wop
);
3407 result
= (uword64
)*(unsigned int *)&tmp
;
3412 double tmp
= ((double)0.0 - *(double *)&op
);
3413 result
= *(uword64
*)&tmp
;
3417 fprintf (stderr
, "Bad switch\n");
3433 printf("DBG: Add: %s: op1 = 0x%s : op2 = 0x%s\n",DOFMT(fmt
),pr_addr(op1
),pr_addr(op2
));
3436 /* The registers must specify FPRs valid for operands of type
3437 "fmt". If they are not valid, the result is undefined. */
3439 /* The format type should already have been checked: */
3443 unsigned int wop1
= (unsigned int)op1
;
3444 unsigned int wop2
= (unsigned int)op2
;
3445 float tmp
= (*(float *)&wop1
+ *(float *)&wop2
);
3446 result
= (uword64
)*(unsigned int *)&tmp
;
3451 double tmp
= (*(double *)&op1
+ *(double *)&op2
);
3452 result
= *(uword64
*)&tmp
;
3456 fprintf (stderr
, "Bad switch\n");
3461 printf("DBG: Add: returning 0x%s (format = %s)\n",pr_addr(result
),DOFMT(fmt
));
3476 printf("DBG: Sub: %s: op1 = 0x%s : op2 = 0x%s\n",DOFMT(fmt
),pr_addr(op1
),pr_addr(op2
));
3479 /* The registers must specify FPRs valid for operands of type
3480 "fmt". If they are not valid, the result is undefined. */
3482 /* The format type should already have been checked: */
3486 unsigned int wop1
= (unsigned int)op1
;
3487 unsigned int wop2
= (unsigned int)op2
;
3488 float tmp
= (*(float *)&wop1
- *(float *)&wop2
);
3489 result
= (uword64
)*(unsigned int *)&tmp
;
3494 double tmp
= (*(double *)&op1
- *(double *)&op2
);
3495 result
= *(uword64
*)&tmp
;
3499 fprintf (stderr
, "Bad switch\n");
3504 printf("DBG: Sub: returning 0x%s (format = %s)\n",pr_addr(result
),DOFMT(fmt
));
3511 Multiply(op1
,op2
,fmt
)
3519 printf("DBG: Multiply: %s: op1 = 0x%s : op2 = 0x%s\n",DOFMT(fmt
),pr_addr(op1
),pr_addr(op2
));
3522 /* The registers must specify FPRs valid for operands of type
3523 "fmt". If they are not valid, the result is undefined. */
3525 /* The format type should already have been checked: */
3529 unsigned int wop1
= (unsigned int)op1
;
3530 unsigned int wop2
= (unsigned int)op2
;
3531 float tmp
= (*(float *)&wop1
* *(float *)&wop2
);
3532 result
= (uword64
)*(unsigned int *)&tmp
;
3537 double tmp
= (*(double *)&op1
* *(double *)&op2
);
3538 result
= *(uword64
*)&tmp
;
3542 fprintf (stderr
, "Bad switch\n");
3547 printf("DBG: Multiply: returning 0x%s (format = %s)\n",pr_addr(result
),DOFMT(fmt
));
3562 printf("DBG: Divide: %s: op1 = 0x%s : op2 = 0x%s\n",DOFMT(fmt
),pr_addr(op1
),pr_addr(op2
));
3565 /* The registers must specify FPRs valid for operands of type
3566 "fmt". If they are not valid, the result is undefined. */
3568 /* The format type should already have been checked: */
3572 unsigned int wop1
= (unsigned int)op1
;
3573 unsigned int wop2
= (unsigned int)op2
;
3574 float tmp
= (*(float *)&wop1
/ *(float *)&wop2
);
3575 result
= (uword64
)*(unsigned int *)&tmp
;
3580 double tmp
= (*(double *)&op1
/ *(double *)&op2
);
3581 result
= *(uword64
*)&tmp
;
3585 fprintf (stderr
, "Bad switch\n");
3590 printf("DBG: Divide: returning 0x%s (format = %s)\n",pr_addr(result
),DOFMT(fmt
));
3596 static uword64 UNUSED
3604 printf("DBG: Recip: %s: op = 0x%s\n",DOFMT(fmt
),pr_addr(op
));
3607 /* The registers must specify FPRs valid for operands of type
3608 "fmt". If they are not valid, the result is undefined. */
3610 /* The format type should already have been checked: */
3614 unsigned int wop
= (unsigned int)op
;
3615 float tmp
= ((float)1.0 / *(float *)&wop
);
3616 result
= (uword64
)*(unsigned int *)&tmp
;
3621 double tmp
= ((double)1.0 / *(double *)&op
);
3622 result
= *(uword64
*)&tmp
;
3626 fprintf (stderr
, "Bad switch\n");
3631 printf("DBG: Recip: returning 0x%s (format = %s)\n",pr_addr(result
),DOFMT(fmt
));
3645 printf("DBG: SquareRoot: %s: op = 0x%s\n",DOFMT(fmt
),pr_addr(op
));
3648 /* The registers must specify FPRs valid for operands of type
3649 "fmt". If they are not valid, the result is undefined. */
3651 /* The format type should already have been checked: */
3655 unsigned int wop
= (unsigned int)op
;
3657 float tmp
= ((float)sqrt((double)*(float *)&wop
));
3658 result
= (uword64
)*(unsigned int *)&tmp
;
3660 /* TODO: Provide square-root */
3661 result
= (uword64
)0;
3668 double tmp
= (sqrt(*(double *)&op
));
3669 result
= *(uword64
*)&tmp
;
3671 /* TODO: Provide square-root */
3672 result
= (uword64
)0;
3677 fprintf (stderr
, "Bad switch\n");
3682 printf("DBG: SquareRoot: returning 0x%s (format = %s)\n",pr_addr(result
),DOFMT(fmt
));
3689 Convert(rm
,op
,from
,to
)
3698 printf("DBG: Convert: mode %s : op 0x%s : from %s : to %s : (PC = 0x%s)\n",RMMODE(rm
),pr_addr(op
),DOFMT(from
),DOFMT(to
),pr_addr(IPC
));
3701 /* The value "op" is converted to the destination format, rounding
3702 using mode "rm". When the destination is a fixed-point format,
3703 then a source value of Infinity, NaN or one which would round to
3704 an integer outside the fixed point range then an IEEE Invalid
3705 Operation condition is raised. */
3712 tmp
= (float)(*(double *)&op
);
3716 tmp
= (float)((int)(op
& 0xFFFFFFFF));
3720 tmp
= (float)((word64
)op
);
3723 fprintf (stderr
, "Bad switch\n");
3728 /* FIXME: This code is incorrect. The rounding mode does not
3729 round to integral values; it rounds to the nearest
3730 representable value in the format. */
3734 /* Round result to nearest representable value. When two
3735 representable values are equally near, round to the value
3736 that has a least significant bit of zero (i.e. is even). */
3738 tmp
= (float)anint((double)tmp
);
3740 /* TODO: Provide round-to-nearest */
3745 /* Round result to the value closest to, and not greater in
3746 magnitude than, the result. */
3748 tmp
= (float)aint((double)tmp
);
3750 /* TODO: Provide round-to-zero */
3755 /* Round result to the value closest to, and not less than,
3757 tmp
= (float)ceil((double)tmp
);
3761 /* Round result to the value closest to, and not greater than,
3763 tmp
= (float)floor((double)tmp
);
3768 result
= (uword64
)*(unsigned int *)&tmp
;
3780 unsigned int wop
= (unsigned int)op
;
3781 tmp
= (double)(*(float *)&wop
);
3786 xxx
= SIGNEXTEND((op
& 0xFFFFFFFF),32);
3791 tmp
= (double)((word64
)op
);
3795 fprintf (stderr
, "Bad switch\n");
3800 /* FIXME: This code is incorrect. The rounding mode does not
3801 round to integral values; it rounds to the nearest
3802 representable value in the format. */
3807 tmp
= anint(*(double *)&tmp
);
3809 /* TODO: Provide round-to-nearest */
3815 tmp
= aint(*(double *)&tmp
);
3817 /* TODO: Provide round-to-zero */
3822 tmp
= ceil(*(double *)&tmp
);
3826 tmp
= floor(*(double *)&tmp
);
3831 result
= *(uword64
*)&tmp
;
3837 if (Infinity(op
,from
) || NaN(op
,from
) || (1 == 0/*TODO: check range */)) {
3838 printf("DBG: TODO: update FCSR\n");
3839 SignalException(FPE
);
3841 if (to
== fmt_word
) {
