[Qemu-devel] [PATCH v2 10/29] target/riscv: Convert RV64A insns to decodetree

[Bastian Koppelmann]

Reviewed-by: Richard Henderson 
Signed-off-by: Bastian Koppelmann 
Signed-off-by: Peer Adelt 
---
v1 -> v2:
- use simplfied gen_amo() with function pointers

 target/riscv/insn32.decode  |  13 +++
 target/riscv/insn_trans/trans_rva.inc.c |  99 +
 target/riscv/translate.c| 140 
 3 files changed, 112 insertions(+), 140 deletions(-)

diff --git a/target/riscv/insn32.decode b/target/riscv/insn32.decode
index 687eadcaa5..0b75987855 100644
--- a/target/riscv/insn32.decode
+++ b/target/riscv/insn32.decode
@@ -147,3 +147,16 @@ amomin_w   1 . . . . 010 . 010 @atom_st
 amomax_w   10100 . . . . 010 . 010 @atom_st
 amominu_w  11000 . . . . 010 . 010 @atom_st
 amomaxu_w  11100 . . . . 010 . 010 @atom_st
+
+# *** RV64A Standard Extension (in addition to RV32A) ***
+lr_d   00010 . . 0 . 011 . 010 @atom_ld
+sc_d   00011 . . . . 011 . 010 @atom_st
+amoswap_d  1 . . . . 011 . 010 @atom_st
+amoadd_d   0 . . . . 011 . 010 @atom_st
+amoxor_d   00100 . . . . 011 . 010 @atom_st
+amoand_d   01100 . . . . 011 . 010 @atom_st
+amoor_d01000 . . . . 011 . 010 @atom_st
+amomin_d   1 . . . . 011 . 010 @atom_st
+amomax_d   10100 . . . . 011 . 010 @atom_st
+amominu_d  11000 . . . . 011 . 010 @atom_st
+amomaxu_d  11100 . . . . 011 . 010 @atom_st
diff --git a/target/riscv/insn_trans/trans_rva.inc.c 
b/target/riscv/insn_trans/trans_rva.inc.c
index dd0fb02b23..7e368dc321 100644
--- a/target/riscv/insn_trans/trans_rva.inc.c
+++ b/target/riscv/insn_trans/trans_rva.inc.c
@@ -143,3 +143,102 @@ static bool trans_amomaxu_w(DisasContext *ctx, 
arg_amomaxu_w *a, uint32_t insn)
 {
 return gen_amo(ctx, a, &tcg_gen_atomic_fetch_umax_tl, (MO_ALIGN | 
MO_TESL));
 }
+
+static bool trans_lr_d(DisasContext *ctx, arg_lr_d *a, uint32_t insn)
+{
+#ifdef TARGET_RISCV64
+return gen_lr(ctx, a, MO_ALIGN | MO_TEQ);
+#else
+return false;
+#endif
+}
+
+static bool trans_sc_d(DisasContext *ctx, arg_sc_d *a, uint32_t insn)
+{
+#ifdef TARGET_RISCV64
+return gen_sc(ctx, a, (MO_ALIGN | MO_TEQ));
+#else
+return false;
+#endif
+}
+
+static bool trans_amoswap_d(DisasContext *ctx, arg_amoswap_d *a, uint32_t insn)
+{
+#ifdef TARGET_RISCV64
+return gen_amo(ctx, a, &tcg_gen_atomic_xchg_tl, (MO_ALIGN | MO_TEQ));
+#else
+return false;
+#endif
+}
+
+static bool trans_amoadd_d(DisasContext *ctx, arg_amoadd_d *a, uint32_t insn)
+{
+#ifdef TARGET_RISCV64
+return gen_amo(ctx, a, &tcg_gen_atomic_fetch_add_tl, (MO_ALIGN | MO_TEQ));
+#else
+return false;
+#endif
+}
+
+static bool trans_amoxor_d(DisasContext *ctx, arg_amoxor_d *a, uint32_t insn)
+{
+#ifdef TARGET_RISCV64
+return gen_amo(ctx, a, &tcg_gen_atomic_fetch_xor_tl, (MO_ALIGN | MO_TEQ));
+#else
+return false;
+#endif
+}
+
+static bool trans_amoand_d(DisasContext *ctx, arg_amoand_d *a, uint32_t insn)
+{
+#ifdef TARGET_RISCV64
+return gen_amo(ctx, a, &tcg_gen_atomic_fetch_and_tl, (MO_ALIGN | MO_TEQ));
+#else
+return false;
+#endif
+}
+
+static bool trans_amoor_d(DisasContext *ctx, arg_amoor_d *a, uint32_t insn)
+{
+#ifdef TARGET_RISCV64
+return gen_amo(ctx, a, &tcg_gen_atomic_fetch_or_tl, (MO_ALIGN | MO_TEQ));
+#else
+return false;
+#endif
+}
+
+static bool trans_amomin_d(DisasContext *ctx, arg_amomin_d *a, uint32_t insn)
+{
+#ifdef TARGET_RISCV64
+return gen_amo(ctx, a, &tcg_gen_atomic_fetch_smin_tl, (MO_ALIGN | MO_TEQ));
+#else
+return false;
+#endif
+}
+
+static bool trans_amomax_d(DisasContext *ctx, arg_amomax_d *a, uint32_t insn)
+{
+#ifdef TARGET_RISCV64
+return gen_amo(ctx, a, &tcg_gen_atomic_fetch_smax_tl, (MO_ALIGN | MO_TEQ));
+#else
+return false;
+#endif
+}
+
+static bool trans_amominu_d(DisasContext *ctx, arg_amominu_d *a, uint32_t insn)
+{
+#ifdef TARGET_RISCV64
+return gen_amo(ctx, a, &tcg_gen_atomic_fetch_umin_tl, (MO_ALIGN | MO_TEQ));
+#else
+return false;
+#endif
+}
+
+static bool trans_amomaxu_d(DisasContext *ctx, arg_amomaxu_d *a, uint32_t insn)
+{
+#ifdef TARGET_RISCV64
+return gen_amo(ctx, a, &tcg_gen_atomic_fetch_umax_tl, (MO_ALIGN | MO_TEQ));
+#else
+return false;
+#endif
+}
diff --git a/target/riscv/translate.c b/target/riscv/translate.c
index d6e8d9700f..6a3d49b9b9 100644
--- a/target/riscv/translate.c
+++ b/target/riscv/translate.c
@@ -711,143 +711,6 @@ static void gen_fp_store(DisasContext *ctx, uint32_t opc, 
int rs1,
 tcg_temp_free(t0);
 }
 
-static void gen_atomic(DisasContext *ctx, uint32_t opc,
-  int rd, int rs1, int rs2)
-{
-TCGv src1, src2, dat;
-TCGLabel *l1, *l2;
-TCGMemOp mop;
-bool aq, rl;
-
-/* Extract the size of the atomic operation.  */
-switch (extract32(opc, 12, 3)) {
-case 2: /* 32-bit */
-mop = MO_ALIGN | 

[Qemu-devel] [PATCH v2 03/29] target/riscv: Convert RVXI branch insns to decodetree

[Bastian Koppelmann]

Signed-off-by: Bastian Koppelmann 
Signed-off-by: Peer Adelt 
---
v1 -> v2:
- use ctx->env instead of current_cpu->env_ptr

 target/riscv/insn32.decode  | 19 ++
 target/riscv/insn_trans/trans_rvi.inc.c | 49 +
 target/riscv/translate.c| 19 +-
 3 files changed, 69 insertions(+), 18 deletions(-)

diff --git a/target/riscv/insn32.decode b/target/riscv/insn32.decode
index 44d4e922b6..b49913416d 100644
--- a/target/riscv/insn32.decode
+++ b/target/riscv/insn32.decode
@@ -17,14 +17,33 @@
 # this program.  If not, see .

 # Fields:
+%rs2   20:5
+%rs1   15:5
 %rd7:5

 # immediates:
+%imm_i20:s12
+%imm_b31:s1 7:1 25:6 8:4 !function=ex_shift_1
+%imm_j31:s1 12:8 20:1 21:10  !function=ex_shift_1
 %imm_u12:s20 !function=ex_shift_12

+# Argument sets:
+&branchimm rs2 rs1
+
 # Formats 32:
+@i   . ... . ... imm=%imm_i %rs1 
%rd
+@b   ...   . . ... . ... &branch imm=%imm_b %rs2 %rs1
 @u     . ... imm=%imm_u  
%rd
+@j     . ... imm=%imm_j  
%rd

 # *** RV32I Base Instruction Set ***
 lui     . 0110111 @u
 auipc   . 0010111 @u
+jal     . 110 @j
+jalr  . 000 . 1100111 @i
+beq  ... .. 000 . 1100011 @b
+bne  ... .. 001 . 1100011 @b
+blt  ... .. 100 . 1100011 @b
+bge  ... .. 101 . 1100011 @b
+bltu ... .. 110 . 1100011 @b
+bgeu ... .. 111 . 1100011 @b
diff --git a/target/riscv/insn_trans/trans_rvi.inc.c 
b/target/riscv/insn_trans/trans_rvi.inc.c
index aee0d1637d..3935a80ba5 100644
--- a/target/riscv/insn_trans/trans_rvi.inc.c
+++ b/target/riscv/insn_trans/trans_rvi.inc.c
@@ -33,3 +33,52 @@ static bool trans_auipc(DisasContext *ctx, arg_auipc *a, 
uint32_t insn)
 }
 return true;
 }
+
+static bool trans_jal(DisasContext *ctx, arg_jal *a, uint32_t insn)
+{
+gen_jal(ctx->env, ctx, a->rd, a->imm);
+return true;
+}
+
+static bool trans_jalr(DisasContext *ctx, arg_jalr *a, uint32_t insn)
+{
+gen_jalr(ctx->env, ctx, OPC_RISC_JALR, a->rd, a->rs1, a->imm);
+return true;
+}
+
+static bool trans_beq(DisasContext *ctx, arg_beq *a, uint32_t insn)
+{
+gen_branch(ctx->env, ctx, OPC_RISC_BEQ, a->rs1, a->rs2, a->imm);
+return true;
+}
+
+static bool trans_bne(DisasContext *ctx, arg_bne *a, uint32_t insn)
+{
+gen_branch(ctx->env, ctx, OPC_RISC_BNE, a->rs1, a->rs2, a->imm);
+return true;
+}
+
+static bool trans_blt(DisasContext *ctx, arg_blt *a, uint32_t insn)
+{
+gen_branch(ctx->env, ctx, OPC_RISC_BLT, a->rs1, a->rs2, a->imm);
+return true;
+}
+
+static bool trans_bge(DisasContext *ctx, arg_bge *a, uint32_t insn)
+{
+gen_branch(ctx->env, ctx, OPC_RISC_BGE, a->rs1, a->rs2, a->imm);
+return true;
+}
+
+static bool trans_bltu(DisasContext *ctx, arg_bltu *a, uint32_t insn)
+{
+gen_branch(ctx->env, ctx, OPC_RISC_BLTU, a->rs1, a->rs2, a->imm);
+return true;
+}
+
+static bool trans_bgeu(DisasContext *ctx, arg_bgeu *a, uint32_t insn)
+{
+
+gen_branch(ctx->env, ctx, OPC_RISC_BGEU, a->rs1, a->rs2, a->imm);
+return true;
+}
diff --git a/target/riscv/translate.c b/target/riscv/translate.c
index 65a323a201..9b6848e666 100644
--- a/target/riscv/translate.c
+++ b/target/riscv/translate.c
@@ -1672,6 +1672,7 @@ static void decode_RV32_64C(CPURISCVState *env, 
DisasContext *ctx)
 { \
 return imm << amount; \
 }
+EX_SH(1)
 EX_SH(12)

 bool decode_insn32(DisasContext *ctx, uint32_t insn);
@@ -1700,24 +1701,6 @@ static void decode_RV32_64G(CPURISCVState *env, 
DisasContext *ctx)
 imm = GET_IMM(ctx->opcode);

 switch (op) {
-case OPC_RISC_AUIPC:
-if (rd == 0) {
-break; /* NOP */
-}
-tcg_gen_movi_tl(cpu_gpr[rd], (sextract64(ctx->opcode, 12, 20) << 12) +
-   ctx->base.pc_next);
-break;
-case OPC_RISC_JAL:
-imm = GET_JAL_IMM(ctx->opcode);
-gen_jal(env, ctx, rd, imm);
-break;
-case OPC_RISC_JALR:
-gen_jalr(env, ctx, MASK_OP_JALR(ctx->opcode), rd, rs1, imm);
-break;
-case OPC_RISC_BRANCH:
-gen_branch(env, ctx, MASK_OP_BRANCH(ctx->opcode), rs1, rs2,
-   GET_B_IMM(ctx->opcode));
-break;
 case OPC_RISC_LOAD:
 gen_load(ctx, MASK_OP_LOAD(ctx->opcode), rd, rs1, imm);
 break;
--
2.19.1

[Qemu-devel] [PATCH v2 02/29] targer/riscv: Activate decodetree and implemnt LUI & AUIPC

[Bastian Koppelmann]

for now only LUI & AUIPC are decoded and translated. If decodetree fails, we
fall back to the old decoder.

Reviewed-by: Richard Henderson 
Signed-off-by: Bastian Koppelmann 
Signed-off-by: Peer Adelt 
---
v1 -> v2:
- ex_shift_amount returns uint32_t

 target/riscv/Makefile.objs  | 10 +++
 target/riscv/insn32.decode  | 30 +
 target/riscv/insn_trans/trans_rvi.inc.c | 35 +
 target/riscv/translate.c| 24 -
 4 files changed, 92 insertions(+), 7 deletions(-)
 create mode 100644 target/riscv/insn32.decode
 create mode 100644 target/riscv/insn_trans/trans_rvi.inc.c

diff --git a/target/riscv/Makefile.objs b/target/riscv/Makefile.objs
index abd0a7cde3..ea02f9b9ef 100644
--- a/target/riscv/Makefile.objs
+++ b/target/riscv/Makefile.objs
@@ -1 +1,11 @@
 obj-y += translate.o op_helper.o helper.o cpu.o fpu_helper.o gdbstub.o pmp.o
+
+DECODETREE = $(SRC_PATH)/scripts/decodetree.py
+
+target/riscv/decode_insn32.inc.c: \
+  $(SRC_PATH)/target/riscv/insn32.decode $(DECODETREE)
+   $(call quiet-command, \
+ $(PYTHON) $(DECODETREE) -o $@ --decode decode_insn32 $<, \
+ "GEN", $(TARGET_DIR)$@)
+
+target/riscv/translate.o: target/riscv/decode_insn32.inc.c
diff --git a/target/riscv/insn32.decode b/target/riscv/insn32.decode
new file mode 100644
index 00..44d4e922b6
--- /dev/null
+++ b/target/riscv/insn32.decode
@@ -0,0 +1,30 @@
+#
+# RISC-V translation routines for the RVXI Base Integer Instruction Set.
+#
+# Copyright (c) 2018 Peer Adelt, peer.ad...@hni.uni-paderborn.de
+#Bastian Koppelmann, kbast...@mail.uni-paderborn.de
+#
+# This program is free software; you can redistribute it and/or modify it
+# under the terms and conditions of the GNU General Public License,
+# version 2 or later, as published by the Free Software Foundation.
+#
+# This program is distributed in the hope it will be useful, but WITHOUT
+# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+# FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License for
+# more details.
+#
+# You should have received a copy of the GNU General Public License along with
+# this program.  If not, see .
+
+# Fields:
+%rd7:5
+
+# immediates:
+%imm_u12:s20 !function=ex_shift_12
+
+# Formats 32:
+@u     . ... imm=%imm_u  
%rd
+
+# *** RV32I Base Instruction Set ***
+lui     . 0110111 @u
+auipc   . 0010111 @u
diff --git a/target/riscv/insn_trans/trans_rvi.inc.c 
b/target/riscv/insn_trans/trans_rvi.inc.c
new file mode 100644
index 00..aee0d1637d
--- /dev/null
+++ b/target/riscv/insn_trans/trans_rvi.inc.c
@@ -0,0 +1,35 @@
+/*
+ * RISC-V translation routines for the RVXI Base Integer Instruction Set.
+ *
+ * Copyright (c) 2016-2017 Sagar Karandikar, sag...@eecs.berkeley.edu
+ * Copyright (c) 2018 Peer Adelt, peer.ad...@hni.uni-paderborn.de
+ *Bastian Koppelmann, kbast...@mail.uni-paderborn.de
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms and conditions of the GNU General Public License,
+ * version 2 or later, as published by the Free Software Foundation.
+ *
+ * This program is distributed in the hope it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License for
+ * more details.
+ *
+ * You should have received a copy of the GNU General Public License along with
+ * this program.  If not, see .
+ */
+
+static bool trans_lui(DisasContext *ctx, arg_lui *a, uint32_t insn)
+{
+if (a->rd != 0) {
+tcg_gen_movi_tl(cpu_gpr[a->rd], a->imm);
+}
+return true;
+}
+
+static bool trans_auipc(DisasContext *ctx, arg_auipc *a, uint32_t insn)
+{
+if (a->rd != 0) {
+tcg_gen_movi_tl(cpu_gpr[a->rd], a->imm + ctx->base.pc_next);
+}
+return true;
+}
diff --git a/target/riscv/translate.c b/target/riscv/translate.c
index e81b9f097e..65a323a201 100644
--- a/target/riscv/translate.c
+++ b/target/riscv/translate.c
@@ -1667,6 +1667,19 @@ static void decode_RV32_64C(CPURISCVState *env, 
DisasContext *ctx)
 }
 }
 
+#define EX_SH(amount) \
+static int32_t ex_shift_##amount(int imm) \
+{ \
+return imm << amount; \
+}
+EX_SH(12)
+
+bool decode_insn32(DisasContext *ctx, uint32_t insn);
+/* Include the auto-generated decoder for 32 bit insn */
+#include "decode_insn32.inc.c"
+/* Include insn module translation function */
+#include "insn_trans/trans_rvi.inc.c"
+
 static void decode_RV32_64G(CPURISCVState *env, DisasContext *ctx)
 {
 int rs1;
@@ -1687,12 +1700,6 @@ static void decode_RV32_64G(CPURISCVState *en

[Qemu-devel] [PATCH v2 12/29] target/riscv: Convert RV64F insns to decodetree

[Bastian Koppelmann]

Reviewed-by: Richard Henderson 
Signed-off-by: Bastian Koppelmann 
Signed-off-by: Peer Adelt 
---
v1 -> v2:
- RISCV32 now returns false instead of raising an exception

 target/riscv/insn32.decode  |  6 +++
 target/riscv/insn_trans/trans_rvf.inc.c | 68 +
 2 files changed, 74 insertions(+)

diff --git a/target/riscv/insn32.decode b/target/riscv/insn32.decode
index f27bdab245..5d3d2a25ac 100644
--- a/target/riscv/insn32.decode
+++ b/target/riscv/insn32.decode
@@ -195,3 +195,9 @@ fclass_s   111  0 . 001 . 1010011 @r2
 fcvt_s_w   1101000  0 . ... . 1010011 @r2_rm
 fcvt_s_wu  1101000  1 . ... . 1010011 @r2_rm
 fmv_w_x000  0 . 000 . 1010011 @r2
+
+# *** RV64F Standard Extension (in addition to RV32F) ***
+fcvt_l_s   110  00010 . ... . 1010011 @r2_rm
+fcvt_lu_s  110  00011 . ... . 1010011 @r2_rm
+fcvt_s_l   1101000  00010 . ... . 1010011 @r2_rm
+fcvt_s_lu  1101000  00011 . ... . 1010011 @r2_rm
diff --git a/target/riscv/insn_trans/trans_rvf.inc.c 
b/target/riscv/insn_trans/trans_rvf.inc.c
index 3f806b8238..bd79ef96f8 100644
--- a/target/riscv/insn_trans/trans_rvf.inc.c
+++ b/target/riscv/insn_trans/trans_rvf.inc.c
@@ -332,3 +332,71 @@ static bool trans_fmv_w_x(DisasContext *ctx, arg_fmv_w_x 
*a, uint32_t insn)
 
 return true;
 }
+
+static bool trans_fcvt_l_s(DisasContext *ctx, arg_fcvt_l_s *a, uint32_t insn)
+{
+#if defined(TARGET_RISCV64)
+REQUIRE_FPU;
+
+TCGv t0 = tcg_temp_new();
+gen_set_rm(ctx, a->rm);
+gen_helper_fcvt_l_s(t0, cpu_env, cpu_fpr[a->rs1]);
+gen_set_gpr(a->rd, t0);
+tcg_temp_free(t0);
+return true;
+#else
+return false;
+#endif
+}
+
+static bool trans_fcvt_lu_s(DisasContext *ctx, arg_fcvt_lu_s *a, uint32_t insn)
+{
+#if defined(TARGET_RISCV64)
+REQUIRE_FPU;
+
+TCGv t0 = tcg_temp_new();
+gen_set_rm(ctx, a->rm);
+gen_helper_fcvt_lu_s(t0, cpu_env, cpu_fpr[a->rs1]);
+gen_set_gpr(a->rd, t0);
+tcg_temp_free(t0);
+return true;
+#else
+return false;
+#endif
+}
+
+static bool trans_fcvt_s_l(DisasContext *ctx, arg_fcvt_s_l *a, uint32_t insn)
+{
+#if defined(TARGET_RISCV64)
+REQUIRE_FPU;
+
+TCGv t0 = tcg_temp_new();
+gen_get_gpr(t0, a->rs1);
+
+gen_set_rm(ctx, a->rm);
+gen_helper_fcvt_s_l(cpu_fpr[a->rd], cpu_env, t0);
+
+tcg_temp_free(t0);
+return true;
+#else
+return false;
+#endif
+}
+
+static bool trans_fcvt_s_lu(DisasContext *ctx, arg_fcvt_s_lu *a, uint32_t insn)
+{
+#if defined(TARGET_RISCV64)
+REQUIRE_FPU;
+
+TCGv t0 = tcg_temp_new();
+gen_get_gpr(t0, a->rs1);
+
+gen_set_rm(ctx, a->rm);
+gen_helper_fcvt_s_lu(cpu_fpr[a->rd], cpu_env, t0);
+
+tcg_temp_free(t0);
+return true;
+#else
+return false;
+#endif
+}
-- 
2.19.1

[Qemu-devel] [PATCH v2 00/29] target/riscv: Convert to decodetree

[Bastian Koppelmann]

Hi,

this patchset converts the RISC-V decoder to decodetree in three major steps:

1) Convert 32-bit instructions to decodetree [Patch 1-14]:
Many of the gen_* functions are called by the decode functions for 16-bit
and 32-bit functions. If we move translation code from the gen_*
functions to the generated trans_* functions of decode-tree, we get a lot of
duplication. Therefore, we mostly generate calls to the old gen_* function
which are properly replaced after step 2).

Each of the trans_ functions are grouped into files corresponding to their
ISA extension, e.g. addi which is in RV32I is translated in the file
'trans_rvi.inc.c'.

2) Convert 16-bit instructions to decodetree [Patch 15-17]:
All 16 bit instructions have a direct mapping to a 32 bit instruction. Thus,
we convert the arguments in the 16 bit trans_ function to the arguments of
the corresponding 32 bit instruction and call the 32 bit trans_ function.

