The recent patches adding partial support for POWER7 cpu emulation included
implementing the popcntd instruction.  The support for this was open coded,
but host-utils.h already included a function implementing an equivalent
population count function, which uses a gcc builtin (which can use special
host instructions) if available.

This patch makes the popcntd implementation use the existing, potentially
faster, implementation.
Signed-off-by: NDavid Gibson <david@gibson.dropbear.id.au>
Signed-off-by: NAlexander Graf <agraf@suse.de>

qemu already includes support for the popcntb instruction introduced
in POWER5 (although it doesn't actually allow you to choose POWER5).

However, the logic is slightly incorrect: it will generate results
truncated to 32-bits when the CPU is in 32-bit mode.  This is not
normal for powerpc - generally arithmetic instructions on a 64-bit
powerpc cpu will generate full 64 bit results, it's just that only the
low 32 bits will be significant for condition codes.

This patch corrects this nit, which actually simplifies the code slightly.

In addition, this patch implements the popcntw and popcntd
instructions added in POWER7, in preparation for allowing POWER7 as an
emulated CPU.
Signed-off-by: NDavid Gibson <dwg@au1.ibm.com>
Signed-off-by: NAlexander Graf <agraf@suse.de>

The PURR (Processor Utilization Resource Register) is a register found
on recent POWER CPUs.  The guts of implementing it at least enough to
get by are already present in qemu, however some of the helper
functions needed to actually wire it up are missing.

This patch adds the necessary glue, so that the PURR can be wired up
when we implement newer POWER CPU targets which include it.
Signed-off-by: NDavid Gibson <dwg@au1.ibm.com>
Signed-off-by: NAlexander Graf <agraf@suse.de>

For a 64-bit PowerPC target, qemu correctly implements translation
through the segment lookaside buffer.  Likewise it supports the
slbmte instruction which is used to load entries into the SLB.

However, it does not emulate the slbmfee and slbmfev instructions
which read SLB entries back into registers.  Because these are
only occasionally used in guests (mostly for debugging) we get
away with it.

However, given the recent SLB cleanups, it becomes quite easy to
implement these, and thereby allow, amongst other things, a guest
Linux to use xmon's command to dump the SLB.
Signed-off-by: NDavid Gibson <dwg@au1.ibm.com>
Signed-off-by: NAlexander Graf <agraf@suse.de>

Currently the SLB information when emulating a PowerPC 970 is
storeed in a structure with the unhelpfully named fields 'tmp'
and 'tmp64'.  While the layout in these fields does match the
description of the SLB in the architecture document, it is not
convenient either for looking up the SLB, or for emulating the
slbmte instruction.

This patch, therefore, reorganizes the SLB entry structure to be
divided in the the "ESID related" and "VSID related" fields as
they are divided in instructions accessing the SLB.

In addition to making the code smaller and more readable, this will
make it easier to implement for the 1TB segments used in more
recent PowerPC chips.
Signed-off-by: NDavid Gibson <dwg@au1.ibm.com>
Signed-off-by: NAlexander Graf <agraf@suse.de>

Some tests in FPU emulation code were wrongly using float64_is_nan()
before commit 18569871, and wrongly
using float64_is_quiet_nan() after. Fix them by using float64_is_any_nan()
instead.
Reviewed-by: NNathan Froyd <froydnj@codesourcery.com>
Signed-off-by: NAurelien Jarno <aurelien@aurel32.net>

The current FPU code returns 0.0 if one of the operand is a
signaling NaN and the VXSNAN exception is disabled.

fload_invalid_op_excp() doesn't return a qNaN in case of a VXSNAN
exception as the operand should be propagated instead of a new
qNaN to be generated. Fix that by calling fload_invalid_op_excp()
only for the exception generation (if enabled), and use the softfloat
code to correctly compute the result.
Reviewed-by: NNathan Froyd <froydnj@codesourcery.com>
Signed-off-by: NAurelien Jarno <aurelien@aurel32.net>

Use the new function float32_is_any_nan() instead of
float32_is_quiet_nan() || float32_is_signaling_nan().
Acked-by: NAlexander Graf <agraf@suse.de>
Signed-off-by: NAurelien Jarno <aurelien@aurel32.net>

On PPC the default qNaN doesn't have the sign bit set.
Acked-by: NAlexander Graf <agraf@suse.de>
Signed-off-by: NAurelien Jarno <aurelien@aurel32.net>

The PRECISE_EMULATION is "hardcoded" to one in target-ppc/exec.h and not
something easily tunable. Remove it and non-precise emulation code as
it doesn't make a noticeable difference in speed. People wanting speed
improvement should use softfloat-native instead.
Acked-by: NAlexander Graf <agraf@suse.de>
Signed-off-by: NAurelien Jarno <aurelien@aurel32.net>

The softfloat functions float*_is_nan() were badly misnamed,
because they return true only for quiet NaNs, not for all NaNs.
Rename them to float*_is_quiet_nan() to more accurately reflect
what they do.

