2 m68kmmu.h - PMMU implementation for 68851/68030/68040
6 Copyright Nicola Salmoria and the MAME Team.
7 Visit http://mamedev.org for licensing and usage restrictions.
10 // MMU status register bit definitions
14 struct m68ki_cpu_core;
16 #define MMULOG(A) printf A
21 #define logerror printf
26 // MMU SR register fields
27 #define M68K_MMU_SR_BUS_ERROR 0x8000
28 #define M68K_MMU_SR_SUPERVISOR_ONLY 0x2000
29 #define M68K_MMU_SR_WRITE_PROTECT 0x0800
30 #define M68K_MMU_SR_INVALID 0x0400
31 #define M68K_MMU_SR_MODIFIED 0x0200
32 #define M68K_MMU_SR_TRANSPARENT 0x0040
34 // MMU translation table descriptor field definitions
35 #define M68K_MMU_DF_DT 0x00000003
36 #define M68K_MMU_DF_DT_INVALID 0x00000000
37 #define M68K_MMU_DF_DT_PAGE 0x00000001
38 #define M68K_MMU_DF_DT_TABLE_4BYTE 0x00000002
39 #define M68K_MMU_DF_DT_TABLE_8BYTE 0x00000003
40 #define M68K_MMU_DF_WP 0x00000004
41 #define M68K_MMU_DF_USED 0x00000008
42 #define M68K_MMU_DF_MODIFIED 0x00000010
43 #define M68K_MMU_DF_CI 0x00000040
44 #define M68K_MMU_DF_SUPERVISOR 0x00000100
45 #define M68K_MMU_DF_ADDR_MASK 0xfffffff0
46 #define M68K_MMU_DF_IND_ADDR_MASK 0xfffffffc
49 #define M68K_MMU_ATC_BUSERROR 0x08000000
50 #define M68K_MMU_ATC_CACHE_IN 0x04000000
51 #define M68K_MMU_ATC_WRITE_PR 0x02000000
52 #define M68K_MMU_ATC_MODIFIED 0x01000000
53 #define M68K_MMU_ATC_MASK 0x00ffffff
54 #define M68K_MMU_ATC_SHIFT 8
55 #define M68K_MMU_ATC_VALID 0x08000000
57 // MMU Translation Control register
58 #define M68K_MMU_TC_SRE 0x02000000
59 #define M68K_MMU_TC_FCL 0x01000000
62 #define M68K_MMU_TT_ENABLE 0x8000
64 #define m_side_effects_disabled 0
66 /* decodes the effective address */
67 uint32 DECODE_EA_32(m68ki_cpu_core *state, int ea)
69 int mode = (ea >> 3) & 0x7;
80 uint32 ea = EA_AY_PI_32();
85 uint32 ea = EA_AY_DI_32();
88 case 6: // (An) + (Xn) + d8
90 uint32 ea = EA_AY_IX_32();
99 uint32 ea = OPER_I_16(state);
104 uint32 d1 = OPER_I_16(state);
105 uint32 d2 = OPER_I_16(state);
106 uint32 ea = (d1 << 16) | d2;
111 uint32 ea = EA_PCDI_32();
114 default: fatalerror("m68k: DECODE_EA_32: unhandled mode %d, reg %d at %08X\n", mode, reg, REG_PC);
118 default: fatalerror("m68k: DECODE_EA_32: unhandled mode %d, reg %d at %08X\n", mode, reg, REG_PC);
123 void pmmu_set_buserror(m68ki_cpu_core *state, uint32 addr_in)
125 if (!m_side_effects_disabled && ++state->mmu_tmp_buserror_occurred == 1)
127 state->mmu_tmp_buserror_address = addr_in;
128 state->mmu_tmp_buserror_rw = state->mmu_tmp_rw;
129 state->mmu_tmp_buserror_fc = state->mmu_tmp_fc;
130 state->mmu_tmp_buserror_sz = state->mmu_tmp_sz;
135 // pmmu_atc_add: adds this address to the ATC
136 void pmmu_atc_add(m68ki_cpu_core *state, uint32 logical, uint32 physical, int fc, int rw)
138 // get page size (i.e. # of bits to ignore); is 10 for Apollo
139 int ps = (state->mmu_tc >> 20) & 0xf;
140 uint32 atc_tag = M68K_MMU_ATC_VALID | ((fc & 7) << 24) | ((logical >> ps) << (ps - 8));
141 uint32 atc_data = (physical >> ps) << (ps - 8);
143 if (state->mmu_tmp_sr & (M68K_MMU_SR_BUS_ERROR|M68K_MMU_SR_INVALID|M68K_MMU_SR_SUPERVISOR_ONLY))
145 atc_data |= M68K_MMU_ATC_BUSERROR;
148 if (state->mmu_tmp_sr & M68K_MMU_SR_WRITE_PROTECT)
150 atc_data |= M68K_MMU_ATC_WRITE_PR;
153 if (!rw && !(state->mmu_tmp_sr & M68K_MMU_SR_WRITE_PROTECT))
155 atc_data |= M68K_MMU_ATC_MODIFIED;
158 // first see if this is already in the cache
159 for (int i = 0; i < MMU_ATC_ENTRIES; i++)
161 // if tag bits and function code match, don't add
162 if (state->mmu_atc_tag[i] == atc_tag)
164 MMULOG(("%s: hit, old %08x new %08x\n", __func__, state->mmu_atc_data[i], atc_data));
165 state->mmu_atc_data[i] = atc_data;
170 // find an open entry
172 for (int i = 0; i < MMU_ATC_ENTRIES; i++)
174 if (!(state->mmu_atc_tag[i] & M68K_MMU_ATC_VALID))
181 // did we find an entry? steal one by round-robin then
184 found = state->mmu_atc_rr++;
186 if (state->mmu_atc_rr >= MMU_ATC_ENTRIES)
188 state->mmu_atc_rr = 0;
193 MMULOG(("ATC[%2d] add: log %08x -> phys %08x (fc=%d) data=%08x\n",
194 found, (logical >> ps) << ps, (physical >> ps) << ps, fc, atc_data));
195 state->mmu_atc_tag[found] = atc_tag;
196 state->mmu_atc_data[found] = atc_data;
199 // pmmu_atc_flush: flush entire ATC
200 // 7fff0003 001ffd10 80f05750 is what should load
201 void pmmu_atc_flush(m68ki_cpu_core *state)
203 MMULOG(("ATC flush: pc=%08x\n", state->ppc));
204 // std::fill(std::begin(state->mmu_atc_tag), std::end(state->mmu_atc_tag), 0);
205 for(int i=0;i<MMU_ATC_ENTRIES;i++)
206 state->mmu_atc_tag[i]=0;
207 state->mmu_atc_rr = 0;
210 int fc_from_modes(m68ki_cpu_core *state, uint16 modes);
212 void pmmu_atc_flush_fc_ea(m68ki_cpu_core *state, uint16 modes)
214 unsigned int fcmask = (modes >> 5) & 7;
215 unsigned int fc = fc_from_modes(state, modes) & fcmask;
216 unsigned int ps = (state->mmu_tc >> 20) & 0xf;
217 unsigned int mode = (modes >> 10) & 7;
223 MMULOG(("PFLUSHA: mode %d\n", mode));
224 pmmu_atc_flush(state);
227 case 4: // flush by fc
228 MMULOG(("flush by fc: %d, mask %d\n", fc, fcmask));
229 for(int i=0,e;i<MMU_ATC_ENTRIES;i++)
231 e=state->mmu_atc_tag[i];
232 if ((e & M68K_MMU_ATC_VALID) && ((e >> 24) & fcmask) == fc)
234 MMULOG(("flushing entry %08x\n", e));
235 state->mmu_atc_tag[i] = 0;
240 case 6: // flush by fc + ea
242 ea = DECODE_EA_32(state, state->ir);
243 MMULOG(("flush by fc/ea: fc %d, mask %d, ea %08x\n", fc, fcmask, ea));
244 for(unsigned int i=0,e;i<MMU_ATC_ENTRIES;i++)
246 e=state->mmu_atc_tag[i];
247 if ((e & M68K_MMU_ATC_VALID) &&
248 (((e >> 24) & fcmask) == fc) &&
249 // (((e >> ps) << (ps - 8)) == ((ea >> ps) << (ps - 8))))
250 ( (e << ps) == (ea >> 8 << ps) ))
252 MMULOG(("flushing entry %08x\n", e));
253 state->mmu_atc_tag[i] = 0;
259 logerror("PFLUSH mode %d not supported\n", mode);
264 //template<bool ptest>
265 uint16 pmmu_atc_lookup(m68ki_cpu_core *state, uint32 addr_in, int fc, uint16 rw, uint32 *addr_out, int ptest)
267 MMULOG(("%s: LOOKUP addr_in=%08x, fc=%d, ptest=%d, rw=%d\n", __func__, addr_in, fc, ptest,rw));
268 unsigned int ps = (state->mmu_tc >> 20) & 0xf;
269 uint32 atc_tag = M68K_MMU_ATC_VALID | ((fc & 7) << 24) | ((addr_in >> ps) << (ps - 8));
271 for (int i = 0; i < MMU_ATC_ENTRIES; i++)
274 if (state->mmu_atc_tag[i] != atc_tag)
279 uint32 atc_data = state->mmu_atc_data[i];
283 // According to MC86030UM:
284 // "If the M bit is clear and a write access to this logical
285 // address is attempted, the MC68030 aborts the access and initiates a table
286 // search, setting the M bit in the page descriptor, invalidating the old ATC
287 // entry, and creating a new entry with the M bit set.
