Re: [Qemu-devel] [PATCH] ARM7TDMI emulation
On Monday 02 July 2007 18:14, Ulrich Hecht wrote:
Anyway, here's the 920T version. The magic numbers may or may not be
correct.
And here's an even better version that implements both 920T and 7TDMI
(with base-updated aborts).
CU
Uli
--
SUSE LINUX Products GmbH, GF: Markus Rex, HRB 16746 (AG Nürnberg)
Index: target-arm/cpu.h
===
RCS file: /sources/qemu/qemu/target-arm/cpu.h,v
retrieving revision 1.28
diff -u -r1.28 cpu.h
--- target-arm/cpu.h 24 Jun 2007 12:09:48 - 1.28
+++ target-arm/cpu.h 3 Jul 2007 14:36:00 -
@@ -247,7 +247,10 @@
ARM_FEATURE_AUXCR, /* ARM1026 Auxiliary control register. */
ARM_FEATURE_XSCALE, /* Intel XScale extensions. */
ARM_FEATURE_IWMMXT, /* Intel iwMMXt extension. */
-ARM_FEATURE_MPU /* Only has Memory Protection Unit, not full MMU. */
+ARM_FEATURE_MPU,/* Only has Memory Protection Unit, not full MMU. */
+ARM_FEATURE_V5, /* ARM v5 instruction set */
+ARM_FEATURE_NO_CP15, /* ARM7TDMI, ARM7TDMI-S, ARM7EJ-S, and ARM9TDMI cores do not have a CP15 */
+ARM_FEATURE_ABORT_BU /* base updated abort model, e.g. ARMxTDMI */
};
static inline int arm_feature(CPUARMState *env, int feature)
@@ -262,7 +265,9 @@
ARMReadCPFunc *cp_read, ARMWriteCPFunc *cp_write,
void *opaque);
+#define ARM_CPUID_ARM7TDMI 0x41807000 /* guess; no CP15 on ARM7TDMI */
#define ARM_CPUID_ARM1026 0x4106a262
+#define ARM_CPUID_ARM920T 0x41129200
#define ARM_CPUID_ARM9260x41069265
#define ARM_CPUID_ARM9460x41059461
#define ARM_CPUID_PXA2500x69052100
Index: target-arm/helper.c
===
RCS file: /sources/qemu/qemu/target-arm/helper.c,v
retrieving revision 1.17
diff -u -r1.17 helper.c
--- target-arm/helper.c 24 Jun 2007 12:09:48 - 1.17
+++ target-arm/helper.c 3 Jul 2007 14:36:00 -
@@ -14,20 +14,31 @@
{
env-cp15.c0_cpuid = id;
switch (id) {
+case ARM_CPUID_ARM7TDMI:
+set_feature(env, ARM_FEATURE_ABORT_BU);
+set_feature(env, ARM_FEATURE_NO_CP15);
+break;
+case ARM_CPUID_ARM920T:
+env-cp15.c0_cachetype = 0x0d172172;
+env-cp15.c1_sys = 0x0078;
+break;
case ARM_CPUID_ARM926:
set_feature(env, ARM_FEATURE_VFP);
+set_feature(env, ARM_FEATURE_V5);
env-vfp.xregs[ARM_VFP_FPSID] = 0x41011090;
env-cp15.c0_cachetype = 0x1dd20d2;
env-cp15.c1_sys = 0x00090078;
break;
case ARM_CPUID_ARM946:
set_feature(env, ARM_FEATURE_MPU);
+set_feature(env, ARM_FEATURE_V5);
env-cp15.c0_cachetype = 0x0f004006;
env-cp15.c1_sys = 0x0078;
break;
case ARM_CPUID_ARM1026:
set_feature(env, ARM_FEATURE_VFP);
set_feature(env, ARM_FEATURE_AUXCR);
+set_feature(env, ARM_FEATURE_V5);
env-vfp.xregs[ARM_VFP_FPSID] = 0x410110a0;
env-cp15.c0_cachetype = 0x1dd20d2;
env-cp15.c1_sys = 0x00090078;
@@ -38,6 +49,7 @@
case ARM_CPUID_PXA261:
case ARM_CPUID_PXA262:
set_feature(env, ARM_FEATURE_XSCALE);
+set_feature(env, ARM_FEATURE_V5);
/* JTAG_ID is ((id 28) | 0x09265013) */
env-cp15.c0_cachetype = 0xd172172;
env-cp15.c1_sys = 0x0078;
@@ -49,6 +61,7 @@
case ARM_CPUID_PXA270_C0:
case ARM_CPUID_PXA270_C5:
set_feature(env, ARM_FEATURE_XSCALE);
