| blob | 65f9c1de4035decd07147128662c975ff08159a9 |
1 /*
2 * New-style decoder for i386 instructions
3 *
4 * Copyright (c) 2022 Red Hat, Inc.
5 *
6 * Author: Paolo Bonzini <pbonzini@redhat.com>
7 *
8 * This library is free software; you can redistribute it and/or
9 * modify it under the terms of the GNU Lesser General Public
10 * License as published by the Free Software Foundation; either
11 * version 2.1 of the License, or (at your option) any later version.
12 *
13 * This library is distributed in the hope that it will be useful,
14 * but WITHOUT ANY WARRANTY; without even the implied warranty of
15 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
16 * Lesser General Public License for more details.
17 *
18 * You should have received a copy of the GNU Lesser General Public
19 * License along with this library; if not, see <http://www.gnu.org/licenses/>.
20 */
22 /*
23 * The decoder is mostly based on tables copied from the Intel SDM. As
24 * a result, most operand load and writeback is done entirely in common
25 * table-driven code using the same operand type (X86_TYPE_*) and
26 * size (X86_SIZE_*) codes used in the manual.
27 *
28 * The main difference is that the V, U and W types are extended to
29 * cover MMX as well; if an instruction is like
30 *
31 * por Pq, Qq
32 * 66 por Vx, Hx, Wx
33 *
34 * only the second row is included and the instruction is marked as a
35 * valid MMX instruction. The MMX flag directs the decoder to rewrite
36 * the V/U/H/W types to P/N/P/Q if there is no prefix, as well as changing
37 * "x" to "q" if there is no prefix.
38 *
39 * In addition, the ss/ps/sd/pd types are sometimes mushed together as "x"
40 * if the difference is expressed via prefixes. Individual instructions
41 * are separated by prefix in the generator functions.
42 *
43 * There are a couple cases in which instructions (e.g. MOVD) write the
44 * whole XMM or MM register but are established incorrectly in the manual
45 * as "d" or "q". These have to be fixed for the decoder to work correctly.
46 */
48 #define X86_OP_NONE { 0 },
50 #define X86_OP_GROUP3(op, op0_, s0_, op1_, s1_, op2_, s2_, ...) { \
51 .decode = glue(decode_, op), \
52 .op0 = glue(X86_TYPE_, op0_), \
53 .s0 = glue(X86_SIZE_, s0_), \
54 .op1 = glue(X86_TYPE_, op1_), \
55 .s1 = glue(X86_SIZE_, s1_), \
56 .op2 = glue(X86_TYPE_, op2_), \
57 .s2 = glue(X86_SIZE_, s2_), \
58 .is_decode = true, \
59 ## __VA_ARGS__ \
60 }
62 #define X86_OP_GROUP2(op, op0, s0, op1, s1, ...) \
63 X86_OP_GROUP3(op, op0, s0, 2op, s0, op1, s1, ## __VA_ARGS__)
64 #define X86_OP_GROUP0(op, ...) \
65 X86_OP_GROUP3(op, None, None, None, None, None, None, ## __VA_ARGS__)
