Subversion Repositories ion

/*------------------------------------------------------------------------------

* slite.c -- MIPS-I simulator based on Steve Rhoad's "mlite"

*

* This is a heavily modified version of Steve Rhoad's "mlite" simulator, which

* is part of his PLASMA project (original date: 1/31/01).

*

*-------------------------------------------------------------------------------

* Usage:

*     slite [options]

*

* See function 'usage' for a very brief explaination of the available options.

*

* Generally, upon startup the program will allocate some RAM for the simulated

* system and initialize it with the contents of one or more plain binary,

* big-endian object files. Then it will simulate a cpu reset and start the

* simulation, in interactive or batch mode.

*

* A simulation log file will be dumped to file "sw_sim_log.txt". This log can be

* used to compare with an equivalent log dumped by the hardware simulation, as

* a simple way to validate the hardware for a given program. See the project

* readme files for details.

*

*-------------------------------------------------------------------------------

* This program simulates the CPU connected to a certain memory map (chosen from

* a set of predefined options) and to a UART.

* The UART is hardcoded at a fixed address and is not configurable in runtime.

* The simulated UART includes the real UART status bits, hardcoded to 'always

* ready' so that software and hardware simulations can be made identical with

* more ease (no need to simulate the actual cycle count of TX/RX, etc.).

*-------------------------------------------------------------------------------

* KNOWN BUGS:

*

*-------------------------------------------------------------------------------

* @date 2011-jan-16

*

*-------------------------------------------------------------------------------

* COPYRIGHT:    Software placed into the public domain by the author.

*               Software 'as is' without warranty.  Author liable for nothing.

*

* IMPORTANT: Assumes host is little endian and target is big endian.

*-----------------------------------------------------------------------------*/

#include <errno.h>

#include <stdio.h>

#include <stdlib.h>

#include <stdint.h>

#include <string.h>

#include <ctype.h>

#include <assert.h>

/** CPU identification code (contents of register CP0[15], PRId */

#define R3000_ID (0x00000200)

/** Number of hardware interrupt inputs (irq0 is NMI) */

#define NUM_HW_IRQS (8)

/** Set to !=0 to disable file logging (much faster simulation) */

/* alternately you can just set an unreachable log trigger address */

#define FILE_LOGGING_DISABLED (0)

/** Define to enable cache simulation (unimplemented) */

//#define ENABLE_CACHE

/** Set to !=0 to display a fancier listing of register values */

#define FANCY_REGISTER_DISPLAY (1)

/*---- Definition of simulated system parameters -----------------------------*/

#define VECTOR_RESET (0xbfc00000)

#define VECTOR_TRAP  (0xbfc00180)

/** Definition of a memory block */

typedef struct s_block {

    uint32_t start;

    uint32_t size;

    uint32_t mask;

    uint32_t read_only;

    uint8_t  *mem;

    char     *area_name;

} t_block;

#define NUM_MEM_BLOCKS      (4)

#define NUM_MEM_MAPS        (4)

/** Definition of a memory map */

/* FIXME i/o addresses missing, hardcoded */

typedef struct s_map {

    t_block blocks[NUM_MEM_BLOCKS];

} t_map;

/*  Here's where we define the memory areas (blocks) of the system.

    The blocks should be defined in this order: BRAM, XRAM, FLASH

    BRAM is FPGA block ram initialized with bootstrap code

    XRAM is external SRAM

    FLASH is external flash

    Give any area a size of 0x0 to leave it unused.

    When a binary file is specified in the cmd line for one of these areas, it

    will be used to initialize it, checking bounds.

    Memory decoding is done in the order the blocks are defined; the address

    is anded with field .mask and then compared to field .start. If they match

    the address modulo the field .size is used to index the memory block, giving

    a 'mirror' effect. All of this simulates how the actual hardware works.

    Make sure the blocks don't overlap or the scheme will fail.