3846 unsigned int wop
= (unsigned int)op
;
3847 tmp
= (int)*((float *)&wop
);
3851 tmp
= (int)*((double *)&op
);
3853 printf("DBG: from double %.30f (0x%s) to word: 0x%08X\n",*((double *)&op
),pr_addr(op
),tmp
);
3857 fprintf (stderr
, "Bad switch\n");
3860 result
= (uword64
)tmp
;
3861 } else { /* fmt_long */
3866 unsigned int wop
= (unsigned int)op
;
3867 tmp
= (word64
)*((float *)&wop
);
3871 tmp
= (word64
)*((double *)&op
);
3874 fprintf (stderr
, "Bad switch\n");
3877 result
= (uword64
)tmp
;
3882 fprintf (stderr
, "Bad switch\n");
3887 printf("DBG: Convert: returning 0x%s (to format = %s)\n",pr_addr(result
),DOFMT(to
));
3894 /*-- co-processor support routines ------------------------------------------*/
3897 CoProcPresent(coproc_number
)
3898 unsigned int coproc_number
;
3900 /* Return TRUE if simulator provides a model for the given co-processor number */
3905 COP_LW(coproc_num
,coproc_reg
,memword
)
3906 int coproc_num
, coproc_reg
;
3907 unsigned int memword
;
3909 switch (coproc_num
) {
3913 printf("DBG: COP_LW: memword = 0x%08X (uword64)memword = 0x%s\n",memword
,pr_addr(memword
));
3915 StoreFPR(coproc_reg
,fmt_word
,(uword64
)memword
);
3916 fpr_state
[coproc_reg
] = fmt_uninterpreted
;
3921 #if 0 /* this should be controlled by a configuration option */
3922 callback
->printf_filtered(callback
,"COP_LW(%d,%d,0x%08X) at IPC = 0x%s : TODO (architecture specific)\n",coproc_num
,coproc_reg
,memword
,pr_addr(IPC
));
3931 COP_LD(coproc_num
,coproc_reg
,memword
)
3932 int coproc_num
, coproc_reg
;
3935 switch (coproc_num
) {
3938 StoreFPR(coproc_reg
,fmt_uninterpreted
,memword
);
3943 #if 0 /* this message should be controlled by a configuration option */
3944 callback
->printf_filtered(callback
,"COP_LD(%d,%d,0x%s) at IPC = 0x%s : TODO (architecture specific)\n",coproc_num
,coproc_reg
,pr_addr(memword
),pr_addr(IPC
));
3953 COP_SW(coproc_num
,coproc_reg
)
3954 int coproc_num
, coproc_reg
;
3956 unsigned int value
= 0;
3959 switch (coproc_num
) {
3963 hold
= fpr_state
[coproc_reg
];
3964 fpr_state
[coproc_reg
] = fmt_word
;
3965 value
= (unsigned int)ValueFPR(coproc_reg
,fmt_uninterpreted
);
3966 fpr_state
[coproc_reg
] = hold
;
3969 value
= (unsigned int)ValueFPR(coproc_reg
,fpr_state
[coproc_reg
]);
3972 printf("DBG: COP_SW: reg in format %s (will be accessing as single)\n",DOFMT(fpr_state
[coproc_reg
]));
3974 value
= (unsigned int)ValueFPR(coproc_reg
,fmt_single
);
3981 #if 0 /* should be controlled by configuration option */
3982 callback
->printf_filtered(callback
,"COP_SW(%d,%d) at IPC = 0x%s : TODO (architecture specific)\n",coproc_num
,coproc_reg
,pr_addr(IPC
));
3991 COP_SD(coproc_num
,coproc_reg
)
3992 int coproc_num
, coproc_reg
;
3995 switch (coproc_num
) {
3999 value
= ValueFPR(coproc_reg
,fmt_uninterpreted
);
4002 value
= ValueFPR(coproc_reg
,fpr_state
[coproc_reg
]);
4005 printf("DBG: COP_SD: reg in format %s (will be accessing as double)\n",DOFMT(fpr_state
[coproc_reg
]));
4007 value
= ValueFPR(coproc_reg
,fmt_double
);
4014 #if 0 /* should be controlled by configuration option */
4015 callback
->printf_filtered(callback
,"COP_SD(%d,%d) at IPC = 0x%s : TODO (architecture specific)\n",coproc_num
,coproc_reg
,pr_addr(IPC
));
4024 decode_coproc(instruction
)
4025 unsigned int instruction
;
4027 int coprocnum
= ((instruction
>> 26) & 3);
4029 switch (coprocnum
) {
