2 /* Simulator for the MIPS architecture.
4 This file is part of the MIPS sim
6 THIS SOFTWARE IS NOT COPYRIGHTED
8 Cygnus offers the following for use in the public domain. Cygnus
9 makes no warranty with regard to the software or it's performance
10 and the user accepts the software "AS IS" with all faults.
12 CYGNUS DISCLAIMS ANY WARRANTIES, EXPRESS OR IMPLIED, WITH REGARD TO
13 THIS SOFTWARE INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
14 MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.
18 The IDT monitor (found on the VR4300 board), seems to lie about
19 register contents. It seems to treat the registers as sign-extended
20 32-bit values. This cause *REAL* problems when single-stepping 64-bit
25 /* The TRACE manifests enable the provision of extra features. If they
26 are not defined then a simpler (quicker) simulator is constructed
27 without the required run-time checks, etc. */
28 #if 1 /* 0 to allow user build selection, 1 to force inclusion */
34 #include "sim-utils.h"
35 #include "sim-options.h"
36 #include "sim-assert.h"
62 #include "libiberty.h"
64 #include "gdb/callback.h" /* GDB simulator callback interface */
65 #include "gdb/remote-sim.h" /* GDB simulator interface */
73 char* pr_addr PARAMS ((SIM_ADDR addr));
74 char* pr_uword64 PARAMS ((uword64 addr));
77 /* Within interp.c we refer to the sim_state and sim_cpu directly. */
82 /* The following reserved instruction value is used when a simulator
83 trap is required. NOTE: Care must be taken, since this value may be
84 used in later revisions of the MIPS ISA. */
86 #define RSVD_INSTRUCTION (0x00000005)
87 #define RSVD_INSTRUCTION_MASK (0xFC00003F)
89 #define RSVD_INSTRUCTION_ARG_SHIFT 6
90 #define RSVD_INSTRUCTION_ARG_MASK 0xFFFFF
93 /* Bits in the Debug register */
94 #define Debug_DBD 0x80000000 /* Debug Branch Delay */
95 #define Debug_DM 0x40000000 /* Debug Mode */
96 #define Debug_DBp 0x00000002 /* Debug Breakpoint indicator */
98 /*---------------------------------------------------------------------------*/
99 /*-- GDB simulator interface ------------------------------------------------*/
100 /*---------------------------------------------------------------------------*/
102 static void ColdReset PARAMS((SIM_DESC sd));
104 /*---------------------------------------------------------------------------*/
108 #define DELAYSLOT() {\
109 if (STATE & simDELAYSLOT)\
110 sim_io_eprintf(sd,"Delay slot already activated (branch in delay slot?)\n");\
111 STATE |= simDELAYSLOT;\
114 #define JALDELAYSLOT() {\
116 STATE |= simJALDELAYSLOT;\
120 STATE &= ~simDELAYSLOT;\
121 STATE |= simSKIPNEXT;\
124 #define CANCELDELAYSLOT() {\
126 STATE &= ~(simDELAYSLOT | simJALDELAYSLOT);\
129 #define INDELAYSLOT() ((STATE & simDELAYSLOT) != 0)
130 #define INJALDELAYSLOT() ((STATE & simJALDELAYSLOT) != 0)
132 /* Note that the monitor code essentially assumes this layout of memory.
133 If you change these, change the monitor code, too. */
134 #define K0BASE (0x80000000)
135 #define K0SIZE (0x20000000)
136 #define K1BASE (0xA0000000)
137 #define K1SIZE (0x20000000)
139 /* Simple run-time monitor support.
141 We emulate the monitor by placing magic reserved instructions at
142 the monitor's entry points; when we hit these instructions, instead
143 of raising an exception (as we would normally), we look at the
144 instruction and perform the appropriate monitory operation.
146 `*_monitor_base' are the physical addresses at which the corresponding
147 monitor vectors are located. `0' means none. By default,
149 The RSVD_INSTRUCTION... macros specify the magic instructions we
150 use at the monitor entry points. */
151 static int firmware_option_p = 0;
152 static SIM_ADDR idt_monitor_base = 0xBFC00000;
153 static SIM_ADDR pmon_monitor_base = 0xBFC00500;
154 static SIM_ADDR lsipmon_monitor_base = 0xBFC00200;
156 static SIM_RC sim_firmware_command (SIM_DESC sd, char* arg);
159 #define MEM_SIZE (8 << 20) /* 8 MBytes */
163 static char *tracefile = "trace.din"; /* default filename for trace log */
164 FILE *tracefh = NULL;
165 static void open_trace PARAMS((SIM_DESC sd));
168 static const char * get_insn_name (sim_cpu *, int);
170 /* simulation target board. NULL=canonical */
171 static char* board = NULL;
174 static DECLARE_OPTION_HANDLER (mips_option_handler);
177 OPTION_DINERO_TRACE = OPTION_START,
185 mips_option_handler (sd, cpu, opt, arg, is_command)
195 case OPTION_DINERO_TRACE: /* ??? */
197 /* Eventually the simTRACE flag could be treated as a toggle, to
198 allow external control of the program points being traced
199 (i.e. only from main onwards, excluding the run-time setup,
201 for (cpu_nr = 0; cpu_nr < MAX_NR_PROCESSORS; cpu_nr++)
203 sim_cpu *cpu = STATE_CPU (sd, cpu_nr);
206 else if (strcmp (arg, "yes") == 0)
208 else if (strcmp (arg, "no") == 0)
210 else if (strcmp (arg, "on") == 0)
212 else if (strcmp (arg, "off") == 0)
216 fprintf (stderr, "Unrecognized dinero-trace option `%s'\n", arg);
223 Simulator constructed without dinero tracing support (for performance).\n\
224 Re-compile simulator with \"-DTRACE\" to enable this option.\n");
228 case OPTION_DINERO_FILE:
230 if (optarg != NULL) {
232 tmp = (char *)malloc(strlen(optarg) + 1);
235 sim_io_printf(sd,"Failed to allocate buffer for tracefile name \"%s\"\n",optarg);
241 sim_io_printf(sd,"Placing trace information into file \"%s\"\n",tracefile);
247 case OPTION_FIRMWARE:
248 return sim_firmware_command (sd, arg);
254 board = zalloc(strlen(arg) + 1);
265 static const OPTION mips_options[] =
267 { {"dinero-trace", optional_argument, NULL, OPTION_DINERO_TRACE},
268 '\0', "on|off", "Enable dinero tracing",
269 mips_option_handler },
270 { {"dinero-file", required_argument, NULL, OPTION_DINERO_FILE},
271 '\0', "FILE", "Write dinero trace to FILE",
272 mips_option_handler },
273 { {"firmware", required_argument, NULL, OPTION_FIRMWARE},
274 '\0', "[idt|pmon|lsipmon|none][@ADDRESS]", "Emulate ROM monitor",
275 mips_option_handler },
276 { {"board", required_argument, NULL, OPTION_BOARD},
277 '\0', "none" /* rely on compile-time string concatenation for other options */
279 #define BOARD_JMR3904 "jmr3904"
281 #define BOARD_JMR3904_PAL "jmr3904pal"
282 "|" BOARD_JMR3904_PAL
283 #define BOARD_JMR3904_DEBUG "jmr3904debug"
284 "|" BOARD_JMR3904_DEBUG
285 #define BOARD_BSP "bsp"
288 , "Customize simulation for a particular board.", mips_option_handler },
290 { {NULL, no_argument, NULL, 0}, '\0', NULL, NULL, NULL }
294 int interrupt_pending;
297 interrupt_event (SIM_DESC sd, void *data)
299 sim_cpu *cpu = STATE_CPU (sd, 0); /* FIXME */
300 address_word cia = CIA_GET (cpu);
303 interrupt_pending = 0;
304 SignalExceptionInterrupt (1); /* interrupt "1" */
306 else if (!interrupt_pending)
307 sim_events_schedule (sd, 1, interrupt_event, data);
311 /*---------------------------------------------------------------------------*/
312 /*-- Device registration hook -----------------------------------------------*/
313 /*---------------------------------------------------------------------------*/
314 static void device_init(SIM_DESC sd) {
316 extern void register_devices(SIM_DESC);
317 register_devices(sd);
321 /*---------------------------------------------------------------------------*/
322 /*-- GDB simulator interface ------------------------------------------------*/
323 /*---------------------------------------------------------------------------*/
326 sim_open (kind, cb, abfd, argv)
332 SIM_DESC sd = sim_state_alloc (kind, cb);
333 sim_cpu *cpu = STATE_CPU (sd, 0); /* FIXME */
335 SIM_ASSERT (STATE_MAGIC (sd) == SIM_MAGIC_NUMBER);
337 /* FIXME: watchpoints code shouldn't need this */
338 STATE_WATCHPOINTS (sd)->pc = &(PC);
339 STATE_WATCHPOINTS (sd)->sizeof_pc = sizeof (PC);
340 STATE_WATCHPOINTS (sd)->interrupt_handler = interrupt_event;
342 /* Initialize the mechanism for doing insn profiling. */
343 CPU_INSN_NAME (cpu) = get_insn_name;
344 CPU_MAX_INSNS (cpu) = nr_itable_entries;
348 if (sim_pre_argv_init (sd, argv[0]) != SIM_RC_OK)
350 sim_add_option_table (sd, NULL, mips_options);
353 /* getopt will print the error message so we just have to exit if this fails.