3) Remove old manual decoding in gen_* function [Patch 17-28]:
this move all manual translation code into the trans_* instructions of
decode tree, such that we can remove the old decode_* functions.

the full tree can be found here:
https://github.com/bkoppelmann/qemu/tree/riscv-dt-v2

Cheers,
Bastian

v1->v2:
- ex_shift_amount returns uint32_t
- use ctx->env instead of current_cpu->env_ptr
- fixed functionspacing
- RISCV32 now returns false instead of raising an exception
- shift translators now also use gen_arithm_imm()
- simplified fence/fence_i as suggested by Richard
- simplified gen_amo() with function pointers
- rs2 @atom_ld is now decimal
- use simplfied gen_amo() with function pointers
- REQUIRE_FPU uses do {} while (0)
- Add REQUIRE_FPU to arithm helpers
- RISCV32 now returns false instead of raising an exception
- Add REQUIRE_FPU to arithm helpers
- Stack allocate arg_c_* structs
- ex_rvc_register returns int
- special case of trans_c_addi4spn() returns false
- consistently return false for reserved cases instead of raising an
  exception
- simplified trans_c_srli by Richard's suggestion
- remove extract_cj() since its result isn't used
- trans_branch -> gen_branch
- trans_load -> gen_load
- removed negative memop check
- trans_store -> gen_store
- removed negative memop check
- trans_arith_imm -> gen_arith_imm
- Add missing TARGET_RISC64 checks
- Reimplement shift translators that were omited in [0004/0028]
- trans_shift -> gen_shift
- Add missing TARGET_RISCV64 conditions
- trans_arith_w -> gen_arith_w
- Add missing gen_exception_illegal
- dropped 0028


Bastian Koppelmann (29):
  target/riscv: Move CPURISCVState pointer to DisasContext
  targer/riscv: Activate decodetree and implemnt LUI & AUIPC
  target/riscv: Convert RVXI branch insns to decodetree
  target/riscv: Convert RVXI load/store insns to decodetree
  target/riscv: Convert RVXI arithmetic insns to decodetree
  target/riscv: Convert RVXI fence insns to decodetree
  target/riscv: Convert RVXI csr insns to decodetree
  target/riscv: Convert RVXM insns to decodetree
  target/riscv: Convert RV32A insns to decodetree
  target/riscv: Convert RV64A insns to decodetree
  target/riscv: Convert RV32F insns to decodetree
  target/riscv: Convert RV64F insns to decodetree
  target/riscv: Convert RV32D insns to decodetree
  target/riscv: Convert RV64D insns to decodetree
  target/riscv: Convert RV priv insns to decodetree
  target/riscv: Convert quadrant 0 of RVXC insns to decodetree
  target/riscv: Convert quadrant 1 of RVXC insns to decodetree
  target/riscv: Convert quadrant 2 of RVXC insns to decodetree
  target/riscv: Remove gen_jalr()
  target/riscv: Remove manual decoding from gen_branch()
  target/riscv: Remove manual decoding from gen_load()
  target/riscv: Remove manual decoding from gen_store()
  target/riscv: Move gen_arith_imm() decoding into trans_* functions
  target/riscv: make ADD/SUB/OR/XOR/AND insn use arg lists
  target/riscv: Remove shift and slt insn manual decoding
  target/riscv: Remove manual decoding of RV32/64M insn
  target/riscv: Remove gen_system()
  target/riscv: Remove decode_RV32_64G()
  target/riscv: Rename trans_arith to gen_arith

 target/riscv/Makefile.objs|   17 +
 target/riscv/insn16.decode|  126 ++
 target/riscv/insn32.decode|  256 +++
 .../riscv/insn_trans/trans_privileged.inc.c   |  111 ++
 target/riscv/insn_trans/trans_rva.inc.c   |  244 +++
 target/riscv/insn_trans/trans_rvc.inc.c   |  337 
 target/riscv/insn_trans/trans_rvd.inc.c   |  413 
 target/riscv/insn_trans/trans_rvf.inc.c   |  402 
 target/riscv/insn_trans/trans_rvi.inc.c   |  629 ++
 target/riscv/insn_trans/trans_rvm.inc.c   

[Qemu-devel] [PATCH v2 08/29] target/riscv: Convert RVXM insns to decodetree

[Bastian Koppelmann]

Reviewed-by: Richard Henderson 
Signed-off-by: Bastian Koppelmann 
Signed-off-by: Peer Adelt 
---
v1 -> v2:
- fixed spacing

 target/riscv/insn32.decode  | 17 +
 target/riscv/insn_trans/trans_rvm.inc.c | 98 +
 target/riscv/translate.c| 10 +--
 3 files changed, 116 insertions(+), 9 deletions(-)
 create mode 100644 target/riscv/insn_trans/trans_rvm.inc.c

diff --git a/target/riscv/insn32.decode b/target/riscv/insn32.decode
index 4f6341aa37..a484844f34 100644
--- a/target/riscv/insn32.decode
+++ b/target/riscv/insn32.decode
@@ -113,3 +113,20 @@ subw 010 .  . 000 . 0111011 @r
 sllw 000 .  . 001 . 0111011 @r
 srlw 000 .  . 101 . 0111011 @r
 sraw 010 .  . 101 . 0111011 @r
+
+# *** RV32M Standard Extension ***
+mul  001 .  . 000 . 0110011 @r
+mulh 001 .  . 001 . 0110011 @r
+mulhsu   001 .  . 010 . 0110011 @r
+mulhu001 .  . 011 . 0110011 @r
+div  001 .  . 100 . 0110011 @r
+divu 001 .  . 101 . 0110011 @r
+rem  001 .  . 110 . 0110011 @r
+remu 001 .  . 111 . 0110011 @r
+
+# *** RV64M Standard Extension (in addition to RV32M) ***
+mulw 001 .  . 000 . 0111011 @r
+divw 001 .  . 100 . 0111011 @r
+divuw001 .  . 101 . 0111011 @r
+remw 001 .  . 110 . 0111011 @r
+remuw001 .  . 111 . 0111011 @r
diff --git a/target/riscv/insn_trans/trans_rvm.inc.c 
b/target/riscv/insn_trans/trans_rvm.inc.c
new file mode 100644
index 00..ffeae57a36
--- /dev/null
+++ b/target/riscv/insn_trans/trans_rvm.inc.c
@@ -0,0 +1,98 @@
+/*
+ * RISC-V translation routines for the RV64M Standard Extension.
+ *
+ * Copyright (c) 2016-2017 Sagar Karandikar, sag...@eecs.berkeley.edu
+ * Copyright (c) 2018 Peer Adelt, peer.ad...@hni.uni-paderborn.de
+ *Bastian Koppelmann, kbast...@mail.uni-paderborn.de
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms and conditions of the GNU General Public License,
+ * version 2 or later, as published by the Free Software Foundation.
+ *
+ * This program is distributed in the hope it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License for
+ * more details.
+ *
+ * You should have received a copy of the GNU General Public License along with
+ * this program.  If not, see .
+ */
+
+
+static bool trans_mul(DisasContext *ctx, arg_mul *a, uint32_t insn)
+{
+gen_arith(ctx, OPC_RISC_MUL, a->rd, a->rs1, a->rs2);
+return true;
+}
+
+static bool trans_mulh(DisasContext *ctx, arg_mulh *a, uint32_t insn)
+{
+gen_arith(ctx, OPC_RISC_MULH, a->rd, a->rs1, a->rs2);
+return true;
+}
+
+static bool trans_mulhsu(DisasContext *ctx, arg_mulhsu *a, uint32_t insn)
+{
+gen_arith(ctx, OPC_RISC_MULHSU, a->rd, a->rs1, a->rs2);
+return true;
+}
+
+static bool trans_mulhu(DisasContext *ctx, arg_mulhu *a, uint32_t insn)
+{
+gen_arith(ctx, OPC_RISC_MULHU, a->rd, a->rs1, a->rs2);
+return true;
+}
+
+static bool trans_div(DisasContext *ctx, arg_div *a, uint32_t insn)
+{
+gen_arith(ctx, OPC_RISC_DIV, a->rd, a->rs1, a->rs2);
+return true;
+}
+
+static bool trans_divu(DisasContext *ctx, arg_divu *a, uint32_t insn)
+{
+gen_arith(ctx, OPC_RISC_DIVU, a->rd, a->rs1, a->rs2);
+return true;
+}
+
+static bool trans_rem(DisasContext *ctx, arg_rem *a, uint32_t insn)
+{
+gen_arith(ctx, OPC_RISC_REM, a->rd, a->rs1, a->rs2);
+return true;
+}
+
+static bool trans_remu(DisasContext *ctx, arg_remu *a, uint32_t insn)
+{
+gen_arith(ctx, OPC_RISC_REMU, a->rd, a->rs1, a->rs2);
+return true;
+}
+
+static bool trans_mulw(DisasContext *ctx, arg_mulw *a, uint32_t insn)
+{
+gen_arith(ctx, OPC_RISC_MULW, a->rd, a->rs1, a->rs2);
+return true;
+}
+
+static bool trans_divw(DisasContext *ctx, arg_divw *a, uint32_t insn)
+{
+gen_arith(ctx, OPC_RISC_DIVW, a->rd, a->rs1, a->rs2);
+return true;
+}
+
+static bool trans_divuw(DisasContext *ctx, arg_divuw *a, uint32_t insn)
+{
+gen_arith(ctx, OPC_RISC_DIVUW, a->rd, a->rs1, a->rs2);
+return true;
+}
+
+static bool trans_remw(DisasContext *ctx, arg_remw *a, uint32_t insn)
+{
+gen_arith(ctx, OPC_RISC_REMW, a->rd, a->rs1, a->rs2);
+return true;
+}
+
+static bool trans_remuw(DisasContext *ctx, arg_remuw *a, uint32_t insn)
+{
+gen_arith(ctx, OPC_RISC_REMUW, a->rd, a->rs1, a->rs2);
+return true;
+}
diff --git a/target/riscv/translate.c b/target/riscv/translate.c
index d811090764..17c4d79b18 100644
--- a/target/riscv/translate.c
+++ b/target/riscv/translate.c
@@ -1639,6 +1639,7 @@ bool decode_insn32(DisasContext *ctx, uint32_t insn);
 #i

[Qemu-devel] [PATCH v2 15/29] target/riscv: Convert RV priv insns to decodetree

[Bastian Koppelmann]

Reviewed-by: Richard Henderson 
Signed-off-by: Bastian Koppelmann 
Signed-off-by: Peer Adelt 
---
 target/riscv/insn32.decode|  15 +++
 .../riscv/insn_trans/trans_privileged.inc.c   | 111 ++
 target/riscv/translate.c  |  49 +---
 3 files changed, 127 insertions(+), 48 deletions(-)
 create mode 100644 target/riscv/insn_trans/trans_privileged.inc.c

diff --git a/target/riscv/insn32.decode b/target/riscv/insn32.decode
index c347102378..ffb4f00274 100644
--- a/target/riscv/insn32.decode
+++ b/target/riscv/insn32.decode
@@ -63,6 +63,21 @@
 @r2_rm   ...   . . ... . ... %rs1 %rm %rd
 @r2  ...   . . ... . ... %rs1 %rd
 
+@sfence_vma ... . .   ... . ... %rs2 %rs1
+@sfence_vm  ... . .   ... . ... %rs1
+
+
+# *** Privileged Instructions ***
+ecall   0 000 0 1110011
+ebreak 0001 0 000 0 1110011
+uret   00000010 0 000 0 1110011
+sret   000100000010 0 000 0 1110011
+hret   00100010 0 000 0 1110011
+mret   001100000010 0 000 0 1110011
+wfi000100000101 0 000 0 1110011
+sfence_vma 0001001. . 000 0 1110011 @sfence_vma
+sfence_vm  000100000100 . 000 0 1110011 @sfence_vm
+
 # *** RV32I Base Instruction Set ***
 lui     . 0110111 @u
 auipc   . 0010111 @u
diff --git a/target/riscv/insn_trans/trans_privileged.inc.c 
b/target/riscv/insn_trans/trans_privileged.inc.c
new file mode 100644
index 00..9534adb025
--- /dev/null
+++ b/target/riscv/insn_trans/trans_privileged.inc.c
@@ -0,0 +1,111 @@
+/*
+ * RISC-V translation routines for the RISC-V privileged instructions.
+ *
+ * Copyright (c) 2016-2017 Sagar Karandikar, sag...@eecs.berkeley.edu
+ * Copyright (c) 2018 Peer Adelt, peer.ad...@hni.uni-paderborn.de
+ *Bastian Koppelmann, kbast...@mail.uni-paderborn.de
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms and conditions of the GNU General Public License,
+ * version 2 or later, as published by the Free Software Foundation.
+ *
+ * This program is distributed in the hope it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License for
+ * more details.
+ *
+ * You should have received a copy of the GNU General Public License along with
+ * this program.  If not, see .
+ */
+
+static bool trans_ecall(DisasContext *ctx, arg_ecall *a, uint32_t insn)
+{
+/* always generates U-level ECALL, fixed in do_interrupt handler */
+generate_exception(ctx, RISCV_EXCP_U_ECALL);
+tcg_gen_exit_tb(NULL, 0); /* no chaining */
+ctx->base.is_jmp = DISAS_NORETURN;
+return true;
+}
+
+static bool trans_ebreak(DisasContext *ctx, arg_ebreak *a, uint32_t insn)
+{
+generate_exception(ctx, RISCV_EXCP_BREAKPOINT);
+tcg_gen_exit_tb(NULL, 0); /* no chaining */
+ctx->base.is_jmp = DISAS_NORETURN;
+return true;
+}
+
+static bool trans_uret(DisasContext *ctx, arg_uret *a, uint32_t insn)
+{
+gen_exception_illegal(ctx);
+return true;
+}
+
+static bool trans_sret(DisasContext *ctx, arg_sret *a, uint32_t insn)
+{
+#ifndef CONFIG_USER_ONLY
+tcg_gen_movi_tl(cpu_pc, ctx->base.pc_next);
+CPURISCVState *env = current_cpu->env_ptr;
+if (riscv_has_ext(env, RVS)) {
+gen_helper_sret(cpu_pc, cpu_env, cpu_pc);
+tcg_gen_exit_tb(NULL, 0); /* no chaining */
+ctx->base.is_jmp = DISAS_NORETURN;
+} else {
+gen_exception_illegal(ctx);
+}
+return true;
+#else
+return false;
+#endif
+}
+
+static bool trans_hret(DisasContext *ctx, arg_hret *a, uint32_t insn)
+{
+gen_exception_illegal(ctx);
+return true;
+}
+
+static bool trans_mret(DisasContext *ctx, arg_mret *a, uint32_t insn)
+{
+#ifndef CONFIG_USER_ONLY
+tcg_gen_movi_tl(cpu_pc, ctx->base.pc_next);
+gen_helper_mret(cpu_pc, cpu_env, cpu_pc);
+tcg_gen_exit_tb(NULL, 0); /* no chaining */
+ctx->base.is_jmp = DISAS_NORETURN;
+return true;
+#else
+return false;
+#endif
+}
+
+static bool trans_wfi(DisasContext *ctx, arg_wfi *a, uint32_t insn)
+{
+#ifndef CONFIG_USER_ONLY
+tcg_gen_movi_tl(cpu_pc, ctx->pc_succ_insn);
+gen_helper_wfi(cpu_env);
+return true;
+#else
+return false;
+#endif
+}
+
+static bool trans_sfence_vma(DisasContext *ctx, arg_sfence_vma *a,
+ uint32_t insn)
+{
+#ifndef CONFIG_USER_ONLY
+gen_helper_tlb_flush(cpu_env);
+return true;
+#else
+return false;
+#endif
+}
+
+static bool trans_sfence_vm(DisasContext *ctx, arg_sfence_vm *a, uint32_t insn)
+{
+#ifndef CONFIG_USER_ONLY
+gen_helper_tlb_flush(cpu_env);
+return true;
+#else
+return fa

[Qemu-devel] [PATCH v2 04/29] target/riscv: Convert RVXI load/store insns to decodetree

[Bastian Koppelmann]

Reviewed-by: Richard Henderson 
Signed-off-by: Bastian Koppelmann 
Signed-off-by: Peer Adelt 
---
v1 -> v2:
- fixed spacing

 target/riscv/insn32.decode  | 15 +
 target/riscv/insn_trans/trans_rvi.inc.c | 78 +
 target/riscv/translate.c|  7 ---
 3 files changed, 93 insertions(+), 7 deletions(-)

diff --git a/target/riscv/insn32.decode b/target/riscv/insn32.decode
index b49913416d..badd1d9216 100644
--- a/target/riscv/insn32.decode
+++ b/target/riscv/insn32.decode
@@ -23,6 +23,7 @@
 
 # immediates:
 %imm_i20:s12
+%imm_s25:s7 7:5
 %imm_b31:s1 7:1 25:6 8:4 !function=ex_shift_1
 %imm_j31:s1 12:8 20:1 21:10  !function=ex_shift_1
 %imm_u12:s20 !function=ex_shift_12
@@ -33,6 +34,7 @@
 # Formats 32:
 @i   . ... . ... imm=%imm_i %rs1 
%rd
 @b   ...   . . ... . ... &branch imm=%imm_b %rs2 %rs1
+@s   ...   . . ... . ... imm=%imm_s %rs2 %rs1
 @u     . ... imm=%imm_u  
%rd
 @j     . ... imm=%imm_j  
%rd
 
@@ -47,3 +49,16 @@ blt  ... .. 100 . 1100011 @b
 bge  ... .. 101 . 1100011 @b
 bltu ... .. 110 . 1100011 @b
 bgeu ... .. 111 . 1100011 @b
+lb    . 000 . 011 @i
+lh    . 001 . 011 @i
+lw    . 010 . 011 @i
+lbu   . 100 . 011 @i
+lhu   . 101 . 011 @i
+sb   ...  .   . 000 . 0100011 @s
+sh   ...  .   . 001 . 0100011 @s
+sw   ...  .   . 010 . 0100011 @s
+
+# *** RV64I Base Instruction Set (in addition to RV32I) ***
+lwu     . 110 . 011 @i
+ld      . 011 . 011 @i
+sd   ... .  . 011 . 0100011 @s
diff --git a/target/riscv/insn_trans/trans_rvi.inc.c 
b/target/riscv/insn_trans/trans_rvi.inc.c
index 3935a80ba5..2c8ecff76f 100644
--- a/target/riscv/insn_trans/trans_rvi.inc.c
+++ b/target/riscv/insn_trans/trans_rvi.inc.c
@@ -82,3 +82,81 @@ static bool trans_bgeu(DisasContext *ctx, arg_bgeu *a, 
uint32_t insn)
 gen_branch(ctx->env, ctx, OPC_RISC_BGEU, a->rs1, a->rs2, a->imm);
 return true;
 }
+
+static bool trans_lb(DisasContext *ctx, arg_lb *a, uint32_t insn)
+{
+gen_load(ctx, OPC_RISC_LB, a->rd, a->rs1, a->imm);
+return true;
+}
+
+static bool trans_lh(DisasContext *ctx, arg_lh *a, uint32_t insn)
+{
+gen_load(ctx, OPC_RISC_LH, a->rd, a->rs1, a->imm);
+return true;
+}
+
+static bool trans_lw(DisasContext *ctx, arg_lw *a, uint32_t insn)
+{
+gen_load(ctx, OPC_RISC_LW, a->rd, a->rs1, a->imm);
+return true;
+}
+
+static bool trans_lbu(DisasContext *ctx, arg_lbu *a, uint32_t insn)
+{
+gen_load(ctx, OPC_RISC_LBU, a->rd, a->rs1, a->imm);
+return true;
+}
+
+static bool trans_lhu(DisasContext *ctx, arg_lhu *a, uint32_t insn)
+{
+gen_load(ctx, OPC_RISC_LHU, a->rd, a->rs1, a->imm);
+return true;
+}
+
+static bool trans_lwu(DisasContext *ctx, arg_lwu *a, uint32_t insn)
+{
+#ifdef TARGET_RISCV64
+gen_load(ctx, OPC_RISC_LWU, a->rd, a->rs1, a->imm);
+return true;
+#else
+return false;
+#endif
+}
+
+static bool trans_ld(DisasContext *ctx, arg_ld *a, uint32_t insn)
+{
+#ifdef TARGET_RISCV64
+gen_load(ctx, OPC_RISC_LD, a->rd, a->rs1, a->imm);
+return true;
+#else
+return false;
+#endif
+}
+
+static bool trans_sb(DisasContext *ctx, arg_sb *a, uint32_t insn)
+{
+gen_store(ctx, OPC_RISC_SB, a->rs1, a->rs2, a->imm);
+return true;
+}
+
+static bool trans_sh(DisasContext *ctx, arg_sh *a, uint32_t insn)
+{
+gen_store(ctx, OPC_RISC_SH, a->rs1, a->rs2, a->imm);
+return true;
+}
+
+static bool trans_sw(DisasContext *ctx, arg_sw *a, uint32_t insn)
+{
+gen_store(ctx, OPC_RISC_SW, a->rs1, a->rs2, a->imm);
+return true;
+}
+
+static bool trans_sd(DisasContext *ctx, arg_sd *a, uint32_t insn)
+{
+#ifdef TARGET_RISCV64
+gen_store(ctx, OPC_RISC_SD, a->rs1, a->rs2, a->imm);
+return true;
+#else
+return false;
+#endif
+}
diff --git a/target/riscv/translate.c b/target/riscv/translate.c
index 9b6848e666..6b59dbb373 100644
--- a/target/riscv/translate.c
+++ b/target/riscv/translate.c
@@ -1701,13 +1701,6 @@ static void decode_RV32_64G(CPURISCVState *env, 
DisasContext *ctx)
 imm = GET_IMM(ctx->opcode);
 
 switch (op) {
-case OPC_RISC_LOAD:
-gen_load(ctx, MASK_OP_LOAD(ctx->opcode), rd, rs1, imm);
-break;
-case OPC_RISC_STORE:
-gen_store(ctx, MASK_OP_STORE(ctx->opcode), rs1, rs2,
-  GET_STORE_IMM(ctx->opcode));
-break;
 case OPC_RISC_ARITH_IMM:
 #if defined(TARGET_RISCV64)
 case OPC_RISC_ARITH_IMM_W:
-- 
2.19.1

[Qemu-devel] [PATCH v2 01/29] target/riscv: Move CPURISCVState pointer to DisasContext

[Bastian Koppelmann]

CPURISCVState is rarely used, so there is no need to pass it to every
translate function. This paves the way for decodetree which only passes
DisasContext to translate functions.

Signed-off-by: Bastian Koppelmann 
---
 target/riscv/translate.c | 15 ---
 1 file changed, 8 insertions(+), 7 deletions(-)

diff --git a/target/riscv/translate.c b/target/riscv/translate.c
index 18d7b6d147..e81b9f097e 100644
--- a/target/riscv/translate.c
+++ b/target/riscv/translate.c
@@ -52,6 +52,7 @@ typedef struct DisasContext {
to any system register, which includes CSR_FRM, so we do not have
to reset this known value.  */
 int frm;
+CPURISCVState *env;
 } DisasContext;
 
 /* convert riscv funct3 to qemu memop for load/store */
@@ -1789,19 +1790,19 @@ static void decode_RV32_64G(CPURISCVState *env, 
DisasContext *ctx)
 }
 }
 
-static void decode_opc(CPURISCVState *env, DisasContext *ctx)
+static void decode_opc(DisasContext *ctx)
 {
 /* check for compressed insn */
 if (extract32(ctx->opcode, 0, 2) != 3) {
-if (!riscv_has_ext(env, RVC)) {
+if (!riscv_has_ext(ctx->env, RVC)) {
 gen_exception_illegal(ctx);
 } else {
 ctx->pc_succ_insn = ctx->base.pc_next + 2;
-decode_RV32_64C(env, ctx);
+decode_RV32_64C(ctx->env, ctx);
 }
 } else {
 ctx->pc_succ_insn = ctx->base.pc_next + 4;
-decode_RV32_64G(env, ctx);
+decode_RV32_64G(ctx->env, ctx);
 }
 }
 
@@ -1846,10 +1847,10 @@ static bool riscv_tr_breakpoint_check(DisasContextBase 
*dcbase, CPUState *cpu,
 static void riscv_tr_translate_insn(DisasContextBase *dcbase, CPUState *cpu)
 {
 DisasContext *ctx = container_of(dcbase, DisasContext, base);
-CPURISCVState *env = cpu->env_ptr;
+ctx->env = cpu->env_ptr;
 
-ctx->opcode = cpu_ldl_code(env, ctx->base.pc_next);
-decode_opc(env, ctx);
+ctx->opcode = cpu_ldl_code(ctx->env, ctx->base.pc_next);
+decode_opc(ctx);
 ctx->base.pc_next = ctx->pc_succ_insn;
 
 if (ctx->base.is_jmp == DISAS_NEXT) {
-- 
2.19.1

[Qemu-devel] [PATCH v2 09/29] target/riscv: Convert RV32A insns to decodetree

[Bastian Koppelmann]

Signed-off-by: Bastian Koppelmann 
Signed-off-by: Peer Adelt 
---
v1 -> v2:
- simplified gen_amo() with function pointers
- rs2 @atom_ld is now decimal

 target/riscv/insn32.decode  |  17 +++
 target/riscv/insn_trans/trans_rva.inc.c | 145 
 target/riscv/translate.c|   1 +
 3 files changed, 163 insertions(+)
 create mode 100644 target/riscv/insn_trans/trans_rva.inc.c

diff --git a/target/riscv/insn32.decode b/target/riscv/insn32.decode
index a484844f34..687eadcaa5 100644
--- a/target/riscv/insn32.decode
+++ b/target/riscv/insn32.decode
@@ -38,6 +38,7 @@
 # Argument sets:
 &branchimm rs2 rs1
 &shift shamt rs1 rd
+&atomicaq rl rs2 rs1 rd
 
 # Formats 32:
 
@@ -52,6 +53,9 @@
 @sh5 ...  . .  ... . ... &shift  shamt=%sh5  %rs1 
%rd
 @csr    .  ... . ...   %csr %rs1 
%rd
 
+@atom_ld . aq:1 rl:1 .  . ... &atomic rs2=0 %rs1 
%rd
+@atom_st . aq:1 rl:1 .  . ... &atomic %rs2  %rs1 
%rd
+
 # *** RV32I Base Instruction Set ***
 lui     . 0110111 @u
 auipc   . 0010111 @u
@@ -130,3 +134,16 @@ divw 001 .  . 100 . 0111011 @r
 divuw001 .  . 101 . 0111011 @r
 remw 001 .  . 110 . 0111011 @r
 remuw001 .  . 111 . 0111011 @r
+
+# *** RV32A Standard Extension ***
+lr_w   00010 . . 0 . 010 . 010 @atom_ld
+sc_w   00011 . . . . 010 . 010 @atom_st
+amoswap_w  1 . . . . 010 . 010 @atom_st
+amoadd_w   0 . . . . 010 . 010 @atom_st
+amoxor_w   00100 . . . . 010 . 010 @atom_st
+amoand_w   01100 . . . . 010 . 010 @atom_st
+amoor_w01000 . . . . 010 . 010 @atom_st
+amomin_w   1 . . . . 010 . 010 @atom_st
+amomax_w   10100 . . . . 010 . 010 @atom_st
+amominu_w  11000 . . . . 010 . 010 @atom_st
+amomaxu_w  11100 . . . . 010 . 010 @atom_st
diff --git a/target/riscv/insn_trans/trans_rva.inc.c 
b/target/riscv/insn_trans/trans_rva.inc.c
new file mode 100644
index 00..dd0fb02b23
--- /dev/null
+++ b/target/riscv/insn_trans/trans_rva.inc.c
@@ -0,0 +1,145 @@
+/*
+ * RISC-V translation routines for the RV64A Standard Extension.
+ *
+ * Copyright (c) 2016-2017 Sagar Karandikar, sag...@eecs.berkeley.edu
+ * Copyright (c) 2018 Peer Adelt, peer.ad...@hni.uni-paderborn.de
+ *Bastian Koppelmann, kbast...@mail.uni-paderborn.de
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms and conditions of the GNU General Public License,
+ * version 2 or later, as published by the Free Software Foundation.
+ *
+ * This program is distributed in the hope it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License for
+ * more details.
+ *
+ * You should have received a copy of the GNU General Public License along with
+ * this program.  If not, see .
+ */
+
+static inline bool gen_lr(DisasContext *ctx, arg_atomic *a, TCGMemOp mop)
+{
+TCGv src1 = tcg_temp_new();
+/* Put addr in load_res, data in load_val.  */
+gen_get_gpr(src1, a->rs1);
+if (a->rl) {
+tcg_gen_mb(TCG_MO_ALL | TCG_BAR_STRL);
+}
+tcg_gen_qemu_ld_tl(load_val, src1, ctx->mem_idx, mop);
+if (a->aq) {
+tcg_gen_mb(TCG_MO_ALL | TCG_BAR_LDAQ);
+}
+tcg_gen_mov_tl(load_res, src1);
+gen_set_gpr(a->rd, load_val);
+
+tcg_temp_free(src1);
+return true;
+}
+
+static inline bool gen_sc(DisasContext *ctx, arg_atomic *a, TCGMemOp mop)
+{
+TCGv src1 = tcg_temp_new();
+TCGv src2 = tcg_temp_new();
+TCGv dat = tcg_temp_new();
+TCGLabel *l1 = gen_new_label();
+TCGLabel *l2 = gen_new_label();
+
+gen_get_gpr(src1, a->rs1);
+tcg_gen_brcond_tl(TCG_COND_NE, load_res, src1, l1);
+
+gen_get_gpr(src2, a->rs2);
+/* Note that the TCG atomic primitives are SC,
+   so we can ignore AQ/RL along this path.  */
+tcg_gen_atomic_cmpxchg_tl(src1, load_res, load_val, src2,
+  ctx->mem_idx, mop);
+tcg_gen_setcond_tl(TCG_COND_NE, dat, src1, load_val);
+gen_set_gpr(a->rd, dat);
+tcg_gen_br(l2);
+
+gen_set_label(l1);
+/* Address comparion failure.  However, we still need to
+   provide the memory barrier implied by AQ/RL.  */
+tcg_gen_mb(TCG_MO_ALL + a->aq * TCG_BAR_LDAQ + a->rl * TCG_BAR_STRL);
+tcg_gen_movi_tl(dat, 1);
+gen_set_gpr(a->rd, dat);
+
+gen_set_label(l2);
+tcg_temp_free(dat);
+tcg_temp_free(src1);
+tcg_temp_free(src2);
+return true;
+}
+
+static bool gen_amo(DisasContext *ctx, arg_atomic *a,
+

[Qemu-devel] [PATCH v2 07/29] target/riscv: Convert RVXI csr insns to decodetree

[Bastian Koppelmann]