4030 case 0: /* standard CPU control and cache registers */
4033 Standard CP0 registers
4034 0 = Index R4000 VR4100 VR4300
4035 1 = Random R4000 VR4100 VR4300
4036 2 = EntryLo0 R4000 VR4100 VR4300
4037 3 = EntryLo1 R4000 VR4100 VR4300
4038 4 = Context R4000 VR4100 VR4300
4039 5 = PageMask R4000 VR4100 VR4300
4040 6 = Wired R4000 VR4100 VR4300
4041 8 = BadVAddr R4000 VR4100 VR4300
4042 9 = Count R4000 VR4100 VR4300
4043 10 = EntryHi R4000 VR4100 VR4300
4044 11 = Compare R4000 VR4100 VR4300
4045 12 = SR R4000 VR4100 VR4300
4046 13 = Cause R4000 VR4100 VR4300
4047 14 = EPC R4000 VR4100 VR4300
4048 15 = PRId R4000 VR4100 VR4300
4049 16 = Config R4000 VR4100 VR4300
4050 17 = LLAddr R4000 VR4100 VR4300
4051 18 = WatchLo R4000 VR4100 VR4300
4052 19 = WatchHi R4000 VR4100 VR4300
4053 20 = XContext R4000 VR4100 VR4300
4054 26 = PErr or ECC R4000 VR4100 VR4300
4055 27 = CacheErr R4000 VR4100
4056 28 = TagLo R4000 VR4100 VR4300
4057 29 = TagHi R4000 VR4100 VR4300
4058 30 = ErrorEPC R4000 VR4100 VR4300
4060 int code
= ((instruction
>> 21) & 0x1F);
4061 /* R4000 Users Manual (second edition) lists the following CP0
4063 DMFC0 Doubleword Move From CP0 (VR4100 = 01000000001tttttddddd00000000000)
4064 DMTC0 Doubleword Move To CP0 (VR4100 = 01000000101tttttddddd00000000000)
4065 MFC0 word Move From CP0 (VR4100 = 01000000000tttttddddd00000000000)
4066 MTC0 word Move To CP0 (VR4100 = 01000000100tttttddddd00000000000)
4067 TLBR Read Indexed TLB Entry (VR4100 = 01000010000000000000000000000001)
4068 TLBWI Write Indexed TLB Entry (VR4100 = 01000010000000000000000000000010)
4069 TLBWR Write Random TLB Entry (VR4100 = 01000010000000000000000000000110)
4070 TLBP Probe TLB for Matching Entry (VR4100 = 01000010000000000000000000001000)
4071 CACHE Cache operation (VR4100 = 101111bbbbbpppppiiiiiiiiiiiiiiii)
4072 ERET Exception return (VR4100 = 01000010000000000000000000011000)
4074 if (((code
== 0x00) || (code
== 0x04)) && ((instruction
& 0x7FF) == 0)) {
4075 int rt
= ((instruction
>> 16) & 0x1F);
4077 int rd
= ((instruction
>> 11) & 0x1F);
4079 if (code
== 0x00) { /* MF : move from */
4080 #if 0 /* message should be controlled by configuration option */
4081 callback
->printf_filtered(callback
,"Warning: MFC0 %d,%d not handled yet (architecture specific)\n",rt
,rd
);
4083 GPR
[rt
] = 0xDEADC0DE; /* CPR[0,rd] */
4084 } else { /* MT : move to */
4085 /* CPR[0,rd] = GPR[rt]; */
4086 #if 0 /* should be controlled by configuration option */
4087 callback
->printf_filtered(callback
,"Warning: MTC0 %d,%d not handled yet (architecture specific)\n",rt
,rd
);
4091 sim_warning("Unrecognised COP0 instruction 0x%08X at IPC = 0x%s : No handler present",instruction
,pr_addr(IPC
));
4092 /* TODO: When executing an ERET or RFE instruction we should
4093 clear LLBIT, to ensure that any out-standing atomic
4094 read/modify/write sequence fails. */
4098 case 2: /* undefined co-processor */
4099 sim_warning("COP2 instruction 0x%08X at IPC = 0x%s : No handler present",instruction
,pr_addr(IPC
));
4102 case 1: /* should not occur (FPU co-processor) */
4103 case 3: /* should not occur (FPU co-processor) */
4104 SignalException(ReservedInstruction
,instruction
);
4111 /*-- instruction simulation -------------------------------------------------*/
4114 sim_engine_run (sd
, next_cpu_nr
, siggnal
)
4116 int next_cpu_nr
; /* ignore */
4117 int siggnal
; /* ignore */