This change was produced by:
 perl -p -i -e 's/_is_nan/_is_quiet_nan/g' $(git grep -l is_nan)
(with the results manually checked.)
Signed-off-by: NPeter Maydell <peter.maydell@linaro.org>
Reviewed-by: NNathan Froyd <froydnj@codesourcery.com>
Acked-by: NEdgar E. Iglesias <edgar.iglesias@gmail.com>
Signed-off-by: NAurelien Jarno <aurelien@aurel32.net>

Compiling with GCC 4.6.0 20100925 produced warnings:
/src/qemu/target-ppc/op_helper.c: In function 'helper_icbi':
/src/qemu/target-ppc/op_helper.c:351:14: error: variable 'tmp' set but not used [-Werror=unused-but-set-variable]
/src/qemu/target-ppc/op_helper.c: In function 'do_6xx_tlb':
/src/qemu/target-ppc/op_helper.c:3805:28: error: variable 'EPN' set but not used [-Werror=unused-but-set-variable]
/src/qemu/target-ppc/op_helper.c: In function 'do_74xx_tlb':
/src/qemu/target-ppc/op_helper.c:3838:28: error: variable 'EPN' set but not used [-Werror=unused-but-set-variable]

Fix by adding a dummy cast so that the variable is not unused. Delete tmp.
Signed-off-by: NBlue Swirl <blauwirbel@gmail.com>

* Fix swapped reading of tlblo/hi.
* Fix tlb exec permissions
Signed-off-by: NJohn Clark <clarkjc@runbox.com>
Signed-off-by: NAlexander Graf <agraf@suse.de>
Signed-off-by: NEdgar E. Iglesias <edgar.iglesias@gmail.com>

The hack added by c5b76b38 was not
enough to avoid warnings with gcc flag -Wtype-limits. Add a new macro
to fix both problems.
Signed-off-by: NBlue Swirl <blauwirbel@gmail.com>

Signed-off-by: NAurelien Jarno <aurelien@aurel32.net>

Since commit 2ada0ed7, "Return From Interrupt" is broken for PPC processors
because some interrupt specifics bits of SRR1 are copied to MSR.

SRR1 is a save of MSR during interrupt.
During RFI, MSR must be restored from SRR1.
But some bits of SRR1 are interrupt-specific and are not used for MSR saving.

This is the specification (ISA 2.06) at chapter 6.4.3 (Interrupt Processing):
"2. Bits 33:36 and 42:47 of SRR1 or HSRR1 are loaded with information specific
    to the interrupt type.
 3. Bits 0:32, 37:41, and 48:63 of SRR1 or HSRR1 are loaded with a copy of the
    corresponding bits of the MSR."

Below is a representation of MSR bits which are not saved:
0:15 16:31 32  33:36    37:41      42:47     48:63
——— | ——— | — X X X X — — — — — X X X X X X | ————
0000 0000 |    7   |   8   |   3   |   F    | 0000

History:
In the initial Qemu implementation (e1833e1f), the mask 0x783F0000 was used for
saving MSR in SRR1. But all the bits 32:47 were cleared during RFI restoring.
This was wrong. The commit 2ada0ed7 explains that this breaks Altivec.
Indeed, bit 38 (for Altivec support) must be saved and restored.
The change of 2ada0ed7 was to restore all the bits of SRR1 to MSR.
But it's also wrong.

Explanation:
As an example, let's see what's happening after a TLB miss.
According to the e300 manual (E300CORERM table 5-6), the TLB miss interrupts
set the bits 44-47 for KEY, I/D, WAY and S/L. These bits are specifics to the
interrupt and must not be copied into MSR at the end of the interrupt.
With the current implementation, a TLB miss overwrite bits POW, TGPR and ILE.

Fix:
It shouldn't be needed to filter-out bits on MSR saving when interrupt occurs.
Specific bits overwrite MSR ones in SRR1.
But at the end of interrupt (RFI), specifics bits must be cleared before
restoring MSR from SRR1. The mask 0x783F0000 apply here.

Discussion:
The bits of the mask 0x783F0000 are cleared after an interrupt.
I cannot find a specification which talks about this
but I assume it is the truth since Linux can run this way.
Maybe it's not perfect but it's better (works for e300).
Signed-off-by: NThomas Monjalon <thomas@monjalon.net>
Acked-by: NAlexander Graf <agraf@suse.de>
Signed-off-by: NAurelien Jarno <aurelien@aurel32.net>

The recent transition to always have the DCR helper functions take 32 bit
values broke the PPC64 target, as target_long became 64 bits there.

This patch changes DCR helpers to target_long arguments, and cast the values
to 32 bit when needed.

Fixes PPC64 build with --enable-debug-tcg

Based on a patch from Alexander Graf <agraf@suse.de>
Reported-by: NStefan Weil <weil@mail.berlios.de>
Signed-off-by: NAurelien Jarno <aurelien@aurel32.net>

Bailout on 40x TLB entries with endianess swapping only if the entry
is valid.
Signed-off-by: NEdgar E. Iglesias <edgar.iglesias@gmail.com>

The ZSEL was incorrectly beeing decoded from TLBHI. Decode it from
TLBLO instead.
Signed-off-by: NEdgar E. Iglesias <edgar.iglesias@gmail.com>

For what I know DCR is always 32 bits wide, so we should also use uint32_t to
pass it along the stacks.