Reviewed-by: Richard Henderson 
Signed-off-by: Bastian Koppelmann 
Signed-off-by: Peer Adelt 
---
 target/riscv/insn32.decode  |  9 +++
 target/riscv/insn_trans/trans_rvi.inc.c | 79 +
 target/riscv/translate.c| 43 +-
 3 files changed, 89 insertions(+), 42 deletions(-)

diff --git a/target/riscv/insn32.decode b/target/riscv/insn32.decode
index 00e30dbc71..4f6341aa37 100644
--- a/target/riscv/insn32.decode
+++ b/target/riscv/insn32.decode
@@ -23,6 +23,7 @@
 
 %sh620:6
 %sh520:5
+%csr20:12
 
 %pred   24:4
 %succ   20:4
@@ -49,6 +50,7 @@
 
 @sh6 ..  .. .  ... . ... &shift  shamt=%sh6  %rs1 
%rd
 @sh5 ...  . .  ... . ... &shift  shamt=%sh5  %rs1 
%rd
+@csr    .  ... . ...   %csr %rs1 
%rd
 
 # *** RV32I Base Instruction Set ***
 lui     . 0110111 @u
@@ -90,6 +92,13 @@ or   000 .. 110 . 0110011 @r
 and  000 .. 111 . 0110011 @r
 fence pred:4 succ:4 - 000 - 000
 fence_i         - 001 - 000
+csrrw . 001 . 1110011 @csr
+csrrs . 010 . 1110011 @csr
+csrrc . 011 . 1110011 @csr
+csrrwi    . 101 . 1110011 @csr
+csrrsi    . 110 . 1110011 @csr
+csrrci    . 111 . 1110011 @csr
+
 
 # *** RV64I Base Instruction Set (in addition to RV32I) ***
 lwu     . 110 . 011 @i
diff --git a/target/riscv/insn_trans/trans_rvi.inc.c 
b/target/riscv/insn_trans/trans_rvi.inc.c
index 14164a952d..5d0b4627ae 100644
--- a/target/riscv/insn_trans/trans_rvi.inc.c
+++ b/target/riscv/insn_trans/trans_rvi.inc.c
@@ -361,3 +361,82 @@ static bool trans_fence_i(DisasContext *ctx, arg_fence_i 
*a, uint32_t insn)
 #endif
 return true;
 }
+
+#define RISCV_OP_CSR_PRE do {\
+source1 = tcg_temp_new(); \
+csr_store = tcg_temp_new(); \
+dest = tcg_temp_new(); \
+rs1_pass = tcg_temp_new(); \
+gen_get_gpr(source1, a->rs1); \
+tcg_gen_movi_tl(cpu_pc, ctx->base.pc_next); \
+tcg_gen_movi_tl(rs1_pass, a->rs1); \
+tcg_gen_movi_tl(csr_store, a->csr); \
+gen_io_start();\
+} while (0)
+
+#define RISCV_OP_CSR_POST do {\
+gen_io_end(); \
+gen_set_gpr(a->rd, dest); \
+tcg_gen_movi_tl(cpu_pc, ctx->pc_succ_insn); \
+tcg_gen_exit_tb(NULL, 0); \
+ctx->base.is_jmp = DISAS_NORETURN; \
+tcg_temp_free(source1); \
+tcg_temp_free(csr_store); \
+tcg_temp_free(dest); \
+tcg_temp_free(rs1_pass); \
+} while (0)
+
+
+static bool trans_csrrw(DisasContext *ctx, arg_csrrw *a, uint32_t insn)
+{
+TCGv source1, csr_store, dest, rs1_pass;
+RISCV_OP_CSR_PRE;
+gen_helper_csrrw(dest, cpu_env, source1, csr_store);
+RISCV_OP_CSR_POST;
+return true;
+}
+
+static bool trans_csrrs(DisasContext *ctx, arg_csrrs *a, uint32_t insn)
+{
+TCGv source1, csr_store, dest, rs1_pass;
+RISCV_OP_CSR_PRE;
+gen_helper_csrrs(dest, cpu_env, source1, csr_store, rs1_pass);
+RISCV_OP_CSR_POST;
+return true;
+}
+
+static bool trans_csrrc(DisasContext *ctx, arg_csrrc *a, uint32_t insn)
+{
+TCGv source1, csr_store, dest, rs1_pass;
+RISCV_OP_CSR_PRE;
+gen_helper_csrrc(dest, cpu_env, source1, csr_store, rs1_pass);
+RISCV_OP_CSR_POST;
+return true;
+}
+
+static bool trans_csrrwi(DisasContext *ctx, arg_csrrwi *a, uint32_t insn)
+{
+TCGv source1, csr_store, dest, rs1_pass;
+RISCV_OP_CSR_PRE;
+gen_helper_csrrw(dest, cpu_env, rs1_pass, csr_store);
+RISCV_OP_CSR_POST;
+return true;
+}
+
+static bool trans_csrrsi(DisasContext *ctx, arg_csrrsi *a, uint32_t insn)
+{
+TCGv source1, csr_store, dest, rs1_pass;
+RISCV_OP_CSR_PRE;
+gen_helper_csrrs(dest, cpu_env, rs1_pass, csr_store, rs1_pass);
+RISCV_OP_CSR_POST;
+return true;
+}
+
+static bool trans_csrrci(DisasContext *ctx, arg_csrrci *a, uint32_t insn)
+{
+TCGv source1, csr_store, dest, rs1_pass;
+RISCV_OP_CSR_PRE;
+gen_helper_csrrc(dest, cpu_env, rs1_pass, csr_store, rs1_pass);
+RISCV_OP_CSR_POST;
+return true;
+}
diff --git a/target/riscv/translate.c b/target/riscv/translate.c
index f2567117b9..d811090764 100644
--- a/target/riscv/translate.c
+++ b/target/riscv/translate.c
@@ -1277,16 +1277,11 @@ static void gen_fp_arith(DisasContext *ctx, uint32_t 
opc, int rd,
 static void gen_system(CPURISCVState *env, DisasContext *ctx, uint32_t opc,
   int rd, int rs1, int csr)
 {
-TCGv source1, csr_store, dest, rs1_pass, imm_rs1;
+TCGv source1, dest;
 source1 = tcg_temp_new();
-csr_store = tcg_temp_new();
 dest = tcg_temp_new();
-rs1_pass = tcg_temp_new();
-imm_rs1 = tcg_temp_new();
 gen_get_gpr(source1, rs1);
 tcg_gen_movi_tl(cpu_pc, ctx->base.pc_next);
-tcg_gen_movi_tl(rs1

[Qemu-devel] [PATCH v2 13/29] target/riscv: Convert RV32D insns to decodetree

[Bastian Koppelmann]

Signed-off-by: Bastian Koppelmann 
Signed-off-by: Peer Adelt 
---
v1 -> v2:
- Add REQUIRE_FPU to arithm helpers

 target/riscv/insn32.decode  |  28 +++
 target/riscv/insn_trans/trans_rvd.inc.c | 319 
 target/riscv/translate.c|   1 +
 3 files changed, 348 insertions(+)
 create mode 100644 target/riscv/insn_trans/trans_rvd.inc.c

diff --git a/target/riscv/insn32.decode b/target/riscv/insn32.decode
index 5d3d2a25ac..fc55181e6f 100644
--- a/target/riscv/insn32.decode
+++ b/target/riscv/insn32.decode
@@ -201,3 +201,31 @@ fcvt_l_s   110  00010 . ... . 1010011 @r2_rm
 fcvt_lu_s  110  00011 . ... . 1010011 @r2_rm
 fcvt_s_l   1101000  00010 . ... . 1010011 @r2_rm
 fcvt_s_lu  1101000  00011 . ... . 1010011 @r2_rm
+
+# *** RV32D Standard Extension ***
+fld   . 011 . 111 @i
+fsd... .  . 011 . 0100111 @s
+fmadd_d. 01 . . ... . 111 @r4_rm
+fmsub_d. 01 . . ... . 1000111 @r4_rm
+fnmsub_d   . 01 . . ... . 1001011 @r4_rm
+fnmadd_d   . 01 . . ... . 100 @r4_rm
+fadd_d 001  . . ... . 1010011 @r_rm
+fsub_d 101  . . ... . 1010011 @r_rm
+fmul_d 0001001  . . ... . 1010011 @r_rm
+fdiv_d 0001101  . . ... . 1010011 @r_rm
+fsqrt_d0101101  0 . ... . 1010011 @r2_rm
+fsgnj_d0010001  . . 000 . 1010011 @r
+fsgnjn_d   0010001  . . 001 . 1010011 @r
+fsgnjx_d   0010001  . . 010 . 1010011 @r
+fmin_d 0010101  . . 000 . 1010011 @r
+fmax_d 0010101  . . 001 . 1010011 @r
+fcvt_s_d   010  1 . ... . 1010011 @r2_rm
+fcvt_d_s   011  0 . ... . 1010011 @r2_rm
+feq_d  1010001  . . 010 . 1010011 @r
+flt_d  1010001  . . 001 . 1010011 @r
+fle_d  1010001  . . 000 . 1010011 @r
+fclass_d   1110001  0 . 001 . 1010011 @r2
+fcvt_w_d   111  0 . ... . 1010011 @r2_rm
+fcvt_wu_d  111  1 . ... . 1010011 @r2_rm
+fcvt_d_w   1101001  0 . ... . 1010011 @r2_rm
+fcvt_d_wu  1101001  1 . ... . 1010011 @r2_rm
diff --git a/target/riscv/insn_trans/trans_rvd.inc.c 
b/target/riscv/insn_trans/trans_rvd.inc.c
new file mode 100644
index 00..4eccdf72dc
--- /dev/null
+++ b/target/riscv/insn_trans/trans_rvd.inc.c
@@ -0,0 +1,319 @@
+/*
+ * RISC-V translation routines for the RV64D Standard Extension.
+ *
+ * Copyright (c) 2016-2017 Sagar Karandikar, sag...@eecs.berkeley.edu
+ * Copyright (c) 2018 Peer Adelt, peer.ad...@hni.uni-paderborn.de
+ *Bastian Koppelmann, kbast...@mail.uni-paderborn.de
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms and conditions of the GNU General Public License,
+ * version 2 or later, as published by the Free Software Foundation.
+ *
+ * This program is distributed in the hope it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License for
+ * more details.
+ *
+ * You should have received a copy of the GNU General Public License along with
+ * this program.  If not, see .
+ */
+
+static bool trans_fld(DisasContext *ctx, arg_fld *a, uint32_t insn)
+{
+TCGv t0 = tcg_temp_new();
+gen_get_gpr(t0, a->rs1);
+REQUIRE_FPU;
+tcg_gen_addi_tl(t0, t0, a->imm);
+
+tcg_gen_qemu_ld_i64(cpu_fpr[a->rd], t0, ctx->mem_idx, MO_TEQ);
+
+tcg_temp_free(t0);
+return true;
+}
+
+static bool trans_fsd(DisasContext *ctx, arg_fsd *a, uint32_t insn)
+{
+TCGv t0 = tcg_temp_new();
+gen_get_gpr(t0, a->rs1);
+REQUIRE_FPU;
+tcg_gen_addi_tl(t0, t0, a->imm);
+
+tcg_gen_qemu_st_i64(cpu_fpr[a->rs2], t0, ctx->mem_idx, MO_TEQ);
+
+tcg_temp_free(t0);
+return true;
+}
+
+static bool trans_fmadd_d(DisasContext *ctx, arg_fmadd_d *a, uint32_t insn)
+{
+REQUIRE_FPU;
+gen_set_rm(ctx, a->rm);
+gen_helper_fmadd_d(cpu_fpr[a->rd], cpu_env, cpu_fpr[a->rs1],
+   cpu_fpr[a->rs2], cpu_fpr[a->rs3]);
+return true;
+}
+
+static bool trans_fmsub_d(DisasContext *ctx, arg_fmsub_d *a, uint32_t insn)
+{
+REQUIRE_FPU;
+gen_set_rm(ctx, a->rm);
+gen_helper_fmsub_d(cpu_fpr[a->rd], cpu_env, cpu_fpr[a->rs1],
+   cpu_fpr[a->rs2], cpu_fpr[a->rs3]);
+return true;
+}
+
+static bool trans_fnmsub_d(DisasContext *ctx, arg_fnmsub_d *a, uint32_t insn)
+{
+REQUIRE_FPU;
+gen_set_rm(ctx, a->rm);
+gen_helper_fnmsub_d(cpu_fpr[a->rd], cpu_env, cpu_fpr[a->rs1],
+cpu_fpr[a->rs2], cpu_fpr[a->rs3]);
+return true;
+}
+
+static bool trans_fnmadd_d(DisasContext *ctx, arg_fnmadd_d *a, uint32_t insn)
+{
+REQUIRE_FPU;
+gen_se

[Qemu-devel] [PATCH v2 05/29] target/riscv: Convert RVXI arithmetic insns to decodetree

[Bastian Koppelmann]

we cannot remove the call to gen_arith() in decode_RV32_64G() since it
is used to translate multiply instructions.

Signed-off-by: Bastian Koppelmann 
Signed-off-by: Peer Adelt 
---
v1 -> v2:
- RISCV32 now returns false instead of raising an exception
- shift translators now also use gen_arithm_imm()

 target/riscv/insn32.decode  |  36 +
 target/riscv/insn_trans/trans_rvi.inc.c | 181 
 target/riscv/translate.c|   9 --
 3 files changed, 217 insertions(+), 9 deletions(-)

diff --git a/target/riscv/insn32.decode b/target/riscv/insn32.decode
index badd1d9216..cb7622e223 100644
--- a/target/riscv/insn32.decode
+++ b/target/riscv/insn32.decode
@@ -21,6 +21,9 @@
 %rs1   15:5
 %rd7:5
 
+%sh620:6
+%sh520:5
+
 # immediates:
 %imm_i20:s12
 %imm_s25:s7 7:5
@@ -30,14 +33,19 @@
 
 # Argument sets:
 &branchimm rs2 rs1
+&shift shamt rs1 rd
 
 # Formats 32:
+@r   ...   . . ... . ...   %rs2 %rs1 
%rd
 @i   . ... . ... imm=%imm_i %rs1 
%rd
 @b   ...   . . ... . ... &branch imm=%imm_b %rs2 %rs1
 @s   ...   . . ... . ... imm=%imm_s %rs2 %rs1
 @u     . ... imm=%imm_u  
%rd
 @j     . ... imm=%imm_j  
%rd
 
+@sh6 ..  .. .  ... . ... &shift  shamt=%sh6  %rs1 
%rd
+@sh5 ...  . .  ... . ... &shift  shamt=%sh5  %rs1 
%rd
+
 # *** RV32I Base Instruction Set ***
 lui     . 0110111 @u
 auipc   . 0010111 @u
@@ -57,8 +65,36 @@ lhu   . 101 . 011 @i
 sb   ...  .   . 000 . 0100011 @s
 sh   ...  .   . 001 . 0100011 @s
 sw   ...  .   . 010 . 0100011 @s
+addi  . 000 . 0010011 @i
+slti  . 010 . 0010011 @i
+sltiu . 011 . 0010011 @i
+xori  . 100 . 0010011 @i
+ori   . 110 . 0010011 @i
+andi  . 111 . 0010011 @i
+slli 00 ... 001 . 0010011 @sh6
+srli 00 ... 101 . 0010011 @sh6
+srai 01 ... 101 . 0010011 @sh6
+add  000 .. 000 . 0110011 @r
+sub  010 .. 000 . 0110011 @r
+sll  000 .. 001 . 0110011 @r
+slt  000 .. 010 . 0110011 @r
+sltu 000 .. 011 . 0110011 @r
+xor  000 .. 100 . 0110011 @r
+srl  000 .. 101 . 0110011 @r
+sra  010 .. 101 . 0110011 @r
+or   000 .. 110 . 0110011 @r
+and  000 .. 111 . 0110011 @r
 
 # *** RV64I Base Instruction Set (in addition to RV32I) ***
 lwu     . 110 . 011 @i
 ld      . 011 . 011 @i
 sd   ... .  . 011 . 0100011 @s
+addiw   . 000 . 0011011 @i
+slliw000 .  . 001 . 0011011 @sh5
+srliw000 .  . 101 . 0011011 @sh5
+sraiw010 .  . 101 . 0011011 @sh5
+addw 000 .  . 000 . 0111011 @r
+subw 010 .  . 000 . 0111011 @r
+sllw 000 .  . 001 . 0111011 @r
+srlw 000 .  . 101 . 0111011 @r
+sraw 010 .  . 101 . 0111011 @r
diff --git a/target/riscv/insn_trans/trans_rvi.inc.c 
b/target/riscv/insn_trans/trans_rvi.inc.c
index 2c8ecff76f..e5a67e64cb 100644
--- a/target/riscv/insn_trans/trans_rvi.inc.c
+++ b/target/riscv/insn_trans/trans_rvi.inc.c
@@ -160,3 +160,184 @@ static bool trans_sd(DisasContext *ctx, arg_sd *a, 
uint32_t insn)
 return false;
 #endif
 }
+
+static bool trans_addi(DisasContext *ctx, arg_addi *a, uint32_t insn)
+{
+gen_arith_imm(ctx, OPC_RISC_ADDI, a->rd, a->rs1, a->imm);
+return true;
+}
+
+static bool trans_slti(DisasContext *ctx, arg_slti *a, uint32_t insn)
+{
+gen_arith_imm(ctx, OPC_RISC_SLTI, a->rd, a->rs1, a->imm);
+return true;
+}
+
+static bool trans_sltiu(DisasContext *ctx, arg_sltiu *a, uint32_t insn)
+{
+gen_arith_imm(ctx, OPC_RISC_SLTIU, a->rd, a->rs1, a->imm);
+return true;
+}
+
+static bool trans_xori(DisasContext *ctx, arg_xori *a, uint32_t insn)
+{
+gen_arith_imm(ctx, OPC_RISC_XORI, a->rd, a->rs1, a->imm);
+return true;
+}
+static bool trans_ori(DisasContext *ctx, arg_ori *a, uint32_t insn)
+{
+gen_arith_imm(ctx, OPC_RISC_ORI, a->rd, a->rs1, a->imm);
+return true;
+}
+static bool trans_andi(DisasContext *ctx, arg_andi *a, uint32_t insn)
+{
+gen_arith_imm(ctx, OPC_RISC_ANDI, a->rd, a->rs1, a->imm);
+

[Qemu-devel] [PATCH v2 06/29] target/riscv: Convert RVXI fence insns to decodetree

[Bastian Koppelmann]

Signed-off-by: Bastian Koppelmann 
Signed-off-by: Peer Adelt 
---
v1 -> v2:
- simplified fence/fence_i as suggested by Richard

 target/riscv/insn32.decode  |  6 ++
 target/riscv/insn_trans/trans_rvi.inc.c | 20 
 target/riscv/translate.c| 14 --
 3 files changed, 26 insertions(+), 14 deletions(-)

diff --git a/target/riscv/insn32.decode b/target/riscv/insn32.decode
index cb7622e223..00e30dbc71 100644
--- a/target/riscv/insn32.decode
+++ b/target/riscv/insn32.decode
@@ -24,6 +24,9 @@
 %sh620:6
 %sh520:5
 
+%pred   24:4
+%succ   20:4
+
 # immediates:
 %imm_i20:s12
 %imm_s25:s7 7:5
@@ -36,6 +39,7 @@
 &shift shamt rs1 rd
 
 # Formats 32:
+
 @r   ...   . . ... . ...   %rs2 %rs1 
%rd
 @i   . ... . ... imm=%imm_i %rs1 
%rd
 @b   ...   . . ... . ... &branch imm=%imm_b %rs2 %rs1
@@ -84,6 +88,8 @@ srl  000 .. 101 . 0110011 @r
 sra  010 .. 101 . 0110011 @r
 or   000 .. 110 . 0110011 @r
 and  000 .. 111 . 0110011 @r
+fence pred:4 succ:4 - 000 - 000
+fence_i         - 001 - 000
 
 # *** RV64I Base Instruction Set (in addition to RV32I) ***
 lwu     . 110 . 011 @i
diff --git a/target/riscv/insn_trans/trans_rvi.inc.c 
b/target/riscv/insn_trans/trans_rvi.inc.c
index e5a67e64cb..14164a952d 100644
--- a/target/riscv/insn_trans/trans_rvi.inc.c
+++ b/target/riscv/insn_trans/trans_rvi.inc.c
@@ -341,3 +341,23 @@ static bool trans_sraw(DisasContext *ctx, arg_sraw *a, 
uint32_t insn)
 gen_arith(ctx, OPC_RISC_SRAW, a->rd, a->rs1, a->rs2);
 return true;
 }
+
+static bool trans_fence(DisasContext *ctx, arg_fence *a, uint32_t insn)
+{
+#ifndef CONFIG_USER_ONLY
+/* FENCE is a full memory barrier. */
+tcg_gen_mb(TCG_MO_ALL | TCG_BAR_SC);
+#endif
+return true;
+}
+static bool trans_fence_i(DisasContext *ctx, arg_fence_i *a, uint32_t insn)
+{
+#ifndef CONFIG_USER_ONLY
+/* FENCE_I is a no-op in QEMU,
+ * however we need to end the translation block */
+tcg_gen_movi_tl(cpu_pc, ctx->pc_succ_insn);
+tcg_gen_exit_tb(NULL, 0);
+ctx->base.is_jmp = DISAS_NORETURN;
+#endif
+return true;
+}
diff --git a/target/riscv/translate.c b/target/riscv/translate.c
index 3e296a2627..f2567117b9 100644
--- a/target/riscv/translate.c
+++ b/target/riscv/translate.c
@@ -1740,20 +1740,6 @@ static void decode_RV32_64G(CPURISCVState *env, 
DisasContext *ctx)
 gen_fp_arith(ctx, MASK_OP_FP_ARITH(ctx->opcode), rd, rs1, rs2,
  GET_RM(ctx->opcode));
 break;
-case OPC_RISC_FENCE:
-#ifndef CONFIG_USER_ONLY
-if (ctx->opcode & 0x1000) {
-/* FENCE_I is a no-op in QEMU,
- * however we need to end the translation block */
-tcg_gen_movi_tl(cpu_pc, ctx->pc_succ_insn);
-tcg_gen_exit_tb(NULL, 0);
-ctx->base.is_jmp = DISAS_NORETURN;
-} else {
-/* FENCE is a full memory barrier. */
-tcg_gen_mb(TCG_MO_ALL | TCG_BAR_SC);
-}
-#endif
-break;
 case OPC_RISC_SYSTEM:
 gen_system(env, ctx, MASK_OP_SYSTEM(ctx->opcode), rd, rs1,
(ctx->opcode & 0xFFF0) >> 20);
-- 
2.19.1

[Qemu-devel] [PATCH v2 28/29] target/riscv: Remove decode_RV32_64G()

[Bastian Koppelmann]

decodetree handles all instructions now so the fallback is not necessary
anymore.

Signed-off-by: Bastian Koppelmann 
Signed-off-by: Peer Adelt 
---
v1 -> v2:
- Add missing gen_exception_illegal

 target/riscv/translate.c | 24 +---
 1 file changed, 1 insertion(+), 23 deletions(-)

diff --git a/target/riscv/translate.c b/target/riscv/translate.c
index a3b8792a1a..66241ecf33 100644
--- a/target/riscv/translate.c
+++ b/target/riscv/translate.c
@@ -415,27 +415,6 @@ bool decode_insn16(DisasContext *ctx, uint16_t insn);
 #include "decode_insn16.inc.c"
 #include "insn_trans/trans_rvc.inc.c"
 
-static void decode_RV32_64G(CPURISCVState *env, DisasContext *ctx)
-{
-int rs1, rd;
-uint32_t op;
-
-/* We do not do misaligned address check here: the address should never be
- * misaligned at this point. Instructions that set PC must do the check,
- * since epc must be the address of the instruction that caused us to
- * perform the misaligned instruction fetch */
-
-op = MASK_OP_MAJOR(ctx->opcode);
-rs1 = GET_RS1(ctx->opcode);
-rd = GET_RD(ctx->opcode);
-
-switch (op) {
-default:
-gen_exception_illegal(ctx);
-break;
-}
-}
-
 static void decode_opc(DisasContext *ctx)
 {
 /* check for compressed insn */
@@ -451,8 +430,7 @@ static void decode_opc(DisasContext *ctx)
 } else {
 ctx->pc_succ_insn = ctx->base.pc_next + 4;
 if (!decode_insn32(ctx, ctx->opcode)) {
-/* fallback to old decoder */
-decode_RV32_64G(ctx->env, ctx);
+gen_exception_illegal(ctx);
 }
 }
 }
-- 
2.19.1

[Qemu-devel] [PATCH v2 20/29] target/riscv: Remove manual decoding from gen_branch()

[Bastian Koppelmann]

We now utilizes argument-sets of decodetree such that no manual
decoding is necessary.