354 FIXME: Hmmm... in the case of gdb we need getopt to call
356 if (sim_parse_args (sd, argv) != SIM_RC_OK)
358 /* Uninstall the modules to avoid memory leaks,
359 file descriptor leaks, etc. */
360 sim_module_uninstall (sd);
364 /* handle board-specific memory maps */
367 /* Allocate core managed memory */
370 /* For compatibility with the old code - under this (at level one)
371 are the kernel spaces K0 & K1. Both of these map to a single
372 smaller sub region */
373 sim_do_command(sd," memory region 0x7fff8000,0x8000") ; /* MTZ- 32 k stack */
374 sim_do_commandf (sd, "memory alias 0x%lx@1,0x%lx%%0x%lx,0x%0x",
376 MEM_SIZE, /* actual size */
381 else if (board != NULL
382 && (strcmp(board, BOARD_BSP) == 0))
386 STATE_ENVIRONMENT (sd) = OPERATING_ENVIRONMENT;
388 /* ROM: 0x9FC0_0000 - 0x9FFF_FFFF and 0xBFC0_0000 - 0xBFFF_FFFF */
389 sim_do_commandf (sd, "memory alias 0x%lx@1,0x%lx,0x%0x",
391 4 * 1024 * 1024, /* 4 MB */
394 /* SRAM: 0x8000_0000 - 0x803F_FFFF and 0xA000_0000 - 0xA03F_FFFF */
395 sim_do_commandf (sd, "memory alias 0x%lx@1,0x%lx,0x%0x",
397 4 * 1024 * 1024, /* 4 MB */
400 /* DRAM: 0x8800_0000 - 0x89FF_FFFF and 0xA800_0000 - 0xA9FF_FFFF */
401 for (i=0; i<8; i++) /* 32 MB total */
403 unsigned size = 4 * 1024 * 1024; /* 4 MB */
404 sim_do_commandf (sd, "memory alias 0x%lx@1,0x%lx,0x%0x",
405 0x88000000 + (i * size),
407 0xA8000000 + (i * size));
411 else if (board != NULL
412 && (strcmp(board, BOARD_JMR3904) == 0 ||
413 strcmp(board, BOARD_JMR3904_PAL) == 0 ||
414 strcmp(board, BOARD_JMR3904_DEBUG) == 0))
416 /* match VIRTUAL memory layout of JMR-TX3904 board */
419 /* --- disable monitor unless forced on by user --- */
421 if (! firmware_option_p)
423 idt_monitor_base = 0;
424 pmon_monitor_base = 0;
425 lsipmon_monitor_base = 0;
428 /* --- environment --- */
430 STATE_ENVIRONMENT (sd) = OPERATING_ENVIRONMENT;
434 /* ROM: 0x9FC0_0000 - 0x9FFF_FFFF and 0xBFC0_0000 - 0xBFFF_FFFF */
435 sim_do_commandf (sd, "memory alias 0x%lx@1,0x%lx,0x%0x",
437 4 * 1024 * 1024, /* 4 MB */
440 /* SRAM: 0x8000_0000 - 0x803F_FFFF and 0xA000_0000 - 0xA03F_FFFF */
441 sim_do_commandf (sd, "memory alias 0x%lx@1,0x%lx,0x%0x",
443 4 * 1024 * 1024, /* 4 MB */
446 /* DRAM: 0x8800_0000 - 0x89FF_FFFF and 0xA800_0000 - 0xA9FF_FFFF */
447 for (i=0; i<8; i++) /* 32 MB total */
449 unsigned size = 4 * 1024 * 1024; /* 4 MB */
450 sim_do_commandf (sd, "memory alias 0x%lx@1,0x%lx,0x%0x",
451 0x88000000 + (i * size),
453 0xA8000000 + (i * size));
456 /* Dummy memory regions for unsimulated devices - sorted by address */
458 sim_do_commandf (sd, "memory alias 0x%lx@1,0x%lx", 0xB1000000, 0x400); /* ISA I/O */
459 sim_do_commandf (sd, "memory alias 0x%lx@1,0x%lx", 0xB2100000, 0x004); /* ISA ctl */
460 sim_do_commandf (sd, "memory alias 0x%lx@1,0x%lx", 0xB2500000, 0x004); /* LED/switch */
461 sim_do_commandf (sd, "memory alias 0x%lx@1,0x%lx", 0xB2700000, 0x004); /* RTC */
462 sim_do_commandf (sd, "memory alias 0x%lx@1,0x%lx", 0xB3C00000, 0x004); /* RTC */
463 sim_do_commandf (sd, "memory alias 0x%lx@1,0x%lx", 0xFFFF8000, 0x900); /* DRAMC */
464 sim_do_commandf (sd, "memory alias 0x%lx@1,0x%lx", 0xFFFF9000, 0x200); /* EBIF */
465 sim_do_commandf (sd, "memory alias 0x%lx@1,0x%lx", 0xFFFFE000, 0x01c); /* EBIF */
466 sim_do_commandf (sd, "memory alias 0x%lx@1,0x%lx", 0xFFFFF500, 0x300); /* PIO */
469 /* --- simulated devices --- */
470 sim_hw_parse (sd, "/tx3904irc@0xffffc000/reg 0xffffc000 0x20");
471 sim_hw_parse (sd, "/tx3904cpu");
472 sim_hw_parse (sd, "/tx3904tmr@0xfffff000/reg 0xfffff000 0x100");
473 sim_hw_parse (sd, "/tx3904tmr@0xfffff100/reg 0xfffff100 0x100");
474 sim_hw_parse (sd, "/tx3904tmr@0xfffff200/reg 0xfffff200 0x100");
475 sim_hw_parse (sd, "/tx3904sio@0xfffff300/reg 0xfffff300 0x100");
477 /* FIXME: poking at dv-sockser internals, use tcp backend if
478 --sockser_addr option was given.*/
479 extern char* sockser_addr;
480 if(sockser_addr == NULL)
481 sim_hw_parse (sd, "/tx3904sio@0xfffff300/backend stdio");
483 sim_hw_parse (sd, "/tx3904sio@0xfffff300/backend tcp");
485 sim_hw_parse (sd, "/tx3904sio@0xfffff400/reg 0xfffff400 0x100");
486 sim_hw_parse (sd, "/tx3904sio@0xfffff400/backend stdio");
488 /* -- device connections --- */
489 sim_hw_parse (sd, "/tx3904irc > ip level /tx3904cpu");
490 sim_hw_parse (sd, "/tx3904tmr@0xfffff000 > int tmr0 /tx3904irc");
491 sim_hw_parse (sd, "/tx3904tmr@0xfffff100 > int tmr1 /tx3904irc");
492 sim_hw_parse (sd, "/tx3904tmr@0xfffff200 > int tmr2 /tx3904irc");
493 sim_hw_parse (sd, "/tx3904sio@0xfffff300 > int sio0 /tx3904irc");
494 sim_hw_parse (sd, "/tx3904sio@0xfffff400 > int sio1 /tx3904irc");
496 /* add PAL timer & I/O module */
497 if(! strcmp(board, BOARD_JMR3904_PAL))
500 sim_hw_parse (sd, "/pal@0xffff0000");
501 sim_hw_parse (sd, "/pal@0xffff0000/reg 0xffff0000 64");
503 /* wire up interrupt ports to irc */
504 sim_hw_parse (sd, "/pal@0x31000000 > countdown tmr0 /tx3904irc");
505 sim_hw_parse (sd, "/pal@0x31000000 > timer tmr1 /tx3904irc");