*/

#define MAP_DEFAULT         (0)

#define MAP_UCLINUX_BRAM    (1)  /* debug only */

#define MAP_SMALL           (2)

#define MAP_UCLINUX         (3)

t_map memory_maps[NUM_MEM_MAPS] = {

    {/* Experimental memory map (default) */

        {/* Bootstrap BRAM, read only */

        {VECTOR_RESET,  0x00008000, 0xf8000000, 1, NULL, "Boot BRAM"},

        /* main external ram block  */

        {0x00000000,    0x00080000, 0xf8000000, 0, NULL, "XRAM0"},

        /* main external ram block  */

        {0x80000000,    0x00080000, 0xf8000000, 0, NULL, "XRAM1"},

        /* external flash block */

        {0xb0000000,    0x00040000, 0xf8000000, 0, NULL, "Flash"},

        }

    },

    {/* uClinux memory map with bootstrap BRAM, debug only, to be removed */

        {/* Bootstrap BRAM, read only */

        {VECTOR_RESET,  0x00008000, 0xf8000000, 1, NULL, "Boot BRAM"},

        /* main external ram block  */

        {0x80000000,    0x00800000, 0xf8000000, 0, NULL, "XRAM0"},

        {0x00000000,    0x00800000, 0xf8000000, 0, NULL, "XRAM1"},

        /* external flash block */

        {0xb0000000,    0x00100000, 0xf8000000, 0, NULL, "Flash"},

        }

    },

    {/* Experimental memory map with small XRAM */

        {/* Bootstrap BRAM, read only */

        {VECTOR_RESET,  0x00008000, 0xf8000000, 1, NULL, "Boot BRAM"},

        /* main external ram block  */

        {0x00000000,    0x00001000, 0xf8000000, 0, NULL, "XRAM0"},

        /* main external ram block  */

        {0x80000000,    0x00001000, 0xf8000000, 0, NULL, "XRAM1"},

        /* external flash block */

        {0xb0000000,    0x00040000, 0xf8000000, 0, NULL, "Flash"},

        }

    },

    {/* uClinux memory map with FLASH and XRAM */

        {/* Flash mapped at two different addresses is actually meant to be

            a single chip (note they have the same size). */

         /* E.g. put the bootloader at 0xbfc00000 and the romfs at 0xb0020000;

            chip offsets will be 0x0 and 0x20000. */

         /* Don't forget there's no address translation here. */

        {0xbfc00000,    0x00400000, 0xf8000000, 1, NULL, "Flash (bootloader)"},

        {0xb0000000,    0x00400000, 0xf8000000, 1, NULL, "Flash (romfs)"},

        /* main external ram block (kernal & user areas ) */

        {0x80000000,    0x00200000, 0xf8000000, 0, NULL, "XRAM (kernel)"},

        {0x00000000,    0x00400000, 0xf8000000, 0, NULL, "XRAM (user)"},

        }

    },

};

/*---- end of system parameters ----------------------------------------------*/

/** Values for the command line arguments */

typedef struct s_args {

    /** !=0 to trap on unimplemented opcodes, 0 to print warning and NOP */

    uint32_t trap_on_reserved;

    /** !=0 to emulate some common mips32 opcodes */

    uint32_t emulate_some_mips32;

    /** Prescale value used for the timer/counter */

    uint32_t timer_prescaler;

    /** address to start execution from (by default, reset vector) */

    uint32_t start_addr;

    /** memory map to be used */

    uint32_t memory_map;

    /** implement unaligned load/stores (don't just trap them) */

    uint32_t do_unaligned;

    /** start simulation without showing monitor prompt and quit on

        end condition -- useful for batch runs */

    uint32_t no_prompt;

    /** breakpoint address (0xffffffff if unused) */

    uint32_t breakpoint;

    /** a code fetch from this address starts logging */

    uint32_t log_trigger_address;

    /** full name of log file */

    char *log_file_name;

    /** bin file to load to each area or null */

    char *bin_filename[NUM_MEM_BLOCKS];

    /** map file to be used for function call tracing, if any */

    char *map_filename;

    /** offset into area (in bytes) where bin will be loaded */

    /* only used when loading a linux kernel image */

    uint32_t offset[NUM_MEM_BLOCKS];

} t_args;

/** Parse cmd line args globally accessible */

t_args cmd_line_args;