Reviewed-by: Richard Henderson 
Signed-off-by: Bastian Koppelmann 
Signed-off-by: Peer Adelt 
---
v1 -> v2:
- trans_branch -> gen_branch

 target/riscv/insn_trans/trans_rvi.inc.c | 46 +---
 target/riscv/translate.c| 47 -
 2 files changed, 33 insertions(+), 60 deletions(-)

diff --git a/target/riscv/insn_trans/trans_rvi.inc.c 
b/target/riscv/insn_trans/trans_rvi.inc.c
index 69dceccb1a..411b4bfd42 100644
--- a/target/riscv/insn_trans/trans_rvi.inc.c
+++ b/target/riscv/insn_trans/trans_rvi.inc.c
@@ -72,41 +72,61 @@ static bool trans_jalr(DisasContext *ctx, arg_jalr *a, 
uint32_t insn)
 return true;
 }
 
-static bool trans_beq(DisasContext *ctx, arg_beq *a, uint32_t insn)
+static bool gen_branch(DisasContext *ctx, arg_branch *a, TCGCond cond)
 {
-gen_branch(ctx->env, ctx, OPC_RISC_BEQ, a->rs1, a->rs2, a->imm);
+TCGLabel *l = gen_new_label();
+TCGv source1, source2;
+source1 = tcg_temp_new();
+source2 = tcg_temp_new();
+gen_get_gpr(source1, a->rs1);
+gen_get_gpr(source2, a->rs2);
+
+tcg_gen_brcond_tl(cond, source1, source2, l);
+gen_goto_tb(ctx, 1, ctx->pc_succ_insn);
+gen_set_label(l); /* branch taken */
+
+if (!riscv_has_ext(ctx->env, RVC) && ((ctx->base.pc_next + a->imm) & 0x3)) 
{
+/* misaligned */
+gen_exception_inst_addr_mis(ctx);
+} else {
+gen_goto_tb(ctx, 0, ctx->base.pc_next + a->imm);
+}
+ctx->base.is_jmp = DISAS_NORETURN;
+
+tcg_temp_free(source1);
+tcg_temp_free(source2);
+
 return true;
 }
 
+static bool trans_beq(DisasContext *ctx, arg_beq *a, uint32_t insn)
+{
+return gen_branch(ctx, a, TCG_COND_EQ);
+}
+
 static bool trans_bne(DisasContext *ctx, arg_bne *a, uint32_t insn)
 {
-gen_branch(ctx->env, ctx, OPC_RISC_BNE, a->rs1, a->rs2, a->imm);
-return true;
+return gen_branch(ctx, a, TCG_COND_NE);
 }
 
 static bool trans_blt(DisasContext *ctx, arg_blt *a, uint32_t insn)
 {
-gen_branch(ctx->env, ctx, OPC_RISC_BLT, a->rs1, a->rs2, a->imm);
-return true;
+return gen_branch(ctx, a, TCG_COND_LT);
 }
 
 static bool trans_bge(DisasContext *ctx, arg_bge *a, uint32_t insn)
 {
-gen_branch(ctx->env, ctx, OPC_RISC_BGE, a->rs1, a->rs2, a->imm);
-return true;
+return gen_branch(ctx, a, TCG_COND_GE);
 }
 
 static bool trans_bltu(DisasContext *ctx, arg_bltu *a, uint32_t insn)
 {
-gen_branch(ctx->env, ctx, OPC_RISC_BLTU, a->rs1, a->rs2, a->imm);
-return true;
+return gen_branch(ctx, a, TCG_COND_LTU);
 }
 
 static bool trans_bgeu(DisasContext *ctx, arg_bgeu *a, uint32_t insn)
 {
-
-gen_branch(ctx->env, ctx, OPC_RISC_BGEU, a->rs1, a->rs2, a->imm);
-return true;
+return gen_branch(ctx, a, TCG_COND_GEU);
 }
 
 static bool trans_lb(DisasContext *ctx, arg_lb *a, uint32_t insn)
diff --git a/target/riscv/translate.c b/target/riscv/translate.c
index 9161a58893..52dbbd8ac8 100644
--- a/target/riscv/translate.c
+++ b/target/riscv/translate.c
@@ -489,53 +489,6 @@ static void gen_jal(CPURISCVState *env, DisasContext *ctx, 
int rd,
 ctx->base.is_jmp = DISAS_NORETURN;
 }
 
-static void gen_branch(CPURISCVState *env, DisasContext *ctx, uint32_t opc,
-   int rs1, int rs2, target_long bimm)
-{
-TCGLabel *l = gen_new_label();
-TCGv source1, source2;
-source1 = tcg_temp_new();
-source2 = tcg_temp_new();
-gen_get_gpr(source1, rs1);
-gen_get_gpr(source2, rs2);
-
-switch (opc) {
-case OPC_RISC_BEQ:
-tcg_gen_brcond_tl(TCG_COND_EQ, source1, source2, l);
-break;
-case OPC_RISC_BNE:
-tcg_gen_brcond_tl(TCG_COND_NE, source1, source2, l);
-break;
-case OPC_RISC_BLT:
-tcg_gen_brcond_tl(TCG_COND_LT, source1, source2, l);
-break;
-case OPC_RISC_BGE:
-tcg_gen_brcond_tl(TCG_COND_GE, source1, source2, l);
-break;
-case OPC_RISC_BLTU:
-tcg_gen_brcond_tl(TCG_COND_LTU, source1, source2, l);
-break;
-case OPC_RISC_BGEU:
-tcg_gen_brcond_tl(TCG_COND_GEU, source1, source2, l);
-break;
-default:
-gen_exception_illegal(ctx);
-return;
-}
-tcg_temp_free(source1);
-tcg_temp_free(source2);
-
-gen_goto_tb(ctx, 1, ctx->pc_succ_insn);
-gen_set_label(l); /* branch taken */
-if (!riscv_has_ext(env, RVC) && ((ctx->base.pc_next + bimm) & 0x3)) {
-/* misaligned */
-gen_exception_inst_addr_mis(ctx);
-} else {
-gen_goto_tb(ctx, 0, ctx->base.pc_next + bimm);
-}
-ctx->base.is_jmp = DISAS_NORETURN;
-}
-
 static void gen_load(DisasContext *ctx, uint32_t opc, int rd, int rs1,
 target_long imm)
 {
-- 
2.19.1

[Qemu-devel] [PATCH v2 14/29] target/riscv: Convert RV64D insns to decodetree

[Bastian Koppelmann]

Reviewed-by: Richard Henderson 
Signed-off-by: Bastian Koppelmann 
Signed-off-by: Peer Adelt 
---
 target/riscv/insn32.decode  |   8 +
 target/riscv/insn_trans/trans_rvd.inc.c |  94 +
 target/riscv/translate.c| 484 +---
 3 files changed, 103 insertions(+), 483 deletions(-)

diff --git a/target/riscv/insn32.decode b/target/riscv/insn32.decode
index fc55181e6f..c347102378 100644
--- a/target/riscv/insn32.decode
+++ b/target/riscv/insn32.decode
@@ -229,3 +229,11 @@ fcvt_w_d   111  0 . ... . 1010011 @r2_rm
 fcvt_wu_d  111  1 . ... . 1010011 @r2_rm
 fcvt_d_w   1101001  0 . ... . 1010011 @r2_rm
 fcvt_d_wu  1101001  1 . ... . 1010011 @r2_rm
+
+# *** RV64D Standard Extension (in addition to RV32D) ***
+fcvt_l_d   111  00010 . ... . 1010011 @r2_rm
+fcvt_lu_d  111  00011 . ... . 1010011 @r2_rm
+fmv_x_d1110001  0 . 000 . 1010011 @r2
+fcvt_d_l   1101001  00010 . ... . 1010011 @r2_rm
+fcvt_d_lu  1101001  00011 . ... . 1010011 @r2_rm
+fmv_d_x001  0 . 000 . 1010011 @r2
diff --git a/target/riscv/insn_trans/trans_rvd.inc.c 
b/target/riscv/insn_trans/trans_rvd.inc.c
index 4eccdf72dc..665cf54e25 100644
--- a/target/riscv/insn_trans/trans_rvd.inc.c
+++ b/target/riscv/insn_trans/trans_rvd.inc.c
@@ -317,3 +317,97 @@ static bool trans_fcvt_d_wu(DisasContext *ctx, 
arg_fcvt_d_wu *a, uint32_t insn)
 
 return true;
 }
+
+static bool trans_fcvt_l_d(DisasContext *ctx, arg_fcvt_l_d *a, uint32_t insn)
+{
+#if defined(TARGET_RISCV64)
+REQUIRE_FPU;
+
+TCGv t0 = tcg_temp_new();
+gen_set_rm(ctx, a->rm);
+gen_helper_fcvt_l_d(t0, cpu_env, cpu_fpr[a->rs1]);
+gen_set_gpr(a->rd, t0);
+tcg_temp_free(t0);
+#else
+gen_exception_illegal(ctx);
+#endif
+return true;
+}
+
+static bool trans_fcvt_lu_d(DisasContext *ctx, arg_fcvt_lu_d *a, uint32_t insn)
+{
+#if defined(TARGET_RISCV64)
+REQUIRE_FPU;
+
+TCGv t0 = tcg_temp_new();
+gen_set_rm(ctx, a->rm);
+gen_helper_fcvt_lu_d(t0, cpu_env, cpu_fpr[a->rs1]);
+gen_set_gpr(a->rd, t0);
+tcg_temp_free(t0);
+#else
+gen_exception_illegal(ctx);
+#endif
+return true;
+}
+
+static bool trans_fmv_x_d(DisasContext *ctx, arg_fmv_x_d *a, uint32_t insn)
+{
+#if defined(TARGET_RISCV64)
+REQUIRE_FPU;
+
+gen_set_gpr(a->rd, cpu_fpr[a->rs1]);
+#else
+gen_exception_illegal(ctx);
+#endif
+return true;
+}
+
+static bool trans_fcvt_d_l(DisasContext *ctx, arg_fcvt_d_l *a, uint32_t insn)
+{
+#if defined(TARGET_RISCV64)
+REQUIRE_FPU;
+
+TCGv t0 = tcg_temp_new();
+gen_get_gpr(t0, a->rs1);
+
+gen_set_rm(ctx, a->rm);
+gen_helper_fcvt_d_l(cpu_fpr[a->rd], cpu_env, t0);
+tcg_temp_free(t0);
+#else
+gen_exception_illegal(ctx);
+#endif
+return true;
+}
+
+static bool trans_fcvt_d_lu(DisasContext *ctx, arg_fcvt_d_lu *a, uint32_t insn)
+{
+#if defined(TARGET_RISCV64)
+REQUIRE_FPU;
+
+TCGv t0 = tcg_temp_new();
+gen_get_gpr(t0, a->rs1);
+
+gen_set_rm(ctx, a->rm);
+gen_helper_fcvt_d_lu(cpu_fpr[a->rd], cpu_env, t0);
+tcg_temp_free(t0);
+#else
+gen_exception_illegal(ctx);
+#endif
+return true;
+}
+
+static bool trans_fmv_d_x(DisasContext *ctx, arg_fmv_d_x *a, uint32_t insn)
+{
+#if defined(TARGET_RISCV64)
+REQUIRE_FPU;
+
+TCGv t0 = tcg_temp_new();
+gen_get_gpr(t0, a->rs1);
+
+tcg_gen_mov_tl(cpu_fpr[a->rd], t0);
+tcg_temp_free(t0);
+#else
+gen_exception_illegal(ctx);
+#endif
+return true;
+}
diff --git a/target/riscv/translate.c b/target/riscv/translate.c
index 1c3fd3e7f3..89d1278974 100644
--- a/target/riscv/translate.c
+++ b/target/riscv/translate.c
@@ -180,44 +180,6 @@ static void gen_mulhsu(TCGv ret, TCGv arg1, TCGv arg2)
 tcg_temp_free(rh);
 }
 
-static void gen_fsgnj(DisasContext *ctx, uint32_t rd, uint32_t rs1,
-uint32_t rs2, int rm, uint64_t min)
-{
-switch (rm) {
-case 0: /* fsgnj */
-if (rs1 == rs2) { /* FMOV */
-tcg_gen_mov_i64(cpu_fpr[rd], cpu_fpr[rs1]);
-} else {
-tcg_gen_deposit_i64(cpu_fpr[rd], cpu_fpr[rs2], cpu_fpr[rs1],
-0, min == INT32_MIN ? 31 : 63);
-}
-break;
-case 1: /* fsgnjn */
-if (rs1 == rs2) { /* FNEG */
-tcg_gen_xori_i64(cpu_fpr[rd], cpu_fpr[rs1], min);
-} else {
-TCGv_i64 t0 = tcg_temp_new_i64();
-tcg_gen_not_i64(t0, cpu_fpr[rs2]);
-tcg_gen_deposit_i64(cpu_fpr[rd], t0, cpu_fpr[rs1],
-0, min == INT32_MIN ? 31 : 63);
-tcg_temp_free_i64(t0);
-}
-break;
-case 2: /* fsgnjx */
-if (rs1 == rs2) { /* FABS */
-tcg_gen_andi_i64(cpu_fpr[rd], cpu_fpr[rs1], ~min);
-} else {
-TCGv_i64 t0 = tcg_temp_new_i64();
-tcg_gen_andi_i64(t0, cpu_fpr[rs2], min);
-tcg_gen_xor_i64(cpu_fpr[rd], cpu_fpr[

[Qemu-devel] [PATCH v2 11/29] target/riscv: Convert RV32F insns to decodetree

[Bastian Koppelmann]

Reviewed-by: Richard Henderson 
Signed-off-by: Bastian Koppelmann 
Signed-off-by: Peer Adelt 
---
v1 -> v2:
- REQUIRE_FPU uses do {} while (0)
- Add REQUIRE_FPU to arithm helpers

 target/riscv/insn32.decode  |  35 +++
 target/riscv/insn_trans/trans_rvf.inc.c | 334 
 target/riscv/translate.c|   1 +
 3 files changed, 370 insertions(+)
 create mode 100644 target/riscv/insn_trans/trans_rvf.inc.c

diff --git a/target/riscv/insn32.decode b/target/riscv/insn32.decode
index 0b75987855..f27bdab245 100644
--- a/target/riscv/insn32.decode
+++ b/target/riscv/insn32.decode
@@ -17,6 +17,7 @@
 # this program.  If not, see .
 
 # Fields:
+%rs3   27:5
 %rs2   20:5
 %rs1   15:5
 %rd7:5
@@ -24,6 +25,7 @@
 %sh620:6
 %sh520:5
 %csr20:12
+%rm 12:3
 
 %pred   24:4
 %succ   20:4
@@ -56,6 +58,11 @@
 @atom_ld . aq:1 rl:1 .  . ... &atomic rs2=0 %rs1 
%rd
 @atom_st . aq:1 rl:1 .  . ... &atomic %rs2  %rs1 
%rd
 
+@r4_rm   . ..  . . ... . ... %rs3 %rs2 %rs1 %rm %rd
+@r_rm...   . . ... . ... %rs2 %rs1 %rm %rd
+@r2_rm   ...   . . ... . ... %rs1 %rm %rd
+@r2  ...   . . ... . ... %rs1 %rd
+
 # *** RV32I Base Instruction Set ***
 lui     . 0110111 @u
 auipc   . 0010111 @u
@@ -160,3 +167,31 @@ amomin_d   1 . . . . 011 . 010 @atom_st
 amomax_d   10100 . . . . 011 . 010 @atom_st
 amominu_d  11000 . . . . 011 . 010 @atom_st
 amomaxu_d  11100 . . . . 011 . 010 @atom_st
+
+# *** RV32F Standard Extension ***
+flw   . 010 . 111 @i
+fsw...  . . 010 . 0100111 @s
+fmadd_s. 00 . . ... . 111 @r4_rm
+fmsub_s. 00 . . ... . 1000111 @r4_rm
+fnmsub_s   . 00 . . ... . 1001011 @r4_rm
+fnmadd_s   . 00 . . ... . 100 @r4_rm
+fadd_s 000  . . ... . 1010011 @r_rm
+fsub_s 100  . . ... . 1010011 @r_rm
+fmul_s 0001000  . . ... . 1010011 @r_rm
+fdiv_s 0001100  . . ... . 1010011 @r_rm
+fsqrt_s0101100  0 . ... . 1010011 @r2_rm
+fsgnj_s001  . . 000 . 1010011 @r
+fsgnjn_s   001  . . 001 . 1010011 @r
+fsgnjx_s   001  . . 010 . 1010011 @r
+fmin_s 0010100  . . 000 . 1010011 @r
+fmax_s 0010100  . . 001 . 1010011 @r
+fcvt_w_s   110  0 . ... . 1010011 @r2_rm
+fcvt_wu_s  110  1 . ... . 1010011 @r2_rm
+fmv_x_w111  0 . 000 . 1010011 @r2
+feq_s  101  . . 010 . 1010011 @r
+flt_s  101  . . 001 . 1010011 @r
+fle_s  101  . . 000 . 1010011 @r
+fclass_s   111  0 . 001 . 1010011 @r2
+fcvt_s_w   1101000  0 . ... . 1010011 @r2_rm
+fcvt_s_wu  1101000  1 . ... . 1010011 @r2_rm
+fmv_w_x000  0 . 000 . 1010011 @r2
diff --git a/target/riscv/insn_trans/trans_rvf.inc.c 
b/target/riscv/insn_trans/trans_rvf.inc.c
new file mode 100644
index 00..3f806b8238
--- /dev/null
+++ b/target/riscv/insn_trans/trans_rvf.inc.c
@@ -0,0 +1,334 @@
+/*
+ * RISC-V translation routines for the RV64F Standard Extension.
+ *
+ * Copyright (c) 2016-2017 Sagar Karandikar, sag...@eecs.berkeley.edu
+ * Copyright (c) 2018 Peer Adelt, peer.ad...@hni.uni-paderborn.de
+ *Bastian Koppelmann, kbast...@mail.uni-paderborn.de
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms and conditions of the GNU General Public License,
+ * version 2 or later, as published by the Free Software Foundation.
+ *
+ * This program is distributed in the hope it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License for
+ * more details.
+ *
+ * You should have received a copy of the GNU General Public License along with
+ * this program.  If not, see .
+ */
+
+#define REQUIRE_FPU do {\
+if (!(ctx->flags & TB_FLAGS_FP_ENABLE)) \
+return false;   \
+} while (0)
+
+static bool trans_flw(DisasContext *ctx, arg_flw *a, uint32_t insn)
+{
+TCGv t0 = tcg_temp_new();
+gen_get_gpr(t0, a->rs1);
+REQUIRE_FPU;
+tcg_gen_addi_tl(t0, t0, a->imm);
+
+tcg_gen_qemu_ld_i64(cpu_fpr[a->rd], t0, ctx->mem_idx, MO_TEUL);
+/* RISC-V requires NaN-boxing of narrower width floating point values */
+tcg_gen_ori_i64(cpu_fpr[a->rd], cpu_fpr[a->rd], 0xULL);
+
+tcg_temp_free(t0);
+return true;
+}
+
+static bool tran

[Qemu-devel] [PATCH v2 26/29] target/riscv: Remove manual decoding of RV32/64M insn

[Bastian Koppelmann]

Signed-off-by: Bastian Koppelmann 
Signed-off-by: Peer Adelt 
---
v1 -> v2:
- Add missing TARGET_RISCV64 conditions
- trans_arith_w -> gen_arith_w

 target/riscv/insn_trans/trans_rvm.inc.c |  75 ---
 target/riscv/translate.c| 268 +++-
 2 files changed, 173 insertions(+), 170 deletions(-)

diff --git a/target/riscv/insn_trans/trans_rvm.inc.c 
b/target/riscv/insn_trans/trans_rvm.inc.c
index ffeae57a36..93859745b8 100644
--- a/target/riscv/insn_trans/trans_rvm.inc.c
+++ b/target/riscv/insn_trans/trans_rvm.inc.c
@@ -21,78 +21,105 @@
 
 static bool trans_mul(DisasContext *ctx, arg_mul *a, uint32_t insn)
 {
-gen_arith(ctx, OPC_RISC_MUL, a->rd, a->rs1, a->rs2);
-return true;
+return trans_arith(ctx, a, &tcg_gen_mul_tl);
 }
 
 static bool trans_mulh(DisasContext *ctx, arg_mulh *a, uint32_t insn)
 {
-gen_arith(ctx, OPC_RISC_MULH, a->rd, a->rs1, a->rs2);
+TCGv source1 = tcg_temp_new();
+TCGv source2 = tcg_temp_new();
+gen_get_gpr(source1, a->rs1);
+gen_get_gpr(source2, a->rs2);
+
+tcg_gen_muls2_tl(source2, source1, source1, source2);
+
+gen_set_gpr(a->rd, source1);
+tcg_temp_free(source1);
+tcg_temp_free(source2);
 return true;
 }
 
 static bool trans_mulhsu(DisasContext *ctx, arg_mulhsu *a, uint32_t insn)
 {
-gen_arith(ctx, OPC_RISC_MULHSU, a->rd, a->rs1, a->rs2);
-return true;
+return trans_arith(ctx, a, &gen_mulhsu);
 }
 
 static bool trans_mulhu(DisasContext *ctx, arg_mulhu *a, uint32_t insn)
 {
-gen_arith(ctx, OPC_RISC_MULHU, a->rd, a->rs1, a->rs2);
+TCGv source1 = tcg_temp_new();
+TCGv source2 = tcg_temp_new();
+gen_get_gpr(source1, a->rs1);
+gen_get_gpr(source2, a->rs2);
+
+tcg_gen_mulu2_tl(source2, source1, source1, source2);
+
+gen_set_gpr(a->rd, source1);
+tcg_temp_free(source1);
+tcg_temp_free(source2);
 return true;
 }
 
 static bool trans_div(DisasContext *ctx, arg_div *a, uint32_t insn)
 {
-gen_arith(ctx, OPC_RISC_DIV, a->rd, a->rs1, a->rs2);
-return true;
+return trans_arith(ctx, a, &gen_div);
 }
 
 static bool trans_divu(DisasContext *ctx, arg_divu *a, uint32_t insn)
 {
-gen_arith(ctx, OPC_RISC_DIVU, a->rd, a->rs1, a->rs2);
-return true;
+return trans_arith(ctx, a, &gen_divu);
 }
 
 static bool trans_rem(DisasContext *ctx, arg_rem *a, uint32_t insn)
 {
-gen_arith(ctx, OPC_RISC_REM, a->rd, a->rs1, a->rs2);
-return true;
+return trans_arith(ctx, a, &gen_rem);
 }
 
 static bool trans_remu(DisasContext *ctx, arg_remu *a, uint32_t insn)
 {
-gen_arith(ctx, OPC_RISC_REMU, a->rd, a->rs1, a->rs2);
-return true;
+return trans_arith(ctx, a, &gen_remu);
 }
 
 static bool trans_mulw(DisasContext *ctx, arg_mulw *a, uint32_t insn)
 {
-gen_arith(ctx, OPC_RISC_MULW, a->rd, a->rs1, a->rs2);
-return true;
+#ifdef TARGET_RISCV64
+return trans_arith(ctx, a, &tcg_gen_mul_tl);
+#else
+return false;
+#endif
 }
 
 static bool trans_divw(DisasContext *ctx, arg_divw *a, uint32_t insn)
 {
-gen_arith(ctx, OPC_RISC_DIVW, a->rd, a->rs1, a->rs2);
-return true;
+#ifdef TARGET_RISCV64
+return gen_arith_w(ctx, a, &gen_div);
+#else
+return false;
+#endif
 }
 
 static bool trans_divuw(DisasContext *ctx, arg_divuw *a, uint32_t insn)
 {
-gen_arith(ctx, OPC_RISC_DIVUW, a->rd, a->rs1, a->rs2);
-return true;
+#ifdef TARGET_RISCV64
+return gen_arith_w(ctx, a, &gen_divu);
+#else
+return false;
+#endif
 }
 
 static bool trans_remw(DisasContext *ctx, arg_remw *a, uint32_t insn)
 {
-gen_arith(ctx, OPC_RISC_REMW, a->rd, a->rs1, a->rs2);
-return true;
+#ifdef TARGET_RISCV64
+return gen_arith_w(ctx, a, &gen_rem);
+#else
+return false;
+#endif
 }
 
 static bool trans_remuw(DisasContext *ctx, arg_remuw *a, uint32_t insn)
 {
-gen_arith(ctx, OPC_RISC_REMUW, a->rd, a->rs1, a->rs2);
-return true;
+#ifdef TARGET_RISCV64
+return gen_arith_w(ctx, a, &gen_remu);
+#else
+return false;
+#endif
 }
diff --git a/target/riscv/translate.c b/target/riscv/translate.c
index d85c21ee91..b542daf844 100644
--- a/target/riscv/translate.c
+++ b/target/riscv/translate.c
@@ -166,156 +166,110 @@ static void gen_mulhsu(TCGv ret, TCGv arg1, TCGv arg2)
 tcg_temp_free(rh);
 }
 
-static void gen_arith(DisasContext *ctx, uint32_t opc, int rd, int rs1,
-int rs2)
+static void gen_div(TCGv ret, TCGv source1, TCGv source2)
 {
-TCGv source1, source2, cond1, cond2, zeroreg, resultopt1;
-source1 = tcg_temp_new();
-source2 = tcg_temp_new();
-gen_get_gpr(source1, rs1);
-gen_get_gpr(source2, rs2);
+TCGv cond1, cond2, zeroreg, resultopt1;
+/* Handle by altering args to tcg_gen_div to produce req'd results:
+ * For overflow: want source1 in source1 and 1 in source2
+ * For div by zero: want -1 in source1 and 1 in source2 -> -1 result */
+cond1 = tcg_temp_new();
+cond2 = tcg_temp_new();
+zeroreg = tcg_const_tl(0);
+resultopt1 = tcg_temp_new();
+
+tcg_gen

[Qemu-devel] [PATCH v2 21/29] target/riscv: Remove manual decoding from gen_load()

[Bastian Koppelmann]

With decodetree we don't need to convert RISC-V opcodes into to MemOps
as the old gen_load() did.

Reviewed-by: Richard Henderson 
Signed-off-by: Bastian Koppelmann 
Signed-off-by: Peer Adelt 
---
v1 -> v2:
- trans_load -> gen_load
- removed negative memop check

 target/riscv/insn_trans/trans_rvi.inc.c | 35 +++--
 target/riscv/translate.c| 20 --
 2 files changed, 21 insertions(+), 34 deletions(-)

diff --git a/target/riscv/insn_trans/trans_rvi.inc.c 
b/target/riscv/insn_trans/trans_rvi.inc.c
index 411b4bfd42..77fa66b7cd 100644
--- a/target/riscv/insn_trans/trans_rvi.inc.c
+++ b/target/riscv/insn_trans/trans_rvi.inc.c
@@ -129,41 +129,49 @@ static bool trans_bgeu(DisasContext *ctx, arg_bgeu *a, 
uint32_t insn)
 return gen_branch(ctx, a, TCG_COND_GEU);
 }
 
+static bool gen_load(DisasContext *ctx, arg_lb *a, int memop)
+{
+TCGv t0 = tcg_temp_new();
+TCGv t1 = tcg_temp_new();
+gen_get_gpr(t0, a->rs1);
+tcg_gen_addi_tl(t0, t0, a->imm);
+
+tcg_gen_qemu_ld_tl(t1, t0, ctx->mem_idx, memop);
+gen_set_gpr(a->rd, t1);
+tcg_temp_free(t0);
+tcg_temp_free(t1);
+ return true;
+}
+
 static bool trans_lb(DisasContext *ctx, arg_lb *a, uint32_t insn)
 {
-gen_load(ctx, OPC_RISC_LB, a->rd, a->rs1, a->imm);
-return true;
+return gen_load(ctx, a, MO_SB);
 }
 
 static bool trans_lh(DisasContext *ctx, arg_lh *a, uint32_t insn)
 {
-gen_load(ctx, OPC_RISC_LH, a->rd, a->rs1, a->imm);
-return true;
+return gen_load(ctx, a, MO_TESW);
 }
 
 static bool trans_lw(DisasContext *ctx, arg_lw *a, uint32_t insn)
 {
-gen_load(ctx, OPC_RISC_LW, a->rd, a->rs1, a->imm);
-return true;
+return gen_load(ctx, a, MO_TESL);
 }
 
 static bool trans_lbu(DisasContext *ctx, arg_lbu *a, uint32_t insn)
 {
-gen_load(ctx, OPC_RISC_LBU, a->rd, a->rs1, a->imm);
-return true;
+return gen_load(ctx, a, MO_UB);
 }
 
 static bool trans_lhu(DisasContext *ctx, arg_lhu *a, uint32_t insn)
 {
-gen_load(ctx, OPC_RISC_LHU, a->rd, a->rs1, a->imm);
-return true;
+return gen_load(ctx, a, MO_TEUW);
 }
 
 static bool trans_lwu(DisasContext *ctx, arg_lwu *a, uint32_t insn)
 {
 #ifdef TARGET_RISCV64
-gen_load(ctx, OPC_RISC_LWU, a->rd, a->rs1, a->imm);
-return true;
+return gen_load(ctx, a, MO_TEUL);
 #else
 return false;
 #endif
@@ -172,8 +180,7 @@ static bool trans_lwu(DisasContext *ctx, arg_lwu *a, 
uint32_t insn)
 static bool trans_ld(DisasContext *ctx, arg_ld *a, uint32_t insn)
 {
 #ifdef TARGET_RISCV64
-gen_load(ctx, OPC_RISC_LD, a->rd, a->rs1, a->imm);
-return true;
+return gen_load(ctx, a, MO_TEQ);
 #else
 return false;
 #endif
diff --git a/target/riscv/translate.c b/target/riscv/translate.c
index 52dbbd8ac8..947fb9345b 100644
--- a/target/riscv/translate.c
+++ b/target/riscv/translate.c
@@ -489,26 +489,6 @@ static void gen_jal(CPURISCVState *env, DisasContext *ctx, 
int rd,
 ctx->base.is_jmp = DISAS_NORETURN;
 }
 
-static void gen_load(DisasContext *ctx, uint32_t opc, int rd, int rs1,
-target_long imm)
-{
-TCGv t0 = tcg_temp_new();
-TCGv t1 = tcg_temp_new();
-gen_get_gpr(t0, rs1);
-tcg_gen_addi_tl(t0, t0, imm);
-int memop = tcg_memop_lookup[(opc >> 12) & 0x7];
-
-if (memop < 0) {
-gen_exception_illegal(ctx);
-return;
-}
-
-tcg_gen_qemu_ld_tl(t1, t0, ctx->mem_idx, memop);
-gen_set_gpr(rd, t1);
-tcg_temp_free(t0);
-tcg_temp_free(t1);
-}
-
 static void gen_store(DisasContext *ctx, uint32_t opc, int rs1, int rs2,
 target_long imm)
 {
-- 
2.19.1

[Qemu-devel] [PATCH v2 22/29] target/riscv: Remove manual decoding from gen_store()

[Bastian Koppelmann]

With decodetree we don't need to convert RISC-V opcodes into to MemOps
as the old gen_store() did.