506 sim_hw_parse (sd, "/pal@0x31000000 > int int0 /tx3904irc");
509 if(! strcmp(board, BOARD_JMR3904_DEBUG))
511 /* -- DEBUG: glue interrupt generators --- */
512 sim_hw_parse (sd, "/glue@0xffff0000/reg 0xffff0000 0x50");
513 sim_hw_parse (sd, "/glue@0xffff0000 > int0 int0 /tx3904irc");
514 sim_hw_parse (sd, "/glue@0xffff0000 > int1 int1 /tx3904irc");
515 sim_hw_parse (sd, "/glue@0xffff0000 > int2 int2 /tx3904irc");
516 sim_hw_parse (sd, "/glue@0xffff0000 > int3 int3 /tx3904irc");
517 sim_hw_parse (sd, "/glue@0xffff0000 > int4 int4 /tx3904irc");
518 sim_hw_parse (sd, "/glue@0xffff0000 > int5 int5 /tx3904irc");
519 sim_hw_parse (sd, "/glue@0xffff0000 > int6 int6 /tx3904irc");
520 sim_hw_parse (sd, "/glue@0xffff0000 > int7 int7 /tx3904irc");
521 sim_hw_parse (sd, "/glue@0xffff0000 > int8 dmac0 /tx3904irc");
522 sim_hw_parse (sd, "/glue@0xffff0000 > int9 dmac1 /tx3904irc");
523 sim_hw_parse (sd, "/glue@0xffff0000 > int10 dmac2 /tx3904irc");
524 sim_hw_parse (sd, "/glue@0xffff0000 > int11 dmac3 /tx3904irc");
525 sim_hw_parse (sd, "/glue@0xffff0000 > int12 sio0 /tx3904irc");
526 sim_hw_parse (sd, "/glue@0xffff0000 > int13 sio1 /tx3904irc");
527 sim_hw_parse (sd, "/glue@0xffff0000 > int14 tmr0 /tx3904irc");
528 sim_hw_parse (sd, "/glue@0xffff0000 > int15 tmr1 /tx3904irc");
529 sim_hw_parse (sd, "/glue@0xffff0000 > int16 tmr2 /tx3904irc");
530 sim_hw_parse (sd, "/glue@0xffff0000 > int17 nmi /tx3904cpu");
538 /* check for/establish the a reference program image */
539 if (sim_analyze_program (sd,
540 (STATE_PROG_ARGV (sd) != NULL
541 ? *STATE_PROG_ARGV (sd)
545 sim_module_uninstall (sd);
549 /* Configure/verify the target byte order and other runtime
550 configuration options */
551 if (sim_config (sd) != SIM_RC_OK)
553 sim_module_uninstall (sd);
557 if (sim_post_argv_init (sd) != SIM_RC_OK)
559 /* Uninstall the modules to avoid memory leaks,
560 file descriptor leaks, etc. */
561 sim_module_uninstall (sd);
565 /* verify assumptions the simulator made about the host type system.
566 This macro does not return if there is a problem */
567 SIM_ASSERT (sizeof(int) == (4 * sizeof(char)));
568 SIM_ASSERT (sizeof(word64) == (8 * sizeof(char)));
570 /* This is NASTY, in that we are assuming the size of specific
574 for (rn = 0; (rn < (LAST_EMBED_REGNUM + 1)); rn++)
577 cpu->register_widths[rn] = WITH_TARGET_WORD_BITSIZE;
578 else if ((rn >= FGR_BASE) && (rn < (FGR_BASE + NR_FGR)))
579 cpu->register_widths[rn] = WITH_TARGET_FLOATING_POINT_BITSIZE;
580 else if ((rn >= 33) && (rn <= 37))
581 cpu->register_widths[rn] = WITH_TARGET_WORD_BITSIZE;
582 else if ((rn == SRIDX)
585 || ((rn >= 72) && (rn <= 89)))
586 cpu->register_widths[rn] = 32;
588 cpu->register_widths[rn] = 0;
595 if (STATE & simTRACE)
600 sim_io_eprintf (sd, "idt@%x pmon@%x lsipmon@%x\n",
603 lsipmon_monitor_base);
606 /* Write the monitor trap address handlers into the monitor (eeprom)
607 address space. This can only be done once the target endianness
608 has been determined. */
609 if (idt_monitor_base != 0)
612 unsigned idt_monitor_size = 1 << 11;
614 /* the default monitor region */
615 sim_do_commandf (sd, "memory region 0x%x,0x%x",
616 idt_monitor_base, idt_monitor_size);
618 /* Entry into the IDT monitor is via fixed address vectors, and
619 not using machine instructions. To avoid clashing with use of
620 the MIPS TRAP system, we place our own (simulator specific)
621 "undefined" instructions into the relevant vector slots. */
622 for (loop = 0; (loop < idt_monitor_size); loop += 4)
624 address_word vaddr = (idt_monitor_base + loop);
625 unsigned32 insn = (RSVD_INSTRUCTION |
626 (((loop >> 2) & RSVD_INSTRUCTION_ARG_MASK)
627 << RSVD_INSTRUCTION_ARG_SHIFT));
629 sim_write (sd, vaddr, (char *)&insn, sizeof (insn));
633 if ((pmon_monitor_base != 0) || (lsipmon_monitor_base != 0))
635 /* The PMON monitor uses the same address space, but rather than
636 branching into it the address of a routine is loaded. We can
637 cheat for the moment, and direct the PMON routine to IDT style
638 instructions within the monitor space. This relies on the IDT
639 monitor not using the locations from 0xBFC00500 onwards as its
642 for (loop = 0; (loop < 24); loop++)
644 unsigned32 value = ((0x500 - 8) / 8); /* default UNDEFINED reason code */
660 value = ((0x500 - 16) / 8); /* not an IDT reason code */
662 case 8: /* cliexit */
665 case 11: /* flush_cache */
670 SIM_ASSERT (idt_monitor_base != 0);
671 value = ((unsigned int) idt_monitor_base + (value * 8));
674 if (pmon_monitor_base != 0)
676 address_word vaddr = (pmon_monitor_base + (loop * 4));
677 sim_write (sd, vaddr, (char *)&value, sizeof (value));
680 if (lsipmon_monitor_base != 0)
682 address_word vaddr = (lsipmon_monitor_base + (loop * 4));
683 sim_write (sd, vaddr, (char *)&value, sizeof (value));
687 /* Write an abort sequence into the TRAP (common) exception vector
688 addresses. This is to catch code executing a TRAP (et.al.)
689 instruction without installing a trap handler. */
690 if ((idt_monitor_base != 0) ||
691 (pmon_monitor_base != 0) ||
692 (lsipmon_monitor_base != 0))
694 unsigned32 halt[2] = { 0x2404002f /* addiu r4, r0, 47 */,
695 HALT_INSTRUCTION /* BREAK */ };
698 sim_write (sd, 0x80000000, (char *) halt, sizeof (halt));
699 sim_write (sd, 0x80000180, (char *) halt, sizeof (halt));
700 sim_write (sd, 0x80000200, (char *) halt, sizeof (halt));
701 /* XXX: Write here unconditionally? */
702 sim_write (sd, 0xBFC00200, (char *) halt, sizeof (halt));
703 sim_write (sd, 0xBFC00380, (char *) halt, sizeof (halt));
704 sim_write (sd, 0xBFC00400, (char *) halt, sizeof (halt));
718 tracefh = fopen(tracefile,"wb+");
721 sim_io_eprintf(sd,"Failed to create file \"%s\", writing trace information to stderr.\n",tracefile);
727 /* Return name of an insn, used by insn profiling. */
729 get_insn_name (sim_cpu *cpu, int i)
731 return itable[i].name;
735 sim_close (sd, quitting)
740 printf("DBG: sim_close: entered (quitting = %d)\n",quitting);
744 /* "quitting" is non-zero if we cannot hang on errors */
746 /* shut down modules */
747 sim_module_uninstall (sd);
749 /* Ensure that any resources allocated through the callback
750 mechanism are released: */
751 sim_io_shutdown (sd);
754 if (tracefh != NULL && tracefh != stderr)
759 /* FIXME - free SD */
766 sim_write (sd,addr,buffer,size)
769 unsigned char *buffer;
773 sim_cpu *cpu = STATE_CPU (sd, 0); /* FIXME */
775 /* Return the number of bytes written, or zero if error. */
777 sim_io_printf(sd,"sim_write(0x%s,buffer,%d);\n",pr_addr(addr),size);
780 /* We use raw read and write routines, since we do not want to count
781 the GDB memory accesses in our statistics gathering. */
783 for (index = 0; index < size; index++)
785 address_word vaddr = (address_word)addr + index;
788 if (!address_translation (SD, CPU, NULL_CIA, vaddr, isDATA, isSTORE, &paddr, &cca, isRAW))
790 if (sim_core_write_buffer (SD, CPU, read_map, buffer + index, paddr, 1) != 1)
798 sim_read (sd,addr,buffer,size)
801 unsigned char *buffer;
805 sim_cpu *cpu = STATE_CPU (sd, 0); /* FIXME */
807 /* Return the number of bytes read, or zero if error. */
809 sim_io_printf(sd,"sim_read(0x%s,buffer,%d);\n",pr_addr(addr),size);
812 for (index = 0; (index < size); index++)
814 address_word vaddr = (address_word)addr + index;
817 if (!address_translation (SD, CPU, NULL_CIA, vaddr, isDATA, isLOAD, &paddr, &cca, isRAW))
819 if (sim_core_read_buffer (SD, CPU, read_map, buffer + index, paddr, 1) != 1)
827 sim_store_register (sd,rn,memory,length)
830 unsigned char *memory;
833 sim_cpu *cpu = STATE_CPU (sd, 0); /* FIXME */
834 /* NOTE: gdb (the client) stores registers in target byte order
835 while the simulator uses host byte order */
837 sim_io_printf(sd,"sim_store_register(%d,*memory=0x%s);\n",rn,pr_addr(*((SIM_ADDR *)memory)));
840 /* Unfortunately this suffers from the same problem as the register
841 numbering one. We need to know what the width of each logical
842 register number is for the architecture being simulated. */
844 if (cpu->register_widths[rn] == 0)
846 sim_io_eprintf(sd,"Invalid register width for %d (register store ignored)\n",rn);
852 if (rn >= FGR_BASE && rn < FGR_BASE + NR_FGR)
854 cpu->fpr_state[rn - FGR_BASE] = fmt_uninterpreted;
855 if (cpu->register_widths[rn] == 32)
859 cpu->fgr[rn - FGR_BASE] =
860 (unsigned32) T2H_8 (*(unsigned64*)memory);
865 cpu->fgr[rn - FGR_BASE] = T2H_4 (*(unsigned32*)memory);
871 cpu->fgr[rn - FGR_BASE] = T2H_8 (*(unsigned64*)memory);
876 if (cpu->register_widths[rn] == 32)
881 (unsigned32) T2H_8 (*(unsigned64*)memory);
886 cpu->registers[rn] = T2H_4 (*(unsigned32*)memory);
892 cpu->registers[rn] = T2H_8 (*(unsigned64*)memory);
900 sim_fetch_register (sd,rn,memory,length)
903 unsigned char *memory;
906 sim_cpu *cpu = STATE_CPU (sd, 0); /* FIXME */
907 /* NOTE: gdb (the client) stores registers in target byte order
908 while the simulator uses host byte order */
910 #if 0 /* FIXME: doesn't compile */
911 sim_io_printf(sd,"sim_fetch_register(%d=0x%s,mem) : place simulator registers into memory\n",rn,pr_addr(registers[rn]));
915 if (cpu->register_widths[rn] == 0)
917 sim_io_eprintf (sd, "Invalid register width for %d (register fetch ignored)\n",rn);
923 /* Any floating point register */
924 if (rn >= FGR_BASE && rn < FGR_BASE + NR_FGR)
926 if (cpu->register_widths[rn] == 32)
930 *(unsigned64*)memory =
931 H2T_8 ((unsigned32) (cpu->fgr[rn - FGR_BASE]));
936 *(unsigned32*)memory = H2T_4 (cpu->fgr[rn - FGR_BASE]);
942 *(unsigned64*)memory = H2T_8 (cpu->fgr[rn - FGR_BASE]);
947 if (cpu->register_widths[rn] == 32)
951 *(unsigned64*)memory =
952 H2T_8 ((unsigned32) (cpu->registers[rn]));
957 *(unsigned32*)memory = H2T_4 ((unsigned32)(cpu->registers[rn]));
963 *(unsigned64*)memory = H2T_8 ((unsigned64)(cpu->registers[rn]));
972 sim_create_inferior (sd, abfd, argv,env)
980 #if 0 /* FIXME: doesn't compile */
981 printf("DBG: sim_create_inferior entered: start_address = 0x%s\n",
990 /* override PC value set by ColdReset () */
992 for (cpu_nr = 0; cpu_nr < sim_engine_nr_cpus (sd); cpu_nr++)
994 sim_cpu *cpu = STATE_CPU (sd, cpu_nr);
995 CIA_SET (cpu, (unsigned64) bfd_get_start_address (abfd));
999 #if 0 /* def DEBUG */
1002 /* We should really place the argv slot values into the argument
1003 registers, and onto the stack as required. However, this
1004 assumes that we have a stack defined, which is not
1005 necessarily true at the moment. */
1007 sim_io_printf(sd,"sim_create_inferior() : passed arguments ignored\n");
1008 for (cptr = argv; (cptr && *cptr); cptr++)
1009 printf("DBG: arg \"%s\"\n",*cptr);
1017 sim_do_command (sd,cmd)
1021 if (sim_args_command (sd, cmd) != SIM_RC_OK)
1022 sim_io_printf (sd, "Error: \"%s\" is not a valid MIPS simulator command.\n",
1026 /*---------------------------------------------------------------------------*/
1027 /*-- Private simulator support interface ------------------------------------*/
1028 /*---------------------------------------------------------------------------*/
1030 /* Read a null terminated string from memory, return in a buffer */
1032 fetch_str (SIM_DESC sd,
1038 while (sim_read (sd, addr + nr, &null, 1) == 1 && null != 0)
1040 buf = NZALLOC (char, nr + 1);
1041 sim_read (sd, addr, buf, nr);
1046 /* Implements the "sim firmware" command:
1047 sim firmware NAME[@ADDRESS] --- emulate ROM monitor named NAME.
1048 NAME can be idt, pmon, or lsipmon. If omitted, ADDRESS
1049 defaults to the normal address for that monitor.
