From: Richard Henderson <richard.henderson@linaro.org>
To: Michael Clark <mjc@sifive.com>, qemu-devel@nongnu.org
Cc: Bastian Koppelmann <kbastian@mail.uni-paderborn.de>,
Sagar Karandikar <sagark@eecs.berkeley.edu>
Subject: Re: [Qemu-devel] [PATCH v1 05/21] RISC-V CPU Helpers
Date: Tue, 2 Jan 2018 23:12:27 -0800 [thread overview]
Message-ID: <7b4c9965-d0c4-1b10-aa6d-553a3923d598@linaro.org> (raw)
In-Reply-To: <1514940265-18093-6-git-send-email-mjc@sifive.com>
On 01/02/2018 04:44 PM, Michael Clark wrote:
> + target_ulong mode = env->priv;
> + if (access_type != MMU_INST_FETCH) {
> + if (get_field(env->mstatus, MSTATUS_MPRV)) {
> + mode = get_field(env->mstatus, MSTATUS_MPP);
> + }
> + }
> + if (env->priv_ver >= PRIV_VERSION_1_10_0) {
> + if (get_field(env->satp, SATP_MODE) == VM_1_09_MBARE) {
> + mode = PRV_M;
> + }
> + } else {
> + if (get_field(env->mstatus, MSTATUS_VM) == VM_1_10_MBARE) {
> + mode = PRV_M;
> + }
> + }
This is replicating cpu_mmu_index.
Therefore you should be relying on mmu_idx.
> + /* check to make sure that mmu_idx and mode that we get matches */
> + if (unlikely(mode != mmu_idx)) {
> + fprintf(stderr, "MODE: mmu_idx mismatch\n");
> + exit(1);
> + }
As in the opposite of this.
> +
> + if (mode == PRV_M) {
> + target_ulong msb_mask = /*0x7FFFFFFFFFFFFFFF; */
> + (((target_ulong)2) << (TARGET_LONG_BITS - 1)) - 1;
> + *physical = address & msb_mask;
Or perhaps extract64(address, 0, TARGET_LONG_BITS - 1)?
> + if (env->priv_ver >= PRIV_VERSION_1_10_0) {
> + base = get_field(env->satp, SATP_PPN) << PGSHIFT;
> + sum = get_field(env->mstatus, MSTATUS_SUM);
> + vm = get_field(env->satp, SATP_MODE);
> + switch (vm) {
> + case VM_1_10_SV32:
> + levels = 2; ptidxbits = 10; ptesize = 4; break;
> + case VM_1_10_SV39:
> + levels = 3; ptidxbits = 9; ptesize = 8; break;
> + case VM_1_10_SV48:
> + levels = 4; ptidxbits = 9; ptesize = 8; break;
> + case VM_1_10_SV57:
> + levels = 5; ptidxbits = 9; ptesize = 8; break;
> + default:
> + printf("unsupported SATP_MODE value\n");
> + exit(1);
Just qemu_log_mask with LOG_UNIMP or LOG_GUEST_ERROR, and then return
TRANSLATE_FAIL. Printing to stdout and exiting isn't kosher. Lots more
occurrences within this file.
> +static void raise_mmu_exception(CPURISCVState *env, target_ulong address,
> + MMUAccessType access_type)
> +{
> + CPUState *cs = CPU(riscv_env_get_cpu(env));
> + int page_fault_exceptions =
> + (env->priv_ver >= PRIV_VERSION_1_10_0) &&
> + get_field(env->satp, SATP_MODE) != VM_1_10_MBARE;
> + int exception = 0;
> + if (access_type == MMU_INST_FETCH) { /* inst access */
> + exception = page_fault_exceptions ?
> + RISCV_EXCP_INST_PAGE_FAULT : RISCV_EXCP_INST_ACCESS_FAULT;
> + env->badaddr = address;
> + } else if (access_type == MMU_DATA_STORE) { /* store access */
> + exception = page_fault_exceptions ?
> + RISCV_EXCP_STORE_PAGE_FAULT : RISCV_EXCP_STORE_AMO_ACCESS_FAULT;
> + env->badaddr = address;
> + } else if (access_type == MMU_DATA_LOAD) { /* load access */
> + exception = page_fault_exceptions ?