67 #define X86_OP_ENTRY3(op, op0_, s0_, op1_, s1_, op2_, s2_, ...) { \
68 .gen = glue(gen_, op), \
69 .op0 = glue(X86_TYPE_, op0_), \
70 .s0 = glue(X86_SIZE_, s0_), \
71 .op1 = glue(X86_TYPE_, op1_), \
72 .s1 = glue(X86_SIZE_, s1_), \
73 .op2 = glue(X86_TYPE_, op2_), \
74 .s2 = glue(X86_SIZE_, s2_), \
75 ## __VA_ARGS__ \
76 }
78 #define X86_OP_ENTRY4(op, op0_, s0_, op1_, s1_, op2_, s2_, ...) \
79 X86_OP_ENTRY3(op, op0_, s0_, op1_, s1_, op2_, s2_, \
80 .op3 = X86_TYPE_I, .s3 = X86_SIZE_b, \
81 ## __VA_ARGS__)
83 #define X86_OP_ENTRY2(op, op0, s0, op1, s1, ...) \
84 X86_OP_ENTRY3(op, op0, s0, 2op, s0, op1, s1, ## __VA_ARGS__)
85 #define X86_OP_ENTRY0(op, ...) \
86 X86_OP_ENTRY3(op, None, None, None, None, None, None, ## __VA_ARGS__)
88 #define i64 .special = X86_SPECIAL_i64,
89 #define o64 .special = X86_SPECIAL_o64,
90 #define xchg .special = X86_SPECIAL_Locked,
91 #define mmx .special = X86_SPECIAL_MMX,
92 #define zext0 .special = X86_SPECIAL_ZExtOp0,
93 #define zext2 .special = X86_SPECIAL_ZExtOp2,
95 static uint8_t get_modrm(DisasContext *s, CPUX86State *env)
96 {
97 if (!s->has_modrm) {
98 s->modrm = x86_ldub_code(env, s);
99 s->has_modrm = true;
100 }
101 return s->modrm;
102 }
104 static const X86OpEntry opcodes_0F38_00toEF[240] = {
105 };
107 /* five rows for no prefix, 66, F3, F2, 66+F2 */
108 static const X86OpEntry opcodes_0F38_F0toFF[16][5] = {
109 };
111 static void decode_0F38(DisasContext *s, CPUX86State *env, X86OpEntry *entry, uint8_t *b)
112 {
113 *b = x86_ldub_code(env, s);
114 if (*b < 0xf0) {
115 *entry = opcodes_0F38_00toEF[*b];
116 } else {
117 int row = 0;
118 if (s->prefix & PREFIX_REPZ) {
119 /* The REPZ (F3) prefix has priority over 66 */
120 row = 2;
121 } else {
122 row += s->prefix & PREFIX_REPNZ ? 3 : 0;
123 row += s->prefix & PREFIX_DATA ? 1 : 0;
124 }
125 *entry = opcodes_0F38_F0toFF[*b & 15][row];
126 }
127 }
129 static const X86OpEntry opcodes_0F3A[256] = {
130 };
132 static void decode_0F3A(DisasContext *s, CPUX86State *env, X86OpEntry *entry, uint8_t *b)
133 {
134 *b = x86_ldub_code(env, s);
135 *entry = opcodes_0F3A[*b];
136 }
138 static const X86OpEntry opcodes_0F[256] = {
139 [0x38] = X86_OP_GROUP0(0F38),
140 [0x3a] = X86_OP_GROUP0(0F3A),
141 };
143 static void do_decode_0F(DisasContext *s, CPUX86State *env, X86OpEntry *entry, uint8_t *b)
144 {
145 *entry = opcodes_0F[*b];
146 }
148 static void decode_0F(DisasContext *s, CPUX86State *env, X86OpEntry *entry, uint8_t *b)
149 {
150 *b = x86_ldub_code(env, s);
151 do_decode_0F(s, env, entry, b);
152 }
154 static const X86OpEntry opcodes_root[256] = {
155 [0x0F] = X86_OP_GROUP0(0F),
156 };
158 #undef mmx
160 /*
161 * Decode the fixed part of the opcode and place the last
162 * in b.