Reviewed-by: Richard Henderson 
Signed-off-by: Bastian Koppelmann 
Signed-off-by: Peer Adelt 
---
v1 -> v2:
   - trans_store -> gen_store
- removed negative memop check

 target/riscv/insn_trans/trans_rvi.inc.c | 27 ++--
 target/riscv/translate.c| 34 -
 2 files changed, 19 insertions(+), 42 deletions(-)

diff --git a/target/riscv/insn_trans/trans_rvi.inc.c 
b/target/riscv/insn_trans/trans_rvi.inc.c
index 77fa66b7cd..48cc50d35f 100644
--- a/target/riscv/insn_trans/trans_rvi.inc.c
+++ b/target/riscv/insn_trans/trans_rvi.inc.c
@@ -186,29 +186,40 @@ static bool trans_ld(DisasContext *ctx, arg_ld *a, 
uint32_t insn)
 #endif
 }
 
-static bool trans_sb(DisasContext *ctx, arg_sb *a, uint32_t insn)
+static bool gen_store(DisasContext *ctx, arg_sb *a, int memop)
 {
-gen_store(ctx, OPC_RISC_SB, a->rs1, a->rs2, a->imm);
+TCGv t0 = tcg_temp_new();
+TCGv dat = tcg_temp_new();
+gen_get_gpr(t0, a->rs1);
+tcg_gen_addi_tl(t0, t0, a->imm);
+gen_get_gpr(dat, a->rs2);
+
+tcg_gen_qemu_st_tl(dat, t0, ctx->mem_idx, memop);
+tcg_temp_free(t0);
+tcg_temp_free(dat);
 return true;
 }
 
+
+static bool trans_sb(DisasContext *ctx, arg_sb *a, uint32_t insn)
+{
+return gen_store(ctx, a, MO_SB);
+}
+
 static bool trans_sh(DisasContext *ctx, arg_sh *a, uint32_t insn)
 {
-gen_store(ctx, OPC_RISC_SH, a->rs1, a->rs2, a->imm);
-return true;
+return gen_store(ctx, a, MO_TESW);
 }
 
 static bool trans_sw(DisasContext *ctx, arg_sw *a, uint32_t insn)
 {
-gen_store(ctx, OPC_RISC_SW, a->rs1, a->rs2, a->imm);
-return true;
+return gen_store(ctx, a, MO_TESL);
 }
 
 static bool trans_sd(DisasContext *ctx, arg_sd *a, uint32_t insn)
 {
 #ifdef TARGET_RISCV64
-gen_store(ctx, OPC_RISC_SD, a->rs1, a->rs2, a->imm);
-return true;
+return gen_store(ctx, a, MO_TEQ);
 #else
 return false;
 #endif
diff --git a/target/riscv/translate.c b/target/riscv/translate.c
index 947fb9345b..a8dbd00b99 100644
--- a/target/riscv/translate.c
+++ b/target/riscv/translate.c
@@ -55,20 +55,6 @@ typedef struct DisasContext {
 CPURISCVState *env;
 } DisasContext;
 
-/* convert riscv funct3 to qemu memop for load/store */
-static const int tcg_memop_lookup[8] = {
-[0 ... 7] = -1,
-[0] = MO_SB,
-[1] = MO_TESW,
-[2] = MO_TESL,
-[4] = MO_UB,
-[5] = MO_TEUW,
-#ifdef TARGET_RISCV64
-[3] = MO_TEQ,
-[6] = MO_TEUL,
-#endif
-};
-
 #ifdef TARGET_RISCV64
 #define CASE_OP_32_64(X) case X: case glue(X, W)
 #else
@@ -489,26 +475,6 @@ static void gen_jal(CPURISCVState *env, DisasContext *ctx, 
int rd,
 ctx->base.is_jmp = DISAS_NORETURN;
 }
 
-static void gen_store(DisasContext *ctx, uint32_t opc, int rs1, int rs2,
-target_long imm)
-{
-TCGv t0 = tcg_temp_new();
-TCGv dat = tcg_temp_new();
-gen_get_gpr(t0, rs1);
-tcg_gen_addi_tl(t0, t0, imm);
-gen_get_gpr(dat, rs2);
-int memop = tcg_memop_lookup[(opc >> 12) & 0x7];
-
-if (memop < 0) {
-gen_exception_illegal(ctx);
-return;
-}
-
-tcg_gen_qemu_st_tl(dat, t0, ctx->mem_idx, memop);
-tcg_temp_free(t0);
-tcg_temp_free(dat);
-}
-
 static void gen_set_rm(DisasContext *ctx, int rm)
 {
 TCGv_i32 t0;
-- 
2.19.1

[Qemu-devel] [PATCH v2 16/29] target/riscv: Convert quadrant 0 of RVXC insns to decodetree

[Bastian Koppelmann]

Signed-off-by: Bastian Koppelmann 
Signed-off-by: Peer Adelt 
---
v1 -> v2:
- Stack allocate arg_c_* structs
- ex_rvc_register returns int
- special case of trans_c_addi4spn() returns false

 target/riscv/Makefile.objs  |  9 ++-
 target/riscv/insn16.decode  | 55 +++
 target/riscv/insn_trans/trans_rvc.inc.c | 89 +
 target/riscv/translate.c| 88 +---
 4 files changed, 168 insertions(+), 73 deletions(-)
 create mode 100644 target/riscv/insn16.decode
 create mode 100644 target/riscv/insn_trans/trans_rvc.inc.c

diff --git a/target/riscv/Makefile.objs b/target/riscv/Makefile.objs
index ea02f9b9ef..ec7326f1c7 100644
--- a/target/riscv/Makefile.objs
+++ b/target/riscv/Makefile.objs
@@ -8,4 +8,11 @@ target/riscv/decode_insn32.inc.c: \
  $(PYTHON) $(DECODETREE) -o $@ --decode decode_insn32 $<, \
  "GEN", $(TARGET_DIR)$@)
 
-target/riscv/translate.o: target/riscv/decode_insn32.inc.c
+target/riscv/decode_insn16.inc.c: \
+  $(SRC_PATH)/target/riscv/insn16.decode $(DECODETREE)
+   $(call quiet-command, \
+ $(PYTHON) $(DECODETREE) -o $@ --decode decode_insn16 --insnwidth 16 
$<, \
+ "GEN", $(TARGET_DIR)$@)
+
+target/riscv/translate.o: target/riscv/decode_insn32.inc.c \
+   target/riscv/decode_insn16.inc.c
diff --git a/target/riscv/insn16.decode b/target/riscv/insn16.decode
new file mode 100644
index 00..558c0c41f0
--- /dev/null
+++ b/target/riscv/insn16.decode
@@ -0,0 +1,55 @@
+#
+# RISC-V translation routines for the RVXI Base Integer Instruction Set.
+#
+# Copyright (c) 2018 Peer Adelt, peer.ad...@hni.uni-paderborn.de
+#Bastian Koppelmann, kbast...@mail.uni-paderborn.de
+#
+# This program is free software; you can redistribute it and/or modify it
+# under the terms and conditions of the GNU General Public License,
+# version 2 or later, as published by the Free Software Foundation.
+#
+# This program is distributed in the hope it will be useful, but WITHOUT
+# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+# FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License for
+# more details.
+#
+# You should have received a copy of the GNU General Public License along with
+# this program.  If not, see .
+
+# Fields:
+%rd7:5
+%rs1_3 7:3!function=ex_rvc_register
+%rs2_3 2:3!function=ex_rvc_register
+
+# Immediates:
+%nzuimm_ciw7:4 11:2 5:1 6:1   !function=ex_shift_2
+%uimm_cl_d 5:2 10:3   !function=ex_shift_3
+%uimm_cl_w 5:1 10:3 6:1   !function=ex_shift_2
+
+
+# Argument sets:
+&cl   rs1 rd
+&cl_dw uimm   rs1 rd
+&ciw   nzuimm rd
+&cs   rs1 rs2
+&cs_dw uimm   rs1 rs2
+
+
+# Formats 16:
+@ciw   ...    ... .. &ciwnzuimm=%nzuimm_ciw   rd=%rs2_3
+@cl_d  ... ... ... .. ... .. &cl_dw  uimm=%uimm_cl_d  rs1=%rs1_3  rd=%rs2_3
+@cl_w  ... ... ... .. ... .. &cl_dw  uimm=%uimm_cl_w  rs1=%rs1_3  rd=%rs2_3
+@cl... ... ... .. ... .. &cl  rs1=%rs1_3  rd=%rs2_3
+@cs... ... ... .. ... .. &cs  rs1=%rs1_3  
rs2=%rs2_3
+@cs_d  ... ... ... .. ... .. &cs_dw  uimm=%uimm_cl_d  rs1=%rs1_3  
rs2=%rs2_3
+@cs_w  ... ... ... .. ... .. &cs_dw  uimm=%uimm_cl_w  rs1=%rs1_3  
rs2=%rs2_3
+
+
+# *** RV64C Standard Extension (Quadrant 0) ***
+c_addi4spn000 ... 00 @ciw
+c_fld 001  ... ... .. ... 00 @cl_d
+c_lw  010  ... ... .. ... 00 @cl_w
+c_flw_ld  011  --- ... -- ... 00 @cl#Note: Must parse uimm manually
+c_fsd 101  ... ... .. ... 00 @cs_d
+c_sw  110  ... ... .. ... 00 @cs_w
+c_fsw_sd  111  --- ... -- ... 00 @cs#Note: Must parse uimm manually
diff --git a/target/riscv/insn_trans/trans_rvc.inc.c 
b/target/riscv/insn_trans/trans_rvc.inc.c
new file mode 100644
index 00..a959f04421
--- /dev/null
+++ b/target/riscv/insn_trans/trans_rvc.inc.c
@@ -0,0 +1,89 @@
+/*
+ * RISC-V translation routines for the RVC Compressed Instruction Set.
+ *
+ * Copyright (c) 2016-2017 Sagar Karandikar, sag...@eecs.berkeley.edu
+ * Copyright (c) 2018 Peer Adelt, peer.ad...@hni.uni-paderborn.de
+ *Bastian Koppelmann, kbast...@mail.uni-paderborn.de
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms and conditions of the GNU General Public License,
+ * version 2 or later, as published by the Free Software Foundation.
+ *
+ * This program is distributed in the hope it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License for
+ * more details.
+ *
+ * You should have received a copy of the GNU General Public License along with
+ * this program.  If not, see 

[Qemu-devel] [PATCH v2 24/29] target/riscv: make ADD/SUB/OR/XOR/AND insn use arg lists

[Bastian Koppelmann]

manual decoding in gen_arith() is not necessary with decodetree. For now
the function is called trans_arith as the original gen_arith still
exisits. The former will be renamed to gen_arith as soon as the old
gen_arith can be removed.

Signed-off-by: Bastian Koppelmann 
Signed-off-by: Peer Adelt 
---
 target/riscv/insn32.decode  |  3 ++-
 target/riscv/insn_trans/trans_rvi.inc.c | 21 ++--
 target/riscv/translate.c| 33 ++---
 3 files changed, 27 insertions(+), 30 deletions(-)

diff --git a/target/riscv/insn32.decode b/target/riscv/insn32.decode
index 7c045d354c..1541c254df 100644
--- a/target/riscv/insn32.decode
+++ b/target/riscv/insn32.decode
@@ -40,12 +40,13 @@
 # Argument sets:
 &branchimm rs2 rs1
 &arith_imm imm rs1 rd
+&arith rd rs1 rs2
 &shift shamt rs1 rd
 &atomicaq rl rs2 rs1 rd
 
 # Formats 32:
 
-@r   ...   . . ... . ...   %rs2 %rs1 
%rd
+@r   ...   . . ... . ... &arith%rs2 %rs1 
%rd
 @i   . ... . ... &arith_imm imm=%imm_i  %rs1 
%rd
 @b   ...   . . ... . ... &branch imm=%imm_b %rs2 %rs1
 @s   ...   . . ... . ... imm=%imm_s %rs2 %rs1
diff --git a/target/riscv/insn_trans/trans_rvi.inc.c 
b/target/riscv/insn_trans/trans_rvi.inc.c
index c82606f058..c4a928705a 100644
--- a/target/riscv/insn_trans/trans_rvi.inc.c
+++ b/target/riscv/insn_trans/trans_rvi.inc.c
@@ -315,14 +315,12 @@ static bool trans_srai(DisasContext *ctx, arg_srai *a, 
uint32_t insn)
 
 static bool trans_add(DisasContext *ctx, arg_add *a, uint32_t insn)
 {
-gen_arith(ctx, OPC_RISC_ADD, a->rd, a->rs1, a->rs2);
-return true;
+return trans_arith(ctx, a, &tcg_gen_add_tl);
 }
 
 static bool trans_sub(DisasContext *ctx, arg_sub *a, uint32_t insn)
 {
-gen_arith(ctx, OPC_RISC_SUB, a->rd, a->rs1, a->rs2);
-return true;
+return trans_arith(ctx, a, &tcg_gen_sub_tl);
 }
 
 static bool trans_sll(DisasContext *ctx, arg_sll *a, uint32_t insn)
@@ -345,8 +343,7 @@ static bool trans_sltu(DisasContext *ctx, arg_sltu *a, 
uint32_t insn)
 
 static bool trans_xor(DisasContext *ctx, arg_xor *a, uint32_t insn)
 {
-gen_arith(ctx, OPC_RISC_XOR, a->rd, a->rs1, a->rs2);
-return true;
+return trans_arith(ctx, a, &tcg_gen_xor_tl);
 }
 
 static bool trans_srl(DisasContext *ctx, arg_srl *a, uint32_t insn)
@@ -363,14 +360,12 @@ static bool trans_sra(DisasContext *ctx, arg_sra *a, 
uint32_t insn)
 
 static bool trans_or(DisasContext *ctx, arg_or *a, uint32_t insn)
 {
-gen_arith(ctx, OPC_RISC_OR, a->rd, a->rs1, a->rs2);
-return true;
+return trans_arith(ctx, a, &tcg_gen_or_tl);
 }
 
 static bool trans_and(DisasContext *ctx, arg_and *a, uint32_t insn)
 {
-gen_arith(ctx, OPC_RISC_AND, a->rd, a->rs1, a->rs2);
-return true;
+return trans_arith(ctx, a, &tcg_gen_and_tl);
 }
 
 static bool trans_addiw(DisasContext *ctx, arg_addiw *a, uint32_t insn)
@@ -439,8 +434,7 @@ static bool trans_addw(DisasContext *ctx, arg_addw *a, 
uint32_t insn)
 #if !defined(TARGET_RISCV64)
 return false;
 #endif
-gen_arith(ctx, OPC_RISC_ADDW, a->rd, a->rs1, a->rs2);
-return true;
+return trans_arith(ctx, a, &tcg_gen_add_tl);
 }
 
 static bool trans_subw(DisasContext *ctx, arg_subw *a, uint32_t insn)
@@ -448,8 +442,7 @@ static bool trans_subw(DisasContext *ctx, arg_subw *a, 
uint32_t insn)
 #if !defined(TARGET_RISCV64)
 return false;
 #endif
-gen_arith(ctx, OPC_RISC_SUBW, a->rd, a->rs1, a->rs2);
-return true;
+return trans_arith(ctx, a, &tcg_gen_sub_tl);
 }
 
 static bool trans_sllw(DisasContext *ctx, arg_sllw *a, uint32_t insn)
diff --git a/target/riscv/translate.c b/target/riscv/translate.c
index dfd401fe74..fc1ed73784 100644
--- a/target/riscv/translate.c
+++ b/target/riscv/translate.c
@@ -176,12 +176,6 @@ static void gen_arith(DisasContext *ctx, uint32_t opc, int 
rd, int rs1,
 gen_get_gpr(source2, rs2);
 
 switch (opc) {
-CASE_OP_32_64(OPC_RISC_ADD):
-tcg_gen_add_tl(source1, source1, source2);
-break;
-CASE_OP_32_64(OPC_RISC_SUB):
-tcg_gen_sub_tl(source1, source1, source2);
-break;
 #if defined(TARGET_RISCV64)
 case OPC_RISC_SLLW:
 tcg_gen_andi_tl(source2, source2, 0x1F);
@@ -198,9 +192,6 @@ static void gen_arith(DisasContext *ctx, uint32_t opc, int 
rd, int rs1,
 case OPC_RISC_SLTU:
 tcg_gen_setcond_tl(TCG_COND_LTU, source1, source1, source2);
 break;
-case OPC_RISC_XOR:
-tcg_gen_xor_tl(source1, source1, source2);
-break;
 #if defined(TARGET_RISCV64)
 case OPC_RISC_SRLW:
 /* clear upper 32 */
@@ -226,12 +217,6 @@ static void gen_arith(DisasContext *ctx, uint32_t opc, int 
rd, int rs1,
 tcg_gen_andi_tl(source2, source2, TARGET_LONG_BITS - 1);
 tcg_gen_sar_tl(source1, source1, source2);
 break;
-case OPC_RISC_OR:
-tcg_gen_or_tl

[Qemu-devel] [PATCH v2 19/29] target/riscv: Remove gen_jalr()

[Bastian Koppelmann]

trans_jalr() is the only caller, so move the code into trans_jalr().

Reviewed-by: Richard Henderson 
Signed-off-by: Bastian Koppelmann 
Signed-off-by: Peer Adelt 
---
 target/riscv/insn_trans/trans_rvi.inc.c | 28 +-
 target/riscv/translate.c| 38 -
 2 files changed, 27 insertions(+), 39 deletions(-)

diff --git a/target/riscv/insn_trans/trans_rvi.inc.c 
b/target/riscv/insn_trans/trans_rvi.inc.c
index 5d0b4627ae..69dceccb1a 100644
--- a/target/riscv/insn_trans/trans_rvi.inc.c
+++ b/target/riscv/insn_trans/trans_rvi.inc.c
@@ -42,7 +42,33 @@ static bool trans_jal(DisasContext *ctx, arg_jal *a, 
uint32_t insn)
 
 static bool trans_jalr(DisasContext *ctx, arg_jalr *a, uint32_t insn)
 {
-gen_jalr(ctx->env, ctx, OPC_RISC_JALR, a->rd, a->rs1, a->imm);
+/* no chaining with JALR */
+TCGLabel *misaligned = NULL;
+TCGv t0 = tcg_temp_new();
+
+
+gen_get_gpr(cpu_pc, a->rs1);
+tcg_gen_addi_tl(cpu_pc, cpu_pc, a->imm);
+tcg_gen_andi_tl(cpu_pc, cpu_pc, (target_ulong)-2);
+
+if (!riscv_has_ext(ctx->env, RVC)) {
+misaligned = gen_new_label();
+tcg_gen_andi_tl(t0, cpu_pc, 0x2);
+tcg_gen_brcondi_tl(TCG_COND_NE, t0, 0x0, misaligned);
+}
+
+if (a->rd != 0) {
+tcg_gen_movi_tl(cpu_gpr[a->rd], ctx->pc_succ_insn);
+}
+tcg_gen_lookup_and_goto_ptr();
+
+if (misaligned) {
+gen_set_label(misaligned);
+gen_exception_inst_addr_mis(ctx);
+}
+ctx->base.is_jmp = DISAS_NORETURN;
+
+tcg_temp_free(t0);
 return true;
 }
 
diff --git a/target/riscv/translate.c b/target/riscv/translate.c
index 4f241a5e1e..9161a58893 100644
--- a/target/riscv/translate.c
+++ b/target/riscv/translate.c
@@ -489,44 +489,6 @@ static void gen_jal(CPURISCVState *env, DisasContext *ctx, 
int rd,
 ctx->base.is_jmp = DISAS_NORETURN;
 }
 
-static void gen_jalr(CPURISCVState *env, DisasContext *ctx, uint32_t opc,
- int rd, int rs1, target_long imm)
-{
-/* no chaining with JALR */
-TCGLabel *misaligned = NULL;
-TCGv t0 = tcg_temp_new();
-
-switch (opc) {
-case OPC_RISC_JALR:
-gen_get_gpr(cpu_pc, rs1);
-tcg_gen_addi_tl(cpu_pc, cpu_pc, imm);
-tcg_gen_andi_tl(cpu_pc, cpu_pc, (target_ulong)-2);
-
-if (!riscv_has_ext(env, RVC)) {
-misaligned = gen_new_label();
-tcg_gen_andi_tl(t0, cpu_pc, 0x2);
-tcg_gen_brcondi_tl(TCG_COND_NE, t0, 0x0, misaligned);
-}
-
-if (rd != 0) {
-tcg_gen_movi_tl(cpu_gpr[rd], ctx->pc_succ_insn);
-}
-tcg_gen_lookup_and_goto_ptr();
-
-if (misaligned) {
-gen_set_label(misaligned);
-gen_exception_inst_addr_mis(ctx);
-}
-ctx->base.is_jmp = DISAS_NORETURN;
-break;
-
-default:
-gen_exception_illegal(ctx);
-break;
-}
-tcg_temp_free(t0);
-}
-
 static void gen_branch(CPURISCVState *env, DisasContext *ctx, uint32_t opc,
int rs1, int rs2, target_long bimm)
 {
-- 
2.19.1

[Qemu-devel] [PATCH v2 18/29] target/riscv: Convert quadrant 2 of RVXC insns to decodetree

[Bastian Koppelmann]

This also removes all functions that now became obsolete.