> + RISCV_EXCP_LOAD_PAGE_FAULT : RISCV_EXCP_LOAD_ACCESS_FAULT;
> + env->badaddr = address;
> + } else {
> + fprintf(stderr, "FAIL: invalid access_type\n");
> + exit(1);
Switch with a default: g_assert_not_reached(), since access_type is not
controlled by the guest.
> +void riscv_cpu_do_unaligned_access(CPUState *cs, vaddr addr,
> + MMUAccessType access_type, int mmu_idx,
> + uintptr_t retaddr)
> +{
> + RISCVCPU *cpu = RISCV_CPU(cs);
> + CPURISCVState *env = &cpu->env;
> + if (access_type == MMU_INST_FETCH) {
> + fprintf(stderr, "unaligned inst fetch not handled here. should not "
> + "trigger\n");
> + exit(1);
No exit. Do something logical.
> + } else if (access_type == MMU_DATA_STORE) {
> + cs->exception_index = RISCV_EXCP_STORE_AMO_ADDR_MIS;
> + env->badaddr = addr;
Why does STORE imply AMO? Why can't a normal store trigger an unaligned trap?
> + fprintf(stderr, "Invalid MMUAccessType\n");
> + exit(1);
I'll stop pointing these out, but there need to be zero instances of exit
within the backend.
> +void riscv_cpu_do_interrupt(CPUState *cs)
> +{
> +#if !defined(CONFIG_USER_ONLY)
> +
> + RISCVCPU *cpu = RISCV_CPU(cs);
> + CPURISCVState *env = &cpu->env;
> +
> + #ifdef RISCV_DEBUG_INTERRUPT
> + if (cs->exception_index & 0x70000000) {
> + fprintf(stderr, "core 0: exception trap_%s, epc 0x" TARGET_FMT_lx "\n"
> + , riscv_interrupt_names[cs->exception_index & 0x0fffffff],
> + env->pc);
> + } else {
> + fprintf(stderr, "core 0: exception trap_%s, epc 0x" TARGET_FMT_lx "\n"
> + , riscv_excp_names[cs->exception_index], env->pc);
> + }
> + #endif
> +
> + if (cs->exception_index == RISCV_EXCP_BREAKPOINT) {
> + fprintf(stderr, "debug mode not implemented\n");
> + }
> +
> + /* skip dcsr cause check */
> +
> + target_ulong fixed_cause = 0;
> + if (cs->exception_index & (0x70000000)) {
> + /* hacky for now. the MSB (bit 63) indicates interrupt but cs->exception
> + index is only 32 bits wide */
> + fixed_cause = cs->exception_index & 0x0FFFFFFF;
> + fixed_cause |= ((target_ulong)1) << (TARGET_LONG_BITS - 1);
> + } else {
> + /* fixup User ECALL -> correct priv ECALL */
> + if (cs->exception_index == RISCV_EXCP_U_ECALL) {
> + switch (env->priv) {
> + case PRV_U:
> + fixed_cause = RISCV_EXCP_U_ECALL;
> + break;
> + case PRV_S:
> + fixed_cause = RISCV_EXCP_S_ECALL;
> + break;
> + case PRV_H:
> + fixed_cause = RISCV_EXCP_H_ECALL;
> + break;
> + case PRV_M:
> + fixed_cause = RISCV_EXCP_M_ECALL;
> + break;
> + }
> + } else {
> + fixed_cause = cs->exception_index;
> + }
> + }
> +
> + target_ulong backup_epc = env->pc;
> +
> + target_ulong bit = fixed_cause;
> + target_ulong deleg = env->medeleg;
> +
> + int hasbadaddr =
> + (fixed_cause == RISCV_EXCP_INST_ADDR_MIS) ||
> + (fixed_cause == RISCV_EXCP_INST_ACCESS_FAULT) ||
> + (fixed_cause == RISCV_EXCP_LOAD_ADDR_MIS) ||
> + (fixed_cause == RISCV_EXCP_STORE_AMO_ADDR_MIS) ||
> + (fixed_cause == RISCV_EXCP_LOAD_ACCESS_FAULT) ||
> + (fixed_cause == RISCV_EXCP_STORE_AMO_ACCESS_FAULT) ||
> + (fixed_cause == RISCV_EXCP_INST_PAGE_FAULT) ||
> + (fixed_cause == RISCV_EXCP_LOAD_PAGE_FAULT) ||
> + (fixed_cause == RISCV_EXCP_STORE_PAGE_FAULT);
> +
> + if (bit & ((target_ulong)1 << (TARGET_LONG_BITS - 1))) {
> + deleg = env->mideleg;
> + bit &= ~((target_ulong)1 << (TARGET_LONG_BITS - 1));
> + }
> +
> + if (env->priv <= PRV_S && bit < 64 && ((deleg >> bit) & 1)) {
> + /* handle the trap in S-mode */
> + /* No need to check STVEC for misaligned - lower 2 bits cannot be set */
> + env->pc = env->stvec;
> + env->scause = fixed_cause;
> + env->sepc = backup_epc;
> +
> + if (hasbadaddr) {
> + #ifdef RISCV_DEBUG_INTERRUPT
> + fprintf(stderr, "core %d: badaddr 0x" TARGET_FMT_lx "\n",
> + env->mhartid, env->badaddr);
> + #endif
> + env->sbadaddr = env->badaddr;
> + }
> +
> + target_ulong s = env->mstatus;
> + s = set_field(s, MSTATUS_SPIE, get_field(s, MSTATUS_UIE << env->priv));
> + s = set_field(s, MSTATUS_SPP, env->priv);
> + s = set_field(s, MSTATUS_SIE, 0);
> + csr_write_helper(env, s, CSR_MSTATUS);
> + set_privilege(env, PRV_S);
> + } else {
> + /* No need to check MTVEC for misaligned - lower 2 bits cannot be set */
> + env->pc = env->mtvec;
> + env->mepc = backup_epc;
> + env->mcause = fixed_cause;
> +
> + if (hasbadaddr) {
> + #ifdef RISCV_DEBUG_INTERRUPT
> + fprintf(stderr, "core %d: badaddr 0x" TARGET_FMT_lx "\n",
> + env->mhartid, env->badaddr);
> + #endif
> + env->mbadaddr = env->badaddr;
> + }
> +
> + target_ulong s = env->mstatus;
> + s = set_field(s, MSTATUS_MPIE, get_field(s, MSTATUS_UIE << env->priv));
> + s = set_field(s, MSTATUS_MPP, env->priv);
> + s = set_field(s, MSTATUS_MIE, 0);
> + csr_write_helper(env, s, CSR_MSTATUS);
> + set_privilege(env, PRV_M);
> + }
> + /* TODO yield load reservation */
> +#endif
> + cs->exception_index = EXCP_NONE; /* mark handled to qemu */
> +}
Marking handled is done generically. Why do you need to do it here?
> +/* Floating Point - fused */
> +DEF_HELPER_FLAGS_5(fmadd_s, TCG_CALL_NO_RWG, i64, env, i64, i64, i64, i64)
Ideally these would go in with the patch that adds the helpers, so they're
easier to validate. However, I suppose it doesn't really matter.
> +void helper_raise_exception_mbadaddr(CPURISCVState *env, uint32_t exception,
> + target_ulong bad_pc) {
Brace on next line.
> + #ifdef RISCV_DEBUG_PRINT
> + fprintf(stderr, "Write CSR reg: 0x" TARGET_FMT_lx "\n", csrno);
> + fprintf(stderr, "Write CSR val: 0x" TARGET_FMT_lx "\n", val_to_write);
> + #endif
Drop the debugging prints. Perhaps use the tracing infrastructure?
> + case CSR_MISA: {
> + if (!(val_to_write & (1L << ('F' - 'A')))) {
> + val_to_write &= ~(1L << ('D' - 'A'));
> + }
> +
> + /* allow MAFDC bits in MISA to be modified */
> + target_ulong mask = 0;
> + mask |= 1L << ('M' - 'A');
> + mask |= 1L << ('A' - 'A');
> + mask |= 1L << ('F' - 'A');
> + mask |= 1L << ('D' - 'A');
> + mask |= 1L << ('C' - 'A');
> + mask &= env->misa_mask;
> +
> + env->misa = (val_to_write & mask) | (env->misa & ~mask);
Does this not affect the set of instructions that are allowable? If so, you'd
want something like
new_misa = (val_to_write & mask) | (env->misa & ~mask);
if (env->misa != new_misa) {
env->misa = new_misa;
tb_flush(CPU(riscv_env_get_cpu(env)));
}
so that we start with all new translations, which would then check the new
value of misa, and would then raise INST_ADDR_MIS (or not).