288 if (!(atc_data & M68K_MMU_ATC_MODIFIED))
290 state->mmu_atc_tag[i] = 0;
295 state->mmu_tmp_sr = 0;
296 if (atc_data & M68K_MMU_ATC_MODIFIED)
298 state->mmu_tmp_sr |= M68K_MMU_SR_MODIFIED;
301 if (atc_data & M68K_MMU_ATC_WRITE_PR)
303 state->mmu_tmp_sr |= M68K_MMU_SR_WRITE_PROTECT;
306 if (atc_data & M68K_MMU_ATC_BUSERROR)
308 state->mmu_tmp_sr |= M68K_MMU_SR_BUS_ERROR|M68K_MMU_SR_INVALID;
310 *addr_out = (atc_data << 8) | (addr_in & ~(((uint32)~0) << ps));
311 MMULOG(("%s: addr_in=%08x, addr_out=%08x, MMU SR %04x\n",
312 __func__, addr_in, *addr_out, state->mmu_tmp_sr));
315 MMULOG(("%s: lookup failed\n", __func__));
318 state->mmu_tmp_sr = M68K_MMU_SR_INVALID;
323 uint16 pmmu_match_tt(m68ki_cpu_core *state, uint32 addr_in, int fc, uint32 tt, uint16 rw)
325 if (!(tt & M68K_MMU_TT_ENABLE))
330 // transparent translation enabled
331 uint32 address_base = tt & 0xff000000;
332 uint32 address_mask = ((tt << 8) & 0xff000000) ^ 0xff000000;
333 uint32 fcmask = (~tt) & 7;
334 uint32 fcbits = (tt >> 4) & 7;
335 uint16 rwmask = !!(~tt & 0x100);
336 uint16 rwbit = !!(tt & 0x200);
338 if ((addr_in & address_mask) != (address_base & address_mask))
343 if ((fc & fcmask) != (fcbits & fcmask))
348 if ((rw & rwmask) != (rwbit & rwmask))
353 state->mmu_tmp_sr |= M68K_MMU_SR_TRANSPARENT;
357 void update_descriptor(m68ki_cpu_core *state, uint32 tptr, int type, uint32 entry, int16 rw)
359 if (type == M68K_MMU_DF_DT_PAGE && !rw &&
360 !(entry & M68K_MMU_DF_MODIFIED) &&
361 !(entry & M68K_MMU_DF_WP))
363 MMULOG(("%s: set M+U at %08x\n", __func__, tptr));
364 m68k_write_memory_32(tptr, entry | M68K_MMU_DF_USED | M68K_MMU_DF_MODIFIED);
366 else if (type != M68K_MMU_DF_DT_INVALID && !(entry & M68K_MMU_DF_USED))
368 MMULOG(("%s: set U at %08x\n", __func__, tptr));
369 m68k_write_memory_32(tptr, entry | M68K_MMU_DF_USED);
374 //template<bool _long>
375 void update_sr(m68ki_cpu_core *state, int type, uint32 tbl_entry, int fc, uint16 _long)
377 if (m_side_effects_disabled)
384 case M68K_MMU_DF_DT_INVALID:
385 // Invalid has no flags
388 case M68K_MMU_DF_DT_PAGE:
389 if (tbl_entry & M68K_MMU_DF_MODIFIED)
391 state->mmu_tmp_sr |= M68K_MMU_SR_MODIFIED;
395 case M68K_MMU_DF_DT_TABLE_4BYTE:
398 case M68K_MMU_DF_DT_TABLE_8BYTE:
400 if (tbl_entry & M68K_MMU_DF_WP)
402 state->mmu_tmp_sr |= M68K_MMU_SR_WRITE_PROTECT;
405 if (_long && !(fc & 4) && (tbl_entry & M68K_MMU_DF_SUPERVISOR))
407 state->mmu_tmp_sr |= M68K_MMU_SR_SUPERVISOR_ONLY;
415 //template<bool ptest>
416 uint16 pmmu_walk_tables(m68ki_cpu_core *state, uint32 addr_in, int type, uint32 table, uint8 fc, int limit, uint16 rw,
417 uint32 *addr_out, int ptest)
420 uint32 bits = state->mmu_tc & 0xffff;
421 int pagesize = (state->mmu_tc >> 20) & 0xf;
422 int is = (state->mmu_tc >> 16) & 0xf;
429 state->mmu_tablewalk = 1;
431 if (state->mmu_tc & M68K_MMU_TC_FCL)
438 int indexbits = (bits >> bitpos) & 0xf;
439 int table_index = (bitpos == 16) ? fc : (addr_in >> (32 - indexbits));
441 uint16 indirect = (!bitpos || !(bits >> bitpos)) && indexbits;
442 uint32 tbl_entry, tbl_entry2;
444 MMULOG(("%s: type %d, table %08x, addr_in %08x, indexbits %d, pageshift %d, indirect %d table_index %08x, rw=%d fc=%d\n",
445 __func__, type, table, addr_in, indexbits, pageshift, indirect, table_index, rw, fc));
449 case M68K_MMU_DF_DT_INVALID: // invalid, will cause MMU exception
450 state->mmu_tmp_sr = M68K_MMU_SR_INVALID;
451 MMULOG(("PMMU: DT0 PC=%x (addr_in %08x -> %08x)\n", state->ppc, addr_in, *addr_out));
455 case M68K_MMU_DF_DT_PAGE: // page descriptor, will cause direct mapping
458 table &= ((uint32)~0) << pagesize;
459 *addr_out = table + (addr_in >> pageshift);
464 case M68K_MMU_DF_DT_TABLE_4BYTE: // valid 4 byte descriptors
466 *addr_out = table + (table_index << 2);
467 tbl_entry = m68k_read_memory_32(*addr_out);
468 type = tbl_entry & M68K_MMU_DF_DT;
470 if (indirect && (type == 2 || type == 3))
473 MMULOG(("SHORT INDIRECT DESC: %08x\n", tbl_entry));
474 *addr_out = tbl_entry & M68K_MMU_DF_IND_ADDR_MASK;
475 tbl_entry = m68k_read_memory_32(*addr_out);
476 type = tbl_entry & M68K_MMU_DF_DT;
479 MMULOG(("SHORT DESC: %08x\n", tbl_entry));