+set_feature(env, ARM_FEATURE_V5);
/* JTAG_ID is ((id 28) | 0x09265013) */
set_feature(env, ARM_FEATURE_IWMMXT);
env-iwmmxt.cregs[ARM_IWMMXT_wCID] = 0x69051000 | 'Q';
@@ -98,6 +111,8 @@
};
static const struct arm_cpu_t arm_cpu_names[] = {
+{ ARM_CPUID_ARM7TDMI, arm7tdmi},
+{ ARM_CPUID_ARM920T, arm920t},
{ ARM_CPUID_ARM926, arm926},
{ ARM_CPUID_ARM946, arm946},
{ ARM_CPUID_ARM1026, arm1026},
Index: target-arm/translate.c
===
RCS file: /sources/qemu/qemu/target-arm/translate.c,v
retrieving revision 1.53
diff -u -r1.53 translate.c
--- target-arm/translate.c 11 Jun 2007 18:59:35 - 1.53
+++ target-arm/translate.c 3 Jul 2007 14:36:00 -
@@ -1589,7 +1589,7 @@
uint32_t rd;
/* ??? Some cp15 registers are accessible from userspace. */
-if (IS_USER(s)) {
+if (IS_USER(s) || arm_feature(env, ARM_FEATURE_NO_CP15)) {
return 1;
}
if ((insn 0x0fff0fff) == 0x0e070f90
@@ -2780,6 +2780,7 @@
case 0x09:
{
int j, n, user, loaded_base;
+int crement;
/* load/store multiple words */
/* XXX: store correct base if write back */
user = 0;
@@ -2819,6 +2820,36 @@
}
}
j = 0;
+
+crement = 0;
+if(insn (1 21)) {
+/*
[Qemu-devel] [PATCH] ARM7TDMI emulation
Hi!
This patch adds ARM7TDMI emulation with Thumb v1 (no BLX, no BKPT, ignore
bit 0 on POP PC) and without CP15.
CU
Uli
--
SUSE LINUX Products GmbH, GF: Markus Rex, HRB 16746 (AG Nürnberg)
Index: cpu.h
===
RCS file: /sources/qemu/qemu/target-arm/cpu.h,v
retrieving revision 1.28
diff -u -r1.28 cpu.h
--- cpu.h 24 Jun 2007 12:09:48 - 1.28
+++ cpu.h 2 Jul 2007 13:16:12 -
@@ -247,7 +247,9 @@
ARM_FEATURE_AUXCR, /* ARM1026 Auxiliary control register. */
ARM_FEATURE_XSCALE, /* Intel XScale extensions. */
ARM_FEATURE_IWMMXT, /* Intel iwMMXt extension. */
-ARM_FEATURE_MPU /* Only has Memory Protection Unit, not full MMU. */
+ARM_FEATURE_MPU,/* Only has Memory Protection Unit, not full MMU. */
+ARM_FEATURE_THUMB1, /* Thumb v1 (ARM v4 with Thumb) */
+ARM_FEATURE_NO_CP15 /* ARM7TDMI, ARM7TDMI-S, ARM7EJ-S, and ARM9TDMI cores do not have a CP15 */
};
static inline int arm_feature(CPUARMState *env, int feature)
@@ -262,6 +264,7 @@
ARMReadCPFunc *cp_read, ARMWriteCPFunc *cp_write,
void *opaque);
+#define ARM_CPUID_ARM7TDMI 0x41807000 /* guess; no CP15 on ARM7TDMI */
#define ARM_CPUID_ARM1026 0x4106a262
#define ARM_CPUID_ARM9260x41069265
#define ARM_CPUID_ARM9460x41059461
Index: helper.c
===
RCS file: /sources/qemu/qemu/target-arm/helper.c,v
retrieving revision 1.17
diff -u -r1.17 helper.c
--- helper.c 24 Jun 2007 12:09:48 - 1.17
+++ helper.c 2 Jul 2007 13:16:12 -
@@ -14,6 +14,11 @@
{
env-cp15.c0_cpuid = id;
switch (id) {
+case ARM_CPUID_ARM7TDMI:
+set_feature(env, ARM_FEATURE_THUMB1);
+set_feature(env, ARM_FEATURE_NO_CP15);
+/* no CP15 here */
+break;
case ARM_CPUID_ARM926:
set_feature(env, ARM_FEATURE_VFP);
env-vfp.xregs[ARM_VFP_FPSID] = 0x41011090;
@@ -98,6 +103,7 @@
};
static const struct arm_cpu_t arm_cpu_names[] = {
+{ ARM_CPUID_ARM7TDMI, arm7tdmi},