> +inline target_ulong csr_read_helper(CPURISCVState *env, target_ulong csrno)
Why mark such large functions inline?
> +void set_privilege(CPURISCVState *env, target_ulong newpriv)
> +{
> + if (!(newpriv <= PRV_M)) {
> + printf("INVALID PRIV SET\n");
> + exit(1);
> + }
> + if (newpriv == PRV_H) {
> + newpriv = PRV_U;
> + }
> + helper_tlb_flush(env);
Why flush? Doesn't this just switch to a different mmu_idx?
> +void helper_fence_i(CPURISCVState *env)
> +{
> + RISCVCPU *cpu = riscv_env_get_cpu(env);
> + CPUState *cs = CPU(cpu);
> + /* Flush QEMU's TLB */
> + tlb_flush(cs);
> + /* ARM port seems to not know if this is okay inside a TB
> + But we need to do it */
> + tb_flush(cs);
> +}
You should not require either flush.
This insn can be implemented in qemu as a nop.
r~
next prev parent reply other threads:[~2018-01-03 7:12 UTC|newest]
Thread overview: 99+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-01-03 0:44 [Qemu-devel] [PATCH v1 00/21] RISC-V QEMU Port Submission v1 Michael Clark
2018-01-03 0:44 ` [Qemu-devel] [PATCH v1 01/21] RISC-V Maintainers Michael Clark
2018-01-03 5:30 ` Richard Henderson
2018-01-09 21:27 ` Alistair Francis
2018-01-03 0:44 ` [Qemu-devel] [PATCH v1 02/21] RISC-V ELF Machine Definition Michael Clark
2018-01-03 5:30 ` Richard Henderson
2018-01-09 21:33 ` Alistair Francis
2018-01-03 0:44 ` [Qemu-devel] [PATCH v1 03/21] RISC-V CPU Core Definition Michael Clark
2018-01-03 5:21 ` Richard Henderson
2018-01-03 22:30 ` Michael Clark
2018-01-08 6:55 ` Michael Clark
2018-01-04 6:47 ` Antony Pavlov
2018-01-04 7:33 ` Michael Clark
2018-01-04 17:53 ` Antony Pavlov
2018-01-05 5:59 ` Michael Clark
2018-03-03 1:41 ` Michael Clark
2018-01-03 0:44 ` [Qemu-devel] [PATCH v1 04/21] RISC-V Disassembler Michael Clark
2018-01-03 5:30 ` Richard Henderson
2018-01-03 22:12 ` Michael Clark
2018-01-03 0:44 ` [Qemu-devel] [PATCH v1 05/21] RISC-V CPU Helpers Michael Clark
2018-01-03 7:12 ` Richard Henderson [this message]
2018-01-03 22:59 ` Michael Clark
2018-01-03 23:25 ` Richard Henderson
2018-01-10 10:35 ` Stefan O'Rear
2018-01-10 17:04 ` Richard Henderson
2018-01-08 14:28 ` Christoph Hellwig
2018-01-03 0:44 ` [Qemu-devel] [PATCH v1 06/21] RISC-V FPU Support Michael Clark
2018-01-03 20:10 ` Richard Henderson
2018-01-23 21:37 ` Michael Clark
2018-01-24 0:01 ` Richard Henderson
2018-01-24 1:31 ` Michael Clark
2018-01-24 16:16 ` Richard Henderson
2018-01-24 17:35 ` Michael Clark
2018-01-23 23:15 ` Michael Clark
2018-01-23 23:35 ` Michael Clark
2018-01-24 0:03 ` Jim Wilson
2018-01-24 0:15 ` Richard Henderson
2018-01-24 18:58 ` Jim Wilson
2018-01-24 23:47 ` Richard Henderson
2018-01-29 20:33 ` Jim Wilson
2018-02-02 5:26 ` Michael Clark
2018-01-03 0:44 ` [Qemu-devel] [PATCH v1 07/21] RISC-V GDB Stub Michael Clark
2018-01-03 20:25 ` Richard Henderson
2018-01-03 0:44 ` [Qemu-devel] [PATCH v1 08/21] RISC-V TCG Code Generation Michael Clark