4119 #if !defined(FASTSIM)
4120 unsigned int pipeline_count
= 1;
4124 if (STATE_MEMORY (sd
) == NULL
) {
4125 printf("DBG: simulate() entered with no memory\n");
4130 #if 0 /* Disabled to check that everything works OK */
4131 /* The VR4300 seems to sign-extend the PC on its first
4132 access. However, this may just be because it is currently
4133 configured in 32bit mode. However... */
4134 PC
= SIGNEXTEND(PC
,32);
4137 /* main controlling loop */
4139 /* Fetch the next instruction from the simulator memory: */
4140 uword64 vaddr
= (uword64
)PC
;
4143 unsigned int instruction
; /* uword64? what's this used for? FIXME! */
4144 int dsstate
= (state
& simDELAYSLOT
);
4148 printf("DBG: state = 0x%08X :",state
);
4150 if (state
& simSTOP
) printf(" simSTOP");
4151 if (state
& simSTEP
) printf(" simSTEP");
4153 if (state
& simHALTEX
) printf(" simHALTEX");
4154 if (state
& simHALTIN
) printf(" simHALTIN");
4156 if (state
& simBE
) printf(" simBE");
4164 callback
->printf_filtered(callback
,"DBG: DSPC = 0x%s\n",pr_addr(DSPC
));
4167 if (AddressTranslation(PC
,isINSTRUCTION
,isLOAD
,&paddr
,&cca
,isTARGET
,isREAL
)) {
4168 if ((vaddr
& 1) == 0) {
4169 /* Copy the action of the LW instruction */
4170 unsigned int reverse
= (ReverseEndian
? (LOADDRMASK
>> 2) : 0);
4171 unsigned int bigend
= (BigEndianCPU
? (LOADDRMASK
>> 2) : 0);
4174 paddr
= ((paddr
& ~LOADDRMASK
) | ((paddr
& LOADDRMASK
) ^ (reverse
<< 2)));
4175 LoadMemory(&value
,NULL
,cca
,AccessLength_WORD
,paddr
,vaddr
,isINSTRUCTION
,isREAL
);
4176 byte
= ((vaddr
& LOADDRMASK
) ^ (bigend
<< 2));
4177 instruction
= ((value
>> (8 * byte
)) & 0xFFFFFFFF);
4179 /* Copy the action of the LH instruction */
4180 unsigned int reverse
= (ReverseEndian
? (LOADDRMASK
>> 1) : 0);
4181 unsigned int bigend
= (BigEndianCPU
? (LOADDRMASK
>> 1) : 0);
4184 paddr
= (((paddr
& ~ (uword64
) 1) & ~LOADDRMASK
)
4185 | (((paddr
& ~ (uword64
) 1) & LOADDRMASK
) ^ (reverse
<< 1)));
4186 LoadMemory(&value
,NULL
,cca
, AccessLength_HALFWORD
,
4187 paddr
& ~ (uword64
) 1,
4188 vaddr
, isINSTRUCTION
, isREAL
);
4189 byte
= (((vaddr
&~ (uword64
) 1) & LOADDRMASK
) ^ (bigend
<< 1));
4190 instruction
= ((value
>> (8 * byte
)) & 0xFFFF);
4193 fprintf(stderr
,"Cannot translate address for PC = 0x%s failed\n",pr_addr(PC
));
4198 callback
->printf_filtered(callback
,"DBG: fetched 0x%08X from PC = 0x%s\n",instruction
,pr_addr(PC
));
4201 #if !defined(FASTSIM) || defined(PROFILE)
4202 instruction_fetches
++;
4203 /* Since we increment above, the value should only ever be zero if
4204 we have just overflowed: */
4205 if (instruction_fetches
== 0)
4206 instruction_fetch_overflow
++;
4207 #if defined(PROFILE)
4208 if ((state
& simPROFILE
) && ((instruction_fetches
% profile_frequency
) == 0) && profile_hist
) {
4209 unsigned n
= ((unsigned int)(PC
- profile_minpc
) >> (profile_shift
+ 2));
4210 if (n
< profile_nsamples
) {
4211 /* NOTE: The counts for the profiling bins are only 16bits wide */
4212 if (profile_hist
[n
] != USHRT_MAX
)
4213 (profile_hist
[n
])++;
4216 #endif /* PROFILE */
4217 #endif /* !FASTSIM && PROFILE */
4219 IPC
= PC
; /* copy PC for this instruction */
4220 /* This is required by exception processing, to ensure that we can
4221 cope with exceptions in the delay slots of branches that may
4222 already have changed the PC. */
4223 if ((vaddr
& 1) == 0)
4224 PC