Signed-off-by: Bastian Koppelmann 
---
 target/riscv/insn16.decode  |  34 +-
 target/riscv/insn_trans/trans_rvc.inc.c | 103 
 target/riscv/translate.c| 151 +---
 3 files changed, 135 insertions(+), 153 deletions(-)

diff --git a/target/riscv/insn16.decode b/target/riscv/insn16.decode
index 29dade0fa1..138290c450 100644
--- a/target/riscv/insn16.decode
+++ b/target/riscv/insn16.decode
@@ -20,6 +20,7 @@
 %rd7:5
 %rs1_3 7:3!function=ex_rvc_register
 %rs2_3 2:3!function=ex_rvc_register
+%rs2_5 2:5
 
 # Immediates:
 %imm_ci12:s1 2:5
@@ -30,12 +31,14 @@
 %imm_cj12:s1 8:1 9:2 6:1 7:1 2:1 11:1 3:3 !function=ex_shift_1
 
 %nzuimm_6bit   12:1 2:5
+%uimm_6bit_ld 2:3 12:1 5:2   !function=ex_shift_3
+%uimm_6bit_lw 2:2 12:1 4:3   !function=ex_shift_2
+%uimm_6bit_sd 7:3 10:3   !function=ex_shift_3
+%uimm_6bit_sw 7:2 9:4!function=ex_shift_2
 
 %imm_addi16sp  12:s1 3:2 5:1 2:1 6:1 !function=ex_shift_4
 %imm_lui   12:s1 2:5 !function=ex_shift_12
 
-
-
 # Argument sets:
 &cl   rs1 rd
 &cl_dw uimm   rs1 rd
@@ -47,11 +50,15 @@
 &cr   rd  rs2
 &c_j   imm
 &c_shift   shamt  rd
-
+&c_ld  uimm  rd
+&c_sd  uimm  rs2
 
 &c_addi16sp_lui  imm_lui imm_addi16sp rd
+&c_flwsp_ldspuimm_flwsp uimm_ldsp rd
+&c_fswsp_sdspuimm_fswsp uimm_sdsp rs2
 
 # Formats 16:
+@cr  . .  .. &cr  rs2=%rs2_5  %rd
 @ci... . . .  .. &ci imm=%imm_ci  %rd
 @ciw   ...    ... .. &ciwnzuimm=%nzuimm_ciw   rd=%rs2_3
 @cl_d  ... ... ... .. ... .. &cl_dw  uimm=%uimm_cl_d  rs1=%rs1_3  rd=%rs2_3
@@ -64,9 +71,19 @@
 @cb... ... ... .. ... .. &cb imm=%imm_cb  rs1=%rs1_3
 @cj...... .. &c_jimm=%imm_cj
 
+@c_ld  ... . .  . .. &c_ld uimm=%uimm_6bit_ld  %rd
+@c_lw  ... . .  . .. &c_ld uimm=%uimm_6bit_lw  %rd
+@c_sd  ... . .  . .. &c_sd uimm=%uimm_6bit_sd  rs2=%rs2_5
+@c_sw  ... . .  . .. &c_sd uimm=%uimm_6bit_sw  rs2=%rs2_5
+
 @c_addi16sp_lui ... .  . . .. &c_addi16sp_lui %imm_lui %imm_addi16sp 
%rd
+@c_flwsp_ldsp   ... .  . . .. &c_flwsp_ldsp uimm_flwsp=%uimm_6bit_lw \
+uimm_ldsp=%uimm_6bit_ld %rd
+@c_fswsp_sdsp   ... .  . . .. &c_fswsp_sdsp uimm_fswsp=%uimm_6bit_sw \
+uimm_sdsp=%uimm_6bit_sd rs2=%rs2_5
 
 @c_shift... . .. ... . .. &c_shift rd=%rs1_3 shamt=%nzuimm_6bit
+@c_shift2   ... . .. ... . .. &c_shift rd=%rdshamt=%nzuimm_6bit
 
 @c_andi ... . .. ... . .. &ci imm=%imm_ci rd=%rs1_3
 
@@ -96,3 +113,14 @@ c_addw100 1 11 ... 01 ... 01 @cs_2
 c_j   101 ... 01 @cj
 c_beqz110  ... ...  . 01 @cb
 c_bnez111  ... ...  . 01 @cb
+
+# *** RV64C Standard Extension (Quadrant 2) ***
+c_slli000 .  .  . 10 @c_shift2
+c_fldsp   001 .  .  . 10 @c_ld
+c_lwsp010 .  .  . 10 @c_lw
+c_flwsp_ldsp  011 .  .  . 10 @c_flwsp_ldsp 
#C.LDSP:RV64;C.FLWSP:RV32
+c_jr_mv   100 0  .  . 10 @cr
+c_ebreak_jalr_add 100 1  .  . 10 @cr
+c_fsdsp   101   ..  . 10 @c_sd
+c_swsp110 .  .  . 10 @c_sw
+c_fswsp_sdsp  111 .  .  . 10 @c_fswsp_sdsp 
#C.SDSP:RV64;C.FSWSP:RV32
diff --git a/target/riscv/insn_trans/trans_rvc.inc.c 
b/target/riscv/insn_trans/trans_rvc.inc.c
index dc7d9922f2..593dfb82a3 100644
--- a/target/riscv/insn_trans/trans_rvc.inc.c
+++ b/target/riscv/insn_trans/trans_rvc.inc.c
@@ -232,3 +232,106 @@ static bool trans_c_bnez(DisasContext *ctx, arg_c_bnez 
*a, uint16_t insn)
 arg_bne arg = { .rs1 = a->rs1, .rs2 = 0, .imm = a->imm };
 return trans_bne(ctx, &arg, insn);
 }
+
+static bool trans_c_slli(DisasContext *ctx, arg_c_slli *a, uint16_t insn)
+{
+int shamt = a->shamt;
+if (shamt == 0) {
+/* For RV128 a shamt of 0 means a shift by 64 */
+shamt = 64;
+}
+/* Ensure, that shamt[5] is zero for RV32 */
+if (shamt >= TARGET_LONG_BITS) {
+return false;
+}
+
+arg_slli arg = { .rd = a->rd, .rs1 = a->rd, .shamt = a->shamt };
+return trans_slli(ctx, &arg, insn);
+}
+
+static bool trans_c_fldsp(DisasContext *ctx, arg_c_fldsp *a, uint16_t insn)
+{
+arg_fld arg = { .rd = a->rd, .rs1 = 2, .imm = a->uimm };
+return trans_fld(ctx, &arg, insn);
+}
+
+static bool trans_c_lwsp(DisasContext *ctx, arg_c_lwsp *a, uint16_t insn)
+{
+arg_lw arg = { .rd = a->rd, .rs1 = 2, .imm = a->uimm };
+return trans_lw(ctx, &arg, insn);
+}
+
+static bool trans_c_flwsp_ldsp(DisasContext *ctx, arg_c_flwsp_ldsp *a,
+uint16_t insn)
+{
+#ifdef TARGET_RISCV32
+/* C.FLWSP */
+arg_flw

[Qemu-devel] [PATCH v2 25/29] target/riscv: Remove shift and slt insn manual decoding

[Bastian Koppelmann]

Reviewed-by: Richard Henderson 
Signed-off-by: Bastian Koppelmann 
Signed-off-by: Peer Adelt 
---
v1 -> v2:
- trans_shift -> gen_shift

 target/riscv/insn_trans/trans_rvi.inc.c | 79 +
 target/riscv/translate.c| 59 ++
 2 files changed, 86 insertions(+), 52 deletions(-)

diff --git a/target/riscv/insn_trans/trans_rvi.inc.c 
b/target/riscv/insn_trans/trans_rvi.inc.c
index c4a928705a..5ece5e2f6a 100644
--- a/target/riscv/insn_trans/trans_rvi.inc.c
+++ b/target/riscv/insn_trans/trans_rvi.inc.c
@@ -325,19 +325,39 @@ static bool trans_sub(DisasContext *ctx, arg_sub *a, 
uint32_t insn)
 
 static bool trans_sll(DisasContext *ctx, arg_sll *a, uint32_t insn)
 {
-gen_arith(ctx, OPC_RISC_SLL, a->rd, a->rs1, a->rs2);
-return true;
+
+return gen_shift(ctx, a, &tcg_gen_shl_tl);
 }
 
 static bool trans_slt(DisasContext *ctx, arg_slt *a, uint32_t insn)
 {
-gen_arith(ctx, OPC_RISC_SLT, a->rd, a->rs1, a->rs2);
+TCGv source1 = tcg_temp_new();
+TCGv source2 = tcg_temp_new();
+
+gen_get_gpr(source1, a->rs1);
+gen_get_gpr(source2, a->rs2);
+
+tcg_gen_setcond_tl(TCG_COND_LT, source1, source1, source2);
+
+gen_set_gpr(a->rd, source1);
+tcg_temp_free(source1);
+tcg_temp_free(source2);
 return true;
 }
 
 static bool trans_sltu(DisasContext *ctx, arg_sltu *a, uint32_t insn)
 {
-gen_arith(ctx, OPC_RISC_SLTU, a->rd, a->rs1, a->rs2);
+TCGv source1 = tcg_temp_new();
+TCGv source2 = tcg_temp_new();
+
+gen_get_gpr(source1, a->rs1);
+gen_get_gpr(source2, a->rs2);
+
+tcg_gen_setcond_tl(TCG_COND_LTU, source1, source1, source2);
+
+gen_set_gpr(a->rd, source1);
+tcg_temp_free(source1);
+tcg_temp_free(source2);
 return true;
 }
 
@@ -346,16 +366,15 @@ static bool trans_xor(DisasContext *ctx, arg_xor *a, 
uint32_t insn)
 return trans_arith(ctx, a, &tcg_gen_xor_tl);
 }
 
+
 static bool trans_srl(DisasContext *ctx, arg_srl *a, uint32_t insn)
 {
-gen_arith(ctx, OPC_RISC_SRL, a->rd, a->rs1, a->rs2);
-return true;
+return gen_shift(ctx, a, &tcg_gen_shr_tl);
 }
 
 static bool trans_sra(DisasContext *ctx, arg_sra *a, uint32_t insn)
 {
-gen_arith(ctx, OPC_RISC_SRA, a->rd, a->rs1, a->rs2);
-return true;
+return gen_shift(ctx, a, &tcg_gen_sar_tl);
 }
 
 static bool trans_or(DisasContext *ctx, arg_or *a, uint32_t insn)
@@ -450,7 +469,18 @@ static bool trans_sllw(DisasContext *ctx, arg_sllw *a, 
uint32_t insn)
 #if !defined(TARGET_RISCV64)
 return false;
 #endif
-gen_arith(ctx, OPC_RISC_SLLW, a->rd, a->rs1, a->rs2);
+TCGv source1 = tcg_temp_new();
+TCGv source2 = tcg_temp_new();
+
+gen_get_gpr(source1, a->rs1);
+gen_get_gpr(source2, a->rs2);
+
+tcg_gen_andi_tl(source2, source2, 0x1F);
+tcg_gen_shl_tl(source1, source1, source2);
+
+gen_set_gpr(a->rd, source1);
+tcg_temp_free(source1);
+tcg_temp_free(source2);
 return true;
 }
 
@@ -459,7 +489,20 @@ static bool trans_srlw(DisasContext *ctx, arg_srlw *a, 
uint32_t insn)
 #if !defined(TARGET_RISCV64)
 return false;
 #endif
-gen_arith(ctx, OPC_RISC_SRLW, a->rd, a->rs1, a->rs2);
+TCGv source1 = tcg_temp_new();
+TCGv source2 = tcg_temp_new();
+
+gen_get_gpr(source1, a->rs1);
+gen_get_gpr(source2, a->rs2);
+
+/* clear upper 32 */
+tcg_gen_ext32u_tl(source1, source1);
+tcg_gen_andi_tl(source2, source2, 0x1F);
+tcg_gen_shr_tl(source1, source1, source2);
+
+gen_set_gpr(a->rd, source1);
+tcg_temp_free(source1);
+tcg_temp_free(source2);
 return true;
 }
 
@@ -468,7 +511,21 @@ static bool trans_sraw(DisasContext *ctx, arg_sraw *a, 
uint32_t insn)
 #if !defined(TARGET_RISCV64)
 return false;
 #endif
-gen_arith(ctx, OPC_RISC_SRAW, a->rd, a->rs1, a->rs2);
+TCGv source1 = tcg_temp_new();
+TCGv source2 = tcg_temp_new();
+
+gen_get_gpr(source1, a->rs1);
+gen_get_gpr(source2, a->rs2);
+
+/* first, trick to get it to act like working on 32 bits (get rid of
+   upper 32, sign extend to fill space) */
+tcg_gen_ext32s_tl(source1, source1);
+tcg_gen_andi_tl(source2, source2, 0x1F);
+tcg_gen_sar_tl(source1, source1, source2);
+
+gen_set_gpr(a->rd, source1);
+tcg_temp_free(source1);
+tcg_temp_free(source2);
 return true;
 }
 
diff --git a/target/riscv/translate.c b/target/riscv/translate.c
index fc1ed73784..d85c21ee91 100644
--- a/target/riscv/translate.c
+++ b/target/riscv/translate.c
@@ -176,47 +176,6 @@ static void gen_arith(DisasContext *ctx, uint32_t opc, int 
rd, int rs1,
 gen_get_gpr(source2, rs2);
 
 switch (opc) {
-#if defined(TARGET_RISCV64)
-case OPC_RISC_SLLW:
-tcg_gen_andi_tl(source2, source2, 0x1F);
-tcg_gen_shl_tl(source1, source1, source2);
-break;
-#endif
-case OPC_RISC_SLL:
-tcg_gen_andi_tl(source2, source2, TARGET_LONG_BITS - 1);
-tcg_gen_shl_tl(source1, source1, source2);
-break;
-case OPC_RISC_SLT:
-   

[Qemu-devel] [PATCH v2 27/29] target/riscv: Remove gen_system()

[Bastian Koppelmann]

with all 16 bit insns moved to decodetree no path is falling back to
gen_system(), so we can remove it.

Reviewed-by: Richard Henderson 
Signed-off-by: Bastian Koppelmann 
Signed-off-by: Peer Adelt 
---
 target/riscv/translate.c | 32 
 1 file changed, 32 deletions(-)

diff --git a/target/riscv/translate.c b/target/riscv/translate.c
index b542daf844..a3b8792a1a 100644
--- a/target/riscv/translate.c
+++ b/target/riscv/translate.c
@@ -306,34 +306,6 @@ static void gen_set_rm(DisasContext *ctx, int rm)
 tcg_temp_free_i32(t0);
 }
 
-
-static void gen_system(CPURISCVState *env, DisasContext *ctx, uint32_t opc,
-  int rd, int rs1, int csr)
-{
-tcg_gen_movi_tl(cpu_pc, ctx->base.pc_next);
-
-switch (opc) {
-case OPC_RISC_ECALL:
-switch (csr) {
-case 0x0: /* ECALL */
-/* always generates U-level ECALL, fixed in do_interrupt handler */
-generate_exception(ctx, RISCV_EXCP_U_ECALL);
-tcg_gen_exit_tb(NULL, 0); /* no chaining */
-ctx->base.is_jmp = DISAS_NORETURN;
-break;
-case 0x1: /* EBREAK */
-generate_exception(ctx, RISCV_EXCP_BREAKPOINT);
-tcg_gen_exit_tb(NULL, 0); /* no chaining */
-ctx->base.is_jmp = DISAS_NORETURN;
-break;
-default:
-gen_exception_illegal(ctx);
-break;
-}
-break;
-}
-}
-
 #define EX_SH(amount) \
 static int32_t ex_shift_##amount(int imm) \
 { \
@@ -458,10 +430,6 @@ static void decode_RV32_64G(CPURISCVState *env, 
DisasContext *ctx)
 rd = GET_RD(ctx->opcode);
 
 switch (op) {
-case OPC_RISC_SYSTEM:
-gen_system(env, ctx, MASK_OP_SYSTEM(ctx->opcode), rd, rs1,
-   (ctx->opcode & 0xFFF0) >> 20);
-break;
 default:
 gen_exception_illegal(ctx);
 break;
-- 
2.19.1

[Qemu-devel] [PATCH v2 29/29] target/riscv: Rename trans_arith to gen_arith

[Bastian Koppelmann]

Signed-off-by: Bastian Koppelmann 
---
 target/riscv/insn_trans/trans_rvi.inc.c | 14 +++---
 target/riscv/insn_trans/trans_rvm.inc.c | 14 +++---
 target/riscv/translate.c|  4 ++--
 3 files changed, 16 insertions(+), 16 deletions(-)

diff --git a/target/riscv/insn_trans/trans_rvi.inc.c 
b/target/riscv/insn_trans/trans_rvi.inc.c
index 5ece5e2f6a..0455f0bf91 100644
--- a/target/riscv/insn_trans/trans_rvi.inc.c
+++ b/target/riscv/insn_trans/trans_rvi.inc.c
@@ -315,12 +315,12 @@ static bool trans_srai(DisasContext *ctx, arg_srai *a, 
uint32_t insn)
 
 static bool trans_add(DisasContext *ctx, arg_add *a, uint32_t insn)
 {
-return trans_arith(ctx, a, &tcg_gen_add_tl);
+return gen_arith(ctx, a, &tcg_gen_add_tl);
 }
 
 static bool trans_sub(DisasContext *ctx, arg_sub *a, uint32_t insn)
 {
-return trans_arith(ctx, a, &tcg_gen_sub_tl);
+return gen_arith(ctx, a, &tcg_gen_sub_tl);
 }
 
 static bool trans_sll(DisasContext *ctx, arg_sll *a, uint32_t insn)
@@ -363,7 +363,7 @@ static bool trans_sltu(DisasContext *ctx, arg_sltu *a, 
uint32_t insn)
 
 static bool trans_xor(DisasContext *ctx, arg_xor *a, uint32_t insn)
 {
-return trans_arith(ctx, a, &tcg_gen_xor_tl);
+return gen_arith(ctx, a, &tcg_gen_xor_tl);
 }
 
 
@@ -379,12 +379,12 @@ static bool trans_sra(DisasContext *ctx, arg_sra *a, 
uint32_t insn)
 
 static bool trans_or(DisasContext *ctx, arg_or *a, uint32_t insn)
 {
-return trans_arith(ctx, a, &tcg_gen_or_tl);
+return gen_arith(ctx, a, &tcg_gen_or_tl);
 }
 
 static bool trans_and(DisasContext *ctx, arg_and *a, uint32_t insn)
 {
-return trans_arith(ctx, a, &tcg_gen_and_tl);
+return gen_arith(ctx, a, &tcg_gen_and_tl);
 }
 
 static bool trans_addiw(DisasContext *ctx, arg_addiw *a, uint32_t insn)
@@ -453,7 +453,7 @@ static bool trans_addw(DisasContext *ctx, arg_addw *a, 
uint32_t insn)
 #if !defined(TARGET_RISCV64)
 return false;
 #endif
-return trans_arith(ctx, a, &tcg_gen_add_tl);
+return gen_arith(ctx, a, &tcg_gen_add_tl);
 }
 
 static bool trans_subw(DisasContext *ctx, arg_subw *a, uint32_t insn)
@@ -461,7 +461,7 @@ static bool trans_subw(DisasContext *ctx, arg_subw *a, 
uint32_t insn)
 #if !defined(TARGET_RISCV64)
 return false;
 #endif
-return trans_arith(ctx, a, &tcg_gen_sub_tl);
+return gen_arith(ctx, a, &tcg_gen_sub_tl);
 }
 
 static bool trans_sllw(DisasContext *ctx, arg_sllw *a, uint32_t insn)
diff --git a/target/riscv/insn_trans/trans_rvm.inc.c 
b/target/riscv/insn_trans/trans_rvm.inc.c
index 93859745b8..0bc9b4347a 100644
--- a/target/riscv/insn_trans/trans_rvm.inc.c
+++ b/target/riscv/insn_trans/trans_rvm.inc.c
@@ -21,7 +21,7 @@
 
 static bool trans_mul(DisasContext *ctx, arg_mul *a, uint32_t insn)
 {
-return trans_arith(ctx, a, &tcg_gen_mul_tl);
+return gen_arith(ctx, a, &tcg_gen_mul_tl);
 }
 
 static bool trans_mulh(DisasContext *ctx, arg_mulh *a, uint32_t insn)
@@ -41,7 +41,7 @@ static bool trans_mulh(DisasContext *ctx, arg_mulh *a, 
uint32_t insn)
 
 static bool trans_mulhsu(DisasContext *ctx, arg_mulhsu *a, uint32_t insn)
 {
-return trans_arith(ctx, a, &gen_mulhsu);
+return gen_arith(ctx, a, &gen_mulhsu);
 }
 
 static bool trans_mulhu(DisasContext *ctx, arg_mulhu *a, uint32_t insn)
@@ -61,28 +61,28 @@ static bool trans_mulhu(DisasContext *ctx, arg_mulhu *a, 
uint32_t insn)
 
 static bool trans_div(DisasContext *ctx, arg_div *a, uint32_t insn)
 {
-return trans_arith(ctx, a, &gen_div);
+return gen_arith(ctx, a, &gen_div);
 }
 
 static bool trans_divu(DisasContext *ctx, arg_divu *a, uint32_t insn)
 {
-return trans_arith(ctx, a, &gen_divu);
+return gen_arith(ctx, a, &gen_divu);
 }
 
 static bool trans_rem(DisasContext *ctx, arg_rem *a, uint32_t insn)
 {
-return trans_arith(ctx, a, &gen_rem);
+return gen_arith(ctx, a, &gen_rem);
 }
 
 static bool trans_remu(DisasContext *ctx, arg_remu *a, uint32_t insn)
 {
-return trans_arith(ctx, a, &gen_remu);
+return gen_arith(ctx, a, &gen_remu);
 }
 
 static bool trans_mulw(DisasContext *ctx, arg_mulw *a, uint32_t insn)
 {
 #ifdef TARGET_RISCV64
-return trans_arith(ctx, a, &tcg_gen_mul_tl);
+return gen_arith(ctx, a, &tcg_gen_mul_tl);
 #else
 return false;
 #endif
diff --git a/target/riscv/translate.c b/target/riscv/translate.c
index 66241ecf33..ece163e69f 100644
--- a/target/riscv/translate.c
+++ b/target/riscv/translate.c
@@ -344,8 +344,8 @@ static bool gen_arith_imm(DisasContext *ctx, arg_arith_imm 
*a,
 return true;
 }
 
-static bool trans_arith(DisasContext *ctx, arg_arith *a,
-void(*func)(TCGv, TCGv, TCGv))
+static bool gen_arith(DisasContext *ctx, arg_arith *a,
+  void(*func)(TCGv, TCGv, TCGv))
 {
 TCGv source1, source2;
 source1 = tcg_temp_new();
-- 
2.19.1

[Qemu-devel] [PATCH v2 23/29] target/riscv: Move gen_arith_imm() decoding into trans_* functions

[Bastian Koppelmann]

gen_arith_imm() does a lot of decoding manually, which was hard to read in
case of the shift instructions and is not necessary anymore with decodetree.

Signed-off-by: Bastian Koppelmann 
Signed-off-by: Peer Adelt 
---
v1 -> v2:
- trans_arith_imm -> gen_arith_imm
- Add missing TARGET_RISC64 checks
- Reimplement shift translators that were omited in [0004/0028]

 target/riscv/insn32.decode  |   3 +-
 target/riscv/insn_trans/trans_rvi.inc.c | 111 
 target/riscv/translate.c|  99 -
 3 files changed, 113 insertions(+), 100 deletions(-)

diff --git a/target/riscv/insn32.decode b/target/riscv/insn32.decode
index ffb4f00274..7c045d354c 100644
--- a/target/riscv/insn32.decode
+++ b/target/riscv/insn32.decode
@@ -39,13 +39,14 @@
 
 # Argument sets:
 &branchimm rs2 rs1
+&arith_imm imm rs1 rd
 &shift shamt rs1 rd
 &atomicaq rl rs2 rs1 rd
 
 # Formats 32:
 
 @r   ...   . . ... . ...   %rs2 %rs1 
%rd
-@i   . ... . ... imm=%imm_i %rs1 
%rd
+@i   . ... . ... &arith_imm imm=%imm_i  %rs1 
%rd
 @b   ...   . . ... . ... &branch imm=%imm_b %rs2 %rs1
 @s   ...   . . ... . ... imm=%imm_s %rs2 %rs1
 @u     . ... imm=%imm_u  
%rd
diff --git a/target/riscv/insn_trans/trans_rvi.inc.c 
b/target/riscv/insn_trans/trans_rvi.inc.c
index 48cc50d35f..c82606f058 100644
--- a/target/riscv/insn_trans/trans_rvi.inc.c
+++ b/target/riscv/insn_trans/trans_rvi.inc.c
@@ -227,52 +227,89 @@ static bool trans_sd(DisasContext *ctx, arg_sd *a, 
uint32_t insn)
 
 static bool trans_addi(DisasContext *ctx, arg_addi *a, uint32_t insn)
 {
-gen_arith_imm(ctx, OPC_RISC_ADDI, a->rd, a->rs1, a->imm);
-return true;
+return gen_arith_imm(ctx, a, &tcg_gen_add_tl);
 }
 
 static bool trans_slti(DisasContext *ctx, arg_slti *a, uint32_t insn)
 {
-gen_arith_imm(ctx, OPC_RISC_SLTI, a->rd, a->rs1, a->imm);
+TCGv source1;
+source1 = tcg_temp_new();
+gen_get_gpr(source1, a->rs1);
+
+tcg_gen_setcondi_tl(TCG_COND_LT, source1, source1, a->imm);
+
+gen_set_gpr(a->rd, source1);
+tcg_temp_free(source1);
 return true;
 }
 
 static bool trans_sltiu(DisasContext *ctx, arg_sltiu *a, uint32_t insn)
 {
-gen_arith_imm(ctx, OPC_RISC_SLTIU, a->rd, a->rs1, a->imm);
+TCGv source1;
+source1 = tcg_temp_new();
+gen_get_gpr(source1, a->rs1);
+
+tcg_gen_setcondi_tl(TCG_COND_LTU, source1, source1, a->imm);
+
+gen_set_gpr(a->rd, source1);
+tcg_temp_free(source1);
 return true;
 }
 
 static bool trans_xori(DisasContext *ctx, arg_xori *a, uint32_t insn)
 {
-gen_arith_imm(ctx, OPC_RISC_XORI, a->rd, a->rs1, a->imm);
-return true;
+return gen_arith_imm(ctx, a, &tcg_gen_xor_tl);
 }
+
 static bool trans_ori(DisasContext *ctx, arg_ori *a, uint32_t insn)
 {
-gen_arith_imm(ctx, OPC_RISC_ORI, a->rd, a->rs1, a->imm);
-return true;
+return gen_arith_imm(ctx, a, &tcg_gen_or_tl);
 }
+
 static bool trans_andi(DisasContext *ctx, arg_andi *a, uint32_t insn)
 {
-gen_arith_imm(ctx, OPC_RISC_ANDI, a->rd, a->rs1, a->imm);
-return true;
+return gen_arith_imm(ctx, a, &tcg_gen_and_tl);
 }
+
 static bool trans_slli(DisasContext *ctx, arg_slli *a, uint32_t insn)
 {
-gen_arith_imm(ctx, OPC_RISC_SLLI, a->rd, a->rs1, a->shamt);
+if (a->rd != 0) {
+TCGv t = tcg_temp_new();
+gen_get_gpr(t, a->rs1);
+
+if (a->shamt >= TARGET_LONG_BITS) {
+gen_exception_illegal(ctx);
+return true;
+}
+tcg_gen_shli_tl(t, t, a->shamt);
+
+gen_set_gpr(a->rd, t);
+tcg_temp_free(t);
+} /* NOP otherwise */
 return true;
 }
 
 static bool trans_srli(DisasContext *ctx, arg_srli *a, uint32_t insn)
 {
-gen_arith_imm(ctx, OPC_RISC_SHIFT_RIGHT_I, a->rd, a->rs1, a->shamt);
+if (a->rd != 0) {
+TCGv t = tcg_temp_new();
+gen_get_gpr(t, a->rs1);
+tcg_gen_extract_tl(t, t, a->shamt, 64 - a->shamt);
+gen_set_gpr(a->rd, t);
+tcg_temp_free(t);
+} /* NOP otherwise */
 return true;
 }
 
 static bool trans_srai(DisasContext *ctx, arg_srai *a, uint32_t insn)
 {
-gen_arith_imm(ctx, OPC_RISC_SHIFT_RIGHT_I, a->rd, a->rs1, a->shamt | 
0x400);
+if (a->rd != 0) {
+TCGv t = tcg_temp_new();
+gen_get_gpr(t, a->rs1);
+tcg_gen_sextract_tl(t, t, a->shamt, 64 - a->shamt);
+gen_set_gpr(a->rd, t);
+tcg_temp_free(t);
+} /* NOP otherwise */
 return true;
 }
 
@@ -338,27 +375,63 @@ static bool trans_and(DisasContext *ctx, arg_and *a, 
uint32_t insn)
 
 static bool trans_addiw(DisasContext *ctx, arg_addiw *a, uint32_t insn)
 {
-gen_arith_imm(ctx, OPC_RISC_ADDIW, a->rd, a->rs1, a->imm);
-return true;
+#ifdef TARGET_RISCV64
+bool res = gen_arith_imm(ctx,

Re: [Qemu-devel] [PATCH v3 3/6] tests/acceptance: Add test_mips_4kc_malta in BootLinuxConsole

[Philippe Mathieu-Daudé]

On 20/10/2018 00:51, Cleber Rosa wrote:
> 
> 
> On 10/19/18 5:17 PM, Cleber Rosa wrote:
>>
>>
>> On 10/19/18 2:41 PM, Philippe Mathieu-Daudé wrote:
>>> On 19/10/2018 19:42, Cleber Rosa wrote:


 On 10/13/18 11:15 AM, Philippe Mathieu-Daudé wrote:
> Similar to the test_x86_64_pc test, this boots a Linux kernel on a
> Malta board (MIPS 4Kc big-endian) and verify the serial is working.
>
> This test requires the dpkg-deb tool (apt/dnf install dpkg) to
> extract the kernel from the Debian package.
>

 Debian packages are really "ar" archives, with a control.tar.gz and
 data.tar.gz in them.  More on that later.