1050 sim firmware none --- don't emulate any ROM monitor. Useful
1051 if you need a clean address space. */
1053 sim_firmware_command (SIM_DESC sd, char *arg)
1055 int address_present = 0;
1058 /* Signal occurrence of this option. */
1059 firmware_option_p = 1;
1061 /* Parse out the address, if present. */
1063 char *p = strchr (arg, '@');
1067 address_present = 1;
1068 p ++; /* skip over @ */
1070 address = strtoul (p, &q, 0);
1073 sim_io_printf (sd, "Invalid address given to the"
1074 "`sim firmware NAME@ADDRESS' command: %s\n",
1081 address_present = 0;
1082 address = -1; /* Dummy value. */
1086 if (! strncmp (arg, "idt", 3))
1088 idt_monitor_base = address_present ? address : 0xBFC00000;
1089 pmon_monitor_base = 0;
1090 lsipmon_monitor_base = 0;
1092 else if (! strncmp (arg, "pmon", 4))
1094 /* pmon uses indirect calls. Hook into implied idt. */
1095 pmon_monitor_base = address_present ? address : 0xBFC00500;
1096 idt_monitor_base = pmon_monitor_base - 0x500;
1097 lsipmon_monitor_base = 0;
1099 else if (! strncmp (arg, "lsipmon", 7))
1101 /* lsipmon uses indirect calls. Hook into implied idt. */
1102 pmon_monitor_base = 0;
1103 lsipmon_monitor_base = address_present ? address : 0xBFC00200;
1104 idt_monitor_base = lsipmon_monitor_base - 0x200;
1106 else if (! strncmp (arg, "none", 4))
1108 if (address_present)
1111 "The `sim firmware none' command does "
1112 "not take an `ADDRESS' argument.\n");
1115 idt_monitor_base = 0;
1116 pmon_monitor_base = 0;
1117 lsipmon_monitor_base = 0;
1121 sim_io_printf (sd, "\
1122 Unrecognized name given to the `sim firmware NAME' command: %s\n\
1123 Recognized firmware names are: `idt', `pmon', `lsipmon', and `none'.\n",
1133 /* Simple monitor interface (currently setup for the IDT and PMON monitors) */
1135 sim_monitor (SIM_DESC sd,
1138 unsigned int reason)
1141 printf("DBG: sim_monitor: entered (reason = %d)\n",reason);
1144 /* The IDT monitor actually allows two instructions per vector
1145 slot. However, the simulator currently causes a trap on each
1146 individual instruction. We cheat, and lose the bottom bit. */
1149 /* The following callback functions are available, however the
1150 monitor we are simulating does not make use of them: get_errno,
1151 isatty, lseek, rename, system, time and unlink */
1155 case 6: /* int open(char *path,int flags) */
1157 char *path = fetch_str (sd, A0);
1158 V0 = sim_io_open (sd, path, (int)A1);
1163 case 7: /* int read(int file,char *ptr,int len) */
1167 char *buf = zalloc (nr);
1168 V0 = sim_io_read (sd, fd, buf, nr);
1169 sim_write (sd, A1, buf, nr);
1174 case 8: /* int write(int file,char *ptr,int len) */
1178 char *buf = zalloc (nr);
1179 sim_read (sd, A1, buf, nr);
1180 V0 = sim_io_write (sd, fd, buf, nr);
1185 case 10: /* int close(int file) */
1187 V0 = sim_io_close (sd, (int)A0);
1191 case 2: /* Densan monitor: char inbyte(int waitflag) */
1193 if (A0 == 0) /* waitflag == NOWAIT */
1194 V0 = (unsigned_word)-1;
1196 /* Drop through to case 11 */
1198 case 11: /* char inbyte(void) */
1201 /* ensure that all output has gone... */
1202 sim_io_flush_stdout (sd);
1203 if (sim_io_read_stdin (sd, &tmp, sizeof(char)) != sizeof(char))
1205 sim_io_error(sd,"Invalid return from character read");
1206 V0 = (unsigned_word)-1;
1209 V0 = (unsigned_word)tmp;
1213 case 3: /* Densan monitor: void co(char chr) */
1214 case 12: /* void outbyte(char chr) : write a byte to "stdout" */
1216 char tmp = (char)(A0 & 0xFF);
1217 sim_io_write_stdout (sd, &tmp, sizeof(char));
1221 case 17: /* void _exit() */
1223 sim_io_eprintf (sd, "sim_monitor(17): _exit(int reason) to be coded\n");
1224 sim_engine_halt (SD, CPU, NULL, NULL_CIA, sim_exited,
1225 (unsigned int)(A0 & 0xFFFFFFFF));
1229 case 28: /* PMON flush_cache */
1232 case 55: /* void get_mem_info(unsigned int *ptr) */
1233 /* in: A0 = pointer to three word memory location */
1234 /* out: [A0 + 0] = size */
1235 /* [A0 + 4] = instruction cache size */
1236 /* [A0 + 8] = data cache size */
1238 unsigned_4 value = MEM_SIZE /* FIXME STATE_MEM_SIZE (sd) */;
1239 unsigned_4 zero = 0;
1241 sim_write (sd, A0 + 0, (char *)&value, 4);
1242 sim_write (sd, A0 + 4, (char *)&zero, 4);
1243 sim_write (sd, A0 + 8, (char *)&zero, 4);
1244 /* sim_io_eprintf (sd, "sim: get_mem_info() deprecated\n"); */
1248 case 158: /* PMON printf */
1249 /* in: A0 = pointer to format string */
1250 /* A1 = optional argument 1 */
1251 /* A2 = optional argument 2 */
1252 /* A3 = optional argument 3 */
1254 /* The following is based on the PMON printf source */
1256 address_word s = A0;
1258 signed_word *ap = &A1; /* 1st argument */
1259 /* This isn't the quickest way, since we call the host print
1260 routine for every character almost. But it does avoid
1261 having to allocate and manage a temporary string buffer. */
1262 /* TODO: Include check that we only use three arguments (A1,
1264 while (sim_read (sd, s++, &c, 1) && c != '\0')
1269 enum {FMT_RJUST, FMT_LJUST, FMT_RJUST0, FMT_CENTER} fmt = FMT_RJUST;
1270 int width = 0, trunc = 0, haddot = 0, longlong = 0;
1271 while (sim_read (sd, s++, &c, 1) && c != '\0')
1273 if (strchr ("dobxXulscefg%", c))
1288 else if (c >= '1' && c <= '9')
1292 while (sim_read (sd, s++, &c, 1) == 1 && isdigit (c))
1295 n = (unsigned int)strtol(tmp,NULL,10);
1308 sim_io_printf (sd, "%%");
1313 address_word p = *ap++;
1315 while (sim_read (sd, p++, &ch, 1) == 1 && ch != '\0')
1316 sim_io_printf(sd, "%c", ch);
1319 sim_io_printf(sd,"(null)");
1322 sim_io_printf (sd, "%c", (int)*ap++);
1327 sim_read (sd, s++, &c, 1);
1331 sim_read (sd, s++, &c, 1);
1334 if (strchr ("dobxXu", c))
1336 word64 lv = (word64) *ap++;
1338 sim_io_printf(sd,"<binary not supported>");
1341 sprintf (tmp, "%%%s%c", longlong ? "ll" : "", c);
1343 sim_io_printf(sd, tmp, lv);
1345 sim_io_printf(sd, tmp, (int)lv);
1348 else if (strchr ("eEfgG", c))
1350 double dbl = *(double*)(ap++);
1351 sprintf (tmp, "%%%d.%d%c", width, trunc, c);
1352 sim_io_printf (sd, tmp, dbl);
1358 sim_io_printf(sd, "%c", c);
1364 /* Unknown reason. */
1370 /* Store a word into memory. */
1373 store_word (SIM_DESC sd,
1382 if ((vaddr & 3) != 0)
1383 SignalExceptionAddressStore ();
1386 if (AddressTranslation (vaddr, isDATA, isSTORE, &paddr, &uncached,
1389 const uword64 mask = 7;
1393 paddr = (paddr & ~mask) | ((paddr & mask) ^ (ReverseEndian << 2));
1394 byte = (vaddr & mask) ^ (BigEndianCPU << 2);
1395 memval = ((uword64) val) << (8 * byte);
1396 StoreMemory (uncached, AccessLength_WORD, memval, 0, paddr, vaddr,
1402 /* Load a word from memory. */
1405 load_word (SIM_DESC sd,
1410 if ((vaddr & 3) != 0)
1412 SIM_CORE_SIGNAL (SD, cpu, cia, read_map, AccessLength_WORD+1, vaddr, read_transfer, sim_core_unaligned_signal);
1419 if (AddressTranslation (vaddr, isDATA, isLOAD, &paddr, &uncached,
1422 const uword64 mask = 0x7;
1423 const unsigned int reverse = ReverseEndian ? 1 : 0;
1424 const unsigned int bigend = BigEndianCPU ? 1 : 0;
1428 paddr = (paddr & ~mask) | ((paddr & mask) ^ (reverse << 2));
1429 LoadMemory (&memval,NULL,uncached, AccessLength_WORD, paddr, vaddr,
1431 byte = (vaddr & mask) ^ (bigend << 2);
1432 return EXTEND32 (memval >> (8 * byte));
1439 /* Simulate the mips16 entry and exit pseudo-instructions. These
1440 would normally be handled by the reserved instruction exception
1441 code, but for ease of simulation we just handle them directly. */
1444 mips16_entry (SIM_DESC sd,
1449 int aregs, sregs, rreg;
1452 printf("DBG: mips16_entry: entered (insn = 0x%08X)\n",insn);
1455 aregs = (insn & 0x700) >> 8;
1456 sregs = (insn & 0x0c0) >> 6;
1457 rreg = (insn & 0x020) >> 5;
1459 /* This should be checked by the caller. */
1468 /* This is the entry pseudo-instruction. */
1470 for (i = 0; i < aregs; i++)
1471 store_word (SD, CPU, cia, (uword64) (SP + 4 * i), GPR[i + 4]);
1479 store_word (SD, CPU, cia, (uword64) tsp, RA);
1482 for (i = 0; i < sregs; i++)
1485 store_word (SD, CPU, cia, (uword64) tsp, GPR[16 + i]);
1493 /* This is the exit pseudo-instruction. */
1500 RA = load_word (SD, CPU, cia, (uword64) tsp);
1503 for (i = 0; i < sregs; i++)
1506 GPR[i + 16] = load_word (SD, CPU, cia, (uword64) tsp);
1511 if (CURRENT_FLOATING_POINT == HARD_FLOATING_POINT)
1515 FGR[0] = WORD64LO (GPR[4]);
1516 FPR_STATE[0] = fmt_uninterpreted;
1518 else if (aregs == 6)
1520 FGR[0] = WORD64LO (GPR[5]);
1521 FGR[1] = WORD64LO (GPR[4]);
1522 FPR_STATE[0] = fmt_uninterpreted;
1523 FPR_STATE[1] = fmt_uninterpreted;
1532 /*-- trace support ----------------------------------------------------------*/
1534 /* The TRACE support is provided (if required) in the memory accessing
1535 routines. Since we are also providing the architecture specific
1536 features, the architecture simulation code can also deal with
1537 notifying the TRACE world of cache flushes, etc. Similarly we do
1538 not need to provide profiling support in the simulator engine,
1539 since we can sample in the instruction fetch control loop. By
1540 defining the TRACE manifest, we add tracing as a run-time
1544 /* Tracing by default produces "din" format (as required by
1545 dineroIII). Each line of such a trace file *MUST* have a din label
1546 and address field. The rest of the line is ignored, so comments can
1547 be included if desired. The first field is the label which must be
1548 one of the following values:
1553 3 escape record (treated as unknown access type)
1554 4 escape record (causes cache flush)
1556 The address field is a 32bit (lower-case) hexadecimal address
1557 value. The address should *NOT* be preceded by "0x".
1559 The size of the memory transfer is not important when dealing with
1560 cache lines (as long as no more than a cache line can be
1561 transferred in a single operation :-), however more information
1562 could be given following the dineroIII requirement to allow more
1563 complete memory and cache simulators to provide better
1564 results. i.e. the University of Pisa has a cache simulator that can
1565 also take bus size and speed as (variable) inputs to calculate
1566 complete system performance (a much more useful ability when trying
1567 to construct an end product, rather than a processor). They
1568 currently have an ARM version of their tool called ChARM. */
1572 dotrace (SIM_DESC sd,
1580 if (STATE & simTRACE) {
1582 fprintf(tracefh,"%d %s ; width %d ; ",
1586 va_start(ap,comment);
1587 vfprintf(tracefh,comment,ap);
1589 fprintf(tracefh,"\n");
1591 /* NOTE: Since the "din" format will only accept 32bit addresses, and
1592 we may be generating 64bit ones, we should put the hi-32bits of the
1593 address into the comment field. */
1595 /* TODO: Provide a buffer for the trace lines. We can then avoid
1596 performing writes until the buffer is filled, or the file is
1599 /* NOTE: We could consider adding a comment field to the "din" file
1600 produced using type 3 markers (unknown access). This would then
1601 allow information about the program that the "din" is for, and
1602 the MIPs world that was being simulated, to be placed into the
1609 /*---------------------------------------------------------------------------*/
1610 /*-- simulator engine -------------------------------------------------------*/
1611 /*---------------------------------------------------------------------------*/
1614 ColdReset (SIM_DESC sd)
1617 for (cpu_nr = 0; cpu_nr < sim_engine_nr_cpus (sd); cpu_nr++)
1619 sim_cpu *cpu = STATE_CPU (sd, cpu_nr);
1620 /* RESET: Fixed PC address: */
1621 PC = (unsigned_word) UNSIGNED64 (0xFFFFFFFFBFC00000);
1622 /* The reset vector address is in the unmapped, uncached memory space. */
1624 SR &= ~(status_SR | status_TS | status_RP);
1625 SR |= (status_ERL | status_BEV);
1627 /* Cheat and allow access to the complete register set immediately */
1628 if (CURRENT_FLOATING_POINT == HARD_FLOATING_POINT
1629 && WITH_TARGET_WORD_BITSIZE == 64)
1630 SR |= status_FR; /* 64bit registers */
1632 /* Ensure that any instructions with pending register updates are
1634 PENDING_INVALIDATE();
1636 /* Initialise the FPU registers to the unknown state */
1637 if (CURRENT_FLOATING_POINT == HARD_FLOATING_POINT)
1640 for (rn = 0; (rn < 32); rn++)
1641 FPR_STATE[rn] = fmt_uninterpreted;
1650 /* Description from page A-26 of the "MIPS IV Instruction Set" manual (revision 3.1) */
1651 /* Signal an exception condition. This will result in an exception
1652 that aborts the instruction. The instruction operation pseudocode
1653 will never see a return from this function call. */
1656 signal_exception (SIM_DESC sd,
1664 sim_io_printf(sd,"DBG: SignalException(%d) PC = 0x%s\n",exception,pr_addr(cia));
1667 /* Ensure that any active atomic read/modify/write operation will fail: */
1670 /* Save registers before interrupt dispatching */
1671 #ifdef SIM_CPU_EXCEPTION_TRIGGER
1672 SIM_CPU_EXCEPTION_TRIGGER(sd, cpu, cia);
1675 switch (exception) {
1677 case DebugBreakPoint:
1678 if (! (Debug & Debug_DM))
1684 Debug |= Debug_DBD; /* signaled from within in delay slot */
1685 DEPC = cia - 4; /* reference the branch instruction */
1689 Debug &= ~Debug_DBD; /* not signaled from within a delay slot */
1693 Debug |= Debug_DM; /* in debugging mode */
1694 Debug |= Debug_DBp; /* raising a DBp exception */
1696 sim_engine_restart (SD, CPU, NULL, NULL_CIA);
1700 case ReservedInstruction:
1703 unsigned int instruction;
1704 va_start(ap,exception);
1705 instruction = va_arg(ap,unsigned int);
1707 /* Provide simple monitor support using ReservedInstruction
1708 exceptions. The following code simulates the fixed vector
1709 entry points into the IDT monitor by causing a simulator
1710 trap, performing the monitor operation, and returning to
1711 the address held in the $ra register (standard PCS return
1712 address). This means we only need to pre-load the vector
1713 space with suitable instruction values. For systems were
1714 actual trap instructions are used, we would not need to
1715 perform this magic. */
1716 if ((instruction & RSVD_INSTRUCTION_MASK) == RSVD_INSTRUCTION)
1718 int reason = (instruction >> RSVD_INSTRUCTION_ARG_SHIFT) & RSVD_INSTRUCTION_ARG_MASK;
1719 if (!sim_monitor (SD, CPU, cia, reason))
1720 sim_io_error (sd, "sim_monitor: unhandled reason = %d, pc = 0x%s\n", reason, pr_addr (cia));
1722 /* NOTE: This assumes that a branch-and-link style
1723 instruction was used to enter the vector (which is the
1724 case with the current IDT monitor). */
1725 sim_engine_restart (SD, CPU, NULL, RA);
1727 /* Look for the mips16 entry and exit instructions, and
1728 simulate a handler for them. */
1729 else if ((cia & 1) != 0
1730 && (instruction & 0xf81f) == 0xe809
1731 && (instruction & 0x0c0) != 0x0c0)
1733 mips16_entry (SD, CPU, cia, instruction);
1734 sim_engine_restart (sd, NULL, NULL, NULL_CIA);
1736 /* else fall through to normal exception processing */
1737 sim_io_eprintf(sd,"ReservedInstruction at PC = 0x%s\n", pr_addr (cia));
1741 /* Store exception code into current exception id variable (used
1744 /* TODO: If not simulating exceptions then stop the simulator
1745 execution. At the moment we always stop the simulation. */
1747 #ifdef SUBTARGET_R3900
1748 /* update interrupt-related registers */
1750 /* insert exception code in bits 6:2 */
1751 CAUSE = LSMASKED32(CAUSE, 31, 7) | LSINSERTED32(exception, 6, 2);
1752 /* shift IE/KU history bits left */
1753 SR = LSMASKED32(SR, 31, 4) | LSINSERTED32(LSEXTRACTED32(SR, 3, 0), 5, 2);
1755 if (STATE & simDELAYSLOT)
1757 STATE &= ~simDELAYSLOT;
1759 EPC = (cia - 4); /* reference the branch instruction */
1764 if (SR & status_BEV)
1765 PC = (signed)0xBFC00000 + 0x180;
1767 PC = (signed)0x80000000 + 0x080;
1769 /* See figure 5-17 for an outline of the code below */
1770 if (! (SR & status_EXL))
1772 CAUSE = (exception << 2);
1773 if (STATE & simDELAYSLOT)
1775 STATE &= ~simDELAYSLOT;
1777 EPC = (cia - 4); /* reference the branch instruction */
1781 /* FIXME: TLB et.al. */
1782 /* vector = 0x180; */
1786 CAUSE = (exception << 2);
1787 /* vector = 0x180; */
1790 /* Store exception code into current exception id variable (used
1793 if (SR & status_BEV)
1794 PC = (signed)0xBFC00200 + 0x180;
1796 PC = (signed)0x80000000 + 0x180;
1799 switch ((CAUSE >> 2) & 0x1F)
1802 /* Interrupts arrive during event processing, no need to
1808 #ifdef SUBTARGET_3900
1809 /* Exception vector: BEV=0 BFC00000 / BEF=1 BFC00000 */
1810 PC = (signed)0xBFC00000;
1811 #endif /* SUBTARGET_3900 */
1814 case TLBModification:
1819 case InstructionFetch:
1821 /* The following is so that the simulator will continue from the
1822 exception handler address. */
1823 sim_engine_halt (SD, CPU, NULL, PC,
1824 sim_stopped, SIM_SIGBUS);
1826 case ReservedInstruction:
1827 case CoProcessorUnusable:
1829 sim_engine_halt (SD, CPU, NULL, PC,
1830 sim_stopped, SIM_SIGILL);
1832 case IntegerOverflow:
1834 sim_engine_halt (SD, CPU, NULL, PC,
1835 sim_stopped, SIM_SIGFPE);
1838 sim_engine_halt (SD, CPU, NULL, PC, sim_stopped, SIM_SIGTRAP);
1843 sim_engine_restart (SD, CPU, NULL, PC);
1848 sim_engine_halt (SD, CPU, NULL, PC,
1849 sim_stopped, SIM_SIGTRAP);
1851 default: /* Unknown internal exception */
1853 sim_engine_halt (SD, CPU, NULL, PC,
1854 sim_stopped, SIM_SIGABRT);
1858 case SimulatorFault:
1862 va_start(ap,exception);
1863 msg = va_arg(ap,char *);
1865 sim_engine_abort (SD, CPU, NULL_CIA,
1866 "FATAL: Simulator error \"%s\"\n",msg);
1875 /* This function implements what the MIPS32 and MIPS64 ISAs define as
1876 "UNPREDICTABLE" behaviour.