2018-01-03 21:35 ` Richard Henderson
2018-01-03 0:44 ` [Qemu-devel] [PATCH v1 09/21] RISC-V Physical Memory Protection Michael Clark
2018-01-03 23:03 ` Richard Henderson
2018-01-03 0:44 ` [Qemu-devel] [PATCH v1 10/21] RISC-V Linux User Emulation Michael Clark
2018-01-03 23:47 ` Richard Henderson
2018-01-05 6:51 ` Michael Clark
2018-01-03 0:44 ` [Qemu-devel] [PATCH v1 11/21] RISC-V HTIF Console Michael Clark
2018-01-04 0:00 ` Richard Henderson
2018-01-08 14:31 ` Christoph Hellwig
2018-02-04 20:19 ` Michael Clark
2018-02-04 21:29 ` Christoph Hellwig
2018-02-04 23:23 ` Michael Clark
2018-01-03 0:44 ` [Qemu-devel] [PATCH v1 12/21] RISC-V HART Array Michael Clark
2018-01-04 0:08 ` Richard Henderson
2018-01-05 21:41 ` Antony Pavlov
2018-01-05 21:44 ` Eric Blake
2018-01-03 0:44 ` [Qemu-devel] [PATCH v1 13/21] SiFive RISC-V CLINT Block Michael Clark
2018-01-03 0:44 ` [Qemu-devel] [PATCH v1 14/21] SiFive RISC-V PLIC Block Michael Clark
2018-01-03 0:44 ` [Qemu-devel] [PATCH v1 15/21] RISC-V Spike Machines Michael Clark
2018-01-04 0:14 ` Richard Henderson
2018-01-03 0:44 ` [Qemu-devel] [PATCH v1 16/21] RISC-V VirtIO Machine Michael Clark
2018-01-03 0:44 ` [Qemu-devel] [PATCH v1 17/21] SiFive RISC-V UART Device Michael Clark
2018-01-03 14:57 ` KONRAD Frederic
2018-01-05 6:38 ` Michael Clark
2018-01-04 21:07 ` Antony Pavlov
2018-01-05 6:03 ` Michael Clark
2018-01-03 0:44 ` [Qemu-devel] [PATCH v1 18/21] SiFive RISC-V PRCI Block Michael Clark
2018-01-03 15:02 ` KONRAD Frederic
2018-01-03 22:07 ` Michael Clark
2018-01-03 0:44 ` [Qemu-devel] [PATCH v1 19/21] SiFive Freedom E300 RISC-V Machine Michael Clark
2018-01-05 21:54 ` Antony Pavlov
2018-01-03 0:44 ` [Qemu-devel] [PATCH v1 20/21] SiFive Freedom U500 " Michael Clark
2018-01-03 0:44 ` [Qemu-devel] [PATCH v1 21/21] RISC-V Build Infrastructure Michael Clark
2018-01-03 23:23 ` Eric Blake
2018-01-05 6:47 ` Michael Clark
2018-01-05 14:49 ` Eric Blake
2018-01-08 9:29 ` Markus Armbruster
2018-01-04 17:09 ` Antony Pavlov
2018-01-05 6:22 ` Michael Clark
2018-02-03 22:36 ` Michael Clark
2018-01-03 1:28 ` [Qemu-devel] [PATCH v1 00/21] RISC-V QEMU Port Submission v1 no-reply
2018-01-03 1:46 ` Michael Clark
2018-01-03 2:00 ` Michael Clark
2018-01-03 2:41 ` Fam Zheng
2018-01-03 2:54 ` Michael Clark
2018-01-03 3:05 ` Fam Zheng
2018-01-05 11:49 ` Alex Bennée
2018-01-05 12:25 ` Fam Zheng
2018-01-05 12:39 ` Alex Bennée
2018-01-05 22:11 ` Paolo Bonzini
2018-01-03 11:35 ` Richard W.M. Jones
2018-01-03 21:50 ` Michael Clark
2018-01-03 22:06 ` Richard W.M. Jones
2018-01-08 15:45 ` Andrea Bolognani
2018-01-08 14:24 ` Christoph Hellwig
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=7b4c9965-d0c4-1b10-aa6d-553a3923d598@linaro.org \
--to=richard.henderson@linaro.org \
--cc=kbastian@mail.uni-paderborn.de \
--cc=mjc@sifive.com \
--cc=qemu-devel@nongnu.org \
--cc=sagark@eecs.berkeley.edu \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).