>   $ avocado --show=console run -p arch=mips 
> tests/acceptance/boot_linux_console.py
>   console: [0.00] Initializing cgroup subsys cpuset
>   console: [0.00] Initializing cgroup subsys cpu
>   console: [0.00] Linux version 2.6.32-5-4kc-malta (Debian 
> 2.6.32-48) (b...@decadent.org.uk) (gcc version 4.3.5 (Debian 4.3.5-4) ) 
> #1 Sat Feb 16 12:43:42 UTC 2013
>   console: [0.00]
>   console: [0.00] LINUX started...
>   console: [0.00] bootconsole [early0] enabled
>   console: [0.00] CPU revision is: 00019300 (MIPS 24Kc)
>   console: [0.00] FPU revision is: 00739300
>   console: [0.00] Determined physical RAM map:
>   console: [0.00]  memory: 1000 @  (reserved)
>   console: [0.00]  memory: 000ef000 @ 1000 (ROM data)
>   console: [0.00]  memory: 005b7000 @ 000f (reserved)
>   console: [0.00]  memory: 03958000 @ 006a7000 (usable)
>   console: [0.00] Wasting 54496 bytes for tracking 1703 unused 
> pages
>   console: [0.00] Initrd not found or empty - disabling initrd
>   console: [0.00] Zone PFN ranges:
>   console: [0.00]   DMA  0x -> 0x1000
>   console: [0.00]   Normal   0x1000 -> 0x3fff
>   console: [0.00] Movable zone start PFN for each node
>   console: [0.00] early_node_map[1] active PFN ranges
>   console: [0.00] 0: 0x -> 0x3fff
>   console: [0.00] Built 1 zonelists in Zone order, mobility 
> grouping on.  Total pages: 16255
>   console: [0.00] Kernel command line: console=ttyS0 printk.time=0
>
> Signed-off-by: Philippe Mathieu-Daudé 
> ---
>  tests/acceptance/boot_linux_console.py | 46 ++
>  1 file changed, 46 insertions(+)
>
> diff --git a/tests/acceptance/boot_linux_console.py 
> b/tests/acceptance/boot_linux_console.py
> index 3aa4dbe5f9..81c96fc338 100644
> --- a/tests/acceptance/boot_linux_console.py
> +++ b/tests/acceptance/boot_linux_console.py
> @@ -9,6 +9,7 @@
>  # later.  See the COPYING file in the top-level directory.
>  
>  import logging
> +import subprocess

 It's definitely your call, but I like to think that
 avocado.utils.process provides simpler and more capable functions:

 https://avocado-framework.readthedocs.io/en/65.0/api/utils/avocado.utils.html#avocado.utils.process.run
>>>
>>> OK
>>>

>  
>  from avocado_qemu import Test
>  
> @@ -47,3 +48,48 @@ class BootLinuxConsole(Test):
>  break
>  if 'Kernel panic - not syncing' in msg:
>  self.fail("Kernel panic reached")
> +
> +def test_mips_4kc_malta(self):
> +"""
> +This test requires the dpkg-deb tool (apt/dnf install dpkg) to 
> extract
> +the kernel from the Debian package.
> +
> +The kernel can be rebuilt using this Debian kernel source [1] and
> +following the instructions on [2].
> +
> +[1] 
> https://kernel-team.pages.debian.net/kernel-handbook/ch-common-tasks.html#s-common-official
> +[2] 
> http://snapshot.debian.org/package/linux-2.6/2.6.32-48/#linux-source-2.6.32_2.6.32-48
> +
> +:avocado: tags=arch:mips
> +"""
> +if self.arch != 'mips': # FIXME use 'arch' tag in parent class?
> +self.cancel('Currently specific to the %s target arch' % 
> self.arch)
> +

 I missed how the arch tag in the parent class (common to all tests here)
 would be useful for this specific test.
>>>
>>> I probably forgot to remove it.
>>>
>>
>> I think I now know what you meant.  With the current approach we have:
>>
>> $ avocado run -p arch=x86_64 tests/acceptance/boot_linux_console.py
>> JOB ID : 3209c26bceffc372f245b121d6ac77a7e36e7134
>> JOB LOG:
>> /home/cleber/avocado/job-results/job-2018-10-19T16.58-3209c26/job.log
>>  (1/2)
>> tests/acceptance/boot_linux_console.py:BootLinuxConsole.test_x86_64_pc:
>> PASS (2.05 s)
>>  (2/2)
>> tests/acceptance/boot_linux_co

[Qemu-devel] [Bug 1798451] Re: HVF linux on OSX hangs 2nd time started after adding socket

[Roman Bolshakov]

I've had issues with multiple vcpus previously.

But I've tried that recently and it worked fine with the fix:
https://lists.gnu.org/archive/html/qemu-devel/2018-10/msg03864.html.

And I've checked your command, no issues.

Could you please try to install qemu from my tap and check if it's gone?

brew tap roolebo/virt
brew install roolebo/virt/qemu --HEAD

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1798451

Title:
  HVF linux on OSX hangs 2nd time started after adding socket

Status in QEMU:
  New

Bug description:
  
  Robs-MacBook-Pro-2:~ robmaskell$ qemu-system-x86_64 --version
  QEMU emulator version 3.0.0

  Host: MacOS - 10.13.6
Model Name: MacBook Pro
Model Identifier:   MacBookPro14,3
Processor Name: Intel Core i7
Processor Speed:2.8 GHz
Number of Processors:   1
Total Number of Cores:  4
L2 Cache (per Core):256 KB
L3 Cache:   6 MB
Memory: 16 GB

  Guest OS: Elementary Linux Loki 0.4.1, patched up to date

  Command used to start QEMU:

  qemu-system-x86_64 \
-name ElementaryLokiDev \
-machine pc,accel=hvf \
-cpu max \
-smp cpus=2,sockets=2,cores=1,threads=1,maxcpus=2 \
-numa node,nodeid=0 \
-numa cpu,node-id=0,socket-id=0 -numa cpu,node-id=0,socket-id=1 \
-m 8G \
-vga vmware \
-hda e4.qcow2

  Symptoms: Started without the -smp / -numa commands to install the OS,
  then added -smp / -numa and the machine boots and lscpu reports extra
  cpu as expected. Restart VM and it hangs on startup. Remove -smp /
  -numa and machine starts again.

To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1798451/+subscriptions

Re: [Qemu-devel] [PULL 00/45] Machine queue, 2018-10-18

[Philippe Mathieu-Daudé]

On 19/10/2018 22:23, Eduardo Habkost wrote:

On Fri, Oct 19, 2018 at 09:53:45PM +0200, Igor Mammedov wrote:

On Fri, 19 Oct 2018 15:44:08 -0300
Eduardo Habkost  wrote:


On Fri, Oct 19, 2018 at 03:12:31PM +0100, Peter Maydell wrote:

On 18 October 2018 at 21:03, Eduardo Habkost  wrote:

The following changes since commit 09558375a634e17cea6cfbfec883ac2376d2dc7f:

  Merge remote-tracking branch 
'remotes/pmaydell/tags/pull-target-arm-20181016-1' into staging (2018-10-16 
17:42:56 +0100)

are available in the Git repository at:

  git://github.com/ehabkost/qemu.git tags/machine-next-pull-request

for you to fetch changes up to 6d8e1bcc7dd5e819ce81e6a87fffe23e39c700cc:

  numa: Clean up error reporting in parse_numa() (2018-10-17 16:33:40 -0300)


Machine queue, 2018-10-18

* sysbus init/realize cleanups
  (Cédric Le Goater, Philippe Mathieu-Daudé)
* memory-device refactoring (David Hildenbrand)
* -smp: deprecate incorrect CPUs topology (Igor Mammedov)
* -numa parsing cleanups (Markus Armbruster)
* Fix hostmem-file memory leak (Zhang Yi)
* Typo fix (Li Qiang)





Hi. This had some problems in merge testing, I'm afraid:

On aarch64 host, warnings running tests/cpu-plug-test for i386 and s390 targets:

TEST: tests/cpu-plug-test... (pid=12602)
  /i386/cpu-plug/pc-i440fx-3.0/cpu-add/1x3x2&maxcpus=12:
qemu-system-i386: warning: Invalid CPU topology deprecated: sockets
(1) * cores (3) * threads (2) != maxcpus (12)

[...]


(plus similar ppc64, x86_64 targets)


Ouch.  Apologies.

Can we please do something make sure "make check" will fail on
these cases?  I'd like to be able to trust CI systems like
travis-ci.



we probably don't want make check fail on warning.


I disagree.  If a warning is blocking a pull request from being
merged, it must make CI systems fail too.  Otherwise we're
defeating the purpose of CI systems.


We can, we also have the hardware (courtesy of Packet), we just need to
make time to set it up.

QEMU Summit is a good place where to talk about this.





Test was written with assumption that s/c/t tuples matches initially present 
CPUs, hence a warning.
Would something like following fix the issue (local x86 build/test looks fixed 
with it)?


It works for me.  I will queue it on machine-next, thanks!



diff --git a/tests/cpu-plug-test.c b/tests/cpu-plug-test.c
index 3e93c8e..f4a677d 100644
--- a/tests/cpu-plug-test.c
+++ b/tests/cpu-plug-test.c
@@ -32,12 +32,12 @@ static void test_plug_with_cpu_add(gconstpointer data)
 unsigned int i;
 
 args = g_strdup_printf("-machine %s -cpu %s "

-   "-smp sockets=%u,cores=%u,threads=%u,maxcpus=%u",
+   "-smp 1,sockets=%u,cores=%u,threads=%u,maxcpus=%u",
s->machine, s->cpu_model,
s->sockets, s->cores, s->threads, s->maxcpus);
 qtest_start(args);
 
-for (i = s->sockets * s->cores * s->threads; i < s->maxcpus; i++) {

+for (i = 1; i < s->maxcpus; i++) {
 response = qmp("{ 'execute': 'cpu-add',"
"  'arguments': { 'id': %d } }", i);
 g_assert(response);
@@ -56,7 +56,7 @@ static void test_plug_without_cpu_add(gconstpointer data)
 QDict *response;
 
 args = g_strdup_printf("-machine %s -cpu %s "

-   "-smp sockets=%u,cores=%u,threads=%u,maxcpus=%u",
+   "-smp 1,sockets=%u,cores=%u,threads=%u,maxcpus=%u",
s->machine, s->cpu_model,
s->sockets, s->cores, s->threads, s->maxcpus);
 qtest_start(args);
@@ -79,12 +79,12 @@ static void test_plug_with_device_add_x86(gconstpointer 
data)
 unsigned int s, c, t;
 
 args = g_strdup_printf("-machine %s -cpu %s "

-   "-smp sockets=%u,cores=%u,threads=%u,maxcpus=%u",
+   "-smp 1,sockets=%u,cores=%u,threads=%u,maxcpus=%u",
td->machine, td->cpu_model,
td->sockets, td->cores, td->threads, td->maxcpus);
 qtest_start(args);
 
-for (s = td->sockets; s < td->maxcpus / td->cores / td->threads; s++) {

+for (s = 1; s < td->sockets; s++) {
 for (c = 0; c < td->cores; c++) {
 for (t = 0; t < td->threads; t++) {
 char *id = g_strdup_printf("id-%i-%i-%i", s, c, t);
@@ -113,7 +113,7 @@ static void test_plug_with_device_add_coreid(gconstpointer 
data)
td->sockets, td->cores, td->threads, td->maxcpus);
 qtest_start(args);
 
-for (c = td->cores; c < td->maxcpus / td->sockets / td->threads; c++) {

+for (c = 1; c < td->cores; c++) {
 char *id = g_strdup_printf("id-%i", c);
 qtest_qmp_device_add(td->device_model, id, "{'core-id':%u}", c);
 g_free(id);
@@ -148,7 +148,7 @@ static void add_pc_test_case(const char *mname)
   

Re: [Qemu-devel] [RFC v3 48/56] ppc: acquire the BQL in cpu_has_work

[Emilio G. Cota]

On Fri, Oct 19, 2018 at 08:58:31 +0200, Paolo Bonzini wrote:
> On 19/10/2018 03:06, Emilio G. Cota wrote:
> > Soon we will call cpu_has_work without the BQL.
> > 
> > Cc: David Gibson 
> > Cc: Alexander Graf 
> > Cc: qemu-...@nongnu.org
> > Signed-off-by: Emilio G. Cota 
> > ---
> >  target/ppc/translate_init.inc.c | 77 +++--
> >  1 file changed, 73 insertions(+), 4 deletions(-)
> > 
> 
> Perhaps we should instead define both ->cpu_has_work and
> ->cpu_has_work_with_iothread_lock members, and move the generic
> unlock/relock code to common code?

I like this. How does the appended look?

Thanks,

Emilio
---8<---

[PATCH] cpu: introduce cpu_has_work_with_iothread_lock

It will gain some users soon.

Suggested-by: Paolo Bonzini 
Signed-off-by: Emilio G. Cota 
---
 include/qom/cpu.h | 42 ++
 1 file changed, 42 insertions(+)

diff --git a/include/qom/cpu.h b/include/qom/cpu.h
index ad8859d014..d9e6f5d4d2 100644
--- a/include/qom/cpu.h
+++ b/include/qom/cpu.h
@@ -26,6 +26,7 @@
 #include "exec/memattrs.h"
 #include "qapi/qapi-types-run-state.h"
 #include "qemu/bitmap.h"
+#include "qemu/main-loop.h"
 #include "qemu/rcu_queue.h"
 #include "qemu/queue.h"
 #include "qemu/thread.h"
@@ -86,6 +87,8 @@ struct TranslationBlock;
  * @reset_dump_flags: #CPUDumpFlags to use for reset logging.
  * @has_work: Callback for checking if there is work to do. Called with the
  * CPU lock held.
+ * @has_work_with_iothread_lock: Callback for checking if there is work to do.
+ * Called with both the BQL and the CPU lock held.
  * @do_interrupt: Callback for interrupt handling.
  * @do_unassigned_access: Callback for unassigned access handling.
  * (this is deprecated: new targets should use do_transaction_failed instead)
@@ -157,6 +160,7 @@ typedef struct CPUClass {
 void (*reset)(CPUState *cpu);
 int reset_dump_flags;
 bool (*has_work)(CPUState *cpu);
+bool (*has_work_with_iothread_lock)(CPUState *cpu);
 void (*do_interrupt)(CPUState *cpu);
 CPUUnassignedAccess do_unassigned_access;
 void (*do_unaligned_access)(CPUState *cpu, vaddr addr,
@@ -774,6 +778,40 @@ CPUState *cpu_create(const char *typename);
  */
 const char *parse_cpu_model(const char *cpu_model);
 
+/* do not call directly; use cpu_has_work instead */
+static inline bool cpu_has_work_bql(CPUState *cpu)
+{
+CPUClass *cc = CPU_GET_CLASS(cpu);
+bool has_cpu_lock = cpu_mutex_locked(cpu);
+bool has_bql = qemu_mutex_iothread_locked();
+bool ret;
+
+if (has_bql) {
+if (has_cpu_lock) {
+return cc->has_work_with_iothread_lock(cpu);
+}
+cpu_mutex_lock(cpu);
+ret = cc->has_work_with_iothread_lock(cpu);
+cpu_mutex_unlock(cpu);
+return ret;
+}
+
+if (has_cpu_lock) {
+/* avoid deadlock by acquiring the locks in order */
+cpu_mutex_unlock(cpu);
+}
+qemu_mutex_lock_iothread();
+cpu_mutex_lock(cpu);
+
+ret = cc->has_work_with_iothread_lock(cpu);
+
+qemu_mutex_unlock_iothread();
+if (!has_cpu_lock) {
+cpu_mutex_unlock(cpu);
+}
+return ret;
+}
+
 /**
  * cpu_has_work:
  * @cpu: The vCPU to check.
@@ -787,6 +825,10 @@ static inline bool cpu_has_work(CPUState *cpu)
 CPUClass *cc = CPU_GET_CLASS(cpu);
 bool ret;
 
+if (cc->has_work_with_iothread_lock) {
+return cpu_has_work_bql(cpu);
+}
+
 g_assert(cc->has_work);
 if (cpu_mutex_locked(cpu)) {
 return cc->has_work(cpu);
-- 
2.17.1

[Qemu-devel] [PATCH v4 10/11] block: Make auto-read-only=on default for -drive

[Kevin Wolf]

While we want machine interfaces like -blockdev and QMP blockdev-add to
add as little auto-detection as possible so that management tools are
explicit about their needs, -drive is a convenience option for human
users. Enabling auto-read-only=on by default there enables users to use
read-only images for read-only guest devices without having to specify
read-only=on explicitly. If they try to attach the image to a read-write
device, they will still get an error message.

Signed-off-by: Kevin Wolf 
Reviewed-by: Eric Blake 
---
 blockdev.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/blockdev.c b/blockdev.c
index a8755bd908..ab57a8a53a 100644
--- a/blockdev.c
+++ b/blockdev.c
@@ -590,6 +590,7 @@ static BlockBackend *blockdev_init(const char *file, QDict 
*bs_opts,
 qdict_set_default_str(bs_opts, BDRV_OPT_CACHE_NO_FLUSH, "off");
 qdict_set_default_str(bs_opts, BDRV_OPT_READ_ONLY,
   read_only ? "on" : "off");
+qdict_set_default_str(bs_opts, BDRV_OPT_AUTO_READ_ONLY, "on");
 assert((bdrv_flags & BDRV_O_CACHE_MASK) == 0);
 
 if (runstate_check(RUN_STATE_INMIGRATE)) {
-- 
2.19.1

[Qemu-devel] [PATCH v4 11/11] qemu-iotests: Test auto-read-only with -drive and -blockdev

[Kevin Wolf]

Signed-off-by: Kevin Wolf 
---
 tests/qemu-iotests/232 | 147 +
 tests/qemu-iotests/232.out |  59 +++
 tests/qemu-iotests/group   |   1 +
 3 files changed, 207 insertions(+)
 create mode 100755 tests/qemu-iotests/232
 create mode 100644 tests/qemu-iotests/232.out

diff --git a/tests/qemu-iotests/232 b/tests/qemu-iotests/232
new file mode 100755
index 00..bc2972d124
--- /dev/null
+++ b/tests/qemu-iotests/232
@@ -0,0 +1,147 @@
+#!/bin/bash
+#
+# Test for auto-read-only
+#
+# Copyright (C) 2018 Red Hat, Inc.
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program.  If not, see .
+#
+
+# creator
+owner=kw...@redhat.com
+
+seq=`basename $0`
+echo "QA output created by $seq"
+
+here=`pwd`
+status=1   # failure is the default!
+
+_cleanup()
+{
+_cleanup_test_img
+rm -f $TEST_IMG.snap
+}
+trap "_cleanup; exit \$status" 0 1 2 3 15
+
+# get standard environment, filters and checks
+. ./common.rc
+. ./common.filter
+
+_supported_fmt generic
+_supported_proto file
+_supported_os Linux
+
+function do_run_qemu()
+{
+echo Testing: "$@"
+(
+if ! test -t 0; then
+while read cmd; do
+echo $cmd
+done
+fi
+echo quit
+) | $QEMU -nographic -monitor stdio -nodefaults "$@"
+echo
+}
+
+function run_qemu()
+{
+do_run_qemu "$@" 2>&1 | _filter_testdir | _filter_qemu | _filter_hmp |
+_filter_generated_node_ids | _filter_imgfmt
+}
+
+function run_qemu_info_block()
+{
+echo "info block -n" | run_qemu "$@" | grep -e "(file" -e "QEMU_PROG"
+}
+
+size=128M
+
+_make_test_img $size
+
+echo
+echo "=== -drive with read-write image: read-only/auto-read-only combinations 
==="
+echo
+
+run_qemu_info_block -drive 
driver=file,file="$TEST_IMG",if=none,read-only=on,auto-read-only=off
+run_qemu_info_block -drive 
driver=file,file="$TEST_IMG",if=none,read-only=on,auto-read-only=on
+run_qemu_info_block -drive driver=file,file="$TEST_IMG",if=none,read-only=on
+echo
+run_qemu_info_block -drive 
driver=file,file="$TEST_IMG",if=none,read-only=off,auto-read-only=off
+run_qemu_info_block -drive 
driver=file,file="$TEST_IMG",if=none,read-only=off,auto-read-only=on
+run_qemu_info_block -drive driver=file,file="$TEST_IMG",if=none,read-only=off
+echo
+run_qemu_info_block -drive 
driver=file,file="$TEST_IMG",if=none,auto-read-only=off
+run_qemu_info_block -drive 
driver=file,file="$TEST_IMG",if=none,auto-read-only=on
+run_qemu_info_block -drive driver=file,file="$TEST_IMG",if=none
+
+echo
+echo "=== -drive with read-only image: read-only/auto-read-only combinations 
==="
+echo
+
+chmod a-w $TEST_IMG
+
+run_qemu_info_block -drive 
driver=file,file="$TEST_IMG",if=none,read-only=on,auto-read-only=off
+run_qemu_info_block -drive 
driver=file,file="$TEST_IMG",if=none,read-only=on,auto-read-only=on
+run_qemu_info_block -drive driver=file,file="$TEST_IMG",if=none,read-only=on
+echo
+run_qemu_info_block -drive 
driver=file,file="$TEST_IMG",if=none,read-only=off,auto-read-only=off
+run_qemu_info_block -drive 
driver=file,file="$TEST_IMG",if=none,read-only=off,auto-read-only=on
+run_qemu_info_block -drive driver=file,file="$TEST_IMG",if=none,read-only=off
+echo
+run_qemu_info_block -drive 
driver=file,file="$TEST_IMG",if=none,auto-read-only=off
+run_qemu_info_block -drive 
driver=file,file="$TEST_IMG",if=none,auto-read-only=on
+run_qemu_info_block -drive driver=file,file="$TEST_IMG",if=none
+
+echo
+echo "=== -blockdev with read-write image: read-only/auto-read-only 
combinations ==="
+echo
+
+chmod a+w $TEST_IMG
+
+run_qemu_info_block -blockdev 
driver=file,filename="$TEST_IMG",node-name=node0,read-only=on,auto-read-only=off
+run_qemu_info_block -blockdev 
driver=file,filename="$TEST_IMG",node-name=node0,read-only=on,auto-read-only=on
+run_qemu_info_block -blockdev 
driver=file,filename="$TEST_IMG",node-name=node0,read-only=on
+echo
+run_qemu_info_block -blockdev 
driver=file,filename="$TEST_IMG",node-name=node0,read-only=off,auto-read-only=off
+run_qemu_info_block -blockdev 
driver=file,filename="$TEST_IMG",node-name=node0,read-only=off,auto-read-only=on
+run_qemu_info_block -blockdev 
driver=file,filename="$TEST_IMG",node-name=node0,read-only=off
+echo
+run_qemu_info_block -blockdev 
driver=file,filename="$TEST_IMG",node-name=node0,auto-read-only=off
+run_qemu_info_block -blockdev 
driver=file,filename="$TEST_IMG",node-name=node0,auto-read

Re: [Qemu-devel] [PATCH v2 02/29] targer/riscv: Activate decodetree and implemnt LUI & AUIPC

[Richard Henderson]

On 10/20/18 12:14 AM, Bastian Koppelmann wrote:
> +static int32_t ex_shift_##amount(int imm) \

Not that it'll matter in practice, but s/int32_t/int/.

That's the type that's passed in, and it's the type that
is stored in the argument set structures.


r~

Re: [Qemu-devel] [PATCH v2 03/29] target/riscv: Convert RVXI branch insns to decodetree

[Richard Henderson]

On 10/20/18 12:14 AM, Bastian Koppelmann wrote:
> -case OPC_RISC_AUIPC:
> -if (rd == 0) {
> -break; /* NOP */
> -}
> -tcg_gen_movi_tl(cpu_gpr[rd], (sextract64(ctx->opcode, 12, 20) << 12) 
> +
> -   ctx->base.pc_next);
> -break;

This should have been in the previous patch.  Otherwise,
Reviewed-by: Richard Henderson 


r~

Re: [Qemu-devel] [PATCH 0/2] linux-user: Don't call gdb_handlesig unnecessarily

[Richard Henderson]

On 10/19/18 10:49 AM, Peter Maydell wrote:
> This patchset fixes a minor bug in our handling of SIGTRAP
> in linux-user.
> 
> The CPU main-loop routines for linux-user generally call
> gdb_handlesig() when they're about to queue a SIGTRAP signal.  This
> is wrong, because queue_signal() will cause us to pend a signal, and
> process_pending_signals() will then call gdb_handlesig() itself.  So
> the effect is that we notify gdb of the SIGTRAP, and then if gdb says
> "OK, continue with signal X" we will incorrectly notify gdb of the
> signal X as well.  We don't do this double-notify for anything else,
> only SIGTRAP.
> 
> This bug only manifests if the user responds to the reported SIGTRAP
> using "signal SIGFOO" rather than "continue"; since the latter is the
> overwhelmingly common thing to do after a breakpoint most people
> won't have hit this.
> 
> Patch 1 fixes this bug for every target except nios2, by
> deleting the incorrect code.
> 
> Patch 2 fixes nios2 separately, because it was doing some odd
> things with gdb_handlesig(). This also fixes in passing a Coverity
> issue.
> 
> Tested with "make check-tcg", and with some by-hand stepping
> around with an attached gdb. NB that the nios2 patch is only
> compile tested as I don't have a nios2 linux-user environment
> and check-tcg doesn't cover it.
> 
> thanks
> -- PMM
> 
> Peter Maydell (2):
>   linux-user: Don't call gdb_handlesig() before queue_signal()
>   linux-user: Clean up nios2 main loop signal handling

Reviewed-by: Richard Henderson 


r~

Re: [Qemu-devel] [PATCH 4/5] configs: Add a CONFIG_UNIMP switch for the "unimplemented-device"

[Paolo Bonzini]

On 19/10/2018 18:54, Peter Maydell wrote:
> On 19 October 2018 at 17:44, Paolo Bonzini  wrote:
>> On 19/10/2018 18:25, Philippe Mathieu-Daudé wrote:
>>>
>>> First because I'm using it heavily on MIPS and PPC boards, when no
>>> datashits are available.
>>> I'll submit that during the next merge window, although the MIPS tree
>>> seems now reluctant to that kind of hobbyist work.
>>>
>>> Second, because it is very clean when you implement a SoC to first
>>> start with an empty UNIMP region and a cpu core,
>>> then declare the mmio regions for each device (still UNIMP), then you
>>> can slowly add devices one at a time.
>>> This let you (me, so far) push at most a dozen of tiny patches in a
>>> working series, instead of a small series of a dozen of huge patches,
>>> or a series of 100 tiny patches.
>>
>> I don't see however why it's a problem to add/remove CONFIG_UNIMP to
>> default-configs though (in the Kconfig world the board would "select
>> UNIMP").
> 
> Well, it's extra friction for people writing new board models,
> and the benefit of having CONFIG_UNIMP is all to downstream
> redistributors, not to upstream...
> 
> I'm not vetoing this patchset, but I do think that if RedHat
> wants to distribute significantly-cut-down binaries then
> it would be worth working on a mechanism for making that
> more conveniently doable, rather than just hacking up
> the very creaky default-configs/ stuff.

Yes, we are going to meet the NEMU guys at KVM Forum and talk about the
"mini-Kconfig" stuff; in the meanwhile, default-configs/ is what we
have, it was enough while we were caring basically only about x86 and
thus we only needed to disable PCI devices, but now it's showing its age.

