privileged registers: isp msp sr vbr sfc dfc cacr urp srp tc dtt0 dtt1 itt0 itt1 mmusr sr: T1 T0 S M 0 I2 I1 I0 =<0 0 0 X N Z V C> urp and srp are root pointers for supervisor and user modes (they point to page tables); same table is used for I and D space. S bit in sr selects urp/srp as root for accesses virtual address is: aaaa aaab bbbb bbcc ccc* dddd dddd dddd a selects one of 128 entries in first-level table (pointed to by urp/srp). b selects one of 128 entries in second-level table (pointed to by first-level table entry). * is either c or d bit depending on tc register. c selects one of 23 or 64 ptes in third-level table (pointed to by second-level table entry). d is offset within page. Pages are 4k or 8k, depending on tc. first and second level table entries can be resident or invalid. third level entries can be resident, indirect, or invalid. indirect is intended for multiply-mapped physical pages. invalid can be used at any level except the root; an invalid descriptor produces an exception. general outline of address translation: - compare address and privilege against [id]tt[01] and use virtual address as physical address directly if a match is indicated - check page table cache (atc) for a hit - walk tree from urp/srp on reset, e bits cleared in tc and [id]tt[01], disabling all translation. after initting page tables, set e bit in tc. when translation is disabled, zeros are used for attribute bits (indicating writethrough cachable mode, no writ eprotection, user page bits clear). any existing atc entries are not disabled; a pflush must be done to clear the atcs after reset and before enabling translation. tt registers override page table entries; tt0 overrides tt1. itt[01] is used only for instruction prefetches; pc-relative operands will use dtt[01]. (ick!) atc entries contain: V G FC2 U1 U0 S CM M W R V = valid, set when loaded from page tables, cleared by pflush{,a} G = global, if nonglobal pflush variant is used this bit controls; if not, this bit can be used by system FC2 = 1 for S mode, 0 for U mode access = high 16 (4k pages) or 15 (8k pages) bits of virtual addresses that match this entry U1,U0 = echoed to UPA0 and UPA1 if external access results S = 1 if this entry is supervisor-only, 0 if user mode can access it CM = cache mode (two bits): 00 = cacheable-writethrough (write always updates memory, updates cache on hit but not on miss) 01 = cacheable-copyback (write hit dirties cache, write miss loads cache line and then dirties it) 10 = noncacheable-serialized 11 = noncacheable-nonserialized noncacheable-serialized aligned accesses are guaranteed to happen in the order expected from instruction order. noncacheable accesses that miss cache don't touch cache noncacheable accesses that hit cache push entries before access if dirty and in any case invalidate cache entries M = modified, set when a write to this page occurs (also sets M in the page tables in memory) W = write-protect: set if any entries in the walk producing this entry were marked write-protected R = resident: set if all entries in walk were valid first-level table entries: ------------------------------ X X X X X U W UDT +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ second-level table entries: ----------------
---------------- X X X X U W UDT 4k -----------------
----------------- X X X U W UDT 8k +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
= next table address (must be aligned; virtual address bits are shifted into position to get address of next table entry) X = reserved for future definition by Motorola U = used; set when this descriptor is used during a table walk; cpu never clears this bit on its own initiative W = write-protect all addresses covered by this descriptor UDT = type: 00,01 = invalid (and all non-UDT bits are available to kernel) 10,11 = resident PTEs (lowest level of tables): --------------------- u G UPA S CM- M U W PDT 4k ------------------- u u G UPA S CM- M U W PDT 8k +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ u = reserved to user G = global (not invalidated by non-global pflush; if non-global pflushes are not used, can be used as user bit) UPA = echoed to UPA1 and UPA0 if a bus access results S = supervisor-only CM = cache mode, same as for atc entries above M = modified; set when a write occurs; cpu never clears this bit on its own initiative U = used; set when pte is used, never cleared on cpu's initiative W = write-protect PDT = type: 00 = invalid 01 = resident 10 = indirect; bits 31..2 are address of real descriptor if this descriptor is already indirect, 10=invalid 11 = invalid all translation table addresses are physical addresses urp/srp must have low 9 bits clear (doesn't say what happens if not) tc is 16-bit register: E P x x x x x x x x x x x x x x +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ E = enable translation (0=disable, 1=enable) P = page size (0=4k, 1=8k) x = undefined-reserved must pflush to flush probably invalid atcs before enabling translation [id]tt[01] are 32-bit:
-
- E -S- 0 0 0 UPA 0 CM- 0 0 W 0 0 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
,
= this tt register matches if high eight bits of virtual address, ANDed with mask, equal base E = enable this register's translation (0=disable, 1=enable) S = supervisor/user mode: 00 = match only user mode access 01 = match only supervisor mode access 1x = match either access UPA = ecohed to UPA0 and UPA1 if a bus access results CM = cache mode, as for ptes above W = write-protect (0=rw, 1=ro) mmusr is 32-bit: this register contains status info from ptest instruction: --------------------- B G UPA S CM- M 0 W T R +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ = high bits of physical address; merge with low 12 bits of virtual address to obtain physical address B = bus error: set if transfer error encountered during table search. If this bit is set, all other bits are 0. G = global: set if pte's G bit is set UPA = UPA bits from pte S = supervisor protection bit from pte (not an exception indicator) CM = cache mode bits from pte M = M bit from pte W = write-protect bit accumulated during search T = [id]tt[01] hit; if this bit is set, R is also set and all other bits are 0. R = resident: search completed successfully, or tt register matched. cacr is 32-bit: D 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 E 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ D = enable data cache E = enable instruction cache reset clears cacr but does not affect cache entries stack frames, for rte instruction: 1) four-word stack frame, format 0: +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ sp | saved sr +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ sp+2 | program counter | sp+6 |0 0 0 0| vector offset +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ exception stacked pc points to interrupt next instruction format error rte/frestore instruction trap #n next instruction illegal instr illegal instruction a/f-line trap a/f-line instruction priv. viol. instruction causing violation fpe pre-instr. fp instruction provoking exception 2) throwaway four-word stack frame, format 1; +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ sp | saved sr +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ sp+2 | program counter | sp+6 |0 0 0 1| vector offset +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ created on isp during interrupt processing when transition from master state to interrupt state occurs; pc points to next instruction. 3) six-word stack frame, format 2: +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ sp | saved sr +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ sp+2 | program counter | sp+6 |0 0 1 0| vector offset +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ sp+8 | address | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ address error pc = instruction in error address = reference address unimplemented fp instruction pc = next instruction address = calculated EA for fp instruction chk, chk2, trapcc, ftrapcc, trapv, trace, div-by-0 pc = next instruction address = address of instruction responsible 3) fp post-instruction stack frame, format 3: +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ sp | saved sr +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ sp+2 | program counter | sp+6 |0 0 1 1| vector offset +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ sp+8 | effective address | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ pc = next instruction address is calculated EA for fp instruction 3) access error stack frame, format 7: +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ sp |(SR) saved sr +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ sp+02 |(PC) program counter | sp+06 |0 1 1 1| vector offset +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ sp+08 |(EA) effective address | sp+0c |(SSW) special status word +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ sp+0e |0 0 0 0 0 0 0 0| wb 3 status | (WB3S) sp+10 |0 0 0 0 0 0 0 0| wb 2 status | (WB2S) sp+12 |0 0 0 0 0 0 0 0| wb 1 status +-(WB1S)+-+-+-+-+-+-+-+-+-+-+-+-+ sp+14 |(FA) fault address | sp+18 |(WB3A) writeback 3 address | sp+1c |(WB3D) writeback 3 data | sp+20 |(WB2A) writeback 2 address | sp+24 |(WB2D) writeback 2 data | sp+28 |(WB1A) writeback 1 address | sp+2c |(WB1D/PD0) writeback 1 data / push data 0 | sp+30 |(PD1) push data 1 | sp+34 |(PD2) push data 2 | sp+38 |(PD3) push data 3 | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ ATC fault or bus error, pc points to next instruction EA: contains address when one of CM/CT/CU/CP is set in SSW. SSW: indicates what caused fault and contains status info: +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ CP CU CT CM MA AF LK RW xx SIZE- -TT-- ---TM--- TM, TT, SIZE, RW, LK - hardware TMx, TTx, SIZx, R/W, and LOCK signals from faulting transfer. AF - ATC fault: set for ATC fault due to bus error or invalid descriptor found during tablewalk, or write-protect or supervisor-only violation. Clear for bus-errored I, D, or cache push access. MA - misaligned access: set if an ATC fault occurs for the second page for an access which spans a page boundary. CM - continuation - MOVEM pending Set if data access bus errored during a MOVEM; EA contains calculated effective address. (Where is the mask saved?) CT - continuation - trace exception pending Set for an access error with a pending trace exception. EA contains address of instruction being traced. CU - continuation - unimplemented fp instruction exception pending Set for an access error with unimplemented fp instruction exception pending. If unimpl instr is traced, CU is set and CT is undefined. Handler must notice trace bits in stacked SR and deal with it. CP - continuation - fp post-instruction exception pending Like CU, but for post-instruction rather than unimplemnted. WBxS: writeback status: +-+-+-+-+-+-+-+-+ V SIZ TT- -TM-- V - valid, writeback pending if set SIZ, TT, TM - as for SSW, presumably FA: fault address - the address which faulted. Physical address for cache pushes, virtual for all others. If a misaligned access faults, FA is the address of the first byte, regardless of which of the two or three transfers faulted. For a push fault, FA==WB1A. WBxD: WB3D and WB2D are register-aligned, with byte and word data in low bits of field. WB1D is memory-aligned: size A1 A0 WB1D WB2D, WB3D byte 0 0 31:24 7: 0 byte 0 1 23:16 7: 0 byte 1 0 15: 8 7: 0 byte 1 1 7: 0 7: 0 word 0 0 31:16 15: 0 word 0 1 23: 8 15: 0 word 1 0 15: 0 15: 0 word 1 1 7: 0, 31:24 15: 0 long 0 0 31: 0 31: 0 long 0 1 23: 0, 31:24 31: 0 long 1 0 15: 0, 31:16 31: 0 long 1 1 7: 0, 31: 8 31: 0 For a line transfer fault, PD3-PD0 are already memory-aligned, regardless of A1/A0 in the writeback address. writebacks should be done in order: wb1, then wb2, then wb3. For a push fault, the push must be completed first, then potentially wb2 and wb3. Note that wb2 and wb3 may potentially cause further bus errors. reset exception: dedicated pin on processor - T0 = T1 = 0 in SR to disable tracing - S = 1, M = 0 in SR to shift to interrupt mode - IPL = 7 - VBR = 0 - Clear both enable bits in CACR - Clear E and set P in TC - Clear enable bits in all four TT registers - Read vector #0 into SP (ie, ISP) - Read vector #1 into PC - Prefetch four longwords pointed to by PC Any errors occurring during the memory fetches cause an immediate double bus error halt with processor status = 0111. access fault exception: when data access or instruction prefetch access faults due to either external bus error or internal translation fault. Presumably this uses stack frame type 7. - Save copy of SR - S = 1, T1 = T0 = 0 in SR - Use exception vector 2 - Push vector offset, PC, saved copy of SR on stack. PC points to instruction executing when fault occurred, which may not be instruction that provoked fault - Push restart info, pending writebacks, fault address Handler is responsible for completing writebacks. address error exception: attempt to prefetch instructions from an odd address. (This includes an ultimately untaken branch with an odd offset.) Type 2 stack frame is generated; saved address has low bit cleared. instruction trap exception: trap, sometimes trapcc, ftrapcc, trapv, chk, chk2, divs, divu. - Save copy of SR - S = 1, T1 = T0 = 0 in SR - Choose vector number: 5 for div[su]; 6 for chk/chk2; 7 for ftrapcc, trapcc, trapv; 32+n for trap #n. - Stack vector offset, PC, saved copy of SR. PC points to instruction following trapping instruction. Except for trap #n, also stack address of instruction. illegal instruction: undefined instruction or bad register number for movec instruction. Generate type 0 stack frame. unimplemented fp instruction: legal 68881/68882 instruction that isn't implemented in the 68040. Handler should do FSAVE to get FP state, including address of faulting instruction. Instruction is partially decoded and EA saved to help handler. privilege violation exception: andi to sr, cinv, cpush, eori to sr, frestore, fsave, move from sr, move to sr, move usp, movec, moves, ori to sr, pflush, ptest, reset, rte, or stop instruction in user mode. Use vector 8, generate type 0 stack frame. trace exception: in sr not zero. if !=0 when instruction begins, trace exception is taken when it completes. t1 t0 function 0 0 no tracing 0 1 trace on flow control or SR change 1 0 trace every instruction 1 1 undefined - reserved trace instruction occurs only at completion of instruction; if instruction traps or faults or is unimplemented or illegal, it doesn't complete so the trace trap doesn't happen. nb: if instruction is emulated by trap handler, tracing must be emulated too. STOP instruction does not function when T1=1 T0=0; it loads SR and then takes the trace trap. On return from the trace trap handler, execution continues with the following instruction. format error exception: rte and frestore check their data, and if it's invalid, take this trap. rte processing: - type 0 frame: load pc and sr from frame, pop frame, resume execution. - type 1 frame: load sr from frame, pop frame, resume rte processing with new sr value. - type 2 frame: same as type 0 except there's more to pop. - type 3 frame: load pc and sr, pop frame, check for another pending fp exception; if so, take it, if not, resume execution. - type 7 frame: load pc and sr, check SSW continuation bits. - no continuation bits: pop frame, resume execution. - MOVEM bit set: restore EA from stack frame and restart instruction (repeating any accesses that occurred before the fault). - pending trace, unimp fp instr, fp post-instr bits: restore EA from stack frame, pop frame, and initiate exception processing. (At most one continuation bit is ever set when cpu generates stack frame. If multiple bits are set, RTE operation is undefined.) - unknown frame type: take format error exception - if error occurs during frame validation, a new frame, appropriate to the error, is created below the faulty frame. FPU state frames: - null state frame: +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ |0 0 0 0 0 0 0 0 ---undefined--- . . . . . . . . . . . . . . . .| +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ - idle state frame: +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ |------VER------ 0 0 0 0 0 0 0 0 . . . . . . . . . . . . . . . .| +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ - unimplemented instruction state frame: +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ |------VER------|0 0 1 0 1 0 0 0|. . . . . . . . . . . . . . . .| |STAG- . . . . .|. . . . . . . .|. . . . . . . . . . . . . . . .| |-----------CMDREG1B------------|. . . . . . . . . . . . . . . .| |DTAG- . . . . .|. . . . . . . .|. . . . . . . . . . . . . . . .| |. . . . . a . .|. . . . . . . .|. . . . . . . . . . . . . . . .| |b ------------FPTE-------------|. . . . . . . . . . . . . . . .| |--------------------------FPTM[63:32]--------------------------| |--------------------------FPTM[31:0]---------------------------| |c -------------ETE------------- . . . . . . . . . . . . . . . .| |---------------------------ETM[63:32]--------------------------| |---------------------------ETM[31:0]---------------------------| +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ a = E1, b = FPTS, c = ETS - busy state frame: +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ |---VER=0x40----|0 1 1 0 0 0 0 0|. . . . . . . . . . . . . . . .| |. . . . . . . .|. . . . . . . .|. . . . . . . . . . . . . . . .| |--CU_SAVEPC-- .|. . . . . . . .|. . . . . . . . . . . . . . . .| |. . . . . . . .|. . . . . . . .|. . . . . . . . . . . . . . . .| |. . . . . . . .|. . . . . . . .|. . . . . . . . . . . . . . . .| |. . . . . . . .|. . . . . . . .|. . . . . . . . . . . . . . . .| |a ---------WBTE[14:0]----------|. . . . . . . . . . . . . . . .| |--------------------------WBTM[65:34]--------------------------| |--------------------------WBTM[33:2]---------------------------| |. . . . . . . .|. . . . . . . .|. . . . . . . . . . . . . . . .| |----------------------------FPIARCU----------------------------| |. . . . . . . .|. . . . . . . .|. . . . . . . . . . . . . . . .| |. . . . . . . .|. . . . . . . .|. . . . . . . . . . . . . . . .| |. . . . . ------CMDREG3B-------|. . . . . . . . . . . . . . . .| |. . . . . . . .|. . . . . . . .|. . . . . . . . . . . . . . . .| |STAG- . . b c d|e . . . . . . .|. . . . . . . . . . . . . . . .| |-----------CMDREG1B------------|. . . . . . . . . . . . . . . .| |DTAG- . . . . .|. . . f . . . .|. . . . . . . . . . . . . . . .| |. . . . . g h .|. . . T . . . .|. . . . . . . . . . . . . . . .| |i ------------FPTE-------------|. . . . . . . . . . . . . . . .| |--------------------------FPTM[63:32]--------------------------| |--------------------------FPTM[31:0]---------------------------| |j -------------ETE-------------|. . . . . . . . . . . . . . . .| |---------------------------ETM[63:32]--------------------------| |---------------------------ETM[31:0]---------------------------| +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ a = WBTS, b = WBTM66, c = WBTM1, d = WBTM0, e = SBIT, f = WBTE15 g = E1, h = E3, i = FPTS, j = ETS CMDREG1B: command word for an E1 exception. For FSQRT, bits 6:0 are changed from 0000100 to 0000101 for CMDREG1B; all other instructions map directly. CMDREG3B: command word for E3 exception. Bit mapping is as follows: +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ CMDREG1B: |OPCLASS | SRC Rx | DST Ry | CMD | +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ | | | | | | | | | | \/ | | | | | _/\ | | | | \/ | | | | | _/\ | | | | \/ | | | | | /\ | | | | | | | | | | | V V V V V V V +--+--+--+--+--+--+--+--+--+--+--+ CMDREG3B: |0 | DST Ry | CMD | +--+--+--+--+--+--+--+--+--+--+--+ CU_SAVEPC: micro-PC for conversion unit (CU). E1: when set, indicates exception noticed by CU. All exception types are possible. Check E3 first; if set, do E3 processing and RTE; if E1 is set it will be handled later. For unimplemented instruction frame, if E1 is set one or both operands are of unimplemented data type. E3: when set, indicates exception noticed by normalization unit (NU). Only OVFL, UNFL, and INEX2 exceptions on opclass 0 (register-to-register and memory-to-register) for FADD, FSUB, FMUL, FDIV, and FSQRT can occur. Handler must check for and handle E3 first. ETS, ETE, ETM: collectively, ETEMP. These contain source operand converted to extended precision (ign, xponent, and antissa). For packed decimal source, bits [63:0] of operand are in ETM, and ETS and ETE are undefined. FPIARCU: Instruction address register of CU. FPTS, FPTE, FPTM: collectively, FPTEMP. These contain the destination operand for dyadic operations, converted to extended precision as for ETEMP. For packed decimal source, bits [95:64] of operand are in FPTM[31:00], and FPTS, FPTE, and FPTM[63:32] are undefined. STAG, DTAG: data type of source and destination. STAG is undefined for packed decimal source operand. Encodings: 000 Normalized 001 Zero 010 Infinity 011 NAN 100 Extended precision denormalized or unnormalized 101 Single or double precision denormalized T: when set, indicates a post-instruction exception occurred. WBTS, WBTE15:WBTE[14:0], WBTM66:WBTM[65:34]:WBTM[33:2]:WBTM1:WBTM0: exceptional operand in internal format for E3 exceptions. new instructions: pflush - flush entry/entries in ATC: pflush/pflusha/pflushn/pflushan a = all, n = nonglobal only cinv - invalidate cache entries cpush - push then invalidate cache entries move16 - 16-byte block move ptest - test an address for accessibility a7 is: S clr in sr: usp S set in sr: M set in sr: msp M clr in sr: isp interrupts set S and clear M