163 */
164 static void decode_root(DisasContext *s, CPUX86State *env, X86OpEntry *entry, uint8_t *b)
165 {
166 *entry = opcodes_root[*b];
167 }
170 static int decode_modrm(DisasContext *s, CPUX86State *env, X86DecodedInsn *decode,
171 X86DecodedOp *op, X86OpType type)
172 {
173 int modrm = get_modrm(s, env);
174 if ((modrm >> 6) == 3) {
175 if (s->prefix & PREFIX_LOCK) {
176 decode->e.gen = gen_illegal;
177 return 0xff;
178 }
179 op->n = (modrm & 7);
180 if (type != X86_TYPE_Q && type != X86_TYPE_N) {
181 op->n |= REX_B(s);
182 }
183 } else {
184 op->has_ea = true;
185 op->n = -1;
186 decode->mem = gen_lea_modrm_0(env, s, get_modrm(s, env));
187 }
188 return modrm;
189 }
191 static bool decode_op_size(DisasContext *s, X86OpEntry *e, X86OpSize size, MemOp *ot)
192 {
193 switch (size) {
194 case X86_SIZE_b: /* byte */
195 *ot = MO_8;
196 return true;
198 case X86_SIZE_d: /* 32-bit */
199 case X86_SIZE_ss: /* SSE/AVX scalar single precision */
200 *ot = MO_32;
201 return true;
203 case X86_SIZE_p: /* Far pointer, return offset size */
204 case X86_SIZE_s: /* Descriptor, return offset size */
205 case X86_SIZE_v: /* 16/32/64-bit, based on operand size */
206 *ot = s->dflag;
207 return true;
209 case X86_SIZE_pi: /* MMX */
210 case X86_SIZE_q: /* 64-bit */
211 case X86_SIZE_sd: /* SSE/AVX scalar double precision */
212 *ot = MO_64;
213 return true;
215 case X86_SIZE_w: /* 16-bit */
216 *ot = MO_16;
217 return true;
219 case X86_SIZE_y: /* 32/64-bit, based on operand size */
220 *ot = s->dflag == MO_16 ? MO_32 : s->dflag;
221 return true;
223 case X86_SIZE_z: /* 16-bit for 16-bit operand size, else 32-bit */
224 *ot = s->dflag == MO_16 ? MO_16 : MO_32;
225 return true;
227 case X86_SIZE_dq: /* SSE/AVX 128-bit */
228 if (e->special == X86_SPECIAL_MMX &&
229 !(s->prefix & (PREFIX_DATA | PREFIX_REPZ | PREFIX_REPNZ))) {
230 *ot = MO_64;
231 return true;
232 }
233 if (s->vex_l && e->s0 != X86_SIZE_qq && e->s1 != X86_SIZE_qq) {
234 return false;
235 }
236 *ot = MO_128;
237 return true;
239 case X86_SIZE_qq: /* AVX 256-bit */
240 if (!s->vex_l) {
241 return false;
242 }
243 *ot = MO_256;
244 return true;
246 case X86_SIZE_x: /* 128/256-bit, based on operand size */
247 if (e->special == X86_SPECIAL_MMX &&
248 !(s->prefix & (PREFIX_DATA | PREFIX_REPZ | PREFIX_REPNZ))) {
249 *ot = MO_64;
250 return true;
251 }
252 /* fall through */
253 case X86_SIZE_ps: /* SSE/AVX packed single precision */
254 case X86_SIZE_pd: /* SSE/AVX packed double precision */
255 *ot = s->vex_l ? MO_256 : MO_128;
256 return true;
258 case X86_SIZE_d64: /* Default to 64-bit in 64-bit mode */
259 *ot = CODE64(s) && s->dflag == MO_32 ? MO_64 : s->dflag;
260 return true;
262 case X86_SIZE_f64: /* Ignore size override prefix in 64-bit mode */
263 *ot = CODE64(s) ? MO_64 : s->dflag;
264 return true;
266 default:
267 *ot = -1;
268 return true;
269 }
270 }
272 static bool decode_op(DisasContext *s, CPUX86State *env, X86DecodedInsn *decode,
273 X86DecodedOp *op, X86OpType type, int b)
274 {
275 int modrm;
277 switch (type) {
278 case X86_TYPE_None: /* Implicit or absent */