/*---- Endianess conversion macros -------------------------------------------*/

#define ntohs(A) ( ((A)>>8) | (((A)&0xff)<<8) )

#define htons(A) ntohs(A)

#define ntohl(A) ( ((A)>>24) | (((A)&0xff0000)>>8) | (((A)&0xff00)<<8) | ((A)<<24) )

#define htonl(A) ntohl(A)

/*---- OS-dependent support functions and definitions ------------------------*/

#ifndef WIN32

//Support for Linux

#define putch putchar

#include <termios.h>

#include <unistd.h>

void slite_sleep(unsigned int value){

    usleep(value * 1000);

}

int kbhit(void){

    struct termios oldt, newt;

    struct timeval tv;

    fd_set read_fd;

    tcgetattr(STDIN_FILENO, &oldt);

    newt = oldt;

    newt.c_lflag &= ~(ICANON | ECHO);

    tcsetattr(STDIN_FILENO, TCSANOW, &newt);

    tv.tv_sec=0;

    tv.tv_usec=0;

    FD_ZERO(&read_fd);

    FD_SET(0,&read_fd);

    if(select(1, &read_fd, NULL, NULL, &tv) == -1){

        return 0;

    }

    //tcsetattr(STDIN_FILENO, TCSANOW, &oldt);

    if(FD_ISSET(0,&read_fd)){

        return 1;

    }

    return 0;

}

int getch(void){

    struct termios oldt, newt;

    int ch;

    tcgetattr(STDIN_FILENO, &oldt);

    newt = oldt;

    newt.c_lflag &= ~(ICANON | ECHO);

    tcsetattr(STDIN_FILENO, TCSANOW, &newt);

    ch = getchar();

    //tcsetattr(STDIN_FILENO, TCSANOW, &oldt);

    return ch;

}

#else

//Support for Windows

#include <conio.h>

extern void __stdcall Sleep(unsigned long value);

void slite_sleep(unsigned int value){

    Sleep(value);

}

#endif

/*---- End of OS-dependent support functions and definitions -----------------*/

/*---- Hardware system parameters --------------------------------------------*/

/* Much of this is a remnant from Plasma's mlite and is  no longer used. */

/* FIXME Refactor HW system params */

#define DBG_REGS          (0x20010000)

#define UART_WRITE        (0x20000000)

#define UART_READ         (0x20000000)

#define TIMER_READ        (0x20000100)

#define DEFAULT_TIMER_PRESCALER (50)

/* FIXME The following addresses are remnants of Plasma to be removed */

#define IRQ_MASK          0x20000010

#define IRQ_STATUS        0x20000020

#define CONFIG_REG        0x20000070

#define MMU_PROCESS_ID    0x20000080

#define MMU_FAULT_ADDR    0x20000090

#define MMU_TLB           0x200000a0

#define IRQ_UART_READ_AVAILABLE  0x001

#define IRQ_UART_WRITE_AVAILABLE 0x002

#define IRQ_COUNTER18_NOT        0x004

#define IRQ_COUNTER18            0x008

#define IRQ_MMU                  0x200

/*----------------------------------------------------------------------------*/

/* These are flags that will be used to notify the main cycle function of any

   failed assertions in its subfunctions. */

#define ASRT_UNALIGNED_READ         (1<<0)

#define ASRT_UNALIGNED_WRITE        (1<<1)

char *assertion_messages[2] = {

   "Unaligned read",

   "Unaligned write"

};

/** Length of debugging jump target queue */

#define TRACE_BUFFER_SIZE (32)

/** Assorted debug & trace info */

typedef struct s_trace {

   unsigned int buf[TRACE_BUFFER_SIZE];   /**< queue of last jump targets */

   unsigned int next;                     /**< internal queue head pointer */

   FILE *log;                             /**< text log file or NULL */

   int log_triggered;                     /**< !=0 if log has been triggered */

   uint32_t log_trigger_address;          /**< */

   int pr[32];                            /**< last value of register bank */

   int hi, lo, epc, status;               /**< last value of internal regs */

   int disasm_ptr;                        /**< disassembly pointer */

   /** Instruction cycles remaining to trigger irq[i], or -1 if irq inactive */

   int32_t irq_trigger_countdown[NUM_HW_IRQS];  /**< (in instructions) */

} t_trace;