{ ARM_CPUID_ARM926, arm926},
{ ARM_CPUID_ARM946, arm946},
{ ARM_CPUID_ARM1026, arm1026},
Index: translate.c
===
RCS file: /sources/qemu/qemu/target-arm/translate.c,v
retrieving revision 1.53
diff -u -r1.53 translate.c
--- translate.c 11 Jun 2007 18:59:35 - 1.53
+++ translate.c 2 Jul 2007 13:16:13 -
@@ -1589,7 +1589,7 @@
uint32_t rd;
/* ??? Some cp15 registers are accessible from userspace. */
-if (IS_USER(s)) {
+if (IS_USER(s) || arm_feature(env, ARM_FEATURE_NO_CP15)) {
return 1;
}
if ((insn 0x0fff0fff) == 0x0e070f90
@@ -2958,7 +2958,7 @@
}
}
-static void disas_thumb_insn(DisasContext *s)
+static void disas_thumb_insn(CPUState *env, DisasContext *s)
{
uint32_t val, insn, op, rm, rn, rd, shift, cond;
int32_t offset;
@@ -3058,6 +3058,7 @@
break;
case 3:/* branch [and link] exchange thumb register */
if (insn (1 7)) {
+if(arm_feature(env, ARM_FEATURE_THUMB1)) goto undef;
val = (uint32_t)s-pc | 1;
gen_op_movl_T1_im(val);
gen_movl_reg_T1(s, 14);
@@ -3367,11 +3368,16 @@
/* write back the new stack pointer */
gen_movl_reg_T1(s, 13);
/* set the new PC value */
-if ((insn 0x0900) == 0x0900)
-gen_bx(s);
+if ((insn 0x0900) == 0x0900) {
+if(arm_feature(env, ARM_FEATURE_THUMB1))
+ gen_movl_reg_T0(s, 15);
+else
+ gen_bx(s);
+}
break;
case 0xe: /* bkpt */
+if(arm_feature(env, ARM_FEATURE_THUMB1)) goto undef;
gen_op_movl_T0_im((long)s-pc - 2);
gen_op_movl_reg_TN[0][15]();
gen_op_bkpt();
@@ -3442,6 +3448,7 @@
/* unconditional branch */
if (insn (1 11)) {
/* Second half of blx. */
+if(arm_feature(env, ARM_FEATURE_THUMB1)) goto undef;
offset = ((insn 0x7ff) 1);
gen_movl_T0_reg(s, 14);
gen_op_movl_T1_im(offset);
@@ -3571,7 +3578,7 @@
}
if (env-thumb)
- disas_thumb_insn(dc);
+ disas_thumb_insn(env, dc);
else
disas_arm_insn(env, dc);
Re: [Qemu-devel] [PATCH] ARM7TDMI emulation
On Monday 02 July 2007 15:40, Paul Brook wrote:
You should add/use ARM_FEATURE_V5/ARCH(5) instead.
Alright.
The ARM7TDMI implements the base updated abort model.
Er, yes, but there is no MMU that could actually cause an abort, right?
Anyway, here's the 920T version. The magic numbers may or may not be
correct.
CU
Uli
--
SUSE LINUX Products GmbH, GF: Markus Rex, HRB 16746 (AG Nürnberg)
Index: target-arm/cpu.h
===
RCS file: /sources/qemu/qemu/target-arm/cpu.h,v
retrieving revision 1.28
diff -u -r1.28 cpu.h
--- target-arm/cpu.h 24 Jun 2007 12:09:48 - 1.28
+++ target-arm/cpu.h 2 Jul 2007 15:09:41 -
@@ -247,7 +247,9 @@
ARM_FEATURE_AUXCR, /* ARM1026 Auxiliary control register. */
ARM_FEATURE_XSCALE, /* Intel XScale extensions. */
ARM_FEATURE_IWMMXT, /* Intel iwMMXt extension. */
-ARM_FEATURE_MPU /* Only has Memory Protection Unit, not full MMU. */
+ARM_FEATURE_MPU,/* Only has Memory Protection Unit, not full MMU. */
+ARM_FEATURE_V5, /* ARM v5 instruction set */
+ARM_FEATURE_NO_CP15 /* ARM7TDMI, ARM7TDMI-S, ARM7EJ-S, and ARM9TDMI cores do not have a CP15 */
};
static inline int arm_feature(CPUARMState *env, int feature)
@@ -262,7 +264,9 @@