279 case X86_TYPE_A: /* Implicit */
280 case X86_TYPE_F: /* EFLAGS/RFLAGS */
281 break;
283 case X86_TYPE_B: /* VEX.vvvv selects a GPR */
284 op->unit = X86_OP_INT;
285 op->n = s->vex_v;
286 break;
288 case X86_TYPE_C: /* REG in the modrm byte selects a control register */
289 op->unit = X86_OP_CR;
290 goto get_reg;
292 case X86_TYPE_D: /* REG in the modrm byte selects a debug register */
293 op->unit = X86_OP_DR;
294 goto get_reg;
296 case X86_TYPE_G: /* REG in the modrm byte selects a GPR */
297 op->unit = X86_OP_INT;
298 goto get_reg;
300 case X86_TYPE_S: /* reg selects a segment register */
301 op->unit = X86_OP_SEG;
302 goto get_reg;
304 case X86_TYPE_P:
305 op->unit = X86_OP_MMX;
306 goto get_reg;
308 case X86_TYPE_V: /* reg in the modrm byte selects an XMM/YMM register */
309 if (decode->e.special == X86_SPECIAL_MMX &&
310 !(s->prefix & (PREFIX_DATA | PREFIX_REPZ | PREFIX_REPNZ))) {
311 op->unit = X86_OP_MMX;
312 } else {
313 op->unit = X86_OP_SSE;
314 }
315 get_reg:
316 op->n = ((get_modrm(s, env) >> 3) & 7) | REX_R(s);
317 break;
319 case X86_TYPE_E: /* ALU modrm operand */
320 op->unit = X86_OP_INT;
321 goto get_modrm;
323 case X86_TYPE_Q: /* MMX modrm operand */
324 op->unit = X86_OP_MMX;
325 goto get_modrm;
327 case X86_TYPE_W: /* XMM/YMM modrm operand */
328 if (decode->e.special == X86_SPECIAL_MMX &&
329 !(s->prefix & (PREFIX_DATA | PREFIX_REPZ | PREFIX_REPNZ))) {
330 op->unit = X86_OP_MMX;
331 } else {
332 op->unit = X86_OP_SSE;
333 }
334 goto get_modrm;
336 case X86_TYPE_N: /* R/M in the modrm byte selects an MMX register */
337 op->unit = X86_OP_MMX;
338 goto get_modrm_reg;
340 case X86_TYPE_U: /* R/M in the modrm byte selects an XMM/YMM register */
341 if (decode->e.special == X86_SPECIAL_MMX &&
342 !(s->prefix & (PREFIX_DATA | PREFIX_REPZ | PREFIX_REPNZ))) {
343 op->unit = X86_OP_MMX;
344 } else {
345 op->unit = X86_OP_SSE;
346 }
347 goto get_modrm_reg;
349 case X86_TYPE_R: /* R/M in the modrm byte selects a register */
350 op->unit = X86_OP_INT;
351 get_modrm_reg:
352 modrm = get_modrm(s, env);
353 if ((modrm >> 6) != 3) {
354 return false;
355 }
356 goto get_modrm;
358 case X86_TYPE_M: /* modrm byte selects a memory operand */
359 modrm = get_modrm(s, env);
360 if ((modrm >> 6) == 3) {
361 return false;
362 }
363 get_modrm:
364 decode_modrm(s, env, decode, op, type);
365 break;
367 case X86_TYPE_O: /* Absolute address encoded in the instruction */
368 op->unit = X86_OP_INT;
369 op->has_ea = true;
370 op->n = -1;
371 decode->mem = (AddressParts) {
372 .def_seg = R_DS,
373 .base = -1,
374 .index = -1,
375 .disp = insn_get_addr(env, s, s->aflag)
376 };
377 break;
379 case X86_TYPE_H: /* For AVX, VEX.vvvv selects an XMM/YMM register */
380 if ((s->prefix & PREFIX_VEX)) {
381 op->unit = X86_OP_SSE;
382 op->n = s->vex_v;
383 break;
384 }
385 if (op == &decode->op[0]) {
386 /* shifts place the destination in VEX.vvvv, use modrm */
387 return decode_op(s, env, decode, op, decode->e.op1, b);
388 } else {
389 return decode_op(s, env, decode, op, decode->e.op0, b);
390 }
