bellard | 27c7ca7 | 2006-04-27 21:32:09 +0000 | [diff] [blame] | 1 | qemu target: sh4 |
| 2 | author: Samuel Tardieu <sam@rfc1149.net> |
| 3 | last modified: Tue Dec 6 07:22:44 CET 2005 |
| 4 | |
| 5 | The sh4 target is not ready at all yet for integration in qemu. This |
| 6 | file describes the current state of implementation. |
| 7 | |
| 8 | Most places requiring attention and/or modification can be detected by |
Blue Swirl | 43dc2a6 | 2010-03-18 18:41:57 +0000 | [diff] [blame] | 9 | looking for "XXXXX" or "abort()". |
bellard | 27c7ca7 | 2006-04-27 21:32:09 +0000 | [diff] [blame] | 10 | |
| 11 | The sh4 core is located in target-sh4/*, while the 7750 peripheral |
| 12 | features (IO ports for example) are located in hw/sh7750.[ch]. The |
| 13 | main board description is in hw/shix.c, and the NAND flash in |
| 14 | hw/tc58128.[ch]. |
| 15 | |
| 16 | All the shortcomings indicated here will eventually be resolved. This |
| 17 | is a work in progress. Features are added in a semi-random order: if a |
| 18 | point is blocking to progress on booting the Linux kernel for the shix |
| 19 | board, it is addressed first; if feedback is necessary and no progress |
| 20 | can be made on blocking points until it is received, a random feature |
| 21 | is worked on. |
| 22 | |
| 23 | Goals |
| 24 | ----- |
| 25 | |
| 26 | The primary model being worked on is the soft MMU target to be able to |
| 27 | emulate the Shix 2.0 board by Alexis Polti, described at |
| 28 | http://perso.enst.fr/~polti/realisations/shix20/ |
| 29 | |
| 30 | Ultimately, qemu will be coupled with a system C or a verilog |
| 31 | simulator to simulate the whole board functionalities. |
| 32 | |
| 33 | A sh4 user-mode has also somewhat started but will be worked on |
| 34 | afterwards. The goal is to automate tests for GNAT (GNU Ada) compiler |
| 35 | that I ported recently to the sh4-linux target. |
| 36 | |
| 37 | Registers |
| 38 | --------- |
| 39 | |
| 40 | 16 general purpose registers are available at any time. The first 8 |
| 41 | registers are banked and the non-directly visible ones can be accessed |
| 42 | by privileged instructions. In qemu, we define 24 general purpose |
| 43 | registers and the code generation use either [0-7]+[8-15] or |
| 44 | [16-23]+[8-15] depending on the MD and RB flags in the sr |
| 45 | configuration register. |
| 46 | |
| 47 | Instructions |
| 48 | ------------ |
| 49 | |
| 50 | Most sh4 instructions have been implemented. The missing ones at this |
| 51 | time are: |
| 52 | - FPU related instructions |
| 53 | - LDTLB to load a new MMU entry |
| 54 | - SLEEP to put the processor in sleep mode |
| 55 | |
| 56 | Most instructions could be optimized a lot. This will be worked on |
| 57 | after the current model is fully functional unless debugging |
| 58 | convenience requires that it is done early. |
| 59 | |
| 60 | Many instructions did not have a chance to be tested yet. The plan is |
| 61 | to implement unit and regression testing of those in the future. |
| 62 | |
| 63 | MMU |
| 64 | --- |
| 65 | |
| 66 | The MMU is implemented in the sh4 core. MMU management has not been |
| 67 | tested at all yet. In the sh7750, it can be manipulated through memory |
| 68 | mapped registers and this part has not yet been implemented. |
| 69 | |
| 70 | Exceptions |
| 71 | ---------- |
| 72 | |
| 73 | Exceptions are implemented as described in the sh4 reference manual |
| 74 | but have not been tested yet. They do not use qemu EXCP_ features |
| 75 | yet. |
| 76 | |
| 77 | IRQ |
| 78 | --- |
| 79 | |
| 80 | IRQ are not implemented yet. |
| 81 | |
| 82 | Peripheral features |
| 83 | ------------------- |
| 84 | |
| 85 | + Serial ports |
| 86 | |
| 87 | Configuration and use of the first serial port (SCI) without |
| 88 | interrupts is supported. Input has not yet been tested. |
| 89 | |
| 90 | Configuration of the second serial port (SCIF) is supported. FIFO |
| 91 | handling infrastructure has been started but is not completed yet. |
| 92 | |
| 93 | + GPIO ports |
| 94 | |
| 95 | GPIO ports have been implemented. A registration function allows |
| 96 | external modules to register interest in some port changes (see |
| 97 | hw/tc58128.[ch] for an example) and will be called back. Interrupt |
| 98 | generation is not yet supported but some infrastructure is in place |
| 99 | for this purpose. Note that in the current model a peripheral module |
| 100 | cannot directly simulate a H->L->H input port transition and have an |
| 101 | interrupt generated on the low level. |
| 102 | |
| 103 | + TC58128 NAND flash |
| 104 | |
| 105 | TC58128 NAND flash is partially implemented through GPIO ports. It |
| 106 | supports reading from flash. |
| 107 | |
| 108 | GDB |
| 109 | --- |
| 110 | |
| 111 | GDB remote target support has been implemented and lightly tested. |
| 112 | |
| 113 | Files |
| 114 | ----- |
| 115 | |
ths | 9f08349 | 2006-12-07 18:28:42 +0000 | [diff] [blame] | 116 | File names are hardcoded at this time. The bootloader must be stored in |
bellard | 27c7ca7 | 2006-04-27 21:32:09 +0000 | [diff] [blame] | 117 | shix_bios.bin in the current directory. The initial Linux image must |
| 118 | be stored in shix_linux_nand.bin in the current directory in NAND |
| 119 | format. Test files can be obtained from |
| 120 | http://perso.enst.fr/~polti/robot/ as well as the various datasheets I |
| 121 | use. |
| 122 | |
| 123 | qemu disk parameter on the command line is unused. You can supply any |
| 124 | existing image and it will be ignored. As the goal is to simulate an |
| 125 | embedded target, it is not clear how this parameter will be handled in |
| 126 | the future. |
| 127 | |
| 128 | To build an ELF kernel image from the NAND image, 16 bytes have to be |
| 129 | stripped off the end of every 528 bytes, keeping only 512 of them. The |
| 130 | following Python code snippet does it: |
| 131 | |
| 132 | #! /usr/bin/python |
| 133 | |
| 134 | def denand (infd, outfd): |
| 135 | while True: |
| 136 | d = infd.read (528) |
| 137 | if not d: return |
| 138 | outfd.write (d[:512]) |
| 139 | |
| 140 | if __name__ == '__main__': |
| 141 | import sys |
| 142 | denand (open (sys.argv[1], 'rb'), |
| 143 | open (sys.argv[2], 'wb')) |
ths | 3b46e62 | 2007-09-17 08:09:54 +0000 | [diff] [blame] | 144 | |
bellard | 27c7ca7 | 2006-04-27 21:32:09 +0000 | [diff] [blame] | 145 | Style isssues |
| 146 | ------------- |
| 147 | |
| 148 | There is currently a mix between my style (space before opening |
| 149 | parenthesis) and qemu style. This will be resolved before final |
| 150 | integration is proposed. |