typedef struct s_state {

   unsigned failed_assertions;            /**< assertion bitmap */

   unsigned faulty_address;               /**< addr that failed assertion */

   uint32_t do_unaligned;                 /**< !=0 to enable unaligned L/S */

   uint32_t breakpoint;                   /**< BP address of 0xffffffff */

   int delay_slot;              /**< !=0 if prev. instruction was a branch */

   uint32_t instruction_ctr;    /**< # of instructions executed since reset */

   uint32_t inst_ctr_prescaler; /**< Prescaler counter for instruction ctr. */

   int r[32];

   int opcode;

   int pc, pc_next, epc;

   uint32_t op_addr;            /**< address of opcode being simulated */

   unsigned int hi;

   unsigned int lo;

   int status;

   int32_t trap_cause;          /**< temporary trap code or <0 if no trap */

   unsigned cp0_cause;

   int userMode;                /**< DEPRECATED, to be removed */

   int processId;               /**< DEPRECATED, to be removed */

   int faultAddr;               /**< DEPRECATED, to be removed */

   int irqStatus;               /**< DEPRECATED, to be removed */

   int skip;

   t_trace t;

   t_block blocks[NUM_MEM_BLOCKS];

   int wakeup;

   int big_endian;

} t_state;

static char *reg_names[]={

    "zero","at","v0","v1","a0","a1","a2","a3",

    "t0","t1","t2","t3","t4","t5","t6","t7",

    "s0","s1","s2","s3","s4","s5","s6","s7",

    "t8","t9","k0","k1","gp","sp","s8","ra"

};

static char *opcode_string[]={

   "0SPECIAL","0REGIMM","1J","1JAL","2BEQ","2BNE","3BLEZ","3BGTZ",

   "5ADDI","5ADDIU","5SLTI","5SLTIU","5ANDI","5ORI","5XORI","6LUI",

   "cCOP0","cCOP1","cCOP2","cCOP3","2BEQL","2BNEL","3BLEZL","3BGTZL",

   "0?","0?","0?","0?","0SPECIAL2","0?","0?","0SPECIAL3",

   "8LB","8LH","8LWL","8LW","8LBU","8LHU","8LWR","0?",

   "8SB","8SH","8SWL","8SW","0?","0?","8SWR","0CACHE",

   "0LL","0LWC1","0LWC2","0LWC3","?","0LDC1","0LDC2","0LDC3"

   "0SC","0SWC1","0SWC2","0SWC3","?","0SDC1","0SDC2","0SDC3"

};

static char *special_string[]={

   "4SLL","0?","4SRL","4SRA","bSLLV","0?","bSRLV","bSRAV",

   "aJR","aJALR","0MOVZ","0MOVN","0SYSCALL","0BREAK","0?","0SYNC",

   "0MFHI","0MTHI","0MFLO","0MTLO","0?","0?","0?","0?",

   "0MULT","0MULTU","0DIV","0DIVU","0?","0?","0?","0?",

   "7ADD","7ADDU","7SUB","7SUBU","7AND","7OR","7XOR","7NOR",

   "0?","0?","7SLT","7SLTU","0?","0DADDU","0?","0?",

   "7TGE","7TGEU","7TLT","7TLTU","7TEQ","0?","7TNE","0?",

   "0?","0?","0?","0?","0?","0?","0?","0?"

};

static char *regimm_string[]={

   "9BLTZ","9BGEZ","9BLTZL","9BGEZL","0?","0?","0?","0?",

   "0TGEI","0TGEIU","0TLTI","0TLTIU","0TEQI","0?","0TNEI","0?",

   "9BLTZAL","9BEQZAL","9BLTZALL","9BGEZALL","0?","0?","0?","0?",

   "0?","0?","0?","0?","0?","0?","0?","0?"