480 table = tbl_entry & M68K_MMU_DF_ADDR_MASK;
481 if (!m_side_effects_disabled)
483 update_sr(state, type, tbl_entry, fc, 0);
486 update_descriptor(state, *addr_out, type, tbl_entry, rw);
491 case M68K_MMU_DF_DT_TABLE_8BYTE: // valid 8 byte descriptors
493 *addr_out = table + (table_index << 3);
494 tbl_entry = m68k_read_memory_32(*addr_out);
495 tbl_entry2 = m68k_read_memory_32((*addr_out) + 4);
496 type = tbl_entry & M68K_MMU_DF_DT;
498 if (indirect && (type == 2 || type == 3))
501 MMULOG(("LONG INDIRECT DESC: %08x%08x\n", tbl_entry, tbl_entry2));
502 *addr_out = tbl_entry2 & M68K_MMU_DF_IND_ADDR_MASK;
503 tbl_entry = m68k_read_memory_32(*addr_out);
504 tbl_entry2 = m68k_read_memory_32(*addr_out);
505 type = tbl_entry & M68K_MMU_DF_DT;
508 MMULOG(("LONG DESC: %08x %08x\n", tbl_entry, tbl_entry2));
509 table = tbl_entry2 & M68K_MMU_DF_ADDR_MASK;
510 if (!m_side_effects_disabled)
512 update_sr(state, type, tbl_entry, fc, 1);
515 update_descriptor(state, *addr_out, type, tbl_entry, rw);
521 if (state->mmu_tmp_sr & M68K_MMU_SR_BUS_ERROR)
523 // Bus error during page table walking is always fatal
528 if (!ptest && !m_side_effects_disabled)
530 if (!rw && (state->mmu_tmp_sr & M68K_MMU_SR_WRITE_PROTECT))
536 if (!(fc & 4) && (state->mmu_tmp_sr & M68K_MMU_SR_SUPERVISOR_ONLY))
543 addr_in <<= indexbits;
544 pageshift += indexbits;
545 } while(level < limit && !resolved);
548 state->mmu_tmp_sr &= 0xfff0;
549 state->mmu_tmp_sr |= level;
550 MMULOG(("MMU SR after walk: %04X\n", state->mmu_tmp_sr));
551 state->mmu_tablewalk = 0;
555 // pmmu_translate_addr_with_fc: perform 68851/68030-style PMMU address translation
556 //template<bool ptest, bool pload>
557 uint32 pmmu_translate_addr_with_fc(m68ki_cpu_core *state, uint32 addr_in, uint8 fc, uint16 rw, int limit, int ptest,
563 MMULOG(("%s: addr_in=%08x, fc=%d, ptest=%d, rw=%d, limit=%d, pload=%d\n",
564 __func__, addr_in, fc, ptest, rw, limit, pload));
565 state->mmu_tmp_sr = 0;
567 state->mmu_last_logical_addr = addr_in;
569 if (pmmu_match_tt(state, addr_in, fc, state->mmu_tt0, rw) ||
570 pmmu_match_tt(state, addr_in, fc, state->mmu_tt1, rw) ||
576 if (ptest && limit == 0)
578 pmmu_atc_lookup(state, addr_in, fc, rw, &addr_out, 1);
582 if (!ptest && !pload && pmmu_atc_lookup(state, addr_in, fc, rw, &addr_out, 0))
584 if ((state->mmu_tmp_sr & M68K_MMU_SR_BUS_ERROR) || (!rw && (state->mmu_tmp_sr & M68K_MMU_SR_WRITE_PROTECT)))
586 MMULOG(("set atc hit buserror: addr_in=%08x, addr_out=%x, rw=%x, fc=%d, sz=%d\n",
587 addr_in, addr_out, state->mmu_tmp_rw, state->mmu_tmp_fc, state->mmu_tmp_sz));
588 pmmu_set_buserror(state, addr_in);
595 // if SRP is enabled and we're in supervisor mode, use it
596 if ((state->mmu_tc & M68K_MMU_TC_SRE) && (fc & 4))
598 tbl_addr = state->mmu_srp_aptr & M68K_MMU_DF_ADDR_MASK;
599 type = state->mmu_srp_limit & M68K_MMU_DF_DT;
601 else // else use the CRP
603 tbl_addr = state->mmu_crp_aptr & M68K_MMU_DF_ADDR_MASK;
604 type = state->mmu_crp_limit & M68K_MMU_DF_DT;
607 if (!pmmu_walk_tables(state, addr_in, type, tbl_addr, fc, limit, rw, &addr_out, ptest))
609 MMULOG(("%s: addr_in=%08x, type=%x, tbl_addr=%x, fc=%d, limit=%x, rw=%x, addr_out=%x, ptest=%d\n",
610 __func__, addr_in, type, tbl_addr, fc, limit, rw, addr_out, ptest));
611 fatalerror("Table walk did not resolve\n");
619 if ((state->mmu_tmp_sr & (M68K_MMU_SR_INVALID|M68K_MMU_SR_SUPERVISOR_ONLY)) ||
620 ((state->mmu_tmp_sr & M68K_MMU_SR_WRITE_PROTECT) && !rw))
625 MMULOG(("%s: set buserror (SR %04X)\n", __func__, state->mmu_tmp_sr));
626 pmmu_set_buserror(state, addr_in);
630 // it seems like at least the 68030 sets the M bit in the MMU SR
631 // if the root descriptor is of PAGE type, so do a logical and
632 // between RW and the root type
633 if (!m_side_effects_disabled)
635 pmmu_atc_add(state, addr_in, addr_out, fc, rw && type != 1);
637 MMULOG(("PMMU: [%08x] => [%08x] (SR %04x)\n", addr_in, addr_out, state->mmu_tmp_sr));
641 // FC bits: 2 = supervisor, 1 = program, 0 = data
642 // the 68040 is a subset of the 68851 and 68030 PMMUs - the page table sizes are fixed, there is no early termination, etc, etc.