1878 About UNPREDICTABLE behaviour they say: "UNPREDICTABLE results
1879 may vary from processor implementation to processor implementation,
1880 instruction to instruction, or as a function of time on the same
1881 implementation or instruction. Software can never depend on results
1882 that are UNPREDICTABLE. ..." (MIPS64 Architecture for Programmers
1883 Volume II, The MIPS64 Instruction Set. MIPS Document MD00087 revision
1886 For UNPREDICTABLE behaviour, we print a message, if possible print
1887 the offending instructions mips.igen instruction name (provided by
1888 the caller), and stop the simulator.
1890 XXX FIXME: eventually, stopping the simulator should be made conditional
1891 on a command-line option. */
1893 unpredictable_action(sim_cpu *cpu, address_word cia)
1895 SIM_DESC sd = CPU_STATE(cpu);
1897 sim_io_eprintf(sd, "UNPREDICTABLE: PC = 0x%s\n", pr_addr (cia));
1898 sim_engine_halt (SD, CPU, NULL, cia, sim_stopped, SIM_SIGABRT);
1902 /*-- co-processor support routines ------------------------------------------*/
1905 CoProcPresent(unsigned int coproc_number)
1907 /* Return TRUE if simulator provides a model for the given co-processor number */
1912 cop_lw (SIM_DESC sd,
1917 unsigned int memword)
1922 if (CURRENT_FLOATING_POINT == HARD_FLOATING_POINT)
1925 printf("DBG: COP_LW: memword = 0x%08X (uword64)memword = 0x%s\n",memword,pr_addr(memword));
1927 StoreFPR(coproc_reg,fmt_word,(uword64)memword);
1928 FPR_STATE[coproc_reg] = fmt_uninterpreted;
1933 #if 0 /* this should be controlled by a configuration option */
1934 sim_io_printf(sd,"COP_LW(%d,%d,0x%08X) at PC = 0x%s : TODO (architecture specific)\n",coproc_num,coproc_reg,memword,pr_addr(cia));
1943 cop_ld (SIM_DESC sd,
1952 printf("DBG: COP_LD: coproc_num = %d, coproc_reg = %d, value = 0x%s : PC = 0x%s\n", coproc_num, coproc_reg, pr_uword64(memword), pr_addr(cia) );
1955 switch (coproc_num) {
1957 if (CURRENT_FLOATING_POINT == HARD_FLOATING_POINT)
1959 StoreFPR(coproc_reg,fmt_uninterpreted,memword);
1964 #if 0 /* this message should be controlled by a configuration option */
1965 sim_io_printf(sd,"COP_LD(%d,%d,0x%s) at PC = 0x%s : TODO (architecture specific)\n",coproc_num,coproc_reg,pr_addr(memword),pr_addr(cia));
1977 cop_sw (SIM_DESC sd,
1983 unsigned int value = 0;
1988 if (CURRENT_FLOATING_POINT == HARD_FLOATING_POINT)
1991 hold = FPR_STATE[coproc_reg];
1992 FPR_STATE[coproc_reg] = fmt_word;
1993 value = (unsigned int)ValueFPR(coproc_reg,fmt_uninterpreted);
1994 FPR_STATE[coproc_reg] = hold;
1999 #if 0 /* should be controlled by configuration option */
2000 sim_io_printf(sd,"COP_SW(%d,%d) at PC = 0x%s : TODO (architecture specific)\n",coproc_num,coproc_reg,pr_addr(cia));
2009 cop_sd (SIM_DESC sd,
2019 if (CURRENT_FLOATING_POINT == HARD_FLOATING_POINT)
2021 value = ValueFPR(coproc_reg,fmt_uninterpreted);
2026 #if 0 /* should be controlled by configuration option */
2027 sim_io_printf(sd,"COP_SD(%d,%d) at PC = 0x%s : TODO (architecture specific)\n",coproc_num,coproc_reg,pr_addr(cia));
2039 decode_coproc (SIM_DESC sd,
2042 unsigned int instruction)
2044 int coprocnum = ((instruction >> 26) & 3);
2048 case 0: /* standard CPU control and cache registers */
2050 int code = ((instruction >> 21) & 0x1F);
2051 int rt = ((instruction >> 16) & 0x1F);
2052 int rd = ((instruction >> 11) & 0x1F);
2053 int tail = instruction & 0x3ff;
2054 /* R4000 Users Manual (second edition) lists the following CP0
2056 CODE><-RT><RD-><--TAIL--->
2057 DMFC0 Doubleword Move From CP0 (VR4100 = 01000000001tttttddddd00000000000)
2058 DMTC0 Doubleword Move To CP0 (VR4100 = 01000000101tttttddddd00000000000)
2059 MFC0 word Move From CP0 (VR4100 = 01000000000tttttddddd00000000000)
2060 MTC0 word Move To CP0 (VR4100 = 01000000100tttttddddd00000000000)
2061 TLBR Read Indexed TLB Entry (VR4100 = 01000010000000000000000000000001)
2062 TLBWI Write Indexed TLB Entry (VR4100 = 01000010000000000000000000000010)
2063 TLBWR Write Random TLB Entry (VR4100 = 01000010000000000000000000000110)
2064 TLBP Probe TLB for Matching Entry (VR4100 = 01000010000000000000000000001000)
2065 CACHE Cache operation (VR4100 = 101111bbbbbpppppiiiiiiiiiiiiiiii)
2066 ERET Exception return (VR4100 = 01000010000000000000000000011000)
2068 if (((code == 0x00) || (code == 0x04) /* MFC0 / MTC0 */
2069 || (code == 0x01) || (code == 0x05)) /* DMFC0 / DMTC0 */
2072 /* Clear double/single coprocessor move bit. */
2075 /* M[TF]C0 (32 bits) | DM[TF]C0 (64 bits) */
2077 switch (rd) /* NOTEs: Standard CP0 registers */
2079 /* 0 = Index R4000 VR4100 VR4300 */
2080 /* 1 = Random R4000 VR4100 VR4300 */
2081 /* 2 = EntryLo0 R4000 VR4100 VR4300 */
2082 /* 3 = EntryLo1 R4000 VR4100 VR4300 */
2083 /* 4 = Context R4000 VR4100 VR4300 */
2084 /* 5 = PageMask R4000 VR4100 VR4300 */
2085 /* 6 = Wired R4000 VR4100 VR4300 */
2086 /* 8 = BadVAddr R4000 VR4100 VR4300 */
2087 /* 9 = Count R4000 VR4100 VR4300 */
2088 /* 10 = EntryHi R4000 VR4100 VR4300 */
2089 /* 11 = Compare R4000 VR4100 VR4300 */
2090 /* 12 = SR R4000 VR4100 VR4300 */
2091 #ifdef SUBTARGET_R3900
2093 /* 3 = Config R3900 */
2095 /* 7 = Cache R3900 */
2097 /* 15 = PRID R3900 */
2103 /* 8 = BadVAddr R4000 VR4100 VR4300 */
2105 GPR[rt] = (signed_word) (signed_address) COP0_BADVADDR;
2107 COP0_BADVADDR = GPR[rt];
2110 #endif /* SUBTARGET_R3900 */
2117 /* 13 = Cause R4000 VR4100 VR4300 */
2124 /* 14 = EPC R4000 VR4100 VR4300 */
2127 GPR[rt] = (signed_word) (signed_address) EPC;
2131 /* 15 = PRId R4000 VR4100 VR4300 */
2132 #ifdef SUBTARGET_R3900
2141 /* 16 = Config R4000 VR4100 VR4300 */
2144 GPR[rt] = C0_CONFIG;
2146 C0_CONFIG = GPR[rt];