};

/*

static char *special2_string[]={

    "0MADD","0MADDU","0MUL","0?",  "0?","0?","0?","0?",

    "0?","0?","0?","0?",  "0?","0?","0?","0?",

    "0?","0?","0?","0?",  "0?","0?","0?","0?",

    "0?","0?","0?","0?",  "0?","0?","0?","0?",

    "0CLZ","0CLO","0?","0?",  "0?","0?","0?","0?",

    "0?","0?","0?","0?",  "0?","0?","0?","0?",

    "0?","0?","0?","0?",  "0?","0?","0?","0?",

    "0?","0?","0?","0?",  "0?","0?","0?","0?",

};

*/

/** local memory used by the console simulation code */

static unsigned int HWMemory[8];

#define MAP_MAX_FUNCTIONS  (400)

#define MAP_MAX_NAME_LEN   (80)

/** Information extracted from the map file, if any */

typedef struct {

    uint32_t num_functions;         /**< number of functions in the table */

    FILE *log;                      /**< text log file or stdout */

    char *log_filename;             /**< name of log file or NULL */

    uint32_t fn_address[MAP_MAX_FUNCTIONS];

    char fn_name[MAP_MAX_FUNCTIONS][MAP_MAX_NAME_LEN];

} t_map_info;

t_map_info map_info;

/*---- Local function prototypes ---------------------------------------------*/

/* Debug and logging */

void init_trace_buffer(t_state *s, t_args *args);

void close_trace_buffer(t_state *s);

void dump_trace_buffer(t_state *s);

uint32_t log_cycle(t_state *s);

void log_read(t_state *s, int full_address, int word_value, int size, int log);

void log_failed_assertions(t_state *s);

uint32_t log_enabled(t_state *s);

void trigger_log(t_state *s);

void print_opcode_fields(uint32_t opcode);

void reserved_opcode(uint32_t pc, uint32_t opcode, t_state* s);

int32_t read_map_file(char *filename, t_map_info* map);

void log_call(uint32_t to, uint32_t from);

void log_ret(uint32_t to, uint32_t from);

int32_t function_index(uint32_t address);

int32_t parse_cmd_line(uint32_t argc, char **argv, t_args *args);

void usage(void);

/* CPU model */

void free_cpu(t_state *s);

int init_cpu(t_state *s, t_args *args);

void reset_cpu(t_state *s);

void unimplemented(t_state *s, const char *txt);

void reverse_endianess(uint8_t *data, uint32_t bytes);

/* Hardware simulation */

int mem_read(t_state *s, int size, unsigned int address, int log);

void mem_write(t_state *s, int size, unsigned address, unsigned value, int log);

void debug_reg_write(t_state *s, uint32_t address, uint32_t data);

void start_load(t_state *s, uint32_t addr, int rt, int data);

uint32_t simulate_hw_irqs(t_state *s);

/*---- Local functions -------------------------------------------------------*/

/*---- Call & ret tracing (EARLY DRAFT) --------------------------------------*/

static uint32_t call_depth = 0;

void log_ret(uint32_t to, uint32_t from){

    int32_t i,j;

    /* If no map file has been loaded, skip trace */

    if((!map_info.num_functions) || (!map_info.log)) return;

    if(call_depth>0){

        fprintf(map_info.log, "[%08x]  ", from);

        for(j=0;j<call_depth;j++){

            fprintf(map_info.log, ". ");

        }

        fprintf(map_info.log, "}\n");

        call_depth--;

    }

    else{

        i = function_index(to);

        if(i>=0){

            fprintf(map_info.log, "[%08x]  %s\n", from, map_info.fn_name[i]);

        }

        else{

            fprintf(map_info.log, "[%08x]  %08x\n", from, to);

        }

    }

}

/** */

void log_call(uint32_t to, uint32_t from){

    int32_t i,j;

    /* If no map file has been loaded, skip trace */

    if((!map_info.num_functions) || (!map_info.log)) return;

    i = function_index(to);

    if(i>=0){

        call_depth++;

        fprintf(map_info.log, "[%08x]  ", from);

        for(j=0;j<call_depth;j++){

            fprintf(map_info.log, ". ");

        }

        fprintf(map_info.log, "%s{\n", map_info.fn_name[i]);

    }

}

int32_t function_index(uint32_t address){

    uint32_t i;

    for(i=0;i<map_info.num_functions;i++){

        if(address==map_info.fn_address[i]){

            return i;