392 case X86_TYPE_I: /* Immediate */
393 op->unit = X86_OP_IMM;
394 decode->immediate = insn_get_signed(env, s, op->ot);
395 break;
397 case X86_TYPE_J: /* Relative offset for a jump */
398 op->unit = X86_OP_IMM;
399 decode->immediate = insn_get_signed(env, s, op->ot);
400 decode->immediate += s->pc - s->cs_base;
401 if (s->dflag == MO_16) {
402 decode->immediate &= 0xffff;
403 } else if (!CODE64(s)) {
404 decode->immediate &= 0xffffffffu;
405 }
406 break;
408 case X86_TYPE_L: /* The upper 4 bits of the immediate select a 128-bit register */
409 op->n = insn_get(env, s, op->ot) >> 4;
410 break;
412 case X86_TYPE_X: /* string source */
413 op->n = -1;
414 decode->mem = (AddressParts) {
415 .def_seg = R_DS,
416 .base = R_ESI,
417 .index = -1,
418 };
419 break;
421 case X86_TYPE_Y: /* string destination */
422 op->n = -1;
423 decode->mem = (AddressParts) {
424 .def_seg = R_ES,
425 .base = R_EDI,
426 .index = -1,
427 };
428 break;
430 case X86_TYPE_2op:
431 *op = decode->op[0];
432 break;
434 case X86_TYPE_LoBits:
435 op->n = (b & 7) | REX_B(s);
436 op->unit = X86_OP_INT;
437 break;
439 case X86_TYPE_0 ... X86_TYPE_7:
440 op->n = type - X86_TYPE_0;
441 op->unit = X86_OP_INT;
442 break;
444 case X86_TYPE_ES ... X86_TYPE_GS:
445 op->n = type - X86_TYPE_ES;
446 op->unit = X86_OP_SEG;
447 break;
448 }
450 return true;
451 }
453 static bool decode_insn(DisasContext *s, CPUX86State *env, X86DecodeFunc decode_func,
454 X86DecodedInsn *decode)
455 {
456 X86OpEntry *e = &decode->e;
458 decode_func(s, env, e, &decode->b);
459 while (e->is_decode) {
460 e->is_decode = false;
461 e->decode(s, env, e, &decode->b);
462 }
464 /* First compute size of operands in order to initialize s->rip_offset. */
465 if (e->op0 != X86_TYPE_None) {
466 if (!decode_op_size(s, e, e->s0, &decode->op[0].ot)) {
467 return false;
468 }
469 if (e->op0 == X86_TYPE_I) {
470 s->rip_offset += 1 << decode->op[0].ot;
471 }
472 }
473 if (e->op1 != X86_TYPE_None) {
474 if (!decode_op_size(s, e, e->s1, &decode->op[1].ot)) {
475 return false;
476 }
477 if (e->op1 == X86_TYPE_I) {
478 s->rip_offset += 1 << decode->op[1].ot;
479 }
480 }
481 if (e->op2 != X86_TYPE_None) {
482 if (!decode_op_size(s, e, e->s2, &decode->op[2].ot)) {
483 return false;
484 }
485 if (e->op2 == X86_TYPE_I) {
486 s->rip_offset += 1 << decode->op[2].ot;
487 }
488 }
489 if (e->op3 != X86_TYPE_None) {
490 assert(e->op3 == X86_TYPE_I && e->s3 == X86_SIZE_b);
491 s->rip_offset += 1;
492 }
494 if (e->op0 != X86_TYPE_None &&
495 !decode_op(s, env, decode, &decode->op[0], e->op0, decode->b)) {
496 return false;
497 }
499 if (e->op1 != X86_TYPE_None &&
500 !decode_op(s, env, decode, &decode->op[1], e->op1, decode->b)) {
501 return false;
502 }
504 if (e->op2 != X86_TYPE_None &&
505 !decode_op(s, env, decode, &decode->op[2], e->op2, decode->b)) {
506 return false;
507 }
509 if (e->op3 != X86_TYPE_None) {
510 decode->immediate = insn_get_signed(env, s, MO_8);
511 }
513 return true;
514 }
516 /*
517 * Convert one instruction. s->base.is_jmp is set if the translation must
518 * be stopped.
