Use alternate Flash program memory (code) base for AVR targets.

This is needed because the AVR CPU has separate code and data address
spaces that both start from zero. Use 0x08000000 base for Flash memory
and 0x00000000 base for CPU registers, IO registers and SRAM as the
fast case.

Signed-off-by: Glenn Baker <[email protected]>

Author: glennsec

include/unicorn/avr.h

@@ -24,6 +24,12 @@ typedef enum uc_cpu_avr {
     UC_CPU_AVR_AVR6 = 6,
 } uc_cpu_avr;
 
+//> AVR memory
+typedef enum uc_avr_mem {
+    // Flash program memory (code)
+    UC_AVR_MEM_FLASH = 0x08000000,
+} uc_avr_mem;
+
 //> AVR registers
 typedef enum uc_avr_reg {
     UC_AVR_REG_INVALID = 0,

qemu/target/avr/cpu.h

@@ -61,10 +61,16 @@
  *
  * It's also useful to know where some things are, like the IO registers.
  */
+#if 1
+// Unicorn:
+#define OFFSET_CODE 0x08000000 /* UC_AVR_MEM_FLASH */
+#define OFFSET_DATA 0x00000000
+#else
 /* Flash program memory */
 #define OFFSET_CODE 0x00000000
 /* CPU registers, IO registers, and SRAM */
 #define OFFSET_DATA 0x00800000
+#endif
 /* CPU registers specifically, these are mapped at the start of data */
 #define OFFSET_CPU_REGISTERS OFFSET_DATA
 /*
@@ -107,6 +113,8 @@ typedef enum AVRFeature {
     AVR_FEATURE_RAMPX,
     AVR_FEATURE_RAMPY,
     AVR_FEATURE_RAMPZ,
+
+    AVR_FEATURE_FLASH, /* Unicorn: was Flash program memory mapped? */
 } AVRFeature;
 
 typedef struct CPUAVRState CPUAVRState;
@@ -188,6 +196,12 @@ static inline int avr_cpu_mmu_index(CPUAVRState *env, bool ifetch)
     return ifetch ? MMU_CODE_IDX : MMU_DATA_IDX;
 }
 
+static inline uint32_t avr_code_base(CPUAVRState *env)
+{
+    return OFFSET_CODE && avr_feature(env, AVR_FEATURE_FLASH) ?
+        OFFSET_CODE : 0;
+}
+
 void avr_cpu_tcg_init(struct uc_struct *uc);
 
 void avr_cpu_list(void);

qemu/target/avr/helper.c

@@ -112,12 +112,14 @@ bool avr_cpu_tlb_fill(CPUState *cs, vaddr address, int size,
 
     if (mmu_idx == MMU_CODE_IDX) {
         /* access to code in flash */
-        paddr = OFFSET_CODE + address;
+        paddr = avr_code_base(&AVR_CPU(cs)->env) | address;
         prot = PAGE_READ | PAGE_EXEC;
+#if 0
         if (paddr + TARGET_PAGE_SIZE > OFFSET_DATA) {
             error_report("execution left flash memory");
             abort();
         }
+#endif
     } else if (address < NUMBER_OF_CPU_REGISTERS + NUMBER_OF_IO_REGISTERS) {
         /*
          * access to CPU registers, exit and rebuilt this TB to use full access
@@ -129,7 +131,7 @@ bool avr_cpu_tlb_fill(CPUState *cs, vaddr address, int size,
         cpu_loop_exit_restore(cs, retaddr);
     } else {
         /* access to memory. nothing special */
-        paddr = OFFSET_DATA + address;
+        paddr = OFFSET_DATA | address;
         prot = PAGE_READ | PAGE_WRITE;
     }
 
@@ -326,7 +328,7 @@ target_ulong helper_fullrd(CPUAVRState *env, uint32_t addr)
         data = helper_inb(env, addr - NUMBER_OF_CPU_REGISTERS);
     } else {
         /* memory */
-        data = address_space_ldub(&address_space_memory, OFFSET_DATA + addr,
+        data = address_space_ldub(&address_space_memory, OFFSET_DATA | addr,
                                   MEMTXATTRS_UNSPECIFIED, NULL);
     }
     return data;
@@ -356,7 +358,7 @@ void helper_fullwr(CPUAVRState *env, uint32_t data, uint32_t addr)
         helper_outb(env, addr - NUMBER_OF_CPU_REGISTERS, data);
     } else {
         /* memory */
-        address_space_stb(&address_space_memory, OFFSET_DATA + addr, data,
+        address_space_stb(&address_space_memory, OFFSET_DATA | addr, data,
                           MEMTXATTRS_UNSPECIFIED, NULL);
     }
 }

qemu/target/avr/translate.c

@@ -200,7 +200,8 @@ static int to_regs_00_30_by_two(DisasContext *ctx, int indx)
 
 static uint16_t next_word(DisasContext *ctx)
 {
-    return cpu_lduw_code(ctx->env, ctx->npc++ * 2);
+    // Unicorn:
+    return cpu_lduw_code(ctx->env, avr_code_base(ctx->env) | (ctx->npc++ * 2));
 }
 
 static int append_16(DisasContext *ctx, int x)
@@ -1706,6 +1707,19 @@ static void gen_data_load(DisasContext *ctx, TCGv data, TCGv addr)
     }
 }
 
+static void gen_code_load(DisasContext *ctx, TCGv Rd, TCGv addr)
+{
+    INIT_TCG_CONTEXT_FROM_DISAS(ctx);
+    // Unicorn:
+    const uint32_t code_base = avr_code_base(ctx->env);
+    if (code_base) {
+        TCGv Rc = tcg_const_i32(code_base);
+        tcg_gen_or_tl(addr, addr, Rc);
+        tcg_temp_free_i32(Rc);
+    }
+    tcg_gen_qemu_ld8u(Rd, addr, MMU_CODE_IDX); /* Rd = mem[addr] */
+}
+
 /*
  *  This instruction makes a copy of one register into another. The source
  *  register Rr is left unchanged, while the destination register Rd is loaded
@@ -2264,7 +2278,7 @@ static bool trans_LPM1(DisasContext *ctx, arg_LPM1 *a)
 
     tcg_gen_shli_tl(addr, H, 8); /* addr = H:L */
     tcg_gen_or_tl(addr, addr, L);
-    tcg_gen_qemu_ld8u(Rd, addr, MMU_CODE_IDX); /* Rd = mem[addr] */
+    gen_code_load(ctx, Rd, addr);
 
     tcg_temp_free_i32(addr);
 
@@ -2285,7 +2299,7 @@ static bool trans_LPM2(DisasContext *ctx, arg_LPM2 *a)
 
     tcg_gen_shli_tl(addr, H, 8); /* addr = H:L */
     tcg_gen_or_tl(addr, addr, L);
-    tcg_gen_qemu_ld8u(Rd, addr, MMU_CODE_IDX); /* Rd = mem[addr] */
+    gen_code_load(ctx, Rd, addr);
 
     tcg_temp_free_i32(addr);
 
@@ -2306,7 +2320,7 @@ static bool trans_LPMX(DisasContext *ctx, arg_LPMX *a)
 
     tcg_gen_shli_tl(addr, H, 8); /* addr = H:L */
     tcg_gen_or_tl(addr, addr, L);
-    tcg_gen_qemu_ld8u(Rd, addr, MMU_CODE_IDX); /* Rd = mem[addr] */
+    gen_code_load(ctx, Rd, addr);
     tcg_gen_addi_tl(addr, addr, 1); /* addr = addr + 1 */
     tcg_gen_andi_tl(L, addr, 0xff);
     tcg_gen_shri_tl(addr, addr, 8);
@@ -2342,7 +2356,7 @@ static bool trans_ELPM1(DisasContext *ctx, arg_ELPM1 *a)
     TCGv Rd = cpu_r[0];
     TCGv addr = gen_get_zaddr();
 