643 uint32 pmmu_translate_addr_with_fc_040(m68ki_cpu_core *state, uint32 addr_in, uint8 fc, uint8 ptest)
645 uint32 addr_out, tt0, tt1;
648 state->mmu_tmp_sr = 0;
650 // transparent translation registers are always in force even if the PMMU itself is disabled
651 // they don't do much in emulation because we never write out of order, but the write-protect and cache control features
652 // are emulatable, and apparently transparent translation regions skip the page table lookup.
653 if (fc & 1) // data, use DTT0/DTT1
655 tt0 = state->mmu_dtt0;
656 tt1 = state->mmu_dtt1;
658 else if (fc & 2) // program, use ITT0/ITT1
660 tt0 = state->mmu_itt0;
661 tt1 = state->mmu_itt1;
665 fatalerror("68040: function code %d is neither data nor program!\n", fc & 7);
668 if (tt0 & M68K_MMU_TT_ENABLE)
670 int fcmask[4] = { 4, 4, 0, 0 };
671 int fcmatch[4] = { 0, 4, 0, 0 };
672 uint32 mask = (tt0 >> 16) & 0xff;
676 if ((addr_in & mask) == (tt0 & mask) && (fc & fcmask[(tt0 >> 13) & 3]) == fcmatch[(tt0 >> 13) & 3])
678 MMULOG(("TT0 match on address %08x (TT0 = %08x, mask = %08x)\n", addr_in, tt0, mask));
679 if ((tt0 & 4) && !state->mmu_tmp_rw && !ptest) // write protect?
681 pmmu_set_buserror(state, addr_in);
688 if (tt1 & M68K_MMU_TT_ENABLE)
690 static int fcmask[4] = { 4, 4, 0, 0 };
691 static int fcmatch[4] = { 0, 4, 0, 0 };
692 uint32 mask = (tt1 >> 16) & 0xff;
696 if ((addr_in & mask) == (tt1 & mask) && (fc & fcmask[(tt1 >> 13) & 3]) == fcmatch[(tt1 >> 13) & 3])
698 MMULOG(("TT1 match on address %08x (TT0 = %08x, mask = %08x)\n", addr_in, tt1, mask));
699 if ((tt1 & 4) && !state->mmu_tmp_rw && !ptest) // write protect?
701 pmmu_set_buserror(state, addr_in);
708 if (state->pmmu_enabled)
710 uint32 root_idx = (addr_in >> 25) & 0x7f;
711 uint32 ptr_idx = (addr_in >> 18) & 0x7f;
712 uint32 page_idx, page;
713 uint32 root_ptr, pointer_ptr, page_ptr;
714 uint32 root_entry, pointer_entry, page_entry;
716 // select supervisor or user root pointer
719 root_ptr = state->mmu_srp_aptr + (root_idx<<2);
723 root_ptr = state->mmu_urp_aptr + (root_idx<<2);
726 // get the root entry
727 root_entry = m68k_read_memory_32(root_ptr);
729 // is UDT marked valid?
732 // we're accessing through this root entry, so set the U bit
733 if ((!(root_entry & 0x8)) && (!ptest) && !m_side_effects_disabled)
736 m68k_write_memory_32(root_ptr, root_entry);
739 // PTEST: any write protect bits set in the search tree will set W in SR
740 if ((ptest) && (root_entry & 4))
742 state->mmu_tmp_sr |= 4;
745 pointer_ptr = (root_entry & ~0x1ff) + (ptr_idx<<2);
746 pointer_entry = m68k_read_memory_32(pointer_ptr);
748 // PTEST: any write protect bits set in the search tree will set W in SR
749 if ((ptest) && (pointer_entry & 4))
751 state->mmu_tmp_sr |= 4;
754 // update U bit on this pointer entry too
755 if ((!(pointer_entry & 0x8)) && (!ptest) && !m_side_effects_disabled)
757 pointer_entry |= 0x8;
758 m68k_write_memory_32(pointer_ptr, pointer_entry);
761 MMULOG(("pointer entry = %08x\n", pointer_entry));
763 // write protected by the root or pointer entries?
764 if ((((root_entry & 4) && !state->mmu_tmp_rw) || ((pointer_entry & 4) && !state->mmu_tmp_rw)) && !ptest)
766 pmmu_set_buserror(state, addr_in);
770 // is UDT valid on the pointer entry?
771 if (!(pointer_entry & 2) && !ptest)
773 logerror("Invalid pointer entry! PC=%x, addr=%x\n", state->ppc, addr_in);
774 pmmu_set_buserror(state, addr_in);
778 // (fall out of these ifs into the page lookup below)
780 else // throw an error
782 logerror("Invalid root entry! PC=%x, addr=%x\n", state->ppc, addr_in);
786 pmmu_set_buserror(state, addr_in);
792 // now do the page lookup
793 if (state->mmu_tc & 0x4000) // 8k pages?
