root / target-sh4 / README.sh4 @ beb811bd
History | View | Annotate | Download (4.8 kB)
1 | 27c7ca7e | bellard | qemu target: sh4 |
---|---|---|---|
2 | 27c7ca7e | bellard | author: Samuel Tardieu <sam@rfc1149.net> |
3 | 27c7ca7e | bellard | last modified: Tue Dec 6 07:22:44 CET 2005 |
4 | 27c7ca7e | bellard | |
5 | 27c7ca7e | bellard | The sh4 target is not ready at all yet for integration in qemu. This |
6 | 27c7ca7e | bellard | file describes the current state of implementation. |
7 | 27c7ca7e | bellard | |
8 | 27c7ca7e | bellard | Most places requiring attention and/or modification can be detected by |
9 | 27c7ca7e | bellard | looking for "XXXXX" or "assert (0)". |
10 | 27c7ca7e | bellard | |
11 | 27c7ca7e | bellard | The sh4 core is located in target-sh4/*, while the 7750 peripheral |
12 | 27c7ca7e | bellard | features (IO ports for example) are located in hw/sh7750.[ch]. The |
13 | 27c7ca7e | bellard | main board description is in hw/shix.c, and the NAND flash in |
14 | 27c7ca7e | bellard | hw/tc58128.[ch]. |
15 | 27c7ca7e | bellard | |
16 | 27c7ca7e | bellard | All the shortcomings indicated here will eventually be resolved. This |
17 | 27c7ca7e | bellard | is a work in progress. Features are added in a semi-random order: if a |
18 | 27c7ca7e | bellard | point is blocking to progress on booting the Linux kernel for the shix |
19 | 27c7ca7e | bellard | board, it is addressed first; if feedback is necessary and no progress |
20 | 27c7ca7e | bellard | can be made on blocking points until it is received, a random feature |
21 | 27c7ca7e | bellard | is worked on. |
22 | 27c7ca7e | bellard | |
23 | 27c7ca7e | bellard | Goals |
24 | 27c7ca7e | bellard | ----- |
25 | 27c7ca7e | bellard | |
26 | 27c7ca7e | bellard | The primary model being worked on is the soft MMU target to be able to |
27 | 27c7ca7e | bellard | emulate the Shix 2.0 board by Alexis Polti, described at |
28 | 27c7ca7e | bellard | http://perso.enst.fr/~polti/realisations/shix20/ |
29 | 27c7ca7e | bellard | |
30 | 27c7ca7e | bellard | Ultimately, qemu will be coupled with a system C or a verilog |
31 | 27c7ca7e | bellard | simulator to simulate the whole board functionalities. |
32 | 27c7ca7e | bellard | |
33 | 27c7ca7e | bellard | A sh4 user-mode has also somewhat started but will be worked on |
34 | 27c7ca7e | bellard | afterwards. The goal is to automate tests for GNAT (GNU Ada) compiler |
35 | 27c7ca7e | bellard | that I ported recently to the sh4-linux target. |
36 | 27c7ca7e | bellard | |
37 | 27c7ca7e | bellard | Registers |
38 | 27c7ca7e | bellard | --------- |
39 | 27c7ca7e | bellard | |
40 | 27c7ca7e | bellard | 16 general purpose registers are available at any time. The first 8 |
41 | 27c7ca7e | bellard | registers are banked and the non-directly visible ones can be accessed |
42 | 27c7ca7e | bellard | by privileged instructions. In qemu, we define 24 general purpose |
43 | 27c7ca7e | bellard | registers and the code generation use either [0-7]+[8-15] or |
44 | 27c7ca7e | bellard | [16-23]+[8-15] depending on the MD and RB flags in the sr |
45 | 27c7ca7e | bellard | configuration register. |
46 | 27c7ca7e | bellard | |
47 | 27c7ca7e | bellard | Instructions |
48 | 27c7ca7e | bellard | ------------ |
49 | 27c7ca7e | bellard | |
50 | 27c7ca7e | bellard | Most sh4 instructions have been implemented. The missing ones at this |
51 | 27c7ca7e | bellard | time are: |
52 | 27c7ca7e | bellard | - FPU related instructions |
53 | 27c7ca7e | bellard | - LDTLB to load a new MMU entry |
54 | 27c7ca7e | bellard | - SLEEP to put the processor in sleep mode |
55 | 27c7ca7e | bellard | |
56 | 27c7ca7e | bellard | Most instructions could be optimized a lot. This will be worked on |
57 | 27c7ca7e | bellard | after the current model is fully functional unless debugging |
58 | 27c7ca7e | bellard | convenience requires that it is done early. |
59 | 27c7ca7e | bellard | |
60 | 27c7ca7e | bellard | Many instructions did not have a chance to be tested yet. The plan is |
61 | 27c7ca7e | bellard | to implement unit and regression testing of those in the future. |
62 | 27c7ca7e | bellard | |
63 | 27c7ca7e | bellard | MMU |
64 | 27c7ca7e | bellard | --- |
65 | 27c7ca7e | bellard | |
66 | 27c7ca7e | bellard | The MMU is implemented in the sh4 core. MMU management has not been |
67 | 27c7ca7e | bellard | tested at all yet. In the sh7750, it can be manipulated through memory |
68 | 27c7ca7e | bellard | mapped registers and this part has not yet been implemented. |
69 | 27c7ca7e | bellard | |
70 | 27c7ca7e | bellard | Exceptions |