2149 #ifdef SUBTARGET_R3900
2158 /* 17 = LLAddr R4000 VR4100 VR4300 */
2160 /* 18 = WatchLo R4000 VR4100 VR4300 */
2161 /* 19 = WatchHi R4000 VR4100 VR4300 */
2162 /* 20 = XContext R4000 VR4100 VR4300 */
2163 /* 26 = PErr or ECC R4000 VR4100 VR4300 */
2164 /* 27 = CacheErr R4000 VR4100 */
2165 /* 28 = TagLo R4000 VR4100 VR4300 */
2166 /* 29 = TagHi R4000 VR4100 VR4300 */
2167 /* 30 = ErrorEPC R4000 VR4100 VR4300 */
2168 if (STATE_VERBOSE_P(SD))
2170 "Warning: PC 0x%lx:interp.c decode_coproc DEADC0DE\n",
2171 (unsigned long)cia);
2172 GPR[rt] = 0xDEADC0DE; /* CPR[0,rd] */
2173 /* CPR[0,rd] = GPR[rt]; */
2176 GPR[rt] = (signed_word) (signed32) COP0_GPR[rd];
2178 COP0_GPR[rd] = GPR[rt];
2181 sim_io_printf(sd,"Warning: MFC0 %d,%d ignored, PC=%08x (architecture specific)\n",rt,rd, (unsigned)cia);
2183 sim_io_printf(sd,"Warning: MTC0 %d,%d ignored, PC=%08x (architecture specific)\n",rt,rd, (unsigned)cia);
2187 else if (code == 0x10 && (tail & 0x3f) == 0x18)
2190 if (SR & status_ERL)
2192 /* Oops, not yet available */
2193 sim_io_printf(sd,"Warning: ERET when SR[ERL] set not handled yet");
2203 else if (code == 0x10 && (tail & 0x3f) == 0x10)
2206 #ifdef SUBTARGET_R3900
2207 /* TX39: Copy IEp/KUp -> IEc/KUc, and IEo/KUo -> IEp/KUp */
2209 /* shift IE/KU history bits right */
2210 SR = LSMASKED32(SR, 31, 4) | LSINSERTED32(LSEXTRACTED32(SR, 5, 2), 3, 0);
2212 /* TODO: CACHE register */
2213 #endif /* SUBTARGET_R3900 */
2215 else if (code == 0x10 && (tail & 0x3f) == 0x1F)
2223 sim_io_eprintf(sd,"Unrecognised COP0 instruction 0x%08X at PC = 0x%s : No handler present\n",instruction,pr_addr(cia));
2224 /* TODO: When executing an ERET or RFE instruction we should
2225 clear LLBIT, to ensure that any out-standing atomic
2226 read/modify/write sequence fails. */
2230 case 2: /* co-processor 2 */
2237 sim_io_eprintf(sd, "COP2 instruction 0x%08X at PC = 0x%s : No handler present\n",
2238 instruction,pr_addr(cia));
2243 case 1: /* should not occur (FPU co-processor) */
2244 case 3: /* should not occur (FPU co-processor) */
2245 SignalException(ReservedInstruction,instruction);
2253 /* This code copied from gdb's utils.c. Would like to share this code,
2254 but don't know of a common place where both could get to it. */
2256 /* Temporary storage using circular buffer */
2262 static char buf[NUMCELLS][CELLSIZE];
2264 if (++cell>=NUMCELLS) cell=0;
2268 /* Print routines to handle variable size regs, etc */
2270 /* Eliminate warning from compiler on 32-bit systems */
2271 static int thirty_two = 32;
2277 char *paddr_str=get_cell();
2278 switch (sizeof(addr))
2281 sprintf(paddr_str,"%08lx%08lx",
2282 (unsigned long)(addr>>thirty_two),(unsigned long)(addr&0xffffffff));
2285 sprintf(paddr_str,"%08lx",(unsigned long)addr);
2288 sprintf(paddr_str,"%04x",(unsigned short)(addr&0xffff));
2291 sprintf(paddr_str,"%x",addr);
2300 char *paddr_str=get_cell();
2301 sprintf(paddr_str,"%08lx%08lx",
2302 (unsigned long)(addr>>thirty_two),(unsigned long)(addr&0xffffffff));
2308 mips_core_signal (SIM_DESC sd,
2314 transfer_type transfer,
2315 sim_core_signals sig)
2317 const char *copy = (transfer == read_transfer ? "read" : "write");
2318 address_word ip = CIA_ADDR (cia);
2322 case sim_core_unmapped_signal:
2323 sim_io_eprintf (sd, "mips-core: %d byte %s to unmapped address 0x%lx at 0x%lx\n",
2325 (unsigned long) addr, (unsigned long) ip);
2326 COP0_BADVADDR = addr;
2327 SignalExceptionDataReference();
2330 case sim_core_unaligned_signal:
2331 sim_io_eprintf (sd, "mips-core: %d byte %s to unaligned address 0x%lx at 0x%lx\n",
2333 (unsigned long) addr, (unsigned long) ip);
2334 COP0_BADVADDR = addr;
2335 if(transfer == read_transfer)
2336 SignalExceptionAddressLoad();
2338 SignalExceptionAddressStore();
2342 sim_engine_abort (sd, cpu, cia,
2343 "mips_core_signal - internal error - bad switch");
2349 mips_cpu_exception_trigger(SIM_DESC sd, sim_cpu* cpu, address_word cia)
2351 ASSERT(cpu != NULL);
2353 if(cpu->exc_suspended > 0)
2354 sim_io_eprintf(sd, "Warning, nested exception triggered (%d)\n", cpu->exc_suspended);
2357 memcpy(cpu->exc_trigger_registers, cpu->registers, sizeof(cpu->exc_trigger_registers));
2358 cpu->exc_suspended = 0;
2362 mips_cpu_exception_suspend(SIM_DESC sd, sim_cpu* cpu, int exception)
2364 ASSERT(cpu != NULL);
2366 if(cpu->exc_suspended > 0)
2367 sim_io_eprintf(sd, "Warning, nested exception signal (%d then %d)\n",
2368 cpu->exc_suspended, exception);
2370 memcpy(cpu->exc_suspend_registers, cpu->registers, sizeof(cpu->exc_suspend_registers));
2371 memcpy(cpu->registers, cpu->exc_trigger_registers, sizeof(cpu->registers));
2372 cpu->exc_suspended = exception;
2376 mips_cpu_exception_resume(SIM_DESC sd, sim_cpu* cpu, int exception)
2378 ASSERT(cpu != NULL);
2380 if(exception == 0 && cpu->exc_suspended > 0)
2382 /* warn not for breakpoints */
2383 if(cpu->exc_suspended != sim_signal_to_host(sd, SIM_SIGTRAP))
2384 sim_io_eprintf(sd, "Warning, resuming but ignoring pending exception signal (%d)\n",
2385 cpu->exc_suspended);
2387 else if(exception != 0 && cpu->exc_suspended > 0)
2389 if(exception != cpu->exc_suspended)
2390 sim_io_eprintf(sd, "Warning, resuming with mismatched exception signal (%d vs %d)\n",
2391 cpu->exc_suspended, exception);
2393 memcpy(cpu->registers, cpu->exc_suspend_registers, sizeof(cpu->registers));
2395 else if(exception != 0 && cpu->exc_suspended == 0)
2397 sim_io_eprintf(sd, "Warning, ignoring spontanous exception signal (%d)\n", exception);
2399 cpu->exc_suspended = 0;
2403 /*---------------------------------------------------------------------------*/
2404 /*> EOF interp.c <*/
OSDN Git Service
