From 5de4359b4f303faf5eecc7c37668a6bef77cb656 Mon Sep 17 00:00:00 2001 From: Dragan Mladjenovic Date: Wed, 4 May 2022 13:03:59 +0200 Subject: [PATCH] target/mips: Fix emulation of nanoMIPS BPOSGE32C instruction MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit There are currently two problems related to the emulation of the instruction BPOSGE32C. The nanoMIPS instruction BPOSGE32C belongs to DSP R3 instructions (actually, as of now, it is the only instruction of DSP R3). The presence of DSP R3 instructions in QEMU is indicated by the flag MIPS_HFLAG_DSP_R3 (0x20000000). This flag is currently being properly set in CPUMIPSState's hflags (for example, for I7200 nanoMIPS CPU). However, it is not propagated to DisasContext's hflags, since the flag MIPS_HFLAG_DSP_R3 is not set in MIPS_HFLAG_TMASK (while similar flags MIPS_HFLAG_DSP_R2 and MIPS_HFLAG_DSP are set in this mask, and there is no problem in functioning check_dsp_r2(), check_dsp()). This means the function check_dsp_r3() currently does not work properly, and the emulation of BPOSGE32C can not work properly as well. Change MIPS_HFLAG_TMASK from 0x1F5807FF to 0x3F5807FF (logical OR with 0x20000000) to fix this. Additionally, check_cp1_enabled() is currently incorrectly called while emulating BPOSGE32C. BPOSGE32C is in the same pool (P.BR1) as FPU branch instruction BC1EQZC and BC1NEZC, but it not a part of FPU (CP1) instructions, and check_cp1_enabled() should not be involved while emulating BPOSGE32C. Rearrange invocations of check_cp1_enabled() within P.BR1 pool handling to affect only BC1EQZC and BC1NEZC emulation, and not BPOSGE32C emulation. Signed-off-by: Dragan Mladjenovic Signed-off-by: Stefan Pejic Reviewed-by: Philippe Mathieu-Daudé Message-Id: <20220504110403.613168-4-stefan.pejic@syrmia.com> Signed-off-by: Philippe Mathieu-Daudé --- target/mips/cpu.h | 2 +- target/mips/tcg/nanomips_translate.c.inc | 3 ++- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/target/mips/cpu.h b/target/mips/cpu.h index 6b6b8776d1..42efa989e4 100644 --- a/target/mips/cpu.h +++ b/target/mips/cpu.h @@ -1077,7 +1077,7 @@ typedef struct CPUArchState { #define EXCP_INST_NOTAVAIL 0x2 /* No valid instruction word for BadInstr */ uint32_t hflags; /* CPU State */ /* TMASK defines different execution modes */ -#define MIPS_HFLAG_TMASK 0x1F5807FF +#define MIPS_HFLAG_TMASK 0x3F5807FF #define MIPS_HFLAG_MODE 0x00007 /* execution modes */ /* * The KSU flags must be the lowest bits in hflags. The flag order diff --git a/target/mips/tcg/nanomips_translate.c.inc b/target/mips/tcg/nanomips_translate.c.inc index 9ee4df2135..941cfaa6bb 100644 --- a/target/mips/tcg/nanomips_translate.c.inc +++ b/target/mips/tcg/nanomips_translate.c.inc @@ -4478,12 +4478,13 @@ static int decode_nanomips_32_48_opc(CPUMIPSState *env, DisasContext *ctx) case NM_P_BR3A: s = sextract32(ctx->opcode, 0, 1) << 14 | extract32(ctx->opcode, 1, 13) << 1; - check_cp1_enabled(ctx); switch (extract32(ctx->opcode, 16, 5)) { case NM_BC1EQZC: + check_cp1_enabled(ctx); gen_compute_branch_cp1_nm(ctx, OPC_BC1EQZ, rt, s); break; case NM_BC1NEZC: + check_cp1_enabled(ctx); gen_compute_branch_cp1_nm(ctx, OPC_BC1NEZ, rt, s); break; case NM_BPOSGE32C: