/*1* Copyright © 2021 Google, Inc.2*3* Permission is hereby granted, free of charge, to any person obtaining a4* copy of this software and associated documentation files (the "Software"),5* to deal in the Software without restriction, including without limitation6* the rights to use, copy, modify, merge, publish, distribute, sublicense,7* and/or sell copies of the Software, and to permit persons to whom the8* Software is furnished to do so, subject to the following conditions:9*10* The above copyright notice and this permission notice (including the next11* paragraph) shall be included in all copies or substantial portions of the12* Software.13*14* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR15* IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,16* FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL17* THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER18* LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,19* OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE20* SOFTWARE.21*/2223#ifndef _EMU_H_24#define _EMU_H_2526#include <stdbool.h>27#include <stdint.h>2829#include "util/bitset.h"3031#include "afuc.h"3233#define EMU_NUM_GPR_REGS 323435struct emu_gpr_regs {36BITSET_DECLARE(written, EMU_NUM_GPR_REGS);37union {38uint32_t pc;39uint32_t val[EMU_NUM_GPR_REGS];40};41};4243#define EMU_NUM_CONTROL_REGS 0x10004445struct emu_control_regs {46BITSET_DECLARE(written, EMU_NUM_CONTROL_REGS);47uint32_t val[EMU_NUM_CONTROL_REGS];48};4950#define EMU_NUM_GPU_REGS 0x100005152struct emu_gpu_regs {53BITSET_DECLARE(written, EMU_NUM_GPU_REGS);54uint32_t val[EMU_NUM_GPU_REGS];55};5657#define EMU_NUM_PIPE_REGS 0x1005859struct emu_pipe_regs {60BITSET_DECLARE(written, EMU_NUM_PIPE_REGS);61uint32_t val[EMU_NUM_PIPE_REGS];62};6364/**65* A simple queue implementation to buffer up cmdstream for the66* emulated firmware to consume67*/68struct emu_queue {69unsigned head, tail, count;70uint32_t fifo[0x100];71};7273static inline bool74emu_queue_push(struct emu_queue *q, uint32_t val)75{76if (q->count >= ARRAY_SIZE(q->fifo))77return false;7879q->count++;80q->head++;81q->head %= ARRAY_SIZE(q->fifo);8283q->fifo[q->head] = val;8485return true;86}8788static inline bool89emu_queue_pop(struct emu_queue *q, uint32_t *val)90{91if (!q->count)92return false;9394q->count--;95q->tail++;96q->tail %= ARRAY_SIZE(q->fifo);9798*val = q->fifo[q->tail];99100return true;101}102103/**104* Draw-state (ie. CP_SET_DRAW_STATE) related emulation105*/106struct emu_draw_state {107unsigned prev_draw_state_sel;108unsigned write_idx;109struct {110union {111uint32_t hdr;112struct {113uint16_t count; /* # of dwords */114uint16_t mode_mask;115};116};117union {118uint32_t base_lohi[2];119uint64_t base;120};121uint64_t sds_base;122uint32_t sds_dwords;123} state[32];124};125126/**127* The GPU memory size:128*129* The size is a bit arbitrary, and could be increased. The backing130* storage is a MAP_ANONYMOUS mapping so untouched pages should not131* have a cost other than consuming virtual address space.132*133* Use something >4gb so we can test that anything doing GPU pointer134* math correctly handles rollover135*/136#define EMU_MEMORY_SIZE 0x200000000137138/**139* The GPU "address" of the instructions themselves:140*141* Note address is kind of arbitrary, but should be something non-142* zero to sanity check the bootstrap process and packet-table143* loading144*/145#define EMU_INSTR_BASE 0x1000146147/**148* Emulated hw state.149*/150struct emu {151/**152* In bootstrap mode, execute bootstrap without outputting anything.153* Useful to (for example) extract packet-table.154*/155bool quiet;156157bool lpac;158159uint32_t *instrs;160unsigned sizedwords;161unsigned gpu_id;162163struct emu_control_regs control_regs;164struct emu_pipe_regs pipe_regs;165struct emu_gpu_regs gpu_regs;166struct emu_gpr_regs gpr_regs;167168struct emu_draw_state draw_state;169170/* branch target to jump to after next instruction (ie. after delay-171* slot):172*/173uint32_t branch_target;174175/* executed waitin, jump to handler after next instruction (ie. after176* delay-slot):177*/178bool waitin;179180/* (r)un mode, don't stop for input until next waitin: */181bool run_mode;182183/* carry-bits for add/sub for addhi/subhi */184uint32_t carry;185186/* call-stack of saved PCs.. I expect this to be a fixed size, but not187* sure what the actual size is188*/189uint32_t call_stack[5];190int call_stack_idx;191192/* packet table (aka jmptable) has offsets for pm4 packet handlers: */193uint32_t jmptbl[0x80];194195/* In reality ROQ is actually multiple queues, but we don't try196* to model the hw that exactly (but instead only model the behavior)197* so we just use this to buffer up cmdstream input198*/199struct emu_queue roq;200201/* Mode for writes to $data: */202enum {203DATA_ADDR,204DATA_USRADDR,205DATA_PIPE,206} data_mode;207208/* GPU address space: */209void *gpumem;210211/* A bitset would be prohibitively large to track memory writes, to212* show in the state-change dump. But we can only write a single213* dword per instruction (given that for (rep) and/or (xmov) we214* dump state change at each "step" of the instruction.215*216* ~0 means no memory write217*/218uintptr_t gpumem_written;219};220221/*222* API for disasm to use:223*/224void emu_step(struct emu *emu);225void emu_run_bootstrap(struct emu *emu);226void emu_init(struct emu *emu);227void emu_fini(struct emu *emu);228229/*230* Internal APIs231*/232233uint32_t emu_mem_read_dword(struct emu *emu, uintptr_t gpuaddr);234void emu_mem_write_dword(struct emu *emu, uintptr_t gpuaddr, uint32_t val);235236/* UI: */237void emu_main_prompt(struct emu *emu);238void emu_clear_state_change(struct emu *emu);239void emu_dump_state_change(struct emu *emu);240241/* Registers: */242uint32_t emu_get_gpr_reg(struct emu *emu, unsigned n);243void emu_set_gpr_reg(struct emu *emu, unsigned n, uint32_t val);244245void emu_set_gpu_reg(struct emu *emu, unsigned n, uint32_t val);246247uint32_t emu_get_control_reg(struct emu *emu, unsigned n);248void emu_set_control_reg(struct emu *emu, unsigned n, uint32_t val);249250/* Register helpers for fixed fxn emulation, to avoid lots of boilerplate251* for accessing other pipe/control registers.252*253* Example:254* EMU_CONTROL_REG(REG_NAME);255* val = emu_get_reg32(emu, &SOME_REG);256*/257258struct emu_reg_accessor;259260struct emu_reg {261const char *name;262const struct emu_reg_accessor *accessor;263unsigned offset;264};265266extern const struct emu_reg_accessor emu_control_accessor;267extern const struct emu_reg_accessor emu_pipe_accessor;268extern const struct emu_reg_accessor emu_gpu_accessor;269270#define EMU_CONTROL_REG(name) static struct emu_reg name = { #name, &emu_control_accessor, ~0 }271#define EMU_PIPE_REG(name) static struct emu_reg name = { #name, &emu_pipe_accessor, ~0 }272#define EMU_GPU_REG(name) static struct emu_reg name = { #name, &emu_gpu_accessor, ~0 }273274unsigned emu_reg_offset(struct emu_reg *reg);275uint32_t emu_get_reg32(struct emu *emu, struct emu_reg *reg);276uint64_t emu_get_reg64(struct emu *emu, struct emu_reg *reg);277void emu_set_reg32(struct emu *emu, struct emu_reg *reg, uint32_t val);278void emu_set_reg64(struct emu *emu, struct emu_reg *reg, uint64_t val);279280/* Draw-state control reg emulation: */281uint32_t emu_get_draw_state_reg(struct emu *emu, unsigned n);282void emu_set_draw_state_reg(struct emu *emu, unsigned n, uint32_t val);283284/* Helpers: */285#define printdelta(fmt, ...) afuc_printc(AFUC_ERR, fmt, ##__VA_ARGS__)286287#endif /* _ASM_H_ */288289290