71 | 27c7ca7e | bellard | ---------- |
72 | 27c7ca7e | bellard | |
73 | 27c7ca7e | bellard | Exceptions are implemented as described in the sh4 reference manual |
74 | 27c7ca7e | bellard | but have not been tested yet. They do not use qemu EXCP_ features |
75 | 27c7ca7e | bellard | yet. |
76 | 27c7ca7e | bellard | |
77 | 27c7ca7e | bellard | IRQ |
78 | 27c7ca7e | bellard | --- |
79 | 27c7ca7e | bellard | |
80 | 27c7ca7e | bellard | IRQ are not implemented yet. |
81 | 27c7ca7e | bellard | |
82 | 27c7ca7e | bellard | Peripheral features |
83 | 27c7ca7e | bellard | ------------------- |
84 | 27c7ca7e | bellard | |
85 | 27c7ca7e | bellard | + Serial ports |
86 | 27c7ca7e | bellard | |
87 | 27c7ca7e | bellard | Configuration and use of the first serial port (SCI) without |
88 | 27c7ca7e | bellard | interrupts is supported. Input has not yet been tested. |
89 | 27c7ca7e | bellard | |
90 | 27c7ca7e | bellard | Configuration of the second serial port (SCIF) is supported. FIFO |
91 | 27c7ca7e | bellard | handling infrastructure has been started but is not completed yet. |
92 | 27c7ca7e | bellard | |
93 | 27c7ca7e | bellard | + GPIO ports |
94 | 27c7ca7e | bellard | |
95 | 27c7ca7e | bellard | GPIO ports have been implemented. A registration function allows |
96 | 27c7ca7e | bellard | external modules to register interest in some port changes (see |
97 | 27c7ca7e | bellard | hw/tc58128.[ch] for an example) and will be called back. Interrupt |
98 | 27c7ca7e | bellard | generation is not yet supported but some infrastructure is in place |
99 | 27c7ca7e | bellard | for this purpose. Note that in the current model a peripheral module |
100 | 27c7ca7e | bellard | cannot directly simulate a H->L->H input port transition and have an |
101 | 27c7ca7e | bellard | interrupt generated on the low level. |
102 | 27c7ca7e | bellard | |
103 | 27c7ca7e | bellard | + TC58128 NAND flash |
104 | 27c7ca7e | bellard | |
105 | 27c7ca7e | bellard | TC58128 NAND flash is partially implemented through GPIO ports. It |
106 | 27c7ca7e | bellard | supports reading from flash. |
107 | 27c7ca7e | bellard | |
108 | 27c7ca7e | bellard | GDB |
109 | 27c7ca7e | bellard | --- |
110 | 27c7ca7e | bellard | |
111 | 27c7ca7e | bellard | GDB remote target support has been implemented and lightly tested. |
112 | 27c7ca7e | bellard | |
113 | 27c7ca7e | bellard | Files |
114 | 27c7ca7e | bellard | ----- |
115 | 27c7ca7e | bellard | |
116 | 9f083493 | ths | File names are hardcoded at this time. The bootloader must be stored in |
117 | 27c7ca7e | bellard | shix_bios.bin in the current directory. The initial Linux image must |
118 | 27c7ca7e | bellard | be stored in shix_linux_nand.bin in the current directory in NAND |
119 | 27c7ca7e | bellard | format. Test files can be obtained from |
120 | 27c7ca7e | bellard | http://perso.enst.fr/~polti/robot/ as well as the various datasheets I |
121 | 27c7ca7e | bellard | use. |
122 | 27c7ca7e | bellard | |
123 | 27c7ca7e | bellard | qemu disk parameter on the command line is unused. You can supply any |
124 | 27c7ca7e | bellard | existing image and it will be ignored. As the goal is to simulate an |
125 | 27c7ca7e | bellard | embedded target, it is not clear how this parameter will be handled in |
126 | 27c7ca7e | bellard | the future. |
127 | 27c7ca7e | bellard | |
128 | 27c7ca7e | bellard | To build an ELF kernel image from the NAND image, 16 bytes have to be |
129 | 27c7ca7e | bellard | stripped off the end of every 528 bytes, keeping only 512 of them. The |
130 | 27c7ca7e | bellard | following Python code snippet does it: |
131 | 27c7ca7e | bellard | |
132 | 27c7ca7e | bellard | #! /usr/bin/python |
133 | 27c7ca7e | bellard | |
134 | 27c7ca7e | bellard | def denand (infd, outfd): |
135 | 27c7ca7e | bellard | while True: |
136 | 27c7ca7e | bellard | d = infd.read (528) |
137 | 27c7ca7e | bellard | if not d: return |
138 | 27c7ca7e | bellard | outfd.write (d[:512]) |
139 | 27c7ca7e | bellard | |
140 | 27c7ca7e | bellard | if __name__ == '__main__': |
141 | 27c7ca7e | bellard | import sys |
142 | 27c7ca7e | bellard | denand (open (sys.argv[1], 'rb'), |
143 | 27c7ca7e | bellard | open (sys.argv[2], 'wb')) |
144 | 27c7ca7e | bellard | |
145 | 27c7ca7e | bellard | Style isssues |
146 | 27c7ca7e | bellard | ------------- |
147 | 27c7ca7e | bellard | |
148 | 27c7ca7e | bellard | There is currently a mix between my style (space before opening |
149 | 27c7ca7e | bellard | parenthesis) and qemu style. This will be resolved before final |
150 | 27c7ca7e | bellard | integration is proposed. |