2 m68kmmu.h - PMMU implementation for 68851/68030/68040
6 Copyright Nicola Salmoria and the MAME Team.
7 Visit http://mamedev.org for licensing and usage restrictions.
10 // MMU status register bit definitions
13 #define MMULOG(A) printf A
18 #define logerror printf
23 // MMU SR register fields
24 #define M68K_MMU_SR_BUS_ERROR 0x8000
25 #define M68K_MMU_SR_SUPERVISOR_ONLY 0x2000
26 #define M68K_MMU_SR_WRITE_PROTECT 0x0800
27 #define M68K_MMU_SR_INVALID 0x0400
28 #define M68K_MMU_SR_MODIFIED 0x0200
29 #define M68K_MMU_SR_TRANSPARENT 0x0040
31 // MMU translation table descriptor field definitions
32 #define M68K_MMU_DF_DT 0x00000003
33 #define M68K_MMU_DF_DT_INVALID 0x00000000
34 #define M68K_MMU_DF_DT_PAGE 0x00000001
35 #define M68K_MMU_DF_DT_TABLE_4BYTE 0x00000002
36 #define M68K_MMU_DF_DT_TABLE_8BYTE 0x00000003
37 #define M68K_MMU_DF_WP 0x00000004
38 #define M68K_MMU_DF_USED 0x00000008
39 #define M68K_MMU_DF_MODIFIED 0x00000010
40 #define M68K_MMU_DF_CI 0x00000040
41 #define M68K_MMU_DF_SUPERVISOR 0x00000100
42 #define M68K_MMU_DF_ADDR_MASK 0xfffffff0
43 #define M68K_MMU_DF_IND_ADDR_MASK 0xfffffffc
46 #define M68K_MMU_ATC_BUSERROR 0x08000000
47 #define M68K_MMU_ATC_CACHE_IN 0x04000000
48 #define M68K_MMU_ATC_WRITE_PR 0x02000000
49 #define M68K_MMU_ATC_MODIFIED 0x01000000
50 #define M68K_MMU_ATC_MASK 0x00ffffff
51 #define M68K_MMU_ATC_SHIFT 8
52 #define M68K_MMU_ATC_VALID 0x08000000
54 // MMU Translation Control register
55 #define M68K_MMU_TC_SRE 0x02000000
56 #define M68K_MMU_TC_FCL 0x01000000
59 #define M68K_MMU_TT_ENABLE 0x8000
61 #define m_side_effects_disabled 0
63 /* decodes the effective address */
64 uint32 DECODE_EA_32(int ea)
66 int mode = (ea >> 3) & 0x7;
77 uint32 ea = EA_AY_PI_32();
82 uint32 ea = EA_AY_DI_32();
85 case 6: // (An) + (Xn) + d8
87 uint32 ea = EA_AY_IX_32();
96 uint32 ea = OPER_I_16();
101 uint32 d1 = OPER_I_16();
102 uint32 d2 = OPER_I_16();
103 uint32 ea = (d1 << 16) | d2;
108 uint32 ea = EA_PCDI_32();
111 default: fatalerror("m68k: DECODE_EA_32: unhandled mode %d, reg %d at %08X\n", mode, reg, REG_PC);
115 default: fatalerror("m68k: DECODE_EA_32: unhandled mode %d, reg %d at %08X\n", mode, reg, REG_PC);
120 void pmmu_set_buserror(uint32 addr_in)
122 if (!m_side_effects_disabled && ++m68ki_cpu.mmu_tmp_buserror_occurred == 1)
124 m68ki_cpu.mmu_tmp_buserror_address = addr_in;
125 m68ki_cpu.mmu_tmp_buserror_rw = m68ki_cpu.mmu_tmp_rw;
126 m68ki_cpu.mmu_tmp_buserror_fc = m68ki_cpu.mmu_tmp_fc;
127 m68ki_cpu.mmu_tmp_buserror_sz = m68ki_cpu.mmu_tmp_sz;
132 // pmmu_atc_add: adds this address to the ATC
133 void pmmu_atc_add(uint32 logical, uint32 physical, int fc, int rw)
135 // get page size (i.e. # of bits to ignore); is 10 for Apollo
136 int ps = (m68ki_cpu.mmu_tc >> 20) & 0xf;
137 uint32 atc_tag = M68K_MMU_ATC_VALID | ((fc & 7) << 24) | ((logical >> ps) << (ps - 8));
138 uint32 atc_data = (physical >> ps) << (ps - 8);
140 if (m68ki_cpu.mmu_tmp_sr & (M68K_MMU_SR_BUS_ERROR|M68K_MMU_SR_INVALID|M68K_MMU_SR_SUPERVISOR_ONLY))
142 atc_data |= M68K_MMU_ATC_BUSERROR;
145 if (m68ki_cpu.mmu_tmp_sr & M68K_MMU_SR_WRITE_PROTECT)
147 atc_data |= M68K_MMU_ATC_WRITE_PR;
150 if (!rw && !(m68ki_cpu.mmu_tmp_sr & M68K_MMU_SR_WRITE_PROTECT))
152 atc_data |= M68K_MMU_ATC_MODIFIED;
155 // first see if this is already in the cache
156 for (int i = 0; i < MMU_ATC_ENTRIES; i++)
158 // if tag bits and function code match, don't add
159 if (m68ki_cpu.mmu_atc_tag[i] == atc_tag)
161 MMULOG(("%s: hit, old %08x new %08x\n", __func__, m68ki_cpu.mmu_atc_data[i], atc_data));
162 m68ki_cpu.mmu_atc_data[i] = atc_data;
167 // find an open entry
169 for (int i = 0; i < MMU_ATC_ENTRIES; i++)
171 if (!(m68ki_cpu.mmu_atc_tag[i] & M68K_MMU_ATC_VALID))
178 // did we find an entry? steal one by round-robin then
181 found = m68ki_cpu.mmu_atc_rr++;
183 if (m68ki_cpu.mmu_atc_rr >= MMU_ATC_ENTRIES)
185 m68ki_cpu.mmu_atc_rr = 0;
190 MMULOG(("ATC[%2d] add: log %08x -> phys %08x (fc=%d) data=%08x\n",
191 found, (logical >> ps) << ps, (physical >> ps) << ps, fc, atc_data));
192 m68ki_cpu.mmu_atc_tag[found] = atc_tag;
193 m68ki_cpu.mmu_atc_data[found] = atc_data;
196 // pmmu_atc_flush: flush entire ATC
197 // 7fff0003 001ffd10 80f05750 is what should load
198 void pmmu_atc_flush()
200 MMULOG(("ATC flush: pc=%08x\n", m68ki_cpu.ppc));
201 // std::fill(std::begin(m68ki_cpu.mmu_atc_tag), std::end(m68ki_cpu.mmu_atc_tag), 0);
202 for(int i=0;i<MMU_ATC_ENTRIES;i++)
203 m68ki_cpu.mmu_atc_tag[i]=0;
204 m68ki_cpu.mmu_atc_rr = 0;
207 int fc_from_modes(uint16 modes);
209 void pmmu_atc_flush_fc_ea(uint16 modes)
211 unsigned int fcmask = (modes >> 5) & 7;
212 unsigned int fc = fc_from_modes(modes) & fcmask;
213 unsigned int ps = (m68ki_cpu.mmu_tc >> 20) & 0xf;
214 unsigned int mode = (modes >> 10) & 7;
220 MMULOG(("PFLUSHA: mode %d\n", mode));
224 case 4: // flush by fc
225 MMULOG(("flush by fc: %d, mask %d\n", fc, fcmask));
226 for(int i=0,e;i<MMU_ATC_ENTRIES;i++)
228 e=m68ki_cpu.mmu_atc_tag[i];
229 if ((e & M68K_MMU_ATC_VALID) && ((e >> 24) & fcmask) == fc)
231 MMULOG(("flushing entry %08x\n", e));
232 m68ki_cpu.mmu_atc_tag[i] = 0;
237 case 6: // flush by fc + ea
239 ea = DECODE_EA_32(m68ki_cpu.ir);
240 MMULOG(("flush by fc/ea: fc %d, mask %d, ea %08x\n", fc, fcmask, ea));
241 for(unsigned int i=0,e;i<MMU_ATC_ENTRIES;i++)
243 e=m68ki_cpu.mmu_atc_tag[i];
244 if ((e & M68K_MMU_ATC_VALID) &&
245 (((e >> 24) & fcmask) == fc) &&
246 // (((e >> ps) << (ps - 8)) == ((ea >> ps) << (ps - 8))))
247 ( (e << ps) == (ea >> 8 << ps) ))
249 MMULOG(("flushing entry %08x\n", e));
250 m68ki_cpu.mmu_atc_tag[i] = 0;
256 logerror("PFLUSH mode %d not supported\n", mode);
261 //template<bool ptest>
262 uint16 pmmu_atc_lookup(uint32 addr_in, int fc, uint16 rw,
263 uint32 *addr_out,int ptest)
265 MMULOG(("%s: LOOKUP addr_in=%08x, fc=%d, ptest=%d, rw=%d\n", __func__, addr_in, fc, ptest,rw));
266 unsigned int ps = (m68ki_cpu.mmu_tc >> 20) & 0xf;
267 uint32 atc_tag = M68K_MMU_ATC_VALID | ((fc & 7) << 24) | ((addr_in >> ps) << (ps - 8));
269 for (int i = 0; i < MMU_ATC_ENTRIES; i++)
272 if (m68ki_cpu.mmu_atc_tag[i] != atc_tag)
277 uint32 atc_data = m68ki_cpu.mmu_atc_data[i];
281 // According to MC86030UM:
282 // "If the M bit is clear and a write access to this logical
283 // address is attempted, the MC68030 aborts the access and initiates a table
284 // search, setting the M bit in the page descriptor, invalidating the old ATC
285 // entry, and creating a new entry with the M bit set.
286 if (!(atc_data & M68K_MMU_ATC_MODIFIED))
288 m68ki_cpu.mmu_atc_tag[i] = 0;
293 m68ki_cpu.mmu_tmp_sr = 0;
294 if (atc_data & M68K_MMU_ATC_MODIFIED)
296 m68ki_cpu.mmu_tmp_sr |= M68K_MMU_SR_MODIFIED;
299 if (atc_data & M68K_MMU_ATC_WRITE_PR)
301 m68ki_cpu.mmu_tmp_sr |= M68K_MMU_SR_WRITE_PROTECT;
304 if (atc_data & M68K_MMU_ATC_BUSERROR)
306 m68ki_cpu.mmu_tmp_sr |= M68K_MMU_SR_BUS_ERROR|M68K_MMU_SR_INVALID;
308 *addr_out = (atc_data << 8) | (addr_in & ~(((uint32)~0) << ps));
309 MMULOG(("%s: addr_in=%08x, addr_out=%08x, MMU SR %04x\n",
310 __func__, addr_in, *addr_out, m68ki_cpu.mmu_tmp_sr));
313 MMULOG(("%s: lookup failed\n", __func__));
316 m68ki_cpu.mmu_tmp_sr = M68K_MMU_SR_INVALID;
321 uint16 pmmu_match_tt(uint32 addr_in, int fc, uint32 tt, uint16 rw)
323 if (!(tt & M68K_MMU_TT_ENABLE))
328 // transparent translation enabled
329 uint32 address_base = tt & 0xff000000;
330 uint32 address_mask = ((tt << 8) & 0xff000000) ^ 0xff000000;
331 uint32 fcmask = (~tt) & 7;
332 uint32 fcbits = (tt >> 4) & 7;
333 uint16 rwmask = !!(~tt & 0x100);
334 uint16 rwbit = !!(tt & 0x200);
336 if ((addr_in & address_mask) != (address_base & address_mask))
341 if ((fc & fcmask) != (fcbits & fcmask))
346 if ((rw & rwmask) != (rwbit & rwmask))
351 m68ki_cpu.mmu_tmp_sr |= M68K_MMU_SR_TRANSPARENT;
355 void update_descriptor(uint32 tptr, int type, uint32 entry, int16 rw)
357 if (type == M68K_MMU_DF_DT_PAGE && !rw &&
358 !(entry & M68K_MMU_DF_MODIFIED) &&
359 !(entry & M68K_MMU_DF_WP))
361 MMULOG(("%s: set M+U at %08x\n", __func__, tptr));
362 m68k_write_memory_32(tptr, entry | M68K_MMU_DF_USED | M68K_MMU_DF_MODIFIED);
364 else if (type != M68K_MMU_DF_DT_INVALID && !(entry & M68K_MMU_DF_USED))
366 MMULOG(("%s: set U at %08x\n", __func__, tptr));
367 m68k_write_memory_32(tptr, entry | M68K_MMU_DF_USED);
372 //template<bool _long>
373 void update_sr(int type, uint32 tbl_entry, int fc,uint16 _long)
375 if (m_side_effects_disabled)
382 case M68K_MMU_DF_DT_INVALID:
383 // Invalid has no flags
386 case M68K_MMU_DF_DT_PAGE:
387 if (tbl_entry & M68K_MMU_DF_MODIFIED)
389 m68ki_cpu.mmu_tmp_sr |= M68K_MMU_SR_MODIFIED;
393 case M68K_MMU_DF_DT_TABLE_4BYTE:
396 case M68K_MMU_DF_DT_TABLE_8BYTE:
398 if (tbl_entry & M68K_MMU_DF_WP)
400 m68ki_cpu.mmu_tmp_sr |= M68K_MMU_SR_WRITE_PROTECT;
403 if (_long && !(fc & 4) && (tbl_entry & M68K_MMU_DF_SUPERVISOR))
405 m68ki_cpu.mmu_tmp_sr |= M68K_MMU_SR_SUPERVISOR_ONLY;
413 //template<bool ptest>
414 uint16 pmmu_walk_tables(uint32 addr_in, int type, uint32 table, uint8 fc,
415 int limit, uint16 rw, uint32 *addr_out, int ptest)
418 uint32 bits = m68ki_cpu.mmu_tc & 0xffff;
419 int pagesize = (m68ki_cpu.mmu_tc >> 20) & 0xf;
420 int is = (m68ki_cpu.mmu_tc >> 16) & 0xf;
427 m68ki_cpu.mmu_tablewalk = 1;
429 if (m68ki_cpu.mmu_tc & M68K_MMU_TC_FCL)
436 int indexbits = (bits >> bitpos) & 0xf;
437 int table_index = (bitpos == 16) ? fc : (addr_in >> (32 - indexbits));
439 uint16 indirect = (!bitpos || !(bits >> bitpos)) && indexbits;
440 uint32 tbl_entry, tbl_entry2;
442 MMULOG(("%s: type %d, table %08x, addr_in %08x, indexbits %d, pageshift %d, indirect %d table_index %08x, rw=%d fc=%d\n",
443 __func__, type, table, addr_in, indexbits, pageshift, indirect, table_index, rw, fc));
447 case M68K_MMU_DF_DT_INVALID: // invalid, will cause MMU exception
448 m68ki_cpu.mmu_tmp_sr = M68K_MMU_SR_INVALID;
449 MMULOG(("PMMU: DT0 PC=%x (addr_in %08x -> %08x)\n", m68ki_cpu.ppc, addr_in, *addr_out));
453 case M68K_MMU_DF_DT_PAGE: // page descriptor, will cause direct mapping
456 table &= ((uint32)~0) << pagesize;
457 *addr_out = table + (addr_in >> pageshift);
462 case M68K_MMU_DF_DT_TABLE_4BYTE: // valid 4 byte descriptors
464 *addr_out = table + (table_index << 2);
465 tbl_entry = m68k_read_memory_32(*addr_out);
466 type = tbl_entry & M68K_MMU_DF_DT;
468 if (indirect && (type == 2 || type == 3))
471 MMULOG(("SHORT INDIRECT DESC: %08x\n", tbl_entry));
472 *addr_out = tbl_entry & M68K_MMU_DF_IND_ADDR_MASK;
473 tbl_entry = m68k_read_memory_32(*addr_out);
474 type = tbl_entry & M68K_MMU_DF_DT;
477 MMULOG(("SHORT DESC: %08x\n", tbl_entry));
478 table = tbl_entry & M68K_MMU_DF_ADDR_MASK;
479 if (!m_side_effects_disabled)
481 update_sr(type, tbl_entry, fc,0);
484 update_descriptor(*addr_out, type, tbl_entry, rw);
489 case M68K_MMU_DF_DT_TABLE_8BYTE: // valid 8 byte descriptors
491 *addr_out = table + (table_index << 3);
492 tbl_entry = m68k_read_memory_32(*addr_out);
493 tbl_entry2 = m68k_read_memory_32((*addr_out) + 4);
494 type = tbl_entry & M68K_MMU_DF_DT;
496 if (indirect && (type == 2 || type == 3))
499 MMULOG(("LONG INDIRECT DESC: %08x%08x\n", tbl_entry, tbl_entry2));
500 *addr_out = tbl_entry2 & M68K_MMU_DF_IND_ADDR_MASK;
501 tbl_entry = m68k_read_memory_32(*addr_out);
502 tbl_entry2 = m68k_read_memory_32(*addr_out);
503 type = tbl_entry & M68K_MMU_DF_DT;
506 MMULOG(("LONG DESC: %08x %08x\n", tbl_entry, tbl_entry2));
507 table = tbl_entry2 & M68K_MMU_DF_ADDR_MASK;
508 if (!m_side_effects_disabled)
510 update_sr(type, tbl_entry, fc,1);
513 update_descriptor(*addr_out, type, tbl_entry, rw);
519 if (m68ki_cpu.mmu_tmp_sr & M68K_MMU_SR_BUS_ERROR)
521 // Bus error during page table walking is always fatal
526 if (!ptest && !m_side_effects_disabled)
528 if (!rw && (m68ki_cpu.mmu_tmp_sr & M68K_MMU_SR_WRITE_PROTECT))
534 if (!(fc & 4) && (m68ki_cpu.mmu_tmp_sr & M68K_MMU_SR_SUPERVISOR_ONLY))
541 addr_in <<= indexbits;
542 pageshift += indexbits;
543 } while(level < limit && !resolved);
546 m68ki_cpu.mmu_tmp_sr &= 0xfff0;
547 m68ki_cpu.mmu_tmp_sr |= level;
548 MMULOG(("MMU SR after walk: %04X\n", m68ki_cpu.mmu_tmp_sr));
549 m68ki_cpu.mmu_tablewalk = 0;
553 // pmmu_translate_addr_with_fc: perform 68851/68030-style PMMU address translation
554 //template<bool ptest, bool pload>
555 uint32 pmmu_translate_addr_with_fc(uint32 addr_in, uint8 fc, uint16 rw, int limit,int ptest,int pload)
560 MMULOG(("%s: addr_in=%08x, fc=%d, ptest=%d, rw=%d, limit=%d, pload=%d\n",
561 __func__, addr_in, fc, ptest, rw, limit, pload));
562 m68ki_cpu.mmu_tmp_sr = 0;
564 m68ki_cpu.mmu_last_logical_addr = addr_in;
566 if (pmmu_match_tt(addr_in, fc, m68ki_cpu.mmu_tt0, rw) ||
567 pmmu_match_tt(addr_in, fc, m68ki_cpu.mmu_tt1, rw) ||
573 if (ptest && limit == 0)
575 pmmu_atc_lookup(addr_in, fc, rw, &addr_out, 1);
579 if (!ptest && !pload && pmmu_atc_lookup(addr_in, fc, rw, &addr_out, 0))
581 if ((m68ki_cpu.mmu_tmp_sr & M68K_MMU_SR_BUS_ERROR) || (!rw && (m68ki_cpu.mmu_tmp_sr & M68K_MMU_SR_WRITE_PROTECT)))
583 MMULOG(("set atc hit buserror: addr_in=%08x, addr_out=%x, rw=%x, fc=%d, sz=%d\n",
584 addr_in, addr_out, m68ki_cpu.mmu_tmp_rw, m68ki_cpu.mmu_tmp_fc, m68ki_cpu.mmu_tmp_sz));
585 pmmu_set_buserror(addr_in);
592 // if SRP is enabled and we're in supervisor mode, use it
593 if ((m68ki_cpu.mmu_tc & M68K_MMU_TC_SRE) && (fc & 4))
595 tbl_addr = m68ki_cpu.mmu_srp_aptr & M68K_MMU_DF_ADDR_MASK;
596 type = m68ki_cpu.mmu_srp_limit & M68K_MMU_DF_DT;
598 else // else use the CRP
600 tbl_addr = m68ki_cpu.mmu_crp_aptr & M68K_MMU_DF_ADDR_MASK;
601 type = m68ki_cpu.mmu_crp_limit & M68K_MMU_DF_DT;
604 if (!pmmu_walk_tables(addr_in, type, tbl_addr, fc, limit, rw, &addr_out, ptest))
606 MMULOG(("%s: addr_in=%08x, type=%x, tbl_addr=%x, fc=%d, limit=%x, rw=%x, addr_out=%x, ptest=%d\n",
607 __func__, addr_in, type, tbl_addr, fc, limit, rw, addr_out, ptest));
608 fatalerror("Table walk did not resolve\n");
616 if ((m68ki_cpu.mmu_tmp_sr & (M68K_MMU_SR_INVALID|M68K_MMU_SR_SUPERVISOR_ONLY)) ||
617 ((m68ki_cpu.mmu_tmp_sr & M68K_MMU_SR_WRITE_PROTECT) && !rw))
622 MMULOG(("%s: set buserror (SR %04X)\n", __func__, m68ki_cpu.mmu_tmp_sr));
623 pmmu_set_buserror(addr_in);
627 // it seems like at least the 68030 sets the M bit in the MMU SR
628 // if the root descriptor is of PAGE type, so do a logical and
629 // between RW and the root type
630 if (!m_side_effects_disabled)
632 pmmu_atc_add(addr_in, addr_out, fc, rw && type != 1);
634 MMULOG(("PMMU: [%08x] => [%08x] (SR %04x)\n", addr_in, addr_out, m68ki_cpu.mmu_tmp_sr));
638 // FC bits: 2 = supervisor, 1 = program, 0 = data
639 // the 68040 is a subset of the 68851 and 68030 PMMUs - the page table sizes are fixed, there is no early termination, etc, etc.
640 uint32 pmmu_translate_addr_with_fc_040(uint32 addr_in, uint8 fc, uint8 ptest)
642 uint32 addr_out, tt0, tt1;
645 m68ki_cpu.mmu_tmp_sr = 0;
647 // transparent translation registers are always in force even if the PMMU itself is disabled
648 // they don't do much in emulation because we never write out of order, but the write-protect and cache control features
649 // are emulatable, and apparently transparent translation regions skip the page table lookup.
650 if (fc & 1) // data, use DTT0/DTT1
652 tt0 = m68ki_cpu.mmu_dtt0;
653 tt1 = m68ki_cpu.mmu_dtt1;
655 else if (fc & 2) // program, use ITT0/ITT1
657 tt0 = m68ki_cpu.mmu_itt0;
658 tt1 = m68ki_cpu.mmu_itt1;
662 fatalerror("68040: function code %d is neither data nor program!\n", fc & 7);
665 if (tt0 & M68K_MMU_TT_ENABLE)
667 int fcmask[4] = { 4, 4, 0, 0 };
668 int fcmatch[4] = { 0, 4, 0, 0 };
669 uint32 mask = (tt0 >> 16) & 0xff;
673 if ((addr_in & mask) == (tt0 & mask) && (fc & fcmask[(tt0 >> 13) & 3]) == fcmatch[(tt0 >> 13) & 3])
675 MMULOG(("TT0 match on address %08x (TT0 = %08x, mask = %08x)\n", addr_in, tt0, mask));
676 if ((tt0 & 4) && !m68ki_cpu.mmu_tmp_rw && !ptest) // write protect?
678 pmmu_set_buserror(addr_in);
685 if (tt1 & M68K_MMU_TT_ENABLE)
687 static int fcmask[4] = { 4, 4, 0, 0 };
688 static int fcmatch[4] = { 0, 4, 0, 0 };
689 uint32 mask = (tt1 >> 16) & 0xff;
693 if ((addr_in & mask) == (tt1 & mask) && (fc & fcmask[(tt1 >> 13) & 3]) == fcmatch[(tt1 >> 13) & 3])
695 MMULOG(("TT1 match on address %08x (TT0 = %08x, mask = %08x)\n", addr_in, tt1, mask));
696 if ((tt1 & 4) && !m68ki_cpu.mmu_tmp_rw && !ptest) // write protect?
698 pmmu_set_buserror(addr_in);
705 if (m68ki_cpu.pmmu_enabled)
707 uint32 root_idx = (addr_in >> 25) & 0x7f;
708 uint32 ptr_idx = (addr_in >> 18) & 0x7f;
709 uint32 page_idx, page;
710 uint32 root_ptr, pointer_ptr, page_ptr;
711 uint32 root_entry, pointer_entry, page_entry;
713 // select supervisor or user root pointer
716 root_ptr = m68ki_cpu.mmu_srp_aptr + (root_idx<<2);
720 root_ptr = m68ki_cpu.mmu_urp_aptr + (root_idx<<2);
723 // get the root entry
724 root_entry = m68k_read_memory_32(root_ptr);
726 // is UDT marked valid?
729 // we're accessing through this root entry, so set the U bit
730 if ((!(root_entry & 0x8)) && (!ptest) && !m_side_effects_disabled)
733 m68k_write_memory_32(root_ptr, root_entry);
736 // PTEST: any write protect bits set in the search tree will set W in SR
737 if ((ptest) && (root_entry & 4))
739 m68ki_cpu.mmu_tmp_sr |= 4;
742 pointer_ptr = (root_entry & ~0x1ff) + (ptr_idx<<2);
743 pointer_entry = m68k_read_memory_32(pointer_ptr);
745 // PTEST: any write protect bits set in the search tree will set W in SR
746 if ((ptest) && (pointer_entry & 4))
748 m68ki_cpu.mmu_tmp_sr |= 4;
751 // update U bit on this pointer entry too
752 if ((!(pointer_entry & 0x8)) && (!ptest) && !m_side_effects_disabled)
754 pointer_entry |= 0x8;
755 m68k_write_memory_32(pointer_ptr, pointer_entry);
758 MMULOG(("pointer entry = %08x\n", pointer_entry));
760 // write protected by the root or pointer entries?
761 if ((((root_entry & 4) && !m68ki_cpu.mmu_tmp_rw) || ((pointer_entry & 4) && !m68ki_cpu.mmu_tmp_rw)) && !ptest)
763 pmmu_set_buserror(addr_in);
767 // is UDT valid on the pointer entry?
768 if (!(pointer_entry & 2) && !ptest)
770 logerror("Invalid pointer entry! PC=%x, addr=%x\n", m68ki_cpu.ppc, addr_in);
771 pmmu_set_buserror(addr_in);
775 // (fall out of these ifs into the page lookup below)
777 else // throw an error
779 logerror("Invalid root entry! PC=%x, addr=%x\n", m68ki_cpu.ppc, addr_in);
783 pmmu_set_buserror(addr_in);
789 // now do the page lookup
790 if (m68ki_cpu.mmu_tc & 0x4000) // 8k pages?
792 page_idx = (addr_in >> 13) & 0x1f;
793 page = addr_in & 0x1fff;
794 pointer_entry &= ~0x7f;
795 MMULOG(("8k pages: index %x page %x\n", page_idx, page));
799 page_idx = (addr_in >> 12) & 0x3f;
800 page = addr_in & 0xfff;
801 pointer_entry &= ~0xff;
802 MMULOG(("4k pages: index %x page %x\n", page_idx, page));
805 page_ptr = pointer_entry + (page_idx<<2);
806 page_entry = m68k_read_memory_32(page_ptr);
807 m68ki_cpu.mmu_last_page_entry_addr = page_ptr;
809 MMULOG(("page_entry = %08x\n", page_entry));
811 // resolve indirect page pointers
812 while ((page_entry & 3) == 2)
814 page_entry = m68k_read_memory_32(page_entry & ~0x3);
815 m68ki_cpu.mmu_last_page_entry_addr = (page_entry & ~0x3);
817 m68ki_cpu.mmu_last_page_entry = page_entry;
819 // is the page write protected or supervisor protected?
820 if ((((page_entry & 4) && !m68ki_cpu.mmu_tmp_rw) || ((page_entry & 0x80) && !(fc & 4))) && !ptest)
822 pmmu_set_buserror(addr_in);
826 switch (page_entry & 3)
829 MMULOG(("Invalid page entry! PC=%x, addr=%x\n", m68ki_cpu.ppc, addr_in));
832 pmmu_set_buserror(addr_in);
839 if (m68ki_cpu.mmu_tc & 0x4000) // 8k pages?
841 addr_out = (page_entry & ~0x1fff) | page;
845 addr_out = (page_entry & ~0xfff) | page;
850 page_entry |= 0x8; // always set the U bit
852 // if we're writing, the M bit comes into play
853 if (!m68ki_cpu.mmu_tmp_rw)
855 page_entry |= 0x10; // set Modified
858 // if these updates resulted in a change, write the entry back where we found it
859 if (page_entry != m68ki_cpu.mmu_last_page_entry && !m_side_effects_disabled)
861 m68ki_cpu.mmu_last_page_entry = page_entry;
862 m68k_write_memory_32(m68ki_cpu.mmu_last_page_entry_addr, m68ki_cpu.mmu_last_page_entry);
867 // page entry: UR G U1 U0 S CM CM M U W PDT
868 // SR: B G U1 U0 S CM CM M 0 W T R
869 m68ki_cpu.mmu_tmp_sr |= ((addr_out & ~0xfff) || (page_entry & 0x7f4));
873 case 2: // shouldn't happen
874 fatalerror("68040: got indirect final page pointer, shouldn't be possible\n");
877 // if (addr_in != addr_out) MMULOG(("040MMU: [%08x] => [%08x]\n", addr_in, addr_out));
883 // pmmu_translate_addr: perform 68851/68030-style PMMU address translation
884 uint32 pmmu_translate_addr(uint32 addr_in, uint16 rw)
888 if (CPU_TYPE_IS_040_PLUS(m68ki_cpu.cpu_type))
890 addr_out = pmmu_translate_addr_with_fc_040(addr_in, m68ki_cpu.mmu_tmp_fc, 0);
894 addr_out = pmmu_translate_addr_with_fc(addr_in, m68ki_cpu.mmu_tmp_fc, rw,7,0,0);
895 MMULOG(("ADDRIN %08X, ADDROUT %08X\n", addr_in, addr_out));
900 int fc_from_modes(uint16 modes)
902 if ((modes & 0x1f) == 0)
904 return m68ki_cpu.sfc;
907 if ((modes & 0x1f) == 1)
909 return m68ki_cpu.dfc;
912 if (m68ki_cpu.cpu_type & CPU_TYPE_030)
914 // 68030 has 3 bits fc, but 68851 4 bits
915 if (((modes >> 3) & 3) == 1)
917 return REG_D[modes & 7] & 0x7;
920 if (((modes >> 3) & 3) == 2)
927 if (((modes >> 3) & 3) == 1)
929 return REG_D[modes & 7] & 0xf;
939 fatalerror("%s: unknown fc mode: 0x%02xn", __func__, modes & 0x1f);
943 void m68851_pload(uint32 ea, uint16 modes)
945 uint32 ltmp = DECODE_EA_32(ea);
946 int fc = fc_from_modes(modes);
947 uint16 rw = !!(modes & 0x200);
949 MMULOG(("%s: PLOAD%c addr=%08x, fc=%d\n", __func__, rw ? 'R' : 'W', ltmp, fc));
951 // MC68851 traps if MMU is not enabled, 030 not
952 if (m68ki_cpu.pmmu_enabled || (m68ki_cpu.cpu_type & CPU_TYPE_030))
954 if (CPU_TYPE_IS_040_PLUS(m68ki_cpu.cpu_type))
956 pmmu_translate_addr_with_fc_040(ltmp, fc, 0);
960 pmmu_translate_addr_with_fc(ltmp, fc, rw , 7, 0, 1);
965 MMULOG(("PLOAD with MMU disabled on MC68851\n"));
966 m68ki_exception_trap(57);
971 void m68851_ptest(uint32 ea, uint16 modes)
973 uint32 v_addr = DECODE_EA_32(ea);
976 int level = (modes >> 10) & 7;
977 uint16 rw = !!(modes & 0x200);
978 int fc = fc_from_modes(modes);
980 MMULOG(("PMMU: PTEST%c (%04X) pc=%08x sp=%08x va=%08x fc=%x level=%x a=%d, areg=%d\n",
981 rw ? 'R' : 'W', modes, m68ki_cpu.ppc, REG_A[7], v_addr, fc, level,
982 (modes & 0x100) ? 1 : 0, (modes >> 5) & 7));
984 if (CPU_TYPE_IS_040_PLUS(m68ki_cpu.cpu_type))
986 p_addr = pmmu_translate_addr_with_fc_040(v_addr, fc, 1);
990 p_addr = pmmu_translate_addr_with_fc(v_addr, fc, rw, level, 1, 0);
993 m68ki_cpu.mmu_sr = m68ki_cpu.mmu_tmp_sr;
995 MMULOG(("PMMU: PTEST result: %04x pa=%08x\n", m68ki_cpu.mmu_sr, p_addr));
998 int areg = (modes >> 5) & 7;
999 WRITE_EA_32(0x08 | areg, p_addr);
1003 void m68851_pmove_get(uint32 ea, uint16 modes)
1005 switch ((modes>>10) & 0x3f)
1007 case 0x02: // transparent translation register 0
1008 WRITE_EA_32(ea, m68ki_cpu.mmu_tt0);
1009 MMULOG(("PMMU: pc=%x PMOVE from mmu_tt0=%08x\n", m68ki_cpu.ppc, m68ki_cpu.mmu_tt0));
1011 case 0x03: // transparent translation register 1
1012 WRITE_EA_32(ea, m68ki_cpu.mmu_tt1);
1013 MMULOG(("PMMU: pc=%x PMOVE from mmu_tt1=%08x\n", m68ki_cpu.ppc, m68ki_cpu.mmu_tt1));
1015 case 0x10: // translation control register
1016 WRITE_EA_32(ea, m68ki_cpu.mmu_tc);
1017 MMULOG(("PMMU: pc=%x PMOVE from mmu_tc=%08x\n", m68ki_cpu.ppc, m68ki_cpu.mmu_tc));
1020 case 0x12: // supervisor root pointer
1021 WRITE_EA_64(ea, (uint64)m68ki_cpu.mmu_srp_limit<<32 | (uint64)m68ki_cpu.mmu_srp_aptr);
1022 MMULOG(("PMMU: pc=%x PMOVE from SRP limit = %08x, aptr = %08x\n", m68ki_cpu.ppc, m68ki_cpu.mmu_srp_limit, m68ki_cpu.mmu_srp_aptr));
1025 case 0x13: // CPU root pointer
1026 WRITE_EA_64(ea, (uint64)m68ki_cpu.mmu_crp_limit<<32 | (uint64)m68ki_cpu.mmu_crp_aptr);
1027 MMULOG(("PMMU: pc=%x PMOVE from CRP limit = %08x, aptr = %08x\n", m68ki_cpu.ppc, m68ki_cpu.mmu_crp_limit, m68ki_cpu.mmu_crp_aptr));
1031 logerror("680x0: PMOVE from unknown MMU register %x, PC %x\n", (modes>>10) & 7, m68ki_cpu.pc);
1035 if (!(modes & 0x100)) // flush ATC on moves to TC, SRP, CRP, TT with FD bit clear
1042 void m68851_pmove_put(uint32 ea, uint16 modes)
1045 switch ((modes>>13) & 7)
1049 uint32 temp = READ_EA_32(ea);
1051 if (((modes >> 10) & 7) == 2)
1053 MMULOG(("WRITE TT0 = 0x%08x\n", m68ki_cpu.mmu_tt0));
1054 m68ki_cpu.mmu_tt0 = temp;
1056 else if (((modes >> 10) & 7) == 3)
1058 MMULOG(("WRITE TT1 = 0x%08x\n", m68ki_cpu.mmu_tt1));
1059 m68ki_cpu.mmu_tt1 = temp;
1063 // FIXME: unreachable
1064 if (!(modes & 0x100))
1073 logerror("680x0: unknown PMOVE case 1, PC %x\n", m68ki_cpu.pc);
1077 switch ((modes >> 10) & 7)
1079 case 0: // translation control register
1080 m68ki_cpu.mmu_tc = READ_EA_32(ea);
1081 MMULOG(("PMMU: TC = %08x\n", m68ki_cpu.mmu_tc));
1083 if (m68ki_cpu.mmu_tc & 0x80000000)
1086 for (int shift = 20; shift >= 0; shift -= 4)
1088 bits += (m68ki_cpu.mmu_tc >> shift) & 0x0f;
1091 if (bits != 32 || !((m68ki_cpu.mmu_tc >> 23) & 1))
1093 logerror("MMU: TC invalid!\n");
1094 m68ki_cpu.mmu_tc &= ~0x80000000;
1095 m68ki_exception_trap(EXCEPTION_MMU_CONFIGURATION);
1097 m68ki_cpu.pmmu_enabled = 1;
1099 MMULOG(("PMMU enabled\n"));
1103 m68ki_cpu.pmmu_enabled = 0;
1104 MMULOG(("PMMU disabled\n"));
1107 if (!(modes & 0x100)) // flush ATC on moves to TC, SRP, CRP with FD bit clear
1113 case 2: // supervisor root pointer
1114 temp64 = READ_EA_64(ea);
1115 m68ki_cpu.mmu_srp_limit = (temp64 >> 32) & 0xffffffff;
1116 m68ki_cpu.mmu_srp_aptr = temp64 & 0xffffffff;
1117 MMULOG(("PMMU: SRP limit = %08x aptr = %08x\n", m68ki_cpu.mmu_srp_limit, m68ki_cpu.mmu_srp_aptr));
1118 // SRP type 0 is not allowed
1119 if ((m68ki_cpu.mmu_srp_limit & 3) == 0)
1121 m68ki_exception_trap(EXCEPTION_MMU_CONFIGURATION);
1125 if (!(modes & 0x100))
1131 case 3: // CPU root pointer
1132 temp64 = READ_EA_64(ea);
1133 m68ki_cpu.mmu_crp_limit = (temp64 >> 32) & 0xffffffff;
1134 m68ki_cpu.mmu_crp_aptr = temp64 & 0xffffffff;
1135 MMULOG(("PMMU: CRP limit = %08x aptr = %08x\n", m68ki_cpu.mmu_crp_limit, m68ki_cpu.mmu_crp_aptr));
1136 // CRP type 0 is not allowed
1137 if ((m68ki_cpu.mmu_crp_limit & 3) == 0)
1139 m68ki_exception_trap(EXCEPTION_MMU_CONFIGURATION);
1143 if (!(modes & 0x100))
1149 case 7: // MC68851 Access Control Register
1150 if (m68ki_cpu.cpu_type == CPU_TYPE_020)
1152 // DomainOS on Apollo DN3000 will only reset this to 0
1153 uint16 mmu_ac = READ_EA_16(ea);
1156 MMULOG(("680x0 PMMU: pc=%x PMOVE to mmu_ac=%08x\n",
1157 m68ki_cpu.ppc, mmu_ac));
1161 // fall through; unknown PMOVE mode unless MC68020 with MC68851
1165 logerror("680x0: PMOVE to unknown MMU register %x, PC %x\n", (modes>>10) & 7, m68ki_cpu.pc);
1169 case 3: // MMU status
1171 uint32 temp = READ_EA_32(ea);
1172 logerror("680x0: unsupported PMOVE %x to MMU status, PC %x\n", temp, m68ki_cpu.pc);
1179 void m68851_pmove(uint32 ea, uint16 modes)
1181 switch ((modes>>13) & 0x7)
1183 case 0: // MC68030/040 form with FD bit
1184 case 2: // MC68851 form, FD never set
1187 m68851_pmove_get(ea, modes);
1190 else // top 3 bits of modes: 010 for this, 011 for status, 000 for transparent translation regs
1192 m68851_pmove_put(ea, modes);
1195 case 3: // MC68030 to/from status reg
1198 MMULOG(("%s: read SR = %04x\n", __func__, m68ki_cpu.mmu_sr));
1199 WRITE_EA_16(ea, m68ki_cpu.mmu_sr);
1203 m68ki_cpu.mmu_sr = READ_EA_16(ea);
1204 MMULOG(("%s: write SR = %04X\n", __func__, m68ki_cpu.mmu_sr));
1209 logerror("680x0: unknown PMOVE mode %x (modes %04x) (PC %x)\n", (modes >> 13) & 0x7, modes, m68ki_cpu.pc);
1216 void m68851_mmu_ops()
1219 uint32 ea = m68ki_cpu.ir & 0x3f;
1221 // catch the 2 "weird" encodings up front (PBcc)
1222 if ((m68ki_cpu.ir & 0xffc0) == 0xf0c0)
1224 logerror("680x0: unhandled PBcc\n");
1227 else if ((m68ki_cpu.ir & 0xffc0) == 0xf080)
1229 logerror("680x0: unhandled PBcc\n");
1232 else if ((m68ki_cpu.ir & 0xffe0) == 0xf500)
1234 MMULOG(("68040 pflush: pc=%08x ir=%04x opmode=%d register=%d\n", REG_PC-4, m68ki_cpu.ir, (m68ki_cpu.ir >> 3) & 3, m68ki_cpu.ir & 7));
1237 else // the rest are 1111000xxxXXXXXX where xxx is the instruction family
1239 switch ((m68ki_cpu.ir>>9) & 0x7)
1242 modes = OPER_I_16();
1244 if ((modes & 0xfde0) == 0x2000) // PLOAD
1246 m68851_pload(ea, modes);
1249 else if ((modes & 0xe200) == 0x2000) // PFLUSH
1251 pmmu_atc_flush_fc_ea(modes);
1254 else if (modes == 0xa000) // PFLUSHR
1259 else if (modes == 0x2800) // PVALID (FORMAT 1)
1261 logerror("680x0: unhandled PVALID1\n");
1264 else if ((modes & 0xfff8) == 0x2c00) // PVALID (FORMAT 2)
1266 logerror("680x0: unhandled PVALID2\n");
1269 else if ((modes & 0xe000) == 0x8000) // PTEST
1271 m68851_ptest(ea, modes);
1276 m68851_pmove(ea, modes);
1281 logerror("680x0: unknown PMMU instruction group %d\n", (m68ki_cpu.ir>>9) & 0x7);
1288 /* Apple HMMU translation is much simpler */
1290 inline uint32 hmmu_translate_addr(uint32 addr_in)
1296 // check if LC 24-bit mode is enabled - this simply blanks out A31, the V8 ignores A30-24 always
1297 if (m68ki_cpu.hmmu_enabled == M68K_HMMU_ENABLE_LC)
1299 addr_out = addr_in & 0xffffff;
1301 else if (m68ki_cpu.hmmu_enabled == M68K_HMMU_ENABLE_II) // the original II does a more complex translation
1303 addr_out = addr_in & 0xffffff;
1305 if ((addr_out >= 0x800000) && (addr_out <= 0x8fffff))
1307 addr_out |= 0x40000000; // ROM
1309 else if ((addr_out >= 0x900000) && (addr_out <= 0xefffff))
1311 addr_out = 0xf0000000; // NuBus
1312 addr_out |= ((addr_in & 0xf00000)<<4);
1313 addr_out |= (addr_in & 0xfffff);
1315 else if (addr_out >= 0xf00000)
1317 addr_out |= 0x50000000; // I/O
1320 // (RAM is at 0 and doesn't need special massaging)
1326 int m68851_buserror(u32& addr)
1328 if (!m68ki_cpu.pmmu_enabled)
1333 if (m68ki_cpu.mmu_tablewalk)
1335 MMULOG(("buserror during table walk\n"));
1336 m68ki_cpu.mmu_tmp_sr |= M68K_MMU_SR_BUS_ERROR|M68K_MMU_SR_INVALID;
1340 addr = m68ki_cpu.mmu_last_logical_addr;