519 */
520 static void disas_insn_new(DisasContext *s, CPUState *cpu, int b)
521 {
522 CPUX86State *env = cpu->env_ptr;
523 bool first = true;
524 X86DecodedInsn decode;
525 X86DecodeFunc decode_func = decode_root;
527 #ifdef CONFIG_USER_ONLY
528 if (limit) { --limit; }
529 #endif
530 s->has_modrm = false;
532 next_byte:
533 if (first) {
534 first = false;
535 } else {
536 b = x86_ldub_code(env, s);
537 }
538 /* Collect prefixes. */
539 switch (b) {
540 case 0xf3:
541 s->prefix |= PREFIX_REPZ;
542 s->prefix &= ~PREFIX_REPNZ;
543 goto next_byte;
544 case 0xf2:
545 s->prefix |= PREFIX_REPNZ;
546 s->prefix &= ~PREFIX_REPZ;
547 goto next_byte;
548 case 0xf0:
549 s->prefix |= PREFIX_LOCK;
550 goto next_byte;
551 case 0x2e:
552 s->override = R_CS;
553 goto next_byte;
554 case 0x36:
555 s->override = R_SS;
556 goto next_byte;
557 case 0x3e:
558 s->override = R_DS;
559 goto next_byte;
560 case 0x26:
561 s->override = R_ES;
562 goto next_byte;
563 case 0x64:
564 s->override = R_FS;
565 goto next_byte;
566 case 0x65:
567 s->override = R_GS;
568 goto next_byte;
569 case 0x66:
570 s->prefix |= PREFIX_DATA;
571 goto next_byte;
572 case 0x67:
573 s->prefix |= PREFIX_ADR;
574 goto next_byte;
575 #ifdef TARGET_X86_64
576 case 0x40 ... 0x4f:
577 if (CODE64(s)) {
578 /* REX prefix */
579 s->prefix |= PREFIX_REX;
580 s->vex_w = (b >> 3) & 1;
581 s->rex_r = (b & 0x4) << 1;
582 s->rex_x = (b & 0x2) << 2;
583 s->rex_b = (b & 0x1) << 3;
584 goto next_byte;
585 }
586 break;
587 #endif
588 case 0xc5: /* 2-byte VEX */
589 case 0xc4: /* 3-byte VEX */
590 /*
591 * VEX prefixes cannot be used except in 32-bit mode.
592 * Otherwise the instruction is LES or LDS.
593 */
594 if (CODE32(s) && !VM86(s)) {
595 static const int pp_prefix[4] = {
596 0, PREFIX_DATA, PREFIX_REPZ, PREFIX_REPNZ
597 };
598 int vex3, vex2 = x86_ldub_code(env, s);
600 if (!CODE64(s) && (vex2 & 0xc0) != 0xc0) {
601 /*
602 * 4.1.4.6: In 32-bit mode, bits [7:6] must be 11b,
603 * otherwise the instruction is LES or LDS.
604 */
605 s->pc--; /* rewind the advance_pc() x86_ldub_code() did */
606 break;
607 }
609 /* 4.1.1-4.1.3: No preceding lock, 66, f2, f3, or rex prefixes. */
610 if (s->prefix & (PREFIX_REPZ | PREFIX_REPNZ
611 | PREFIX_LOCK | PREFIX_DATA | PREFIX_REX)) {
612 goto illegal_op;
613 }
614 #ifdef TARGET_X86_64
615 s->rex_r = (~vex2 >> 4) & 8;
616 #endif
617 if (b == 0xc5) {
618 /* 2-byte VEX prefix: RVVVVlpp, implied 0f leading opcode byte */
619 vex3 = vex2;
620 decode_func = decode_0F;
621 } else {
622 /* 3-byte VEX prefix: RXBmmmmm wVVVVlpp */
623 vex3 = x86_ldub_code(env, s);
624 #ifdef TARGET_X86_64
625 s->rex_x = (~vex2 >> 3) & 8;
626 s->rex_b = (~vex2 >> 2) & 8;
627 #endif
628 s->vex_w = (vex3 >> 7) & 1;
629 switch (vex2 & 0x1f) {
630 case 0x01: /* Implied 0f leading opcode bytes. */
631 decode_func = decode_0F;
632 break;
633 case 0x02: /* Implied 0f 38 leading opcode bytes. */
634 decode_func = decode_0F38;
635 break;
636 case 0x03: /* Implied 0f 3a leading opcode bytes. */
637 decode_func = decode_0F3A;
638 break;
639 default: /* Reserved for future use. */
640 goto unknown_op;
641 }
642 }
643 s->vex_v = (~vex3 >> 3) & 0xf;
644 s->vex_l = (vex3 >> 2) & 1;
645 s->prefix |= pp_prefix[vex3 & 3] | PREFIX_VEX;
646 }
647 break;
648 default:
649 if (b >= 0x100) {
650 b -= 0x100;
651 decode_func = do_decode_0F;
652 }
653 break;
654 }
656 /* Post-process prefixes. */
657 if (CODE64(s)) {
658 /*
659 * In 64-bit mode, the default data size is 32-bit. Select 64-bit
660 * data with rex_w, and 16-bit data with 0x66; rex_w takes precedence
661 * over 0x66 if both are present.
662 */
663 s->dflag = (REX_W(s) ? MO_64 : s->prefix & PREFIX_DATA ? MO_16 : MO_32);
664 /* In 64-bit mode, 0x67 selects 32-bit addressing. */
665 s->aflag = (s->prefix & PREFIX_ADR ? MO_32 : MO_64);
666 } else {
667 /* In 16/32-bit mode, 0x66 selects the opposite data size. */
668 if (CODE32(s) ^ ((s->prefix & PREFIX_DATA) != 0)) {
669 s->dflag = MO_32;
670 } else {
671 s->dflag = MO_16;
672 }
673 /* In 16/32-bit mode, 0x67 selects the opposite addressing. */
674 if (CODE32(s) ^ ((s->prefix & PREFIX_ADR) != 0)) {
675 s->aflag = MO_32;
676 } else {
677 s->aflag = MO_16;
678 }
679 }
681 memset(&decode, 0, sizeof(decode));
682 decode.b = b;
683 if (!decode_insn(s, env, decode_func, &decode)) {
684 goto illegal_op;
685 }
686 if (!decode.e.gen) {
687 goto unknown_op;
688 }
690 switch (decode.e.special) {
691 case X86_SPECIAL_None:
692 break;
694 case X86_SPECIAL_Locked:
695 if (decode.op[0].has_ea) {
696 s->prefix |= PREFIX_LOCK;
697 }
698 break;
700 case X86_SPECIAL_ProtMode:
701 if (!PE(s) || VM86(s)) {
702 goto illegal_op;
703 }
704 break;
706 case X86_SPECIAL_i64:
707 if (CODE64(s)) {
708 goto illegal_op;
709 }
710 break;
711 case X86_SPECIAL_o64:
712 if (!CODE64(s)) {
713 goto illegal_op;
714 }
715 break;
717 case X86_SPECIAL_ZExtOp0:
718 assert(decode.op[0].unit == X86_OP_INT);
719 if (!decode.op[0].has_ea) {
720 decode.op[0].ot = MO_32;
721 }
722 break;
724 case X86_SPECIAL_ZExtOp2:
725 assert(decode.op[2].unit == X86_OP_INT);
726 if (!decode.op[2].has_ea) {
727 decode.op[2].ot = MO_32;
728 }
729 break;
731 case X86_SPECIAL_MMX:
732 if (!(s->prefix & (PREFIX_REPZ | PREFIX_REPNZ | PREFIX_DATA))) {
733 gen_helper_enter_mmx(cpu_env);
734 }
735 break;
736 }
738 if (decode.op[0].has_ea || decode.op[1].has_ea || decode.op[2].has_ea) {
739 gen_load_ea(s, &decode.mem);
740 }
741 decode.e.gen(s, env, &decode);
742 return;
743 illegal_op:
744 gen_illegal_opcode(s);
745 return;
746 unknown_op:
747 gen_unknown_opcode(env, s);
748 }