-    tcg_gen_qemu_ld8u(Rd, addr, MMU_CODE_IDX); /* Rd = mem[addr] */
+    gen_code_load(ctx, Rd, addr);
 
     tcg_temp_free_i32(addr);
 
@@ -2359,7 +2373,7 @@ static bool trans_ELPM2(DisasContext *ctx, arg_ELPM2 *a)
     TCGv Rd = cpu_r[a->rd];
     TCGv addr = gen_get_zaddr();
 
-    tcg_gen_qemu_ld8u(Rd, addr, MMU_CODE_IDX); /* Rd = mem[addr] */
+    gen_code_load(ctx, Rd, addr);
 
     tcg_temp_free_i32(addr);
 
@@ -2376,7 +2390,7 @@ static bool trans_ELPMX(DisasContext *ctx, arg_ELPMX *a)
     TCGv Rd = cpu_r[a->rd];
     TCGv addr = gen_get_zaddr();
 
-    tcg_gen_qemu_ld8u(Rd, addr, MMU_CODE_IDX); /* Rd = mem[addr] */
+    gen_code_load(ctx, Rd, addr);
     tcg_gen_addi_tl(addr, addr, 1); /* addr = addr + 1 */
     gen_set_zaddr(addr);
 
@@ -3127,8 +3141,8 @@ void gen_intermediate_code(CPUState *cs, TranslationBlock *tb, int max_insns)
          * b *0x100 - sets breakpoint at address 0x00800100 (data)
          */
         if (unlikely(!ctx.singlestep &&
-                (cpu_breakpoint_test(cs, OFFSET_CODE + ctx.npc * 2, BP_ANY) ||
-                 cpu_breakpoint_test(cs, OFFSET_DATA + ctx.npc * 2, BP_ANY)))) {
+                (cpu_breakpoint_test(cs, avr_code_base(env) | ctx.npc * 2, BP_ANY) ||
+                 cpu_breakpoint_test(cs, OFFSET_DATA | ctx.npc * 2, BP_ANY)))) {
             canonicalize_skip(&ctx);
             tcg_gen_movi_tl(cpu_pc, ctx.npc);
             gen_helper_debug(cpu_env);

qemu/target/avr/unicorn.c

@@ -227,6 +227,31 @@ static void avr_release(void *ctx)
     }
 }
 
+static inline bool is_flash_memory(hwaddr addr, size_t size, uint32_t perms)
+{
+    if ((addr ^ UC_AVR_MEM_FLASH) >> 24)
+        return false;
+    if ((perms & UC_PROT_ALL) != (UC_PROT_READ|UC_PROT_EXEC))
+        return false;
+    return true;
+}
+
+static MemoryRegion *avr_memory_map(struct uc_struct *uc, hwaddr begin, size_t size, uint32_t perms)
+{
+    MemoryRegion *const mr = memory_map(uc, begin, size, perms);
+    if (mr && is_flash_memory(begin, size, perms))
+        set_avr_feature(&AVR_CPU(uc->cpu)->env, AVR_FEATURE_FLASH);
+    return mr;
+}
+
+static MemoryRegion *avr_memory_map_ptr(struct uc_struct *uc, hwaddr begin, size_t size, uint32_t perms, void *ptr)
+{
+    MemoryRegion *const mr = memory_map_ptr(uc, begin, size, perms, ptr);
+    if (mr && is_flash_memory(begin, size, perms))
+        set_avr_feature(&AVR_CPU(uc->cpu)->env, AVR_FEATURE_FLASH);
+    return mr;
+}
+
 void avr_uc_init(struct uc_struct *uc)
 {
     uc->reg_read = avr_reg_read;
@@ -238,4 +263,6 @@ void avr_uc_init(struct uc_struct *uc)
     uc->release = avr_release;
     uc->cpu_context_size = offsetof(CPUAVRState, features);
     uc_common_init(uc);
+    uc->memory_map = avr_memory_map;
+    uc->memory_map_ptr = avr_memory_map_ptr;
 }