This fixes a warning when compiling qemu-system-ppc64 with KVM enabled, making
it compile without --disable-werror
Signed-off-by: NAlexander Graf <agraf@suse.de>
Signed-off-by: NAurelien Jarno <aurelien@aurel32.net>

Fix the alternate time base the same way as the default timebase. SPR_ATBL
should return a 64-bit value on 64 bit implementations.
Signed-off-by: NAurelien Jarno <aurelien@aurel32.net>

On PPC we have a 64-bit time base. Usually (PPC32) this is accessed using
two separate 32 bit SPR accesses to SPR_TBU and SPR_TBL.

On PPC64 the SPR_TBL register acts as 64 bit though, so we get the full
64 bits as return value. If we only take the lower ones, fine. But Linux
wants to see all 64 bits or it breaks.

This patch makes PPC64 Linux work even after TB crossed the 32-bit boundary,
which usually happened a few seconds after bootup.
Signed-off-by: NAlexander Graf <agraf@suse.de>
Signed-off-by: NAurelien Jarno <aurelien@aurel32.net>

In the very least, a change like this requires discussion on the list.

The naming convention is goofy and it causes a massive merge problem.  Something
like this _must_ be presented on the list first so people can provide input
and cope with it.

This reverts commit 99a0949b.
Signed-off-by: NAnthony Liguori <aliguori@us.ibm.com>

Some not so obvious bits, slirp and Xen were left alone for the time
being.
Signed-off-by: Nmalc <av1474@comtv.ru>

Signed-off-by: NBlue Swirl <blauwirbel@gmail.com>

We define inline as always_inline.
Signed-off-by: NBlue Swirl <blauwirbel@gmail.com>

We do this so we can check on the corresponding stc{w,d}x. whether the
value has changed.  It's a poor man's form of implementing atomic
operations and is valid only for NPTL usermode Linux emulation.
Signed-off-by: NNathan Froyd <froydnj@codesourcery.com>
Signed-off-by: Nmalc <av1474@comtv.ru>

Signed-off-by: NJuan Quintela <quintela@redhat.com>
Signed-off-by: NAnthony Liguori <aliguori@us.ibm.com>

Signed-off-by: NBlue Swirl <blauwirbel@gmail.com>

Work around buffer and ioctlsocket argument type signedness problems
Suppress a prototype which is unused on mingw32
Expand a macro to avoid warnings from some GCC versions
Signed-off-by: NBlue Swirl <blauwirbel@gmail.com>

Signed-off-by: NAurelien Jarno <aurelien@aurel32.net>

git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@6793 c046a42c-6fe2-441c-8c8c-71466251a162

The current implementation masks some MSR bits from SRR1 as it is
given on rfi(d). This looks pretty wrong and breaks Altivec.
Signed-off-by: NAlexander Graf <alex@csgraf.de>


git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@6754 c046a42c-6fe2-441c-8c8c-71466251a162

In order to modify SLB entries on recent PPC64 machines, the slbmte
instruction is used.

This patch implements the slbmte instruction and makes the "bridge"
mode code use the slb set functions, so we can move the SLB into
the CPU struct later.

This is required for Linux to run on PPC64.
Signed-off-by: NAlexander Graf <alex@csgraf.de>


git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@6747 c046a42c-6fe2-441c-8c8c-71466251a162

Signed-off-by: NNathan Froyd <froydnj@codesourcery.com>
Signed-off-by: NAurelien Jarno <aurelien@aurel32.net>

git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@6574 c046a42c-6fe2-441c-8c8c-71466251a162

Signed-off-by: NNathan Froyd <froydnj@codesourcery.com>
Signed-off-by: NAurelien Jarno <aurelien@aurel32.net>

git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@6573 c046a42c-6fe2-441c-8c8c-71466251a162

Signed-off-by: NNathan Froyd <froydnj@codesourcery.com>
Signed-off-by: NAurelien Jarno <aurelien@aurel32.net>

git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@6572 c046a42c-6fe2-441c-8c8c-71466251a162

Signed-off-by: NNathan Froyd <froydnj@codesourcery.com>
Signed-off-by: NAurelien Jarno <aurelien@aurel32.net>

git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@6571 c046a42c-6fe2-441c-8c8c-71466251a162

Signed-off-by: NNathan Froyd <froydnj@codesourcery.com>
Signed-off-by: NAurelien Jarno <aurelien@aurel32.net>

git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@6570 c046a42c-6fe2-441c-8c8c-71466251a162

Signed-off-by: NNathan Froyd <froydnj@codesourcery.com>
Signed-off-by: NAurelien Jarno <aurelien@aurel32.net>

git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@6569 c046a42c-6fe2-441c-8c8c-71466251a162