ARMReadCPFunc *cp_read, ARMWriteCPFunc *cp_write,
void *opaque);
+#define ARM_CPUID_ARM7TDMI 0x41807000 /* guess; no CP15 on ARM7TDMI */
#define ARM_CPUID_ARM1026 0x4106a262
+#define ARM_CPUID_ARM920T 0x41129200
#define ARM_CPUID_ARM9260x41069265
#define ARM_CPUID_ARM9460x41059461
#define ARM_CPUID_PXA2500x69052100
Index: target-arm/helper.c
===
RCS file: /sources/qemu/qemu/target-arm/helper.c,v
retrieving revision 1.17
diff -u -r1.17 helper.c
--- target-arm/helper.c 24 Jun 2007 12:09:48 - 1.17
+++ target-arm/helper.c 2 Jul 2007 15:09:41 -
@@ -14,20 +14,27 @@
{
env-cp15.c0_cpuid = id;
switch (id) {
+case ARM_CPUID_ARM920T:
+env-cp15.c0_cachetype = 0x0d172172;
+env-cp15.c1_sys = 0x0078;
+break;
case ARM_CPUID_ARM926:
set_feature(env, ARM_FEATURE_VFP);
+set_feature(env, ARM_FEATURE_V5);
env-vfp.xregs[ARM_VFP_FPSID] = 0x41011090;
env-cp15.c0_cachetype = 0x1dd20d2;
env-cp15.c1_sys = 0x00090078;
break;
case ARM_CPUID_ARM946:
set_feature(env, ARM_FEATURE_MPU);
+set_feature(env, ARM_FEATURE_V5);
env-cp15.c0_cachetype = 0x0f004006;
env-cp15.c1_sys = 0x0078;
break;
case ARM_CPUID_ARM1026:
set_feature(env, ARM_FEATURE_VFP);
set_feature(env, ARM_FEATURE_AUXCR);
+set_feature(env, ARM_FEATURE_V5);
env-vfp.xregs[ARM_VFP_FPSID] = 0x410110a0;
env-cp15.c0_cachetype = 0x1dd20d2;
env-cp15.c1_sys = 0x00090078;
@@ -38,6 +45,7 @@
case ARM_CPUID_PXA261:
case ARM_CPUID_PXA262:
set_feature(env, ARM_FEATURE_XSCALE);
+set_feature(env, ARM_FEATURE_V5);
/* JTAG_ID is ((id 28) | 0x09265013) */
env-cp15.c0_cachetype = 0xd172172;
env-cp15.c1_sys = 0x0078;
@@ -49,6 +57,7 @@
case ARM_CPUID_PXA270_C0:
case ARM_CPUID_PXA270_C5:
set_feature(env, ARM_FEATURE_XSCALE);
+set_feature(env, ARM_FEATURE_V5);
/* JTAG_ID is ((id 28) | 0x09265013) */
set_feature(env, ARM_FEATURE_IWMMXT);
env-iwmmxt.cregs[ARM_IWMMXT_wCID] = 0x69051000 | 'Q';
@@ -98,6 +107,7 @@
};
static const struct arm_cpu_t arm_cpu_names[] = {
+{ ARM_CPUID_ARM920T, arm920t},
{ ARM_CPUID_ARM926, arm926},
{ ARM_CPUID_ARM946, arm946},
{ ARM_CPUID_ARM1026, arm1026},
Index: target-arm/translate.c
===
RCS file: /sources/qemu/qemu/target-arm/translate.c,v
retrieving revision 1.53
diff -u -r1.53 translate.c
--- target-arm/translate.c 11 Jun 2007 18:59:35 - 1.53
+++ target-arm/translate.c 2 Jul 2007 15:09:41 -
@@ -1589,7 +1589,7 @@
uint32_t rd;
/* ??? Some cp15 registers are accessible from userspace. */
-if (IS_USER(s)) {
+if (IS_USER(s) || arm_feature(env, ARM_FEATURE_NO_CP15)) {
return 1;
}
if ((insn 0x0fff0fff) == 0x0e070f90
@@ -2958,7 +2958,7 @@
}
}
-static void disas_thumb_insn(DisasContext *s)
+static void disas_thumb_insn(CPUState *env, DisasContext *s)
{
uint32_t val, insn, op, rm, rn, rd, shift, cond;
int32_t offset;
@@ -3058,6 +3058,7 @@
break;
case 3:/* branch [and link] exchange thumb register */
if (insn (1 7)) {
+if(!arm_feature(env, ARM_FEATURE_V5)) goto undef;
val = (uint32_t)s-pc | 1;
gen_op_movl_T1_im(val);
gen_movl_reg_T1(s, 14);
@@ -3367,11 +3368,16 @@
/*