795 page_idx = (addr_in >> 13) & 0x1f;
796 page = addr_in & 0x1fff;
797 pointer_entry &= ~0x7f;
798 MMULOG(("8k pages: index %x page %x\n", page_idx, page));
802 page_idx = (addr_in >> 12) & 0x3f;
803 page = addr_in & 0xfff;
804 pointer_entry &= ~0xff;
805 MMULOG(("4k pages: index %x page %x\n", page_idx, page));
808 page_ptr = pointer_entry + (page_idx<<2);
809 page_entry = m68k_read_memory_32(page_ptr);
810 state->mmu_last_page_entry_addr = page_ptr;
812 MMULOG(("page_entry = %08x\n", page_entry));
814 // resolve indirect page pointers
815 while ((page_entry & 3) == 2)
817 page_entry = m68k_read_memory_32(page_entry & ~0x3);
818 state->mmu_last_page_entry_addr = (page_entry & ~0x3);
820 state->mmu_last_page_entry = page_entry;
822 // is the page write protected or supervisor protected?
823 if ((((page_entry & 4) && !state->mmu_tmp_rw) || ((page_entry & 0x80) && !(fc & 4))) && !ptest)
825 pmmu_set_buserror(state, addr_in);
829 switch (page_entry & 3)
832 MMULOG(("Invalid page entry! PC=%x, addr=%x\n", state->ppc, addr_in));
835 pmmu_set_buserror(state, addr_in);
842 if (state->mmu_tc & 0x4000) // 8k pages?
844 addr_out = (page_entry & ~0x1fff) | page;
848 addr_out = (page_entry & ~0xfff) | page;
853 page_entry |= 0x8; // always set the U bit
855 // if we're writing, the M bit comes into play
856 if (!state->mmu_tmp_rw)
858 page_entry |= 0x10; // set Modified
861 // if these updates resulted in a change, write the entry back where we found it
862 if (page_entry != state->mmu_last_page_entry && !m_side_effects_disabled)
864 state->mmu_last_page_entry = page_entry;
865 m68k_write_memory_32(state->mmu_last_page_entry_addr, state->mmu_last_page_entry);
870 // page entry: UR G U1 U0 S CM CM M U W PDT
871 // SR: B G U1 U0 S CM CM M 0 W T R
872 state->mmu_tmp_sr |= ((addr_out & ~0xfff) || (page_entry & 0x7f4));
876 case 2: // shouldn't happen
877 fatalerror("68040: got indirect final page pointer, shouldn't be possible\n");
880 // if (addr_in != addr_out) MMULOG(("040MMU: [%08x] => [%08x]\n", addr_in, addr_out));
886 // pmmu_translate_addr: perform 68851/68030-style PMMU address translation
887 uint32 pmmu_translate_addr(m68ki_cpu_core *state, uint32 addr_in, uint16 rw)
891 if (CPU_TYPE_IS_040_PLUS(state->cpu_type))
893 addr_out = pmmu_translate_addr_with_fc_040(state, addr_in, state->mmu_tmp_fc, 0);
897 addr_out = pmmu_translate_addr_with_fc(state, addr_in, state->mmu_tmp_fc, rw, 7, 0, 0);
898 MMULOG(("ADDRIN %08X, ADDROUT %08X\n", addr_in, addr_out));
903 int fc_from_modes(m68ki_cpu_core *state, uint16 modes)
905 if ((modes & 0x1f) == 0)
910 if ((modes & 0x1f) == 1)
915 if (state->cpu_type & CPU_TYPE_030)
917 // 68030 has 3 bits fc, but 68851 4 bits
918 if (((modes >> 3) & 3) == 1)
920 return REG_D[modes & 7] & 0x7;
923 if (((modes >> 3) & 3) == 2)
930 if (((modes >> 3) & 3) == 1)
932 return REG_D[modes & 7] & 0xf;
942 fatalerror("%s: unknown fc mode: 0x%02xn", __func__, modes & 0x1f);
946 void m68851_pload(m68ki_cpu_core *state, uint32 ea, uint16 modes)
948 uint32 ltmp = DECODE_EA_32(state, ea);
949 int fc = fc_from_modes(state, modes);
950 uint16 rw = !!(modes & 0x200);
952 MMULOG(("%s: PLOAD%c addr=%08x, fc=%d\n", __func__, rw ? 'R' : 'W', ltmp, fc));
954 // MC68851 traps if MMU is not enabled, 030 not
955 if (state->pmmu_enabled || (state->cpu_type & CPU_TYPE_030))
957 if (CPU_TYPE_IS_040_PLUS(state->cpu_type))
959 pmmu_translate_addr_with_fc_040(state, ltmp, fc, 0);
963 pmmu_translate_addr_with_fc(state, ltmp, fc, rw, 7, 0, 1);
968 MMULOG(("PLOAD with MMU disabled on MC68851\n"));
969 m68ki_exception_trap(state, 57);
974 void m68851_ptest(m68ki_cpu_core *state, uint32 ea, uint16 modes)
976 uint32 v_addr = DECODE_EA_32(state, ea);
979 int level = (modes >> 10) & 7;
980 uint16 rw = !!(modes & 0x200);
981 int fc = fc_from_modes(state, modes);
983 MMULOG(("PMMU: PTEST%c (%04X) pc=%08x sp=%08x va=%08x fc=%x level=%x a=%d, areg=%d\n",
984 rw ? 'R' : 'W', modes, state->ppc, REG_A[7], v_addr, fc, level,
985 (modes & 0x100) ? 1 : 0, (modes >> 5) & 7));
987 if (CPU_TYPE_IS_040_PLUS(state->cpu_type))
989 p_addr = pmmu_translate_addr_with_fc_040(state, v_addr, fc, 1);
993 p_addr = pmmu_translate_addr_with_fc(state, v_addr, fc, rw, level, 1, 0);
996 state->mmu_sr = state->mmu_tmp_sr;
998 MMULOG(("PMMU: PTEST result: %04x pa=%08x\n", state->mmu_sr, p_addr));
1001 int areg = (modes >> 5) & 7;
1002 WRITE_EA_32(state, 0x08 | areg, p_addr);
1006 void m68851_pmove_get(m68ki_cpu_core *state, uint32 ea, uint16 modes)
1008 switch ((modes>>10) & 0x3f)
1010 case 0x02: // transparent translation register 0
1011 WRITE_EA_32(state, ea, state->mmu_tt0);
1012 MMULOG(("PMMU: pc=%x PMOVE from mmu_tt0=%08x\n", state->ppc, state->mmu_tt0));
1014 case 0x03: // transparent translation register 1
1015 WRITE_EA_32(state, ea, state->mmu_tt1);
1016 MMULOG(("PMMU: pc=%x PMOVE from mmu_tt1=%08x\n", state->ppc, state->mmu_tt1));
1018 case 0x10: // translation control register
1019 WRITE_EA_32(state, ea, state->mmu_tc);
1020 MMULOG(("PMMU: pc=%x PMOVE from mmu_tc=%08x\n", state->ppc, state->mmu_tc));
1023 case 0x12: // supervisor root pointer
1024 WRITE_EA_64(state, ea, (uint64)state->mmu_srp_limit<<32 | (uint64)state->mmu_srp_aptr);
1025 MMULOG(("PMMU: pc=%x PMOVE from SRP limit = %08x, aptr = %08x\n", state->ppc, state->mmu_srp_limit, state->mmu_srp_aptr));
1028 case 0x13: // CPU root pointer
1029 WRITE_EA_64(state, ea, (uint64)state->mmu_crp_limit<<32 | (uint64)state->mmu_crp_aptr);
1030 MMULOG(("PMMU: pc=%x PMOVE from CRP limit = %08x, aptr = %08x\n", state->ppc, state->mmu_crp_limit, state->mmu_crp_aptr));
1034 logerror("680x0: PMOVE from unknown MMU register %x, PC %x\n", (modes>>10) & 7, state->pc);
1038 if (!(modes & 0x100)) // flush ATC on moves to TC, SRP, CRP, TT with FD bit clear
1040 pmmu_atc_flush(state);
1045 void m68851_pmove_put(m68ki_cpu_core *state, uint32 ea, uint16 modes)
1048 switch ((modes>>13) & 7)
1052 uint32 temp = READ_EA_32(state, ea);
1054 if (((modes >> 10) & 7) == 2)
1056 MMULOG(("WRITE TT0 = 0x%08x\n", state->mmu_tt0));
1057 state->mmu_tt0 = temp;
1059 else if (((modes >> 10) & 7) == 3)
1061 MMULOG(("WRITE TT1 = 0x%08x\n", state->mmu_tt1));
1062 state->mmu_tt1 = temp;
1066 // FIXME: unreachable
1067 if (!(modes & 0x100))
1069 pmmu_atc_flush(state);
1076 logerror("680x0: unknown PMOVE case 1, PC %x\n", state->pc);
1080 switch ((modes >> 10) & 7)
1082 case 0: // translation control register
1083 state->mmu_tc = READ_EA_32(state, ea);
1084 MMULOG(("PMMU: TC = %08x\n", state->mmu_tc));
1086 if (state->mmu_tc & 0x80000000)
1089 for (int shift = 20; shift >= 0; shift -= 4)
1091 bits += (state->mmu_tc >> shift) & 0x0f;
1094 if (bits != 32 || !((state->mmu_tc >> 23) & 1))
1096 logerror("MMU: TC invalid!\n");
1097 state->mmu_tc &= ~0x80000000;
1098 m68ki_exception_trap(state, EXCEPTION_MMU_CONFIGURATION);
1100 state->pmmu_enabled = 1;
1102 MMULOG(("PMMU enabled\n"));
1106 state->pmmu_enabled = 0;
1107 MMULOG(("PMMU disabled\n"));
1110 if (!(modes & 0x100)) // flush ATC on moves to TC, SRP, CRP with FD bit clear
1112 pmmu_atc_flush(state);
1116 case 2: // supervisor root pointer
1117 temp64 = READ_EA_64(state, ea);
1118 state->mmu_srp_limit = (temp64 >> 32) & 0xffffffff;
1119 state->mmu_srp_aptr = temp64 & 0xffffffff;
1120 MMULOG(("PMMU: SRP limit = %08x aptr = %08x\n", state->mmu_srp_limit, state->mmu_srp_aptr));
1121 // SRP type 0 is not allowed
1122 if ((state->mmu_srp_limit & 3) == 0)
1124 m68ki_exception_trap(state, EXCEPTION_MMU_CONFIGURATION);
1128 if (!(modes & 0x100))
1130 pmmu_atc_flush(state);
1134 case 3: // CPU root pointer
1135 temp64 = READ_EA_64(state, ea);
1136 state->mmu_crp_limit = (temp64 >> 32) & 0xffffffff;
1137 state->mmu_crp_aptr = temp64 & 0xffffffff;
1138 MMULOG(("PMMU: CRP limit = %08x aptr = %08x\n", state->mmu_crp_limit, state->mmu_crp_aptr));
1139 // CRP type 0 is not allowed
1140 if ((state->mmu_crp_limit & 3) == 0)
1142 m68ki_exception_trap(state, EXCEPTION_MMU_CONFIGURATION);
1146 if (!(modes & 0x100))
1148 pmmu_atc_flush(state);
1152 case 7: // MC68851 Access Control Register
1153 if (state->cpu_type == CPU_TYPE_020)
1155 // DomainOS on Apollo DN3000 will only reset this to 0
1156 uint16 mmu_ac = READ_EA_16(state, ea);
1159 MMULOG(("680x0 PMMU: pc=%x PMOVE to mmu_ac=%08x\n",
1160 state->ppc, mmu_ac));
1164 // fall through; unknown PMOVE mode unless MC68020 with MC68851
1168 logerror("680x0: PMOVE to unknown MMU register %x, PC %x\n", (modes>>10) & 7, state->pc);
1172 case 3: // MMU status
1174 uint32 temp = READ_EA_32(state, ea);
1175 logerror("680x0: unsupported PMOVE %x to MMU status, PC %x\n", temp, state->pc);
1182 void m68851_pmove(m68ki_cpu_core *state, uint32 ea, uint16 modes)
1184 switch ((modes>>13) & 0x7)
1186 case 0: // MC68030/040 form with FD bit
1187 case 2: // MC68851 form, FD never set
1190 m68851_pmove_get(state, ea, modes);
1193 else // top 3 bits of modes: 010 for this, 011 for status, 000 for transparent translation regs
1195 m68851_pmove_put(state, ea, modes);
1198 case 3: // MC68030 to/from status reg
1201 MMULOG(("%s: read SR = %04x\n", __func__, state->mmu_sr));
1202 WRITE_EA_16(state, ea, state->mmu_sr);
1206 state->mmu_sr = READ_EA_16(state, ea);
1207 MMULOG(("%s: write SR = %04X\n", __func__, state->mmu_sr));
1212 logerror("680x0: unknown PMOVE mode %x (modes %04x) (PC %x)\n", (modes >> 13) & 0x7, modes, state->pc);
1219 void m68851_mmu_ops(m68ki_cpu_core *state)
1222 uint32 ea = state->ir & 0x3f;
1224 // catch the 2 "weird" encodings up front (PBcc)
1225 if ((state->ir & 0xffc0) == 0xf0c0)
1227 logerror("680x0: unhandled PBcc\n");
1230 else if ((state->ir & 0xffc0) == 0xf080)
1232 logerror("680x0: unhandled PBcc\n");
1235 else if ((state->ir & 0xffe0) == 0xf500)
1237 MMULOG(("68040 pflush: pc=%08x ir=%04x opmode=%d register=%d\n", REG_PC-4, state->ir, (state->ir >> 3) & 3, state->ir & 7));
1238 pmmu_atc_flush(state);
1240 else // the rest are 1111000xxxXXXXXX where xxx is the instruction family
1242 switch ((state->ir>>9) & 0x7)
1245 modes = OPER_I_16(state);
1247 if ((modes & 0xfde0) == 0x2000) // PLOAD
1249 m68851_pload(state, ea, modes);
1252 else if ((modes & 0xe200) == 0x2000) // PFLUSH
1254 pmmu_atc_flush_fc_ea(state, modes);
1257 else if (modes == 0xa000) // PFLUSHR
1259 pmmu_atc_flush(state);
1262 else if (modes == 0x2800) // PVALID (FORMAT 1)
1264 logerror("680x0: unhandled PVALID1\n");
1267 else if ((modes & 0xfff8) == 0x2c00) // PVALID (FORMAT 2)
1269 logerror("680x0: unhandled PVALID2\n");
1272 else if ((modes & 0xe000) == 0x8000) // PTEST
1274 m68851_ptest(state, ea, modes);
1279 m68851_pmove(state, ea, modes);
1284 logerror("680x0: unknown PMMU instruction group %d\n", (state->ir>>9) & 0x7);
1291 /* Apple HMMU translation is much simpler */
1293 inline uint32 hmmu_translate_addr(uint32 addr_in)
1299 // check if LC 24-bit mode is enabled - this simply blanks out A31, the V8 ignores A30-24 always
1300 if (state->hmmu_enabled == M68K_HMMU_ENABLE_LC)
1302 addr_out = addr_in & 0xffffff;
1304 else if (state->hmmu_enabled == M68K_HMMU_ENABLE_II) // the original II does a more complex translation
1306 addr_out = addr_in & 0xffffff;
1308 if ((addr_out >= 0x800000) && (addr_out <= 0x8fffff))
1310 addr_out |= 0x40000000; // ROM
1312 else if ((addr_out >= 0x900000) && (addr_out <= 0xefffff))
1314 addr_out = 0xf0000000; // NuBus
1315 addr_out |= ((addr_in & 0xf00000)<<4);
1316 addr_out |= (addr_in & 0xfffff);
1318 else if (addr_out >= 0xf00000)
1320 addr_out |= 0x50000000; // I/O
1323 // (RAM is at 0 and doesn't need special massaging)
1329 int m68851_buserror(u32& addr)
1331 if (!state->pmmu_enabled)
1336 if (state->mmu_tablewalk)
1338 MMULOG(("buserror during table walk\n"));
1339 state->mmu_tmp_sr |= M68K_MMU_SR_BUS_ERROR|M68K_MMU_SR_INVALID;
1343 addr = state->mmu_last_logical_addr;