Paolo

[Qemu-devel] [Bug 1798451] Re: HVF linux on OSX hangs 2nd time started after adding socket

[Rob Maskell]

Also seeing quite a few of these errors

Unimplemented handler (7f7a56978294) for 0 (f 7f) 
Unimplemented handler (7f2eaa6c8849) for 0 (f 7f) 
Unimplemented handler (7f82f92a9294) for 0 (f 7f) 
Unimplemented handler (7f04702f2294) for 0 (f 7f)

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1798451

Title:
  HVF linux on OSX hangs 2nd time started after adding socket

Status in QEMU:
  New

Bug description:
  
  Robs-MacBook-Pro-2:~ robmaskell$ qemu-system-x86_64 --version
  QEMU emulator version 3.0.0

  Host: MacOS - 10.13.6
Model Name: MacBook Pro
Model Identifier:   MacBookPro14,3
Processor Name: Intel Core i7
Processor Speed:2.8 GHz
Number of Processors:   1
Total Number of Cores:  4
L2 Cache (per Core):256 KB
L3 Cache:   6 MB
Memory: 16 GB

  Guest OS: Elementary Linux Loki 0.4.1, patched up to date

  Command used to start QEMU:

  qemu-system-x86_64 \
-name ElementaryLokiDev \
-machine pc,accel=hvf \
-cpu max \
-smp cpus=2,sockets=2,cores=1,threads=1,maxcpus=2 \
-numa node,nodeid=0 \
-numa cpu,node-id=0,socket-id=0 -numa cpu,node-id=0,socket-id=1 \
-m 8G \
-vga vmware \
-hda e4.qcow2

  Symptoms: Started without the -smp / -numa commands to install the OS,
  then added -smp / -numa and the machine boots and lscpu reports extra
  cpu as expected. Restart VM and it hangs on startup. Remove -smp /
  -numa and machine starts again.

To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1798451/+subscriptions

[Qemu-devel] [Bug 1798451] Re: HVF linux on OSX hangs 2nd time started after adding socket

[Rob Maskell]

Thanks for replying Roman, I switched to your tap but even before that
I'm not struggling to get the machines to boot even without the smp/numa
lines... vga std flashes a lot then hangs with a black screen and a
blinking cursor whereas vga vmware quite unexpectedly.

Command to start QEMU:

qemu-system-x86_64 \
  -name Elementary4Dev \
  -machine pc,accel=hvf \
  -cpu max \
  -m 8G \
  -vga vmware \
  -drive file=elem4.qcow2,format=qcow2,media=disk -boot d \
  -cdrom ../VMImages/elementaryos-0.4.1-stable.20180214.iso

I tried the Elementary 0.4.1 and the new just released 5.0 and I get
this... also tried cpu host but no luck. It's weird as single cpu was
working the other day but stopped working on QEMU 3.0 before I switched
to your tap.

Process:   qemu-system-x86_64 [716]
Path:  /usr/local/bin/qemu-system-x86_64
Identifier:qemu-system-x86_64
Version:   0
Code Type: X86-64 (Native)
Parent Process:??? [713]
Responsible:   qemu-system-x86_64 [716]
User ID:   501

Date/Time: 2018-10-20 20:58:31.473 +0100
OS Version:Mac OS X 10.13.6 (17G65)
Report Version:12
Bridge OS Version: 3.0 (14Y664)
Anonymous UUID:A83DA3FD-C7C9-DAD6-4F7D-E36F1E90F993


Time Awake Since Boot: 1200 seconds

System Integrity Protection: enabled

Crashed Thread:5

Exception Type:EXC_CRASH (SIGABRT)
Exception Codes:   0x, 0x
Exception Note:EXC_CORPSE_NOTIFY

Application Specific Information:
abort() called

Thread 0:: Dispatch queue: com.apple.main-thread
0   libsystem_kernel.dylib  0x7fff65ad5cf2 __select + 10
1   libglib-2.0.0.dylib 0x0001036ae359 g_poll + 407
2   qemu-system-x86_64  0x000102d53bb6 0x1029a8000 + 3849142
3   qemu-system-x86_64  0x000102af1c3e 0x1029a8000 + 1350718
4   qemu-system-x86_64  0x000102aef736 0x1029a8000 + 1341238
5   qemu-system-x86_64  0x000102c684ee 0x1029a8000 + 2884846
6   com.apple.CoreFoundation0x7fff3db57edc 
__CFNOTIFICATIONCENTER_IS_CALLING_OUT_TO_AN_OBSERVER__ + 12
7   com.apple.CoreFoundation0x7fff3db57daa _CFXRegistrationPost 
+ 458
8   com.apple.CoreFoundation0x7fff3db57ae1 
___CFXNotificationPost_block_invoke + 225
9   com.apple.CoreFoundation0x7fff3db15880 
-[_CFXNotificationRegistrar find:object:observer:enumerator:] + 1664
10  com.apple.CoreFoundation0x7fff3db149b7 _CFXNotificationPost 
+ 599
11  com.apple.Foundation0x7fff3fc248c7 
-[NSNotificationCenter postNotificationName:object:userInfo:] + 66
12  com.apple.AppKit0x7fff3b210206 -[NSApplication 
_postDidFinishNotification] + 313
13  com.apple.AppKit0x7fff3b20fe4f -[NSApplication 
_sendFinishLaunchingNotification] + 220
14  com.apple.AppKit0x7fff3b0e2ab3 
-[NSApplication(NSAppleEventHandling) _handleAEOpenEvent:] + 562
15  com.apple.AppKit0x7fff3b0e26e9 
-[NSApplication(NSAppleEventHandling) _handleCoreEvent:withReplyEvent:] + 690
16  com.apple.Foundation0x7fff3fc67714 
-[NSAppleEventManager dispatchRawAppleEvent:withRawReply:handlerRefCon:] + 287
17  com.apple.Foundation0x7fff3fc67592 
_NSAppleEventManagerGenericHandler + 102
18  com.apple.AE0x7fff3ec40dd0 
aeDispatchAppleEvent(AEDesc const*, AEDesc*, unsigned int, unsigned char*) + 
1788
19  com.apple.AE0x7fff3ec40677 
dispatchEventAndSendReply(AEDesc const*, AEDesc*) + 41
20  com.apple.AE0x7fff3ec40565 aeProcessAppleEvent 
+ 383
21  com.apple.HIToolbox 0x7fff3ce3c4a0 AEProcessAppleEvent 
+ 55
22  com.apple.AppKit0x7fff3b0ddd32 _DPSNextEvent + 2788
23  com.apple.AppKit0x7fff3b873e34 
-[NSApplication(NSEvent) _nextEventMatchingEventMask:untilDate:inMode:dequeue:] 
+ 3044
24  com.apple.AppKit0x7fff3b0d2885 -[NSApplication run] 
+ 764
25  qemu-system-x86_64  0x000102c69ea1 0x1029a8000 + 2891425
26  libdyld.dylib   0x7fff65985015 start + 1

Thread 1:
0   libsystem_kernel.dylib  0x7fff65ad5a16 __psynch_cvwait + 10
1   libsystem_pthread.dylib 0x7fff65c9e589 _pthread_cond_wait + 
732
2   qemu-system-x86_64  0x000102d56db1 0x1029a8000 + 3861937
3   qemu-system-x86_64  0x000102d65659 0x1029a8000 + 3921497
4   libsystem_pthread.dylib 0x7fff65c9d661 _pthread_body + 340
5   libsystem_pthread.dylib 0x7fff65c9d50d _pthread_start + 377
6   libsystem_pthread.dylib 0x7fff65c9cbf9 thread_start + 13

Thread 2:
0   libsystem_kernel.dylib   

[Qemu-devel] [PATCH] scripts/qemu-binfmt-conf.sh: add bFL handler registration

[Max Filippov]

bFLT format header doesn't have enough information to register a handler
for a specific architecture. Add switch -f / --flat that registers one
of the qemu binaries as a handler for bFLT executable images.

Signed-off-by: Max Filippov 
---
 dtc |  2 +-
 scripts/qemu-binfmt-conf.sh | 32 ++--
 2 files changed, 31 insertions(+), 3 deletions(-)

diff --git a/dtc b/dtc
index 88f18909db73..e54388015af1 16
--- a/dtc
+++ b/dtc
@@ -1 +1 @@
-Subproject commit 88f18909db731a627456f26d779445f84e449536
+Subproject commit e54388015af1fb4bf04d0bca99caba1074d9cc42
diff --git a/scripts/qemu-binfmt-conf.sh b/scripts/qemu-binfmt-conf.sh
index b5a16742a149..39f61065c698 100755
--- a/scripts/qemu-binfmt-conf.sh
+++ b/scripts/qemu-binfmt-conf.sh
@@ -132,6 +132,9 @@ 
or1k_magic='\x7fELF\x01\x02\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\
 
or1k_mask='\xff\xff\xff\xff\xff\xff\xff\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xfe\xff\xff'
 or1k_family=or1k
 
+flat_magic='bFLT\x00\x00\x00\x04'
+flat_mask='\xff\xff\xff\xff\xff\xff\xff\xff'
+
 qemu_get_family() {
 cpu=${HOST_ARCH:-$(uname -m)}
 case "$cpu" in
@@ -170,6 +173,7 @@ usage() {
 Usage: qemu-binfmt-conf.sh [--qemu-path PATH][--debian][--systemd CPU]
[--help][--credential yes|no][--exportdir PATH]
[--persistent yes|no][--qemu-suffix SUFFIX]
+   [--flat CPU]
 
Configure binfmt_misc to use qemu interpreter
 
@@ -188,7 +192,9 @@ Usage: qemu-binfmt-conf.sh [--qemu-path 
PATH][--debian][--systemd CPU]
   calculated according to the binary to interpret
--persistent:  if yes, the interpreter is loaded when binfmt is
   configured and remains in memory. All future uses
-  are cloned from the open file.
+  are cloned from the open file
+   --flat:register QEMU for this CPU architecture as a handler
+  for the bFLT executable format.
 
 To import templates with update-binfmts, use :
 
@@ -311,6 +317,13 @@ qemu_set_binfmts() {
 $BINFMT_SET
 fi
 done
+if [ -n "$QEMU_FLAT" ] ; then
+cpu="${QEMU_FLAT}_bflt"
+qemu="$QEMU_PATH/qemu-$QEMU_FLAT"
+magic=$flat_magic
+mask=$flat_mask
+$BINFMT_SET
+fi
 }
 
 CHECK=qemu_check_bintfmt_misc
@@ -324,7 +337,7 @@ CREDENTIAL=no
 PERSISTENT=no
 QEMU_SUFFIX=""
 
-options=$(getopt -o ds:Q:S:e:hc:p: -l 
debian,systemd:,qemu-path:,qemu-suffix:,exportdir:,help,credential:,persistent: 
-- "$@")
+options=$(getopt -o ds:Q:S:e:hc:p:f: -l 
debian,systemd:,qemu-path:,qemu-suffix:,exportdir:,help,credential:,persistent:,flat:
 -- "$@")
 eval set -- "$options"
 
 while true ; do
@@ -380,6 +393,21 @@ while true ; do
 shift
 PERSISTENT="$1"
 ;;
+-f|--flat)
+shift
+QEMU_FLAT="$1"
+for cpu in ${qemu_target_list} ; do
+if [ "$cpu" = "$1" ] ; then
+break
+fi
+done
+
+if [ "$cpu" != "$1" ] ; then
+echo "ERROR: unknown CPU \"$1\"" 1>&2
+usage
+exit 1
+fi
+;;
 *)
 break
 ;;
-- 
2.11.0

Re: [Qemu-devel] [PATCH] scripts/qemu-binfmt-conf.sh: add bFL handler registration

[Max Filippov]

On Sat, Oct 20, 2018 at 7:45 PM Max Filippov  wrote:
>
> bFLT format header doesn't have enough information to register a handler
> for a specific architecture. Add switch -f / --flat that registers one
> of the qemu binaries as a handler for bFLT executable images.
>
> Signed-off-by: Max Filippov 
> ---
>  dtc |  2 +-

Oops, sorry, didn't mean to include that change. Will send v2.

-- 
Thanks.
-- Max

[Qemu-devel] [PATCH v2] scripts/qemu-binfmt-conf.sh: add bFL handler registration

[Max Filippov]

bFLT format header doesn't have enough information to register a handler
for a specific architecture. Add switch -f / --flat that registers one
of the qemu binaries as a handler for bFLT executable images.

Signed-off-by: Max Filippov 
---
Changes v1->v2:
- drop unintended changes to dtc;

 scripts/qemu-binfmt-conf.sh | 32 ++--
 1 file changed, 30 insertions(+), 2 deletions(-)

diff --git a/scripts/qemu-binfmt-conf.sh b/scripts/qemu-binfmt-conf.sh
index b5a16742a149..39f61065c698 100755
--- a/scripts/qemu-binfmt-conf.sh
+++ b/scripts/qemu-binfmt-conf.sh
@@ -132,6 +132,9 @@ 
or1k_magic='\x7fELF\x01\x02\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\
 
or1k_mask='\xff\xff\xff\xff\xff\xff\xff\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xfe\xff\xff'
 or1k_family=or1k
 
+flat_magic='bFLT\x00\x00\x00\x04'
+flat_mask='\xff\xff\xff\xff\xff\xff\xff\xff'
+
 qemu_get_family() {
 cpu=${HOST_ARCH:-$(uname -m)}
 case "$cpu" in
@@ -170,6 +173,7 @@ usage() {
 Usage: qemu-binfmt-conf.sh [--qemu-path PATH][--debian][--systemd CPU]
[--help][--credential yes|no][--exportdir PATH]
[--persistent yes|no][--qemu-suffix SUFFIX]
+   [--flat CPU]
 
Configure binfmt_misc to use qemu interpreter
 
@@ -188,7 +192,9 @@ Usage: qemu-binfmt-conf.sh [--qemu-path 
PATH][--debian][--systemd CPU]
   calculated according to the binary to interpret
--persistent:  if yes, the interpreter is loaded when binfmt is
   configured and remains in memory. All future uses
-  are cloned from the open file.
+  are cloned from the open file
+   --flat:register QEMU for this CPU architecture as a handler
+  for the bFLT executable format.
 
 To import templates with update-binfmts, use :
 
@@ -311,6 +317,13 @@ qemu_set_binfmts() {
 $BINFMT_SET
 fi
 done
+if [ -n "$QEMU_FLAT" ] ; then
+cpu="${QEMU_FLAT}_bflt"
+qemu="$QEMU_PATH/qemu-$QEMU_FLAT"
+magic=$flat_magic
+mask=$flat_mask
+$BINFMT_SET
+fi
 }
 
 CHECK=qemu_check_bintfmt_misc
@@ -324,7 +337,7 @@ CREDENTIAL=no
 PERSISTENT=no
 QEMU_SUFFIX=""
 
-options=$(getopt -o ds:Q:S:e:hc:p: -l 
debian,systemd:,qemu-path:,qemu-suffix:,exportdir:,help,credential:,persistent: 
-- "$@")
+options=$(getopt -o ds:Q:S:e:hc:p:f: -l 
debian,systemd:,qemu-path:,qemu-suffix:,exportdir:,help,credential:,persistent:,flat:
 -- "$@")
 eval set -- "$options"
 
 while true ; do
@@ -380,6 +393,21 @@ while true ; do
 shift
 PERSISTENT="$1"
 ;;
+-f|--flat)
+shift
+QEMU_FLAT="$1"
+for cpu in ${qemu_target_list} ; do
+if [ "$cpu" = "$1" ] ; then
+break
+fi
+done
+
+if [ "$cpu" != "$1" ] ; then
+echo "ERROR: unknown CPU \"$1\"" 1>&2
+usage
+exit 1
+fi
+;;
 *)
 break
 ;;
-- 
2.11.0

[Qemu-devel] [Bug 1681439] Re: qemu-system-x86_64: hw/ide/core.c:685: ide_cancel_dma_sync: Assertion `s->bus->dma->aiocb == NULL' failed.

[Launchpad Bug Tracker]

[Expired for QEMU because there has been no activity for 60 days.]

** Changed in: qemu
   Status: Incomplete => Expired

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1681439

Title:
  qemu-system-x86_64: hw/ide/core.c:685: ide_cancel_dma_sync: Assertion
  `s->bus->dma->aiocb == NULL' failed.

Status in QEMU:
  Expired

Bug description:
  Since upgrading to QEMU 2.8.0, my Windows 7 64-bit virtual machines
  started crashing due to the assertion quoted in the summary failing.
  The assertion in question was added by commit 9972354856 ("block: add
  BDS field to count in-flight requests").  My tests show that setting
  discard=unmap is needed to reproduce the issue.  Speaking of
  reproduction, it is a bit flaky, because I have been unable to come up
  with specific instructions that would allow the issue to be triggered
  outside of my environment, but I do have a semi-sane way of testing that
  appears to depend on a specific initial state of data on the underlying
  storage volume, actions taken within the VM and waiting for about 20
  minutes.

  Here is the shortest QEMU command line that I managed to reproduce the
  bug with:

  qemu-system-x86_64 \
  -machine pc-i440fx-2.7,accel=kvm \
  -m 3072 \
  -drive file=/dev/lvm/qemu,format=raw,if=ide,discard=unmap \
-netdev tap,id=hostnet0,ifname=tap0,script=no,downscript=no,vhost=on \
  -device virtio-net-pci,netdev=hostnet0 \
-vnc :0

  The underlying storage (/dev/lvm/qemu) is a thin LVM snapshot.

  QEMU was compiled using:

  ./configure --python=/usr/bin/python2.7 --target-list=x86_64-softmmu
  make -j3

  My virtualization environment is not really a critical one and
  reproduction is not that much of a hassle, so if you need me to gather
  further diagnostic information or test patches, I will be happy to help.

To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1681439/+subscriptions

[Qemu-devel] [Bug 1180777] Re: RDP traffic freeze on quiet network

[Launchpad Bug Tracker]

[Expired for QEMU because there has been no activity for 60 days.]

** Changed in: qemu
   Status: Incomplete => Expired

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1180777

Title:
  RDP traffic freeze on quiet network

Status in QEMU:
  Expired
Status in qemu-kvm package in Ubuntu:
  Expired
Status in Debian:
  Incomplete

Bug description:
  To summarize what I think has been found so far,

1. The main symptom is that RDP connections hang after some time
2. This bug affects qemu 1.0 .. 1.6.5
3. This bug affects at least windows xp and windows 7 guests
4. Keeping another network connection open, such as vnc, prevents the RDP 
connection from hanging.

  
  Hi,

  I have recently setup a Windows 7 VM on KVM and started using it
  through remote desktop.

  What happens is that, after some hours of usage, the remote desktop
  connection freezes. I thought it was a remmina bug, as the it was
  enough to kill and restart it to successfully connect again to the VM.

  However, today I've switched to a different RDP client (2X Client
  chromium app) and the freeze just happened again!

  Some information:
  - the host and the VM are completely idle when the freeze occurs
  - I've tried sniffing the network packets toward the RDP port during the 
freeze and found that the client is sending packets but no packet is sent back

  Could this be a KVM issue? How can I further debug this one (I expect
  the freeze to happen again...)?

  ProblemType: Bug
  DistroRelease: Ubuntu 12.04
  Package: kvm 1:84+dfsg-0ubuntu16+1.0+noroms+0ubuntu14.8
  ProcVersionSignature: Ubuntu 3.2.0-41.66-generic 3.2.42
  Uname: Linux 3.2.0-41-generic x86_64
  ApportVersion: 2.0.1-0ubuntu17.2
  Architecture: amd64
  Date: Thu May 16 14:12:40 2013
  MachineType: Hewlett-Packard HP ProBook 4520s
  MarkForUpload: True
  ProcEnviron:
   TERM=xterm
   PATH=(custom, no user)
   LANG=en_US.UTF-8
   SHELL=/bin/bash
  ProcKernelCmdLine: BOOT_IMAGE=/boot/vmlinuz-3.2.0-41-generic 
root=UUID=D2E20BC3E20BAAB5 loop=/hostname/disks/root.disk ro quiet splash 
vt.handoff=7
  SourcePackage: qemu-kvm
  UpgradeStatus: No upgrade log present (probably fresh install)
  dmi.bios.date: 08/26/2010
  dmi.bios.vendor: Hewlett-Packard
  dmi.bios.version: 68AZZ Ver. F.0A
  dmi.board.name: 1411
  dmi.board.vendor: Hewlett-Packard
  dmi.board.version: KBC Version 57.30
  dmi.chassis.type: 10
  dmi.chassis.vendor: Hewlett-Packard
  dmi.modalias: 
dmi:bvnHewlett-Packard:bvr68AZZVer.F.0A:bd08/26/2010:svnHewlett-Packard:pnHPProBook4520s:pvr:rvnHewlett-Packard:rn1411:rvrKBCVersion57.30:cvnHewlett-Packard:ct10:cvr:
  dmi.product.name: HP ProBook 4520s
  dmi.sys.vendor: Hewlett-Packard

To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1180777/+subscriptions

[Qemu-devel] [Bug 965867] Re: 9p virtual file system on qemu slow

[Launchpad Bug Tracker]

[Expired for qemu-kvm (Ubuntu) because there has been no activity for 60
days.]

** Changed in: qemu-kvm (Ubuntu)
   Status: Incomplete => Expired

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/965867

Title:
  9p virtual file system on qemu slow

Status in QEMU:
  Expired
Status in qemu-kvm package in Ubuntu:
  Expired

Bug description:
  Hi, 
  The 9p virtual file system is slow. Several examples below: 
  -
  Host for the first time: 
  $ time ls bam.unsorted/
  ...
  real0m0.084s
  user0m0.000s
  sys 0m0.028s
  --
  Host second and following: 

  real0m0.009s
  user0m0.000s
  sys 0m0.008s
  --
  VM for the first time: 
  $ time ls bam.unsorted/
  
  real0m23.141s
  user0m0.064s
  sys 0m2.156s
  --
  VM for the second time
  real0m3.643s
  user0m0.024s
  sys 0m0.424s
  

  Copy on host: 
  $ time cp 5173T.root.bak test.tmp
  real0m30.346s
  user0m0.004s
  sys 0m5.324s

  $ ls -lahs test.tmp
  2.7G -rw--- 1 oneadmin cloud 2.7G Mar 26 21:47 test.tmp

  ---
  $ copy on VM for the same file

  time cp 5173T.root.bak test.tmp

  real5m46.978s
  user0m0.352s
  sys 1m38.962s

To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/965867/+subscriptions

[Qemu-devel] [Bug 1180777] Re: RDP traffic freeze on quiet network

[Launchpad Bug Tracker]

[Expired for qemu-kvm (Ubuntu) because there has been no activity for 60
days.]

** Changed in: qemu-kvm (Ubuntu)
   Status: Incomplete => Expired

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1180777

Title:
  RDP traffic freeze on quiet network

Status in QEMU:
  Expired
Status in qemu-kvm package in Ubuntu:
  Expired
Status in Debian:
  Incomplete

Bug description:
  To summarize what I think has been found so far,

1. The main symptom is that RDP connections hang after some time
2. This bug affects qemu 1.0 .. 1.6.5
3. This bug affects at least windows xp and windows 7 guests
4. Keeping another network connection open, such as vnc, prevents the RDP 
connection from hanging.

  
  Hi,

  I have recently setup a Windows 7 VM on KVM and started using it
  through remote desktop.

  What happens is that, after some hours of usage, the remote desktop
  connection freezes. I thought it was a remmina bug, as the it was
  enough to kill and restart it to successfully connect again to the VM.

  However, today I've switched to a different RDP client (2X Client
  chromium app) and the freeze just happened again!

  Some information:
  - the host and the VM are completely idle when the freeze occurs
  - I've tried sniffing the network packets toward the RDP port during the 
freeze and found that the client is sending packets but no packet is sent back

  Could this be a KVM issue? How can I further debug this one (I expect
  the freeze to happen again...)?

  ProblemType: Bug
  DistroRelease: Ubuntu 12.04
  Package: kvm 1:84+dfsg-0ubuntu16+1.0+noroms+0ubuntu14.8
  ProcVersionSignature: Ubuntu 3.2.0-41.66-generic 3.2.42
  Uname: Linux 3.2.0-41-generic x86_64
  ApportVersion: 2.0.1-0ubuntu17.2
  Architecture: amd64
  Date: Thu May 16 14:12:40 2013
  MachineType: Hewlett-Packard HP ProBook 4520s
  MarkForUpload: True
  ProcEnviron:
   TERM=xterm
   PATH=(custom, no user)
   LANG=en_US.UTF-8
   SHELL=/bin/bash
  ProcKernelCmdLine: BOOT_IMAGE=/boot/vmlinuz-3.2.0-41-generic 
root=UUID=D2E20BC3E20BAAB5 loop=/hostname/disks/root.disk ro quiet splash 
vt.handoff=7
  SourcePackage: qemu-kvm
  UpgradeStatus: No upgrade log present (probably fresh install)
  dmi.bios.date: 08/26/2010
  dmi.bios.vendor: Hewlett-Packard
  dmi.bios.version: 68AZZ Ver. F.0A
  dmi.board.name: 1411
  dmi.board.vendor: Hewlett-Packard
  dmi.board.version: KBC Version 57.30
  dmi.chassis.type: 10
  dmi.chassis.vendor: Hewlett-Packard
  dmi.modalias: 
dmi:bvnHewlett-Packard:bvr68AZZVer.F.0A:bd08/26/2010:svnHewlett-Packard:pnHPProBook4520s:pvr:rvnHewlett-Packard:rn1411:rvrKBCVersion57.30:cvnHewlett-Packard:ct10:cvr:
  dmi.product.name: HP ProBook 4520s
  dmi.sys.vendor: Hewlett-Packard

To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1180777/+subscriptions

[Qemu-devel] [Bug 965867] Re: 9p virtual file system on qemu slow

[Launchpad Bug Tracker]

[Expired for QEMU because there has been no activity for 60 days.]

** Changed in: qemu
   Status: Incomplete => Expired

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/965867

Title:
  9p virtual file system on qemu slow

Status in QEMU:
  Expired
Status in qemu-kvm package in Ubuntu:
  Expired

Bug description:
  Hi, 
  The 9p virtual file system is slow. Several examples below: 
  -
  Host for the first time: 
  $ time ls bam.unsorted/
  ...
  real0m0.084s
  user0m0.000s
  sys 0m0.028s
  --
  Host second and following: 

  real0m0.009s
  user0m0.000s
  sys 0m0.008s
  --
  VM for the first time: 
  $ time ls bam.unsorted/
  
  real0m23.141s
  user0m0.064s
  sys 0m2.156s
  --
  VM for the second time
  real0m3.643s
  user0m0.024s
  sys 0m0.424s
  

  Copy on host: 
  $ time cp 5173T.root.bak test.tmp
  real0m30.346s
  user0m0.004s
  sys 0m5.324s

  $ ls -lahs test.tmp
  2.7G -rw--- 1 oneadmin cloud 2.7G Mar 26 21:47 test.tmp

  ---
  $ copy on VM for the same file

  time cp 5173T.root.bak test.tmp

  real5m46.978s
  user0m0.352s
  sys 1m38.962s

To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/965867/+subscriptions