+= 4; /* increment ready for the next fetch */
4227 /* NOTE: If we perform a delay slot change to the PC, this
4228 increment is not requuired. However, it would make the
4229 simulator more complicated to try and avoid this small hit. */
4231 /* Currently this code provides a simple model. For more
4232 complicated models we could perform exception status checks at
4233 this point, and set the simSTOP state as required. This could
4234 also include processing any hardware interrupts raised by any
4235 I/O model attached to the simulator context.
4237 Support for "asynchronous" I/O events within the simulated world
4238 could be providing by managing a counter, and calling a I/O
4239 specific handler when a particular threshold is reached. On most
4240 architectures a decrement and check for zero operation is
4241 usually quicker than an increment and compare. However, the
4242 process of managing a known value decrement to zero, is higher
4243 than the cost of using an explicit value UINT_MAX into the
4244 future. Which system is used will depend on how complicated the
4245 I/O model is, and how much it is likely to affect the simulator
4248 If events need to be scheduled further in the future than
4249 UINT_MAX event ticks, then the I/O model should just provide its
4250 own counter, triggered from the event system. */
4252 /* MIPS pipeline ticks. To allow for future support where the
4253 pipeline hit of individual instructions is known, this control
4254 loop manages a "pipeline_count" variable. It is initialised to
4255 1 (one), and will only be changed by the simulator engine when
4256 executing an instruction. If the engine does not have access to
4257 pipeline cycle count information then all instructions will be
4258 treated as using a single cycle. NOTE: A standard system is not
4259 provided by the default simulator because different MIPS
4260 architectures have different cycle counts for the same
4263 [NOTE: pipeline_count has been replaced the event queue] */
4266 /* Set previous flag, depending on current: */
4267 if (state
& simPCOC0
)
4271 /* and update the current value: */
4278 /* NOTE: For multi-context simulation environments the "instruction"
4279 variable should be local to this routine. */
4281 /* Shorthand accesses for engine. Note: If we wanted to use global
4282 variables (and a single-threaded simulator engine), then we can
4283 create the actual variables with these names. */
4285 if (!(state
& simSKIPNEXT
)) {
4286 /* Include the simulator engine */
4288 #if ((GPRLEN == 64) && !PROCESSOR_64BIT) || ((GPRLEN == 32) && PROCESSOR_64BIT)
4289 #error "Mismatch between run-time simulator code and simulation engine"
4292 #if defined(WARN_LOHI)
4293 /* Decrement the HI/LO validity ticks */
4302 #endif /* WARN_LOHI */
4304 #if defined(WARN_ZERO)
4305 /* For certain MIPS architectures, GPR[0] is hardwired to zero. We
4306 should check for it being changed. It is better doing it here,
4307 than within the simulator, since it will help keep the simulator
4310 sim_warning("The ZERO register has been updated with 0x%s (PC = 0x%s) (reset back to zero)",pr_addr(ZERO
),pr_addr(IPC
));
4311 ZERO
= 0; /* reset back to zero before next instruction */
4313 #endif /* WARN_ZERO */
4314 } else /* simSKIPNEXT check */
4315 state
&= ~simSKIPNEXT
;
4317 /* If the delay slot was active before the instruction is
4318 executed, then update the PC to its new value: */
4321 printf("DBG: dsstate set before instruction execution - updating PC to 0x%s\n",pr_addr(DSPC
));
4324 state
&= ~(simDELAYSLOT
| simJALDELAYSLOT
);
4327 if (MIPSISA
< 4) { /* The following is only required on pre MIPS IV processors: */
4328 /* Deal with pending register updates: */
4330 printf("DBG: EMPTY BEFORE pending_in = %d, pending_out = %d, pending_total = %d\n",pending_in
,pending_out
,pending_total
);
4332 if (pending_out
!= pending_in
) {
4334 int index
= pending_out
;
4335 int total
= pending_total
;
4336 if (pending_total
== 0) {
4337 fprintf(stderr
,"FATAL: Mis-match on pending update pointers\n");
4340 for (loop
= 0; (loop
< total
); loop
++) {
4342 printf("DBG: BEFORE index = %d, loop = %d\n",index
,loop
);
4344 if (pending_slot_reg
[index
] != (LAST_EMBED_REGNUM
+ 1)) {
4346 printf("pending_slot_count[%d] = %d\n",index
,pending_slot_count
[index
]);
4348 if (--(pending_slot_count
[index
]) == 0) {
4350 printf("pending_slot_reg[%d] = %d\n",index
,pending_slot_reg
[index
]);
4351 printf("pending_slot_value[%d] = 0x%s\n",index
,pr_addr(pending_slot_value
[index
]));
4353 if (pending_slot_reg
[index
] == COCIDX
) {
4354 SETFCC(0,((FCR31
& (1 << 23)) ? 1 : 0));
4356 registers
[pending_slot_reg
[index
]] = pending_slot_value
[index
];
4358 /* The only time we have PENDING updates to FPU
4359 registers, is when performing binary transfers. This
4360 means we should update the register type field. */
4361 if ((pending_slot_reg
[index
] >= FGRIDX
) && (pending_slot_reg
[index
] < (FGRIDX
+ 32)))
4362 fpr_state
[pending_slot_reg
[index
] - FGRIDX
] = fmt_uninterpreted
;
4366 printf("registers[%d] = 0x%s\n",pending_slot_reg
[index
],pr_addr(registers
[pending_slot_reg
[index
]]));
4368 pending_slot_reg
[index
] = (LAST_EMBED_REGNUM
+ 1);
4370 if (pending_out
== PSLOTS
)
4376 printf("DBG: AFTER index = %d, loop = %d\n",index
,loop
);
4379 if (index
== PSLOTS
)
4384 printf("DBG: EMPTY AFTER pending_in = %d, pending_out = %d, pending_total = %d\n",pending_in
,pending_out
,pending_total
);
4388 #if !defined(FASTSIM)
4389 if (sim_events_tickn (sd
, pipeline_count
))
4391 /* cpu->cia = cia; */
4392 sim_events_process (sd
);
4395 if (sim_events_tick (sd
))
4397 /* cpu->cia = cia; */
4398 sim_events_process (sd
);
4400 #endif /* FASTSIM */
4404 /* This code copied from gdb's utils.c. Would like to share this code,
4405 but don't know of a common place where both could get to it. */
4407 /* Temporary storage using circular buffer */
4413 static char buf
[NUMCELLS
][CELLSIZE
];
4415 if (++cell
>=NUMCELLS
) cell
=0;
4419 /* Print routines to handle variable size regs, etc */
4421 /* Eliminate warning from compiler on 32-bit systems */
4422 static int thirty_two
= 32;
4428 char *paddr_str
=get_cell();
4429 switch (sizeof(addr
))
4432 sprintf(paddr_str
,"%08lx%08lx",
4433 (unsigned long)(addr
>>thirty_two
),(unsigned long)(addr
&0xffffffff));
4436 sprintf(paddr_str
,"%08lx",(unsigned long)addr
);
4439 sprintf(paddr_str
,"%04x",(unsigned short)(addr
&0xffff));
4442 sprintf(paddr_str
,"%x",addr
);
4451 char *paddr_str
=get_cell();
4452 sprintf(paddr_str
,"%08lx%08lx",
4453 (unsigned long)(addr
>>thirty_two
),(unsigned long)(addr
&0xffffffff));
4458 /*---------------------------------------------------------------------------*/
4459 /*> EOF interp.c <*/