        }

    }

    return -1;

}

/*---- Execution log ---------------------------------------------------------*/

/** Log to file a memory read operation (not including target reg change) */

void log_read(t_state *s, int full_address, int word_value, int size, int log){

    /* if bit CP0.16==1, this is a D-Cache line invalidation access and

           the HW will not read any actual data, so skip the log (@note1) */

    if(log_enabled(s) && log!=0 && !(s->status & 0x00010000)){

        fprintf(s->t.log, "(%08X) [%08X] <**>=%08X RD\n",

              s->op_addr, full_address, word_value);

    }

}

/** Read memory, optionally logging */

int mem_read(t_state *s, int size, unsigned int address, int log){

    unsigned int value=0, word_value=0, i, ptr;

    unsigned int full_address = address;

    s->irqStatus |= IRQ_UART_WRITE_AVAILABLE;

    switch(address){

    case UART_READ:

        /* FIXME Take input from text file */

        while(!kbhit());

        HWMemory[0] = getch();

        //s->irqStatus &= ~IRQ_UART_READ_AVAILABLE; //clear bit

        printf("%c", HWMemory[0]);

        return (HWMemory[0] << 24) | 0x03;

    case TIMER_READ:

        printf("TIMER = %10d\n", s->instruction_ctr);

        return s->instruction_ctr;

        break;

    case IRQ_MASK:

       return HWMemory[1];

    case IRQ_MASK + 4:

       slite_sleep(10);

       return 0;

    case IRQ_STATUS:

       /*if(kbhit())

          s->irqStatus |= IRQ_UART_READ_AVAILABLE;

       return s->irqStatus;

       */

       /* FIXME Optionally simulate UART TX delay */

       word_value = 0x00000003; /* Ready to TX and RX */

       //log_read(s, full_address, word_value, size, log);

       return word_value;

    case MMU_PROCESS_ID:

       return s->processId;

    case MMU_FAULT_ADDR:

       return s->faultAddr;

    }

    /* point ptr to the byte in the block, or NULL is the address is unmapped */

    ptr = 0;

    for(i=0;i<NUM_MEM_BLOCKS;i++){

        if((address & s->blocks[i].mask) ==

           (s->blocks[i].start & s->blocks[i].mask)){

            ptr = (unsigned)(s->blocks[i].mem) +

                  ((address - s->blocks[i].start) % s->blocks[i].size);

            break;

        }

    }

    if(!ptr){

        /* address out of mapped blocks: log and return zero */

        /* if bit CP0.16==1, this is a D-Cache line invalidation access and

           the HW will not read any actual data, so skip the log (@note1) */

        printf("MEM RD ERROR @ 0x%08x [0x%08x]\n", s->pc, full_address);

        if(log_enabled(s) && log!=0 && !(s->status & (1<<16))){

            fprintf(s->t.log, "(%08X) [%08X] <**>=%08X RD UNMAPPED\n",

                s->pc, full_address, 0);

        }

        return 0;

    }

    /* get the whole word */

    word_value = *(int*)(ptr&0xfffffffc);

    if(s->big_endian){

        word_value = ntohl(word_value);

    }

    switch(size){

    case 4:

        if(address & 3){

            printf("Unaligned access PC=0x%x address=0x%x\n",

                (int)s->pc, (int)address);

        }

        if((address & 3) != 0){

            /* unaligned word, log fault */

            s->failed_assertions |= ASRT_UNALIGNED_READ;

            s->faulty_address = address;

            address = address & 0xfffffffc;

        }

        value = *(int*)ptr;

        if(s->big_endian){

            value = ntohl(value);

        }

        break;

    case 2:

        if((address & 1) != 0){

            /* unaligned halfword, log fault */

            s->failed_assertions |= ASRT_UNALIGNED_READ;

            s->faulty_address = address;

            address = address & 0xfffffffe;

        }

        value = *(unsigned short*)ptr;

        if(s->big_endian){

            value = ntohs((unsigned short)value);

        }

        break;

    case 1:

        value = *(unsigned char*)ptr;

        break;

    default: