search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
ui: avoid pointless VNC updates if framebuffer isn't dirty
[qemu/ar7.git] / target / arm / translate.c
blob781be1e219fab07f3085c2a495d454beb929c7cf
1 /*
2 * ARM translation
3 *
4 * Copyright (c) 2003 Fabrice Bellard
5 * Copyright (c) 2005-2007 CodeSourcery
6 * Copyright (c) 2007 OpenedHand, Ltd.
7 *
8 * This library is free software; you can redistribute it and/or
9 * modify it under the terms of the GNU Lesser General Public
10 * License as published by the Free Software Foundation; either
11 * version 2 of the License, or (at your option) any later version.
12 *
13 * This library is distributed in the hope that it will be useful,
14 * but WITHOUT ANY WARRANTY; without even the implied warranty of
15 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
16 * Lesser General Public License for more details.
17 *
18 * You should have received a copy of the GNU Lesser General Public
19 * License along with this library; if not, see <http://www.gnu.org/licenses/>.
20 */
21 #include "qemu/osdep.h"
22
23 #include "cpu.h"
24 #include "internals.h"
25 #include "disas/disas.h"
26 #include "exec/exec-all.h"
27 #include "tcg-op.h"
28 #include "qemu/log.h"
29 #include "qemu/bitops.h"
30 #include "arm_ldst.h"
31 #include "exec/semihost.h"
32
33 #include "exec/helper-proto.h"
34 #include "exec/helper-gen.h"
35
36 #include "trace-tcg.h"
37 #include "exec/log.h"
38
39
40 #define ENABLE_ARCH_4T arm_dc_feature(s, ARM_FEATURE_V4T)
41 #define ENABLE_ARCH_5 arm_dc_feature(s, ARM_FEATURE_V5)
42 /* currently all emulated v5 cores are also v5TE, so don't bother */
43 #define ENABLE_ARCH_5TE arm_dc_feature(s, ARM_FEATURE_V5)
44 #define ENABLE_ARCH_5J arm_dc_feature(s, ARM_FEATURE_JAZELLE)
45 #define ENABLE_ARCH_6 arm_dc_feature(s, ARM_FEATURE_V6)
46 #define ENABLE_ARCH_6K arm_dc_feature(s, ARM_FEATURE_V6K)
47 #define ENABLE_ARCH_6T2 arm_dc_feature(s, ARM_FEATURE_THUMB2)
48 #define ENABLE_ARCH_7 arm_dc_feature(s, ARM_FEATURE_V7)
49 #define ENABLE_ARCH_8 arm_dc_feature(s, ARM_FEATURE_V8)
50
51 #define ARCH(x) do { if (!ENABLE_ARCH_##x) goto illegal_op; } while(0)
52
53 #include "translate.h"
54
55 #if defined(CONFIG_USER_ONLY)
56 #define IS_USER(s) 1
57 #else
58 #define IS_USER(s) (s->user)
59 #endif
60
61 /* We reuse the same 64-bit temporaries for efficiency. */
62 static TCGv_i64 cpu_V0, cpu_V1, cpu_M0;
63 static TCGv_i32 cpu_R[16];
64 TCGv_i32 cpu_CF, cpu_NF, cpu_VF, cpu_ZF;
65 TCGv_i64 cpu_exclusive_addr;
66 TCGv_i64 cpu_exclusive_val;
67
68 /* FIXME: These should be removed. */
69 static TCGv_i32 cpu_F0s, cpu_F1s;
70 static TCGv_i64 cpu_F0d, cpu_F1d;
71
72 #include "exec/gen-icount.h"
73
74 static const char *regnames[] =
75 { "r0", "r1", "r2", "r3", "r4", "r5", "r6", "r7",
76 "r8", "r9", "r10", "r11", "r12", "r13", "r14", "pc" };
77
78 /* initialize TCG globals. */
79 void arm_translate_init(void)
80 {
81 int i;
82
83 for (i = 0; i < 16; i++) {
84 cpu_R[i] = tcg_global_mem_new_i32(cpu_env,
85 offsetof(CPUARMState, regs[i]),
86 regnames[i]);
87 }
88 cpu_CF = tcg_global_mem_new_i32(cpu_env, offsetof(CPUARMState, CF), "CF");
89 cpu_NF = tcg_global_mem_new_i32(cpu_env, offsetof(CPUARMState, NF), "NF");
90 cpu_VF = tcg_global_mem_new_i32(cpu_env, offsetof(CPUARMState, VF), "VF");
91 cpu_ZF = tcg_global_mem_new_i32(cpu_env, offsetof(CPUARMState, ZF), "ZF");
92
93 cpu_exclusive_addr = tcg_global_mem_new_i64(cpu_env,
94 offsetof(CPUARMState, exclusive_addr), "exclusive_addr");
95 cpu_exclusive_val = tcg_global_mem_new_i64(cpu_env,
96 offsetof(CPUARMState, exclusive_val), "exclusive_val");
97
98 a64_translate_init();
99 }
100
101 /* Flags for the disas_set_da_iss info argument:
102 * lower bits hold the Rt register number, higher bits are flags.
103 */
104 typedef enum ISSInfo {
105 ISSNone = 0,
106 ISSRegMask = 0x1f,
107 ISSInvalid = (1 << 5),
108 ISSIsAcqRel = (1 << 6),
109 ISSIsWrite = (1 << 7),
110 ISSIs16Bit = (1 << 8),
111 } ISSInfo;
112
113 /* Save the syndrome information for a Data Abort */
114 static void disas_set_da_iss(DisasContext *s, TCGMemOp memop, ISSInfo issinfo)
115 {
116 uint32_t syn;
117 int sas = memop & MO_SIZE;
118 bool sse = memop & MO_SIGN;
119 bool is_acqrel = issinfo & ISSIsAcqRel;
120 bool is_write = issinfo & ISSIsWrite;
121 bool is_16bit = issinfo & ISSIs16Bit;
122 int srt = issinfo & ISSRegMask;
123
124 if (issinfo & ISSInvalid) {
125 /* Some callsites want to conditionally provide ISS info,
126 * eg "only if this was not a writeback"
127 */
128 return;
129 }
130
131 if (srt == 15) {
132 /* For AArch32, insns where the src/dest is R15 never generate
133 * ISS information. Catching that here saves checking at all
134 * the call sites.
135 */
136 return;
137 }
138
139 syn = syn_data_abort_with_iss(0, sas, sse, srt, 0, is_acqrel,
140 0, 0, 0, is_write, 0, is_16bit);
141 disas_set_insn_syndrome(s, syn);
142 }
143
144 static inline int get_a32_user_mem_index(DisasContext *s)
145 {
146 /* Return the core mmu_idx to use for A32/T32 "unprivileged load/store"
147 * insns:
148 * if PL2, UNPREDICTABLE (we choose to implement as if PL0)
149 * otherwise, access as if at PL0.
150 */
151 switch (s->mmu_idx) {
152 case ARMMMUIdx_S1E2: /* this one is UNPREDICTABLE */
153 case ARMMMUIdx_S12NSE0:
154 case ARMMMUIdx_S12NSE1:
155 return arm_to_core_mmu_idx(ARMMMUIdx_S12NSE0);
156 case ARMMMUIdx_S1E3:
157 case ARMMMUIdx_S1SE0:
158 case ARMMMUIdx_S1SE1:
159 return arm_to_core_mmu_idx(ARMMMUIdx_S1SE0);
160 case ARMMMUIdx_MUser:
161 case ARMMMUIdx_MPriv:
162 return arm_to_core_mmu_idx(ARMMMUIdx_MUser);
163 case ARMMMUIdx_MUserNegPri:
164 case ARMMMUIdx_MPrivNegPri:
165 return arm_to_core_mmu_idx(ARMMMUIdx_MUserNegPri);
166 case ARMMMUIdx_MSUser:
167 case ARMMMUIdx_MSPriv:
168 return arm_to_core_mmu_idx(ARMMMUIdx_MSUser);
169 case ARMMMUIdx_MSUserNegPri:
170 case ARMMMUIdx_MSPrivNegPri:
171 return arm_to_core_mmu_idx(ARMMMUIdx_MSUserNegPri);
172 case ARMMMUIdx_S2NS:
173 default:
174 g_assert_not_reached();
175 }
176 }
177
178 static inline TCGv_i32 load_cpu_offset(int offset)
179 {
180 TCGv_i32 tmp = tcg_temp_new_i32();
181 tcg_gen_ld_i32(tmp, cpu_env, offset);
182 return tmp;
183 }
184
185 #define load_cpu_field(name) load_cpu_offset(offsetof(CPUARMState, name))
186
187 static inline void store_cpu_offset(TCGv_i32 var, int offset)
188 {
189 tcg_gen_st_i32(var, cpu_env, offset);
190 tcg_temp_free_i32(var);
191 }
192
193 #define store_cpu_field(var, name) \
194 store_cpu_offset(var, offsetof(CPUARMState, name))
195
196 /* Set a variable to the value of a CPU register. */
197 static void load_reg_var(DisasContext *s, TCGv_i32 var, int reg)
198 {
199 if (reg == 15) {
200 uint32_t addr;
201 /* normally, since we updated PC, we need only to add one insn */
202 if (s->thumb)
203 addr = (long)s->pc + 2;
204 else
205 addr = (long)s->pc + 4;
206 tcg_gen_movi_i32(var, addr);
207 } else {
208 tcg_gen_mov_i32(var, cpu_R[reg]);
209 }
210 }
211
212 /* Create a new temporary and set it to the value of a CPU register. */
213 static inline TCGv_i32 load_reg(DisasContext *s, int reg)
214 {
215 TCGv_i32 tmp = tcg_temp_new_i32();
216 load_reg_var(s, tmp, reg);
217 return tmp;
218 }
219
220 /* Set a CPU register. The source must be a temporary and will be
221 marked as dead. */
222 static void store_reg(DisasContext *s, int reg, TCGv_i32 var)
223 {
224 if (reg == 15) {
225 /* In Thumb mode, we must ignore bit 0.
226 * In ARM mode, for ARMv4 and ARMv5, it is UNPREDICTABLE if bits [1:0]
227 * are not 0b00, but for ARMv6 and above, we must ignore bits [1:0].
228 * We choose to ignore [1:0] in ARM mode for all architecture versions.
229 */
230 tcg_gen_andi_i32(var, var, s->thumb ? ~1 : ~3);
231 s->base.is_jmp = DISAS_JUMP;
232 }
233 tcg_gen_mov_i32(cpu_R[reg], var);
234 tcg_temp_free_i32(var);
235 }
236
237 /* Value extensions. */
238 #define gen_uxtb(var) tcg_gen_ext8u_i32(var, var)
239 #define gen_uxth(var) tcg_gen_ext16u_i32(var, var)
240 #define gen_sxtb(var) tcg_gen_ext8s_i32(var, var)
241 #define gen_sxth(var) tcg_gen_ext16s_i32(var, var)
242
243 #define gen_sxtb16(var) gen_helper_sxtb16(var, var)
244 #define gen_uxtb16(var) gen_helper_uxtb16(var, var)
245
246
247 static inline void gen_set_cpsr(TCGv_i32 var, uint32_t mask)
248 {
249 TCGv_i32 tmp_mask = tcg_const_i32(mask);
250 gen_helper_cpsr_write(cpu_env, var, tmp_mask);
251 tcg_temp_free_i32(tmp_mask);
252 }
253 /* Set NZCV flags from the high 4 bits of var. */
254 #define gen_set_nzcv(var) gen_set_cpsr(var, CPSR_NZCV)
255
256 static void gen_exception_internal(int excp)
257 {
258 TCGv_i32 tcg_excp = tcg_const_i32(excp);
259
260 assert(excp_is_internal(excp));
261 gen_helper_exception_internal(cpu_env, tcg_excp);
262 tcg_temp_free_i32(tcg_excp);
263 }
264
265 static void gen_exception(int excp, uint32_t syndrome, uint32_t target_el)
266 {
267 TCGv_i32 tcg_excp = tcg_const_i32(excp);
268 TCGv_i32 tcg_syn = tcg_const_i32(syndrome);
269 TCGv_i32 tcg_el = tcg_const_i32(target_el);
270
271 gen_helper_exception_with_syndrome(cpu_env, tcg_excp,
272 tcg_syn, tcg_el);
273
274 tcg_temp_free_i32(tcg_el);
275 tcg_temp_free_i32(tcg_syn);
276 tcg_temp_free_i32(tcg_excp);
277 }
278
279 static void gen_ss_advance(DisasContext *s)
280 {
281 /* If the singlestep state is Active-not-pending, advance to
282 * Active-pending.
283 */
284 if (s->ss_active) {
285 s->pstate_ss = 0;
286 gen_helper_clear_pstate_ss(cpu_env);
287 }
288 }
289
290 static void gen_step_complete_exception(DisasContext *s)
291 {
292 /* We just completed step of an insn. Move from Active-not-pending
293 * to Active-pending, and then also take the swstep exception.
294 * This corresponds to making the (IMPDEF) choice to prioritize
295 * swstep exceptions over asynchronous exceptions taken to an exception
296 * level where debug is disabled. This choice has the advantage that
297 * we do not need to maintain internal state corresponding to the
298 * ISV/EX syndrome bits between completion of the step and generation
299 * of the exception, and our syndrome information is always correct.
300 */
301 gen_ss_advance(s);
302 gen_exception(EXCP_UDEF, syn_swstep(s->ss_same_el, 1, s->is_ldex),
303 default_exception_el(s));
304 s->base.is_jmp = DISAS_NORETURN;
305 }
306
307 static void gen_singlestep_exception(DisasContext *s)
308 {
309 /* Generate the right kind of exception for singlestep, which is
310 * either the architectural singlestep or EXCP_DEBUG for QEMU's
311 * gdb singlestepping.
312 */
313 if (s->ss_active) {
314 gen_step_complete_exception(s);
315 } else {
316 gen_exception_internal(EXCP_DEBUG);
317 }
318 }
319
320 static inline bool is_singlestepping(DisasContext *s)
321 {
322 /* Return true if we are singlestepping either because of
323 * architectural singlestep or QEMU gdbstub singlestep. This does
324 * not include the command line '-singlestep' mode which is rather
325 * misnamed as it only means "one instruction per TB" and doesn't
326 * affect the code we generate.
327 */
328 return s->base.singlestep_enabled || s->ss_active;
329 }
330
331 static void gen_smul_dual(TCGv_i32 a, TCGv_i32 b)
332 {
333 TCGv_i32 tmp1 = tcg_temp_new_i32();
334 TCGv_i32 tmp2 = tcg_temp_new_i32();
335 tcg_gen_ext16s_i32(tmp1, a);
336 tcg_gen_ext16s_i32(tmp2, b);
337 tcg_gen_mul_i32(tmp1, tmp1, tmp2);
338 tcg_temp_free_i32(tmp2);
339 tcg_gen_sari_i32(a, a, 16);
340 tcg_gen_sari_i32(b, b, 16);
341 tcg_gen_mul_i32(b, b, a);
342 tcg_gen_mov_i32(a, tmp1);
343 tcg_temp_free_i32(tmp1);
344 }
345
346 /* Byteswap each halfword. */
347 static void gen_rev16(TCGv_i32 var)
348 {
349 TCGv_i32 tmp = tcg_temp_new_i32();
350 TCGv_i32 mask = tcg_const_i32(0x00ff00ff);
351 tcg_gen_shri_i32(tmp, var, 8);
352 tcg_gen_and_i32(tmp, tmp, mask);
353 tcg_gen_and_i32(var, var, mask);
354 tcg_gen_shli_i32(var, var, 8);
355 tcg_gen_or_i32(var, var, tmp);
356 tcg_temp_free_i32(mask);
357 tcg_temp_free_i32(tmp);
358 }
359
360 /* Byteswap low halfword and sign extend. */
361 static void gen_revsh(TCGv_i32 var)
362 {
363 tcg_gen_ext16u_i32(var, var);
364 tcg_gen_bswap16_i32(var, var);
365 tcg_gen_ext16s_i32(var, var);
366 }
367
368 /* Return (b << 32) + a. Mark inputs as dead */
369 static TCGv_i64 gen_addq_msw(TCGv_i64 a, TCGv_i32 b)
370 {
371 TCGv_i64 tmp64 = tcg_temp_new_i64();
372
373 tcg_gen_extu_i32_i64(tmp64, b);
374 tcg_temp_free_i32(b);
375 tcg_gen_shli_i64(tmp64, tmp64, 32);
376 tcg_gen_add_i64(a, tmp64, a);
377
378 tcg_temp_free_i64(tmp64);
379 return a;
380 }
381
382 /* Return (b << 32) - a. Mark inputs as dead. */
383 static TCGv_i64 gen_subq_msw(TCGv_i64 a, TCGv_i32 b)
384 {
385 TCGv_i64 tmp64 = tcg_temp_new_i64();
386
387 tcg_gen_extu_i32_i64(tmp64, b);
388 tcg_temp_free_i32(b);
389 tcg_gen_shli_i64(tmp64, tmp64, 32);
390 tcg_gen_sub_i64(a, tmp64, a);
391
392 tcg_temp_free_i64(tmp64);
393 return a;
394 }
395
396 /* 32x32->64 multiply. Marks inputs as dead. */
397 static TCGv_i64 gen_mulu_i64_i32(TCGv_i32 a, TCGv_i32 b)
398 {
399 TCGv_i32 lo = tcg_temp_new_i32();
400 TCGv_i32 hi = tcg_temp_new_i32();
401 TCGv_i64 ret;
402
403 tcg_gen_mulu2_i32(lo, hi, a, b);
404 tcg_temp_free_i32(a);
405 tcg_temp_free_i32(b);
406
407 ret = tcg_temp_new_i64();
408 tcg_gen_concat_i32_i64(ret, lo, hi);
409 tcg_temp_free_i32(lo);
410 tcg_temp_free_i32(hi);
411
412 return ret;
413 }
414
415 static TCGv_i64 gen_muls_i64_i32(TCGv_i32 a, TCGv_i32 b)
416 {
417 TCGv_i32 lo = tcg_temp_new_i32();
418 TCGv_i32 hi = tcg_temp_new_i32();
419 TCGv_i64 ret;
420
421 tcg_gen_muls2_i32(lo, hi, a, b);
422 tcg_temp_free_i32(a);
423 tcg_temp_free_i32(b);
424
425 ret = tcg_temp_new_i64();
426 tcg_gen_concat_i32_i64(ret, lo, hi);
427 tcg_temp_free_i32(lo);
428 tcg_temp_free_i32(hi);
429
430 return ret;
431 }
432
433 /* Swap low and high halfwords. */
434 static void gen_swap_half(TCGv_i32 var)
435 {
436 TCGv_i32 tmp = tcg_temp_new_i32();
437 tcg_gen_shri_i32(tmp, var, 16);
438 tcg_gen_shli_i32(var, var, 16);
439 tcg_gen_or_i32(var, var, tmp);
440 tcg_temp_free_i32(tmp);
441 }
442
443 /* Dual 16-bit add. Result placed in t0 and t1 is marked as dead.
444 tmp = (t0 ^ t1) & 0x8000;
445 t0 &= ~0x8000;
446 t1 &= ~0x8000;
447 t0 = (t0 + t1) ^ tmp;
448 */
449
450 static void gen_add16(TCGv_i32 t0, TCGv_i32 t1)
451 {
452 TCGv_i32 tmp = tcg_temp_new_i32();
453 tcg_gen_xor_i32(tmp, t0, t1);
454 tcg_gen_andi_i32(tmp, tmp, 0x8000);
455 tcg_gen_andi_i32(t0, t0, ~0x8000);
456 tcg_gen_andi_i32(t1, t1, ~0x8000);
457 tcg_gen_add_i32(t0, t0, t1);
458 tcg_gen_xor_i32(t0, t0, tmp);
459 tcg_temp_free_i32(tmp);
460 tcg_temp_free_i32(t1);
461 }
462
463 /* Set CF to the top bit of var. */
464 static void gen_set_CF_bit31(TCGv_i32 var)
465 {
466 tcg_gen_shri_i32(cpu_CF, var, 31);
467 }
468
469 /* Set N and Z flags from var. */
470 static inline void gen_logic_CC(TCGv_i32 var)
471 {
472 tcg_gen_mov_i32(cpu_NF, var);
473 tcg_gen_mov_i32(cpu_ZF, var);
474 }
475
476 /* T0 += T1 + CF. */
477 static void gen_adc(TCGv_i32 t0, TCGv_i32 t1)
478 {
479 tcg_gen_add_i32(t0, t0, t1);
480 tcg_gen_add_i32(t0, t0, cpu_CF);
481 }
482
483 /* dest = T0 + T1 + CF. */
484 static void gen_add_carry(TCGv_i32 dest, TCGv_i32 t0, TCGv_i32 t1)
485 {
486 tcg_gen_add_i32(dest, t0, t1);
487 tcg_gen_add_i32(dest, dest, cpu_CF);
488 }
489
490 /* dest = T0 - T1 + CF - 1. */
491 static void gen_sub_carry(TCGv_i32 dest, TCGv_i32 t0, TCGv_i32 t1)
492 {
493 tcg_gen_sub_i32(dest, t0, t1);
494 tcg_gen_add_i32(dest, dest, cpu_CF);
495 tcg_gen_subi_i32(dest, dest, 1);
496 }
497
498 /* dest = T0 + T1. Compute C, N, V and Z flags */
499 static void gen_add_CC(TCGv_i32 dest, TCGv_i32 t0, TCGv_i32 t1)
500 {
501 TCGv_i32 tmp = tcg_temp_new_i32();
502 tcg_gen_movi_i32(tmp, 0);
503 tcg_gen_add2_i32(cpu_NF, cpu_CF, t0, tmp, t1, tmp);
504 tcg_gen_mov_i32(cpu_ZF, cpu_NF);
505 tcg_gen_xor_i32(cpu_VF, cpu_NF, t0);
506 tcg_gen_xor_i32(tmp, t0, t1);
507 tcg_gen_andc_i32(cpu_VF, cpu_VF, tmp);
508 tcg_temp_free_i32(tmp);
509 tcg_gen_mov_i32(dest, cpu_NF);
510 }
511
512 /* dest = T0 + T1 + CF. Compute C, N, V and Z flags */
513 static void gen_adc_CC(TCGv_i32 dest, TCGv_i32 t0, TCGv_i32 t1)
514 {
515 TCGv_i32 tmp = tcg_temp_new_i32();
516 if (TCG_TARGET_HAS_add2_i32) {
517 tcg_gen_movi_i32(tmp, 0);
518 tcg_gen_add2_i32(cpu_NF, cpu_CF, t0, tmp, cpu_CF, tmp);
519 tcg_gen_add2_i32(cpu_NF, cpu_CF, cpu_NF, cpu_CF, t1, tmp);
520 } else {
521 TCGv_i64 q0 = tcg_temp_new_i64();
522 TCGv_i64 q1 = tcg_temp_new_i64();
523 tcg_gen_extu_i32_i64(q0, t0);
524 tcg_gen_extu_i32_i64(q1, t1);
525 tcg_gen_add_i64(q0, q0, q1);
526 tcg_gen_extu_i32_i64(q1, cpu_CF);
527 tcg_gen_add_i64(q0, q0, q1);
528 tcg_gen_extr_i64_i32(cpu_NF, cpu_CF, q0);
529 tcg_temp_free_i64(q0);
530 tcg_temp_free_i64(q1);
531 }
532 tcg_gen_mov_i32(cpu_ZF, cpu_NF);
533 tcg_gen_xor_i32(cpu_VF, cpu_NF, t0);
534 tcg_gen_xor_i32(tmp, t0, t1);
535 tcg_gen_andc_i32(cpu_VF, cpu_VF, tmp);
536 tcg_temp_free_i32(tmp);
537 tcg_gen_mov_i32(dest, cpu_NF);
538 }
539
540 /* dest = T0 - T1. Compute C, N, V and Z flags */
541 static void gen_sub_CC(TCGv_i32 dest, TCGv_i32 t0, TCGv_i32 t1)
542 {
543 TCGv_i32 tmp;
544 tcg_gen_sub_i32(cpu_NF, t0, t1);
545 tcg_gen_mov_i32(cpu_ZF, cpu_NF);
546 tcg_gen_setcond_i32(TCG_COND_GEU, cpu_CF, t0, t1);
547 tcg_gen_xor_i32(cpu_VF, cpu_NF, t0);
548 tmp = tcg_temp_new_i32();
549 tcg_gen_xor_i32(tmp, t0, t1);
550 tcg_gen_and_i32(cpu_VF, cpu_VF, tmp);
551 tcg_temp_free_i32(tmp);
552 tcg_gen_mov_i32(dest, cpu_NF);
553 }
554
555 /* dest = T0 + ~T1 + CF. Compute C, N, V and Z flags */
556 static void gen_sbc_CC(TCGv_i32 dest, TCGv_i32 t0, TCGv_i32 t1)
557 {
558 TCGv_i32 tmp = tcg_temp_new_i32();
559 tcg_gen_not_i32(tmp, t1);
560 gen_adc_CC(dest, t0, tmp);
561 tcg_temp_free_i32(tmp);
562 }
563
564 #define GEN_SHIFT(name) \
565 static void gen_##name(TCGv_i32 dest, TCGv_i32 t0, TCGv_i32 t1) \
566 { \
567 TCGv_i32 tmp1, tmp2, tmp3; \
568 tmp1 = tcg_temp_new_i32(); \
569 tcg_gen_andi_i32(tmp1, t1, 0xff); \
570 tmp2 = tcg_const_i32(0); \
571 tmp3 = tcg_const_i32(0x1f); \
572 tcg_gen_movcond_i32(TCG_COND_GTU, tmp2, tmp1, tmp3, tmp2, t0); \
573 tcg_temp_free_i32(tmp3); \
574 tcg_gen_andi_i32(tmp1, tmp1, 0x1f); \
575 tcg_gen_##name##_i32(dest, tmp2, tmp1); \
576 tcg_temp_free_i32(tmp2); \
577 tcg_temp_free_i32(tmp1); \
578 }
579 GEN_SHIFT(shl)
580 GEN_SHIFT(shr)
581 #undef GEN_SHIFT
582
583 static void gen_sar(TCGv_i32 dest, TCGv_i32 t0, TCGv_i32 t1)
584 {
585 TCGv_i32 tmp1, tmp2;
586 tmp1 = tcg_temp_new_i32();
587 tcg_gen_andi_i32(tmp1, t1, 0xff);
588 tmp2 = tcg_const_i32(0x1f);
589 tcg_gen_movcond_i32(TCG_COND_GTU, tmp1, tmp1, tmp2, tmp2, tmp1);
590 tcg_temp_free_i32(tmp2);
591 tcg_gen_sar_i32(dest, t0, tmp1);
592 tcg_temp_free_i32(tmp1);
593 }
594
595 static void tcg_gen_abs_i32(TCGv_i32 dest, TCGv_i32 src)
596 {
597 TCGv_i32 c0 = tcg_const_i32(0);
598 TCGv_i32 tmp = tcg_temp_new_i32();
599 tcg_gen_neg_i32(tmp, src);
600 tcg_gen_movcond_i32(TCG_COND_GT, dest, src, c0, src, tmp);
601 tcg_temp_free_i32(c0);
602 tcg_temp_free_i32(tmp);
603 }
604
605 static void shifter_out_im(TCGv_i32 var, int shift)
606 {
607 if (shift == 0) {
608 tcg_gen_andi_i32(cpu_CF, var, 1);
609 } else {
610 tcg_gen_shri_i32(cpu_CF, var, shift);
611 if (shift != 31) {
612 tcg_gen_andi_i32(cpu_CF, cpu_CF, 1);
613 }
614 }
615 }
616
617 /* Shift by immediate. Includes special handling for shift == 0. */
618 static inline void gen_arm_shift_im(TCGv_i32 var, int shiftop,
619 int shift, int flags)
620 {
621 switch (shiftop) {
622 case 0: /* LSL */
623 if (shift != 0) {
624 if (flags)
625 shifter_out_im(var, 32 - shift);
626 tcg_gen_shli_i32(var, var, shift);
627 }
628 break;
629 case 1: /* LSR */
630 if (shift == 0) {
631 if (flags) {
632 tcg_gen_shri_i32(cpu_CF, var, 31);
633 }
634 tcg_gen_movi_i32(var, 0);
635 } else {
636 if (flags)
637 shifter_out_im(var, shift - 1);
638 tcg_gen_shri_i32(var, var, shift);
639 }
640 break;
641 case 2: /* ASR */
642 if (shift == 0)
643 shift = 32;
644 if (flags)
645 shifter_out_im(var, shift - 1);
646 if (shift == 32)
647 shift = 31;
648 tcg_gen_sari_i32(var, var, shift);
649 break;
650 case 3: /* ROR/RRX */
651 if (shift != 0) {
652 if (flags)
653 shifter_out_im(var, shift - 1);
654 tcg_gen_rotri_i32(var, var, shift); break;
655 } else {
656 TCGv_i32 tmp = tcg_temp_new_i32();
657 tcg_gen_shli_i32(tmp, cpu_CF, 31);
658 if (flags)
659 shifter_out_im(var, 0);
660 tcg_gen_shri_i32(var, var, 1);
661 tcg_gen_or_i32(var, var, tmp);
662 tcg_temp_free_i32(tmp);
663 }
664 }
665 };
666
667 static inline void gen_arm_shift_reg(TCGv_i32 var, int shiftop,
668 TCGv_i32 shift, int flags)
669 {
670 if (flags) {
671 switch (shiftop) {
672 case 0: gen_helper_shl_cc(var, cpu_env, var, shift); break;
673 case 1: gen_helper_shr_cc(var, cpu_env, var, shift); break;
674 case 2: gen_helper_sar_cc(var, cpu_env, var, shift); break;
675 case 3: gen_helper_ror_cc(var, cpu_env, var, shift); break;
676 }
677 } else {
678 switch (shiftop) {
679 case 0:
680 gen_shl(var, var, shift);
681 break;
682 case 1:
683 gen_shr(var, var, shift);
684 break;
685 case 2:
686 gen_sar(var, var, shift);
687 break;
688 case 3: tcg_gen_andi_i32(shift, shift, 0x1f);
689 tcg_gen_rotr_i32(var, var, shift); break;
690 }
691 }
692 tcg_temp_free_i32(shift);
693 }
694
695 #define PAS_OP(pfx) \
696 switch (op2) { \
697 case 0: gen_pas_helper(glue(pfx,add16)); break; \
698 case 1: gen_pas_helper(glue(pfx,addsubx)); break; \
699 case 2: gen_pas_helper(glue(pfx,subaddx)); break; \
700 case 3: gen_pas_helper(glue(pfx,sub16)); break; \
701 case 4: gen_pas_helper(glue(pfx,add8)); break; \
702 case 7: gen_pas_helper(glue(pfx,sub8)); break; \
703 }
704 static void gen_arm_parallel_addsub(int op1, int op2, TCGv_i32 a, TCGv_i32 b)
705 {
706 TCGv_ptr tmp;
707
708 switch (op1) {
709 #define gen_pas_helper(name) glue(gen_helper_,name)(a, a, b, tmp)
710 case 1:
711 tmp = tcg_temp_new_ptr();
712 tcg_gen_addi_ptr(tmp, cpu_env, offsetof(CPUARMState, GE));
713 PAS_OP(s)
714 tcg_temp_free_ptr(tmp);
715 break;
716 case 5:
717 tmp = tcg_temp_new_ptr();
718 tcg_gen_addi_ptr(tmp, cpu_env, offsetof(CPUARMState, GE));
719 PAS_OP(u)
720 tcg_temp_free_ptr(tmp);
721 break;
722 #undef gen_pas_helper
723 #define gen_pas_helper(name) glue(gen_helper_,name)(a, a, b)
724 case 2:
725 PAS_OP(q);
726 break;
727 case 3:
728 PAS_OP(sh);
729 break;
730 case 6:
731 PAS_OP(uq);
732 break;
733 case 7:
734 PAS_OP(uh);
735 break;
736 #undef gen_pas_helper
737 }
738 }
739 #undef PAS_OP
740
741 /* For unknown reasons Arm and Thumb-2 use arbitrarily different encodings. */
742 #define PAS_OP(pfx) \
743 switch (op1) { \
744 case 0: gen_pas_helper(glue(pfx,add8)); break; \
745 case 1: gen_pas_helper(glue(pfx,add16)); break; \
746 case 2: gen_pas_helper(glue(pfx,addsubx)); break; \
747 case 4: gen_pas_helper(glue(pfx,sub8)); break; \
748 case 5: gen_pas_helper(glue(pfx,sub16)); break; \
749 case 6: gen_pas_helper(glue(pfx,subaddx)); break; \
750 }
751 static void gen_thumb2_parallel_addsub(int op1, int op2, TCGv_i32 a, TCGv_i32 b)
752 {
753 TCGv_ptr tmp;
754
755 switch (op2) {
756 #define gen_pas_helper(name) glue(gen_helper_,name)(a, a, b, tmp)
757 case 0:
758 tmp = tcg_temp_new_ptr();
759 tcg_gen_addi_ptr(tmp, cpu_env, offsetof(CPUARMState, GE));
760 PAS_OP(s)
761 tcg_temp_free_ptr(tmp);
762 break;
763 case 4:
764 tmp = tcg_temp_new_ptr();
765 tcg_gen_addi_ptr(tmp, cpu_env, offsetof(CPUARMState, GE));
766 PAS_OP(u)
767 tcg_temp_free_ptr(tmp);
768 break;
769 #undef gen_pas_helper
770 #define gen_pas_helper(name) glue(gen_helper_,name)(a, a, b)
771 case 1:
772 PAS_OP(q);
773 break;
774 case 2:
775 PAS_OP(sh);
776 break;
777 case 5:
778 PAS_OP(uq);
779 break;
780 case 6:
781 PAS_OP(uh);
782 break;
783 #undef gen_pas_helper
784 }
785 }
786 #undef PAS_OP
787
788 /*
789 * Generate a conditional based on ARM condition code cc.
790 * This is common between ARM and Aarch64 targets.
791 */
792 void arm_test_cc(DisasCompare *cmp, int cc)
793 {
794 TCGv_i32 value;
795 TCGCond cond;
796 bool global = true;
797
798 switch (cc) {
799 case 0: /* eq: Z */
800 case 1: /* ne: !Z */
801 cond = TCG_COND_EQ;
802 value = cpu_ZF;
803 break;
804
805 case 2: /* cs: C */
806 case 3: /* cc: !C */
807 cond = TCG_COND_NE;
808 value = cpu_CF;
809 break;
810
811 case 4: /* mi: N */
812 case 5: /* pl: !N */
813 cond = TCG_COND_LT;
814 value = cpu_NF;
815 break;
816
817 case 6: /* vs: V */
818 case 7: /* vc: !V */
819 cond = TCG_COND_LT;
820 value = cpu_VF;
821 break;
822
823 case 8: /* hi: C && !Z */
824 case 9: /* ls: !C || Z -> !(C && !Z) */
825 cond = TCG_COND_NE;
826 value = tcg_temp_new_i32();
827 global = false;
828 /* CF is 1 for C, so -CF is an all-bits-set mask for C;
829 ZF is non-zero for !Z; so AND the two subexpressions. */
830 tcg_gen_neg_i32(value, cpu_CF);
831 tcg_gen_and_i32(value, value, cpu_ZF);
832 break;
833
834 case 10: /* ge: N == V -> N ^ V == 0 */
835 case 11: /* lt: N != V -> N ^ V != 0 */
836 /* Since we're only interested in the sign bit, == 0 is >= 0. */
837 cond = TCG_COND_GE;
838 value = tcg_temp_new_i32();
839 global = false;
840 tcg_gen_xor_i32(value, cpu_VF, cpu_NF);
841 break;
842
843 case 12: /* gt: !Z && N == V */
844 case 13: /* le: Z || N != V */
845 cond = TCG_COND_NE;
846 value = tcg_temp_new_i32();
847 global = false;
848 /* (N == V) is equal to the sign bit of ~(NF ^ VF). Propagate
849 * the sign bit then AND with ZF to yield the result. */
850 tcg_gen_xor_i32(value, cpu_VF, cpu_NF);
851 tcg_gen_sari_i32(value, value, 31);
852 tcg_gen_andc_i32(value, cpu_ZF, value);
853 break;
854
855 case 14: /* always */
856 case 15: /* always */
857 /* Use the ALWAYS condition, which will fold early.
858 * It doesn't matter what we use for the value. */
859 cond = TCG_COND_ALWAYS;
860 value = cpu_ZF;
861 goto no_invert;
862
863 default:
864 fprintf(stderr, "Bad condition code 0x%x\n", cc);
865 abort();
866 }
867
868 if (cc & 1) {
869 cond = tcg_invert_cond(cond);
870 }
871
872 no_invert:
873 cmp->cond = cond;
874 cmp->value = value;
875 cmp->value_global = global;
876 }
877
878 void arm_free_cc(DisasCompare *cmp)
879 {
880 if (!cmp->value_global) {
881 tcg_temp_free_i32(cmp->value);
882 }
883 }
884
885 void arm_jump_cc(DisasCompare *cmp, TCGLabel *label)
886 {
887 tcg_gen_brcondi_i32(cmp->cond, cmp->value, 0, label);
888 }
889
890 void arm_gen_test_cc(int cc, TCGLabel *label)
891 {
892 DisasCompare cmp;
893 arm_test_cc(&cmp, cc);
894 arm_jump_cc(&cmp, label);
895 arm_free_cc(&cmp);
896 }
897
898 static const uint8_t table_logic_cc[16] = {
899 1, /* and */
900 1, /* xor */
901 0, /* sub */
902 0, /* rsb */
903 0, /* add */
904 0, /* adc */
905 0, /* sbc */
906 0, /* rsc */
907 1, /* andl */
908 1, /* xorl */
909 0, /* cmp */
910 0, /* cmn */
911 1, /* orr */
912 1, /* mov */
913 1, /* bic */
914 1, /* mvn */
915 };
916
917 static inline void gen_set_condexec(DisasContext *s)
918 {
919 if (s->condexec_mask) {
920 uint32_t val = (s->condexec_cond << 4) | (s->condexec_mask >> 1);
921 TCGv_i32 tmp = tcg_temp_new_i32();
922 tcg_gen_movi_i32(tmp, val);
923 store_cpu_field(tmp, condexec_bits);
924 }
925 }
926
927 static inline void gen_set_pc_im(DisasContext *s, target_ulong val)
928 {
929 tcg_gen_movi_i32(cpu_R[15], val);
930 }
931
932 /* Set PC and Thumb state from an immediate address. */
933 static inline void gen_bx_im(DisasContext *s, uint32_t addr)
934 {
935 TCGv_i32 tmp;
936
937 s->base.is_jmp = DISAS_JUMP;
938 if (s->thumb != (addr & 1)) {
939 tmp = tcg_temp_new_i32();
940 tcg_gen_movi_i32(tmp, addr & 1);
941 tcg_gen_st_i32(tmp, cpu_env, offsetof(CPUARMState, thumb));
942 tcg_temp_free_i32(tmp);
943 }
944 tcg_gen_movi_i32(cpu_R[15], addr & ~1);
945 }
946
947 /* Set PC and Thumb state from var. var is marked as dead. */
948 static inline void gen_bx(DisasContext *s, TCGv_i32 var)
949 {
950 s->base.is_jmp = DISAS_JUMP;
951 tcg_gen_andi_i32(cpu_R[15], var, ~1);
952 tcg_gen_andi_i32(var, var, 1);
953 store_cpu_field(var, thumb);
954 }
955
956 /* Set PC and Thumb state from var. var is marked as dead.
957 * For M-profile CPUs, include logic to detect exception-return
958 * branches and handle them. This is needed for Thumb POP/LDM to PC, LDR to PC,
959 * and BX reg, and no others, and happens only for code in Handler mode.
960 */
961 static inline void gen_bx_excret(DisasContext *s, TCGv_i32 var)
962 {
963 /* Generate the same code here as for a simple bx, but flag via
964 * s->base.is_jmp that we need to do the rest of the work later.
965 */
966 gen_bx(s, var);
967 if (arm_dc_feature(s, ARM_FEATURE_M_SECURITY) ||
968 (s->v7m_handler_mode && arm_dc_feature(s, ARM_FEATURE_M))) {
969 s->base.is_jmp = DISAS_BX_EXCRET;
970 }
971 }
972
973 static inline void gen_bx_excret_final_code(DisasContext *s)
974 {
975 /* Generate the code to finish possible exception return and end the TB */
976 TCGLabel *excret_label = gen_new_label();
977 uint32_t min_magic;
978
979 if (arm_dc_feature(s, ARM_FEATURE_M_SECURITY)) {
980 /* Covers FNC_RETURN and EXC_RETURN magic */
981 min_magic = FNC_RETURN_MIN_MAGIC;
982 } else {
983 /* EXC_RETURN magic only */
984 min_magic = EXC_RETURN_MIN_MAGIC;
985 }
986
987 /* Is the new PC value in the magic range indicating exception return? */
988 tcg_gen_brcondi_i32(TCG_COND_GEU, cpu_R[15], min_magic, excret_label);
989 /* No: end the TB as we would for a DISAS_JMP */
990 if (is_singlestepping(s)) {
991 gen_singlestep_exception(s);
992 } else {
993 tcg_gen_exit_tb(0);
994 }
995 gen_set_label(excret_label);
996 /* Yes: this is an exception return.
997 * At this point in runtime env->regs[15] and env->thumb will hold
998 * the exception-return magic number, which do_v7m_exception_exit()
999 * will read. Nothing else will be able to see those values because
1000 * the cpu-exec main loop guarantees that we will always go straight
1001 * from raising the exception to the exception-handling code.
1002 *
1003 * gen_ss_advance(s) does nothing on M profile currently but
1004 * calling it is conceptually the right thing as we have executed
1005 * this instruction (compare SWI, HVC, SMC handling).
1006 */
1007 gen_ss_advance(s);
1008 gen_exception_internal(EXCP_EXCEPTION_EXIT);
1009 }
1010
1011 static inline void gen_bxns(DisasContext *s, int rm)
1012 {
1013 TCGv_i32 var = load_reg(s, rm);
1014
1015 /* The bxns helper may raise an EXCEPTION_EXIT exception, so in theory
1016 * we need to sync state before calling it, but:
1017 * - we don't need to do gen_set_pc_im() because the bxns helper will
1018 * always set the PC itself
1019 * - we don't need to do gen_set_condexec() because BXNS is UNPREDICTABLE
1020 * unless it's outside an IT block or the last insn in an IT block,
1021 * so we know that condexec == 0 (already set at the top of the TB)
1022 * is correct in the non-UNPREDICTABLE cases, and we can choose
1023 * "zeroes the IT bits" as our UNPREDICTABLE behaviour otherwise.
1024 */
1025 gen_helper_v7m_bxns(cpu_env, var);
1026 tcg_temp_free_i32(var);
1027 s->base.is_jmp = DISAS_EXIT;
1028 }
1029
1030 static inline void gen_blxns(DisasContext *s, int rm)
1031 {
1032 TCGv_i32 var = load_reg(s, rm);
1033
1034 /* We don't need to sync condexec state, for the same reason as bxns.
1035 * We do however need to set the PC, because the blxns helper reads it.
1036 * The blxns helper may throw an exception.
1037 */
1038 gen_set_pc_im(s, s->pc);
1039 gen_helper_v7m_blxns(cpu_env, var);
1040 tcg_temp_free_i32(var);
1041 s->base.is_jmp = DISAS_EXIT;
1042 }
1043
1044 /* Variant of store_reg which uses branch&exchange logic when storing
1045 to r15 in ARM architecture v7 and above. The source must be a temporary
1046 and will be marked as dead. */
1047 static inline void store_reg_bx(DisasContext *s, int reg, TCGv_i32 var)
1048 {
1049 if (reg == 15 && ENABLE_ARCH_7) {
1050 gen_bx(s, var);
1051 } else {
1052 store_reg(s, reg, var);
1053 }
1054 }
1055
1056 /* Variant of store_reg which uses branch&exchange logic when storing
1057 * to r15 in ARM architecture v5T and above. This is used for storing
1058 * the results of a LDR/LDM/POP into r15, and corresponds to the cases
1059 * in the ARM ARM which use the LoadWritePC() pseudocode function. */
1060 static inline void store_reg_from_load(DisasContext *s, int reg, TCGv_i32 var)
1061 {
1062 if (reg == 15 && ENABLE_ARCH_5) {
1063 gen_bx_excret(s, var);
1064 } else {
1065 store_reg(s, reg, var);
1066 }
1067 }
1068
1069 #ifdef CONFIG_USER_ONLY
1070 #define IS_USER_ONLY 1
1071 #else
1072 #define IS_USER_ONLY 0
1073 #endif
1074
1075 /* Abstractions of "generate code to do a guest load/store for
1076 * AArch32", where a vaddr is always 32 bits (and is zero
1077 * extended if we're a 64 bit core) and data is also
1078 * 32 bits unless specifically doing a 64 bit access.
1079 * These functions work like tcg_gen_qemu_{ld,st}* except
1080 * that the address argument is TCGv_i32 rather than TCGv.
1081 */
1082
1083 static inline TCGv gen_aa32_addr(DisasContext *s, TCGv_i32 a32, TCGMemOp op)
1084 {
1085 TCGv addr = tcg_temp_new();
1086 tcg_gen_extu_i32_tl(addr, a32);
1087
1088 /* Not needed for user-mode BE32, where we use MO_BE instead. */
1089 if (!IS_USER_ONLY && s->sctlr_b && (op & MO_SIZE) < MO_32) {
1090 tcg_gen_xori_tl(addr, addr, 4 - (1 << (op & MO_SIZE)));
1091 }
1092 return addr;
1093 }
1094
1095 static void gen_aa32_ld_i32(DisasContext *s, TCGv_i32 val, TCGv_i32 a32,
1096 int index, TCGMemOp opc)
1097 {
1098 TCGv addr = gen_aa32_addr(s, a32, opc);
1099 tcg_gen_qemu_ld_i32(val, addr, index, opc);
1100 tcg_temp_free(addr);
1101 }
1102
1103 static void gen_aa32_st_i32(DisasContext *s, TCGv_i32 val, TCGv_i32 a32,
1104 int index, TCGMemOp opc)
1105 {
1106 TCGv addr = gen_aa32_addr(s, a32, opc);
1107 tcg_gen_qemu_st_i32(val, addr, index, opc);
1108 tcg_temp_free(addr);
1109 }
1110
1111 #define DO_GEN_LD(SUFF, OPC) \
1112 static inline void gen_aa32_ld##SUFF(DisasContext *s, TCGv_i32 val, \
1113 TCGv_i32 a32, int index) \
1114 { \
1115 gen_aa32_ld_i32(s, val, a32, index, OPC | s->be_data); \
1116 } \
1117 static inline void gen_aa32_ld##SUFF##_iss(DisasContext *s, \
1118 TCGv_i32 val, \
1119 TCGv_i32 a32, int index, \
1120 ISSInfo issinfo) \
1121 { \
1122 gen_aa32_ld##SUFF(s, val, a32, index); \
1123 disas_set_da_iss(s, OPC, issinfo); \
1124 }
1125
1126 #define DO_GEN_ST(SUFF, OPC) \
1127 static inline void gen_aa32_st##SUFF(DisasContext *s, TCGv_i32 val, \
1128 TCGv_i32 a32, int index) \
1129 { \
1130 gen_aa32_st_i32(s, val, a32, index, OPC | s->be_data); \
1131 } \
1132 static inline void gen_aa32_st##SUFF##_iss(DisasContext *s, \
1133 TCGv_i32 val, \
1134 TCGv_i32 a32, int index, \
1135 ISSInfo issinfo) \
1136 { \
1137 gen_aa32_st##SUFF(s, val, a32, index); \
1138 disas_set_da_iss(s, OPC, issinfo | ISSIsWrite); \
1139 }
1140
1141 static inline void gen_aa32_frob64(DisasContext *s, TCGv_i64 val)
1142 {
1143 /* Not needed for user-mode BE32, where we use MO_BE instead. */
1144 if (!IS_USER_ONLY && s->sctlr_b) {
1145 tcg_gen_rotri_i64(val, val, 32);
1146 }
1147 }
1148
1149 static void gen_aa32_ld_i64(DisasContext *s, TCGv_i64 val, TCGv_i32 a32,
1150 int index, TCGMemOp opc)
1151 {
1152 TCGv addr = gen_aa32_addr(s, a32, opc);
1153 tcg_gen_qemu_ld_i64(val, addr, index, opc);
1154 gen_aa32_frob64(s, val);
1155 tcg_temp_free(addr);
1156 }
1157
1158 static inline void gen_aa32_ld64(DisasContext *s, TCGv_i64 val,
1159 TCGv_i32 a32, int index)
1160 {
1161 gen_aa32_ld_i64(s, val, a32, index, MO_Q | s->be_data);
1162 }
1163
1164 static void gen_aa32_st_i64(DisasContext *s, TCGv_i64 val, TCGv_i32 a32,
1165 int index, TCGMemOp opc)
1166 {
1167 TCGv addr = gen_aa32_addr(s, a32, opc);
1168
1169 /* Not needed for user-mode BE32, where we use MO_BE instead. */
1170 if (!IS_USER_ONLY && s->sctlr_b) {
1171 TCGv_i64 tmp = tcg_temp_new_i64();
1172 tcg_gen_rotri_i64(tmp, val, 32);
1173 tcg_gen_qemu_st_i64(tmp, addr, index, opc);
1174 tcg_temp_free_i64(tmp);
1175 } else {
1176 tcg_gen_qemu_st_i64(val, addr, index, opc);
1177 }
1178 tcg_temp_free(addr);
1179 }
1180
1181 static inline void gen_aa32_st64(DisasContext *s, TCGv_i64 val,
1182 TCGv_i32 a32, int index)
1183 {
1184 gen_aa32_st_i64(s, val, a32, index, MO_Q | s->be_data);
1185 }
1186
1187 DO_GEN_LD(8s, MO_SB)
1188 DO_GEN_LD(8u, MO_UB)
1189 DO_GEN_LD(16s, MO_SW)
1190 DO_GEN_LD(16u, MO_UW)
1191 DO_GEN_LD(32u, MO_UL)
1192 DO_GEN_ST(8, MO_UB)
1193 DO_GEN_ST(16, MO_UW)
1194 DO_GEN_ST(32, MO_UL)
1195
1196 static inline void gen_hvc(DisasContext *s, int imm16)
1197 {
1198 /* The pre HVC helper handles cases when HVC gets trapped
1199 * as an undefined insn by runtime configuration (ie before
1200 * the insn really executes).
1201 */
1202 gen_set_pc_im(s, s->pc - 4);
1203 gen_helper_pre_hvc(cpu_env);
1204 /* Otherwise we will treat this as a real exception which
1205 * happens after execution of the insn. (The distinction matters
1206 * for the PC value reported to the exception handler and also
1207 * for single stepping.)
1208 */
1209 s->svc_imm = imm16;
1210 gen_set_pc_im(s, s->pc);
1211 s->base.is_jmp = DISAS_HVC;
1212 }
1213
1214 static inline void gen_smc(DisasContext *s)
1215 {
1216 /* As with HVC, we may take an exception either before or after
1217 * the insn executes.
1218 */
1219 TCGv_i32 tmp;
1220
1221 gen_set_pc_im(s, s->pc - 4);
1222 tmp = tcg_const_i32(syn_aa32_smc());
1223 gen_helper_pre_smc(cpu_env, tmp);
1224 tcg_temp_free_i32(tmp);
1225 gen_set_pc_im(s, s->pc);
1226 s->base.is_jmp = DISAS_SMC;
1227 }
1228
1229 static void gen_exception_internal_insn(DisasContext *s, int offset, int excp)
1230 {
1231 gen_set_condexec(s);
1232 gen_set_pc_im(s, s->pc - offset);
1233 gen_exception_internal(excp);
1234 s->base.is_jmp = DISAS_NORETURN;
1235 }
1236
1237 static void gen_exception_insn(DisasContext *s, int offset, int excp,
1238 int syn, uint32_t target_el)
1239 {
1240 gen_set_condexec(s);
1241 gen_set_pc_im(s, s->pc - offset);
1242 gen_exception(excp, syn, target_el);
1243 s->base.is_jmp = DISAS_NORETURN;
1244 }
1245
1246 /* Force a TB lookup after an instruction that changes the CPU state. */
1247 static inline void gen_lookup_tb(DisasContext *s)
1248 {
1249 tcg_gen_movi_i32(cpu_R[15], s->pc & ~1);
1250 s->base.is_jmp = DISAS_EXIT;
1251 }
1252
1253 static inline void gen_hlt(DisasContext *s, int imm)
1254 {
1255 /* HLT. This has two purposes.
1256 * Architecturally, it is an external halting debug instruction.
1257 * Since QEMU doesn't implement external debug, we treat this as
1258 * it is required for halting debug disabled: it will UNDEF.
1259 * Secondly, "HLT 0x3C" is a T32 semihosting trap instruction,
1260 * and "HLT 0xF000" is an A32 semihosting syscall. These traps
1261 * must trigger semihosting even for ARMv7 and earlier, where
1262 * HLT was an undefined encoding.
1263 * In system mode, we don't allow userspace access to
1264 * semihosting, to provide some semblance of security
1265 * (and for consistency with our 32-bit semihosting).
1266 */
1267 if (semihosting_enabled() &&
1268 #ifndef CONFIG_USER_ONLY
1269 s->current_el != 0 &&
1270 #endif
1271 (imm == (s->thumb ? 0x3c : 0xf000))) {
1272 gen_exception_internal_insn(s, 0, EXCP_SEMIHOST);
1273 return;
1274 }
1275
1276 gen_exception_insn(s, s->thumb ? 2 : 4, EXCP_UDEF, syn_uncategorized(),
1277 default_exception_el(s));
1278 }
1279
1280 static inline void gen_add_data_offset(DisasContext *s, unsigned int insn,
1281 TCGv_i32 var)
1282 {
1283 int val, rm, shift, shiftop;
1284 TCGv_i32 offset;
1285
1286 if (!(insn & (1 << 25))) {
1287 /* immediate */
1288 val = insn & 0xfff;
1289 if (!(insn & (1 << 23)))
1290 val = -val;
1291 if (val != 0)
1292 tcg_gen_addi_i32(var, var, val);
1293 } else {
1294 /* shift/register */
1295 rm = (insn) & 0xf;
1296 shift = (insn >> 7) & 0x1f;
1297 shiftop = (insn >> 5) & 3;
1298 offset = load_reg(s, rm);
1299 gen_arm_shift_im(offset, shiftop, shift, 0);
1300 if (!(insn & (1 << 23)))
1301 tcg_gen_sub_i32(var, var, offset);
1302 else
1303 tcg_gen_add_i32(var, var, offset);
1304 tcg_temp_free_i32(offset);
1305 }
1306 }
1307
1308 static inline void gen_add_datah_offset(DisasContext *s, unsigned int insn,
1309 int extra, TCGv_i32 var)
1310 {
1311 int val, rm;
1312 TCGv_i32 offset;
1313
1314 if (insn & (1 << 22)) {
1315 /* immediate */
1316 val = (insn & 0xf) | ((insn >> 4) & 0xf0);
1317 if (!(insn & (1 << 23)))
1318 val = -val;
1319 val += extra;
1320 if (val != 0)
1321 tcg_gen_addi_i32(var, var, val);
1322 } else {
1323 /* register */
1324 if (extra)
1325 tcg_gen_addi_i32(var, var, extra);
1326 rm = (insn) & 0xf;
1327 offset = load_reg(s, rm);
1328 if (!(insn & (1 << 23)))
1329 tcg_gen_sub_i32(var, var, offset);
1330 else
1331 tcg_gen_add_i32(var, var, offset);
1332 tcg_temp_free_i32(offset);
1333 }
1334 }
1335
1336 static TCGv_ptr get_fpstatus_ptr(int neon)
1337 {
1338 TCGv_ptr statusptr = tcg_temp_new_ptr();
1339 int offset;
1340 if (neon) {
1341 offset = offsetof(CPUARMState, vfp.standard_fp_status);
1342 } else {
1343 offset = offsetof(CPUARMState, vfp.fp_status);
1344 }
1345 tcg_gen_addi_ptr(statusptr, cpu_env, offset);
1346 return statusptr;
1347 }
1348
1349 #define VFP_OP2(name) \
1350 static inline void gen_vfp_##name(int dp) \
1351 { \
1352 TCGv_ptr fpst = get_fpstatus_ptr(0); \
1353 if (dp) { \
1354 gen_helper_vfp_##name##d(cpu_F0d, cpu_F0d, cpu_F1d, fpst); \
1355 } else { \
1356 gen_helper_vfp_##name##s(cpu_F0s, cpu_F0s, cpu_F1s, fpst); \
1357 } \
1358 tcg_temp_free_ptr(fpst); \
1359 }
1360
1361 VFP_OP2(add)
1362 VFP_OP2(sub)
1363 VFP_OP2(mul)
1364 VFP_OP2(div)
1365
1366 #undef VFP_OP2
1367
1368 static inline void gen_vfp_F1_mul(int dp)
1369 {
1370 /* Like gen_vfp_mul() but put result in F1 */
1371 TCGv_ptr fpst = get_fpstatus_ptr(0);
1372 if (dp) {
1373 gen_helper_vfp_muld(cpu_F1d, cpu_F0d, cpu_F1d, fpst);
1374 } else {
1375 gen_helper_vfp_muls(cpu_F1s, cpu_F0s, cpu_F1s, fpst);
1376 }
1377 tcg_temp_free_ptr(fpst);
1378 }
1379
1380 static inline void gen_vfp_F1_neg(int dp)
1381 {
1382 /* Like gen_vfp_neg() but put result in F1 */
1383 if (dp) {
1384 gen_helper_vfp_negd(cpu_F1d, cpu_F0d);
1385 } else {
1386 gen_helper_vfp_negs(cpu_F1s, cpu_F0s);
1387 }
1388 }
1389
1390 static inline void gen_vfp_abs(int dp)
1391 {
1392 if (dp)
1393 gen_helper_vfp_absd(cpu_F0d, cpu_F0d);
1394 else
1395 gen_helper_vfp_abss(cpu_F0s, cpu_F0s);
1396 }
1397
1398 static inline void gen_vfp_neg(int dp)
1399 {
1400 if (dp)
1401 gen_helper_vfp_negd(cpu_F0d, cpu_F0d);
1402 else
1403 gen_helper_vfp_negs(cpu_F0s, cpu_F0s);
1404 }
1405
1406 static inline void gen_vfp_sqrt(int dp)
1407 {
1408 if (dp)
1409 gen_helper_vfp_sqrtd(cpu_F0d, cpu_F0d, cpu_env);
1410 else
1411 gen_helper_vfp_sqrts(cpu_F0s, cpu_F0s, cpu_env);
1412 }
1413
1414 static inline void gen_vfp_cmp(int dp)
1415 {
1416 if (dp)
1417 gen_helper_vfp_cmpd(cpu_F0d, cpu_F1d, cpu_env);
1418 else
1419 gen_helper_vfp_cmps(cpu_F0s, cpu_F1s, cpu_env);
1420 }
1421
1422 static inline void gen_vfp_cmpe(int dp)
1423 {
1424 if (dp)
1425 gen_helper_vfp_cmped(cpu_F0d, cpu_F1d, cpu_env);
1426 else
1427 gen_helper_vfp_cmpes(cpu_F0s, cpu_F1s, cpu_env);
1428 }
1429
1430 static inline void gen_vfp_F1_ld0(int dp)
1431 {
1432 if (dp)
1433 tcg_gen_movi_i64(cpu_F1d, 0);
1434 else
1435 tcg_gen_movi_i32(cpu_F1s, 0);
1436 }
1437
1438 #define VFP_GEN_ITOF(name) \
1439 static inline void gen_vfp_##name(int dp, int neon) \
1440 { \
1441 TCGv_ptr statusptr = get_fpstatus_ptr(neon); \
1442 if (dp) { \
1443 gen_helper_vfp_##name##d(cpu_F0d, cpu_F0s, statusptr); \
1444 } else { \
1445 gen_helper_vfp_##name##s(cpu_F0s, cpu_F0s, statusptr); \
1446 } \
1447 tcg_temp_free_ptr(statusptr); \
1448 }
1449
1450 VFP_GEN_ITOF(uito)
1451 VFP_GEN_ITOF(sito)
1452 #undef VFP_GEN_ITOF
1453
1454 #define VFP_GEN_FTOI(name) \
1455 static inline void gen_vfp_##name(int dp, int neon) \
1456 { \
1457 TCGv_ptr statusptr = get_fpstatus_ptr(neon); \
1458 if (dp) { \
1459 gen_helper_vfp_##name##d(cpu_F0s, cpu_F0d, statusptr); \
1460 } else { \
1461 gen_helper_vfp_##name##s(cpu_F0s, cpu_F0s, statusptr); \
1462 } \
1463 tcg_temp_free_ptr(statusptr); \
1464 }
1465
1466 VFP_GEN_FTOI(toui)
1467 VFP_GEN_FTOI(touiz)
1468 VFP_GEN_FTOI(tosi)
1469 VFP_GEN_FTOI(tosiz)
1470 #undef VFP_GEN_FTOI
1471
1472 #define VFP_GEN_FIX(name, round) \
1473 static inline void gen_vfp_##name(int dp, int shift, int neon) \
1474 { \
1475 TCGv_i32 tmp_shift = tcg_const_i32(shift); \
1476 TCGv_ptr statusptr = get_fpstatus_ptr(neon); \
1477 if (dp) { \
1478 gen_helper_vfp_##name##d##round(cpu_F0d, cpu_F0d, tmp_shift, \
1479 statusptr); \
1480 } else { \
1481 gen_helper_vfp_##name##s##round(cpu_F0s, cpu_F0s, tmp_shift, \
1482 statusptr); \
1483 } \
1484 tcg_temp_free_i32(tmp_shift); \
1485 tcg_temp_free_ptr(statusptr); \
1486 }
1487 VFP_GEN_FIX(tosh, _round_to_zero)
1488 VFP_GEN_FIX(tosl, _round_to_zero)
1489 VFP_GEN_FIX(touh, _round_to_zero)
1490 VFP_GEN_FIX(toul, _round_to_zero)
1491 VFP_GEN_FIX(shto, )
1492 VFP_GEN_FIX(slto, )
1493 VFP_GEN_FIX(uhto, )
1494 VFP_GEN_FIX(ulto, )
1495 #undef VFP_GEN_FIX
1496
1497 static inline void gen_vfp_ld(DisasContext *s, int dp, TCGv_i32 addr)
1498 {
1499 if (dp) {
1500 gen_aa32_ld64(s, cpu_F0d, addr, get_mem_index(s));
1501 } else {
1502 gen_aa32_ld32u(s, cpu_F0s, addr, get_mem_index(s));
1503 }
1504 }
1505
1506 static inline void gen_vfp_st(DisasContext *s, int dp, TCGv_i32 addr)
1507 {
1508 if (dp) {
1509 gen_aa32_st64(s, cpu_F0d, addr, get_mem_index(s));
1510 } else {
1511 gen_aa32_st32(s, cpu_F0s, addr, get_mem_index(s));
1512 }
1513 }
1514
1515 static inline long
1516 vfp_reg_offset (int dp, int reg)
1517 {
1518 if (dp)
1519 return offsetof(CPUARMState, vfp.regs[reg]);
1520 else if (reg & 1) {
1521 return offsetof(CPUARMState, vfp.regs[reg >> 1])
1522 + offsetof(CPU_DoubleU, l.upper);
1523 } else {
1524 return offsetof(CPUARMState, vfp.regs[reg >> 1])
1525 + offsetof(CPU_DoubleU, l.lower);
1526 }
1527 }
1528
1529 /* Return the offset of a 32-bit piece of a NEON register.
1530 zero is the least significant end of the register. */
1531 static inline long
1532 neon_reg_offset (int reg, int n)
1533 {
1534 int sreg;
1535 sreg = reg * 2 + n;
1536 return vfp_reg_offset(0, sreg);
1537 }
1538
1539 static TCGv_i32 neon_load_reg(int reg, int pass)
1540 {
1541 TCGv_i32 tmp = tcg_temp_new_i32();
1542 tcg_gen_ld_i32(tmp, cpu_env, neon_reg_offset(reg, pass));
1543 return tmp;
1544 }
1545
1546 static void neon_store_reg(int reg, int pass, TCGv_i32 var)
1547 {
1548 tcg_gen_st_i32(var, cpu_env, neon_reg_offset(reg, pass));
1549 tcg_temp_free_i32(var);
1550 }
1551
1552 static inline void neon_load_reg64(TCGv_i64 var, int reg)
1553 {
1554 tcg_gen_ld_i64(var, cpu_env, vfp_reg_offset(1, reg));
1555 }
1556
1557 static inline void neon_store_reg64(TCGv_i64 var, int reg)
1558 {
1559 tcg_gen_st_i64(var, cpu_env, vfp_reg_offset(1, reg));
1560 }
1561
1562 #define tcg_gen_ld_f32 tcg_gen_ld_i32
1563 #define tcg_gen_ld_f64 tcg_gen_ld_i64
1564 #define tcg_gen_st_f32 tcg_gen_st_i32
1565 #define tcg_gen_st_f64 tcg_gen_st_i64
1566
1567 static inline void gen_mov_F0_vreg(int dp, int reg)
1568 {
1569 if (dp)
1570 tcg_gen_ld_f64(cpu_F0d, cpu_env, vfp_reg_offset(dp, reg));
1571 else
1572 tcg_gen_ld_f32(cpu_F0s, cpu_env, vfp_reg_offset(dp, reg));
1573 }
1574
1575 static inline void gen_mov_F1_vreg(int dp, int reg)
1576 {
1577 if (dp)
1578 tcg_gen_ld_f64(cpu_F1d, cpu_env, vfp_reg_offset(dp, reg));
1579 else
1580 tcg_gen_ld_f32(cpu_F1s, cpu_env, vfp_reg_offset(dp, reg));
1581 }
1582
1583 static inline void gen_mov_vreg_F0(int dp, int reg)
1584 {
1585 if (dp)
1586 tcg_gen_st_f64(cpu_F0d, cpu_env, vfp_reg_offset(dp, reg));
1587 else
1588 tcg_gen_st_f32(cpu_F0s, cpu_env, vfp_reg_offset(dp, reg));
1589 }
1590
1591 #define ARM_CP_RW_BIT (1 << 20)
1592
1593 static inline void iwmmxt_load_reg(TCGv_i64 var, int reg)
1594 {
1595 tcg_gen_ld_i64(var, cpu_env, offsetof(CPUARMState, iwmmxt.regs[reg]));
1596 }
1597
1598 static inline void iwmmxt_store_reg(TCGv_i64 var, int reg)
1599 {
1600 tcg_gen_st_i64(var, cpu_env, offsetof(CPUARMState, iwmmxt.regs[reg]));
1601 }
1602
1603 static inline TCGv_i32 iwmmxt_load_creg(int reg)
1604 {
1605 TCGv_i32 var = tcg_temp_new_i32();
1606 tcg_gen_ld_i32(var, cpu_env, offsetof(CPUARMState, iwmmxt.cregs[reg]));
1607 return var;
1608 }
1609
1610 static inline void iwmmxt_store_creg(int reg, TCGv_i32 var)
1611 {
1612 tcg_gen_st_i32(var, cpu_env, offsetof(CPUARMState, iwmmxt.cregs[reg]));
1613 tcg_temp_free_i32(var);
1614 }
1615
1616 static inline void gen_op_iwmmxt_movq_wRn_M0(int rn)
1617 {
1618 iwmmxt_store_reg(cpu_M0, rn);
1619 }
1620
1621 static inline void gen_op_iwmmxt_movq_M0_wRn(int rn)
1622 {
1623 iwmmxt_load_reg(cpu_M0, rn);
1624 }
1625
1626 static inline void gen_op_iwmmxt_orq_M0_wRn(int rn)
1627 {
1628 iwmmxt_load_reg(cpu_V1, rn);
1629 tcg_gen_or_i64(cpu_M0, cpu_M0, cpu_V1);
1630 }
1631
1632 static inline void gen_op_iwmmxt_andq_M0_wRn(int rn)
1633 {
1634 iwmmxt_load_reg(cpu_V1, rn);
1635 tcg_gen_and_i64(cpu_M0, cpu_M0, cpu_V1);
1636 }
1637
1638 static inline void gen_op_iwmmxt_xorq_M0_wRn(int rn)
1639 {
1640 iwmmxt_load_reg(cpu_V1, rn);
1641 tcg_gen_xor_i64(cpu_M0, cpu_M0, cpu_V1);
1642 }
1643
1644 #define IWMMXT_OP(name) \
1645 static inline void gen_op_iwmmxt_##name##_M0_wRn(int rn) \
1646 { \
1647 iwmmxt_load_reg(cpu_V1, rn); \
1648 gen_helper_iwmmxt_##name(cpu_M0, cpu_M0, cpu_V1); \
1649 }
1650
1651 #define IWMMXT_OP_ENV(name) \
1652 static inline void gen_op_iwmmxt_##name##_M0_wRn(int rn) \
1653 { \
1654 iwmmxt_load_reg(cpu_V1, rn); \
1655 gen_helper_iwmmxt_##name(cpu_M0, cpu_env, cpu_M0, cpu_V1); \
1656 }
1657
1658 #define IWMMXT_OP_ENV_SIZE(name) \
1659 IWMMXT_OP_ENV(name##b) \
1660 IWMMXT_OP_ENV(name##w) \
1661 IWMMXT_OP_ENV(name##l)
1662
1663 #define IWMMXT_OP_ENV1(name) \
1664 static inline void gen_op_iwmmxt_##name##_M0(void) \
1665 { \
1666 gen_helper_iwmmxt_##name(cpu_M0, cpu_env, cpu_M0); \
1667 }
1668
1669 IWMMXT_OP(maddsq)
1670 IWMMXT_OP(madduq)
1671 IWMMXT_OP(sadb)
1672 IWMMXT_OP(sadw)
1673 IWMMXT_OP(mulslw)
1674 IWMMXT_OP(mulshw)
1675 IWMMXT_OP(mululw)
1676 IWMMXT_OP(muluhw)
1677 IWMMXT_OP(macsw)
1678 IWMMXT_OP(macuw)
1679
1680 IWMMXT_OP_ENV_SIZE(unpackl)
1681 IWMMXT_OP_ENV_SIZE(unpackh)
1682
1683 IWMMXT_OP_ENV1(unpacklub)
1684 IWMMXT_OP_ENV1(unpackluw)
1685 IWMMXT_OP_ENV1(unpacklul)
1686 IWMMXT_OP_ENV1(unpackhub)
1687 IWMMXT_OP_ENV1(unpackhuw)
1688 IWMMXT_OP_ENV1(unpackhul)
1689 IWMMXT_OP_ENV1(unpacklsb)
1690 IWMMXT_OP_ENV1(unpacklsw)
1691 IWMMXT_OP_ENV1(unpacklsl)
1692 IWMMXT_OP_ENV1(unpackhsb)
1693 IWMMXT_OP_ENV1(unpackhsw)
1694 IWMMXT_OP_ENV1(unpackhsl)
1695
1696 IWMMXT_OP_ENV_SIZE(cmpeq)
1697 IWMMXT_OP_ENV_SIZE(cmpgtu)
1698 IWMMXT_OP_ENV_SIZE(cmpgts)
1699
1700 IWMMXT_OP_ENV_SIZE(mins)
1701 IWMMXT_OP_ENV_SIZE(minu)
1702 IWMMXT_OP_ENV_SIZE(maxs)
1703 IWMMXT_OP_ENV_SIZE(maxu)
1704
1705 IWMMXT_OP_ENV_SIZE(subn)
1706 IWMMXT_OP_ENV_SIZE(addn)
1707 IWMMXT_OP_ENV_SIZE(subu)
1708 IWMMXT_OP_ENV_SIZE(addu)
1709 IWMMXT_OP_ENV_SIZE(subs)
1710 IWMMXT_OP_ENV_SIZE(adds)
1711
1712 IWMMXT_OP_ENV(avgb0)
1713 IWMMXT_OP_ENV(avgb1)
1714 IWMMXT_OP_ENV(avgw0)
1715 IWMMXT_OP_ENV(avgw1)
1716
1717 IWMMXT_OP_ENV(packuw)
1718 IWMMXT_OP_ENV(packul)
1719 IWMMXT_OP_ENV(packuq)
1720 IWMMXT_OP_ENV(packsw)
1721 IWMMXT_OP_ENV(packsl)
1722 IWMMXT_OP_ENV(packsq)
1723
1724 static void gen_op_iwmmxt_set_mup(void)
1725 {
1726 TCGv_i32 tmp;
1727 tmp = load_cpu_field(iwmmxt.cregs[ARM_IWMMXT_wCon]);
1728 tcg_gen_ori_i32(tmp, tmp, 2);
1729 store_cpu_field(tmp, iwmmxt.cregs[ARM_IWMMXT_wCon]);
1730 }
1731
1732 static void gen_op_iwmmxt_set_cup(void)
1733 {
1734 TCGv_i32 tmp;
1735 tmp = load_cpu_field(iwmmxt.cregs[ARM_IWMMXT_wCon]);
1736 tcg_gen_ori_i32(tmp, tmp, 1);
1737 store_cpu_field(tmp, iwmmxt.cregs[ARM_IWMMXT_wCon]);
1738 }
1739
1740 static void gen_op_iwmmxt_setpsr_nz(void)
1741 {
1742 TCGv_i32 tmp = tcg_temp_new_i32();
1743 gen_helper_iwmmxt_setpsr_nz(tmp, cpu_M0);
1744 store_cpu_field(tmp, iwmmxt.cregs[ARM_IWMMXT_wCASF]);
1745 }
1746
1747 static inline void gen_op_iwmmxt_addl_M0_wRn(int rn)
1748 {
1749 iwmmxt_load_reg(cpu_V1, rn);
1750 tcg_gen_ext32u_i64(cpu_V1, cpu_V1);
1751 tcg_gen_add_i64(cpu_M0, cpu_M0, cpu_V1);
1752 }
1753
1754 static inline int gen_iwmmxt_address(DisasContext *s, uint32_t insn,
1755 TCGv_i32 dest)
1756 {
1757 int rd;
1758 uint32_t offset;
1759 TCGv_i32 tmp;
1760
1761 rd = (insn >> 16) & 0xf;
1762 tmp = load_reg(s, rd);
1763
1764 offset = (insn & 0xff) << ((insn >> 7) & 2);
1765 if (insn & (1 << 24)) {
1766 /* Pre indexed */
1767 if (insn & (1 << 23))
1768 tcg_gen_addi_i32(tmp, tmp, offset);
1769 else
1770 tcg_gen_addi_i32(tmp, tmp, -offset);
1771 tcg_gen_mov_i32(dest, tmp);
1772 if (insn & (1 << 21))
1773 store_reg(s, rd, tmp);
1774 else
1775 tcg_temp_free_i32(tmp);
1776 } else if (insn & (1 << 21)) {
1777 /* Post indexed */
1778 tcg_gen_mov_i32(dest, tmp);
1779 if (insn & (1 << 23))
1780 tcg_gen_addi_i32(tmp, tmp, offset);
1781 else
1782 tcg_gen_addi_i32(tmp, tmp, -offset);
1783 store_reg(s, rd, tmp);
1784 } else if (!(insn & (1 << 23)))
1785 return 1;
1786 return 0;
1787 }
1788
1789 static inline int gen_iwmmxt_shift(uint32_t insn, uint32_t mask, TCGv_i32 dest)
1790 {
1791 int rd = (insn >> 0) & 0xf;
1792 TCGv_i32 tmp;
1793
1794 if (insn & (1 << 8)) {
1795 if (rd < ARM_IWMMXT_wCGR0 || rd > ARM_IWMMXT_wCGR3) {
1796 return 1;
1797 } else {
1798 tmp = iwmmxt_load_creg(rd);
1799 }
1800 } else {
1801 tmp = tcg_temp_new_i32();
1802 iwmmxt_load_reg(cpu_V0, rd);
1803 tcg_gen_extrl_i64_i32(tmp, cpu_V0);
1804 }
1805 tcg_gen_andi_i32(tmp, tmp, mask);
1806 tcg_gen_mov_i32(dest, tmp);
1807 tcg_temp_free_i32(tmp);
1808 return 0;
1809 }
1810
1811 /* Disassemble an iwMMXt instruction. Returns nonzero if an error occurred
1812 (ie. an undefined instruction). */
1813 static int disas_iwmmxt_insn(DisasContext *s, uint32_t insn)
1814 {
1815 int rd, wrd;
1816 int rdhi, rdlo, rd0, rd1, i;
1817 TCGv_i32 addr;
1818 TCGv_i32 tmp, tmp2, tmp3;
1819
1820 if ((insn & 0x0e000e00) == 0x0c000000) {
1821 if ((insn & 0x0fe00ff0) == 0x0c400000) {
1822 wrd = insn & 0xf;
1823 rdlo = (insn >> 12) & 0xf;
1824 rdhi = (insn >> 16) & 0xf;
1825 if (insn & ARM_CP_RW_BIT) { /* TMRRC */
1826 iwmmxt_load_reg(cpu_V0, wrd);
1827 tcg_gen_extrl_i64_i32(cpu_R[rdlo], cpu_V0);
1828 tcg_gen_shri_i64(cpu_V0, cpu_V0, 32);
1829 tcg_gen_extrl_i64_i32(cpu_R[rdhi], cpu_V0);
1830 } else { /* TMCRR */
1831 tcg_gen_concat_i32_i64(cpu_V0, cpu_R[rdlo], cpu_R[rdhi]);
1832 iwmmxt_store_reg(cpu_V0, wrd);
1833 gen_op_iwmmxt_set_mup();
1834 }
1835 return 0;
1836 }
1837
1838 wrd = (insn >> 12) & 0xf;
1839 addr = tcg_temp_new_i32();
1840 if (gen_iwmmxt_address(s, insn, addr)) {
1841 tcg_temp_free_i32(addr);
1842 return 1;
1843 }
1844 if (insn & ARM_CP_RW_BIT) {
1845 if ((insn >> 28) == 0xf) { /* WLDRW wCx */
1846 tmp = tcg_temp_new_i32();
1847 gen_aa32_ld32u(s, tmp, addr, get_mem_index(s));
1848 iwmmxt_store_creg(wrd, tmp);
1849 } else {
1850 i = 1;
1851 if (insn & (1 << 8)) {
1852 if (insn & (1 << 22)) { /* WLDRD */
1853 gen_aa32_ld64(s, cpu_M0, addr, get_mem_index(s));
1854 i = 0;
1855 } else { /* WLDRW wRd */
1856 tmp = tcg_temp_new_i32();
1857 gen_aa32_ld32u(s, tmp, addr, get_mem_index(s));
1858 }
1859 } else {
1860 tmp = tcg_temp_new_i32();
1861 if (insn & (1 << 22)) { /* WLDRH */
1862 gen_aa32_ld16u(s, tmp, addr, get_mem_index(s));
1863 } else { /* WLDRB */
1864 gen_aa32_ld8u(s, tmp, addr, get_mem_index(s));
1865 }
1866 }
1867 if (i) {
1868 tcg_gen_extu_i32_i64(cpu_M0, tmp);
1869 tcg_temp_free_i32(tmp);
1870 }
1871 gen_op_iwmmxt_movq_wRn_M0(wrd);
1872 }
1873 } else {
1874 if ((insn >> 28) == 0xf) { /* WSTRW wCx */
1875 tmp = iwmmxt_load_creg(wrd);
1876 gen_aa32_st32(s, tmp, addr, get_mem_index(s));
1877 } else {
1878 gen_op_iwmmxt_movq_M0_wRn(wrd);
1879 tmp = tcg_temp_new_i32();
1880 if (insn & (1 << 8)) {
1881 if (insn & (1 << 22)) { /* WSTRD */
1882 gen_aa32_st64(s, cpu_M0, addr, get_mem_index(s));
1883 } else { /* WSTRW wRd */
1884 tcg_gen_extrl_i64_i32(tmp, cpu_M0);
1885 gen_aa32_st32(s, tmp, addr, get_mem_index(s));
1886 }
1887 } else {
1888 if (insn & (1 << 22)) { /* WSTRH */
1889 tcg_gen_extrl_i64_i32(tmp, cpu_M0);
1890 gen_aa32_st16(s, tmp, addr, get_mem_index(s));
1891 } else { /* WSTRB */
1892 tcg_gen_extrl_i64_i32(tmp, cpu_M0);
1893 gen_aa32_st8(s, tmp, addr, get_mem_index(s));
1894 }
1895 }
1896 }
1897 tcg_temp_free_i32(tmp);
1898 }
1899 tcg_temp_free_i32(addr);
1900 return 0;
1901 }
1902
1903 if ((insn & 0x0f000000) != 0x0e000000)
1904 return 1;
1905
1906 switch (((insn >> 12) & 0xf00) | ((insn >> 4) & 0xff)) {
1907 case 0x000: /* WOR */
1908 wrd = (insn >> 12) & 0xf;
1909 rd0 = (insn >> 0) & 0xf;
1910 rd1 = (insn >> 16) & 0xf;
1911 gen_op_iwmmxt_movq_M0_wRn(rd0);
1912 gen_op_iwmmxt_orq_M0_wRn(rd1);
1913 gen_op_iwmmxt_setpsr_nz();
1914 gen_op_iwmmxt_movq_wRn_M0(wrd);
1915 gen_op_iwmmxt_set_mup();
1916 gen_op_iwmmxt_set_cup();
1917 break;
1918 case 0x011: /* TMCR */
1919 if (insn & 0xf)
1920 return 1;
1921 rd = (insn >> 12) & 0xf;
1922 wrd = (insn >> 16) & 0xf;
1923 switch (wrd) {
1924 case ARM_IWMMXT_wCID:
1925 case ARM_IWMMXT_wCASF:
1926 break;
1927 case ARM_IWMMXT_wCon:
1928 gen_op_iwmmxt_set_cup();
1929 /* Fall through. */
1930 case ARM_IWMMXT_wCSSF:
1931 tmp = iwmmxt_load_creg(wrd);
1932 tmp2 = load_reg(s, rd);
1933 tcg_gen_andc_i32(tmp, tmp, tmp2);
1934 tcg_temp_free_i32(tmp2);
1935 iwmmxt_store_creg(wrd, tmp);
1936 break;
1937 case ARM_IWMMXT_wCGR0:
1938 case ARM_IWMMXT_wCGR1:
1939 case ARM_IWMMXT_wCGR2:
1940 case ARM_IWMMXT_wCGR3:
1941 gen_op_iwmmxt_set_cup();
1942 tmp = load_reg(s, rd);
1943 iwmmxt_store_creg(wrd, tmp);
1944 break;
1945 default:
1946 return 1;
1947 }
1948 break;
1949 case 0x100: /* WXOR */
1950 wrd = (insn >> 12) & 0xf;
1951 rd0 = (insn >> 0) & 0xf;
1952 rd1 = (insn >> 16) & 0xf;
1953 gen_op_iwmmxt_movq_M0_wRn(rd0);
1954 gen_op_iwmmxt_xorq_M0_wRn(rd1);
1955 gen_op_iwmmxt_setpsr_nz();
1956 gen_op_iwmmxt_movq_wRn_M0(wrd);
1957 gen_op_iwmmxt_set_mup();
1958 gen_op_iwmmxt_set_cup();
1959 break;
1960 case 0x111: /* TMRC */
1961 if (insn & 0xf)
1962 return 1;
1963 rd = (insn >> 12) & 0xf;
1964 wrd = (insn >> 16) & 0xf;
1965 tmp = iwmmxt_load_creg(wrd);
1966 store_reg(s, rd, tmp);
1967 break;
1968 case 0x300: /* WANDN */
1969 wrd = (insn >> 12) & 0xf;
1970 rd0 = (insn >> 0) & 0xf;
1971 rd1 = (insn >> 16) & 0xf;
1972 gen_op_iwmmxt_movq_M0_wRn(rd0);
1973 tcg_gen_neg_i64(cpu_M0, cpu_M0);
1974 gen_op_iwmmxt_andq_M0_wRn(rd1);
1975 gen_op_iwmmxt_setpsr_nz();
1976 gen_op_iwmmxt_movq_wRn_M0(wrd);
1977 gen_op_iwmmxt_set_mup();
1978 gen_op_iwmmxt_set_cup();
1979 break;
1980 case 0x200: /* WAND */
1981 wrd = (insn >> 12) & 0xf;
1982 rd0 = (insn >> 0) & 0xf;
1983 rd1 = (insn >> 16) & 0xf;
1984 gen_op_iwmmxt_movq_M0_wRn(rd0);
1985 gen_op_iwmmxt_andq_M0_wRn(rd1);
1986 gen_op_iwmmxt_setpsr_nz();
1987 gen_op_iwmmxt_movq_wRn_M0(wrd);
1988 gen_op_iwmmxt_set_mup();
1989 gen_op_iwmmxt_set_cup();
1990 break;
1991 case 0x810: case 0xa10: /* WMADD */
1992 wrd = (insn >> 12) & 0xf;
1993 rd0 = (insn >> 0) & 0xf;
1994 rd1 = (insn >> 16) & 0xf;
1995 gen_op_iwmmxt_movq_M0_wRn(rd0);
1996 if (insn & (1 << 21))
1997 gen_op_iwmmxt_maddsq_M0_wRn(rd1);
1998 else
1999 gen_op_iwmmxt_madduq_M0_wRn(rd1);
2000 gen_op_iwmmxt_movq_wRn_M0(wrd);
2001 gen_op_iwmmxt_set_mup();
2002 break;
2003 case 0x10e: case 0x50e: case 0x90e: case 0xd0e: /* WUNPCKIL */
2004 wrd = (insn >> 12) & 0xf;
2005 rd0 = (insn >> 16) & 0xf;
2006 rd1 = (insn >> 0) & 0xf;
2007 gen_op_iwmmxt_movq_M0_wRn(rd0);
2008 switch ((insn >> 22) & 3) {
2009 case 0:
2010 gen_op_iwmmxt_unpacklb_M0_wRn(rd1);
2011 break;
2012 case 1:
2013 gen_op_iwmmxt_unpacklw_M0_wRn(rd1);
2014 break;
2015 case 2:
2016 gen_op_iwmmxt_unpackll_M0_wRn(rd1);
2017 break;
2018 case 3:
2019 return 1;
2020 }
2021 gen_op_iwmmxt_movq_wRn_M0(wrd);
2022 gen_op_iwmmxt_set_mup();
2023 gen_op_iwmmxt_set_cup();
2024 break;
2025 case 0x10c: case 0x50c: case 0x90c: case 0xd0c: /* WUNPCKIH */
2026 wrd = (insn >> 12) & 0xf;
2027 rd0 = (insn >> 16) & 0xf;
2028 rd1 = (insn >> 0) & 0xf;
2029 gen_op_iwmmxt_movq_M0_wRn(rd0);
2030 switch ((insn >> 22) & 3) {
2031 case 0:
2032 gen_op_iwmmxt_unpackhb_M0_wRn(rd1);
2033 break;
2034 case 1:
2035 gen_op_iwmmxt_unpackhw_M0_wRn(rd1);
2036 break;
2037 case 2:
2038 gen_op_iwmmxt_unpackhl_M0_wRn(rd1);
2039 break;
2040 case 3:
2041 return 1;
2042 }
2043 gen_op_iwmmxt_movq_wRn_M0(wrd);
2044 gen_op_iwmmxt_set_mup();
2045 gen_op_iwmmxt_set_cup();
2046 break;
2047 case 0x012: case 0x112: case 0x412: case 0x512: /* WSAD */
2048 wrd = (insn >> 12) & 0xf;
2049 rd0 = (insn >> 16) & 0xf;
2050 rd1 = (insn >> 0) & 0xf;
2051 gen_op_iwmmxt_movq_M0_wRn(rd0);
2052 if (insn & (1 << 22))
2053 gen_op_iwmmxt_sadw_M0_wRn(rd1);
2054 else
2055 gen_op_iwmmxt_sadb_M0_wRn(rd1);
2056 if (!(insn & (1 << 20)))
2057 gen_op_iwmmxt_addl_M0_wRn(wrd);
2058 gen_op_iwmmxt_movq_wRn_M0(wrd);
2059 gen_op_iwmmxt_set_mup();
2060 break;
2061 case 0x010: case 0x110: case 0x210: case 0x310: /* WMUL */
2062 wrd = (insn >> 12) & 0xf;
2063 rd0 = (insn >> 16) & 0xf;
2064 rd1 = (insn >> 0) & 0xf;
2065 gen_op_iwmmxt_movq_M0_wRn(rd0);
2066 if (insn & (1 << 21)) {
2067 if (insn & (1 << 20))
2068 gen_op_iwmmxt_mulshw_M0_wRn(rd1);
2069 else
2070 gen_op_iwmmxt_mulslw_M0_wRn(rd1);
2071 } else {
2072 if (insn & (1 << 20))
2073 gen_op_iwmmxt_muluhw_M0_wRn(rd1);
2074 else
2075 gen_op_iwmmxt_mululw_M0_wRn(rd1);
2076 }
2077 gen_op_iwmmxt_movq_wRn_M0(wrd);
2078 gen_op_iwmmxt_set_mup();
2079 break;
2080 case 0x410: case 0x510: case 0x610: case 0x710: /* WMAC */
2081 wrd = (insn >> 12) & 0xf;
2082 rd0 = (insn >> 16) & 0xf;
2083 rd1 = (insn >> 0) & 0xf;
2084 gen_op_iwmmxt_movq_M0_wRn(rd0);
2085 if (insn & (1 << 21))
2086 gen_op_iwmmxt_macsw_M0_wRn(rd1);
2087 else
2088 gen_op_iwmmxt_macuw_M0_wRn(rd1);
2089 if (!(insn & (1 << 20))) {
2090 iwmmxt_load_reg(cpu_V1, wrd);
2091 tcg_gen_add_i64(cpu_M0, cpu_M0, cpu_V1);
2092 }
2093 gen_op_iwmmxt_movq_wRn_M0(wrd);
2094 gen_op_iwmmxt_set_mup();
2095 break;
2096 case 0x006: case 0x406: case 0x806: case 0xc06: /* WCMPEQ */
2097 wrd = (insn >> 12) & 0xf;
2098 rd0 = (insn >> 16) & 0xf;
2099 rd1 = (insn >> 0) & 0xf;
2100 gen_op_iwmmxt_movq_M0_wRn(rd0);
2101 switch ((insn >> 22) & 3) {
2102 case 0:
2103 gen_op_iwmmxt_cmpeqb_M0_wRn(rd1);
2104 break;
2105 case 1:
2106 gen_op_iwmmxt_cmpeqw_M0_wRn(rd1);
2107 break;
2108 case 2:
2109 gen_op_iwmmxt_cmpeql_M0_wRn(rd1);
2110 break;
2111 case 3:
2112 return 1;
2113 }
2114 gen_op_iwmmxt_movq_wRn_M0(wrd);
2115 gen_op_iwmmxt_set_mup();
2116 gen_op_iwmmxt_set_cup();
2117 break;
2118 case 0x800: case 0x900: case 0xc00: case 0xd00: /* WAVG2 */
2119 wrd = (insn >> 12) & 0xf;
2120 rd0 = (insn >> 16) & 0xf;
2121 rd1 = (insn >> 0) & 0xf;
2122 gen_op_iwmmxt_movq_M0_wRn(rd0);
2123 if (insn & (1 << 22)) {
2124 if (insn & (1 << 20))
2125 gen_op_iwmmxt_avgw1_M0_wRn(rd1);
2126 else
2127 gen_op_iwmmxt_avgw0_M0_wRn(rd1);
2128 } else {
2129 if (insn & (1 << 20))
2130 gen_op_iwmmxt_avgb1_M0_wRn(rd1);
2131 else
2132 gen_op_iwmmxt_avgb0_M0_wRn(rd1);
2133 }
2134 gen_op_iwmmxt_movq_wRn_M0(wrd);
2135 gen_op_iwmmxt_set_mup();
2136 gen_op_iwmmxt_set_cup();
2137 break;
2138 case 0x802: case 0x902: case 0xa02: case 0xb02: /* WALIGNR */
2139 wrd = (insn >> 12) & 0xf;
2140 rd0 = (insn >> 16) & 0xf;
2141 rd1 = (insn >> 0) & 0xf;
2142 gen_op_iwmmxt_movq_M0_wRn(rd0);
2143 tmp = iwmmxt_load_creg(ARM_IWMMXT_wCGR0 + ((insn >> 20) & 3));
2144 tcg_gen_andi_i32(tmp, tmp, 7);
2145 iwmmxt_load_reg(cpu_V1, rd1);
2146 gen_helper_iwmmxt_align(cpu_M0, cpu_M0, cpu_V1, tmp);
2147 tcg_temp_free_i32(tmp);
2148 gen_op_iwmmxt_movq_wRn_M0(wrd);
2149 gen_op_iwmmxt_set_mup();
2150 break;
2151 case 0x601: case 0x605: case 0x609: case 0x60d: /* TINSR */
2152 if (((insn >> 6) & 3) == 3)
2153 return 1;
2154 rd = (insn >> 12) & 0xf;
2155 wrd = (insn >> 16) & 0xf;
2156 tmp = load_reg(s, rd);
2157 gen_op_iwmmxt_movq_M0_wRn(wrd);
2158 switch ((insn >> 6) & 3) {
2159 case 0:
2160 tmp2 = tcg_const_i32(0xff);
2161 tmp3 = tcg_const_i32((insn & 7) << 3);
2162 break;
2163 case 1:
2164 tmp2 = tcg_const_i32(0xffff);
2165 tmp3 = tcg_const_i32((insn & 3) << 4);
2166 break;
2167 case 2:
2168 tmp2 = tcg_const_i32(0xffffffff);
2169 tmp3 = tcg_const_i32((insn & 1) << 5);
2170 break;
2171 default:
2172 tmp2 = NULL;
2173 tmp3 = NULL;
2174 }
2175 gen_helper_iwmmxt_insr(cpu_M0, cpu_M0, tmp, tmp2, tmp3);
2176 tcg_temp_free_i32(tmp3);
2177 tcg_temp_free_i32(tmp2);
2178 tcg_temp_free_i32(tmp);
2179 gen_op_iwmmxt_movq_wRn_M0(wrd);
2180 gen_op_iwmmxt_set_mup();
2181 break;
2182 case 0x107: case 0x507: case 0x907: case 0xd07: /* TEXTRM */
2183 rd = (insn >> 12) & 0xf;
2184 wrd = (insn >> 16) & 0xf;
2185 if (rd == 15 || ((insn >> 22) & 3) == 3)
2186 return 1;
2187 gen_op_iwmmxt_movq_M0_wRn(wrd);
2188 tmp = tcg_temp_new_i32();
2189 switch ((insn >> 22) & 3) {
2190 case 0:
2191 tcg_gen_shri_i64(cpu_M0, cpu_M0, (insn & 7) << 3);
2192 tcg_gen_extrl_i64_i32(tmp, cpu_M0);
2193 if (insn & 8) {
2194 tcg_gen_ext8s_i32(tmp, tmp);
2195 } else {
2196 tcg_gen_andi_i32(tmp, tmp, 0xff);
2197 }
2198 break;
2199 case 1:
2200 tcg_gen_shri_i64(cpu_M0, cpu_M0, (insn & 3) << 4);
2201 tcg_gen_extrl_i64_i32(tmp, cpu_M0);
2202 if (insn & 8) {
2203 tcg_gen_ext16s_i32(tmp, tmp);
2204 } else {
2205 tcg_gen_andi_i32(tmp, tmp, 0xffff);
2206 }
2207 break;
2208 case 2:
2209 tcg_gen_shri_i64(cpu_M0, cpu_M0, (insn & 1) << 5);
2210 tcg_gen_extrl_i64_i32(tmp, cpu_M0);
2211 break;
2212 }
2213 store_reg(s, rd, tmp);
2214 break;
2215 case 0x117: case 0x517: case 0x917: case 0xd17: /* TEXTRC */
2216 if ((insn & 0x000ff008) != 0x0003f000 || ((insn >> 22) & 3) == 3)
2217 return 1;
2218 tmp = iwmmxt_load_creg(ARM_IWMMXT_wCASF);
2219 switch ((insn >> 22) & 3) {
2220 case 0:
2221 tcg_gen_shri_i32(tmp, tmp, ((insn & 7) << 2) + 0);
2222 break;
2223 case 1:
2224 tcg_gen_shri_i32(tmp, tmp, ((insn & 3) << 3) + 4);
2225 break;
2226 case 2:
2227 tcg_gen_shri_i32(tmp, tmp, ((insn & 1) << 4) + 12);
2228 break;
2229 }
2230 tcg_gen_shli_i32(tmp, tmp, 28);
2231 gen_set_nzcv(tmp);
2232 tcg_temp_free_i32(tmp);
2233 break;
2234 case 0x401: case 0x405: case 0x409: case 0x40d: /* TBCST */
2235 if (((insn >> 6) & 3) == 3)
2236 return 1;
2237 rd = (insn >> 12) & 0xf;
2238 wrd = (insn >> 16) & 0xf;
2239 tmp = load_reg(s, rd);
2240 switch ((insn >> 6) & 3) {
2241 case 0:
2242 gen_helper_iwmmxt_bcstb(cpu_M0, tmp);
2243 break;
2244 case 1:
2245 gen_helper_iwmmxt_bcstw(cpu_M0, tmp);
2246 break;
2247 case 2:
2248 gen_helper_iwmmxt_bcstl(cpu_M0, tmp);
2249 break;
2250 }
2251 tcg_temp_free_i32(tmp);
2252 gen_op_iwmmxt_movq_wRn_M0(wrd);
2253 gen_op_iwmmxt_set_mup();
2254 break;
2255 case 0x113: case 0x513: case 0x913: case 0xd13: /* TANDC */
2256 if ((insn & 0x000ff00f) != 0x0003f000 || ((insn >> 22) & 3) == 3)
2257 return 1;
2258 tmp = iwmmxt_load_creg(ARM_IWMMXT_wCASF);
2259 tmp2 = tcg_temp_new_i32();
2260 tcg_gen_mov_i32(tmp2, tmp);
2261 switch ((insn >> 22) & 3) {
2262 case 0:
2263 for (i = 0; i < 7; i ++) {
2264 tcg_gen_shli_i32(tmp2, tmp2, 4);
2265 tcg_gen_and_i32(tmp, tmp, tmp2);
2266 }
2267 break;
2268 case 1:
2269 for (i = 0; i < 3; i ++) {
2270 tcg_gen_shli_i32(tmp2, tmp2, 8);
2271 tcg_gen_and_i32(tmp, tmp, tmp2);
2272 }
2273 break;
2274 case 2:
2275 tcg_gen_shli_i32(tmp2, tmp2, 16);
2276 tcg_gen_and_i32(tmp, tmp, tmp2);
2277 break;
2278 }
2279 gen_set_nzcv(tmp);
2280 tcg_temp_free_i32(tmp2);
2281 tcg_temp_free_i32(tmp);
2282 break;
2283 case 0x01c: case 0x41c: case 0x81c: case 0xc1c: /* WACC */
2284 wrd = (insn >> 12) & 0xf;
2285 rd0 = (insn >> 16) & 0xf;
2286 gen_op_iwmmxt_movq_M0_wRn(rd0);
2287 switch ((insn >> 22) & 3) {
2288 case 0:
2289 gen_helper_iwmmxt_addcb(cpu_M0, cpu_M0);
2290 break;
2291 case 1:
2292 gen_helper_iwmmxt_addcw(cpu_M0, cpu_M0);
2293 break;
2294 case 2:
2295 gen_helper_iwmmxt_addcl(cpu_M0, cpu_M0);
2296 break;
2297 case 3:
2298 return 1;
2299 }
2300 gen_op_iwmmxt_movq_wRn_M0(wrd);
2301 gen_op_iwmmxt_set_mup();
2302 break;
2303 case 0x115: case 0x515: case 0x915: case 0xd15: /* TORC */
2304 if ((insn & 0x000ff00f) != 0x0003f000 || ((insn >> 22) & 3) == 3)
2305 return 1;
2306 tmp = iwmmxt_load_creg(ARM_IWMMXT_wCASF);
2307 tmp2 = tcg_temp_new_i32();
2308 tcg_gen_mov_i32(tmp2, tmp);
2309 switch ((insn >> 22) & 3) {
2310 case 0:
2311 for (i = 0; i < 7; i ++) {
2312 tcg_gen_shli_i32(tmp2, tmp2, 4);
2313 tcg_gen_or_i32(tmp, tmp, tmp2);
2314 }
2315 break;
2316 case 1:
2317 for (i = 0; i < 3; i ++) {
2318 tcg_gen_shli_i32(tmp2, tmp2, 8);
2319 tcg_gen_or_i32(tmp, tmp, tmp2);
2320 }
2321 break;
2322 case 2:
2323 tcg_gen_shli_i32(tmp2, tmp2, 16);
2324 tcg_gen_or_i32(tmp, tmp, tmp2);
2325 break;
2326 }
2327 gen_set_nzcv(tmp);
2328 tcg_temp_free_i32(tmp2);
2329 tcg_temp_free_i32(tmp);
2330 break;
2331 case 0x103: case 0x503: case 0x903: case 0xd03: /* TMOVMSK */
2332 rd = (insn >> 12) & 0xf;
2333 rd0 = (insn >> 16) & 0xf;
2334 if ((insn & 0xf) != 0 || ((insn >> 22) & 3) == 3)
2335 return 1;
2336 gen_op_iwmmxt_movq_M0_wRn(rd0);
2337 tmp = tcg_temp_new_i32();
2338 switch ((insn >> 22) & 3) {
2339 case 0:
2340 gen_helper_iwmmxt_msbb(tmp, cpu_M0);
2341 break;
2342 case 1:
2343 gen_helper_iwmmxt_msbw(tmp, cpu_M0);
2344 break;
2345 case 2:
2346 gen_helper_iwmmxt_msbl(tmp, cpu_M0);
2347 break;
2348 }
2349 store_reg(s, rd, tmp);
2350 break;
2351 case 0x106: case 0x306: case 0x506: case 0x706: /* WCMPGT */
2352 case 0x906: case 0xb06: case 0xd06: case 0xf06:
2353 wrd = (insn >> 12) & 0xf;
2354 rd0 = (insn >> 16) & 0xf;
2355 rd1 = (insn >> 0) & 0xf;
2356 gen_op_iwmmxt_movq_M0_wRn(rd0);
2357 switch ((insn >> 22) & 3) {
2358 case 0:
2359 if (insn & (1 << 21))
2360 gen_op_iwmmxt_cmpgtsb_M0_wRn(rd1);
2361 else
2362 gen_op_iwmmxt_cmpgtub_M0_wRn(rd1);
2363 break;
2364 case 1:
2365 if (insn & (1 << 21))
2366 gen_op_iwmmxt_cmpgtsw_M0_wRn(rd1);
2367 else
2368 gen_op_iwmmxt_cmpgtuw_M0_wRn(rd1);
2369 break;
2370 case 2:
2371 if (insn & (1 << 21))
2372 gen_op_iwmmxt_cmpgtsl_M0_wRn(rd1);
2373 else
2374 gen_op_iwmmxt_cmpgtul_M0_wRn(rd1);
2375 break;
2376 case 3:
2377 return 1;
2378 }
2379 gen_op_iwmmxt_movq_wRn_M0(wrd);
2380 gen_op_iwmmxt_set_mup();
2381 gen_op_iwmmxt_set_cup();
2382 break;
2383 case 0x00e: case 0x20e: case 0x40e: case 0x60e: /* WUNPCKEL */
2384 case 0x80e: case 0xa0e: case 0xc0e: case 0xe0e:
2385 wrd = (insn >> 12) & 0xf;
2386 rd0 = (insn >> 16) & 0xf;
2387 gen_op_iwmmxt_movq_M0_wRn(rd0);
2388 switch ((insn >> 22) & 3) {
2389 case 0:
2390 if (insn & (1 << 21))
2391 gen_op_iwmmxt_unpacklsb_M0();
2392 else
2393 gen_op_iwmmxt_unpacklub_M0();
2394 break;
2395 case 1:
2396 if (insn & (1 << 21))
2397 gen_op_iwmmxt_unpacklsw_M0();
2398 else
2399 gen_op_iwmmxt_unpackluw_M0();
2400 break;
2401 case 2:
2402 if (insn & (1 << 21))
2403 gen_op_iwmmxt_unpacklsl_M0();
2404 else
2405 gen_op_iwmmxt_unpacklul_M0();
2406 break;
2407 case 3:
2408 return 1;
2409 }
2410 gen_op_iwmmxt_movq_wRn_M0(wrd);
2411 gen_op_iwmmxt_set_mup();
2412 gen_op_iwmmxt_set_cup();
2413 break;
2414 case 0x00c: case 0x20c: case 0x40c: case 0x60c: /* WUNPCKEH */
2415 case 0x80c: case 0xa0c: case 0xc0c: case 0xe0c:
2416 wrd = (insn >> 12) & 0xf;
2417 rd0 = (insn >> 16) & 0xf;
2418 gen_op_iwmmxt_movq_M0_wRn(rd0);
2419 switch ((insn >> 22) & 3) {
2420 case 0:
2421 if (insn & (1 << 21))
2422 gen_op_iwmmxt_unpackhsb_M0();
2423 else
2424 gen_op_iwmmxt_unpackhub_M0();
2425 break;
2426 case 1:
2427 if (insn & (1 << 21))
2428 gen_op_iwmmxt_unpackhsw_M0();
2429 else
2430 gen_op_iwmmxt_unpackhuw_M0();
2431 break;
2432 case 2:
2433 if (insn & (1 << 21))
2434 gen_op_iwmmxt_unpackhsl_M0();
2435 else
2436 gen_op_iwmmxt_unpackhul_M0();
2437 break;
2438 case 3:
2439 return 1;
2440 }
2441 gen_op_iwmmxt_movq_wRn_M0(wrd);
2442 gen_op_iwmmxt_set_mup();
2443 gen_op_iwmmxt_set_cup();
2444 break;
2445 case 0x204: case 0x604: case 0xa04: case 0xe04: /* WSRL */
2446 case 0x214: case 0x614: case 0xa14: case 0xe14:
2447 if (((insn >> 22) & 3) == 0)
2448 return 1;
2449 wrd = (insn >> 12) & 0xf;
2450 rd0 = (insn >> 16) & 0xf;
2451 gen_op_iwmmxt_movq_M0_wRn(rd0);
2452 tmp = tcg_temp_new_i32();
2453 if (gen_iwmmxt_shift(insn, 0xff, tmp)) {
2454 tcg_temp_free_i32(tmp);
2455 return 1;
2456 }
2457 switch ((insn >> 22) & 3) {
2458 case 1:
2459 gen_helper_iwmmxt_srlw(cpu_M0, cpu_env, cpu_M0, tmp);
2460 break;
2461 case 2:
2462 gen_helper_iwmmxt_srll(cpu_M0, cpu_env, cpu_M0, tmp);
2463 break;
2464 case 3:
2465 gen_helper_iwmmxt_srlq(cpu_M0, cpu_env, cpu_M0, tmp);
2466 break;
2467 }
2468 tcg_temp_free_i32(tmp);
2469 gen_op_iwmmxt_movq_wRn_M0(wrd);
2470 gen_op_iwmmxt_set_mup();
2471 gen_op_iwmmxt_set_cup();
2472 break;
2473 case 0x004: case 0x404: case 0x804: case 0xc04: /* WSRA */
2474 case 0x014: case 0x414: case 0x814: case 0xc14:
2475 if (((insn >> 22) & 3) == 0)
2476 return 1;
2477 wrd = (insn >> 12) & 0xf;
2478 rd0 = (insn >> 16) & 0xf;
2479 gen_op_iwmmxt_movq_M0_wRn(rd0);
2480 tmp = tcg_temp_new_i32();
2481 if (gen_iwmmxt_shift(insn, 0xff, tmp)) {
2482 tcg_temp_free_i32(tmp);
2483 return 1;
2484 }
2485 switch ((insn >> 22) & 3) {
2486 case 1:
2487 gen_helper_iwmmxt_sraw(cpu_M0, cpu_env, cpu_M0, tmp);
2488 break;
2489 case 2:
2490 gen_helper_iwmmxt_sral(cpu_M0, cpu_env, cpu_M0, tmp);
2491 break;
2492 case 3:
2493 gen_helper_iwmmxt_sraq(cpu_M0, cpu_env, cpu_M0, tmp);
2494 break;
2495 }
2496 tcg_temp_free_i32(tmp);
2497 gen_op_iwmmxt_movq_wRn_M0(wrd);
2498 gen_op_iwmmxt_set_mup();
2499 gen_op_iwmmxt_set_cup();
2500 break;
2501 case 0x104: case 0x504: case 0x904: case 0xd04: /* WSLL */
2502 case 0x114: case 0x514: case 0x914: case 0xd14:
2503 if (((insn >> 22) & 3) == 0)
2504 return 1;
2505 wrd = (insn >> 12) & 0xf;
2506 rd0 = (insn >> 16) & 0xf;
2507 gen_op_iwmmxt_movq_M0_wRn(rd0);
2508 tmp = tcg_temp_new_i32();
2509 if (gen_iwmmxt_shift(insn, 0xff, tmp)) {
2510 tcg_temp_free_i32(tmp);
2511 return 1;
2512 }
2513 switch ((insn >> 22) & 3) {
2514 case 1:
2515 gen_helper_iwmmxt_sllw(cpu_M0, cpu_env, cpu_M0, tmp);
2516 break;
2517 case 2:
2518 gen_helper_iwmmxt_slll(cpu_M0, cpu_env, cpu_M0, tmp);
2519 break;
2520 case 3:
2521 gen_helper_iwmmxt_sllq(cpu_M0, cpu_env, cpu_M0, tmp);
2522 break;
2523 }
2524 tcg_temp_free_i32(tmp);
2525 gen_op_iwmmxt_movq_wRn_M0(wrd);
2526 gen_op_iwmmxt_set_mup();
2527 gen_op_iwmmxt_set_cup();
2528 break;
2529 case 0x304: case 0x704: case 0xb04: case 0xf04: /* WROR */
2530 case 0x314: case 0x714: case 0xb14: case 0xf14:
2531 if (((insn >> 22) & 3) == 0)
2532 return 1;
2533 wrd = (insn >> 12) & 0xf;
2534 rd0 = (insn >> 16) & 0xf;
2535 gen_op_iwmmxt_movq_M0_wRn(rd0);
2536 tmp = tcg_temp_new_i32();
2537 switch ((insn >> 22) & 3) {
2538 case 1:
2539 if (gen_iwmmxt_shift(insn, 0xf, tmp)) {
2540 tcg_temp_free_i32(tmp);
2541 return 1;
2542 }
2543 gen_helper_iwmmxt_rorw(cpu_M0, cpu_env, cpu_M0, tmp);
2544 break;
2545 case 2:
2546 if (gen_iwmmxt_shift(insn, 0x1f, tmp)) {
2547 tcg_temp_free_i32(tmp);
2548 return 1;
2549 }
2550 gen_helper_iwmmxt_rorl(cpu_M0, cpu_env, cpu_M0, tmp);
2551 break;
2552 case 3:
2553 if (gen_iwmmxt_shift(insn, 0x3f, tmp)) {
2554 tcg_temp_free_i32(tmp);
2555 return 1;
2556 }
2557 gen_helper_iwmmxt_rorq(cpu_M0, cpu_env, cpu_M0, tmp);
2558 break;
2559 }
2560 tcg_temp_free_i32(tmp);
2561 gen_op_iwmmxt_movq_wRn_M0(wrd);
2562 gen_op_iwmmxt_set_mup();
2563 gen_op_iwmmxt_set_cup();
2564 break;
2565 case 0x116: case 0x316: case 0x516: case 0x716: /* WMIN */
2566 case 0x916: case 0xb16: case 0xd16: case 0xf16:
2567 wrd = (insn >> 12) & 0xf;
2568 rd0 = (insn >> 16) & 0xf;
2569 rd1 = (insn >> 0) & 0xf;
2570 gen_op_iwmmxt_movq_M0_wRn(rd0);
2571 switch ((insn >> 22) & 3) {
2572 case 0:
2573 if (insn & (1 << 21))
2574 gen_op_iwmmxt_minsb_M0_wRn(rd1);
2575 else
2576 gen_op_iwmmxt_minub_M0_wRn(rd1);
2577 break;
2578 case 1:
2579 if (insn & (1 << 21))
2580 gen_op_iwmmxt_minsw_M0_wRn(rd1);
2581 else
2582 gen_op_iwmmxt_minuw_M0_wRn(rd1);
2583 break;
2584 case 2:
2585 if (insn & (1 << 21))
2586 gen_op_iwmmxt_minsl_M0_wRn(rd1);
2587 else
2588 gen_op_iwmmxt_minul_M0_wRn(rd1);
2589 break;
2590 case 3:
2591 return 1;
2592 }
2593 gen_op_iwmmxt_movq_wRn_M0(wrd);
2594 gen_op_iwmmxt_set_mup();
2595 break;
2596 case 0x016: case 0x216: case 0x416: case 0x616: /* WMAX */
2597 case 0x816: case 0xa16: case 0xc16: case 0xe16:
2598 wrd = (insn >> 12) & 0xf;
2599 rd0 = (insn >> 16) & 0xf;
2600 rd1 = (insn >> 0) & 0xf;
2601 gen_op_iwmmxt_movq_M0_wRn(rd0);
2602 switch ((insn >> 22) & 3) {
2603 case 0:
2604 if (insn & (1 << 21))
2605 gen_op_iwmmxt_maxsb_M0_wRn(rd1);
2606 else
2607 gen_op_iwmmxt_maxub_M0_wRn(rd1);
2608 break;
2609 case 1:
2610 if (insn & (1 << 21))
2611 gen_op_iwmmxt_maxsw_M0_wRn(rd1);
2612 else
2613 gen_op_iwmmxt_maxuw_M0_wRn(rd1);
2614 break;
2615 case 2:
2616 if (insn & (1 << 21))
2617 gen_op_iwmmxt_maxsl_M0_wRn(rd1);
2618 else
2619 gen_op_iwmmxt_maxul_M0_wRn(rd1);
2620 break;
2621 case 3:
2622 return 1;
2623 }
2624 gen_op_iwmmxt_movq_wRn_M0(wrd);
2625 gen_op_iwmmxt_set_mup();
2626 break;
2627 case 0x002: case 0x102: case 0x202: case 0x302: /* WALIGNI */
2628 case 0x402: case 0x502: case 0x602: case 0x702:
2629 wrd = (insn >> 12) & 0xf;
2630 rd0 = (insn >> 16) & 0xf;
2631 rd1 = (insn >> 0) & 0xf;
2632 gen_op_iwmmxt_movq_M0_wRn(rd0);
2633 tmp = tcg_const_i32((insn >> 20) & 3);
2634 iwmmxt_load_reg(cpu_V1, rd1);
2635 gen_helper_iwmmxt_align(cpu_M0, cpu_M0, cpu_V1, tmp);
2636 tcg_temp_free_i32(tmp);
2637 gen_op_iwmmxt_movq_wRn_M0(wrd);
2638 gen_op_iwmmxt_set_mup();
2639 break;
2640 case 0x01a: case 0x11a: case 0x21a: case 0x31a: /* WSUB */
2641 case 0x41a: case 0x51a: case 0x61a: case 0x71a:
2642 case 0x81a: case 0x91a: case 0xa1a: case 0xb1a:
2643 case 0xc1a: case 0xd1a: case 0xe1a: case 0xf1a:
2644 wrd = (insn >> 12) & 0xf;
2645 rd0 = (insn >> 16) & 0xf;
2646 rd1 = (insn >> 0) & 0xf;
2647 gen_op_iwmmxt_movq_M0_wRn(rd0);
2648 switch ((insn >> 20) & 0xf) {
2649 case 0x0:
2650 gen_op_iwmmxt_subnb_M0_wRn(rd1);
2651 break;
2652 case 0x1:
2653 gen_op_iwmmxt_subub_M0_wRn(rd1);
2654 break;
2655 case 0x3:
2656 gen_op_iwmmxt_subsb_M0_wRn(rd1);
2657 break;
2658 case 0x4:
2659 gen_op_iwmmxt_subnw_M0_wRn(rd1);
2660 break;
2661 case 0x5:
2662 gen_op_iwmmxt_subuw_M0_wRn(rd1);
2663 break;
2664 case 0x7:
2665 gen_op_iwmmxt_subsw_M0_wRn(rd1);
2666 break;
2667 case 0x8:
2668 gen_op_iwmmxt_subnl_M0_wRn(rd1);
2669 break;
2670 case 0x9:
2671 gen_op_iwmmxt_subul_M0_wRn(rd1);
2672 break;
2673 case 0xb:
2674 gen_op_iwmmxt_subsl_M0_wRn(rd1);
2675 break;
2676 default:
2677 return 1;
2678 }
2679 gen_op_iwmmxt_movq_wRn_M0(wrd);
2680 gen_op_iwmmxt_set_mup();
2681 gen_op_iwmmxt_set_cup();
2682 break;
2683 case 0x01e: case 0x11e: case 0x21e: case 0x31e: /* WSHUFH */
2684 case 0x41e: case 0x51e: case 0x61e: case 0x71e:
2685 case 0x81e: case 0x91e: case 0xa1e: case 0xb1e:
2686 case 0xc1e: case 0xd1e: case 0xe1e: case 0xf1e:
2687 wrd = (insn >> 12) & 0xf;
2688 rd0 = (insn >> 16) & 0xf;
2689 gen_op_iwmmxt_movq_M0_wRn(rd0);
2690 tmp = tcg_const_i32(((insn >> 16) & 0xf0) | (insn & 0x0f));
2691 gen_helper_iwmmxt_shufh(cpu_M0, cpu_env, cpu_M0, tmp);
2692 tcg_temp_free_i32(tmp);
2693 gen_op_iwmmxt_movq_wRn_M0(wrd);
2694 gen_op_iwmmxt_set_mup();
2695 gen_op_iwmmxt_set_cup();
2696 break;
2697 case 0x018: case 0x118: case 0x218: case 0x318: /* WADD */
2698 case 0x418: case 0x518: case 0x618: case 0x718:
2699 case 0x818: case 0x918: case 0xa18: case 0xb18:
2700 case 0xc18: case 0xd18: case 0xe18: case 0xf18:
2701 wrd = (insn >> 12) & 0xf;
2702 rd0 = (insn >> 16) & 0xf;
2703 rd1 = (insn >> 0) & 0xf;
2704 gen_op_iwmmxt_movq_M0_wRn(rd0);
2705 switch ((insn >> 20) & 0xf) {
2706 case 0x0:
2707 gen_op_iwmmxt_addnb_M0_wRn(rd1);
2708 break;
2709 case 0x1:
2710 gen_op_iwmmxt_addub_M0_wRn(rd1);
2711 break;
2712 case 0x3:
2713 gen_op_iwmmxt_addsb_M0_wRn(rd1);
2714 break;
2715 case 0x4:
2716 gen_op_iwmmxt_addnw_M0_wRn(rd1);
2717 break;
2718 case 0x5:
2719 gen_op_iwmmxt_adduw_M0_wRn(rd1);
2720 break;
2721 case 0x7:
2722 gen_op_iwmmxt_addsw_M0_wRn(rd1);
2723 break;
2724 case 0x8:
2725 gen_op_iwmmxt_addnl_M0_wRn(rd1);
2726 break;
2727 case 0x9:
2728 gen_op_iwmmxt_addul_M0_wRn(rd1);
2729 break;
2730 case 0xb:
2731 gen_op_iwmmxt_addsl_M0_wRn(rd1);
2732 break;
2733 default:
2734 return 1;
2735 }
2736 gen_op_iwmmxt_movq_wRn_M0(wrd);
2737 gen_op_iwmmxt_set_mup();
2738 gen_op_iwmmxt_set_cup();
2739 break;
2740 case 0x008: case 0x108: case 0x208: case 0x308: /* WPACK */
2741 case 0x408: case 0x508: case 0x608: case 0x708:
2742 case 0x808: case 0x908: case 0xa08: case 0xb08:
2743 case 0xc08: case 0xd08: case 0xe08: case 0xf08:
2744 if (!(insn & (1 << 20)) || ((insn >> 22) & 3) == 0)
2745 return 1;
2746 wrd = (insn >> 12) & 0xf;
2747 rd0 = (insn >> 16) & 0xf;
2748 rd1 = (insn >> 0) & 0xf;
2749 gen_op_iwmmxt_movq_M0_wRn(rd0);
2750 switch ((insn >> 22) & 3) {
2751 case 1:
2752 if (insn & (1 << 21))
2753 gen_op_iwmmxt_packsw_M0_wRn(rd1);
2754 else
2755 gen_op_iwmmxt_packuw_M0_wRn(rd1);
2756 break;
2757 case 2:
2758 if (insn & (1 << 21))
2759 gen_op_iwmmxt_packsl_M0_wRn(rd1);
2760 else
2761 gen_op_iwmmxt_packul_M0_wRn(rd1);
2762 break;
2763 case 3:
2764 if (insn & (1 << 21))
2765 gen_op_iwmmxt_packsq_M0_wRn(rd1);
2766 else
2767 gen_op_iwmmxt_packuq_M0_wRn(rd1);
2768 break;
2769 }
2770 gen_op_iwmmxt_movq_wRn_M0(wrd);
2771 gen_op_iwmmxt_set_mup();
2772 gen_op_iwmmxt_set_cup();
2773 break;
2774 case 0x201: case 0x203: case 0x205: case 0x207:
2775 case 0x209: case 0x20b: case 0x20d: case 0x20f:
2776 case 0x211: case 0x213: case 0x215: case 0x217:
2777 case 0x219: case 0x21b: case 0x21d: case 0x21f:
2778 wrd = (insn >> 5) & 0xf;
2779 rd0 = (insn >> 12) & 0xf;
2780 rd1 = (insn >> 0) & 0xf;
2781 if (rd0 == 0xf || rd1 == 0xf)
2782 return 1;
2783 gen_op_iwmmxt_movq_M0_wRn(wrd);
2784 tmp = load_reg(s, rd0);
2785 tmp2 = load_reg(s, rd1);
2786 switch ((insn >> 16) & 0xf) {
2787 case 0x0: /* TMIA */
2788 gen_helper_iwmmxt_muladdsl(cpu_M0, cpu_M0, tmp, tmp2);
2789 break;
2790 case 0x8: /* TMIAPH */
2791 gen_helper_iwmmxt_muladdsw(cpu_M0, cpu_M0, tmp, tmp2);
2792 break;
2793 case 0xc: case 0xd: case 0xe: case 0xf: /* TMIAxy */
2794 if (insn & (1 << 16))
2795 tcg_gen_shri_i32(tmp, tmp, 16);
2796 if (insn & (1 << 17))
2797 tcg_gen_shri_i32(tmp2, tmp2, 16);
2798 gen_helper_iwmmxt_muladdswl(cpu_M0, cpu_M0, tmp, tmp2);
2799 break;
2800 default:
2801 tcg_temp_free_i32(tmp2);
2802 tcg_temp_free_i32(tmp);
2803 return 1;
2804 }
2805 tcg_temp_free_i32(tmp2);
2806 tcg_temp_free_i32(tmp);
2807 gen_op_iwmmxt_movq_wRn_M0(wrd);
2808 gen_op_iwmmxt_set_mup();
2809 break;
2810 default:
2811 return 1;
2812 }
2813
2814 return 0;
2815 }
2816
2817 /* Disassemble an XScale DSP instruction. Returns nonzero if an error occurred
2818 (ie. an undefined instruction). */
2819 static int disas_dsp_insn(DisasContext *s, uint32_t insn)
2820 {
2821 int acc, rd0, rd1, rdhi, rdlo;
2822 TCGv_i32 tmp, tmp2;
2823
2824 if ((insn & 0x0ff00f10) == 0x0e200010) {
2825 /* Multiply with Internal Accumulate Format */
2826 rd0 = (insn >> 12) & 0xf;
2827 rd1 = insn & 0xf;
2828 acc = (insn >> 5) & 7;
2829
2830 if (acc != 0)
2831 return 1;
2832
2833 tmp = load_reg(s, rd0);
2834 tmp2 = load_reg(s, rd1);
2835 switch ((insn >> 16) & 0xf) {
2836 case 0x0: /* MIA */
2837 gen_helper_iwmmxt_muladdsl(cpu_M0, cpu_M0, tmp, tmp2);
2838 break;
2839 case 0x8: /* MIAPH */
2840 gen_helper_iwmmxt_muladdsw(cpu_M0, cpu_M0, tmp, tmp2);
2841 break;
2842 case 0xc: /* MIABB */
2843 case 0xd: /* MIABT */
2844 case 0xe: /* MIATB */
2845 case 0xf: /* MIATT */
2846 if (insn & (1 << 16))
2847 tcg_gen_shri_i32(tmp, tmp, 16);
2848 if (insn & (1 << 17))
2849 tcg_gen_shri_i32(tmp2, tmp2, 16);
2850 gen_helper_iwmmxt_muladdswl(cpu_M0, cpu_M0, tmp, tmp2);
2851 break;
2852 default:
2853 return 1;
2854 }
2855 tcg_temp_free_i32(tmp2);
2856 tcg_temp_free_i32(tmp);
2857
2858 gen_op_iwmmxt_movq_wRn_M0(acc);
2859 return 0;
2860 }
2861
2862 if ((insn & 0x0fe00ff8) == 0x0c400000) {
2863 /* Internal Accumulator Access Format */
2864 rdhi = (insn >> 16) & 0xf;
2865 rdlo = (insn >> 12) & 0xf;
2866 acc = insn & 7;
2867
2868 if (acc != 0)
2869 return 1;
2870
2871 if (insn & ARM_CP_RW_BIT) { /* MRA */
2872 iwmmxt_load_reg(cpu_V0, acc);
2873 tcg_gen_extrl_i64_i32(cpu_R[rdlo], cpu_V0);
2874 tcg_gen_shri_i64(cpu_V0, cpu_V0, 32);
2875 tcg_gen_extrl_i64_i32(cpu_R[rdhi], cpu_V0);
2876 tcg_gen_andi_i32(cpu_R[rdhi], cpu_R[rdhi], (1 << (40 - 32)) - 1);
2877 } else { /* MAR */
2878 tcg_gen_concat_i32_i64(cpu_V0, cpu_R[rdlo], cpu_R[rdhi]);
2879 iwmmxt_store_reg(cpu_V0, acc);
2880 }
2881 return 0;
2882 }
2883
2884 return 1;
2885 }
2886
2887 #define VFP_REG_SHR(x, n) (((n) > 0) ? (x) >> (n) : (x) << -(n))
2888 #define VFP_SREG(insn, bigbit, smallbit) \
2889 ((VFP_REG_SHR(insn, bigbit - 1) & 0x1e) | (((insn) >> (smallbit)) & 1))
2890 #define VFP_DREG(reg, insn, bigbit, smallbit) do { \
2891 if (arm_dc_feature(s, ARM_FEATURE_VFP3)) { \
2892 reg = (((insn) >> (bigbit)) & 0x0f) \
2893 | (((insn) >> ((smallbit) - 4)) & 0x10); \
2894 } else { \
2895 if (insn & (1 << (smallbit))) \
2896 return 1; \
2897 reg = ((insn) >> (bigbit)) & 0x0f; \
2898 }} while (0)
2899
2900 #define VFP_SREG_D(insn) VFP_SREG(insn, 12, 22)
2901 #define VFP_DREG_D(reg, insn) VFP_DREG(reg, insn, 12, 22)
2902 #define VFP_SREG_N(insn) VFP_SREG(insn, 16, 7)
2903 #define VFP_DREG_N(reg, insn) VFP_DREG(reg, insn, 16, 7)
2904 #define VFP_SREG_M(insn) VFP_SREG(insn, 0, 5)
2905 #define VFP_DREG_M(reg, insn) VFP_DREG(reg, insn, 0, 5)
2906
2907 /* Move between integer and VFP cores. */
2908 static TCGv_i32 gen_vfp_mrs(void)
2909 {
2910 TCGv_i32 tmp = tcg_temp_new_i32();
2911 tcg_gen_mov_i32(tmp, cpu_F0s);
2912 return tmp;
2913 }
2914
2915 static void gen_vfp_msr(TCGv_i32 tmp)
2916 {
2917 tcg_gen_mov_i32(cpu_F0s, tmp);
2918 tcg_temp_free_i32(tmp);
2919 }
2920
2921 static void gen_neon_dup_u8(TCGv_i32 var, int shift)
2922 {
2923 TCGv_i32 tmp = tcg_temp_new_i32();
2924 if (shift)
2925 tcg_gen_shri_i32(var, var, shift);
2926 tcg_gen_ext8u_i32(var, var);
2927 tcg_gen_shli_i32(tmp, var, 8);
2928 tcg_gen_or_i32(var, var, tmp);
2929 tcg_gen_shli_i32(tmp, var, 16);
2930 tcg_gen_or_i32(var, var, tmp);
2931 tcg_temp_free_i32(tmp);
2932 }
2933
2934 static void gen_neon_dup_low16(TCGv_i32 var)
2935 {
2936 TCGv_i32 tmp = tcg_temp_new_i32();
2937 tcg_gen_ext16u_i32(var, var);
2938 tcg_gen_shli_i32(tmp, var, 16);
2939 tcg_gen_or_i32(var, var, tmp);
2940 tcg_temp_free_i32(tmp);
2941 }
2942
2943 static void gen_neon_dup_high16(TCGv_i32 var)
2944 {
2945 TCGv_i32 tmp = tcg_temp_new_i32();
2946 tcg_gen_andi_i32(var, var, 0xffff0000);
2947 tcg_gen_shri_i32(tmp, var, 16);
2948 tcg_gen_or_i32(var, var, tmp);
2949 tcg_temp_free_i32(tmp);
2950 }
2951
2952 static TCGv_i32 gen_load_and_replicate(DisasContext *s, TCGv_i32 addr, int size)
2953 {
2954 /* Load a single Neon element and replicate into a 32 bit TCG reg */
2955 TCGv_i32 tmp = tcg_temp_new_i32();
2956 switch (size) {
2957 case 0:
2958 gen_aa32_ld8u(s, tmp, addr, get_mem_index(s));
2959 gen_neon_dup_u8(tmp, 0);
2960 break;
2961 case 1:
2962 gen_aa32_ld16u(s, tmp, addr, get_mem_index(s));
2963 gen_neon_dup_low16(tmp);
2964 break;
2965 case 2:
2966 gen_aa32_ld32u(s, tmp, addr, get_mem_index(s));
2967 break;
2968 default: /* Avoid compiler warnings. */
2969 abort();
2970 }
2971 return tmp;
2972 }
2973
2974 static int handle_vsel(uint32_t insn, uint32_t rd, uint32_t rn, uint32_t rm,
2975 uint32_t dp)
2976 {
2977 uint32_t cc = extract32(insn, 20, 2);
2978
2979 if (dp) {
2980 TCGv_i64 frn, frm, dest;
2981 TCGv_i64 tmp, zero, zf, nf, vf;
2982
2983 zero = tcg_const_i64(0);
2984
2985 frn = tcg_temp_new_i64();
2986 frm = tcg_temp_new_i64();
2987 dest = tcg_temp_new_i64();
2988
2989 zf = tcg_temp_new_i64();
2990 nf = tcg_temp_new_i64();
2991 vf = tcg_temp_new_i64();
2992
2993 tcg_gen_extu_i32_i64(zf, cpu_ZF);
2994 tcg_gen_ext_i32_i64(nf, cpu_NF);
2995 tcg_gen_ext_i32_i64(vf, cpu_VF);
2996
2997 tcg_gen_ld_f64(frn, cpu_env, vfp_reg_offset(dp, rn));
2998 tcg_gen_ld_f64(frm, cpu_env, vfp_reg_offset(dp, rm));
2999 switch (cc) {
3000 case 0: /* eq: Z */
3001 tcg_gen_movcond_i64(TCG_COND_EQ, dest, zf, zero,
3002 frn, frm);
3003 break;
3004 case 1: /* vs: V */
3005 tcg_gen_movcond_i64(TCG_COND_LT, dest, vf, zero,
3006 frn, frm);
3007 break;
3008 case 2: /* ge: N == V -> N ^ V == 0 */
3009 tmp = tcg_temp_new_i64();
3010 tcg_gen_xor_i64(tmp, vf, nf);
3011 tcg_gen_movcond_i64(TCG_COND_GE, dest, tmp, zero,
3012 frn, frm);
3013 tcg_temp_free_i64(tmp);
3014 break;
3015 case 3: /* gt: !Z && N == V */
3016 tcg_gen_movcond_i64(TCG_COND_NE, dest, zf, zero,
3017 frn, frm);
3018 tmp = tcg_temp_new_i64();
3019 tcg_gen_xor_i64(tmp, vf, nf);
3020 tcg_gen_movcond_i64(TCG_COND_GE, dest, tmp, zero,
3021 dest, frm);
3022 tcg_temp_free_i64(tmp);
3023 break;
3024 }
3025 tcg_gen_st_f64(dest, cpu_env, vfp_reg_offset(dp, rd));
3026 tcg_temp_free_i64(frn);
3027 tcg_temp_free_i64(frm);
3028 tcg_temp_free_i64(dest);
3029
3030 tcg_temp_free_i64(zf);
3031 tcg_temp_free_i64(nf);
3032 tcg_temp_free_i64(vf);
3033
3034 tcg_temp_free_i64(zero);
3035 } else {
3036 TCGv_i32 frn, frm, dest;
3037 TCGv_i32 tmp, zero;
3038
3039 zero = tcg_const_i32(0);
3040
3041 frn = tcg_temp_new_i32();
3042 frm = tcg_temp_new_i32();
3043 dest = tcg_temp_new_i32();
3044 tcg_gen_ld_f32(frn, cpu_env, vfp_reg_offset(dp, rn));
3045 tcg_gen_ld_f32(frm, cpu_env, vfp_reg_offset(dp, rm));
3046 switch (cc) {
3047 case 0: /* eq: Z */
3048 tcg_gen_movcond_i32(TCG_COND_EQ, dest, cpu_ZF, zero,
3049 frn, frm);
3050 break;
3051 case 1: /* vs: V */
3052 tcg_gen_movcond_i32(TCG_COND_LT, dest, cpu_VF, zero,
3053 frn, frm);
3054 break;
3055 case 2: /* ge: N == V -> N ^ V == 0 */
3056 tmp = tcg_temp_new_i32();
3057 tcg_gen_xor_i32(tmp, cpu_VF, cpu_NF);
3058 tcg_gen_movcond_i32(TCG_COND_GE, dest, tmp, zero,
3059 frn, frm);
3060 tcg_temp_free_i32(tmp);
3061 break;
3062 case 3: /* gt: !Z && N == V */
3063 tcg_gen_movcond_i32(TCG_COND_NE, dest, cpu_ZF, zero,
3064 frn, frm);
3065 tmp = tcg_temp_new_i32();
3066 tcg_gen_xor_i32(tmp, cpu_VF, cpu_NF);
3067 tcg_gen_movcond_i32(TCG_COND_GE, dest, tmp, zero,
3068 dest, frm);
3069 tcg_temp_free_i32(tmp);
3070 break;
3071 }
3072 tcg_gen_st_f32(dest, cpu_env, vfp_reg_offset(dp, rd));
3073 tcg_temp_free_i32(frn);
3074 tcg_temp_free_i32(frm);
3075 tcg_temp_free_i32(dest);
3076
3077 tcg_temp_free_i32(zero);
3078 }
3079
3080 return 0;
3081 }
3082
3083 static int handle_vminmaxnm(uint32_t insn, uint32_t rd, uint32_t rn,
3084 uint32_t rm, uint32_t dp)
3085 {
3086 uint32_t vmin = extract32(insn, 6, 1);
3087 TCGv_ptr fpst = get_fpstatus_ptr(0);
3088
3089 if (dp) {
3090 TCGv_i64 frn, frm, dest;
3091
3092 frn = tcg_temp_new_i64();
3093 frm = tcg_temp_new_i64();
3094 dest = tcg_temp_new_i64();
3095
3096 tcg_gen_ld_f64(frn, cpu_env, vfp_reg_offset(dp, rn));
3097 tcg_gen_ld_f64(frm, cpu_env, vfp_reg_offset(dp, rm));
3098 if (vmin) {
3099 gen_helper_vfp_minnumd(dest, frn, frm, fpst);
3100 } else {
3101 gen_helper_vfp_maxnumd(dest, frn, frm, fpst);
3102 }
3103 tcg_gen_st_f64(dest, cpu_env, vfp_reg_offset(dp, rd));
3104 tcg_temp_free_i64(frn);
3105 tcg_temp_free_i64(frm);
3106 tcg_temp_free_i64(dest);
3107 } else {
3108 TCGv_i32 frn, frm, dest;
3109
3110 frn = tcg_temp_new_i32();
3111 frm = tcg_temp_new_i32();
3112 dest = tcg_temp_new_i32();
3113
3114 tcg_gen_ld_f32(frn, cpu_env, vfp_reg_offset(dp, rn));
3115 tcg_gen_ld_f32(frm, cpu_env, vfp_reg_offset(dp, rm));
3116 if (vmin) {
3117 gen_helper_vfp_minnums(dest, frn, frm, fpst);
3118 } else {
3119 gen_helper_vfp_maxnums(dest, frn, frm, fpst);
3120 }
3121 tcg_gen_st_f32(dest, cpu_env, vfp_reg_offset(dp, rd));
3122 tcg_temp_free_i32(frn);
3123 tcg_temp_free_i32(frm);
3124 tcg_temp_free_i32(dest);
3125 }
3126
3127 tcg_temp_free_ptr(fpst);
3128 return 0;
3129 }
3130
3131 static int handle_vrint(uint32_t insn, uint32_t rd, uint32_t rm, uint32_t dp,
3132 int rounding)
3133 {
3134 TCGv_ptr fpst = get_fpstatus_ptr(0);
3135 TCGv_i32 tcg_rmode;
3136
3137 tcg_rmode = tcg_const_i32(arm_rmode_to_sf(rounding));
3138 gen_helper_set_rmode(tcg_rmode, tcg_rmode, cpu_env);
3139
3140 if (dp) {
3141 TCGv_i64 tcg_op;
3142 TCGv_i64 tcg_res;
3143 tcg_op = tcg_temp_new_i64();
3144 tcg_res = tcg_temp_new_i64();
3145 tcg_gen_ld_f64(tcg_op, cpu_env, vfp_reg_offset(dp, rm));
3146 gen_helper_rintd(tcg_res, tcg_op, fpst);
3147 tcg_gen_st_f64(tcg_res, cpu_env, vfp_reg_offset(dp, rd));
3148 tcg_temp_free_i64(tcg_op);
3149 tcg_temp_free_i64(tcg_res);
3150 } else {
3151 TCGv_i32 tcg_op;
3152 TCGv_i32 tcg_res;
3153 tcg_op = tcg_temp_new_i32();
3154 tcg_res = tcg_temp_new_i32();
3155 tcg_gen_ld_f32(tcg_op, cpu_env, vfp_reg_offset(dp, rm));
3156 gen_helper_rints(tcg_res, tcg_op, fpst);
3157 tcg_gen_st_f32(tcg_res, cpu_env, vfp_reg_offset(dp, rd));
3158 tcg_temp_free_i32(tcg_op);
3159 tcg_temp_free_i32(tcg_res);
3160 }
3161
3162 gen_helper_set_rmode(tcg_rmode, tcg_rmode, cpu_env);
3163 tcg_temp_free_i32(tcg_rmode);
3164
3165 tcg_temp_free_ptr(fpst);
3166 return 0;
3167 }
3168
3169 static int handle_vcvt(uint32_t insn, uint32_t rd, uint32_t rm, uint32_t dp,
3170 int rounding)
3171 {
3172 bool is_signed = extract32(insn, 7, 1);
3173 TCGv_ptr fpst = get_fpstatus_ptr(0);
3174 TCGv_i32 tcg_rmode, tcg_shift;
3175
3176 tcg_shift = tcg_const_i32(0);
3177
3178 tcg_rmode = tcg_const_i32(arm_rmode_to_sf(rounding));
3179 gen_helper_set_rmode(tcg_rmode, tcg_rmode, cpu_env);
3180
3181 if (dp) {
3182 TCGv_i64 tcg_double, tcg_res;
3183 TCGv_i32 tcg_tmp;
3184 /* Rd is encoded as a single precision register even when the source
3185 * is double precision.
3186 */
3187 rd = ((rd << 1) & 0x1e) | ((rd >> 4) & 0x1);
3188 tcg_double = tcg_temp_new_i64();
3189 tcg_res = tcg_temp_new_i64();
3190 tcg_tmp = tcg_temp_new_i32();
3191 tcg_gen_ld_f64(tcg_double, cpu_env, vfp_reg_offset(1, rm));
3192 if (is_signed) {
3193 gen_helper_vfp_tosld(tcg_res, tcg_double, tcg_shift, fpst);
3194 } else {
3195 gen_helper_vfp_tould(tcg_res, tcg_double, tcg_shift, fpst);
3196 }
3197 tcg_gen_extrl_i64_i32(tcg_tmp, tcg_res);
3198 tcg_gen_st_f32(tcg_tmp, cpu_env, vfp_reg_offset(0, rd));
3199 tcg_temp_free_i32(tcg_tmp);
3200 tcg_temp_free_i64(tcg_res);
3201 tcg_temp_free_i64(tcg_double);
3202 } else {
3203 TCGv_i32 tcg_single, tcg_res;
3204 tcg_single = tcg_temp_new_i32();
3205 tcg_res = tcg_temp_new_i32();
3206 tcg_gen_ld_f32(tcg_single, cpu_env, vfp_reg_offset(0, rm));
3207 if (is_signed) {
3208 gen_helper_vfp_tosls(tcg_res, tcg_single, tcg_shift, fpst);
3209 } else {
3210 gen_helper_vfp_touls(tcg_res, tcg_single, tcg_shift, fpst);
3211 }
3212 tcg_gen_st_f32(tcg_res, cpu_env, vfp_reg_offset(0, rd));
3213 tcg_temp_free_i32(tcg_res);
3214 tcg_temp_free_i32(tcg_single);
3215 }
3216
3217 gen_helper_set_rmode(tcg_rmode, tcg_rmode, cpu_env);
3218 tcg_temp_free_i32(tcg_rmode);
3219
3220 tcg_temp_free_i32(tcg_shift);
3221
3222 tcg_temp_free_ptr(fpst);
3223
3224 return 0;
3225 }
3226
3227 /* Table for converting the most common AArch32 encoding of
3228 * rounding mode to arm_fprounding order (which matches the
3229 * common AArch64 order); see ARM ARM pseudocode FPDecodeRM().
3230 */
3231 static const uint8_t fp_decode_rm[] = {
3232 FPROUNDING_TIEAWAY,
3233 FPROUNDING_TIEEVEN,
3234 FPROUNDING_POSINF,
3235 FPROUNDING_NEGINF,
3236 };
3237
3238 static int disas_vfp_v8_insn(DisasContext *s, uint32_t insn)
3239 {
3240 uint32_t rd, rn, rm, dp = extract32(insn, 8, 1);
3241
3242 if (!arm_dc_feature(s, ARM_FEATURE_V8)) {
3243 return 1;
3244 }
3245
3246 if (dp) {
3247 VFP_DREG_D(rd, insn);
3248 VFP_DREG_N(rn, insn);
3249 VFP_DREG_M(rm, insn);
3250 } else {
3251 rd = VFP_SREG_D(insn);
3252 rn = VFP_SREG_N(insn);
3253 rm = VFP_SREG_M(insn);
3254 }
3255
3256 if ((insn & 0x0f800e50) == 0x0e000a00) {
3257 return handle_vsel(insn, rd, rn, rm, dp);
3258 } else if ((insn & 0x0fb00e10) == 0x0e800a00) {
3259 return handle_vminmaxnm(insn, rd, rn, rm, dp);
3260 } else if ((insn & 0x0fbc0ed0) == 0x0eb80a40) {
3261 /* VRINTA, VRINTN, VRINTP, VRINTM */
3262 int rounding = fp_decode_rm[extract32(insn, 16, 2)];
3263 return handle_vrint(insn, rd, rm, dp, rounding);
3264 } else if ((insn & 0x0fbc0e50) == 0x0ebc0a40) {
3265 /* VCVTA, VCVTN, VCVTP, VCVTM */
3266 int rounding = fp_decode_rm[extract32(insn, 16, 2)];
3267 return handle_vcvt(insn, rd, rm, dp, rounding);
3268 }
3269 return 1;
3270 }
3271
3272 /* Disassemble a VFP instruction. Returns nonzero if an error occurred
3273 (ie. an undefined instruction). */
3274 static int disas_vfp_insn(DisasContext *s, uint32_t insn)
3275 {
3276 uint32_t rd, rn, rm, op, i, n, offset, delta_d, delta_m, bank_mask;
3277 int dp, veclen;
3278 TCGv_i32 addr;
3279 TCGv_i32 tmp;
3280 TCGv_i32 tmp2;
3281
3282 if (!arm_dc_feature(s, ARM_FEATURE_VFP)) {
3283 return 1;
3284 }
3285
3286 /* FIXME: this access check should not take precedence over UNDEF
3287 * for invalid encodings; we will generate incorrect syndrome information
3288 * for attempts to execute invalid vfp/neon encodings with FP disabled.
3289 */
3290 if (s->fp_excp_el) {
3291 gen_exception_insn(s, 4, EXCP_UDEF,
3292 syn_fp_access_trap(1, 0xe, false), s->fp_excp_el);
3293 return 0;
3294 }
3295
3296 if (!s->vfp_enabled) {
3297 /* VFP disabled. Only allow fmxr/fmrx to/from some control regs. */
3298 if ((insn & 0x0fe00fff) != 0x0ee00a10)
3299 return 1;
3300 rn = (insn >> 16) & 0xf;
3301 if (rn != ARM_VFP_FPSID && rn != ARM_VFP_FPEXC && rn != ARM_VFP_MVFR2
3302 && rn != ARM_VFP_MVFR1 && rn != ARM_VFP_MVFR0) {
3303 return 1;
3304 }
3305 }
3306
3307 if (extract32(insn, 28, 4) == 0xf) {
3308 /* Encodings with T=1 (Thumb) or unconditional (ARM):
3309 * only used in v8 and above.
3310 */
3311 return disas_vfp_v8_insn(s, insn);
3312 }
3313
3314 dp = ((insn & 0xf00) == 0xb00);
3315 switch ((insn >> 24) & 0xf) {
3316 case 0xe:
3317 if (insn & (1 << 4)) {
3318 /* single register transfer */
3319 rd = (insn >> 12) & 0xf;
3320 if (dp) {
3321 int size;
3322 int pass;
3323
3324 VFP_DREG_N(rn, insn);
3325 if (insn & 0xf)
3326 return 1;
3327 if (insn & 0x00c00060
3328 && !arm_dc_feature(s, ARM_FEATURE_NEON)) {
3329 return 1;
3330 }
3331
3332 pass = (insn >> 21) & 1;
3333 if (insn & (1 << 22)) {
3334 size = 0;
3335 offset = ((insn >> 5) & 3) * 8;
3336 } else if (insn & (1 << 5)) {
3337 size = 1;
3338 offset = (insn & (1 << 6)) ? 16 : 0;
3339 } else {
3340 size = 2;
3341 offset = 0;
3342 }
3343 if (insn & ARM_CP_RW_BIT) {
3344 /* vfp->arm */
3345 tmp = neon_load_reg(rn, pass);
3346 switch (size) {
3347 case 0:
3348 if (offset)
3349 tcg_gen_shri_i32(tmp, tmp, offset);
3350 if (insn & (1 << 23))
3351 gen_uxtb(tmp);
3352 else
3353 gen_sxtb(tmp);
3354 break;
3355 case 1:
3356 if (insn & (1 << 23)) {
3357 if (offset) {
3358 tcg_gen_shri_i32(tmp, tmp, 16);
3359 } else {
3360 gen_uxth(tmp);
3361 }
3362 } else {
3363 if (offset) {
3364 tcg_gen_sari_i32(tmp, tmp, 16);
3365 } else {
3366 gen_sxth(tmp);
3367 }
3368 }
3369 break;
3370 case 2:
3371 break;
3372 }
3373 store_reg(s, rd, tmp);
3374 } else {
3375 /* arm->vfp */
3376 tmp = load_reg(s, rd);
3377 if (insn & (1 << 23)) {
3378 /* VDUP */
3379 if (size == 0) {
3380 gen_neon_dup_u8(tmp, 0);
3381 } else if (size == 1) {
3382 gen_neon_dup_low16(tmp);
3383 }
3384 for (n = 0; n <= pass * 2; n++) {
3385 tmp2 = tcg_temp_new_i32();
3386 tcg_gen_mov_i32(tmp2, tmp);
3387 neon_store_reg(rn, n, tmp2);
3388 }
3389 neon_store_reg(rn, n, tmp);
3390 } else {
3391 /* VMOV */
3392 switch (size) {
3393 case 0:
3394 tmp2 = neon_load_reg(rn, pass);
3395 tcg_gen_deposit_i32(tmp, tmp2, tmp, offset, 8);
3396 tcg_temp_free_i32(tmp2);
3397 break;
3398 case 1:
3399 tmp2 = neon_load_reg(rn, pass);
3400 tcg_gen_deposit_i32(tmp, tmp2, tmp, offset, 16);
3401 tcg_temp_free_i32(tmp2);
3402 break;
3403 case 2:
3404 break;
3405 }
3406 neon_store_reg(rn, pass, tmp);
3407 }
3408 }
3409 } else { /* !dp */
3410 if ((insn & 0x6f) != 0x00)
3411 return 1;
3412 rn = VFP_SREG_N(insn);
3413 if (insn & ARM_CP_RW_BIT) {
3414 /* vfp->arm */
3415 if (insn & (1 << 21)) {
3416 /* system register */
3417 rn >>= 1;
3418
3419 switch (rn) {
3420 case ARM_VFP_FPSID:
3421 /* VFP2 allows access to FSID from userspace.
3422 VFP3 restricts all id registers to privileged
3423 accesses. */
3424 if (IS_USER(s)
3425 && arm_dc_feature(s, ARM_FEATURE_VFP3)) {
3426 return 1;
3427 }
3428 tmp = load_cpu_field(vfp.xregs[rn]);
3429 break;
3430 case ARM_VFP_FPEXC:
3431 if (IS_USER(s))
3432 return 1;
3433 tmp = load_cpu_field(vfp.xregs[rn]);
3434 break;
3435 case ARM_VFP_FPINST:
3436 case ARM_VFP_FPINST2:
3437 /* Not present in VFP3. */
3438 if (IS_USER(s)
3439 || arm_dc_feature(s, ARM_FEATURE_VFP3)) {
3440 return 1;
3441 }
3442 tmp = load_cpu_field(vfp.xregs[rn]);
3443 break;
3444 case ARM_VFP_FPSCR:
3445 if (rd == 15) {
3446 tmp = load_cpu_field(vfp.xregs[ARM_VFP_FPSCR]);
3447 tcg_gen_andi_i32(tmp, tmp, 0xf0000000);
3448 } else {
3449 tmp = tcg_temp_new_i32();
3450 gen_helper_vfp_get_fpscr(tmp, cpu_env);
3451 }
3452 break;
3453 case ARM_VFP_MVFR2:
3454 if (!arm_dc_feature(s, ARM_FEATURE_V8)) {
3455 return 1;
3456 }
3457 /* fall through */
3458 case ARM_VFP_MVFR0:
3459 case ARM_VFP_MVFR1:
3460 if (IS_USER(s)
3461 || !arm_dc_feature(s, ARM_FEATURE_MVFR)) {
3462 return 1;
3463 }
3464 tmp = load_cpu_field(vfp.xregs[rn]);
3465 break;
3466 default:
3467 return 1;
3468 }
3469 } else {
3470 gen_mov_F0_vreg(0, rn);
3471 tmp = gen_vfp_mrs();
3472 }
3473 if (rd == 15) {
3474 /* Set the 4 flag bits in the CPSR. */
3475 gen_set_nzcv(tmp);
3476 tcg_temp_free_i32(tmp);
3477 } else {
3478 store_reg(s, rd, tmp);
3479 }
3480 } else {
3481 /* arm->vfp */
3482 if (insn & (1 << 21)) {
3483 rn >>= 1;
3484 /* system register */
3485 switch (rn) {
3486 case ARM_VFP_FPSID:
3487 case ARM_VFP_MVFR0:
3488 case ARM_VFP_MVFR1:
3489 /* Writes are ignored. */
3490 break;
3491 case ARM_VFP_FPSCR:
3492 tmp = load_reg(s, rd);
3493 gen_helper_vfp_set_fpscr(cpu_env, tmp);
3494 tcg_temp_free_i32(tmp);
3495 gen_lookup_tb(s);
3496 break;
3497 case ARM_VFP_FPEXC:
3498 if (IS_USER(s))
3499 return 1;
3500 /* TODO: VFP subarchitecture support.
3501 * For now, keep the EN bit only */
3502 tmp = load_reg(s, rd);
3503 tcg_gen_andi_i32(tmp, tmp, 1 << 30);
3504 store_cpu_field(tmp, vfp.xregs[rn]);
3505 gen_lookup_tb(s);
3506 break;
3507 case ARM_VFP_FPINST:
3508 case ARM_VFP_FPINST2:
3509 if (IS_USER(s)) {
3510 return 1;
3511 }
3512 tmp = load_reg(s, rd);
3513 store_cpu_field(tmp, vfp.xregs[rn]);
3514 break;
3515 default:
3516 return 1;
3517 }
3518 } else {
3519 tmp = load_reg(s, rd);
3520 gen_vfp_msr(tmp);
3521 gen_mov_vreg_F0(0, rn);
3522 }
3523 }
3524 }
3525 } else {
3526 /* data processing */
3527 /* The opcode is in bits 23, 21, 20 and 6. */
3528 op = ((insn >> 20) & 8) | ((insn >> 19) & 6) | ((insn >> 6) & 1);
3529 if (dp) {
3530 if (op == 15) {
3531 /* rn is opcode */
3532 rn = ((insn >> 15) & 0x1e) | ((insn >> 7) & 1);
3533 } else {
3534 /* rn is register number */
3535 VFP_DREG_N(rn, insn);
3536 }
3537
3538 if (op == 15 && (rn == 15 || ((rn & 0x1c) == 0x18) ||
3539 ((rn & 0x1e) == 0x6))) {
3540 /* Integer or single/half precision destination. */
3541 rd = VFP_SREG_D(insn);
3542 } else {
3543 VFP_DREG_D(rd, insn);
3544 }
3545 if (op == 15 &&
3546 (((rn & 0x1c) == 0x10) || ((rn & 0x14) == 0x14) ||
3547 ((rn & 0x1e) == 0x4))) {
3548 /* VCVT from int or half precision is always from S reg
3549 * regardless of dp bit. VCVT with immediate frac_bits
3550 * has same format as SREG_M.
3551 */
3552 rm = VFP_SREG_M(insn);
3553 } else {
3554 VFP_DREG_M(rm, insn);
3555 }
3556 } else {
3557 rn = VFP_SREG_N(insn);
3558 if (op == 15 && rn == 15) {
3559 /* Double precision destination. */
3560 VFP_DREG_D(rd, insn);
3561 } else {
3562 rd = VFP_SREG_D(insn);
3563 }
3564 /* NB that we implicitly rely on the encoding for the frac_bits
3565 * in VCVT of fixed to float being the same as that of an SREG_M
3566 */
3567 rm = VFP_SREG_M(insn);
3568 }
3569
3570 veclen = s->vec_len;
3571 if (op == 15 && rn > 3)
3572 veclen = 0;
3573
3574 /* Shut up compiler warnings. */
3575 delta_m = 0;
3576 delta_d = 0;
3577 bank_mask = 0;
3578
3579 if (veclen > 0) {
3580 if (dp)
3581 bank_mask = 0xc;
3582 else
3583 bank_mask = 0x18;
3584
3585 /* Figure out what type of vector operation this is. */
3586 if ((rd & bank_mask) == 0) {
3587 /* scalar */
3588 veclen = 0;
3589 } else {
3590 if (dp)
3591 delta_d = (s->vec_stride >> 1) + 1;
3592 else
3593 delta_d = s->vec_stride + 1;
3594
3595 if ((rm & bank_mask) == 0) {
3596 /* mixed scalar/vector */
3597 delta_m = 0;
3598 } else {
3599 /* vector */
3600 delta_m = delta_d;
3601 }
3602 }
3603 }
3604
3605 /* Load the initial operands. */
3606 if (op == 15) {
3607 switch (rn) {
3608 case 16:
3609 case 17:
3610 /* Integer source */
3611 gen_mov_F0_vreg(0, rm);
3612 break;
3613 case 8:
3614 case 9:
3615 /* Compare */
3616 gen_mov_F0_vreg(dp, rd);
3617 gen_mov_F1_vreg(dp, rm);
3618 break;
3619 case 10:
3620 case 11:
3621 /* Compare with zero */
3622 gen_mov_F0_vreg(dp, rd);
3623 gen_vfp_F1_ld0(dp);
3624 break;
3625 case 20:
3626 case 21:
3627 case 22:
3628 case 23:
3629 case 28:
3630 case 29:
3631 case 30:
3632 case 31:
3633 /* Source and destination the same. */
3634 gen_mov_F0_vreg(dp, rd);
3635 break;
3636 case 4:
3637 case 5:
3638 case 6:
3639 case 7:
3640 /* VCVTB, VCVTT: only present with the halfprec extension
3641 * UNPREDICTABLE if bit 8 is set prior to ARMv8
3642 * (we choose to UNDEF)
3643 */
3644 if ((dp && !arm_dc_feature(s, ARM_FEATURE_V8)) ||
3645 !arm_dc_feature(s, ARM_FEATURE_VFP_FP16)) {
3646 return 1;
3647 }
3648 if (!extract32(rn, 1, 1)) {
3649 /* Half precision source. */
3650 gen_mov_F0_vreg(0, rm);
3651 break;
3652 }
3653 /* Otherwise fall through */
3654 default:
3655 /* One source operand. */
3656 gen_mov_F0_vreg(dp, rm);
3657 break;
3658 }
3659 } else {
3660 /* Two source operands. */
3661 gen_mov_F0_vreg(dp, rn);
3662 gen_mov_F1_vreg(dp, rm);
3663 }
3664
3665 for (;;) {
3666 /* Perform the calculation. */
3667 switch (op) {
3668 case 0: /* VMLA: fd + (fn * fm) */
3669 /* Note that order of inputs to the add matters for NaNs */
3670 gen_vfp_F1_mul(dp);
3671 gen_mov_F0_vreg(dp, rd);
3672 gen_vfp_add(dp);
3673 break;
3674 case 1: /* VMLS: fd + -(fn * fm) */
3675 gen_vfp_mul(dp);
3676 gen_vfp_F1_neg(dp);
3677 gen_mov_F0_vreg(dp, rd);
3678 gen_vfp_add(dp);
3679 break;
3680 case 2: /* VNMLS: -fd + (fn * fm) */
3681 /* Note that it isn't valid to replace (-A + B) with (B - A)
3682 * or similar plausible looking simplifications
3683 * because this will give wrong results for NaNs.
3684 */
3685 gen_vfp_F1_mul(dp);
3686 gen_mov_F0_vreg(dp, rd);
3687 gen_vfp_neg(dp);
3688 gen_vfp_add(dp);
3689 break;
3690 case 3: /* VNMLA: -fd + -(fn * fm) */
3691 gen_vfp_mul(dp);
3692 gen_vfp_F1_neg(dp);
3693 gen_mov_F0_vreg(dp, rd);
3694 gen_vfp_neg(dp);
3695 gen_vfp_add(dp);
3696 break;
3697 case 4: /* mul: fn * fm */
3698 gen_vfp_mul(dp);
3699 break;
3700 case 5: /* nmul: -(fn * fm) */
3701 gen_vfp_mul(dp);
3702 gen_vfp_neg(dp);
3703 break;
3704 case 6: /* add: fn + fm */
3705 gen_vfp_add(dp);
3706 break;
3707 case 7: /* sub: fn - fm */
3708 gen_vfp_sub(dp);
3709 break;
3710 case 8: /* div: fn / fm */
3711 gen_vfp_div(dp);
3712 break;
3713 case 10: /* VFNMA : fd = muladd(-fd, fn, fm) */
3714 case 11: /* VFNMS : fd = muladd(-fd, -fn, fm) */
3715 case 12: /* VFMA : fd = muladd( fd, fn, fm) */
3716 case 13: /* VFMS : fd = muladd( fd, -fn, fm) */
3717 /* These are fused multiply-add, and must be done as one
3718 * floating point operation with no rounding between the
3719 * multiplication and addition steps.
3720 * NB that doing the negations here as separate steps is
3721 * correct : an input NaN should come out with its sign bit
3722 * flipped if it is a negated-input.
3723 */
3724 if (!arm_dc_feature(s, ARM_FEATURE_VFP4)) {
3725 return 1;
3726 }
3727 if (dp) {
3728 TCGv_ptr fpst;
3729 TCGv_i64 frd;
3730 if (op & 1) {
3731 /* VFNMS, VFMS */
3732 gen_helper_vfp_negd(cpu_F0d, cpu_F0d);
3733 }
3734 frd = tcg_temp_new_i64();
3735 tcg_gen_ld_f64(frd, cpu_env, vfp_reg_offset(dp, rd));
3736 if (op & 2) {
3737 /* VFNMA, VFNMS */
3738 gen_helper_vfp_negd(frd, frd);
3739 }
3740 fpst = get_fpstatus_ptr(0);
3741 gen_helper_vfp_muladdd(cpu_F0d, cpu_F0d,
3742 cpu_F1d, frd, fpst);
3743 tcg_temp_free_ptr(fpst);
3744 tcg_temp_free_i64(frd);
3745 } else {
3746 TCGv_ptr fpst;
3747 TCGv_i32 frd;
3748 if (op & 1) {
3749 /* VFNMS, VFMS */
3750 gen_helper_vfp_negs(cpu_F0s, cpu_F0s);
3751 }
3752 frd = tcg_temp_new_i32();
3753 tcg_gen_ld_f32(frd, cpu_env, vfp_reg_offset(dp, rd));
3754 if (op & 2) {
3755 gen_helper_vfp_negs(frd, frd);
3756 }
3757 fpst = get_fpstatus_ptr(0);
3758 gen_helper_vfp_muladds(cpu_F0s, cpu_F0s,
3759 cpu_F1s, frd, fpst);
3760 tcg_temp_free_ptr(fpst);
3761 tcg_temp_free_i32(frd);
3762 }
3763 break;
3764 case 14: /* fconst */
3765 if (!arm_dc_feature(s, ARM_FEATURE_VFP3)) {
3766 return 1;
3767 }
3768
3769 n = (insn << 12) & 0x80000000;
3770 i = ((insn >> 12) & 0x70) | (insn & 0xf);
3771 if (dp) {
3772 if (i & 0x40)
3773 i |= 0x3f80;
3774 else
3775 i |= 0x4000;
3776 n |= i << 16;
3777 tcg_gen_movi_i64(cpu_F0d, ((uint64_t)n) << 32);
3778 } else {
3779 if (i & 0x40)
3780 i |= 0x780;
3781 else
3782 i |= 0x800;
3783 n |= i << 19;
3784 tcg_gen_movi_i32(cpu_F0s, n);
3785 }
3786 break;
3787 case 15: /* extension space */
3788 switch (rn) {
3789 case 0: /* cpy */
3790 /* no-op */
3791 break;
3792 case 1: /* abs */
3793 gen_vfp_abs(dp);
3794 break;
3795 case 2: /* neg */
3796 gen_vfp_neg(dp);
3797 break;
3798 case 3: /* sqrt */
3799 gen_vfp_sqrt(dp);
3800 break;
3801 case 4: /* vcvtb.f32.f16, vcvtb.f64.f16 */
3802 tmp = gen_vfp_mrs();
3803 tcg_gen_ext16u_i32(tmp, tmp);
3804 if (dp) {
3805 gen_helper_vfp_fcvt_f16_to_f64(cpu_F0d, tmp,
3806 cpu_env);
3807 } else {
3808 gen_helper_vfp_fcvt_f16_to_f32(cpu_F0s, tmp,
3809 cpu_env);
3810 }
3811 tcg_temp_free_i32(tmp);
3812 break;
3813 case 5: /* vcvtt.f32.f16, vcvtt.f64.f16 */
3814 tmp = gen_vfp_mrs();
3815 tcg_gen_shri_i32(tmp, tmp, 16);
3816 if (dp) {
3817 gen_helper_vfp_fcvt_f16_to_f64(cpu_F0d, tmp,
3818 cpu_env);
3819 } else {
3820 gen_helper_vfp_fcvt_f16_to_f32(cpu_F0s, tmp,
3821 cpu_env);
3822 }
3823 tcg_temp_free_i32(tmp);
3824 break;
3825 case 6: /* vcvtb.f16.f32, vcvtb.f16.f64 */
3826 tmp = tcg_temp_new_i32();
3827 if (dp) {
3828 gen_helper_vfp_fcvt_f64_to_f16(tmp, cpu_F0d,
3829 cpu_env);
3830 } else {
3831 gen_helper_vfp_fcvt_f32_to_f16(tmp, cpu_F0s,
3832 cpu_env);
3833 }
3834 gen_mov_F0_vreg(0, rd);
3835 tmp2 = gen_vfp_mrs();
3836 tcg_gen_andi_i32(tmp2, tmp2, 0xffff0000);
3837 tcg_gen_or_i32(tmp, tmp, tmp2);
3838 tcg_temp_free_i32(tmp2);
3839 gen_vfp_msr(tmp);
3840 break;
3841 case 7: /* vcvtt.f16.f32, vcvtt.f16.f64 */
3842 tmp = tcg_temp_new_i32();
3843 if (dp) {
3844 gen_helper_vfp_fcvt_f64_to_f16(tmp, cpu_F0d,
3845 cpu_env);
3846 } else {
3847 gen_helper_vfp_fcvt_f32_to_f16(tmp, cpu_F0s,
3848 cpu_env);
3849 }
3850 tcg_gen_shli_i32(tmp, tmp, 16);
3851 gen_mov_F0_vreg(0, rd);
3852 tmp2 = gen_vfp_mrs();
3853 tcg_gen_ext16u_i32(tmp2, tmp2);
3854 tcg_gen_or_i32(tmp, tmp, tmp2);
3855 tcg_temp_free_i32(tmp2);
3856 gen_vfp_msr(tmp);
3857 break;
3858 case 8: /* cmp */
3859 gen_vfp_cmp(dp);
3860 break;
3861 case 9: /* cmpe */
3862 gen_vfp_cmpe(dp);
3863 break;
3864 case 10: /* cmpz */
3865 gen_vfp_cmp(dp);
3866 break;
3867 case 11: /* cmpez */
3868 gen_vfp_F1_ld0(dp);
3869 gen_vfp_cmpe(dp);
3870 break;
3871 case 12: /* vrintr */
3872 {
3873 TCGv_ptr fpst = get_fpstatus_ptr(0);
3874 if (dp) {
3875 gen_helper_rintd(cpu_F0d, cpu_F0d, fpst);
3876 } else {
3877 gen_helper_rints(cpu_F0s, cpu_F0s, fpst);
3878 }
3879 tcg_temp_free_ptr(fpst);
3880 break;
3881 }
3882 case 13: /* vrintz */
3883 {
3884 TCGv_ptr fpst = get_fpstatus_ptr(0);
3885 TCGv_i32 tcg_rmode;
3886 tcg_rmode = tcg_const_i32(float_round_to_zero);
3887 gen_helper_set_rmode(tcg_rmode, tcg_rmode, cpu_env);
3888 if (dp) {
3889 gen_helper_rintd(cpu_F0d, cpu_F0d, fpst);
3890 } else {
3891 gen_helper_rints(cpu_F0s, cpu_F0s, fpst);
3892 }
3893 gen_helper_set_rmode(tcg_rmode, tcg_rmode, cpu_env);
3894 tcg_temp_free_i32(tcg_rmode);
3895 tcg_temp_free_ptr(fpst);
3896 break;
3897 }
3898 case 14: /* vrintx */
3899 {
3900 TCGv_ptr fpst = get_fpstatus_ptr(0);
3901 if (dp) {
3902 gen_helper_rintd_exact(cpu_F0d, cpu_F0d, fpst);
3903 } else {
3904 gen_helper_rints_exact(cpu_F0s, cpu_F0s, fpst);
3905 }
3906 tcg_temp_free_ptr(fpst);
3907 break;
3908 }
3909 case 15: /* single<->double conversion */
3910 if (dp)
3911 gen_helper_vfp_fcvtsd(cpu_F0s, cpu_F0d, cpu_env);
3912 else
3913 gen_helper_vfp_fcvtds(cpu_F0d, cpu_F0s, cpu_env);
3914 break;
3915 case 16: /* fuito */
3916 gen_vfp_uito(dp, 0);
3917 break;
3918 case 17: /* fsito */
3919 gen_vfp_sito(dp, 0);
3920 break;
3921 case 20: /* fshto */
3922 if (!arm_dc_feature(s, ARM_FEATURE_VFP3)) {
3923 return 1;
3924 }
3925 gen_vfp_shto(dp, 16 - rm, 0);
3926 break;
3927 case 21: /* fslto */
3928 if (!arm_dc_feature(s, ARM_FEATURE_VFP3)) {
3929 return 1;
3930 }
3931 gen_vfp_slto(dp, 32 - rm, 0);
3932 break;
3933 case 22: /* fuhto */
3934 if (!arm_dc_feature(s, ARM_FEATURE_VFP3)) {
3935 return 1;
3936 }
3937 gen_vfp_uhto(dp, 16 - rm, 0);
3938 break;
3939 case 23: /* fulto */
3940 if (!arm_dc_feature(s, ARM_FEATURE_VFP3)) {
3941 return 1;
3942 }
3943 gen_vfp_ulto(dp, 32 - rm, 0);
3944 break;
3945 case 24: /* ftoui */
3946 gen_vfp_toui(dp, 0);
3947 break;
3948 case 25: /* ftouiz */
3949 gen_vfp_touiz(dp, 0);
3950 break;
3951 case 26: /* ftosi */
3952 gen_vfp_tosi(dp, 0);
3953 break;
3954 case 27: /* ftosiz */
3955 gen_vfp_tosiz(dp, 0);
3956 break;
3957 case 28: /* ftosh */
3958 if (!arm_dc_feature(s, ARM_FEATURE_VFP3)) {
3959 return 1;
3960 }
3961 gen_vfp_tosh(dp, 16 - rm, 0);
3962 break;
3963 case 29: /* ftosl */
3964 if (!arm_dc_feature(s, ARM_FEATURE_VFP3)) {
3965 return 1;
3966 }
3967 gen_vfp_tosl(dp, 32 - rm, 0);
3968 break;
3969 case 30: /* ftouh */
3970 if (!arm_dc_feature(s, ARM_FEATURE_VFP3)) {
3971 return 1;
3972 }
3973 gen_vfp_touh(dp, 16 - rm, 0);
3974 break;
3975 case 31: /* ftoul */
3976 if (!arm_dc_feature(s, ARM_FEATURE_VFP3)) {
3977 return 1;
3978 }
3979 gen_vfp_toul(dp, 32 - rm, 0);
3980 break;
3981 default: /* undefined */
3982 return 1;
3983 }
3984 break;
3985 default: /* undefined */
3986 return 1;
3987 }
3988
3989 /* Write back the result. */
3990 if (op == 15 && (rn >= 8 && rn <= 11)) {
3991 /* Comparison, do nothing. */
3992 } else if (op == 15 && dp && ((rn & 0x1c) == 0x18 ||
3993 (rn & 0x1e) == 0x6)) {
3994 /* VCVT double to int: always integer result.
3995 * VCVT double to half precision is always a single
3996 * precision result.
3997 */
3998 gen_mov_vreg_F0(0, rd);
3999 } else if (op == 15 && rn == 15) {
4000 /* conversion */
4001 gen_mov_vreg_F0(!dp, rd);
4002 } else {
4003 gen_mov_vreg_F0(dp, rd);
4004 }
4005
4006 /* break out of the loop if we have finished */
4007 if (veclen == 0)
4008 break;
4009
4010 if (op == 15 && delta_m == 0) {
4011 /* single source one-many */
4012 while (veclen--) {
4013 rd = ((rd + delta_d) & (bank_mask - 1))
4014 | (rd & bank_mask);
4015 gen_mov_vreg_F0(dp, rd);
4016 }
4017 break;
4018 }
4019 /* Setup the next operands. */
4020 veclen--;
4021 rd = ((rd + delta_d) & (bank_mask - 1))
4022 | (rd & bank_mask);
4023
4024 if (op == 15) {
4025 /* One source operand. */
4026 rm = ((rm + delta_m) & (bank_mask - 1))
4027 | (rm & bank_mask);
4028 gen_mov_F0_vreg(dp, rm);
4029 } else {
4030 /* Two source operands. */
4031 rn = ((rn + delta_d) & (bank_mask - 1))
4032 | (rn & bank_mask);
4033 gen_mov_F0_vreg(dp, rn);
4034 if (delta_m) {
4035 rm = ((rm + delta_m) & (bank_mask - 1))
4036 | (rm & bank_mask);
4037 gen_mov_F1_vreg(dp, rm);
4038 }
4039 }
4040 }
4041 }
4042 break;
4043 case 0xc:
4044 case 0xd:
4045 if ((insn & 0x03e00000) == 0x00400000) {
4046 /* two-register transfer */
4047 rn = (insn >> 16) & 0xf;
4048 rd = (insn >> 12) & 0xf;
4049 if (dp) {
4050 VFP_DREG_M(rm, insn);
4051 } else {
4052 rm = VFP_SREG_M(insn);
4053 }
4054
4055 if (insn & ARM_CP_RW_BIT) {
4056 /* vfp->arm */
4057 if (dp) {
4058 gen_mov_F0_vreg(0, rm * 2);
4059 tmp = gen_vfp_mrs();
4060 store_reg(s, rd, tmp);
4061 gen_mov_F0_vreg(0, rm * 2 + 1);
4062 tmp = gen_vfp_mrs();
4063 store_reg(s, rn, tmp);
4064 } else {
4065 gen_mov_F0_vreg(0, rm);
4066 tmp = gen_vfp_mrs();
4067 store_reg(s, rd, tmp);
4068 gen_mov_F0_vreg(0, rm + 1);
4069 tmp = gen_vfp_mrs();
4070 store_reg(s, rn, tmp);
4071 }
4072 } else {
4073 /* arm->vfp */
4074 if (dp) {
4075 tmp = load_reg(s, rd);
4076 gen_vfp_msr(tmp);
4077 gen_mov_vreg_F0(0, rm * 2);
4078 tmp = load_reg(s, rn);
4079 gen_vfp_msr(tmp);
4080 gen_mov_vreg_F0(0, rm * 2 + 1);
4081 } else {
4082 tmp = load_reg(s, rd);
4083 gen_vfp_msr(tmp);
4084 gen_mov_vreg_F0(0, rm);
4085 tmp = load_reg(s, rn);
4086 gen_vfp_msr(tmp);
4087 gen_mov_vreg_F0(0, rm + 1);
4088 }
4089 }
4090 } else {
4091 /* Load/store */
4092 rn = (insn >> 16) & 0xf;
4093 if (dp)
4094 VFP_DREG_D(rd, insn);
4095 else
4096 rd = VFP_SREG_D(insn);
4097 if ((insn & 0x01200000) == 0x01000000) {
4098 /* Single load/store */
4099 offset = (insn & 0xff) << 2;
4100 if ((insn & (1 << 23)) == 0)
4101 offset = -offset;
4102 if (s->thumb && rn == 15) {
4103 /* This is actually UNPREDICTABLE */
4104 addr = tcg_temp_new_i32();
4105 tcg_gen_movi_i32(addr, s->pc & ~2);
4106 } else {
4107 addr = load_reg(s, rn);
4108 }
4109 tcg_gen_addi_i32(addr, addr, offset);
4110 if (insn & (1 << 20)) {
4111 gen_vfp_ld(s, dp, addr);
4112 gen_mov_vreg_F0(dp, rd);
4113 } else {
4114 gen_mov_F0_vreg(dp, rd);
4115 gen_vfp_st(s, dp, addr);
4116 }
4117 tcg_temp_free_i32(addr);
4118 } else {
4119 /* load/store multiple */
4120 int w = insn & (1 << 21);
4121 if (dp)
4122 n = (insn >> 1) & 0x7f;
4123 else
4124 n = insn & 0xff;
4125
4126 if (w && !(((insn >> 23) ^ (insn >> 24)) & 1)) {
4127 /* P == U , W == 1 => UNDEF */
4128 return 1;
4129 }
4130 if (n == 0 || (rd + n) > 32 || (dp && n > 16)) {
4131 /* UNPREDICTABLE cases for bad immediates: we choose to
4132 * UNDEF to avoid generating huge numbers of TCG ops
4133 */
4134 return 1;
4135 }
4136 if (rn == 15 && w) {
4137 /* writeback to PC is UNPREDICTABLE, we choose to UNDEF */
4138 return 1;
4139 }
4140
4141 if (s->thumb && rn == 15) {
4142 /* This is actually UNPREDICTABLE */
4143 addr = tcg_temp_new_i32();
4144 tcg_gen_movi_i32(addr, s->pc & ~2);
4145 } else {
4146 addr = load_reg(s, rn);
4147 }
4148 if (insn & (1 << 24)) /* pre-decrement */
4149 tcg_gen_addi_i32(addr, addr, -((insn & 0xff) << 2));
4150
4151 if (dp)
4152 offset = 8;
4153 else
4154 offset = 4;
4155 for (i = 0; i < n; i++) {
4156 if (insn & ARM_CP_RW_BIT) {
4157 /* load */
4158 gen_vfp_ld(s, dp, addr);
4159 gen_mov_vreg_F0(dp, rd + i);
4160 } else {
4161 /* store */
4162 gen_mov_F0_vreg(dp, rd + i);
4163 gen_vfp_st(s, dp, addr);
4164 }
4165 tcg_gen_addi_i32(addr, addr, offset);
4166 }
4167 if (w) {
4168 /* writeback */
4169 if (insn & (1 << 24))
4170 offset = -offset * n;
4171 else if (dp && (insn & 1))
4172 offset = 4;
4173 else
4174 offset = 0;
4175
4176 if (offset != 0)
4177 tcg_gen_addi_i32(addr, addr, offset);
4178 store_reg(s, rn, addr);
4179 } else {
4180 tcg_temp_free_i32(addr);
4181 }
4182 }
4183 }
4184 break;
4185 default:
4186 /* Should never happen. */
4187 return 1;
4188 }
4189 return 0;
4190 }
4191
4192 static inline bool use_goto_tb(DisasContext *s, target_ulong dest)
4193 {
4194 #ifndef CONFIG_USER_ONLY
4195 return (s->base.tb->pc & TARGET_PAGE_MASK) == (dest & TARGET_PAGE_MASK) ||
4196 ((s->pc - 1) & TARGET_PAGE_MASK) == (dest & TARGET_PAGE_MASK);
4197 #else
4198 return true;
4199 #endif
4200 }
4201
4202 static void gen_goto_ptr(void)
4203 {
4204 tcg_gen_lookup_and_goto_ptr();
4205 }
4206
4207 /* This will end the TB but doesn't guarantee we'll return to
4208 * cpu_loop_exec. Any live exit_requests will be processed as we
4209 * enter the next TB.
4210 */
4211 static void gen_goto_tb(DisasContext *s, int n, target_ulong dest)
4212 {
4213 if (use_goto_tb(s, dest)) {
4214 tcg_gen_goto_tb(n);
4215 gen_set_pc_im(s, dest);
4216 tcg_gen_exit_tb((uintptr_t)s->base.tb + n);
4217 } else {
4218 gen_set_pc_im(s, dest);
4219 gen_goto_ptr();
4220 }
4221 s->base.is_jmp = DISAS_NORETURN;
4222 }
4223
4224 static inline void gen_jmp (DisasContext *s, uint32_t dest)
4225 {
4226 if (unlikely(is_singlestepping(s))) {
4227 /* An indirect jump so that we still trigger the debug exception. */
4228 if (s->thumb)
4229 dest |= 1;
4230 gen_bx_im(s, dest);
4231 } else {
4232 gen_goto_tb(s, 0, dest);
4233 }
4234 }
4235
4236 static inline void gen_mulxy(TCGv_i32 t0, TCGv_i32 t1, int x, int y)
4237 {
4238 if (x)
4239 tcg_gen_sari_i32(t0, t0, 16);
4240 else
4241 gen_sxth(t0);
4242 if (y)
4243 tcg_gen_sari_i32(t1, t1, 16);
4244 else
4245 gen_sxth(t1);
4246 tcg_gen_mul_i32(t0, t0, t1);
4247 }
4248
4249 /* Return the mask of PSR bits set by a MSR instruction. */
4250 static uint32_t msr_mask(DisasContext *s, int flags, int spsr)
4251 {
4252 uint32_t mask;
4253
4254 mask = 0;
4255 if (flags & (1 << 0))
4256 mask |= 0xff;
4257 if (flags & (1 << 1))
4258 mask |= 0xff00;
4259 if (flags & (1 << 2))
4260 mask |= 0xff0000;
4261 if (flags & (1 << 3))
4262 mask |= 0xff000000;
4263
4264 /* Mask out undefined bits. */
4265 mask &= ~CPSR_RESERVED;
4266 if (!arm_dc_feature(s, ARM_FEATURE_V4T)) {
4267 mask &= ~CPSR_T;
4268 }
4269 if (!arm_dc_feature(s, ARM_FEATURE_V5)) {
4270 mask &= ~CPSR_Q; /* V5TE in reality*/
4271 }
4272 if (!arm_dc_feature(s, ARM_FEATURE_V6)) {
4273 mask &= ~(CPSR_E | CPSR_GE);
4274 }
4275 if (!arm_dc_feature(s, ARM_FEATURE_THUMB2)) {
4276 mask &= ~CPSR_IT;
4277 }
4278 /* Mask out execution state and reserved bits. */
4279 if (!spsr) {
4280 mask &= ~(CPSR_EXEC | CPSR_RESERVED);
4281 }
4282 /* Mask out privileged bits. */
4283 if (IS_USER(s))
4284 mask &= CPSR_USER;
4285 return mask;
4286 }
4287
4288 /* Returns nonzero if access to the PSR is not permitted. Marks t0 as dead. */
4289 static int gen_set_psr(DisasContext *s, uint32_t mask, int spsr, TCGv_i32 t0)
4290 {
4291 TCGv_i32 tmp;
4292 if (spsr) {
4293 /* ??? This is also undefined in system mode. */
4294 if (IS_USER(s))
4295 return 1;
4296
4297 tmp = load_cpu_field(spsr);
4298 tcg_gen_andi_i32(tmp, tmp, ~mask);
4299 tcg_gen_andi_i32(t0, t0, mask);
4300 tcg_gen_or_i32(tmp, tmp, t0);
4301 store_cpu_field(tmp, spsr);
4302 } else {
4303 gen_set_cpsr(t0, mask);
4304 }
4305 tcg_temp_free_i32(t0);
4306 gen_lookup_tb(s);
4307 return 0;
4308 }
4309
4310 /* Returns nonzero if access to the PSR is not permitted. */
4311 static int gen_set_psr_im(DisasContext *s, uint32_t mask, int spsr, uint32_t val)
4312 {
4313 TCGv_i32 tmp;
4314 tmp = tcg_temp_new_i32();
4315 tcg_gen_movi_i32(tmp, val);
4316 return gen_set_psr(s, mask, spsr, tmp);
4317 }
4318
4319 static bool msr_banked_access_decode(DisasContext *s, int r, int sysm, int rn,
4320 int *tgtmode, int *regno)
4321 {
4322 /* Decode the r and sysm fields of MSR/MRS banked accesses into
4323 * the target mode and register number, and identify the various
4324 * unpredictable cases.
4325 * MSR (banked) and MRS (banked) are CONSTRAINED UNPREDICTABLE if:
4326 * + executed in user mode
4327 * + using R15 as the src/dest register
4328 * + accessing an unimplemented register
4329 * + accessing a register that's inaccessible at current PL/security state*
4330 * + accessing a register that you could access with a different insn
4331 * We choose to UNDEF in all these cases.
4332 * Since we don't know which of the various AArch32 modes we are in
4333 * we have to defer some checks to runtime.
4334 * Accesses to Monitor mode registers from Secure EL1 (which implies
4335 * that EL3 is AArch64) must trap to EL3.
4336 *
4337 * If the access checks fail this function will emit code to take
4338 * an exception and return false. Otherwise it will return true,
4339 * and set *tgtmode and *regno appropriately.
4340 */
4341 int exc_target = default_exception_el(s);
4342
4343 /* These instructions are present only in ARMv8, or in ARMv7 with the
4344 * Virtualization Extensions.
4345 */
4346 if (!arm_dc_feature(s, ARM_FEATURE_V8) &&
4347 !arm_dc_feature(s, ARM_FEATURE_EL2)) {
4348 goto undef;
4349 }
4350
4351 if (IS_USER(s) || rn == 15) {
4352 goto undef;
4353 }
4354
4355 /* The table in the v8 ARM ARM section F5.2.3 describes the encoding
4356 * of registers into (r, sysm).
4357 */
4358 if (r) {
4359 /* SPSRs for other modes */
4360 switch (sysm) {
4361 case 0xe: /* SPSR_fiq */
4362 *tgtmode = ARM_CPU_MODE_FIQ;
4363 break;
4364 case 0x10: /* SPSR_irq */
4365 *tgtmode = ARM_CPU_MODE_IRQ;
4366 break;
4367 case 0x12: /* SPSR_svc */
4368 *tgtmode = ARM_CPU_MODE_SVC;
4369 break;
4370 case 0x14: /* SPSR_abt */
4371 *tgtmode = ARM_CPU_MODE_ABT;
4372 break;
4373 case 0x16: /* SPSR_und */
4374 *tgtmode = ARM_CPU_MODE_UND;
4375 break;
4376 case 0x1c: /* SPSR_mon */
4377 *tgtmode = ARM_CPU_MODE_MON;
4378 break;
4379 case 0x1e: /* SPSR_hyp */
4380 *tgtmode = ARM_CPU_MODE_HYP;
4381 break;
4382 default: /* unallocated */
4383 goto undef;
4384 }
4385 /* We arbitrarily assign SPSR a register number of 16. */
4386 *regno = 16;
4387 } else {
4388 /* general purpose registers for other modes */
4389 switch (sysm) {
4390 case 0x0 ... 0x6: /* 0b00xxx : r8_usr ... r14_usr */
4391 *tgtmode = ARM_CPU_MODE_USR;
4392 *regno = sysm + 8;
4393 break;
4394 case 0x8 ... 0xe: /* 0b01xxx : r8_fiq ... r14_fiq */
4395 *tgtmode = ARM_CPU_MODE_FIQ;
4396 *regno = sysm;
4397 break;
4398 case 0x10 ... 0x11: /* 0b1000x : r14_irq, r13_irq */
4399 *tgtmode = ARM_CPU_MODE_IRQ;
4400 *regno = sysm & 1 ? 13 : 14;
4401 break;
4402 case 0x12 ... 0x13: /* 0b1001x : r14_svc, r13_svc */
4403 *tgtmode = ARM_CPU_MODE_SVC;
4404 *regno = sysm & 1 ? 13 : 14;
4405 break;
4406 case 0x14 ... 0x15: /* 0b1010x : r14_abt, r13_abt */
4407 *tgtmode = ARM_CPU_MODE_ABT;
4408 *regno = sysm & 1 ? 13 : 14;
4409 break;
4410 case 0x16 ... 0x17: /* 0b1011x : r14_und, r13_und */
4411 *tgtmode = ARM_CPU_MODE_UND;
4412 *regno = sysm & 1 ? 13 : 14;
4413 break;
4414 case 0x1c ... 0x1d: /* 0b1110x : r14_mon, r13_mon */
4415 *tgtmode = ARM_CPU_MODE_MON;
4416 *regno = sysm & 1 ? 13 : 14;
4417 break;
4418 case 0x1e ... 0x1f: /* 0b1111x : elr_hyp, r13_hyp */
4419 *tgtmode = ARM_CPU_MODE_HYP;
4420 /* Arbitrarily pick 17 for ELR_Hyp (which is not a banked LR!) */
4421 *regno = sysm & 1 ? 13 : 17;
4422 break;
4423 default: /* unallocated */
4424 goto undef;
4425 }
4426 }
4427
4428 /* Catch the 'accessing inaccessible register' cases we can detect
4429 * at translate time.
4430 */
4431 switch (*tgtmode) {
4432 case ARM_CPU_MODE_MON:
4433 if (!arm_dc_feature(s, ARM_FEATURE_EL3) || s->ns) {
4434 goto undef;
4435 }
4436 if (s->current_el == 1) {
4437 /* If we're in Secure EL1 (which implies that EL3 is AArch64)
4438 * then accesses to Mon registers trap to EL3
4439 */
4440 exc_target = 3;
4441 goto undef;
4442 }
4443 break;
4444 case ARM_CPU_MODE_HYP:
4445 /* Note that we can forbid accesses from EL2 here because they
4446 * must be from Hyp mode itself
4447 */
4448 if (!arm_dc_feature(s, ARM_FEATURE_EL2) || s->current_el < 3) {
4449 goto undef;
4450 }
4451 break;
4452 default:
4453 break;
4454 }
4455
4456 return true;
4457
4458 undef:
4459 /* If we get here then some access check did not pass */
4460 gen_exception_insn(s, 4, EXCP_UDEF, syn_uncategorized(), exc_target);
4461 return false;
4462 }
4463
4464 static void gen_msr_banked(DisasContext *s, int r, int sysm, int rn)
4465 {
4466 TCGv_i32 tcg_reg, tcg_tgtmode, tcg_regno;
4467 int tgtmode = 0, regno = 0;
4468
4469 if (!msr_banked_access_decode(s, r, sysm, rn, &tgtmode, &regno)) {
4470 return;
4471 }
4472
4473 /* Sync state because msr_banked() can raise exceptions */
4474 gen_set_condexec(s);
4475 gen_set_pc_im(s, s->pc - 4);
4476 tcg_reg = load_reg(s, rn);
4477 tcg_tgtmode = tcg_const_i32(tgtmode);
4478 tcg_regno = tcg_const_i32(regno);
4479 gen_helper_msr_banked(cpu_env, tcg_reg, tcg_tgtmode, tcg_regno);
4480 tcg_temp_free_i32(tcg_tgtmode);
4481 tcg_temp_free_i32(tcg_regno);
4482 tcg_temp_free_i32(tcg_reg);
4483 s->base.is_jmp = DISAS_UPDATE;
4484 }
4485
4486 static void gen_mrs_banked(DisasContext *s, int r, int sysm, int rn)
4487 {
4488 TCGv_i32 tcg_reg, tcg_tgtmode, tcg_regno;
4489 int tgtmode = 0, regno = 0;
4490
4491 if (!msr_banked_access_decode(s, r, sysm, rn, &tgtmode, &regno)) {
4492 return;
4493 }
4494
4495 /* Sync state because mrs_banked() can raise exceptions */
4496 gen_set_condexec(s);
4497 gen_set_pc_im(s, s->pc - 4);
4498 tcg_reg = tcg_temp_new_i32();
4499 tcg_tgtmode = tcg_const_i32(tgtmode);
4500 tcg_regno = tcg_const_i32(regno);
4501 gen_helper_mrs_banked(tcg_reg, cpu_env, tcg_tgtmode, tcg_regno);
4502 tcg_temp_free_i32(tcg_tgtmode);
4503 tcg_temp_free_i32(tcg_regno);
4504 store_reg(s, rn, tcg_reg);
4505 s->base.is_jmp = DISAS_UPDATE;
4506 }
4507
4508 /* Store value to PC as for an exception return (ie don't
4509 * mask bits). The subsequent call to gen_helper_cpsr_write_eret()
4510 * will do the masking based on the new value of the Thumb bit.
4511 */
4512 static void store_pc_exc_ret(DisasContext *s, TCGv_i32 pc)
4513 {
4514 tcg_gen_mov_i32(cpu_R[15], pc);
4515 tcg_temp_free_i32(pc);
4516 }
4517
4518 /* Generate a v6 exception return. Marks both values as dead. */
4519 static void gen_rfe(DisasContext *s, TCGv_i32 pc, TCGv_i32 cpsr)
4520 {
4521 store_pc_exc_ret(s, pc);
4522 /* The cpsr_write_eret helper will mask the low bits of PC
4523 * appropriately depending on the new Thumb bit, so it must
4524 * be called after storing the new PC.
4525 */
4526 gen_helper_cpsr_write_eret(cpu_env, cpsr);
4527 tcg_temp_free_i32(cpsr);
4528 /* Must exit loop to check un-masked IRQs */
4529 s->base.is_jmp = DISAS_EXIT;
4530 }
4531
4532 /* Generate an old-style exception return. Marks pc as dead. */
4533 static void gen_exception_return(DisasContext *s, TCGv_i32 pc)
4534 {
4535 gen_rfe(s, pc, load_cpu_field(spsr));
4536 }
4537
4538 /*
4539 * For WFI we will halt the vCPU until an IRQ. For WFE and YIELD we
4540 * only call the helper when running single threaded TCG code to ensure
4541 * the next round-robin scheduled vCPU gets a crack. In MTTCG mode we
4542 * just skip this instruction. Currently the SEV/SEVL instructions
4543 * which are *one* of many ways to wake the CPU from WFE are not
4544 * implemented so we can't sleep like WFI does.
4545 */
4546 static void gen_nop_hint(DisasContext *s, int val)
4547 {
4548 switch (val) {
4549 /* When running in MTTCG we don't generate jumps to the yield and
4550 * WFE helpers as it won't affect the scheduling of other vCPUs.
4551 * If we wanted to more completely model WFE/SEV so we don't busy
4552 * spin unnecessarily we would need to do something more involved.
4553 */
4554 case 1: /* yield */
4555 if (!(tb_cflags(s->base.tb) & CF_PARALLEL)) {
4556 gen_set_pc_im(s, s->pc);
4557 s->base.is_jmp = DISAS_YIELD;
4558 }
4559 break;
4560 case 3: /* wfi */
4561 gen_set_pc_im(s, s->pc);
4562 s->base.is_jmp = DISAS_WFI;
4563 break;
4564 case 2: /* wfe */
4565 if (!(tb_cflags(s->base.tb) & CF_PARALLEL)) {
4566 gen_set_pc_im(s, s->pc);
4567 s->base.is_jmp = DISAS_WFE;
4568 }
4569 break;
4570 case 4: /* sev */
4571 case 5: /* sevl */
4572 /* TODO: Implement SEV, SEVL and WFE. May help SMP performance. */
4573 default: /* nop */
4574 break;
4575 }
4576 }
4577
4578 #define CPU_V001 cpu_V0, cpu_V0, cpu_V1
4579
4580 static inline void gen_neon_add(int size, TCGv_i32 t0, TCGv_i32 t1)
4581 {
4582 switch (size) {
4583 case 0: gen_helper_neon_add_u8(t0, t0, t1); break;
4584 case 1: gen_helper_neon_add_u16(t0, t0, t1); break;
4585 case 2: tcg_gen_add_i32(t0, t0, t1); break;
4586 default: abort();
4587 }
4588 }
4589
4590 static inline void gen_neon_rsb(int size, TCGv_i32 t0, TCGv_i32 t1)
4591 {
4592 switch (size) {
4593 case 0: gen_helper_neon_sub_u8(t0, t1, t0); break;
4594 case 1: gen_helper_neon_sub_u16(t0, t1, t0); break;
4595 case 2: tcg_gen_sub_i32(t0, t1, t0); break;
4596 default: return;
4597 }
4598 }
4599
4600 /* 32-bit pairwise ops end up the same as the elementwise versions. */
4601 #define gen_helper_neon_pmax_s32 gen_helper_neon_max_s32
4602 #define gen_helper_neon_pmax_u32 gen_helper_neon_max_u32
4603 #define gen_helper_neon_pmin_s32 gen_helper_neon_min_s32
4604 #define gen_helper_neon_pmin_u32 gen_helper_neon_min_u32
4605
4606 #define GEN_NEON_INTEGER_OP_ENV(name) do { \
4607 switch ((size << 1) | u) { \
4608 case 0: \
4609 gen_helper_neon_##name##_s8(tmp, cpu_env, tmp, tmp2); \
4610 break; \
4611 case 1: \
4612 gen_helper_neon_##name##_u8(tmp, cpu_env, tmp, tmp2); \
4613 break; \
4614 case 2: \
4615 gen_helper_neon_##name##_s16(tmp, cpu_env, tmp, tmp2); \
4616 break; \
4617 case 3: \
4618 gen_helper_neon_##name##_u16(tmp, cpu_env, tmp, tmp2); \
4619 break; \
4620 case 4: \
4621 gen_helper_neon_##name##_s32(tmp, cpu_env, tmp, tmp2); \
4622 break; \
4623 case 5: \
4624 gen_helper_neon_##name##_u32(tmp, cpu_env, tmp, tmp2); \
4625 break; \
4626 default: return 1; \
4627 }} while (0)
4628
4629 #define GEN_NEON_INTEGER_OP(name) do { \
4630 switch ((size << 1) | u) { \
4631 case 0: \
4632 gen_helper_neon_##name##_s8(tmp, tmp, tmp2); \
4633 break; \
4634 case 1: \
4635 gen_helper_neon_##name##_u8(tmp, tmp, tmp2); \
4636 break; \
4637 case 2: \
4638 gen_helper_neon_##name##_s16(tmp, tmp, tmp2); \
4639 break; \
4640 case 3: \
4641 gen_helper_neon_##name##_u16(tmp, tmp, tmp2); \
4642 break; \
4643 case 4: \
4644 gen_helper_neon_##name##_s32(tmp, tmp, tmp2); \
4645 break; \
4646 case 5: \
4647 gen_helper_neon_##name##_u32(tmp, tmp, tmp2); \
4648 break; \
4649 default: return 1; \
4650 }} while (0)
4651
4652 static TCGv_i32 neon_load_scratch(int scratch)
4653 {
4654 TCGv_i32 tmp = tcg_temp_new_i32();
4655 tcg_gen_ld_i32(tmp, cpu_env, offsetof(CPUARMState, vfp.scratch[scratch]));
4656 return tmp;
4657 }
4658
4659 static void neon_store_scratch(int scratch, TCGv_i32 var)
4660 {
4661 tcg_gen_st_i32(var, cpu_env, offsetof(CPUARMState, vfp.scratch[scratch]));
4662 tcg_temp_free_i32(var);
4663 }
4664
4665 static inline TCGv_i32 neon_get_scalar(int size, int reg)
4666 {
4667 TCGv_i32 tmp;
4668 if (size == 1) {
4669 tmp = neon_load_reg(reg & 7, reg >> 4);
4670 if (reg & 8) {
4671 gen_neon_dup_high16(tmp);
4672 } else {
4673 gen_neon_dup_low16(tmp);
4674 }
4675 } else {
4676 tmp = neon_load_reg(reg & 15, reg >> 4);
4677 }
4678 return tmp;
4679 }
4680
4681 static int gen_neon_unzip(int rd, int rm, int size, int q)
4682 {
4683 TCGv_i32 tmp, tmp2;
4684 if (!q && size == 2) {
4685 return 1;
4686 }
4687 tmp = tcg_const_i32(rd);
4688 tmp2 = tcg_const_i32(rm);
4689 if (q) {
4690 switch (size) {
4691 case 0:
4692 gen_helper_neon_qunzip8(cpu_env, tmp, tmp2);
4693 break;
4694 case 1:
4695 gen_helper_neon_qunzip16(cpu_env, tmp, tmp2);
4696 break;
4697 case 2:
4698 gen_helper_neon_qunzip32(cpu_env, tmp, tmp2);
4699 break;
4700 default:
4701 abort();
4702 }
4703 } else {
4704 switch (size) {
4705 case 0:
4706 gen_helper_neon_unzip8(cpu_env, tmp, tmp2);
4707 break;
4708 case 1:
4709 gen_helper_neon_unzip16(cpu_env, tmp, tmp2);
4710 break;
4711 default:
4712 abort();
4713 }
4714 }
4715 tcg_temp_free_i32(tmp);
4716 tcg_temp_free_i32(tmp2);
4717 return 0;
4718 }
4719
4720 static int gen_neon_zip(int rd, int rm, int size, int q)
4721 {
4722 TCGv_i32 tmp, tmp2;
4723 if (!q && size == 2) {
4724 return 1;
4725 }
4726 tmp = tcg_const_i32(rd);
4727 tmp2 = tcg_const_i32(rm);
4728 if (q) {
4729 switch (size) {
4730 case 0:
4731 gen_helper_neon_qzip8(cpu_env, tmp, tmp2);
4732 break;
4733 case 1:
4734 gen_helper_neon_qzip16(cpu_env, tmp, tmp2);
4735 break;
4736 case 2:
4737 gen_helper_neon_qzip32(cpu_env, tmp, tmp2);
4738 break;
4739 default:
4740 abort();
4741 }
4742 } else {
4743 switch (size) {
4744 case 0:
4745 gen_helper_neon_zip8(cpu_env, tmp, tmp2);
4746 break;
4747 case 1:
4748 gen_helper_neon_zip16(cpu_env, tmp, tmp2);
4749 break;
4750 default:
4751 abort();
4752 }
4753 }
4754 tcg_temp_free_i32(tmp);
4755 tcg_temp_free_i32(tmp2);
4756 return 0;
4757 }
4758
4759 static void gen_neon_trn_u8(TCGv_i32 t0, TCGv_i32 t1)
4760 {
4761 TCGv_i32 rd, tmp;
4762
4763 rd = tcg_temp_new_i32();
4764 tmp = tcg_temp_new_i32();
4765
4766 tcg_gen_shli_i32(rd, t0, 8);
4767 tcg_gen_andi_i32(rd, rd, 0xff00ff00);
4768 tcg_gen_andi_i32(tmp, t1, 0x00ff00ff);
4769 tcg_gen_or_i32(rd, rd, tmp);
4770
4771 tcg_gen_shri_i32(t1, t1, 8);
4772 tcg_gen_andi_i32(t1, t1, 0x00ff00ff);
4773 tcg_gen_andi_i32(tmp, t0, 0xff00ff00);
4774 tcg_gen_or_i32(t1, t1, tmp);
4775 tcg_gen_mov_i32(t0, rd);
4776
4777 tcg_temp_free_i32(tmp);
4778 tcg_temp_free_i32(rd);
4779 }
4780
4781 static void gen_neon_trn_u16(TCGv_i32 t0, TCGv_i32 t1)
4782 {
4783 TCGv_i32 rd, tmp;
4784
4785 rd = tcg_temp_new_i32();
4786 tmp = tcg_temp_new_i32();
4787
4788 tcg_gen_shli_i32(rd, t0, 16);
4789 tcg_gen_andi_i32(tmp, t1, 0xffff);
4790 tcg_gen_or_i32(rd, rd, tmp);
4791 tcg_gen_shri_i32(t1, t1, 16);
4792 tcg_gen_andi_i32(tmp, t0, 0xffff0000);
4793 tcg_gen_or_i32(t1, t1, tmp);
4794 tcg_gen_mov_i32(t0, rd);
4795
4796 tcg_temp_free_i32(tmp);
4797 tcg_temp_free_i32(rd);
4798 }
4799
4800
4801 static struct {
4802 int nregs;
4803 int interleave;
4804 int spacing;
4805 } neon_ls_element_type[11] = {
4806 {4, 4, 1},
4807 {4, 4, 2},
4808 {4, 1, 1},
4809 {4, 2, 1},
4810 {3, 3, 1},
4811 {3, 3, 2},
4812 {3, 1, 1},
4813 {1, 1, 1},
4814 {2, 2, 1},
4815 {2, 2, 2},
4816 {2, 1, 1}
4817 };
4818
4819 /* Translate a NEON load/store element instruction. Return nonzero if the
4820 instruction is invalid. */
4821 static int disas_neon_ls_insn(DisasContext *s, uint32_t insn)
4822 {
4823 int rd, rn, rm;
4824 int op;
4825 int nregs;
4826 int interleave;
4827 int spacing;
4828 int stride;
4829 int size;
4830 int reg;
4831 int pass;
4832 int load;
4833 int shift;
4834 int n;
4835 TCGv_i32 addr;
4836 TCGv_i32 tmp;
4837 TCGv_i32 tmp2;
4838 TCGv_i64 tmp64;
4839
4840 /* FIXME: this access check should not take precedence over UNDEF
4841 * for invalid encodings; we will generate incorrect syndrome information
4842 * for attempts to execute invalid vfp/neon encodings with FP disabled.
4843 */
4844 if (s->fp_excp_el) {
4845 gen_exception_insn(s, 4, EXCP_UDEF,
4846 syn_fp_access_trap(1, 0xe, false), s->fp_excp_el);
4847 return 0;
4848 }
4849
4850 if (!s->vfp_enabled)
4851 return 1;
4852 VFP_DREG_D(rd, insn);
4853 rn = (insn >> 16) & 0xf;
4854 rm = insn & 0xf;
4855 load = (insn & (1 << 21)) != 0;
4856 if ((insn & (1 << 23)) == 0) {
4857 /* Load store all elements. */
4858 op = (insn >> 8) & 0xf;
4859 size = (insn >> 6) & 3;
4860 if (op > 10)
4861 return 1;
4862 /* Catch UNDEF cases for bad values of align field */
4863 switch (op & 0xc) {
4864 case 4:
4865 if (((insn >> 5) & 1) == 1) {
4866 return 1;
4867 }
4868 break;
4869 case 8:
4870 if (((insn >> 4) & 3) == 3) {
4871 return 1;
4872 }
4873 break;
4874 default:
4875 break;
4876 }
4877 nregs = neon_ls_element_type[op].nregs;
4878 interleave = neon_ls_element_type[op].interleave;
4879 spacing = neon_ls_element_type[op].spacing;
4880 if (size == 3 && (interleave | spacing) != 1)
4881 return 1;
4882 addr = tcg_temp_new_i32();
4883 load_reg_var(s, addr, rn);
4884 stride = (1 << size) * interleave;
4885 for (reg = 0; reg < nregs; reg++) {
4886 if (interleave > 2 || (interleave == 2 && nregs == 2)) {
4887 load_reg_var(s, addr, rn);
4888 tcg_gen_addi_i32(addr, addr, (1 << size) * reg);
4889 } else if (interleave == 2 && nregs == 4 && reg == 2) {
4890 load_reg_var(s, addr, rn);
4891 tcg_gen_addi_i32(addr, addr, 1 << size);
4892 }
4893 if (size == 3) {
4894 tmp64 = tcg_temp_new_i64();
4895 if (load) {
4896 gen_aa32_ld64(s, tmp64, addr, get_mem_index(s));
4897 neon_store_reg64(tmp64, rd);
4898 } else {
4899 neon_load_reg64(tmp64, rd);
4900 gen_aa32_st64(s, tmp64, addr, get_mem_index(s));
4901 }
4902 tcg_temp_free_i64(tmp64);
4903 tcg_gen_addi_i32(addr, addr, stride);
4904 } else {
4905 for (pass = 0; pass < 2; pass++) {
4906 if (size == 2) {
4907 if (load) {
4908 tmp = tcg_temp_new_i32();
4909 gen_aa32_ld32u(s, tmp, addr, get_mem_index(s));
4910 neon_store_reg(rd, pass, tmp);
4911 } else {
4912 tmp = neon_load_reg(rd, pass);
4913 gen_aa32_st32(s, tmp, addr, get_mem_index(s));
4914 tcg_temp_free_i32(tmp);
4915 }
4916 tcg_gen_addi_i32(addr, addr, stride);
4917 } else if (size == 1) {
4918 if (load) {
4919 tmp = tcg_temp_new_i32();
4920 gen_aa32_ld16u(s, tmp, addr, get_mem_index(s));
4921 tcg_gen_addi_i32(addr, addr, stride);
4922 tmp2 = tcg_temp_new_i32();
4923 gen_aa32_ld16u(s, tmp2, addr, get_mem_index(s));
4924 tcg_gen_addi_i32(addr, addr, stride);
4925 tcg_gen_shli_i32(tmp2, tmp2, 16);
4926 tcg_gen_or_i32(tmp, tmp, tmp2);
4927 tcg_temp_free_i32(tmp2);
4928 neon_store_reg(rd, pass, tmp);
4929 } else {
4930 tmp = neon_load_reg(rd, pass);
4931 tmp2 = tcg_temp_new_i32();
4932 tcg_gen_shri_i32(tmp2, tmp, 16);
4933 gen_aa32_st16(s, tmp, addr, get_mem_index(s));
4934 tcg_temp_free_i32(tmp);
4935 tcg_gen_addi_i32(addr, addr, stride);
4936 gen_aa32_st16(s, tmp2, addr, get_mem_index(s));
4937 tcg_temp_free_i32(tmp2);
4938 tcg_gen_addi_i32(addr, addr, stride);
4939 }
4940 } else /* size == 0 */ {
4941 if (load) {
4942 tmp2 = NULL;
4943 for (n = 0; n < 4; n++) {
4944 tmp = tcg_temp_new_i32();
4945 gen_aa32_ld8u(s, tmp, addr, get_mem_index(s));
4946 tcg_gen_addi_i32(addr, addr, stride);
4947 if (n == 0) {
4948 tmp2 = tmp;
4949 } else {
4950 tcg_gen_shli_i32(tmp, tmp, n * 8);
4951 tcg_gen_or_i32(tmp2, tmp2, tmp);
4952 tcg_temp_free_i32(tmp);
4953 }
4954 }
4955 neon_store_reg(rd, pass, tmp2);
4956 } else {
4957 tmp2 = neon_load_reg(rd, pass);
4958 for (n = 0; n < 4; n++) {
4959 tmp = tcg_temp_new_i32();
4960 if (n == 0) {
4961 tcg_gen_mov_i32(tmp, tmp2);
4962 } else {
4963 tcg_gen_shri_i32(tmp, tmp2, n * 8);
4964 }
4965 gen_aa32_st8(s, tmp, addr, get_mem_index(s));
4966 tcg_temp_free_i32(tmp);
4967 tcg_gen_addi_i32(addr, addr, stride);
4968 }
4969 tcg_temp_free_i32(tmp2);
4970 }
4971 }
4972 }
4973 }
4974 rd += spacing;
4975 }
4976 tcg_temp_free_i32(addr);
4977 stride = nregs * 8;
4978 } else {
4979 size = (insn >> 10) & 3;
4980 if (size == 3) {
4981 /* Load single element to all lanes. */
4982 int a = (insn >> 4) & 1;
4983 if (!load) {
4984 return 1;
4985 }
4986 size = (insn >> 6) & 3;
4987 nregs = ((insn >> 8) & 3) + 1;
4988
4989 if (size == 3) {
4990 if (nregs != 4 || a == 0) {
4991 return 1;
4992 }
4993 /* For VLD4 size==3 a == 1 means 32 bits at 16 byte alignment */
4994 size = 2;
4995 }
4996 if (nregs == 1 && a == 1 && size == 0) {
4997 return 1;
4998 }
4999 if (nregs == 3 && a == 1) {
5000 return 1;
5001 }
5002 addr = tcg_temp_new_i32();
5003 load_reg_var(s, addr, rn);
5004 if (nregs == 1) {
5005 /* VLD1 to all lanes: bit 5 indicates how many Dregs to write */
5006 tmp = gen_load_and_replicate(s, addr, size);
5007 tcg_gen_st_i32(tmp, cpu_env, neon_reg_offset(rd, 0));
5008 tcg_gen_st_i32(tmp, cpu_env, neon_reg_offset(rd, 1));
5009 if (insn & (1 << 5)) {
5010 tcg_gen_st_i32(tmp, cpu_env, neon_reg_offset(rd + 1, 0));
5011 tcg_gen_st_i32(tmp, cpu_env, neon_reg_offset(rd + 1, 1));
5012 }
5013 tcg_temp_free_i32(tmp);
5014 } else {
5015 /* VLD2/3/4 to all lanes: bit 5 indicates register stride */
5016 stride = (insn & (1 << 5)) ? 2 : 1;
5017 for (reg = 0; reg < nregs; reg++) {
5018 tmp = gen_load_and_replicate(s, addr, size);
5019 tcg_gen_st_i32(tmp, cpu_env, neon_reg_offset(rd, 0));
5020 tcg_gen_st_i32(tmp, cpu_env, neon_reg_offset(rd, 1));
5021 tcg_temp_free_i32(tmp);
5022 tcg_gen_addi_i32(addr, addr, 1 << size);
5023 rd += stride;
5024 }
5025 }
5026 tcg_temp_free_i32(addr);
5027 stride = (1 << size) * nregs;
5028 } else {
5029 /* Single element. */
5030 int idx = (insn >> 4) & 0xf;
5031 pass = (insn >> 7) & 1;
5032 switch (size) {
5033 case 0:
5034 shift = ((insn >> 5) & 3) * 8;
5035 stride = 1;
5036 break;
5037 case 1:
5038 shift = ((insn >> 6) & 1) * 16;
5039 stride = (insn & (1 << 5)) ? 2 : 1;
5040 break;
5041 case 2:
5042 shift = 0;
5043 stride = (insn & (1 << 6)) ? 2 : 1;
5044 break;
5045 default:
5046 abort();
5047 }
5048 nregs = ((insn >> 8) & 3) + 1;
5049 /* Catch the UNDEF cases. This is unavoidably a bit messy. */
5050 switch (nregs) {
5051 case 1:
5052 if (((idx & (1 << size)) != 0) ||
5053 (size == 2 && ((idx & 3) == 1 || (idx & 3) == 2))) {
5054 return 1;
5055 }
5056 break;
5057 case 3:
5058 if ((idx & 1) != 0) {
5059 return 1;
5060 }
5061 /* fall through */
5062 case 2:
5063 if (size == 2 && (idx & 2) != 0) {
5064 return 1;
5065 }
5066 break;
5067 case 4:
5068 if ((size == 2) && ((idx & 3) == 3)) {
5069 return 1;
5070 }
5071 break;
5072 default:
5073 abort();
5074 }
5075 if ((rd + stride * (nregs - 1)) > 31) {
5076 /* Attempts to write off the end of the register file
5077 * are UNPREDICTABLE; we choose to UNDEF because otherwise
5078 * the neon_load_reg() would write off the end of the array.
5079 */
5080 return 1;
5081 }
5082 addr = tcg_temp_new_i32();
5083 load_reg_var(s, addr, rn);
5084 for (reg = 0; reg < nregs; reg++) {
5085 if (load) {
5086 tmp = tcg_temp_new_i32();
5087 switch (size) {
5088 case 0:
5089 gen_aa32_ld8u(s, tmp, addr, get_mem_index(s));
5090 break;
5091 case 1:
5092 gen_aa32_ld16u(s, tmp, addr, get_mem_index(s));
5093 break;
5094 case 2:
5095 gen_aa32_ld32u(s, tmp, addr, get_mem_index(s));
5096 break;
5097 default: /* Avoid compiler warnings. */
5098 abort();
5099 }
5100 if (size != 2) {
5101 tmp2 = neon_load_reg(rd, pass);
5102 tcg_gen_deposit_i32(tmp, tmp2, tmp,
5103 shift, size ? 16 : 8);
5104 tcg_temp_free_i32(tmp2);
5105 }
5106 neon_store_reg(rd, pass, tmp);
5107 } else { /* Store */
5108 tmp = neon_load_reg(rd, pass);
5109 if (shift)
5110 tcg_gen_shri_i32(tmp, tmp, shift);
5111 switch (size) {
5112 case 0:
5113 gen_aa32_st8(s, tmp, addr, get_mem_index(s));
5114 break;
5115 case 1:
5116 gen_aa32_st16(s, tmp, addr, get_mem_index(s));
5117 break;
5118 case 2:
5119 gen_aa32_st32(s, tmp, addr, get_mem_index(s));
5120 break;
5121 }
5122 tcg_temp_free_i32(tmp);
5123 }
5124 rd += stride;
5125 tcg_gen_addi_i32(addr, addr, 1 << size);
5126 }
5127 tcg_temp_free_i32(addr);
5128 stride = nregs * (1 << size);
5129 }
5130 }
5131 if (rm != 15) {
5132 TCGv_i32 base;
5133
5134 base = load_reg(s, rn);
5135 if (rm == 13) {
5136 tcg_gen_addi_i32(base, base, stride);
5137 } else {
5138 TCGv_i32 index;
5139 index = load_reg(s, rm);
5140 tcg_gen_add_i32(base, base, index);
5141 tcg_temp_free_i32(index);
5142 }
5143 store_reg(s, rn, base);
5144 }
5145 return 0;
5146 }
5147
5148 /* Bitwise select. dest = c ? t : f. Clobbers T and F. */
5149 static void gen_neon_bsl(TCGv_i32 dest, TCGv_i32 t, TCGv_i32 f, TCGv_i32 c)
5150 {
5151 tcg_gen_and_i32(t, t, c);
5152 tcg_gen_andc_i32(f, f, c);
5153 tcg_gen_or_i32(dest, t, f);
5154 }
5155
5156 static inline void gen_neon_narrow(int size, TCGv_i32 dest, TCGv_i64 src)
5157 {
5158 switch (size) {
5159 case 0: gen_helper_neon_narrow_u8(dest, src); break;
5160 case 1: gen_helper_neon_narrow_u16(dest, src); break;
5161 case 2: tcg_gen_extrl_i64_i32(dest, src); break;
5162 default: abort();
5163 }
5164 }
5165
5166 static inline void gen_neon_narrow_sats(int size, TCGv_i32 dest, TCGv_i64 src)
5167 {
5168 switch (size) {
5169 case 0: gen_helper_neon_narrow_sat_s8(dest, cpu_env, src); break;
5170 case 1: gen_helper_neon_narrow_sat_s16(dest, cpu_env, src); break;
5171 case 2: gen_helper_neon_narrow_sat_s32(dest, cpu_env, src); break;
5172 default: abort();
5173 }
5174 }
5175
5176 static inline void gen_neon_narrow_satu(int size, TCGv_i32 dest, TCGv_i64 src)
5177 {
5178 switch (size) {
5179 case 0: gen_helper_neon_narrow_sat_u8(dest, cpu_env, src); break;
5180 case 1: gen_helper_neon_narrow_sat_u16(dest, cpu_env, src); break;
5181 case 2: gen_helper_neon_narrow_sat_u32(dest, cpu_env, src); break;
5182 default: abort();
5183 }
5184 }
5185
5186 static inline void gen_neon_unarrow_sats(int size, TCGv_i32 dest, TCGv_i64 src)
5187 {
5188 switch (size) {
5189 case 0: gen_helper_neon_unarrow_sat8(dest, cpu_env, src); break;
5190 case 1: gen_helper_neon_unarrow_sat16(dest, cpu_env, src); break;
5191 case 2: gen_helper_neon_unarrow_sat32(dest, cpu_env, src); break;
5192 default: abort();
5193 }
5194 }
5195
5196 static inline void gen_neon_shift_narrow(int size, TCGv_i32 var, TCGv_i32 shift,
5197 int q, int u)
5198 {
5199 if (q) {
5200 if (u) {
5201 switch (size) {
5202 case 1: gen_helper_neon_rshl_u16(var, var, shift); break;
5203 case 2: gen_helper_neon_rshl_u32(var, var, shift); break;
5204 default: abort();
5205 }
5206 } else {
5207 switch (size) {
5208 case 1: gen_helper_neon_rshl_s16(var, var, shift); break;
5209 case 2: gen_helper_neon_rshl_s32(var, var, shift); break;
5210 default: abort();
5211 }
5212 }
5213 } else {
5214 if (u) {
5215 switch (size) {
5216 case 1: gen_helper_neon_shl_u16(var, var, shift); break;
5217 case 2: gen_helper_neon_shl_u32(var, var, shift); break;
5218 default: abort();
5219 }
5220 } else {
5221 switch (size) {
5222 case 1: gen_helper_neon_shl_s16(var, var, shift); break;
5223 case 2: gen_helper_neon_shl_s32(var, var, shift); break;
5224 default: abort();
5225 }
5226 }
5227 }
5228 }
5229
5230 static inline void gen_neon_widen(TCGv_i64 dest, TCGv_i32 src, int size, int u)
5231 {
5232 if (u) {
5233 switch (size) {
5234 case 0: gen_helper_neon_widen_u8(dest, src); break;
5235 case 1: gen_helper_neon_widen_u16(dest, src); break;
5236 case 2: tcg_gen_extu_i32_i64(dest, src); break;
5237 default: abort();
5238 }
5239 } else {
5240 switch (size) {
5241 case 0: gen_helper_neon_widen_s8(dest, src); break;
5242 case 1: gen_helper_neon_widen_s16(dest, src); break;
5243 case 2: tcg_gen_ext_i32_i64(dest, src); break;
5244 default: abort();
5245 }
5246 }
5247 tcg_temp_free_i32(src);
5248 }
5249
5250 static inline void gen_neon_addl(int size)
5251 {
5252 switch (size) {
5253 case 0: gen_helper_neon_addl_u16(CPU_V001); break;
5254 case 1: gen_helper_neon_addl_u32(CPU_V001); break;
5255 case 2: tcg_gen_add_i64(CPU_V001); break;
5256 default: abort();
5257 }
5258 }
5259
5260 static inline void gen_neon_subl(int size)
5261 {
5262 switch (size) {
5263 case 0: gen_helper_neon_subl_u16(CPU_V001); break;
5264 case 1: gen_helper_neon_subl_u32(CPU_V001); break;
5265 case 2: tcg_gen_sub_i64(CPU_V001); break;
5266 default: abort();
5267 }
5268 }
5269
5270 static inline void gen_neon_negl(TCGv_i64 var, int size)
5271 {
5272 switch (size) {
5273 case 0: gen_helper_neon_negl_u16(var, var); break;
5274 case 1: gen_helper_neon_negl_u32(var, var); break;
5275 case 2:
5276 tcg_gen_neg_i64(var, var);
5277 break;
5278 default: abort();
5279 }
5280 }
5281
5282 static inline void gen_neon_addl_saturate(TCGv_i64 op0, TCGv_i64 op1, int size)
5283 {
5284 switch (size) {
5285 case 1: gen_helper_neon_addl_saturate_s32(op0, cpu_env, op0, op1); break;
5286 case 2: gen_helper_neon_addl_saturate_s64(op0, cpu_env, op0, op1); break;
5287 default: abort();
5288 }
5289 }
5290
5291 static inline void gen_neon_mull(TCGv_i64 dest, TCGv_i32 a, TCGv_i32 b,
5292 int size, int u)
5293 {
5294 TCGv_i64 tmp;
5295
5296 switch ((size << 1) | u) {
5297 case 0: gen_helper_neon_mull_s8(dest, a, b); break;
5298 case 1: gen_helper_neon_mull_u8(dest, a, b); break;
5299 case 2: gen_helper_neon_mull_s16(dest, a, b); break;
5300 case 3: gen_helper_neon_mull_u16(dest, a, b); break;
5301 case 4:
5302 tmp = gen_muls_i64_i32(a, b);
5303 tcg_gen_mov_i64(dest, tmp);
5304 tcg_temp_free_i64(tmp);
5305 break;
5306 case 5:
5307 tmp = gen_mulu_i64_i32(a, b);
5308 tcg_gen_mov_i64(dest, tmp);
5309 tcg_temp_free_i64(tmp);
5310 break;
5311 default: abort();
5312 }
5313
5314 /* gen_helper_neon_mull_[su]{8|16} do not free their parameters.
5315 Don't forget to clean them now. */
5316 if (size < 2) {
5317 tcg_temp_free_i32(a);
5318 tcg_temp_free_i32(b);
5319 }
5320 }
5321
5322 static void gen_neon_narrow_op(int op, int u, int size,
5323 TCGv_i32 dest, TCGv_i64 src)
5324 {
5325 if (op) {
5326 if (u) {
5327 gen_neon_unarrow_sats(size, dest, src);
5328 } else {
5329 gen_neon_narrow(size, dest, src);
5330 }
5331 } else {
5332 if (u) {
5333 gen_neon_narrow_satu(size, dest, src);
5334 } else {
5335 gen_neon_narrow_sats(size, dest, src);
5336 }
5337 }
5338 }
5339
5340 /* Symbolic constants for op fields for Neon 3-register same-length.
5341 * The values correspond to bits [11:8,4]; see the ARM ARM DDI0406B
5342 * table A7-9.
5343 */
5344 #define NEON_3R_VHADD 0
5345 #define NEON_3R_VQADD 1
5346 #define NEON_3R_VRHADD 2
5347 #define NEON_3R_LOGIC 3 /* VAND,VBIC,VORR,VMOV,VORN,VEOR,VBIF,VBIT,VBSL */
5348 #define NEON_3R_VHSUB 4
5349 #define NEON_3R_VQSUB 5
5350 #define NEON_3R_VCGT 6
5351 #define NEON_3R_VCGE 7
5352 #define NEON_3R_VSHL 8
5353 #define NEON_3R_VQSHL 9
5354 #define NEON_3R_VRSHL 10
5355 #define NEON_3R_VQRSHL 11
5356 #define NEON_3R_VMAX 12
5357 #define NEON_3R_VMIN 13
5358 #define NEON_3R_VABD 14
5359 #define NEON_3R_VABA 15
5360 #define NEON_3R_VADD_VSUB 16
5361 #define NEON_3R_VTST_VCEQ 17
5362 #define NEON_3R_VML 18 /* VMLA, VMLAL, VMLS, VMLSL */
5363 #define NEON_3R_VMUL 19
5364 #define NEON_3R_VPMAX 20
5365 #define NEON_3R_VPMIN 21
5366 #define NEON_3R_VQDMULH_VQRDMULH 22
5367 #define NEON_3R_VPADD 23
5368 #define NEON_3R_SHA 24 /* SHA1C,SHA1P,SHA1M,SHA1SU0,SHA256H{2},SHA256SU1 */
5369 #define NEON_3R_VFM 25 /* VFMA, VFMS : float fused multiply-add */
5370 #define NEON_3R_FLOAT_ARITH 26 /* float VADD, VSUB, VPADD, VABD */
5371 #define NEON_3R_FLOAT_MULTIPLY 27 /* float VMLA, VMLS, VMUL */
5372 #define NEON_3R_FLOAT_CMP 28 /* float VCEQ, VCGE, VCGT */
5373 #define NEON_3R_FLOAT_ACMP 29 /* float VACGE, VACGT, VACLE, VACLT */
5374 #define NEON_3R_FLOAT_MINMAX 30 /* float VMIN, VMAX */
5375 #define NEON_3R_FLOAT_MISC 31 /* float VRECPS, VRSQRTS, VMAXNM/MINNM */
5376
5377 static const uint8_t neon_3r_sizes[] = {
5378 [NEON_3R_VHADD] = 0x7,
5379 [NEON_3R_VQADD] = 0xf,
5380 [NEON_3R_VRHADD] = 0x7,
5381 [NEON_3R_LOGIC] = 0xf, /* size field encodes op type */
5382 [NEON_3R_VHSUB] = 0x7,
5383 [NEON_3R_VQSUB] = 0xf,
5384 [NEON_3R_VCGT] = 0x7,
5385 [NEON_3R_VCGE] = 0x7,
5386 [NEON_3R_VSHL] = 0xf,
5387 [NEON_3R_VQSHL] = 0xf,
5388 [NEON_3R_VRSHL] = 0xf,
5389 [NEON_3R_VQRSHL] = 0xf,
5390 [NEON_3R_VMAX] = 0x7,
5391 [NEON_3R_VMIN] = 0x7,
5392 [NEON_3R_VABD] = 0x7,
5393 [NEON_3R_VABA] = 0x7,
5394 [NEON_3R_VADD_VSUB] = 0xf,
5395 [NEON_3R_VTST_VCEQ] = 0x7,
5396 [NEON_3R_VML] = 0x7,
5397 [NEON_3R_VMUL] = 0x7,
5398 [NEON_3R_VPMAX] = 0x7,
5399 [NEON_3R_VPMIN] = 0x7,
5400 [NEON_3R_VQDMULH_VQRDMULH] = 0x6,
5401 [NEON_3R_VPADD] = 0x7,
5402 [NEON_3R_SHA] = 0xf, /* size field encodes op type */
5403 [NEON_3R_VFM] = 0x5, /* size bit 1 encodes op */
5404 [NEON_3R_FLOAT_ARITH] = 0x5, /* size bit 1 encodes op */
5405 [NEON_3R_FLOAT_MULTIPLY] = 0x5, /* size bit 1 encodes op */
5406 [NEON_3R_FLOAT_CMP] = 0x5, /* size bit 1 encodes op */
5407 [NEON_3R_FLOAT_ACMP] = 0x5, /* size bit 1 encodes op */
5408 [NEON_3R_FLOAT_MINMAX] = 0x5, /* size bit 1 encodes op */
5409 [NEON_3R_FLOAT_MISC] = 0x5, /* size bit 1 encodes op */
5410 };
5411
5412 /* Symbolic constants for op fields for Neon 2-register miscellaneous.
5413 * The values correspond to bits [17:16,10:7]; see the ARM ARM DDI0406B
5414 * table A7-13.
5415 */
5416 #define NEON_2RM_VREV64 0
5417 #define NEON_2RM_VREV32 1
5418 #define NEON_2RM_VREV16 2
5419 #define NEON_2RM_VPADDL 4
5420 #define NEON_2RM_VPADDL_U 5
5421 #define NEON_2RM_AESE 6 /* Includes AESD */
5422 #define NEON_2RM_AESMC 7 /* Includes AESIMC */
5423 #define NEON_2RM_VCLS 8
5424 #define NEON_2RM_VCLZ 9
5425 #define NEON_2RM_VCNT 10
5426 #define NEON_2RM_VMVN 11
5427 #define NEON_2RM_VPADAL 12
5428 #define NEON_2RM_VPADAL_U 13
5429 #define NEON_2RM_VQABS 14
5430 #define NEON_2RM_VQNEG 15
5431 #define NEON_2RM_VCGT0 16
5432 #define NEON_2RM_VCGE0 17
5433 #define NEON_2RM_VCEQ0 18
5434 #define NEON_2RM_VCLE0 19
5435 #define NEON_2RM_VCLT0 20
5436 #define NEON_2RM_SHA1H 21
5437 #define NEON_2RM_VABS 22
5438 #define NEON_2RM_VNEG 23
5439 #define NEON_2RM_VCGT0_F 24
5440 #define NEON_2RM_VCGE0_F 25
5441 #define NEON_2RM_VCEQ0_F 26
5442 #define NEON_2RM_VCLE0_F 27
5443 #define NEON_2RM_VCLT0_F 28
5444 #define NEON_2RM_VABS_F 30
5445 #define NEON_2RM_VNEG_F 31
5446 #define NEON_2RM_VSWP 32
5447 #define NEON_2RM_VTRN 33
5448 #define NEON_2RM_VUZP 34
5449 #define NEON_2RM_VZIP 35
5450 #define NEON_2RM_VMOVN 36 /* Includes VQMOVN, VQMOVUN */
5451 #define NEON_2RM_VQMOVN 37 /* Includes VQMOVUN */
5452 #define NEON_2RM_VSHLL 38
5453 #define NEON_2RM_SHA1SU1 39 /* Includes SHA256SU0 */
5454 #define NEON_2RM_VRINTN 40
5455 #define NEON_2RM_VRINTX 41
5456 #define NEON_2RM_VRINTA 42
5457 #define NEON_2RM_VRINTZ 43
5458 #define NEON_2RM_VCVT_F16_F32 44
5459 #define NEON_2RM_VRINTM 45
5460 #define NEON_2RM_VCVT_F32_F16 46
5461 #define NEON_2RM_VRINTP 47
5462 #define NEON_2RM_VCVTAU 48
5463 #define NEON_2RM_VCVTAS 49
5464 #define NEON_2RM_VCVTNU 50
5465 #define NEON_2RM_VCVTNS 51
5466 #define NEON_2RM_VCVTPU 52
5467 #define NEON_2RM_VCVTPS 53
5468 #define NEON_2RM_VCVTMU 54
5469 #define NEON_2RM_VCVTMS 55
5470 #define NEON_2RM_VRECPE 56
5471 #define NEON_2RM_VRSQRTE 57
5472 #define NEON_2RM_VRECPE_F 58
5473 #define NEON_2RM_VRSQRTE_F 59
5474 #define NEON_2RM_VCVT_FS 60
5475 #define NEON_2RM_VCVT_FU 61
5476 #define NEON_2RM_VCVT_SF 62
5477 #define NEON_2RM_VCVT_UF 63
5478
5479 static int neon_2rm_is_float_op(int op)
5480 {
5481 /* Return true if this neon 2reg-misc op is float-to-float */
5482 return (op == NEON_2RM_VABS_F || op == NEON_2RM_VNEG_F ||
5483 (op >= NEON_2RM_VRINTN && op <= NEON_2RM_VRINTZ) ||
5484 op == NEON_2RM_VRINTM ||
5485 (op >= NEON_2RM_VRINTP && op <= NEON_2RM_VCVTMS) ||
5486 op >= NEON_2RM_VRECPE_F);
5487 }
5488
5489 static bool neon_2rm_is_v8_op(int op)
5490 {
5491 /* Return true if this neon 2reg-misc op is ARMv8 and up */
5492 switch (op) {
5493 case NEON_2RM_VRINTN:
5494 case NEON_2RM_VRINTA:
5495 case NEON_2RM_VRINTM:
5496 case NEON_2RM_VRINTP:
5497 case NEON_2RM_VRINTZ:
5498 case NEON_2RM_VRINTX:
5499 case NEON_2RM_VCVTAU:
5500 case NEON_2RM_VCVTAS:
5501 case NEON_2RM_VCVTNU:
5502 case NEON_2RM_VCVTNS:
5503 case NEON_2RM_VCVTPU:
5504 case NEON_2RM_VCVTPS:
5505 case NEON_2RM_VCVTMU:
5506 case NEON_2RM_VCVTMS:
5507 return true;
5508 default:
5509 return false;
5510 }
5511 }
5512
5513 /* Each entry in this array has bit n set if the insn allows
5514 * size value n (otherwise it will UNDEF). Since unallocated
5515 * op values will have no bits set they always UNDEF.
5516 */
5517 static const uint8_t neon_2rm_sizes[] = {
5518 [NEON_2RM_VREV64] = 0x7,
5519 [NEON_2RM_VREV32] = 0x3,
5520 [NEON_2RM_VREV16] = 0x1,
5521 [NEON_2RM_VPADDL] = 0x7,
5522 [NEON_2RM_VPADDL_U] = 0x7,
5523 [NEON_2RM_AESE] = 0x1,
5524 [NEON_2RM_AESMC] = 0x1,
5525 [NEON_2RM_VCLS] = 0x7,
5526 [NEON_2RM_VCLZ] = 0x7,
5527 [NEON_2RM_VCNT] = 0x1,
5528 [NEON_2RM_VMVN] = 0x1,
5529 [NEON_2RM_VPADAL] = 0x7,
5530 [NEON_2RM_VPADAL_U] = 0x7,
5531 [NEON_2RM_VQABS] = 0x7,
5532 [NEON_2RM_VQNEG] = 0x7,
5533 [NEON_2RM_VCGT0] = 0x7,
5534 [NEON_2RM_VCGE0] = 0x7,
5535 [NEON_2RM_VCEQ0] = 0x7,
5536 [NEON_2RM_VCLE0] = 0x7,
5537 [NEON_2RM_VCLT0] = 0x7,
5538 [NEON_2RM_SHA1H] = 0x4,
5539 [NEON_2RM_VABS] = 0x7,
5540 [NEON_2RM_VNEG] = 0x7,
5541 [NEON_2RM_VCGT0_F] = 0x4,
5542 [NEON_2RM_VCGE0_F] = 0x4,
5543 [NEON_2RM_VCEQ0_F] = 0x4,
5544 [NEON_2RM_VCLE0_F] = 0x4,
5545 [NEON_2RM_VCLT0_F] = 0x4,
5546 [NEON_2RM_VABS_F] = 0x4,
5547 [NEON_2RM_VNEG_F] = 0x4,
5548 [NEON_2RM_VSWP] = 0x1,
5549 [NEON_2RM_VTRN] = 0x7,
5550 [NEON_2RM_VUZP] = 0x7,
5551 [NEON_2RM_VZIP] = 0x7,
5552 [NEON_2RM_VMOVN] = 0x7,
5553 [NEON_2RM_VQMOVN] = 0x7,
5554 [NEON_2RM_VSHLL] = 0x7,
5555 [NEON_2RM_SHA1SU1] = 0x4,
5556 [NEON_2RM_VRINTN] = 0x4,
5557 [NEON_2RM_VRINTX] = 0x4,
5558 [NEON_2RM_VRINTA] = 0x4,
5559 [NEON_2RM_VRINTZ] = 0x4,
5560 [NEON_2RM_VCVT_F16_F32] = 0x2,
5561 [NEON_2RM_VRINTM] = 0x4,
5562 [NEON_2RM_VCVT_F32_F16] = 0x2,
5563 [NEON_2RM_VRINTP] = 0x4,
5564 [NEON_2RM_VCVTAU] = 0x4,
5565 [NEON_2RM_VCVTAS] = 0x4,
5566 [NEON_2RM_VCVTNU] = 0x4,
5567 [NEON_2RM_VCVTNS] = 0x4,
5568 [NEON_2RM_VCVTPU] = 0x4,
5569 [NEON_2RM_VCVTPS] = 0x4,
5570 [NEON_2RM_VCVTMU] = 0x4,
5571 [NEON_2RM_VCVTMS] = 0x4,
5572 [NEON_2RM_VRECPE] = 0x4,
5573 [NEON_2RM_VRSQRTE] = 0x4,
5574 [NEON_2RM_VRECPE_F] = 0x4,
5575 [NEON_2RM_VRSQRTE_F] = 0x4,
5576 [NEON_2RM_VCVT_FS] = 0x4,
5577 [NEON_2RM_VCVT_FU] = 0x4,
5578 [NEON_2RM_VCVT_SF] = 0x4,
5579 [NEON_2RM_VCVT_UF] = 0x4,
5580 };
5581
5582 /* Translate a NEON data processing instruction. Return nonzero if the
5583 instruction is invalid.
5584 We process data in a mixture of 32-bit and 64-bit chunks.
5585 Mostly we use 32-bit chunks so we can use normal scalar instructions. */
5586
5587 static int disas_neon_data_insn(DisasContext *s, uint32_t insn)
5588 {
5589 int op;
5590 int q;
5591 int rd, rn, rm;
5592 int size;
5593 int shift;
5594 int pass;
5595 int count;
5596 int pairwise;
5597 int u;
5598 uint32_t imm, mask;
5599 TCGv_i32 tmp, tmp2, tmp3, tmp4, tmp5;
5600 TCGv_i64 tmp64;
5601
5602 /* FIXME: this access check should not take precedence over UNDEF
5603 * for invalid encodings; we will generate incorrect syndrome information
5604 * for attempts to execute invalid vfp/neon encodings with FP disabled.
5605 */
5606 if (s->fp_excp_el) {
5607 gen_exception_insn(s, 4, EXCP_UDEF,
5608 syn_fp_access_trap(1, 0xe, false), s->fp_excp_el);
5609 return 0;
5610 }
5611
5612 if (!s->vfp_enabled)
5613 return 1;
5614 q = (insn & (1 << 6)) != 0;
5615 u = (insn >> 24) & 1;
5616 VFP_DREG_D(rd, insn);
5617 VFP_DREG_N(rn, insn);
5618 VFP_DREG_M(rm, insn);
5619 size = (insn >> 20) & 3;
5620 if ((insn & (1 << 23)) == 0) {
5621 /* Three register same length. */
5622 op = ((insn >> 7) & 0x1e) | ((insn >> 4) & 1);
5623 /* Catch invalid op and bad size combinations: UNDEF */
5624 if ((neon_3r_sizes[op] & (1 << size)) == 0) {
5625 return 1;
5626 }
5627 /* All insns of this form UNDEF for either this condition or the
5628 * superset of cases "Q==1"; we catch the latter later.
5629 */
5630 if (q && ((rd | rn | rm) & 1)) {
5631 return 1;
5632 }
5633 /*
5634 * The SHA-1/SHA-256 3-register instructions require special treatment
5635 * here, as their size field is overloaded as an op type selector, and
5636 * they all consume their input in a single pass.
5637 */
5638 if (op == NEON_3R_SHA) {
5639 if (!q) {
5640 return 1;
5641 }
5642 if (!u) { /* SHA-1 */
5643 if (!arm_dc_feature(s, ARM_FEATURE_V8_SHA1)) {
5644 return 1;
5645 }
5646 tmp = tcg_const_i32(rd);
5647 tmp2 = tcg_const_i32(rn);
5648 tmp3 = tcg_const_i32(rm);
5649 tmp4 = tcg_const_i32(size);
5650 gen_helper_crypto_sha1_3reg(cpu_env, tmp, tmp2, tmp3, tmp4);
5651 tcg_temp_free_i32(tmp4);
5652 } else { /* SHA-256 */
5653 if (!arm_dc_feature(s, ARM_FEATURE_V8_SHA256) || size == 3) {
5654 return 1;
5655 }
5656 tmp = tcg_const_i32(rd);
5657 tmp2 = tcg_const_i32(rn);
5658 tmp3 = tcg_const_i32(rm);
5659 switch (size) {
5660 case 0:
5661 gen_helper_crypto_sha256h(cpu_env, tmp, tmp2, tmp3);
5662 break;
5663 case 1:
5664 gen_helper_crypto_sha256h2(cpu_env, tmp, tmp2, tmp3);
5665 break;
5666 case 2:
5667 gen_helper_crypto_sha256su1(cpu_env, tmp, tmp2, tmp3);
5668 break;
5669 }
5670 }
5671 tcg_temp_free_i32(tmp);
5672 tcg_temp_free_i32(tmp2);
5673 tcg_temp_free_i32(tmp3);
5674 return 0;
5675 }
5676 if (size == 3 && op != NEON_3R_LOGIC) {
5677 /* 64-bit element instructions. */
5678 for (pass = 0; pass < (q ? 2 : 1); pass++) {
5679 neon_load_reg64(cpu_V0, rn + pass);
5680 neon_load_reg64(cpu_V1, rm + pass);
5681 switch (op) {
5682 case NEON_3R_VQADD:
5683 if (u) {
5684 gen_helper_neon_qadd_u64(cpu_V0, cpu_env,
5685 cpu_V0, cpu_V1);
5686 } else {
5687 gen_helper_neon_qadd_s64(cpu_V0, cpu_env,
5688 cpu_V0, cpu_V1);
5689 }
5690 break;
5691 case NEON_3R_VQSUB:
5692 if (u) {
5693 gen_helper_neon_qsub_u64(cpu_V0, cpu_env,
5694 cpu_V0, cpu_V1);
5695 } else {
5696 gen_helper_neon_qsub_s64(cpu_V0, cpu_env,
5697 cpu_V0, cpu_V1);
5698 }
5699 break;
5700 case NEON_3R_VSHL:
5701 if (u) {
5702 gen_helper_neon_shl_u64(cpu_V0, cpu_V1, cpu_V0);
5703 } else {
5704 gen_helper_neon_shl_s64(cpu_V0, cpu_V1, cpu_V0);
5705 }
5706 break;
5707 case NEON_3R_VQSHL:
5708 if (u) {
5709 gen_helper_neon_qshl_u64(cpu_V0, cpu_env,
5710 cpu_V1, cpu_V0);
5711 } else {
5712 gen_helper_neon_qshl_s64(cpu_V0, cpu_env,
5713 cpu_V1, cpu_V0);
5714 }
5715 break;
5716 case NEON_3R_VRSHL:
5717 if (u) {
5718 gen_helper_neon_rshl_u64(cpu_V0, cpu_V1, cpu_V0);
5719 } else {
5720 gen_helper_neon_rshl_s64(cpu_V0, cpu_V1, cpu_V0);
5721 }
5722 break;
5723 case NEON_3R_VQRSHL:
5724 if (u) {
5725 gen_helper_neon_qrshl_u64(cpu_V0, cpu_env,
5726 cpu_V1, cpu_V0);
5727 } else {
5728 gen_helper_neon_qrshl_s64(cpu_V0, cpu_env,
5729 cpu_V1, cpu_V0);
5730 }
5731 break;
5732 case NEON_3R_VADD_VSUB:
5733 if (u) {
5734 tcg_gen_sub_i64(CPU_V001);
5735 } else {
5736 tcg_gen_add_i64(CPU_V001);
5737 }
5738 break;
5739 default:
5740 abort();
5741 }
5742 neon_store_reg64(cpu_V0, rd + pass);
5743 }
5744 return 0;
5745 }
5746 pairwise = 0;
5747 switch (op) {
5748 case NEON_3R_VSHL:
5749 case NEON_3R_VQSHL:
5750 case NEON_3R_VRSHL:
5751 case NEON_3R_VQRSHL:
5752 {
5753 int rtmp;
5754 /* Shift instruction operands are reversed. */
5755 rtmp = rn;
5756 rn = rm;
5757 rm = rtmp;
5758 }
5759 break;
5760 case NEON_3R_VPADD:
5761 if (u) {
5762 return 1;
5763 }
5764 /* Fall through */
5765 case NEON_3R_VPMAX:
5766 case NEON_3R_VPMIN:
5767 pairwise = 1;
5768 break;
5769 case NEON_3R_FLOAT_ARITH:
5770 pairwise = (u && size < 2); /* if VPADD (float) */
5771 break;
5772 case NEON_3R_FLOAT_MINMAX:
5773 pairwise = u; /* if VPMIN/VPMAX (float) */
5774 break;
5775 case NEON_3R_FLOAT_CMP:
5776 if (!u && size) {
5777 /* no encoding for U=0 C=1x */
5778 return 1;
5779 }
5780 break;
5781 case NEON_3R_FLOAT_ACMP:
5782 if (!u) {
5783 return 1;
5784 }
5785 break;
5786 case NEON_3R_FLOAT_MISC:
5787 /* VMAXNM/VMINNM in ARMv8 */
5788 if (u && !arm_dc_feature(s, ARM_FEATURE_V8)) {
5789 return 1;
5790 }
5791 break;
5792 case NEON_3R_VMUL:
5793 if (u && (size != 0)) {
5794 /* UNDEF on invalid size for polynomial subcase */
5795 return 1;
5796 }
5797 break;
5798 case NEON_3R_VFM:
5799 if (!arm_dc_feature(s, ARM_FEATURE_VFP4) || u) {
5800 return 1;
5801 }
5802 break;
5803 default:
5804 break;
5805 }
5806
5807 if (pairwise && q) {
5808 /* All the pairwise insns UNDEF if Q is set */
5809 return 1;
5810 }
5811
5812 for (pass = 0; pass < (q ? 4 : 2); pass++) {
5813
5814 if (pairwise) {
5815 /* Pairwise. */
5816 if (pass < 1) {
5817 tmp = neon_load_reg(rn, 0);
5818 tmp2 = neon_load_reg(rn, 1);
5819 } else {
5820 tmp = neon_load_reg(rm, 0);
5821 tmp2 = neon_load_reg(rm, 1);
5822 }
5823 } else {
5824 /* Elementwise. */
5825 tmp = neon_load_reg(rn, pass);
5826 tmp2 = neon_load_reg(rm, pass);
5827 }
5828 switch (op) {
5829 case NEON_3R_VHADD:
5830 GEN_NEON_INTEGER_OP(hadd);
5831 break;
5832 case NEON_3R_VQADD:
5833 GEN_NEON_INTEGER_OP_ENV(qadd);
5834 break;
5835 case NEON_3R_VRHADD:
5836 GEN_NEON_INTEGER_OP(rhadd);
5837 break;
5838 case NEON_3R_LOGIC: /* Logic ops. */
5839 switch ((u << 2) | size) {
5840 case 0: /* VAND */
5841 tcg_gen_and_i32(tmp, tmp, tmp2);
5842 break;
5843 case 1: /* BIC */
5844 tcg_gen_andc_i32(tmp, tmp, tmp2);
5845 break;
5846 case 2: /* VORR */
5847 tcg_gen_or_i32(tmp, tmp, tmp2);
5848 break;
5849 case 3: /* VORN */
5850 tcg_gen_orc_i32(tmp, tmp, tmp2);
5851 break;
5852 case 4: /* VEOR */
5853 tcg_gen_xor_i32(tmp, tmp, tmp2);
5854 break;
5855 case 5: /* VBSL */
5856 tmp3 = neon_load_reg(rd, pass);
5857 gen_neon_bsl(tmp, tmp, tmp2, tmp3);
5858 tcg_temp_free_i32(tmp3);
5859 break;
5860 case 6: /* VBIT */
5861 tmp3 = neon_load_reg(rd, pass);
5862 gen_neon_bsl(tmp, tmp, tmp3, tmp2);
5863 tcg_temp_free_i32(tmp3);
5864 break;
5865 case 7: /* VBIF */
5866 tmp3 = neon_load_reg(rd, pass);
5867 gen_neon_bsl(tmp, tmp3, tmp, tmp2);
5868 tcg_temp_free_i32(tmp3);
5869 break;
5870 }
5871 break;
5872 case NEON_3R_VHSUB:
5873 GEN_NEON_INTEGER_OP(hsub);
5874 break;
5875 case NEON_3R_VQSUB:
5876 GEN_NEON_INTEGER_OP_ENV(qsub);
5877 break;
5878 case NEON_3R_VCGT:
5879 GEN_NEON_INTEGER_OP(cgt);
5880 break;
5881 case NEON_3R_VCGE:
5882 GEN_NEON_INTEGER_OP(cge);
5883 break;
5884 case NEON_3R_VSHL:
5885 GEN_NEON_INTEGER_OP(shl);
5886 break;
5887 case NEON_3R_VQSHL:
5888 GEN_NEON_INTEGER_OP_ENV(qshl);
5889 break;
5890 case NEON_3R_VRSHL:
5891 GEN_NEON_INTEGER_OP(rshl);
5892 break;
5893 case NEON_3R_VQRSHL:
5894 GEN_NEON_INTEGER_OP_ENV(qrshl);
5895 break;
5896 case NEON_3R_VMAX:
5897 GEN_NEON_INTEGER_OP(max);
5898 break;
5899 case NEON_3R_VMIN:
5900 GEN_NEON_INTEGER_OP(min);
5901 break;
5902 case NEON_3R_VABD:
5903 GEN_NEON_INTEGER_OP(abd);
5904 break;
5905 case NEON_3R_VABA:
5906 GEN_NEON_INTEGER_OP(abd);
5907 tcg_temp_free_i32(tmp2);
5908 tmp2 = neon_load_reg(rd, pass);
5909 gen_neon_add(size, tmp, tmp2);
5910 break;
5911 case NEON_3R_VADD_VSUB:
5912 if (!u) { /* VADD */
5913 gen_neon_add(size, tmp, tmp2);
5914 } else { /* VSUB */
5915 switch (size) {
5916 case 0: gen_helper_neon_sub_u8(tmp, tmp, tmp2); break;
5917 case 1: gen_helper_neon_sub_u16(tmp, tmp, tmp2); break;
5918 case 2: tcg_gen_sub_i32(tmp, tmp, tmp2); break;
5919 default: abort();
5920 }
5921 }
5922 break;
5923 case NEON_3R_VTST_VCEQ:
5924 if (!u) { /* VTST */
5925 switch (size) {
5926 case 0: gen_helper_neon_tst_u8(tmp, tmp, tmp2); break;
5927 case 1: gen_helper_neon_tst_u16(tmp, tmp, tmp2); break;
5928 case 2: gen_helper_neon_tst_u32(tmp, tmp, tmp2); break;
5929 default: abort();
5930 }
5931 } else { /* VCEQ */
5932 switch (size) {
5933 case 0: gen_helper_neon_ceq_u8(tmp, tmp, tmp2); break;
5934 case 1: gen_helper_neon_ceq_u16(tmp, tmp, tmp2); break;
5935 case 2: gen_helper_neon_ceq_u32(tmp, tmp, tmp2); break;
5936 default: abort();
5937 }
5938 }
5939 break;
5940 case NEON_3R_VML: /* VMLA, VMLAL, VMLS,VMLSL */
5941 switch (size) {
5942 case 0: gen_helper_neon_mul_u8(tmp, tmp, tmp2); break;
5943 case 1: gen_helper_neon_mul_u16(tmp, tmp, tmp2); break;
5944 case 2: tcg_gen_mul_i32(tmp, tmp, tmp2); break;
5945 default: abort();
5946 }
5947 tcg_temp_free_i32(tmp2);
5948 tmp2 = neon_load_reg(rd, pass);
5949 if (u) { /* VMLS */
5950 gen_neon_rsb(size, tmp, tmp2);
5951 } else { /* VMLA */
5952 gen_neon_add(size, tmp, tmp2);
5953 }
5954 break;
5955 case NEON_3R_VMUL:
5956 if (u) { /* polynomial */
5957 gen_helper_neon_mul_p8(tmp, tmp, tmp2);
5958 } else { /* Integer */
5959 switch (size) {
5960 case 0: gen_helper_neon_mul_u8(tmp, tmp, tmp2); break;
5961 case 1: gen_helper_neon_mul_u16(tmp, tmp, tmp2); break;
5962 case 2: tcg_gen_mul_i32(tmp, tmp, tmp2); break;
5963 default: abort();
5964 }
5965 }
5966 break;
5967 case NEON_3R_VPMAX:
5968 GEN_NEON_INTEGER_OP(pmax);
5969 break;
5970 case NEON_3R_VPMIN:
5971 GEN_NEON_INTEGER_OP(pmin);
5972 break;
5973 case NEON_3R_VQDMULH_VQRDMULH: /* Multiply high. */
5974 if (!u) { /* VQDMULH */
5975 switch (size) {
5976 case 1:
5977 gen_helper_neon_qdmulh_s16(tmp, cpu_env, tmp, tmp2);
5978 break;
5979 case 2:
5980 gen_helper_neon_qdmulh_s32(tmp, cpu_env, tmp, tmp2);
5981 break;
5982 default: abort();
5983 }
5984 } else { /* VQRDMULH */
5985 switch (size) {
5986 case 1:
5987 gen_helper_neon_qrdmulh_s16(tmp, cpu_env, tmp, tmp2);
5988 break;
5989 case 2:
5990 gen_helper_neon_qrdmulh_s32(tmp, cpu_env, tmp, tmp2);
5991 break;
5992 default: abort();
5993 }
5994 }
5995 break;
5996 case NEON_3R_VPADD:
5997 switch (size) {
5998 case 0: gen_helper_neon_padd_u8(tmp, tmp, tmp2); break;
5999 case 1: gen_helper_neon_padd_u16(tmp, tmp, tmp2); break;
6000 case 2: tcg_gen_add_i32(tmp, tmp, tmp2); break;
6001 default: abort();
6002 }
6003 break;
6004 case NEON_3R_FLOAT_ARITH: /* Floating point arithmetic. */
6005 {
6006 TCGv_ptr fpstatus = get_fpstatus_ptr(1);
6007 switch ((u << 2) | size) {
6008 case 0: /* VADD */
6009 case 4: /* VPADD */
6010 gen_helper_vfp_adds(tmp, tmp, tmp2, fpstatus);
6011 break;
6012 case 2: /* VSUB */
6013 gen_helper_vfp_subs(tmp, tmp, tmp2, fpstatus);
6014 break;
6015 case 6: /* VABD */
6016 gen_helper_neon_abd_f32(tmp, tmp, tmp2, fpstatus);
6017 break;
6018 default:
6019 abort();
6020 }
6021 tcg_temp_free_ptr(fpstatus);
6022 break;
6023 }
6024 case NEON_3R_FLOAT_MULTIPLY:
6025 {
6026 TCGv_ptr fpstatus = get_fpstatus_ptr(1);
6027 gen_helper_vfp_muls(tmp, tmp, tmp2, fpstatus);
6028 if (!u) {
6029 tcg_temp_free_i32(tmp2);
6030 tmp2 = neon_load_reg(rd, pass);
6031 if (size == 0) {
6032 gen_helper_vfp_adds(tmp, tmp, tmp2, fpstatus);
6033 } else {
6034 gen_helper_vfp_subs(tmp, tmp2, tmp, fpstatus);
6035 }
6036 }
6037 tcg_temp_free_ptr(fpstatus);
6038 break;
6039 }
6040 case NEON_3R_FLOAT_CMP:
6041 {
6042 TCGv_ptr fpstatus = get_fpstatus_ptr(1);
6043 if (!u) {
6044 gen_helper_neon_ceq_f32(tmp, tmp, tmp2, fpstatus);
6045 } else {
6046 if (size == 0) {
6047 gen_helper_neon_cge_f32(tmp, tmp, tmp2, fpstatus);
6048 } else {
6049 gen_helper_neon_cgt_f32(tmp, tmp, tmp2, fpstatus);
6050 }
6051 }
6052 tcg_temp_free_ptr(fpstatus);
6053 break;
6054 }
6055 case NEON_3R_FLOAT_ACMP:
6056 {
6057 TCGv_ptr fpstatus = get_fpstatus_ptr(1);
6058 if (size == 0) {
6059 gen_helper_neon_acge_f32(tmp, tmp, tmp2, fpstatus);
6060 } else {
6061 gen_helper_neon_acgt_f32(tmp, tmp, tmp2, fpstatus);
6062 }
6063 tcg_temp_free_ptr(fpstatus);
6064 break;
6065 }
6066 case NEON_3R_FLOAT_MINMAX:
6067 {
6068 TCGv_ptr fpstatus = get_fpstatus_ptr(1);
6069 if (size == 0) {
6070 gen_helper_vfp_maxs(tmp, tmp, tmp2, fpstatus);
6071 } else {
6072 gen_helper_vfp_mins(tmp, tmp, tmp2, fpstatus);
6073 }
6074 tcg_temp_free_ptr(fpstatus);
6075 break;
6076 }
6077 case NEON_3R_FLOAT_MISC:
6078 if (u) {
6079 /* VMAXNM/VMINNM */
6080 TCGv_ptr fpstatus = get_fpstatus_ptr(1);
6081 if (size == 0) {
6082 gen_helper_vfp_maxnums(tmp, tmp, tmp2, fpstatus);
6083 } else {
6084 gen_helper_vfp_minnums(tmp, tmp, tmp2, fpstatus);
6085 }
6086 tcg_temp_free_ptr(fpstatus);
6087 } else {
6088 if (size == 0) {
6089 gen_helper_recps_f32(tmp, tmp, tmp2, cpu_env);
6090 } else {
6091 gen_helper_rsqrts_f32(tmp, tmp, tmp2, cpu_env);
6092 }
6093 }
6094 break;
6095 case NEON_3R_VFM:
6096 {
6097 /* VFMA, VFMS: fused multiply-add */
6098 TCGv_ptr fpstatus = get_fpstatus_ptr(1);
6099 TCGv_i32 tmp3 = neon_load_reg(rd, pass);
6100 if (size) {
6101 /* VFMS */
6102 gen_helper_vfp_negs(tmp, tmp);
6103 }
6104 gen_helper_vfp_muladds(tmp, tmp, tmp2, tmp3, fpstatus);
6105 tcg_temp_free_i32(tmp3);
6106 tcg_temp_free_ptr(fpstatus);
6107 break;
6108 }
6109 default:
6110 abort();
6111 }
6112 tcg_temp_free_i32(tmp2);
6113
6114 /* Save the result. For elementwise operations we can put it
6115 straight into the destination register. For pairwise operations
6116 we have to be careful to avoid clobbering the source operands. */
6117 if (pairwise && rd == rm) {
6118 neon_store_scratch(pass, tmp);
6119 } else {
6120 neon_store_reg(rd, pass, tmp);
6121 }
6122
6123 } /* for pass */
6124 if (pairwise && rd == rm) {
6125 for (pass = 0; pass < (q ? 4 : 2); pass++) {
6126 tmp = neon_load_scratch(pass);
6127 neon_store_reg(rd, pass, tmp);
6128 }
6129 }
6130 /* End of 3 register same size operations. */
6131 } else if (insn & (1 << 4)) {
6132 if ((insn & 0x00380080) != 0) {
6133 /* Two registers and shift. */
6134 op = (insn >> 8) & 0xf;
6135 if (insn & (1 << 7)) {
6136 /* 64-bit shift. */
6137 if (op > 7) {
6138 return 1;
6139 }
6140 size = 3;
6141 } else {
6142 size = 2;
6143 while ((insn & (1 << (size + 19))) == 0)
6144 size--;
6145 }
6146 shift = (insn >> 16) & ((1 << (3 + size)) - 1);
6147 /* To avoid excessive duplication of ops we implement shift
6148 by immediate using the variable shift operations. */
6149 if (op < 8) {
6150 /* Shift by immediate:
6151 VSHR, VSRA, VRSHR, VRSRA, VSRI, VSHL, VQSHL, VQSHLU. */
6152 if (q && ((rd | rm) & 1)) {
6153 return 1;
6154 }
6155 if (!u && (op == 4 || op == 6)) {
6156 return 1;
6157 }
6158 /* Right shifts are encoded as N - shift, where N is the
6159 element size in bits. */
6160 if (op <= 4)
6161 shift = shift - (1 << (size + 3));
6162 if (size == 3) {
6163 count = q + 1;
6164 } else {
6165 count = q ? 4: 2;
6166 }
6167 switch (size) {
6168 case 0:
6169 imm = (uint8_t) shift;
6170 imm |= imm << 8;
6171 imm |= imm << 16;
6172 break;
6173 case 1:
6174 imm = (uint16_t) shift;
6175 imm |= imm << 16;
6176 break;
6177 case 2:
6178 case 3:
6179 imm = shift;
6180 break;
6181 default:
6182 abort();
6183 }
6184
6185 for (pass = 0; pass < count; pass++) {
6186 if (size == 3) {
6187 neon_load_reg64(cpu_V0, rm + pass);
6188 tcg_gen_movi_i64(cpu_V1, imm);
6189 switch (op) {
6190 case 0: /* VSHR */
6191 case 1: /* VSRA */
6192 if (u)
6193 gen_helper_neon_shl_u64(cpu_V0, cpu_V0, cpu_V1);
6194 else
6195 gen_helper_neon_shl_s64(cpu_V0, cpu_V0, cpu_V1);
6196 break;
6197 case 2: /* VRSHR */
6198 case 3: /* VRSRA */
6199 if (u)
6200 gen_helper_neon_rshl_u64(cpu_V0, cpu_V0, cpu_V1);
6201 else
6202 gen_helper_neon_rshl_s64(cpu_V0, cpu_V0, cpu_V1);
6203 break;
6204 case 4: /* VSRI */
6205 case 5: /* VSHL, VSLI */
6206 gen_helper_neon_shl_u64(cpu_V0, cpu_V0, cpu_V1);
6207 break;
6208 case 6: /* VQSHLU */
6209 gen_helper_neon_qshlu_s64(cpu_V0, cpu_env,
6210 cpu_V0, cpu_V1);
6211 break;
6212 case 7: /* VQSHL */
6213 if (u) {
6214 gen_helper_neon_qshl_u64(cpu_V0, cpu_env,
6215 cpu_V0, cpu_V1);
6216 } else {
6217 gen_helper_neon_qshl_s64(cpu_V0, cpu_env,
6218 cpu_V0, cpu_V1);
6219 }
6220 break;
6221 }
6222 if (op == 1 || op == 3) {
6223 /* Accumulate. */
6224 neon_load_reg64(cpu_V1, rd + pass);
6225 tcg_gen_add_i64(cpu_V0, cpu_V0, cpu_V1);
6226 } else if (op == 4 || (op == 5 && u)) {
6227 /* Insert */
6228 neon_load_reg64(cpu_V1, rd + pass);
6229 uint64_t mask;
6230 if (shift < -63 || shift > 63) {
6231 mask = 0;
6232 } else {
6233 if (op == 4) {
6234 mask = 0xffffffffffffffffull >> -shift;
6235 } else {
6236 mask = 0xffffffffffffffffull << shift;
6237 }
6238 }
6239 tcg_gen_andi_i64(cpu_V1, cpu_V1, ~mask);
6240 tcg_gen_or_i64(cpu_V0, cpu_V0, cpu_V1);
6241 }
6242 neon_store_reg64(cpu_V0, rd + pass);
6243 } else { /* size < 3 */
6244 /* Operands in T0 and T1. */
6245 tmp = neon_load_reg(rm, pass);
6246 tmp2 = tcg_temp_new_i32();
6247 tcg_gen_movi_i32(tmp2, imm);
6248 switch (op) {
6249 case 0: /* VSHR */
6250 case 1: /* VSRA */
6251 GEN_NEON_INTEGER_OP(shl);
6252 break;
6253 case 2: /* VRSHR */
6254 case 3: /* VRSRA */
6255 GEN_NEON_INTEGER_OP(rshl);
6256 break;
6257 case 4: /* VSRI */
6258 case 5: /* VSHL, VSLI */
6259 switch (size) {
6260 case 0: gen_helper_neon_shl_u8(tmp, tmp, tmp2); break;
6261 case 1: gen_helper_neon_shl_u16(tmp, tmp, tmp2); break;
6262 case 2: gen_helper_neon_shl_u32(tmp, tmp, tmp2); break;
6263 default: abort();
6264 }
6265 break;
6266 case 6: /* VQSHLU */
6267 switch (size) {
6268 case 0:
6269 gen_helper_neon_qshlu_s8(tmp, cpu_env,
6270 tmp, tmp2);
6271 break;
6272 case 1:
6273 gen_helper_neon_qshlu_s16(tmp, cpu_env,
6274 tmp, tmp2);
6275 break;
6276 case 2:
6277 gen_helper_neon_qshlu_s32(tmp, cpu_env,
6278 tmp, tmp2);
6279 break;
6280 default:
6281 abort();
6282 }
6283 break;
6284 case 7: /* VQSHL */
6285 GEN_NEON_INTEGER_OP_ENV(qshl);
6286 break;
6287 }
6288 tcg_temp_free_i32(tmp2);
6289
6290 if (op == 1 || op == 3) {
6291 /* Accumulate. */
6292 tmp2 = neon_load_reg(rd, pass);
6293 gen_neon_add(size, tmp, tmp2);
6294 tcg_temp_free_i32(tmp2);
6295 } else if (op == 4 || (op == 5 && u)) {
6296 /* Insert */
6297 switch (size) {
6298 case 0:
6299 if (op == 4)
6300 mask = 0xff >> -shift;
6301 else
6302 mask = (uint8_t)(0xff << shift);
6303 mask |= mask << 8;
6304 mask |= mask << 16;
6305 break;
6306 case 1:
6307 if (op == 4)
6308 mask = 0xffff >> -shift;
6309 else
6310 mask = (uint16_t)(0xffff << shift);
6311 mask |= mask << 16;
6312 break;
6313 case 2:
6314 if (shift < -31 || shift > 31) {
6315 mask = 0;
6316 } else {
6317 if (op == 4)
6318 mask = 0xffffffffu >> -shift;
6319 else
6320 mask = 0xffffffffu << shift;
6321 }
6322 break;
6323 default:
6324 abort();
6325 }
6326 tmp2 = neon_load_reg(rd, pass);
6327 tcg_gen_andi_i32(tmp, tmp, mask);
6328 tcg_gen_andi_i32(tmp2, tmp2, ~mask);
6329 tcg_gen_or_i32(tmp, tmp, tmp2);
6330 tcg_temp_free_i32(tmp2);
6331 }
6332 neon_store_reg(rd, pass, tmp);
6333 }
6334 } /* for pass */
6335 } else if (op < 10) {
6336 /* Shift by immediate and narrow:
6337 VSHRN, VRSHRN, VQSHRN, VQRSHRN. */
6338 int input_unsigned = (op == 8) ? !u : u;
6339 if (rm & 1) {
6340 return 1;
6341 }
6342 shift = shift - (1 << (size + 3));
6343 size++;
6344 if (size == 3) {
6345 tmp64 = tcg_const_i64(shift);
6346 neon_load_reg64(cpu_V0, rm);
6347 neon_load_reg64(cpu_V1, rm + 1);
6348 for (pass = 0; pass < 2; pass++) {
6349 TCGv_i64 in;
6350 if (pass == 0) {
6351 in = cpu_V0;
6352 } else {
6353 in = cpu_V1;
6354 }
6355 if (q) {
6356 if (input_unsigned) {
6357 gen_helper_neon_rshl_u64(cpu_V0, in, tmp64);
6358 } else {
6359 gen_helper_neon_rshl_s64(cpu_V0, in, tmp64);
6360 }
6361 } else {
6362 if (input_unsigned) {
6363 gen_helper_neon_shl_u64(cpu_V0, in, tmp64);
6364 } else {
6365 gen_helper_neon_shl_s64(cpu_V0, in, tmp64);
6366 }
6367 }
6368 tmp = tcg_temp_new_i32();
6369 gen_neon_narrow_op(op == 8, u, size - 1, tmp, cpu_V0);
6370 neon_store_reg(rd, pass, tmp);
6371 } /* for pass */
6372 tcg_temp_free_i64(tmp64);
6373 } else {
6374 if (size == 1) {
6375 imm = (uint16_t)shift;
6376 imm |= imm << 16;
6377 } else {
6378 /* size == 2 */
6379 imm = (uint32_t)shift;
6380 }
6381 tmp2 = tcg_const_i32(imm);
6382 tmp4 = neon_load_reg(rm + 1, 0);
6383 tmp5 = neon_load_reg(rm + 1, 1);
6384 for (pass = 0; pass < 2; pass++) {
6385 if (pass == 0) {
6386 tmp = neon_load_reg(rm, 0);
6387 } else {
6388 tmp = tmp4;
6389 }
6390 gen_neon_shift_narrow(size, tmp, tmp2, q,
6391 input_unsigned);
6392 if (pass == 0) {
6393 tmp3 = neon_load_reg(rm, 1);
6394 } else {
6395 tmp3 = tmp5;
6396 }
6397 gen_neon_shift_narrow(size, tmp3, tmp2, q,
6398 input_unsigned);
6399 tcg_gen_concat_i32_i64(cpu_V0, tmp, tmp3);
6400 tcg_temp_free_i32(tmp);
6401 tcg_temp_free_i32(tmp3);
6402 tmp = tcg_temp_new_i32();
6403 gen_neon_narrow_op(op == 8, u, size - 1, tmp, cpu_V0);
6404 neon_store_reg(rd, pass, tmp);
6405 } /* for pass */
6406 tcg_temp_free_i32(tmp2);
6407 }
6408 } else if (op == 10) {
6409 /* VSHLL, VMOVL */
6410 if (q || (rd & 1)) {
6411 return 1;
6412 }
6413 tmp = neon_load_reg(rm, 0);
6414 tmp2 = neon_load_reg(rm, 1);
6415 for (pass = 0; pass < 2; pass++) {
6416 if (pass == 1)
6417 tmp = tmp2;
6418
6419 gen_neon_widen(cpu_V0, tmp, size, u);
6420
6421 if (shift != 0) {
6422 /* The shift is less than the width of the source
6423 type, so we can just shift the whole register. */
6424 tcg_gen_shli_i64(cpu_V0, cpu_V0, shift);
6425 /* Widen the result of shift: we need to clear
6426 * the potential overflow bits resulting from
6427 * left bits of the narrow input appearing as
6428 * right bits of left the neighbour narrow
6429 * input. */
6430 if (size < 2 || !u) {
6431 uint64_t imm64;
6432 if (size == 0) {
6433 imm = (0xffu >> (8 - shift));
6434 imm |= imm << 16;
6435 } else if (size == 1) {
6436 imm = 0xffff >> (16 - shift);
6437 } else {
6438 /* size == 2 */
6439 imm = 0xffffffff >> (32 - shift);
6440 }
6441 if (size < 2) {
6442 imm64 = imm | (((uint64_t)imm) << 32);
6443 } else {
6444 imm64 = imm;
6445 }
6446 tcg_gen_andi_i64(cpu_V0, cpu_V0, ~imm64);
6447 }
6448 }
6449 neon_store_reg64(cpu_V0, rd + pass);
6450 }
6451 } else if (op >= 14) {
6452 /* VCVT fixed-point. */
6453 if (!(insn & (1 << 21)) || (q && ((rd | rm) & 1))) {
6454 return 1;
6455 }
6456 /* We have already masked out the must-be-1 top bit of imm6,
6457 * hence this 32-shift where the ARM ARM has 64-imm6.
6458 */
6459 shift = 32 - shift;
6460 for (pass = 0; pass < (q ? 4 : 2); pass++) {
6461 tcg_gen_ld_f32(cpu_F0s, cpu_env, neon_reg_offset(rm, pass));
6462 if (!(op & 1)) {
6463 if (u)
6464 gen_vfp_ulto(0, shift, 1);
6465 else
6466 gen_vfp_slto(0, shift, 1);
6467 } else {
6468 if (u)
6469 gen_vfp_toul(0, shift, 1);
6470 else
6471 gen_vfp_tosl(0, shift, 1);
6472 }
6473 tcg_gen_st_f32(cpu_F0s, cpu_env, neon_reg_offset(rd, pass));
6474 }
6475 } else {
6476 return 1;
6477 }
6478 } else { /* (insn & 0x00380080) == 0 */
6479 int invert;
6480 if (q && (rd & 1)) {
6481 return 1;
6482 }
6483
6484 op = (insn >> 8) & 0xf;
6485 /* One register and immediate. */
6486 imm = (u << 7) | ((insn >> 12) & 0x70) | (insn & 0xf);
6487 invert = (insn & (1 << 5)) != 0;
6488 /* Note that op = 2,3,4,5,6,7,10,11,12,13 imm=0 is UNPREDICTABLE.
6489 * We choose to not special-case this and will behave as if a
6490 * valid constant encoding of 0 had been given.
6491 */
6492 switch (op) {
6493 case 0: case 1:
6494 /* no-op */
6495 break;
6496 case 2: case 3:
6497 imm <<= 8;
6498 break;
6499 case 4: case 5:
6500 imm <<= 16;
6501 break;
6502 case 6: case 7:
6503 imm <<= 24;
6504 break;
6505 case 8: case 9:
6506 imm |= imm << 16;
6507 break;
6508 case 10: case 11:
6509 imm = (imm << 8) | (imm << 24);
6510 break;
6511 case 12:
6512 imm = (imm << 8) | 0xff;
6513 break;
6514 case 13:
6515 imm = (imm << 16) | 0xffff;
6516 break;
6517 case 14:
6518 imm |= (imm << 8) | (imm << 16) | (imm << 24);
6519 if (invert)
6520 imm = ~imm;
6521 break;
6522 case 15:
6523 if (invert) {
6524 return 1;
6525 }
6526 imm = ((imm & 0x80) << 24) | ((imm & 0x3f) << 19)
6527 | ((imm & 0x40) ? (0x1f << 25) : (1 << 30));
6528 break;
6529 }
6530 if (invert)
6531 imm = ~imm;
6532
6533 for (pass = 0; pass < (q ? 4 : 2); pass++) {
6534 if (op & 1 && op < 12) {
6535 tmp = neon_load_reg(rd, pass);
6536 if (invert) {
6537 /* The immediate value has already been inverted, so
6538 BIC becomes AND. */
6539 tcg_gen_andi_i32(tmp, tmp, imm);
6540 } else {
6541 tcg_gen_ori_i32(tmp, tmp, imm);
6542 }
6543 } else {
6544 /* VMOV, VMVN. */
6545 tmp = tcg_temp_new_i32();
6546 if (op == 14 && invert) {
6547 int n;
6548 uint32_t val;
6549 val = 0;
6550 for (n = 0; n < 4; n++) {
6551 if (imm & (1 << (n + (pass & 1) * 4)))
6552 val |= 0xff << (n * 8);
6553 }
6554 tcg_gen_movi_i32(tmp, val);
6555 } else {
6556 tcg_gen_movi_i32(tmp, imm);
6557 }
6558 }
6559 neon_store_reg(rd, pass, tmp);
6560 }
6561 }
6562 } else { /* (insn & 0x00800010 == 0x00800000) */
6563 if (size != 3) {
6564 op = (insn >> 8) & 0xf;
6565 if ((insn & (1 << 6)) == 0) {
6566 /* Three registers of different lengths. */
6567 int src1_wide;
6568 int src2_wide;
6569 int prewiden;
6570 /* undefreq: bit 0 : UNDEF if size == 0
6571 * bit 1 : UNDEF if size == 1
6572 * bit 2 : UNDEF if size == 2
6573 * bit 3 : UNDEF if U == 1
6574 * Note that [2:0] set implies 'always UNDEF'
6575 */
6576 int undefreq;
6577 /* prewiden, src1_wide, src2_wide, undefreq */
6578 static const int neon_3reg_wide[16][4] = {
6579 {1, 0, 0, 0}, /* VADDL */
6580 {1, 1, 0, 0}, /* VADDW */
6581 {1, 0, 0, 0}, /* VSUBL */
6582 {1, 1, 0, 0}, /* VSUBW */
6583 {0, 1, 1, 0}, /* VADDHN */
6584 {0, 0, 0, 0}, /* VABAL */
6585 {0, 1, 1, 0}, /* VSUBHN */
6586 {0, 0, 0, 0}, /* VABDL */
6587 {0, 0, 0, 0}, /* VMLAL */
6588 {0, 0, 0, 9}, /* VQDMLAL */
6589 {0, 0, 0, 0}, /* VMLSL */
6590 {0, 0, 0, 9}, /* VQDMLSL */
6591 {0, 0, 0, 0}, /* Integer VMULL */
6592 {0, 0, 0, 1}, /* VQDMULL */
6593 {0, 0, 0, 0xa}, /* Polynomial VMULL */
6594 {0, 0, 0, 7}, /* Reserved: always UNDEF */
6595 };
6596
6597 prewiden = neon_3reg_wide[op][0];
6598 src1_wide = neon_3reg_wide[op][1];
6599 src2_wide = neon_3reg_wide[op][2];
6600 undefreq = neon_3reg_wide[op][3];
6601
6602 if ((undefreq & (1 << size)) ||
6603 ((undefreq & 8) && u)) {
6604 return 1;
6605 }
6606 if ((src1_wide && (rn & 1)) ||
6607 (src2_wide && (rm & 1)) ||
6608 (!src2_wide && (rd & 1))) {
6609 return 1;
6610 }
6611
6612 /* Handle VMULL.P64 (Polynomial 64x64 to 128 bit multiply)
6613 * outside the loop below as it only performs a single pass.
6614 */
6615 if (op == 14 && size == 2) {
6616 TCGv_i64 tcg_rn, tcg_rm, tcg_rd;
6617
6618 if (!arm_dc_feature(s, ARM_FEATURE_V8_PMULL)) {
6619 return 1;
6620 }
6621 tcg_rn = tcg_temp_new_i64();
6622 tcg_rm = tcg_temp_new_i64();
6623 tcg_rd = tcg_temp_new_i64();
6624 neon_load_reg64(tcg_rn, rn);
6625 neon_load_reg64(tcg_rm, rm);
6626 gen_helper_neon_pmull_64_lo(tcg_rd, tcg_rn, tcg_rm);
6627 neon_store_reg64(tcg_rd, rd);
6628 gen_helper_neon_pmull_64_hi(tcg_rd, tcg_rn, tcg_rm);
6629 neon_store_reg64(tcg_rd, rd + 1);
6630 tcg_temp_free_i64(tcg_rn);
6631 tcg_temp_free_i64(tcg_rm);
6632 tcg_temp_free_i64(tcg_rd);
6633 return 0;
6634 }
6635
6636 /* Avoid overlapping operands. Wide source operands are
6637 always aligned so will never overlap with wide
6638 destinations in problematic ways. */
6639 if (rd == rm && !src2_wide) {
6640 tmp = neon_load_reg(rm, 1);
6641 neon_store_scratch(2, tmp);
6642 } else if (rd == rn && !src1_wide) {
6643 tmp = neon_load_reg(rn, 1);
6644 neon_store_scratch(2, tmp);
6645 }
6646 tmp3 = NULL;
6647 for (pass = 0; pass < 2; pass++) {
6648 if (src1_wide) {
6649 neon_load_reg64(cpu_V0, rn + pass);
6650 tmp = NULL;
6651 } else {
6652 if (pass == 1 && rd == rn) {
6653 tmp = neon_load_scratch(2);
6654 } else {
6655 tmp = neon_load_reg(rn, pass);
6656 }
6657 if (prewiden) {
6658 gen_neon_widen(cpu_V0, tmp, size, u);
6659 }
6660 }
6661 if (src2_wide) {
6662 neon_load_reg64(cpu_V1, rm + pass);
6663 tmp2 = NULL;
6664 } else {
6665 if (pass == 1 && rd == rm) {
6666 tmp2 = neon_load_scratch(2);
6667 } else {
6668 tmp2 = neon_load_reg(rm, pass);
6669 }
6670 if (prewiden) {
6671 gen_neon_widen(cpu_V1, tmp2, size, u);
6672 }
6673 }
6674 switch (op) {
6675 case 0: case 1: case 4: /* VADDL, VADDW, VADDHN, VRADDHN */
6676 gen_neon_addl(size);
6677 break;
6678 case 2: case 3: case 6: /* VSUBL, VSUBW, VSUBHN, VRSUBHN */
6679 gen_neon_subl(size);
6680 break;
6681 case 5: case 7: /* VABAL, VABDL */
6682 switch ((size << 1) | u) {
6683 case 0:
6684 gen_helper_neon_abdl_s16(cpu_V0, tmp, tmp2);
6685 break;
6686 case 1:
6687 gen_helper_neon_abdl_u16(cpu_V0, tmp, tmp2);
6688 break;
6689 case 2:
6690 gen_helper_neon_abdl_s32(cpu_V0, tmp, tmp2);
6691 break;
6692 case 3:
6693 gen_helper_neon_abdl_u32(cpu_V0, tmp, tmp2);
6694 break;
6695 case 4:
6696 gen_helper_neon_abdl_s64(cpu_V0, tmp, tmp2);
6697 break;
6698 case 5:
6699 gen_helper_neon_abdl_u64(cpu_V0, tmp, tmp2);
6700 break;
6701 default: abort();
6702 }
6703 tcg_temp_free_i32(tmp2);
6704 tcg_temp_free_i32(tmp);
6705 break;
6706 case 8: case 9: case 10: case 11: case 12: case 13:
6707 /* VMLAL, VQDMLAL, VMLSL, VQDMLSL, VMULL, VQDMULL */
6708 gen_neon_mull(cpu_V0, tmp, tmp2, size, u);
6709 break;
6710 case 14: /* Polynomial VMULL */
6711 gen_helper_neon_mull_p8(cpu_V0, tmp, tmp2);
6712 tcg_temp_free_i32(tmp2);
6713 tcg_temp_free_i32(tmp);
6714 break;
6715 default: /* 15 is RESERVED: caught earlier */
6716 abort();
6717 }
6718 if (op == 13) {
6719 /* VQDMULL */
6720 gen_neon_addl_saturate(cpu_V0, cpu_V0, size);
6721 neon_store_reg64(cpu_V0, rd + pass);
6722 } else if (op == 5 || (op >= 8 && op <= 11)) {
6723 /* Accumulate. */
6724 neon_load_reg64(cpu_V1, rd + pass);
6725 switch (op) {
6726 case 10: /* VMLSL */
6727 gen_neon_negl(cpu_V0, size);
6728 /* Fall through */
6729 case 5: case 8: /* VABAL, VMLAL */
6730 gen_neon_addl(size);
6731 break;
6732 case 9: case 11: /* VQDMLAL, VQDMLSL */
6733 gen_neon_addl_saturate(cpu_V0, cpu_V0, size);
6734 if (op == 11) {
6735 gen_neon_negl(cpu_V0, size);
6736 }
6737 gen_neon_addl_saturate(cpu_V0, cpu_V1, size);
6738 break;
6739 default:
6740 abort();
6741 }
6742 neon_store_reg64(cpu_V0, rd + pass);
6743 } else if (op == 4 || op == 6) {
6744 /* Narrowing operation. */
6745 tmp = tcg_temp_new_i32();
6746 if (!u) {
6747 switch (size) {
6748 case 0:
6749 gen_helper_neon_narrow_high_u8(tmp, cpu_V0);
6750 break;
6751 case 1:
6752 gen_helper_neon_narrow_high_u16(tmp, cpu_V0);
6753 break;
6754 case 2:
6755 tcg_gen_shri_i64(cpu_V0, cpu_V0, 32);
6756 tcg_gen_extrl_i64_i32(tmp, cpu_V0);
6757 break;
6758 default: abort();
6759 }
6760 } else {
6761 switch (size) {
6762 case 0:
6763 gen_helper_neon_narrow_round_high_u8(tmp, cpu_V0);
6764 break;
6765 case 1:
6766 gen_helper_neon_narrow_round_high_u16(tmp, cpu_V0);
6767 break;
6768 case 2:
6769 tcg_gen_addi_i64(cpu_V0, cpu_V0, 1u << 31);
6770 tcg_gen_shri_i64(cpu_V0, cpu_V0, 32);
6771 tcg_gen_extrl_i64_i32(tmp, cpu_V0);
6772 break;
6773 default: abort();
6774 }
6775 }
6776 if (pass == 0) {
6777 tmp3 = tmp;
6778 } else {
6779 neon_store_reg(rd, 0, tmp3);
6780 neon_store_reg(rd, 1, tmp);
6781 }
6782 } else {
6783 /* Write back the result. */
6784 neon_store_reg64(cpu_V0, rd + pass);
6785 }
6786 }
6787 } else {
6788 /* Two registers and a scalar. NB that for ops of this form
6789 * the ARM ARM labels bit 24 as Q, but it is in our variable
6790 * 'u', not 'q'.
6791 */
6792 if (size == 0) {
6793 return 1;
6794 }
6795 switch (op) {
6796 case 1: /* Float VMLA scalar */
6797 case 5: /* Floating point VMLS scalar */
6798 case 9: /* Floating point VMUL scalar */
6799 if (size == 1) {
6800 return 1;
6801 }
6802 /* fall through */
6803 case 0: /* Integer VMLA scalar */
6804 case 4: /* Integer VMLS scalar */
6805 case 8: /* Integer VMUL scalar */
6806 case 12: /* VQDMULH scalar */
6807 case 13: /* VQRDMULH scalar */
6808 if (u && ((rd | rn) & 1)) {
6809 return 1;
6810 }
6811 tmp = neon_get_scalar(size, rm);
6812 neon_store_scratch(0, tmp);
6813 for (pass = 0; pass < (u ? 4 : 2); pass++) {
6814 tmp = neon_load_scratch(0);
6815 tmp2 = neon_load_reg(rn, pass);
6816 if (op == 12) {
6817 if (size == 1) {
6818 gen_helper_neon_qdmulh_s16(tmp, cpu_env, tmp, tmp2);
6819 } else {
6820 gen_helper_neon_qdmulh_s32(tmp, cpu_env, tmp, tmp2);
6821 }
6822 } else if (op == 13) {
6823 if (size == 1) {
6824 gen_helper_neon_qrdmulh_s16(tmp, cpu_env, tmp, tmp2);
6825 } else {
6826 gen_helper_neon_qrdmulh_s32(tmp, cpu_env, tmp, tmp2);
6827 }
6828 } else if (op & 1) {
6829 TCGv_ptr fpstatus = get_fpstatus_ptr(1);
6830 gen_helper_vfp_muls(tmp, tmp, tmp2, fpstatus);
6831 tcg_temp_free_ptr(fpstatus);
6832 } else {
6833 switch (size) {
6834 case 0: gen_helper_neon_mul_u8(tmp, tmp, tmp2); break;
6835 case 1: gen_helper_neon_mul_u16(tmp, tmp, tmp2); break;
6836 case 2: tcg_gen_mul_i32(tmp, tmp, tmp2); break;
6837 default: abort();
6838 }
6839 }
6840 tcg_temp_free_i32(tmp2);
6841 if (op < 8) {
6842 /* Accumulate. */
6843 tmp2 = neon_load_reg(rd, pass);
6844 switch (op) {
6845 case 0:
6846 gen_neon_add(size, tmp, tmp2);
6847 break;
6848 case 1:
6849 {
6850 TCGv_ptr fpstatus = get_fpstatus_ptr(1);
6851 gen_helper_vfp_adds(tmp, tmp, tmp2, fpstatus);
6852 tcg_temp_free_ptr(fpstatus);
6853 break;
6854 }
6855 case 4:
6856 gen_neon_rsb(size, tmp, tmp2);
6857 break;
6858 case 5:
6859 {
6860 TCGv_ptr fpstatus = get_fpstatus_ptr(1);
6861 gen_helper_vfp_subs(tmp, tmp2, tmp, fpstatus);
6862 tcg_temp_free_ptr(fpstatus);
6863 break;
6864 }
6865 default:
6866 abort();
6867 }
6868 tcg_temp_free_i32(tmp2);
6869 }
6870 neon_store_reg(rd, pass, tmp);
6871 }
6872 break;
6873 case 3: /* VQDMLAL scalar */
6874 case 7: /* VQDMLSL scalar */
6875 case 11: /* VQDMULL scalar */
6876 if (u == 1) {
6877 return 1;
6878 }
6879 /* fall through */
6880 case 2: /* VMLAL sclar */
6881 case 6: /* VMLSL scalar */
6882 case 10: /* VMULL scalar */
6883 if (rd & 1) {
6884 return 1;
6885 }
6886 tmp2 = neon_get_scalar(size, rm);
6887 /* We need a copy of tmp2 because gen_neon_mull
6888 * deletes it during pass 0. */
6889 tmp4 = tcg_temp_new_i32();
6890 tcg_gen_mov_i32(tmp4, tmp2);
6891 tmp3 = neon_load_reg(rn, 1);
6892
6893 for (pass = 0; pass < 2; pass++) {
6894 if (pass == 0) {
6895 tmp = neon_load_reg(rn, 0);
6896 } else {
6897 tmp = tmp3;
6898 tmp2 = tmp4;
6899 }
6900 gen_neon_mull(cpu_V0, tmp, tmp2, size, u);
6901 if (op != 11) {
6902 neon_load_reg64(cpu_V1, rd + pass);
6903 }
6904 switch (op) {
6905 case 6:
6906 gen_neon_negl(cpu_V0, size);
6907 /* Fall through */
6908 case 2:
6909 gen_neon_addl(size);
6910 break;
6911 case 3: case 7:
6912 gen_neon_addl_saturate(cpu_V0, cpu_V0, size);
6913 if (op == 7) {
6914 gen_neon_negl(cpu_V0, size);
6915 }
6916 gen_neon_addl_saturate(cpu_V0, cpu_V1, size);
6917 break;
6918 case 10:
6919 /* no-op */
6920 break;
6921 case 11:
6922 gen_neon_addl_saturate(cpu_V0, cpu_V0, size);
6923 break;
6924 default:
6925 abort();
6926 }
6927 neon_store_reg64(cpu_V0, rd + pass);
6928 }
6929
6930
6931 break;
6932 default: /* 14 and 15 are RESERVED */
6933 return 1;
6934 }
6935 }
6936 } else { /* size == 3 */
6937 if (!u) {
6938 /* Extract. */
6939 imm = (insn >> 8) & 0xf;
6940
6941 if (imm > 7 && !q)
6942 return 1;
6943
6944 if (q && ((rd | rn | rm) & 1)) {
6945 return 1;
6946 }
6947
6948 if (imm == 0) {
6949 neon_load_reg64(cpu_V0, rn);
6950 if (q) {
6951 neon_load_reg64(cpu_V1, rn + 1);
6952 }
6953 } else if (imm == 8) {
6954 neon_load_reg64(cpu_V0, rn + 1);
6955 if (q) {
6956 neon_load_reg64(cpu_V1, rm);
6957 }
6958 } else if (q) {
6959 tmp64 = tcg_temp_new_i64();
6960 if (imm < 8) {
6961 neon_load_reg64(cpu_V0, rn);
6962 neon_load_reg64(tmp64, rn + 1);
6963 } else {
6964 neon_load_reg64(cpu_V0, rn + 1);
6965 neon_load_reg64(tmp64, rm);
6966 }
6967 tcg_gen_shri_i64(cpu_V0, cpu_V0, (imm & 7) * 8);
6968 tcg_gen_shli_i64(cpu_V1, tmp64, 64 - ((imm & 7) * 8));
6969 tcg_gen_or_i64(cpu_V0, cpu_V0, cpu_V1);
6970 if (imm < 8) {
6971 neon_load_reg64(cpu_V1, rm);
6972 } else {
6973 neon_load_reg64(cpu_V1, rm + 1);
6974 imm -= 8;
6975 }
6976 tcg_gen_shli_i64(cpu_V1, cpu_V1, 64 - (imm * 8));
6977 tcg_gen_shri_i64(tmp64, tmp64, imm * 8);
6978 tcg_gen_or_i64(cpu_V1, cpu_V1, tmp64);
6979 tcg_temp_free_i64(tmp64);
6980 } else {
6981 /* BUGFIX */
6982 neon_load_reg64(cpu_V0, rn);
6983 tcg_gen_shri_i64(cpu_V0, cpu_V0, imm * 8);
6984 neon_load_reg64(cpu_V1, rm);
6985 tcg_gen_shli_i64(cpu_V1, cpu_V1, 64 - (imm * 8));
6986 tcg_gen_or_i64(cpu_V0, cpu_V0, cpu_V1);
6987 }
6988 neon_store_reg64(cpu_V0, rd);
6989 if (q) {
6990 neon_store_reg64(cpu_V1, rd + 1);
6991 }
6992 } else if ((insn & (1 << 11)) == 0) {
6993 /* Two register misc. */
6994 op = ((insn >> 12) & 0x30) | ((insn >> 7) & 0xf);
6995 size = (insn >> 18) & 3;
6996 /* UNDEF for unknown op values and bad op-size combinations */
6997 if ((neon_2rm_sizes[op] & (1 << size)) == 0) {
6998 return 1;
6999 }
7000 if (neon_2rm_is_v8_op(op) &&
7001 !arm_dc_feature(s, ARM_FEATURE_V8)) {
7002 return 1;
7003 }
7004 if ((op != NEON_2RM_VMOVN && op != NEON_2RM_VQMOVN) &&
7005 q && ((rm | rd) & 1)) {
7006 return 1;
7007 }
7008 switch (op) {
7009 case NEON_2RM_VREV64:
7010 for (pass = 0; pass < (q ? 2 : 1); pass++) {
7011 tmp = neon_load_reg(rm, pass * 2);
7012 tmp2 = neon_load_reg(rm, pass * 2 + 1);
7013 switch (size) {
7014 case 0: tcg_gen_bswap32_i32(tmp, tmp); break;
7015 case 1: gen_swap_half(tmp); break;
7016 case 2: /* no-op */ break;
7017 default: abort();
7018 }
7019 neon_store_reg(rd, pass * 2 + 1, tmp);
7020 if (size == 2) {
7021 neon_store_reg(rd, pass * 2, tmp2);
7022 } else {
7023 switch (size) {
7024 case 0: tcg_gen_bswap32_i32(tmp2, tmp2); break;
7025 case 1: gen_swap_half(tmp2); break;
7026 default: abort();
7027 }
7028 neon_store_reg(rd, pass * 2, tmp2);
7029 }
7030 }
7031 break;
7032 case NEON_2RM_VPADDL: case NEON_2RM_VPADDL_U:
7033 case NEON_2RM_VPADAL: case NEON_2RM_VPADAL_U:
7034 for (pass = 0; pass < q + 1; pass++) {
7035 tmp = neon_load_reg(rm, pass * 2);
7036 gen_neon_widen(cpu_V0, tmp, size, op & 1);
7037 tmp = neon_load_reg(rm, pass * 2 + 1);
7038 gen_neon_widen(cpu_V1, tmp, size, op & 1);
7039 switch (size) {
7040 case 0: gen_helper_neon_paddl_u16(CPU_V001); break;
7041 case 1: gen_helper_neon_paddl_u32(CPU_V001); break;
7042 case 2: tcg_gen_add_i64(CPU_V001); break;
7043 default: abort();
7044 }
7045 if (op >= NEON_2RM_VPADAL) {
7046 /* Accumulate. */
7047 neon_load_reg64(cpu_V1, rd + pass);
7048 gen_neon_addl(size);
7049 }
7050 neon_store_reg64(cpu_V0, rd + pass);
7051 }
7052 break;
7053 case NEON_2RM_VTRN:
7054 if (size == 2) {
7055 int n;
7056 for (n = 0; n < (q ? 4 : 2); n += 2) {
7057 tmp = neon_load_reg(rm, n);
7058 tmp2 = neon_load_reg(rd, n + 1);
7059 neon_store_reg(rm, n, tmp2);
7060 neon_store_reg(rd, n + 1, tmp);
7061 }
7062 } else {
7063 goto elementwise;
7064 }
7065 break;
7066 case NEON_2RM_VUZP:
7067 if (gen_neon_unzip(rd, rm, size, q)) {
7068 return 1;
7069 }
7070 break;
7071 case NEON_2RM_VZIP:
7072 if (gen_neon_zip(rd, rm, size, q)) {
7073 return 1;
7074 }
7075 break;
7076 case NEON_2RM_VMOVN: case NEON_2RM_VQMOVN:
7077 /* also VQMOVUN; op field and mnemonics don't line up */
7078 if (rm & 1) {
7079 return 1;
7080 }
7081 tmp2 = NULL;
7082 for (pass = 0; pass < 2; pass++) {
7083 neon_load_reg64(cpu_V0, rm + pass);
7084 tmp = tcg_temp_new_i32();
7085 gen_neon_narrow_op(op == NEON_2RM_VMOVN, q, size,
7086 tmp, cpu_V0);
7087 if (pass == 0) {
7088 tmp2 = tmp;
7089 } else {
7090 neon_store_reg(rd, 0, tmp2);
7091 neon_store_reg(rd, 1, tmp);
7092 }
7093 }
7094 break;
7095 case NEON_2RM_VSHLL:
7096 if (q || (rd & 1)) {
7097 return 1;
7098 }
7099 tmp = neon_load_reg(rm, 0);
7100 tmp2 = neon_load_reg(rm, 1);
7101 for (pass = 0; pass < 2; pass++) {
7102 if (pass == 1)
7103 tmp = tmp2;
7104 gen_neon_widen(cpu_V0, tmp, size, 1);
7105 tcg_gen_shli_i64(cpu_V0, cpu_V0, 8 << size);
7106 neon_store_reg64(cpu_V0, rd + pass);
7107 }
7108 break;
7109 case NEON_2RM_VCVT_F16_F32:
7110 if (!arm_dc_feature(s, ARM_FEATURE_VFP_FP16) ||
7111 q || (rm & 1)) {
7112 return 1;
7113 }
7114 tmp = tcg_temp_new_i32();
7115 tmp2 = tcg_temp_new_i32();
7116 tcg_gen_ld_f32(cpu_F0s, cpu_env, neon_reg_offset(rm, 0));
7117 gen_helper_neon_fcvt_f32_to_f16(tmp, cpu_F0s, cpu_env);
7118 tcg_gen_ld_f32(cpu_F0s, cpu_env, neon_reg_offset(rm, 1));
7119 gen_helper_neon_fcvt_f32_to_f16(tmp2, cpu_F0s, cpu_env);
7120 tcg_gen_shli_i32(tmp2, tmp2, 16);
7121 tcg_gen_or_i32(tmp2, tmp2, tmp);
7122 tcg_gen_ld_f32(cpu_F0s, cpu_env, neon_reg_offset(rm, 2));
7123 gen_helper_neon_fcvt_f32_to_f16(tmp, cpu_F0s, cpu_env);
7124 tcg_gen_ld_f32(cpu_F0s, cpu_env, neon_reg_offset(rm, 3));
7125 neon_store_reg(rd, 0, tmp2);
7126 tmp2 = tcg_temp_new_i32();
7127 gen_helper_neon_fcvt_f32_to_f16(tmp2, cpu_F0s, cpu_env);
7128 tcg_gen_shli_i32(tmp2, tmp2, 16);
7129 tcg_gen_or_i32(tmp2, tmp2, tmp);
7130 neon_store_reg(rd, 1, tmp2);
7131 tcg_temp_free_i32(tmp);
7132 break;
7133 case NEON_2RM_VCVT_F32_F16:
7134 if (!arm_dc_feature(s, ARM_FEATURE_VFP_FP16) ||
7135 q || (rd & 1)) {
7136 return 1;
7137 }
7138 tmp3 = tcg_temp_new_i32();
7139 tmp = neon_load_reg(rm, 0);
7140 tmp2 = neon_load_reg(rm, 1);
7141 tcg_gen_ext16u_i32(tmp3, tmp);
7142 gen_helper_neon_fcvt_f16_to_f32(cpu_F0s, tmp3, cpu_env);
7143 tcg_gen_st_f32(cpu_F0s, cpu_env, neon_reg_offset(rd, 0));
7144 tcg_gen_shri_i32(tmp3, tmp, 16);
7145 gen_helper_neon_fcvt_f16_to_f32(cpu_F0s, tmp3, cpu_env);
7146 tcg_gen_st_f32(cpu_F0s, cpu_env, neon_reg_offset(rd, 1));
7147 tcg_temp_free_i32(tmp);
7148 tcg_gen_ext16u_i32(tmp3, tmp2);
7149 gen_helper_neon_fcvt_f16_to_f32(cpu_F0s, tmp3, cpu_env);
7150 tcg_gen_st_f32(cpu_F0s, cpu_env, neon_reg_offset(rd, 2));
7151 tcg_gen_shri_i32(tmp3, tmp2, 16);
7152 gen_helper_neon_fcvt_f16_to_f32(cpu_F0s, tmp3, cpu_env);
7153 tcg_gen_st_f32(cpu_F0s, cpu_env, neon_reg_offset(rd, 3));
7154 tcg_temp_free_i32(tmp2);
7155 tcg_temp_free_i32(tmp3);
7156 break;
7157 case NEON_2RM_AESE: case NEON_2RM_AESMC:
7158 if (!arm_dc_feature(s, ARM_FEATURE_V8_AES)
7159 || ((rm | rd) & 1)) {
7160 return 1;
7161 }
7162 tmp = tcg_const_i32(rd);
7163 tmp2 = tcg_const_i32(rm);
7164
7165 /* Bit 6 is the lowest opcode bit; it distinguishes between
7166 * encryption (AESE/AESMC) and decryption (AESD/AESIMC)
7167 */
7168 tmp3 = tcg_const_i32(extract32(insn, 6, 1));
7169
7170 if (op == NEON_2RM_AESE) {
7171 gen_helper_crypto_aese(cpu_env, tmp, tmp2, tmp3);
7172 } else {
7173 gen_helper_crypto_aesmc(cpu_env, tmp, tmp2, tmp3);
7174 }
7175 tcg_temp_free_i32(tmp);
7176 tcg_temp_free_i32(tmp2);
7177 tcg_temp_free_i32(tmp3);
7178 break;
7179 case NEON_2RM_SHA1H:
7180 if (!arm_dc_feature(s, ARM_FEATURE_V8_SHA1)
7181 || ((rm | rd) & 1)) {
7182 return 1;
7183 }
7184 tmp = tcg_const_i32(rd);
7185 tmp2 = tcg_const_i32(rm);
7186
7187 gen_helper_crypto_sha1h(cpu_env, tmp, tmp2);
7188
7189 tcg_temp_free_i32(tmp);
7190 tcg_temp_free_i32(tmp2);
7191 break;
7192 case NEON_2RM_SHA1SU1:
7193 if ((rm | rd) & 1) {
7194 return 1;
7195 }
7196 /* bit 6 (q): set -> SHA256SU0, cleared -> SHA1SU1 */
7197 if (q) {
7198 if (!arm_dc_feature(s, ARM_FEATURE_V8_SHA256)) {
7199 return 1;
7200 }
7201 } else if (!arm_dc_feature(s, ARM_FEATURE_V8_SHA1)) {
7202 return 1;
7203 }
7204 tmp = tcg_const_i32(rd);
7205 tmp2 = tcg_const_i32(rm);
7206 if (q) {
7207 gen_helper_crypto_sha256su0(cpu_env, tmp, tmp2);
7208 } else {
7209 gen_helper_crypto_sha1su1(cpu_env, tmp, tmp2);
7210 }
7211 tcg_temp_free_i32(tmp);
7212 tcg_temp_free_i32(tmp2);
7213 break;
7214 default:
7215 elementwise:
7216 for (pass = 0; pass < (q ? 4 : 2); pass++) {
7217 if (neon_2rm_is_float_op(op)) {
7218 tcg_gen_ld_f32(cpu_F0s, cpu_env,
7219 neon_reg_offset(rm, pass));
7220 tmp = NULL;
7221 } else {
7222 tmp = neon_load_reg(rm, pass);
7223 }
7224 switch (op) {
7225 case NEON_2RM_VREV32:
7226 switch (size) {
7227 case 0: tcg_gen_bswap32_i32(tmp, tmp); break;
7228 case 1: gen_swap_half(tmp); break;
7229 default: abort();
7230 }
7231 break;
7232 case NEON_2RM_VREV16:
7233 gen_rev16(tmp);
7234 break;
7235 case NEON_2RM_VCLS:
7236 switch (size) {
7237 case 0: gen_helper_neon_cls_s8(tmp, tmp); break;
7238 case 1: gen_helper_neon_cls_s16(tmp, tmp); break;
7239 case 2: gen_helper_neon_cls_s32(tmp, tmp); break;
7240 default: abort();
7241 }
7242 break;
7243 case NEON_2RM_VCLZ:
7244 switch (size) {
7245 case 0: gen_helper_neon_clz_u8(tmp, tmp); break;
7246 case 1: gen_helper_neon_clz_u16(tmp, tmp); break;
7247 case 2: tcg_gen_clzi_i32(tmp, tmp, 32); break;
7248 default: abort();
7249 }
7250 break;
7251 case NEON_2RM_VCNT:
7252 gen_helper_neon_cnt_u8(tmp, tmp);
7253 break;
7254 case NEON_2RM_VMVN:
7255 tcg_gen_not_i32(tmp, tmp);
7256 break;
7257 case NEON_2RM_VQABS:
7258 switch (size) {
7259 case 0:
7260 gen_helper_neon_qabs_s8(tmp, cpu_env, tmp);
7261 break;
7262 case 1:
7263 gen_helper_neon_qabs_s16(tmp, cpu_env, tmp);
7264 break;
7265 case 2:
7266 gen_helper_neon_qabs_s32(tmp, cpu_env, tmp);
7267 break;
7268 default: abort();
7269 }
7270 break;
7271 case NEON_2RM_VQNEG:
7272 switch (size) {
7273 case 0:
7274 gen_helper_neon_qneg_s8(tmp, cpu_env, tmp);
7275 break;
7276 case 1:
7277 gen_helper_neon_qneg_s16(tmp, cpu_env, tmp);
7278 break;
7279 case 2:
7280 gen_helper_neon_qneg_s32(tmp, cpu_env, tmp);
7281 break;
7282 default: abort();
7283 }
7284 break;
7285 case NEON_2RM_VCGT0: case NEON_2RM_VCLE0:
7286 tmp2 = tcg_const_i32(0);
7287 switch(size) {
7288 case 0: gen_helper_neon_cgt_s8(tmp, tmp, tmp2); break;
7289 case 1: gen_helper_neon_cgt_s16(tmp, tmp, tmp2); break;
7290 case 2: gen_helper_neon_cgt_s32(tmp, tmp, tmp2); break;
7291 default: abort();
7292 }
7293 tcg_temp_free_i32(tmp2);
7294 if (op == NEON_2RM_VCLE0) {
7295 tcg_gen_not_i32(tmp, tmp);
7296 }
7297 break;
7298 case NEON_2RM_VCGE0: case NEON_2RM_VCLT0:
7299 tmp2 = tcg_const_i32(0);
7300 switch(size) {
7301 case 0: gen_helper_neon_cge_s8(tmp, tmp, tmp2); break;
7302 case 1: gen_helper_neon_cge_s16(tmp, tmp, tmp2); break;
7303 case 2: gen_helper_neon_cge_s32(tmp, tmp, tmp2); break;
7304 default: abort();
7305 }
7306 tcg_temp_free_i32(tmp2);
7307 if (op == NEON_2RM_VCLT0) {
7308 tcg_gen_not_i32(tmp, tmp);
7309 }
7310 break;
7311 case NEON_2RM_VCEQ0:
7312 tmp2 = tcg_const_i32(0);
7313 switch(size) {
7314 case 0: gen_helper_neon_ceq_u8(tmp, tmp, tmp2); break;
7315 case 1: gen_helper_neon_ceq_u16(tmp, tmp, tmp2); break;
7316 case 2: gen_helper_neon_ceq_u32(tmp, tmp, tmp2); break;
7317 default: abort();
7318 }
7319 tcg_temp_free_i32(tmp2);
7320 break;
7321 case NEON_2RM_VABS:
7322 switch(size) {
7323 case 0: gen_helper_neon_abs_s8(tmp, tmp); break;
7324 case 1: gen_helper_neon_abs_s16(tmp, tmp); break;
7325 case 2: tcg_gen_abs_i32(tmp, tmp); break;
7326 default: abort();
7327 }
7328 break;
7329 case NEON_2RM_VNEG:
7330 tmp2 = tcg_const_i32(0);
7331 gen_neon_rsb(size, tmp, tmp2);
7332 tcg_temp_free_i32(tmp2);
7333 break;
7334 case NEON_2RM_VCGT0_F:
7335 {
7336 TCGv_ptr fpstatus = get_fpstatus_ptr(1);
7337 tmp2 = tcg_const_i32(0);
7338 gen_helper_neon_cgt_f32(tmp, tmp, tmp2, fpstatus);
7339 tcg_temp_free_i32(tmp2);
7340 tcg_temp_free_ptr(fpstatus);
7341 break;
7342 }
7343 case NEON_2RM_VCGE0_F:
7344 {
7345 TCGv_ptr fpstatus = get_fpstatus_ptr(1);
7346 tmp2 = tcg_const_i32(0);
7347 gen_helper_neon_cge_f32(tmp, tmp, tmp2, fpstatus);
7348 tcg_temp_free_i32(tmp2);
7349 tcg_temp_free_ptr(fpstatus);
7350 break;
7351 }
7352 case NEON_2RM_VCEQ0_F:
7353 {
7354 TCGv_ptr fpstatus = get_fpstatus_ptr(1);
7355 tmp2 = tcg_const_i32(0);
7356 gen_helper_neon_ceq_f32(tmp, tmp, tmp2, fpstatus);
7357 tcg_temp_free_i32(tmp2);
7358 tcg_temp_free_ptr(fpstatus);
7359 break;
7360 }
7361 case NEON_2RM_VCLE0_F:
7362 {
7363 TCGv_ptr fpstatus = get_fpstatus_ptr(1);
7364 tmp2 = tcg_const_i32(0);
7365 gen_helper_neon_cge_f32(tmp, tmp2, tmp, fpstatus);
7366 tcg_temp_free_i32(tmp2);
7367 tcg_temp_free_ptr(fpstatus);
7368 break;
7369 }
7370 case NEON_2RM_VCLT0_F:
7371 {
7372 TCGv_ptr fpstatus = get_fpstatus_ptr(1);
7373 tmp2 = tcg_const_i32(0);
7374 gen_helper_neon_cgt_f32(tmp, tmp2, tmp, fpstatus);
7375 tcg_temp_free_i32(tmp2);
7376 tcg_temp_free_ptr(fpstatus);
7377 break;
7378 }
7379 case NEON_2RM_VABS_F:
7380 gen_vfp_abs(0);
7381 break;
7382 case NEON_2RM_VNEG_F:
7383 gen_vfp_neg(0);
7384 break;
7385 case NEON_2RM_VSWP:
7386 tmp2 = neon_load_reg(rd, pass);
7387 neon_store_reg(rm, pass, tmp2);
7388 break;
7389 case NEON_2RM_VTRN:
7390 tmp2 = neon_load_reg(rd, pass);
7391 switch (size) {
7392 case 0: gen_neon_trn_u8(tmp, tmp2); break;
7393 case 1: gen_neon_trn_u16(tmp, tmp2); break;
7394 default: abort();
7395 }
7396 neon_store_reg(rm, pass, tmp2);
7397 break;
7398 case NEON_2RM_VRINTN:
7399 case NEON_2RM_VRINTA:
7400 case NEON_2RM_VRINTM:
7401 case NEON_2RM_VRINTP:
7402 case NEON_2RM_VRINTZ:
7403 {
7404 TCGv_i32 tcg_rmode;
7405 TCGv_ptr fpstatus = get_fpstatus_ptr(1);
7406 int rmode;
7407
7408 if (op == NEON_2RM_VRINTZ) {
7409 rmode = FPROUNDING_ZERO;
7410 } else {
7411 rmode = fp_decode_rm[((op & 0x6) >> 1) ^ 1];
7412 }
7413
7414 tcg_rmode = tcg_const_i32(arm_rmode_to_sf(rmode));
7415 gen_helper_set_neon_rmode(tcg_rmode, tcg_rmode,
7416 cpu_env);
7417 gen_helper_rints(cpu_F0s, cpu_F0s, fpstatus);
7418 gen_helper_set_neon_rmode(tcg_rmode, tcg_rmode,
7419 cpu_env);
7420 tcg_temp_free_ptr(fpstatus);
7421 tcg_temp_free_i32(tcg_rmode);
7422 break;
7423 }
7424 case NEON_2RM_VRINTX:
7425 {
7426 TCGv_ptr fpstatus = get_fpstatus_ptr(1);
7427 gen_helper_rints_exact(cpu_F0s, cpu_F0s, fpstatus);
7428 tcg_temp_free_ptr(fpstatus);
7429 break;
7430 }
7431 case NEON_2RM_VCVTAU:
7432 case NEON_2RM_VCVTAS:
7433 case NEON_2RM_VCVTNU:
7434 case NEON_2RM_VCVTNS:
7435 case NEON_2RM_VCVTPU:
7436 case NEON_2RM_VCVTPS:
7437 case NEON_2RM_VCVTMU:
7438 case NEON_2RM_VCVTMS:
7439 {
7440 bool is_signed = !extract32(insn, 7, 1);
7441 TCGv_ptr fpst = get_fpstatus_ptr(1);
7442 TCGv_i32 tcg_rmode, tcg_shift;
7443 int rmode = fp_decode_rm[extract32(insn, 8, 2)];
7444
7445 tcg_shift = tcg_const_i32(0);
7446 tcg_rmode = tcg_const_i32(arm_rmode_to_sf(rmode));
7447 gen_helper_set_neon_rmode(tcg_rmode, tcg_rmode,
7448 cpu_env);
7449
7450 if (is_signed) {
7451 gen_helper_vfp_tosls(cpu_F0s, cpu_F0s,
7452 tcg_shift, fpst);
7453 } else {
7454 gen_helper_vfp_touls(cpu_F0s, cpu_F0s,
7455 tcg_shift, fpst);
7456 }
7457
7458 gen_helper_set_neon_rmode(tcg_rmode, tcg_rmode,
7459 cpu_env);
7460 tcg_temp_free_i32(tcg_rmode);
7461 tcg_temp_free_i32(tcg_shift);
7462 tcg_temp_free_ptr(fpst);
7463 break;
7464 }
7465 case NEON_2RM_VRECPE:
7466 {
7467 TCGv_ptr fpstatus = get_fpstatus_ptr(1);
7468 gen_helper_recpe_u32(tmp, tmp, fpstatus);
7469 tcg_temp_free_ptr(fpstatus);
7470 break;
7471 }
7472 case NEON_2RM_VRSQRTE:
7473 {
7474 TCGv_ptr fpstatus = get_fpstatus_ptr(1);
7475 gen_helper_rsqrte_u32(tmp, tmp, fpstatus);
7476 tcg_temp_free_ptr(fpstatus);
7477 break;
7478 }
7479 case NEON_2RM_VRECPE_F:
7480 {
7481 TCGv_ptr fpstatus = get_fpstatus_ptr(1);
7482 gen_helper_recpe_f32(cpu_F0s, cpu_F0s, fpstatus);
7483 tcg_temp_free_ptr(fpstatus);
7484 break;
7485 }
7486 case NEON_2RM_VRSQRTE_F:
7487 {
7488 TCGv_ptr fpstatus = get_fpstatus_ptr(1);
7489 gen_helper_rsqrte_f32(cpu_F0s, cpu_F0s, fpstatus);
7490 tcg_temp_free_ptr(fpstatus);
7491 break;
7492 }
7493 case NEON_2RM_VCVT_FS: /* VCVT.F32.S32 */
7494 gen_vfp_sito(0, 1);
7495 break;
7496 case NEON_2RM_VCVT_FU: /* VCVT.F32.U32 */
7497 gen_vfp_uito(0, 1);
7498 break;
7499 case NEON_2RM_VCVT_SF: /* VCVT.S32.F32 */
7500 gen_vfp_tosiz(0, 1);
7501 break;
7502 case NEON_2RM_VCVT_UF: /* VCVT.U32.F32 */
7503 gen_vfp_touiz(0, 1);
7504 break;
7505 default:
7506 /* Reserved op values were caught by the
7507 * neon_2rm_sizes[] check earlier.
7508 */
7509 abort();
7510 }
7511 if (neon_2rm_is_float_op(op)) {
7512 tcg_gen_st_f32(cpu_F0s, cpu_env,
7513 neon_reg_offset(rd, pass));
7514 } else {
7515 neon_store_reg(rd, pass, tmp);
7516 }
7517 }
7518 break;
7519 }
7520 } else if ((insn & (1 << 10)) == 0) {
7521 /* VTBL, VTBX. */
7522 int n = ((insn >> 8) & 3) + 1;
7523 if ((rn + n) > 32) {
7524 /* This is UNPREDICTABLE; we choose to UNDEF to avoid the
7525 * helper function running off the end of the register file.
7526 */
7527 return 1;
7528 }
7529 n <<= 3;
7530 if (insn & (1 << 6)) {
7531 tmp = neon_load_reg(rd, 0);
7532 } else {
7533 tmp = tcg_temp_new_i32();
7534 tcg_gen_movi_i32(tmp, 0);
7535 }
7536 tmp2 = neon_load_reg(rm, 0);
7537 tmp4 = tcg_const_i32(rn);
7538 tmp5 = tcg_const_i32(n);
7539 gen_helper_neon_tbl(tmp2, cpu_env, tmp2, tmp, tmp4, tmp5);
7540 tcg_temp_free_i32(tmp);
7541 if (insn & (1 << 6)) {
7542 tmp = neon_load_reg(rd, 1);
7543 } else {
7544 tmp = tcg_temp_new_i32();
7545 tcg_gen_movi_i32(tmp, 0);
7546 }
7547 tmp3 = neon_load_reg(rm, 1);
7548 gen_helper_neon_tbl(tmp3, cpu_env, tmp3, tmp, tmp4, tmp5);
7549 tcg_temp_free_i32(tmp5);
7550 tcg_temp_free_i32(tmp4);
7551 neon_store_reg(rd, 0, tmp2);
7552 neon_store_reg(rd, 1, tmp3);
7553 tcg_temp_free_i32(tmp);
7554 } else if ((insn & 0x380) == 0) {
7555 /* VDUP */
7556 if ((insn & (7 << 16)) == 0 || (q && (rd & 1))) {
7557 return 1;
7558 }
7559 if (insn & (1 << 19)) {
7560 tmp = neon_load_reg(rm, 1);
7561 } else {
7562 tmp = neon_load_reg(rm, 0);
7563 }
7564 if (insn & (1 << 16)) {
7565 gen_neon_dup_u8(tmp, ((insn >> 17) & 3) * 8);
7566 } else if (insn & (1 << 17)) {
7567 if ((insn >> 18) & 1)
7568 gen_neon_dup_high16(tmp);
7569 else
7570 gen_neon_dup_low16(tmp);
7571 }
7572 for (pass = 0; pass < (q ? 4 : 2); pass++) {
7573 tmp2 = tcg_temp_new_i32();
7574 tcg_gen_mov_i32(tmp2, tmp);
7575 neon_store_reg(rd, pass, tmp2);
7576 }
7577 tcg_temp_free_i32(tmp);
7578 } else {
7579 return 1;
7580 }
7581 }
7582 }
7583 return 0;
7584 }
7585
7586 static int disas_coproc_insn(DisasContext *s, uint32_t insn)
7587 {
7588 int cpnum, is64, crn, crm, opc1, opc2, isread, rt, rt2;
7589 const ARMCPRegInfo *ri;
7590
7591 cpnum = (insn >> 8) & 0xf;
7592
7593 /* First check for coprocessor space used for XScale/iwMMXt insns */
7594 if (arm_dc_feature(s, ARM_FEATURE_XSCALE) && (cpnum < 2)) {
7595 if (extract32(s->c15_cpar, cpnum, 1) == 0) {
7596 return 1;
7597 }
7598 if (arm_dc_feature(s, ARM_FEATURE_IWMMXT)) {
7599 return disas_iwmmxt_insn(s, insn);
7600 } else if (arm_dc_feature(s, ARM_FEATURE_XSCALE)) {
7601 return disas_dsp_insn(s, insn);
7602 }
7603 return 1;
7604 }
7605
7606 /* Otherwise treat as a generic register access */
7607 is64 = (insn & (1 << 25)) == 0;
7608 if (!is64 && ((insn & (1 << 4)) == 0)) {
7609 /* cdp */
7610 return 1;
7611 }
7612
7613 crm = insn & 0xf;
7614 if (is64) {
7615 crn = 0;
7616 opc1 = (insn >> 4) & 0xf;
7617 opc2 = 0;
7618 rt2 = (insn >> 16) & 0xf;
7619 } else {
7620 crn = (insn >> 16) & 0xf;
7621 opc1 = (insn >> 21) & 7;
7622 opc2 = (insn >> 5) & 7;
7623 rt2 = 0;
7624 }
7625 isread = (insn >> 20) & 1;
7626 rt = (insn >> 12) & 0xf;
7627
7628 ri = get_arm_cp_reginfo(s->cp_regs,
7629 ENCODE_CP_REG(cpnum, is64, s->ns, crn, crm, opc1, opc2));
7630 if (ri) {
7631 /* Check access permissions */
7632 if (!cp_access_ok(s->current_el, ri, isread)) {
7633 return 1;
7634 }
7635
7636 if (ri->accessfn ||
7637 (arm_dc_feature(s, ARM_FEATURE_XSCALE) && cpnum < 14)) {
7638 /* Emit code to perform further access permissions checks at
7639 * runtime; this may result in an exception.
7640 * Note that on XScale all cp0..c13 registers do an access check
7641 * call in order to handle c15_cpar.
7642 */
7643 TCGv_ptr tmpptr;
7644 TCGv_i32 tcg_syn, tcg_isread;
7645 uint32_t syndrome;
7646
7647 /* Note that since we are an implementation which takes an
7648 * exception on a trapped conditional instruction only if the
7649 * instruction passes its condition code check, we can take
7650 * advantage of the clause in the ARM ARM that allows us to set
7651 * the COND field in the instruction to 0xE in all cases.
7652 * We could fish the actual condition out of the insn (ARM)
7653 * or the condexec bits (Thumb) but it isn't necessary.
7654 */
7655 switch (cpnum) {
7656 case 14:
7657 if (is64) {
7658 syndrome = syn_cp14_rrt_trap(1, 0xe, opc1, crm, rt, rt2,
7659 isread, false);
7660 } else {
7661 syndrome = syn_cp14_rt_trap(1, 0xe, opc1, opc2, crn, crm,
7662 rt, isread, false);
7663 }
7664 break;
7665 case 15:
7666 if (is64) {
7667 syndrome = syn_cp15_rrt_trap(1, 0xe, opc1, crm, rt, rt2,
7668 isread, false);
7669 } else {
7670 syndrome = syn_cp15_rt_trap(1, 0xe, opc1, opc2, crn, crm,
7671 rt, isread, false);
7672 }
7673 break;
7674 default:
7675 /* ARMv8 defines that only coprocessors 14 and 15 exist,
7676 * so this can only happen if this is an ARMv7 or earlier CPU,
7677 * in which case the syndrome information won't actually be
7678 * guest visible.
7679 */
7680 assert(!arm_dc_feature(s, ARM_FEATURE_V8));
7681 syndrome = syn_uncategorized();
7682 break;
7683 }
7684
7685 gen_set_condexec(s);
7686 gen_set_pc_im(s, s->pc - 4);
7687 tmpptr = tcg_const_ptr(ri);
7688 tcg_syn = tcg_const_i32(syndrome);
7689 tcg_isread = tcg_const_i32(isread);
7690 gen_helper_access_check_cp_reg(cpu_env, tmpptr, tcg_syn,
7691 tcg_isread);
7692 tcg_temp_free_ptr(tmpptr);
7693 tcg_temp_free_i32(tcg_syn);
7694 tcg_temp_free_i32(tcg_isread);
7695 }
7696
7697 /* Handle special cases first */
7698 switch (ri->type & ~(ARM_CP_FLAG_MASK & ~ARM_CP_SPECIAL)) {
7699 case ARM_CP_NOP:
7700 return 0;
7701 case ARM_CP_WFI:
7702 if (isread) {
7703 return 1;
7704 }
7705 gen_set_pc_im(s, s->pc);
7706 s->base.is_jmp = DISAS_WFI;
7707 return 0;
7708 default:
7709 break;
7710 }
7711
7712 if ((tb_cflags(s->base.tb) & CF_USE_ICOUNT) && (ri->type & ARM_CP_IO)) {
7713 gen_io_start();
7714 }
7715
7716 if (isread) {
7717 /* Read */
7718 if (is64) {
7719 TCGv_i64 tmp64;
7720 TCGv_i32 tmp;
7721 if (ri->type & ARM_CP_CONST) {
7722 tmp64 = tcg_const_i64(ri->resetvalue);
7723 } else if (ri->readfn) {
7724 TCGv_ptr tmpptr;
7725 tmp64 = tcg_temp_new_i64();
7726 tmpptr = tcg_const_ptr(ri);
7727 gen_helper_get_cp_reg64(tmp64, cpu_env, tmpptr);
7728 tcg_temp_free_ptr(tmpptr);
7729 } else {
7730 tmp64 = tcg_temp_new_i64();
7731 tcg_gen_ld_i64(tmp64, cpu_env, ri->fieldoffset);
7732 }
7733 tmp = tcg_temp_new_i32();
7734 tcg_gen_extrl_i64_i32(tmp, tmp64);
7735 store_reg(s, rt, tmp);
7736 tcg_gen_shri_i64(tmp64, tmp64, 32);
7737 tmp = tcg_temp_new_i32();
7738 tcg_gen_extrl_i64_i32(tmp, tmp64);
7739 tcg_temp_free_i64(tmp64);
7740 store_reg(s, rt2, tmp);
7741 } else {
7742 TCGv_i32 tmp;
7743 if (ri->type & ARM_CP_CONST) {
7744 tmp = tcg_const_i32(ri->resetvalue);
7745 } else if (ri->readfn) {
7746 TCGv_ptr tmpptr;
7747 tmp = tcg_temp_new_i32();
7748 tmpptr = tcg_const_ptr(ri);
7749 gen_helper_get_cp_reg(tmp, cpu_env, tmpptr);
7750 tcg_temp_free_ptr(tmpptr);
7751 } else {
7752 tmp = load_cpu_offset(ri->fieldoffset);
7753 }
7754 if (rt == 15) {
7755 /* Destination register of r15 for 32 bit loads sets
7756 * the condition codes from the high 4 bits of the value
7757 */
7758 gen_set_nzcv(tmp);
7759 tcg_temp_free_i32(tmp);
7760 } else {
7761 store_reg(s, rt, tmp);
7762 }
7763 }
7764 } else {
7765 /* Write */
7766 if (ri->type & ARM_CP_CONST) {
7767 /* If not forbidden by access permissions, treat as WI */
7768 return 0;
7769 }
7770
7771 if (is64) {
7772 TCGv_i32 tmplo, tmphi;
7773 TCGv_i64 tmp64 = tcg_temp_new_i64();
7774 tmplo = load_reg(s, rt);
7775 tmphi = load_reg(s, rt2);
7776 tcg_gen_concat_i32_i64(tmp64, tmplo, tmphi);
7777 tcg_temp_free_i32(tmplo);
7778 tcg_temp_free_i32(tmphi);
7779 if (ri->writefn) {
7780 TCGv_ptr tmpptr = tcg_const_ptr(ri);
7781 gen_helper_set_cp_reg64(cpu_env, tmpptr, tmp64);
7782 tcg_temp_free_ptr(tmpptr);
7783 } else {
7784 tcg_gen_st_i64(tmp64, cpu_env, ri->fieldoffset);
7785 }
7786 tcg_temp_free_i64(tmp64);
7787 } else {
7788 if (ri->writefn) {
7789 TCGv_i32 tmp;
7790 TCGv_ptr tmpptr;
7791 tmp = load_reg(s, rt);
7792 tmpptr = tcg_const_ptr(ri);
7793 gen_helper_set_cp_reg(cpu_env, tmpptr, tmp);
7794 tcg_temp_free_ptr(tmpptr);
7795 tcg_temp_free_i32(tmp);
7796 } else {
7797 TCGv_i32 tmp = load_reg(s, rt);
7798 store_cpu_offset(tmp, ri->fieldoffset);
7799 }
7800 }
7801 }
7802
7803 if ((tb_cflags(s->base.tb) & CF_USE_ICOUNT) && (ri->type & ARM_CP_IO)) {
7804 /* I/O operations must end the TB here (whether read or write) */
7805 gen_io_end();
7806 gen_lookup_tb(s);
7807 } else if (!isread && !(ri->type & ARM_CP_SUPPRESS_TB_END)) {
7808 /* We default to ending the TB on a coprocessor register write,
7809 * but allow this to be suppressed by the register definition
7810 * (usually only necessary to work around guest bugs).
7811 */
7812 gen_lookup_tb(s);
7813 }
7814
7815 return 0;
7816 }
7817
7818 /* Unknown register; this might be a guest error or a QEMU
7819 * unimplemented feature.
7820 */
7821 if (is64) {
7822 qemu_log_mask(LOG_UNIMP, "%s access to unsupported AArch32 "
7823 "64 bit system register cp:%d opc1: %d crm:%d "
7824 "(%s)\n",
7825 isread ? "read" : "write", cpnum, opc1, crm,
7826 s->ns ? "non-secure" : "secure");
7827 } else {
7828 qemu_log_mask(LOG_UNIMP, "%s access to unsupported AArch32 "
7829 "system register cp:%d opc1:%d crn:%d crm:%d opc2:%d "
7830 "(%s)\n",
7831 isread ? "read" : "write", cpnum, opc1, crn, crm, opc2,
7832 s->ns ? "non-secure" : "secure");
7833 }
7834
7835 return 1;
7836 }
7837
7838
7839 /* Store a 64-bit value to a register pair. Clobbers val. */
7840 static void gen_storeq_reg(DisasContext *s, int rlow, int rhigh, TCGv_i64 val)
7841 {
7842 TCGv_i32 tmp;
7843 tmp = tcg_temp_new_i32();
7844 tcg_gen_extrl_i64_i32(tmp, val);
7845 store_reg(s, rlow, tmp);
7846 tmp = tcg_temp_new_i32();
7847 tcg_gen_shri_i64(val, val, 32);
7848 tcg_gen_extrl_i64_i32(tmp, val);
7849 store_reg(s, rhigh, tmp);
7850 }
7851
7852 /* load a 32-bit value from a register and perform a 64-bit accumulate. */
7853 static void gen_addq_lo(DisasContext *s, TCGv_i64 val, int rlow)
7854 {
7855 TCGv_i64 tmp;
7856 TCGv_i32 tmp2;
7857
7858 /* Load value and extend to 64 bits. */
7859 tmp = tcg_temp_new_i64();
7860 tmp2 = load_reg(s, rlow);
7861 tcg_gen_extu_i32_i64(tmp, tmp2);
7862 tcg_temp_free_i32(tmp2);
7863 tcg_gen_add_i64(val, val, tmp);
7864 tcg_temp_free_i64(tmp);
7865 }
7866
7867 /* load and add a 64-bit value from a register pair. */
7868 static void gen_addq(DisasContext *s, TCGv_i64 val, int rlow, int rhigh)
7869 {
7870 TCGv_i64 tmp;
7871 TCGv_i32 tmpl;
7872 TCGv_i32 tmph;
7873
7874 /* Load 64-bit value rd:rn. */
7875 tmpl = load_reg(s, rlow);
7876 tmph = load_reg(s, rhigh);
7877 tmp = tcg_temp_new_i64();
7878 tcg_gen_concat_i32_i64(tmp, tmpl, tmph);
7879 tcg_temp_free_i32(tmpl);
7880 tcg_temp_free_i32(tmph);
7881 tcg_gen_add_i64(val, val, tmp);
7882 tcg_temp_free_i64(tmp);
7883 }
7884
7885 /* Set N and Z flags from hi|lo. */
7886 static void gen_logicq_cc(TCGv_i32 lo, TCGv_i32 hi)
7887 {
7888 tcg_gen_mov_i32(cpu_NF, hi);
7889 tcg_gen_or_i32(cpu_ZF, lo, hi);
7890 }
7891
7892 /* Load/Store exclusive instructions are implemented by remembering
7893 the value/address loaded, and seeing if these are the same
7894 when the store is performed. This should be sufficient to implement
7895 the architecturally mandated semantics, and avoids having to monitor
7896 regular stores. The compare vs the remembered value is done during
7897 the cmpxchg operation, but we must compare the addresses manually. */
7898 static void gen_load_exclusive(DisasContext *s, int rt, int rt2,
7899 TCGv_i32 addr, int size)
7900 {
7901 TCGv_i32 tmp = tcg_temp_new_i32();
7902 TCGMemOp opc = size | MO_ALIGN | s->be_data;
7903
7904 s->is_ldex = true;
7905
7906 if (size == 3) {
7907 TCGv_i32 tmp2 = tcg_temp_new_i32();
7908 TCGv_i64 t64 = tcg_temp_new_i64();
7909
7910 /* For AArch32, architecturally the 32-bit word at the lowest
7911 * address is always Rt and the one at addr+4 is Rt2, even if
7912 * the CPU is big-endian. That means we don't want to do a
7913 * gen_aa32_ld_i64(), which invokes gen_aa32_frob64() as if
7914 * for an architecturally 64-bit access, but instead do a
7915 * 64-bit access using MO_BE if appropriate and then split
7916 * the two halves.
7917 * This only makes a difference for BE32 user-mode, where
7918 * frob64() must not flip the two halves of the 64-bit data
7919 * but this code must treat BE32 user-mode like BE32 system.
7920 */
7921 TCGv taddr = gen_aa32_addr(s, addr, opc);
7922
7923 tcg_gen_qemu_ld_i64(t64, taddr, get_mem_index(s), opc);
7924 tcg_temp_free(taddr);
7925 tcg_gen_mov_i64(cpu_exclusive_val, t64);
7926 if (s->be_data == MO_BE) {
7927 tcg_gen_extr_i64_i32(tmp2, tmp, t64);
7928 } else {
7929 tcg_gen_extr_i64_i32(tmp, tmp2, t64);
7930 }
7931 tcg_temp_free_i64(t64);
7932
7933 store_reg(s, rt2, tmp2);
7934 } else {
7935 gen_aa32_ld_i32(s, tmp, addr, get_mem_index(s), opc);
7936 tcg_gen_extu_i32_i64(cpu_exclusive_val, tmp);
7937 }
7938
7939 store_reg(s, rt, tmp);
7940 tcg_gen_extu_i32_i64(cpu_exclusive_addr, addr);
7941 }
7942
7943 static void gen_clrex(DisasContext *s)
7944 {
7945 tcg_gen_movi_i64(cpu_exclusive_addr, -1);
7946 }
7947
7948 static void gen_store_exclusive(DisasContext *s, int rd, int rt, int rt2,
7949 TCGv_i32 addr, int size)
7950 {
7951 TCGv_i32 t0, t1, t2;
7952 TCGv_i64 extaddr;
7953 TCGv taddr;
7954 TCGLabel *done_label;
7955 TCGLabel *fail_label;
7956 TCGMemOp opc = size | MO_ALIGN | s->be_data;
7957
7958 /* if (env->exclusive_addr == addr && env->exclusive_val == [addr]) {
7959 [addr] = {Rt};
7960 {Rd} = 0;
7961 } else {
7962 {Rd} = 1;
7963 } */
7964 fail_label = gen_new_label();
7965 done_label = gen_new_label();
7966 extaddr = tcg_temp_new_i64();
7967 tcg_gen_extu_i32_i64(extaddr, addr);
7968 tcg_gen_brcond_i64(TCG_COND_NE, extaddr, cpu_exclusive_addr, fail_label);
7969 tcg_temp_free_i64(extaddr);
7970
7971 taddr = gen_aa32_addr(s, addr, opc);
7972 t0 = tcg_temp_new_i32();
7973 t1 = load_reg(s, rt);
7974 if (size == 3) {
7975 TCGv_i64 o64 = tcg_temp_new_i64();
7976 TCGv_i64 n64 = tcg_temp_new_i64();
7977
7978 t2 = load_reg(s, rt2);
7979 /* For AArch32, architecturally the 32-bit word at the lowest
7980 * address is always Rt and the one at addr+4 is Rt2, even if
7981 * the CPU is big-endian. Since we're going to treat this as a
7982 * single 64-bit BE store, we need to put the two halves in the
7983 * opposite order for BE to LE, so that they end up in the right
7984 * places.
7985 * We don't want gen_aa32_frob64() because that does the wrong
7986 * thing for BE32 usermode.
7987 */
7988 if (s->be_data == MO_BE) {
7989 tcg_gen_concat_i32_i64(n64, t2, t1);
7990 } else {
7991 tcg_gen_concat_i32_i64(n64, t1, t2);
7992 }
7993 tcg_temp_free_i32(t2);
7994
7995 tcg_gen_atomic_cmpxchg_i64(o64, taddr, cpu_exclusive_val, n64,
7996 get_mem_index(s), opc);
7997 tcg_temp_free_i64(n64);
7998
7999 tcg_gen_setcond_i64(TCG_COND_NE, o64, o64, cpu_exclusive_val);
8000 tcg_gen_extrl_i64_i32(t0, o64);
8001
8002 tcg_temp_free_i64(o64);
8003 } else {
8004 t2 = tcg_temp_new_i32();
8005 tcg_gen_extrl_i64_i32(t2, cpu_exclusive_val);
8006 tcg_gen_atomic_cmpxchg_i32(t0, taddr, t2, t1, get_mem_index(s), opc);
8007 tcg_gen_setcond_i32(TCG_COND_NE, t0, t0, t2);
8008 tcg_temp_free_i32(t2);
8009 }
8010 tcg_temp_free_i32(t1);
8011 tcg_temp_free(taddr);
8012 tcg_gen_mov_i32(cpu_R[rd], t0);
8013 tcg_temp_free_i32(t0);
8014 tcg_gen_br(done_label);
8015
8016 gen_set_label(fail_label);
8017 tcg_gen_movi_i32(cpu_R[rd], 1);
8018 gen_set_label(done_label);
8019 tcg_gen_movi_i64(cpu_exclusive_addr, -1);
8020 }
8021
8022 /* gen_srs:
8023 * @env: CPUARMState
8024 * @s: DisasContext
8025 * @mode: mode field from insn (which stack to store to)
8026 * @amode: addressing mode (DA/IA/DB/IB), encoded as per P,U bits in ARM insn
8027 * @writeback: true if writeback bit set
8028 *
8029 * Generate code for the SRS (Store Return State) insn.
8030 */
8031 static void gen_srs(DisasContext *s,
8032 uint32_t mode, uint32_t amode, bool writeback)
8033 {
8034 int32_t offset;
8035 TCGv_i32 addr, tmp;
8036 bool undef = false;
8037
8038 /* SRS is:
8039 * - trapped to EL3 if EL3 is AArch64 and we are at Secure EL1
8040 * and specified mode is monitor mode
8041 * - UNDEFINED in Hyp mode
8042 * - UNPREDICTABLE in User or System mode
8043 * - UNPREDICTABLE if the specified mode is:
8044 * -- not implemented
8045 * -- not a valid mode number
8046 * -- a mode that's at a higher exception level
8047 * -- Monitor, if we are Non-secure
8048 * For the UNPREDICTABLE cases we choose to UNDEF.
8049 */
8050 if (s->current_el == 1 && !s->ns && mode == ARM_CPU_MODE_MON) {
8051 gen_exception_insn(s, 4, EXCP_UDEF, syn_uncategorized(), 3);
8052 return;
8053 }
8054
8055 if (s->current_el == 0 || s->current_el == 2) {
8056 undef = true;
8057 }
8058
8059 switch (mode) {
8060 case ARM_CPU_MODE_USR:
8061 case ARM_CPU_MODE_FIQ:
8062 case ARM_CPU_MODE_IRQ:
8063 case ARM_CPU_MODE_SVC:
8064 case ARM_CPU_MODE_ABT:
8065 case ARM_CPU_MODE_UND:
8066 case ARM_CPU_MODE_SYS:
8067 break;
8068 case ARM_CPU_MODE_HYP:
8069 if (s->current_el == 1 || !arm_dc_feature(s, ARM_FEATURE_EL2)) {
8070 undef = true;
8071 }
8072 break;
8073 case ARM_CPU_MODE_MON:
8074 /* No need to check specifically for "are we non-secure" because
8075 * we've already made EL0 UNDEF and handled the trap for S-EL1;
8076 * so if this isn't EL3 then we must be non-secure.
8077 */
8078 if (s->current_el != 3) {
8079 undef = true;
8080 }
8081 break;
8082 default:
8083 undef = true;
8084 }
8085
8086 if (undef) {
8087 gen_exception_insn(s, 4, EXCP_UDEF, syn_uncategorized(),
8088 default_exception_el(s));
8089 return;
8090 }
8091
8092 addr = tcg_temp_new_i32();
8093 tmp = tcg_const_i32(mode);
8094 /* get_r13_banked() will raise an exception if called from System mode */
8095 gen_set_condexec(s);
8096 gen_set_pc_im(s, s->pc - 4);
8097 gen_helper_get_r13_banked(addr, cpu_env, tmp);
8098 tcg_temp_free_i32(tmp);
8099 switch (amode) {
8100 case 0: /* DA */
8101 offset = -4;
8102 break;
8103 case 1: /* IA */
8104 offset = 0;
8105 break;
8106 case 2: /* DB */
8107 offset = -8;
8108 break;
8109 case 3: /* IB */
8110 offset = 4;
8111 break;
8112 default:
8113 abort();
8114 }
8115 tcg_gen_addi_i32(addr, addr, offset);
8116 tmp = load_reg(s, 14);
8117 gen_aa32_st32(s, tmp, addr, get_mem_index(s));
8118 tcg_temp_free_i32(tmp);
8119 tmp = load_cpu_field(spsr);
8120 tcg_gen_addi_i32(addr, addr, 4);
8121 gen_aa32_st32(s, tmp, addr, get_mem_index(s));
8122 tcg_temp_free_i32(tmp);
8123 if (writeback) {
8124 switch (amode) {
8125 case 0:
8126 offset = -8;
8127 break;
8128 case 1:
8129 offset = 4;
8130 break;
8131 case 2:
8132 offset = -4;
8133 break;
8134 case 3:
8135 offset = 0;
8136 break;
8137 default:
8138 abort();
8139 }
8140 tcg_gen_addi_i32(addr, addr, offset);
8141 tmp = tcg_const_i32(mode);
8142 gen_helper_set_r13_banked(cpu_env, tmp, addr);
8143 tcg_temp_free_i32(tmp);
8144 }
8145 tcg_temp_free_i32(addr);
8146 s->base.is_jmp = DISAS_UPDATE;
8147 }
8148
8149 static void disas_arm_insn(DisasContext *s, unsigned int insn)
8150 {
8151 unsigned int cond, val, op1, i, shift, rm, rs, rn, rd, sh;
8152 TCGv_i32 tmp;
8153 TCGv_i32 tmp2;
8154 TCGv_i32 tmp3;
8155 TCGv_i32 addr;
8156 TCGv_i64 tmp64;
8157
8158 /* M variants do not implement ARM mode; this must raise the INVSTATE
8159 * UsageFault exception.
8160 */
8161 if (arm_dc_feature(s, ARM_FEATURE_M)) {
8162 gen_exception_insn(s, 4, EXCP_INVSTATE, syn_uncategorized(),
8163 default_exception_el(s));
8164 return;
8165 }
8166 cond = insn >> 28;
8167 if (cond == 0xf){
8168 /* In ARMv3 and v4 the NV condition is UNPREDICTABLE; we
8169 * choose to UNDEF. In ARMv5 and above the space is used
8170 * for miscellaneous unconditional instructions.
8171 */
8172 ARCH(5);
8173
8174 /* Unconditional instructions. */
8175 if (((insn >> 25) & 7) == 1) {
8176 /* NEON Data processing. */
8177 if (!arm_dc_feature(s, ARM_FEATURE_NEON)) {
8178 goto illegal_op;
8179 }
8180
8181 if (disas_neon_data_insn(s, insn)) {
8182 goto illegal_op;
8183 }
8184 return;
8185 }
8186 if ((insn & 0x0f100000) == 0x04000000) {
8187 /* NEON load/store. */
8188 if (!arm_dc_feature(s, ARM_FEATURE_NEON)) {
8189 goto illegal_op;
8190 }
8191
8192 if (disas_neon_ls_insn(s, insn)) {
8193 goto illegal_op;
8194 }
8195 return;
8196 }
8197 if ((insn & 0x0f000e10) == 0x0e000a00) {
8198 /* VFP. */
8199 if (disas_vfp_insn(s, insn)) {
8200 goto illegal_op;
8201 }
8202 return;
8203 }
8204 if (((insn & 0x0f30f000) == 0x0510f000) ||
8205 ((insn & 0x0f30f010) == 0x0710f000)) {
8206 if ((insn & (1 << 22)) == 0) {
8207 /* PLDW; v7MP */
8208 if (!arm_dc_feature(s, ARM_FEATURE_V7MP)) {
8209 goto illegal_op;
8210 }
8211 }
8212 /* Otherwise PLD; v5TE+ */
8213 ARCH(5TE);
8214 return;
8215 }
8216 if (((insn & 0x0f70f000) == 0x0450f000) ||
8217 ((insn & 0x0f70f010) == 0x0650f000)) {
8218 ARCH(7);
8219 return; /* PLI; V7 */
8220 }
8221 if (((insn & 0x0f700000) == 0x04100000) ||
8222 ((insn & 0x0f700010) == 0x06100000)) {
8223 if (!arm_dc_feature(s, ARM_FEATURE_V7MP)) {
8224 goto illegal_op;
8225 }
8226 return; /* v7MP: Unallocated memory hint: must NOP */
8227 }
8228
8229 if ((insn & 0x0ffffdff) == 0x01010000) {
8230 ARCH(6);
8231 /* setend */
8232 if (((insn >> 9) & 1) != !!(s->be_data == MO_BE)) {
8233 gen_helper_setend(cpu_env);
8234 s->base.is_jmp = DISAS_UPDATE;
8235 }
8236 return;
8237 } else if ((insn & 0x0fffff00) == 0x057ff000) {
8238 switch ((insn >> 4) & 0xf) {
8239 case 1: /* clrex */
8240 ARCH(6K);
8241 gen_clrex(s);
8242 return;
8243 case 4: /* dsb */
8244 case 5: /* dmb */
8245 ARCH(7);
8246 tcg_gen_mb(TCG_MO_ALL | TCG_BAR_SC);
8247 return;
8248 case 6: /* isb */
8249 /* We need to break the TB after this insn to execute
8250 * self-modifying code correctly and also to take
8251 * any pending interrupts immediately.
8252 */
8253 gen_goto_tb(s, 0, s->pc & ~1);
8254 return;
8255 default:
8256 goto illegal_op;
8257 }
8258 } else if ((insn & 0x0e5fffe0) == 0x084d0500) {
8259 /* srs */
8260 ARCH(6);
8261 gen_srs(s, (insn & 0x1f), (insn >> 23) & 3, insn & (1 << 21));
8262 return;
8263 } else if ((insn & 0x0e50ffe0) == 0x08100a00) {
8264 /* rfe */
8265 int32_t offset;
8266 if (IS_USER(s))
8267 goto illegal_op;
8268 ARCH(6);
8269 rn = (insn >> 16) & 0xf;
8270 addr = load_reg(s, rn);
8271 i = (insn >> 23) & 3;
8272 switch (i) {
8273 case 0: offset = -4; break; /* DA */
8274 case 1: offset = 0; break; /* IA */
8275 case 2: offset = -8; break; /* DB */
8276 case 3: offset = 4; break; /* IB */
8277 default: abort();
8278 }
8279 if (offset)
8280 tcg_gen_addi_i32(addr, addr, offset);
8281 /* Load PC into tmp and CPSR into tmp2. */
8282 tmp = tcg_temp_new_i32();
8283 gen_aa32_ld32u(s, tmp, addr, get_mem_index(s));
8284 tcg_gen_addi_i32(addr, addr, 4);
8285 tmp2 = tcg_temp_new_i32();
8286 gen_aa32_ld32u(s, tmp2, addr, get_mem_index(s));
8287 if (insn & (1 << 21)) {
8288 /* Base writeback. */
8289 switch (i) {
8290 case 0: offset = -8; break;
8291 case 1: offset = 4; break;
8292 case 2: offset = -4; break;
8293 case 3: offset = 0; break;
8294 default: abort();
8295 }
8296 if (offset)
8297 tcg_gen_addi_i32(addr, addr, offset);
8298 store_reg(s, rn, addr);
8299 } else {
8300 tcg_temp_free_i32(addr);
8301 }
8302 gen_rfe(s, tmp, tmp2);
8303 return;
8304 } else if ((insn & 0x0e000000) == 0x0a000000) {
8305 /* branch link and change to thumb (blx <offset>) */
8306 int32_t offset;
8307
8308 val = (uint32_t)s->pc;
8309 tmp = tcg_temp_new_i32();
8310 tcg_gen_movi_i32(tmp, val);
8311 store_reg(s, 14, tmp);
8312 /* Sign-extend the 24-bit offset */
8313 offset = (((int32_t)insn) << 8) >> 8;
8314 /* offset * 4 + bit24 * 2 + (thumb bit) */
8315 val += (offset << 2) | ((insn >> 23) & 2) | 1;
8316 /* pipeline offset */
8317 val += 4;
8318 /* protected by ARCH(5); above, near the start of uncond block */
8319 gen_bx_im(s, val);
8320 return;
8321 } else if ((insn & 0x0e000f00) == 0x0c000100) {
8322 if (arm_dc_feature(s, ARM_FEATURE_IWMMXT)) {
8323 /* iWMMXt register transfer. */
8324 if (extract32(s->c15_cpar, 1, 1)) {
8325 if (!disas_iwmmxt_insn(s, insn)) {
8326 return;
8327 }
8328 }
8329 }
8330 } else if ((insn & 0x0fe00000) == 0x0c400000) {
8331 /* Coprocessor double register transfer. */
8332 ARCH(5TE);
8333 } else if ((insn & 0x0f000010) == 0x0e000010) {
8334 /* Additional coprocessor register transfer. */
8335 } else if ((insn & 0x0ff10020) == 0x01000000) {
8336 uint32_t mask;
8337 uint32_t val;
8338 /* cps (privileged) */
8339 if (IS_USER(s))
8340 return;
8341 mask = val = 0;
8342 if (insn & (1 << 19)) {
8343 if (insn & (1 << 8))
8344 mask |= CPSR_A;
8345 if (insn & (1 << 7))
8346 mask |= CPSR_I;
8347 if (insn & (1 << 6))
8348 mask |= CPSR_F;
8349 if (insn & (1 << 18))
8350 val |= mask;
8351 }
8352 if (insn & (1 << 17)) {
8353 mask |= CPSR_M;
8354 val |= (insn & 0x1f);
8355 }
8356 if (mask) {
8357 gen_set_psr_im(s, mask, 0, val);
8358 }
8359 return;
8360 }
8361 goto illegal_op;
8362 }
8363 if (cond != 0xe) {
8364 /* if not always execute, we generate a conditional jump to
8365 next instruction */
8366 s->condlabel = gen_new_label();
8367 arm_gen_test_cc(cond ^ 1, s->condlabel);
8368 s->condjmp = 1;
8369 }
8370 if ((insn & 0x0f900000) == 0x03000000) {
8371 if ((insn & (1 << 21)) == 0) {
8372 ARCH(6T2);
8373 rd = (insn >> 12) & 0xf;
8374 val = ((insn >> 4) & 0xf000) | (insn & 0xfff);
8375 if ((insn & (1 << 22)) == 0) {
8376 /* MOVW */
8377 tmp = tcg_temp_new_i32();
8378 tcg_gen_movi_i32(tmp, val);
8379 } else {
8380 /* MOVT */
8381 tmp = load_reg(s, rd);
8382 tcg_gen_ext16u_i32(tmp, tmp);
8383 tcg_gen_ori_i32(tmp, tmp, val << 16);
8384 }
8385 store_reg(s, rd, tmp);
8386 } else {
8387 if (((insn >> 12) & 0xf) != 0xf)
8388 goto illegal_op;
8389 if (((insn >> 16) & 0xf) == 0) {
8390 gen_nop_hint(s, insn & 0xff);
8391 } else {
8392 /* CPSR = immediate */
8393 val = insn & 0xff;
8394 shift = ((insn >> 8) & 0xf) * 2;
8395 if (shift)
8396 val = (val >> shift) | (val << (32 - shift));
8397 i = ((insn & (1 << 22)) != 0);
8398 if (gen_set_psr_im(s, msr_mask(s, (insn >> 16) & 0xf, i),
8399 i, val)) {
8400 goto illegal_op;
8401 }
8402 }
8403 }
8404 } else if ((insn & 0x0f900000) == 0x01000000
8405 && (insn & 0x00000090) != 0x00000090) {
8406 /* miscellaneous instructions */
8407 op1 = (insn >> 21) & 3;
8408 sh = (insn >> 4) & 0xf;
8409 rm = insn & 0xf;
8410 switch (sh) {
8411 case 0x0: /* MSR, MRS */
8412 if (insn & (1 << 9)) {
8413 /* MSR (banked) and MRS (banked) */
8414 int sysm = extract32(insn, 16, 4) |
8415 (extract32(insn, 8, 1) << 4);
8416 int r = extract32(insn, 22, 1);
8417
8418 if (op1 & 1) {
8419 /* MSR (banked) */
8420 gen_msr_banked(s, r, sysm, rm);
8421 } else {
8422 /* MRS (banked) */
8423 int rd = extract32(insn, 12, 4);
8424
8425 gen_mrs_banked(s, r, sysm, rd);
8426 }
8427 break;
8428 }
8429
8430 /* MSR, MRS (for PSRs) */
8431 if (op1 & 1) {
8432 /* PSR = reg */
8433 tmp = load_reg(s, rm);
8434 i = ((op1 & 2) != 0);
8435 if (gen_set_psr(s, msr_mask(s, (insn >> 16) & 0xf, i), i, tmp))
8436 goto illegal_op;
8437 } else {
8438 /* reg = PSR */
8439 rd = (insn >> 12) & 0xf;
8440 if (op1 & 2) {
8441 if (IS_USER(s))
8442 goto illegal_op;
8443 tmp = load_cpu_field(spsr);
8444 } else {
8445 tmp = tcg_temp_new_i32();
8446 gen_helper_cpsr_read(tmp, cpu_env);
8447 }
8448 store_reg(s, rd, tmp);
8449 }
8450 break;
8451 case 0x1:
8452 if (op1 == 1) {
8453 /* branch/exchange thumb (bx). */
8454 ARCH(4T);
8455 tmp = load_reg(s, rm);
8456 gen_bx(s, tmp);
8457 } else if (op1 == 3) {
8458 /* clz */
8459 ARCH(5);
8460 rd = (insn >> 12) & 0xf;
8461 tmp = load_reg(s, rm);
8462 tcg_gen_clzi_i32(tmp, tmp, 32);
8463 store_reg(s, rd, tmp);
8464 } else {
8465 goto illegal_op;
8466 }
8467 break;
8468 case 0x2:
8469 if (op1 == 1) {
8470 ARCH(5J); /* bxj */
8471 /* Trivial implementation equivalent to bx. */
8472 tmp = load_reg(s, rm);
8473 gen_bx(s, tmp);
8474 } else {
8475 goto illegal_op;
8476 }
8477 break;
8478 case 0x3:
8479 if (op1 != 1)
8480 goto illegal_op;
8481
8482 ARCH(5);
8483 /* branch link/exchange thumb (blx) */
8484 tmp = load_reg(s, rm);
8485 tmp2 = tcg_temp_new_i32();
8486 tcg_gen_movi_i32(tmp2, s->pc);
8487 store_reg(s, 14, tmp2);
8488 gen_bx(s, tmp);
8489 break;
8490 case 0x4:
8491 {
8492 /* crc32/crc32c */
8493 uint32_t c = extract32(insn, 8, 4);
8494
8495 /* Check this CPU supports ARMv8 CRC instructions.
8496 * op1 == 3 is UNPREDICTABLE but handle as UNDEFINED.
8497 * Bits 8, 10 and 11 should be zero.
8498 */
8499 if (!arm_dc_feature(s, ARM_FEATURE_CRC) || op1 == 0x3 ||
8500 (c & 0xd) != 0) {
8501 goto illegal_op;
8502 }
8503
8504 rn = extract32(insn, 16, 4);
8505 rd = extract32(insn, 12, 4);
8506
8507 tmp = load_reg(s, rn);
8508 tmp2 = load_reg(s, rm);
8509 if (op1 == 0) {
8510 tcg_gen_andi_i32(tmp2, tmp2, 0xff);
8511 } else if (op1 == 1) {
8512 tcg_gen_andi_i32(tmp2, tmp2, 0xffff);
8513 }
8514 tmp3 = tcg_const_i32(1 << op1);
8515 if (c & 0x2) {
8516 gen_helper_crc32c(tmp, tmp, tmp2, tmp3);
8517 } else {
8518 gen_helper_crc32(tmp, tmp, tmp2, tmp3);
8519 }
8520 tcg_temp_free_i32(tmp2);
8521 tcg_temp_free_i32(tmp3);
8522 store_reg(s, rd, tmp);
8523 break;
8524 }
8525 case 0x5: /* saturating add/subtract */
8526 ARCH(5TE);
8527 rd = (insn >> 12) & 0xf;
8528 rn = (insn >> 16) & 0xf;
8529 tmp = load_reg(s, rm);
8530 tmp2 = load_reg(s, rn);
8531 if (op1 & 2)
8532 gen_helper_double_saturate(tmp2, cpu_env, tmp2);
8533 if (op1 & 1)
8534 gen_helper_sub_saturate(tmp, cpu_env, tmp, tmp2);
8535 else
8536 gen_helper_add_saturate(tmp, cpu_env, tmp, tmp2);
8537 tcg_temp_free_i32(tmp2);
8538 store_reg(s, rd, tmp);
8539 break;
8540 case 7:
8541 {
8542 int imm16 = extract32(insn, 0, 4) | (extract32(insn, 8, 12) << 4);
8543 switch (op1) {
8544 case 0:
8545 /* HLT */
8546 gen_hlt(s, imm16);
8547 break;
8548 case 1:
8549 /* bkpt */
8550 ARCH(5);
8551 gen_exception_insn(s, 4, EXCP_BKPT,
8552 syn_aa32_bkpt(imm16, false),
8553 default_exception_el(s));
8554 break;
8555 case 2:
8556 /* Hypervisor call (v7) */
8557 ARCH(7);
8558 if (IS_USER(s)) {
8559 goto illegal_op;
8560 }
8561 gen_hvc(s, imm16);
8562 break;
8563 case 3:
8564 /* Secure monitor call (v6+) */
8565 ARCH(6K);
8566 if (IS_USER(s)) {
8567 goto illegal_op;
8568 }
8569 gen_smc(s);
8570 break;
8571 default:
8572 g_assert_not_reached();
8573 }
8574 break;
8575 }
8576 case 0x8: /* signed multiply */
8577 case 0xa:
8578 case 0xc:
8579 case 0xe:
8580 ARCH(5TE);
8581 rs = (insn >> 8) & 0xf;
8582 rn = (insn >> 12) & 0xf;
8583 rd = (insn >> 16) & 0xf;
8584 if (op1 == 1) {
8585 /* (32 * 16) >> 16 */
8586 tmp = load_reg(s, rm);
8587 tmp2 = load_reg(s, rs);
8588 if (sh & 4)
8589 tcg_gen_sari_i32(tmp2, tmp2, 16);
8590 else
8591 gen_sxth(tmp2);
8592 tmp64 = gen_muls_i64_i32(tmp, tmp2);
8593 tcg_gen_shri_i64(tmp64, tmp64, 16);
8594 tmp = tcg_temp_new_i32();
8595 tcg_gen_extrl_i64_i32(tmp, tmp64);
8596 tcg_temp_free_i64(tmp64);
8597 if ((sh & 2) == 0) {
8598 tmp2 = load_reg(s, rn);
8599 gen_helper_add_setq(tmp, cpu_env, tmp, tmp2);
8600 tcg_temp_free_i32(tmp2);
8601 }
8602 store_reg(s, rd, tmp);
8603 } else {
8604 /* 16 * 16 */
8605 tmp = load_reg(s, rm);
8606 tmp2 = load_reg(s, rs);
8607 gen_mulxy(tmp, tmp2, sh & 2, sh & 4);
8608 tcg_temp_free_i32(tmp2);
8609 if (op1 == 2) {
8610 tmp64 = tcg_temp_new_i64();
8611 tcg_gen_ext_i32_i64(tmp64, tmp);
8612 tcg_temp_free_i32(tmp);
8613 gen_addq(s, tmp64, rn, rd);
8614 gen_storeq_reg(s, rn, rd, tmp64);
8615 tcg_temp_free_i64(tmp64);
8616 } else {
8617 if (op1 == 0) {
8618 tmp2 = load_reg(s, rn);
8619 gen_helper_add_setq(tmp, cpu_env, tmp, tmp2);
8620 tcg_temp_free_i32(tmp2);
8621 }
8622 store_reg(s, rd, tmp);
8623 }
8624 }
8625 break;
8626 default:
8627 goto illegal_op;
8628 }
8629 } else if (((insn & 0x0e000000) == 0 &&
8630 (insn & 0x00000090) != 0x90) ||
8631 ((insn & 0x0e000000) == (1 << 25))) {
8632 int set_cc, logic_cc, shiftop;
8633
8634 op1 = (insn >> 21) & 0xf;
8635 set_cc = (insn >> 20) & 1;
8636 logic_cc = table_logic_cc[op1] & set_cc;
8637
8638 /* data processing instruction */
8639 if (insn & (1 << 25)) {
8640 /* immediate operand */
8641 val = insn & 0xff;
8642 shift = ((insn >> 8) & 0xf) * 2;
8643 if (shift) {
8644 val = (val >> shift) | (val << (32 - shift));
8645 }
8646 tmp2 = tcg_temp_new_i32();
8647 tcg_gen_movi_i32(tmp2, val);
8648 if (logic_cc && shift) {
8649 gen_set_CF_bit31(tmp2);
8650 }
8651 } else {
8652 /* register */
8653 rm = (insn) & 0xf;
8654 tmp2 = load_reg(s, rm);
8655 shiftop = (insn >> 5) & 3;
8656 if (!(insn & (1 << 4))) {
8657 shift = (insn >> 7) & 0x1f;
8658 gen_arm_shift_im(tmp2, shiftop, shift, logic_cc);
8659 } else {
8660 rs = (insn >> 8) & 0xf;
8661 tmp = load_reg(s, rs);
8662 gen_arm_shift_reg(tmp2, shiftop, tmp, logic_cc);
8663 }
8664 }
8665 if (op1 != 0x0f && op1 != 0x0d) {
8666 rn = (insn >> 16) & 0xf;
8667 tmp = load_reg(s, rn);
8668 } else {
8669 tmp = NULL;
8670 }
8671 rd = (insn >> 12) & 0xf;
8672 switch(op1) {
8673 case 0x00:
8674 tcg_gen_and_i32(tmp, tmp, tmp2);
8675 if (logic_cc) {
8676 gen_logic_CC(tmp);
8677 }
8678 store_reg_bx(s, rd, tmp);
8679 break;
8680 case 0x01:
8681 tcg_gen_xor_i32(tmp, tmp, tmp2);
8682 if (logic_cc) {
8683 gen_logic_CC(tmp);
8684 }
8685 store_reg_bx(s, rd, tmp);
8686 break;
8687 case 0x02:
8688 if (set_cc && rd == 15) {
8689 /* SUBS r15, ... is used for exception return. */
8690 if (IS_USER(s)) {
8691 goto illegal_op;
8692 }
8693 gen_sub_CC(tmp, tmp, tmp2);
8694 gen_exception_return(s, tmp);
8695 } else {
8696 if (set_cc) {
8697 gen_sub_CC(tmp, tmp, tmp2);
8698 } else {
8699 tcg_gen_sub_i32(tmp, tmp, tmp2);
8700 }
8701 store_reg_bx(s, rd, tmp);
8702 }
8703 break;
8704 case 0x03:
8705 if (set_cc) {
8706 gen_sub_CC(tmp, tmp2, tmp);
8707 } else {
8708 tcg_gen_sub_i32(tmp, tmp2, tmp);
8709 }
8710 store_reg_bx(s, rd, tmp);
8711 break;
8712 case 0x04:
8713 if (set_cc) {
8714 gen_add_CC(tmp, tmp, tmp2);
8715 } else {
8716 tcg_gen_add_i32(tmp, tmp, tmp2);
8717 }
8718 store_reg_bx(s, rd, tmp);
8719 break;
8720 case 0x05:
8721 if (set_cc) {
8722 gen_adc_CC(tmp, tmp, tmp2);
8723 } else {
8724 gen_add_carry(tmp, tmp, tmp2);
8725 }
8726 store_reg_bx(s, rd, tmp);
8727 break;
8728 case 0x06:
8729 if (set_cc) {
8730 gen_sbc_CC(tmp, tmp, tmp2);
8731 } else {
8732 gen_sub_carry(tmp, tmp, tmp2);
8733 }
8734 store_reg_bx(s, rd, tmp);
8735 break;
8736 case 0x07:
8737 if (set_cc) {
8738 gen_sbc_CC(tmp, tmp2, tmp);
8739 } else {
8740 gen_sub_carry(tmp, tmp2, tmp);
8741 }
8742 store_reg_bx(s, rd, tmp);
8743 break;
8744 case 0x08:
8745 if (set_cc) {
8746 tcg_gen_and_i32(tmp, tmp, tmp2);
8747 gen_logic_CC(tmp);
8748 }
8749 tcg_temp_free_i32(tmp);
8750 break;
8751 case 0x09:
8752 if (set_cc) {
8753 tcg_gen_xor_i32(tmp, tmp, tmp2);
8754 gen_logic_CC(tmp);
8755 }
8756 tcg_temp_free_i32(tmp);
8757 break;
8758 case 0x0a:
8759 if (set_cc) {
8760 gen_sub_CC(tmp, tmp, tmp2);
8761 }
8762 tcg_temp_free_i32(tmp);
8763 break;
8764 case 0x0b:
8765 if (set_cc) {
8766 gen_add_CC(tmp, tmp, tmp2);
8767 }
8768 tcg_temp_free_i32(tmp);
8769 break;
8770 case 0x0c:
8771 tcg_gen_or_i32(tmp, tmp, tmp2);
8772 if (logic_cc) {
8773 gen_logic_CC(tmp);
8774 }
8775 store_reg_bx(s, rd, tmp);
8776 break;
8777 case 0x0d:
8778 if (logic_cc && rd == 15) {
8779 /* MOVS r15, ... is used for exception return. */
8780 if (IS_USER(s)) {
8781 goto illegal_op;
8782 }
8783 gen_exception_return(s, tmp2);
8784 } else {
8785 if (logic_cc) {
8786 gen_logic_CC(tmp2);
8787 }
8788 store_reg_bx(s, rd, tmp2);
8789 }
8790 break;
8791 case 0x0e:
8792 tcg_gen_andc_i32(tmp, tmp, tmp2);
8793 if (logic_cc) {
8794 gen_logic_CC(tmp);
8795 }
8796 store_reg_bx(s, rd, tmp);
8797 break;
8798 default:
8799 case 0x0f:
8800 tcg_gen_not_i32(tmp2, tmp2);
8801 if (logic_cc) {
8802 gen_logic_CC(tmp2);
8803 }
8804 store_reg_bx(s, rd, tmp2);
8805 break;
8806 }
8807 if (op1 != 0x0f && op1 != 0x0d) {
8808 tcg_temp_free_i32(tmp2);
8809 }
8810 } else {
8811 /* other instructions */
8812 op1 = (insn >> 24) & 0xf;
8813 switch(op1) {
8814 case 0x0:
8815 case 0x1:
8816 /* multiplies, extra load/stores */
8817 sh = (insn >> 5) & 3;
8818 if (sh == 0) {
8819 if (op1 == 0x0) {
8820 rd = (insn >> 16) & 0xf;
8821 rn = (insn >> 12) & 0xf;
8822 rs = (insn >> 8) & 0xf;
8823 rm = (insn) & 0xf;
8824 op1 = (insn >> 20) & 0xf;
8825 switch (op1) {
8826 case 0: case 1: case 2: case 3: case 6:
8827 /* 32 bit mul */
8828 tmp = load_reg(s, rs);
8829 tmp2 = load_reg(s, rm);
8830 tcg_gen_mul_i32(tmp, tmp, tmp2);
8831 tcg_temp_free_i32(tmp2);
8832 if (insn & (1 << 22)) {
8833 /* Subtract (mls) */
8834 ARCH(6T2);
8835 tmp2 = load_reg(s, rn);
8836 tcg_gen_sub_i32(tmp, tmp2, tmp);
8837 tcg_temp_free_i32(tmp2);
8838 } else if (insn & (1 << 21)) {
8839 /* Add */
8840 tmp2 = load_reg(s, rn);
8841 tcg_gen_add_i32(tmp, tmp, tmp2);
8842 tcg_temp_free_i32(tmp2);
8843 }
8844 if (insn & (1 << 20))
8845 gen_logic_CC(tmp);
8846 store_reg(s, rd, tmp);
8847 break;
8848 case 4:
8849 /* 64 bit mul double accumulate (UMAAL) */
8850 ARCH(6);
8851 tmp = load_reg(s, rs);
8852 tmp2 = load_reg(s, rm);
8853 tmp64 = gen_mulu_i64_i32(tmp, tmp2);
8854 gen_addq_lo(s, tmp64, rn);
8855 gen_addq_lo(s, tmp64, rd);
8856 gen_storeq_reg(s, rn, rd, tmp64);
8857 tcg_temp_free_i64(tmp64);
8858 break;
8859 case 8: case 9: case 10: case 11:
8860 case 12: case 13: case 14: case 15:
8861 /* 64 bit mul: UMULL, UMLAL, SMULL, SMLAL. */
8862 tmp = load_reg(s, rs);
8863 tmp2 = load_reg(s, rm);
8864 if (insn & (1 << 22)) {
8865 tcg_gen_muls2_i32(tmp, tmp2, tmp, tmp2);
8866 } else {
8867 tcg_gen_mulu2_i32(tmp, tmp2, tmp, tmp2);
8868 }
8869 if (insn & (1 << 21)) { /* mult accumulate */
8870 TCGv_i32 al = load_reg(s, rn);
8871 TCGv_i32 ah = load_reg(s, rd);
8872 tcg_gen_add2_i32(tmp, tmp2, tmp, tmp2, al, ah);
8873 tcg_temp_free_i32(al);
8874 tcg_temp_free_i32(ah);
8875 }
8876 if (insn & (1 << 20)) {
8877 gen_logicq_cc(tmp, tmp2);
8878 }
8879 store_reg(s, rn, tmp);
8880 store_reg(s, rd, tmp2);
8881 break;
8882 default:
8883 goto illegal_op;
8884 }
8885 } else {
8886 rn = (insn >> 16) & 0xf;
8887 rd = (insn >> 12) & 0xf;
8888 if (insn & (1 << 23)) {
8889 /* load/store exclusive */
8890 int op2 = (insn >> 8) & 3;
8891 op1 = (insn >> 21) & 0x3;
8892
8893 switch (op2) {
8894 case 0: /* lda/stl */
8895 if (op1 == 1) {
8896 goto illegal_op;
8897 }
8898 ARCH(8);
8899 break;
8900 case 1: /* reserved */
8901 goto illegal_op;
8902 case 2: /* ldaex/stlex */
8903 ARCH(8);
8904 break;
8905 case 3: /* ldrex/strex */
8906 if (op1) {
8907 ARCH(6K);
8908 } else {
8909 ARCH(6);
8910 }
8911 break;
8912 }
8913
8914 addr = tcg_temp_local_new_i32();
8915 load_reg_var(s, addr, rn);
8916
8917 /* Since the emulation does not have barriers,
8918 the acquire/release semantics need no special
8919 handling */
8920 if (op2 == 0) {
8921 if (insn & (1 << 20)) {
8922 tmp = tcg_temp_new_i32();
8923 switch (op1) {
8924 case 0: /* lda */
8925 gen_aa32_ld32u_iss(s, tmp, addr,
8926 get_mem_index(s),
8927 rd | ISSIsAcqRel);
8928 break;
8929 case 2: /* ldab */
8930 gen_aa32_ld8u_iss(s, tmp, addr,
8931 get_mem_index(s),
8932 rd | ISSIsAcqRel);
8933 break;
8934 case 3: /* ldah */
8935 gen_aa32_ld16u_iss(s, tmp, addr,
8936 get_mem_index(s),
8937 rd | ISSIsAcqRel);
8938 break;
8939 default:
8940 abort();
8941 }
8942 store_reg(s, rd, tmp);
8943 } else {
8944 rm = insn & 0xf;
8945 tmp = load_reg(s, rm);
8946 switch (op1) {
8947 case 0: /* stl */
8948 gen_aa32_st32_iss(s, tmp, addr,
8949 get_mem_index(s),
8950 rm | ISSIsAcqRel);
8951 break;
8952 case 2: /* stlb */
8953 gen_aa32_st8_iss(s, tmp, addr,
8954 get_mem_index(s),
8955 rm | ISSIsAcqRel);
8956 break;
8957 case 3: /* stlh */
8958 gen_aa32_st16_iss(s, tmp, addr,
8959 get_mem_index(s),
8960 rm | ISSIsAcqRel);
8961 break;
8962 default:
8963 abort();
8964 }
8965 tcg_temp_free_i32(tmp);
8966 }
8967 } else if (insn & (1 << 20)) {
8968 switch (op1) {
8969 case 0: /* ldrex */
8970 gen_load_exclusive(s, rd, 15, addr, 2);
8971 break;
8972 case 1: /* ldrexd */
8973 gen_load_exclusive(s, rd, rd + 1, addr, 3);
8974 break;
8975 case 2: /* ldrexb */
8976 gen_load_exclusive(s, rd, 15, addr, 0);
8977 break;
8978 case 3: /* ldrexh */
8979 gen_load_exclusive(s, rd, 15, addr, 1);
8980 break;
8981 default:
8982 abort();
8983 }
8984 } else {
8985 rm = insn & 0xf;
8986 switch (op1) {
8987 case 0: /* strex */
8988 gen_store_exclusive(s, rd, rm, 15, addr, 2);
8989 break;
8990 case 1: /* strexd */
8991 gen_store_exclusive(s, rd, rm, rm + 1, addr, 3);
8992 break;
8993 case 2: /* strexb */
8994 gen_store_exclusive(s, rd, rm, 15, addr, 0);
8995 break;
8996 case 3: /* strexh */
8997 gen_store_exclusive(s, rd, rm, 15, addr, 1);
8998 break;
8999 default:
9000 abort();
9001 }
9002 }
9003 tcg_temp_free_i32(addr);
9004 } else {
9005 TCGv taddr;
9006 TCGMemOp opc = s->be_data;
9007
9008 /* SWP instruction */
9009 rm = (insn) & 0xf;
9010
9011 if (insn & (1 << 22)) {
9012 opc |= MO_UB;
9013 } else {
9014 opc |= MO_UL | MO_ALIGN;
9015 }
9016
9017 addr = load_reg(s, rn);
9018 taddr = gen_aa32_addr(s, addr, opc);
9019 tcg_temp_free_i32(addr);
9020
9021 tmp = load_reg(s, rm);
9022 tcg_gen_atomic_xchg_i32(tmp, taddr, tmp,
9023 get_mem_index(s), opc);
9024 tcg_temp_free(taddr);
9025 store_reg(s, rd, tmp);
9026 }
9027 }
9028 } else {
9029 int address_offset;
9030 bool load = insn & (1 << 20);
9031 bool wbit = insn & (1 << 21);
9032 bool pbit = insn & (1 << 24);
9033 bool doubleword = false;
9034 ISSInfo issinfo;
9035
9036 /* Misc load/store */
9037 rn = (insn >> 16) & 0xf;
9038 rd = (insn >> 12) & 0xf;
9039
9040 /* ISS not valid if writeback */
9041 issinfo = (pbit & !wbit) ? rd : ISSInvalid;
9042
9043 if (!load && (sh & 2)) {
9044 /* doubleword */
9045 ARCH(5TE);
9046 if (rd & 1) {
9047 /* UNPREDICTABLE; we choose to UNDEF */
9048 goto illegal_op;
9049 }
9050 load = (sh & 1) == 0;
9051 doubleword = true;
9052 }
9053
9054 addr = load_reg(s, rn);
9055 if (pbit) {
9056 gen_add_datah_offset(s, insn, 0, addr);
9057 }
9058 address_offset = 0;
9059
9060 if (doubleword) {
9061 if (!load) {
9062 /* store */
9063 tmp = load_reg(s, rd);
9064 gen_aa32_st32(s, tmp, addr, get_mem_index(s));
9065 tcg_temp_free_i32(tmp);
9066 tcg_gen_addi_i32(addr, addr, 4);
9067 tmp = load_reg(s, rd + 1);
9068 gen_aa32_st32(s, tmp, addr, get_mem_index(s));
9069 tcg_temp_free_i32(tmp);
9070 } else {
9071 /* load */
9072 tmp = tcg_temp_new_i32();
9073 gen_aa32_ld32u(s, tmp, addr, get_mem_index(s));
9074 store_reg(s, rd, tmp);
9075 tcg_gen_addi_i32(addr, addr, 4);
9076 tmp = tcg_temp_new_i32();
9077 gen_aa32_ld32u(s, tmp, addr, get_mem_index(s));
9078 rd++;
9079 }
9080 address_offset = -4;
9081 } else if (load) {
9082 /* load */
9083 tmp = tcg_temp_new_i32();
9084 switch (sh) {
9085 case 1:
9086 gen_aa32_ld16u_iss(s, tmp, addr, get_mem_index(s),
9087 issinfo);
9088 break;
9089 case 2:
9090 gen_aa32_ld8s_iss(s, tmp, addr, get_mem_index(s),
9091 issinfo);
9092 break;
9093 default:
9094 case 3:
9095 gen_aa32_ld16s_iss(s, tmp, addr, get_mem_index(s),
9096 issinfo);
9097 break;
9098 }
9099 } else {
9100 /* store */
9101 tmp = load_reg(s, rd);
9102 gen_aa32_st16_iss(s, tmp, addr, get_mem_index(s), issinfo);
9103 tcg_temp_free_i32(tmp);
9104 }
9105 /* Perform base writeback before the loaded value to
9106 ensure correct behavior with overlapping index registers.
9107 ldrd with base writeback is undefined if the
9108 destination and index registers overlap. */
9109 if (!pbit) {
9110 gen_add_datah_offset(s, insn, address_offset, addr);
9111 store_reg(s, rn, addr);
9112 } else if (wbit) {
9113 if (address_offset)
9114 tcg_gen_addi_i32(addr, addr, address_offset);
9115 store_reg(s, rn, addr);
9116 } else {
9117 tcg_temp_free_i32(addr);
9118 }
9119 if (load) {
9120 /* Complete the load. */
9121 store_reg(s, rd, tmp);
9122 }
9123 }
9124 break;
9125 case 0x4:
9126 case 0x5:
9127 goto do_ldst;
9128 case 0x6:
9129 case 0x7:
9130 if (insn & (1 << 4)) {
9131 ARCH(6);
9132 /* Armv6 Media instructions. */
9133 rm = insn & 0xf;
9134 rn = (insn >> 16) & 0xf;
9135 rd = (insn >> 12) & 0xf;
9136 rs = (insn >> 8) & 0xf;
9137 switch ((insn >> 23) & 3) {
9138 case 0: /* Parallel add/subtract. */
9139 op1 = (insn >> 20) & 7;
9140 tmp = load_reg(s, rn);
9141 tmp2 = load_reg(s, rm);
9142 sh = (insn >> 5) & 7;
9143 if ((op1 & 3) == 0 || sh == 5 || sh == 6)
9144 goto illegal_op;
9145 gen_arm_parallel_addsub(op1, sh, tmp, tmp2);
9146 tcg_temp_free_i32(tmp2);
9147 store_reg(s, rd, tmp);
9148 break;
9149 case 1:
9150 if ((insn & 0x00700020) == 0) {
9151 /* Halfword pack. */
9152 tmp = load_reg(s, rn);
9153 tmp2 = load_reg(s, rm);
9154 shift = (insn >> 7) & 0x1f;
9155 if (insn & (1 << 6)) {
9156 /* pkhtb */
9157 if (shift == 0)
9158 shift = 31;
9159 tcg_gen_sari_i32(tmp2, tmp2, shift);
9160 tcg_gen_andi_i32(tmp, tmp, 0xffff0000);
9161 tcg_gen_ext16u_i32(tmp2, tmp2);
9162 } else {
9163 /* pkhbt */
9164 if (shift)
9165 tcg_gen_shli_i32(tmp2, tmp2, shift);
9166 tcg_gen_ext16u_i32(tmp, tmp);
9167 tcg_gen_andi_i32(tmp2, tmp2, 0xffff0000);
9168 }
9169 tcg_gen_or_i32(tmp, tmp, tmp2);
9170 tcg_temp_free_i32(tmp2);
9171 store_reg(s, rd, tmp);
9172 } else if ((insn & 0x00200020) == 0x00200000) {
9173 /* [us]sat */
9174 tmp = load_reg(s, rm);
9175 shift = (insn >> 7) & 0x1f;
9176 if (insn & (1 << 6)) {
9177 if (shift == 0)
9178 shift = 31;
9179 tcg_gen_sari_i32(tmp, tmp, shift);
9180 } else {
9181 tcg_gen_shli_i32(tmp, tmp, shift);
9182 }
9183 sh = (insn >> 16) & 0x1f;
9184 tmp2 = tcg_const_i32(sh);
9185 if (insn & (1 << 22))
9186 gen_helper_usat(tmp, cpu_env, tmp, tmp2);
9187 else
9188 gen_helper_ssat(tmp, cpu_env, tmp, tmp2);
9189 tcg_temp_free_i32(tmp2);
9190 store_reg(s, rd, tmp);
9191 } else if ((insn & 0x00300fe0) == 0x00200f20) {
9192 /* [us]sat16 */
9193 tmp = load_reg(s, rm);
9194 sh = (insn >> 16) & 0x1f;
9195 tmp2 = tcg_const_i32(sh);
9196 if (insn & (1 << 22))
9197 gen_helper_usat16(tmp, cpu_env, tmp, tmp2);
9198 else
9199 gen_helper_ssat16(tmp, cpu_env, tmp, tmp2);
9200 tcg_temp_free_i32(tmp2);
9201 store_reg(s, rd, tmp);
9202 } else if ((insn & 0x00700fe0) == 0x00000fa0) {
9203 /* Select bytes. */
9204 tmp = load_reg(s, rn);
9205 tmp2 = load_reg(s, rm);
9206 tmp3 = tcg_temp_new_i32();
9207 tcg_gen_ld_i32(tmp3, cpu_env, offsetof(CPUARMState, GE));
9208 gen_helper_sel_flags(tmp, tmp3, tmp, tmp2);
9209 tcg_temp_free_i32(tmp3);
9210 tcg_temp_free_i32(tmp2);
9211 store_reg(s, rd, tmp);
9212 } else if ((insn & 0x000003e0) == 0x00000060) {
9213 tmp = load_reg(s, rm);
9214 shift = (insn >> 10) & 3;
9215 /* ??? In many cases it's not necessary to do a
9216 rotate, a shift is sufficient. */
9217 if (shift != 0)
9218 tcg_gen_rotri_i32(tmp, tmp, shift * 8);
9219 op1 = (insn >> 20) & 7;
9220 switch (op1) {
9221 case 0: gen_sxtb16(tmp); break;
9222 case 2: gen_sxtb(tmp); break;
9223 case 3: gen_sxth(tmp); break;
9224 case 4: gen_uxtb16(tmp); break;
9225 case 6: gen_uxtb(tmp); break;
9226 case 7: gen_uxth(tmp); break;
9227 default: goto illegal_op;
9228 }
9229 if (rn != 15) {
9230 tmp2 = load_reg(s, rn);
9231 if ((op1 & 3) == 0) {
9232 gen_add16(tmp, tmp2);
9233 } else {
9234 tcg_gen_add_i32(tmp, tmp, tmp2);
9235 tcg_temp_free_i32(tmp2);
9236 }
9237 }
9238 store_reg(s, rd, tmp);
9239 } else if ((insn & 0x003f0f60) == 0x003f0f20) {
9240 /* rev */
9241 tmp = load_reg(s, rm);
9242 if (insn & (1 << 22)) {
9243 if (insn & (1 << 7)) {
9244 gen_revsh(tmp);
9245 } else {
9246 ARCH(6T2);
9247 gen_helper_rbit(tmp, tmp);
9248 }
9249 } else {
9250 if (insn & (1 << 7))
9251 gen_rev16(tmp);
9252 else
9253 tcg_gen_bswap32_i32(tmp, tmp);
9254 }
9255 store_reg(s, rd, tmp);
9256 } else {
9257 goto illegal_op;
9258 }
9259 break;
9260 case 2: /* Multiplies (Type 3). */
9261 switch ((insn >> 20) & 0x7) {
9262 case 5:
9263 if (((insn >> 6) ^ (insn >> 7)) & 1) {
9264 /* op2 not 00x or 11x : UNDEF */
9265 goto illegal_op;
9266 }
9267 /* Signed multiply most significant [accumulate].
9268 (SMMUL, SMMLA, SMMLS) */
9269 tmp = load_reg(s, rm);
9270 tmp2 = load_reg(s, rs);
9271 tmp64 = gen_muls_i64_i32(tmp, tmp2);
9272
9273 if (rd != 15) {
9274 tmp = load_reg(s, rd);
9275 if (insn & (1 << 6)) {
9276 tmp64 = gen_subq_msw(tmp64, tmp);
9277 } else {
9278 tmp64 = gen_addq_msw(tmp64, tmp);
9279 }
9280 }
9281 if (insn & (1 << 5)) {
9282 tcg_gen_addi_i64(tmp64, tmp64, 0x80000000u);
9283 }
9284 tcg_gen_shri_i64(tmp64, tmp64, 32);
9285 tmp = tcg_temp_new_i32();
9286 tcg_gen_extrl_i64_i32(tmp, tmp64);
9287 tcg_temp_free_i64(tmp64);
9288 store_reg(s, rn, tmp);
9289 break;
9290 case 0:
9291 case 4:
9292 /* SMLAD, SMUAD, SMLSD, SMUSD, SMLALD, SMLSLD */
9293 if (insn & (1 << 7)) {
9294 goto illegal_op;
9295 }
9296 tmp = load_reg(s, rm);
9297 tmp2 = load_reg(s, rs);
9298 if (insn & (1 << 5))
9299 gen_swap_half(tmp2);
9300 gen_smul_dual(tmp, tmp2);
9301 if (insn & (1 << 22)) {
9302 /* smlald, smlsld */
9303 TCGv_i64 tmp64_2;
9304
9305 tmp64 = tcg_temp_new_i64();
9306 tmp64_2 = tcg_temp_new_i64();
9307 tcg_gen_ext_i32_i64(tmp64, tmp);
9308 tcg_gen_ext_i32_i64(tmp64_2, tmp2);
9309 tcg_temp_free_i32(tmp);
9310 tcg_temp_free_i32(tmp2);
9311 if (insn & (1 << 6)) {
9312 tcg_gen_sub_i64(tmp64, tmp64, tmp64_2);
9313 } else {
9314 tcg_gen_add_i64(tmp64, tmp64, tmp64_2);
9315 }
9316 tcg_temp_free_i64(tmp64_2);
9317 gen_addq(s, tmp64, rd, rn);
9318 gen_storeq_reg(s, rd, rn, tmp64);
9319 tcg_temp_free_i64(tmp64);
9320 } else {
9321 /* smuad, smusd, smlad, smlsd */
9322 if (insn & (1 << 6)) {
9323 /* This subtraction cannot overflow. */
9324 tcg_gen_sub_i32(tmp, tmp, tmp2);
9325 } else {
9326 /* This addition cannot overflow 32 bits;
9327 * however it may overflow considered as a
9328 * signed operation, in which case we must set
9329 * the Q flag.
9330 */
9331 gen_helper_add_setq(tmp, cpu_env, tmp, tmp2);
9332 }
9333 tcg_temp_free_i32(tmp2);
9334 if (rd != 15)
9335 {
9336 tmp2 = load_reg(s, rd);
9337 gen_helper_add_setq(tmp, cpu_env, tmp, tmp2);
9338 tcg_temp_free_i32(tmp2);
9339 }
9340 store_reg(s, rn, tmp);
9341 }
9342 break;
9343 case 1:
9344 case 3:
9345 /* SDIV, UDIV */
9346 if (!arm_dc_feature(s, ARM_FEATURE_ARM_DIV)) {
9347 goto illegal_op;
9348 }
9349 if (((insn >> 5) & 7) || (rd != 15)) {
9350 goto illegal_op;
9351 }
9352 tmp = load_reg(s, rm);
9353 tmp2 = load_reg(s, rs);
9354 if (insn & (1 << 21)) {
9355 gen_helper_udiv(tmp, tmp, tmp2);
9356 } else {
9357 gen_helper_sdiv(tmp, tmp, tmp2);
9358 }
9359 tcg_temp_free_i32(tmp2);
9360 store_reg(s, rn, tmp);
9361 break;
9362 default:
9363 goto illegal_op;
9364 }
9365 break;
9366 case 3:
9367 op1 = ((insn >> 17) & 0x38) | ((insn >> 5) & 7);
9368 switch (op1) {
9369 case 0: /* Unsigned sum of absolute differences. */
9370 ARCH(6);
9371 tmp = load_reg(s, rm);
9372 tmp2 = load_reg(s, rs);
9373 gen_helper_usad8(tmp, tmp, tmp2);
9374 tcg_temp_free_i32(tmp2);
9375 if (rd != 15) {
9376 tmp2 = load_reg(s, rd);
9377 tcg_gen_add_i32(tmp, tmp, tmp2);
9378 tcg_temp_free_i32(tmp2);
9379 }
9380 store_reg(s, rn, tmp);
9381 break;
9382 case 0x20: case 0x24: case 0x28: case 0x2c:
9383 /* Bitfield insert/clear. */
9384 ARCH(6T2);
9385 shift = (insn >> 7) & 0x1f;
9386 i = (insn >> 16) & 0x1f;
9387 if (i < shift) {
9388 /* UNPREDICTABLE; we choose to UNDEF */
9389 goto illegal_op;
9390 }
9391 i = i + 1 - shift;
9392 if (rm == 15) {
9393 tmp = tcg_temp_new_i32();
9394 tcg_gen_movi_i32(tmp, 0);
9395 } else {
9396 tmp = load_reg(s, rm);
9397 }
9398 if (i != 32) {
9399 tmp2 = load_reg(s, rd);
9400 tcg_gen_deposit_i32(tmp, tmp2, tmp, shift, i);
9401 tcg_temp_free_i32(tmp2);
9402 }
9403 store_reg(s, rd, tmp);
9404 break;
9405 case 0x12: case 0x16: case 0x1a: case 0x1e: /* sbfx */
9406 case 0x32: case 0x36: case 0x3a: case 0x3e: /* ubfx */
9407 ARCH(6T2);
9408 tmp = load_reg(s, rm);
9409 shift = (insn >> 7) & 0x1f;
9410 i = ((insn >> 16) & 0x1f) + 1;
9411 if (shift + i > 32)
9412 goto illegal_op;
9413 if (i < 32) {
9414 if (op1 & 0x20) {
9415 tcg_gen_extract_i32(tmp, tmp, shift, i);
9416 } else {
9417 tcg_gen_sextract_i32(tmp, tmp, shift, i);
9418 }
9419 }
9420 store_reg(s, rd, tmp);
9421 break;
9422 default:
9423 goto illegal_op;
9424 }
9425 break;
9426 }
9427 break;
9428 }
9429 do_ldst:
9430 /* Check for undefined extension instructions
9431 * per the ARM Bible IE:
9432 * xxxx 0111 1111 xxxx xxxx xxxx 1111 xxxx
9433 */
9434 sh = (0xf << 20) | (0xf << 4);
9435 if (op1 == 0x7 && ((insn & sh) == sh))
9436 {
9437 goto illegal_op;
9438 }
9439 /* load/store byte/word */
9440 rn = (insn >> 16) & 0xf;
9441 rd = (insn >> 12) & 0xf;
9442 tmp2 = load_reg(s, rn);
9443 if ((insn & 0x01200000) == 0x00200000) {
9444 /* ldrt/strt */
9445 i = get_a32_user_mem_index(s);
9446 } else {
9447 i = get_mem_index(s);
9448 }
9449 if (insn & (1 << 24))
9450 gen_add_data_offset(s, insn, tmp2);
9451 if (insn & (1 << 20)) {
9452 /* load */
9453 tmp = tcg_temp_new_i32();
9454 if (insn & (1 << 22)) {
9455 gen_aa32_ld8u_iss(s, tmp, tmp2, i, rd);
9456 } else {
9457 gen_aa32_ld32u_iss(s, tmp, tmp2, i, rd);
9458 }
9459 } else {
9460 /* store */
9461 tmp = load_reg(s, rd);
9462 if (insn & (1 << 22)) {
9463 gen_aa32_st8_iss(s, tmp, tmp2, i, rd);
9464 } else {
9465 gen_aa32_st32_iss(s, tmp, tmp2, i, rd);
9466 }
9467 tcg_temp_free_i32(tmp);
9468 }
9469 if (!(insn & (1 << 24))) {
9470 gen_add_data_offset(s, insn, tmp2);
9471 store_reg(s, rn, tmp2);
9472 } else if (insn & (1 << 21)) {
9473 store_reg(s, rn, tmp2);
9474 } else {
9475 tcg_temp_free_i32(tmp2);
9476 }
9477 if (insn & (1 << 20)) {
9478 /* Complete the load. */
9479 store_reg_from_load(s, rd, tmp);
9480 }
9481 break;
9482 case 0x08:
9483 case 0x09:
9484 {
9485 int j, n, loaded_base;
9486 bool exc_return = false;
9487 bool is_load = extract32(insn, 20, 1);
9488 bool user = false;
9489 TCGv_i32 loaded_var;
9490 /* load/store multiple words */
9491 /* XXX: store correct base if write back */
9492 if (insn & (1 << 22)) {
9493 /* LDM (user), LDM (exception return) and STM (user) */
9494 if (IS_USER(s))
9495 goto illegal_op; /* only usable in supervisor mode */
9496
9497 if (is_load && extract32(insn, 15, 1)) {
9498 exc_return = true;
9499 } else {
9500 user = true;
9501 }
9502 }
9503 rn = (insn >> 16) & 0xf;
9504 addr = load_reg(s, rn);
9505
9506 /* compute total size */
9507 loaded_base = 0;
9508 loaded_var = NULL;
9509 n = 0;
9510 for(i=0;i<16;i++) {
9511 if (insn & (1 << i))
9512 n++;
9513 }
9514 /* XXX: test invalid n == 0 case ? */
9515 if (insn & (1 << 23)) {
9516 if (insn & (1 << 24)) {
9517 /* pre increment */
9518 tcg_gen_addi_i32(addr, addr, 4);
9519 } else {
9520 /* post increment */
9521 }
9522 } else {
9523 if (insn & (1 << 24)) {
9524 /* pre decrement */
9525 tcg_gen_addi_i32(addr, addr, -(n * 4));
9526 } else {
9527 /* post decrement */
9528 if (n != 1)
9529 tcg_gen_addi_i32(addr, addr, -((n - 1) * 4));
9530 }
9531 }
9532 j = 0;
9533 for(i=0;i<16;i++) {
9534 if (insn & (1 << i)) {
9535 if (is_load) {
9536 /* load */
9537 tmp = tcg_temp_new_i32();
9538 gen_aa32_ld32u(s, tmp, addr, get_mem_index(s));
9539 if (user) {
9540 tmp2 = tcg_const_i32(i);
9541 gen_helper_set_user_reg(cpu_env, tmp2, tmp);
9542 tcg_temp_free_i32(tmp2);
9543 tcg_temp_free_i32(tmp);
9544 } else if (i == rn) {
9545 loaded_var = tmp;
9546 loaded_base = 1;
9547 } else if (rn == 15 && exc_return) {
9548 store_pc_exc_ret(s, tmp);
9549 } else {
9550 store_reg_from_load(s, i, tmp);
9551 }
9552 } else {
9553 /* store */
9554 if (i == 15) {
9555 /* special case: r15 = PC + 8 */
9556 val = (long)s->pc + 4;
9557 tmp = tcg_temp_new_i32();
9558 tcg_gen_movi_i32(tmp, val);
9559 } else if (user) {
9560 tmp = tcg_temp_new_i32();
9561 tmp2 = tcg_const_i32(i);
9562 gen_helper_get_user_reg(tmp, cpu_env, tmp2);
9563 tcg_temp_free_i32(tmp2);
9564 } else {
9565 tmp = load_reg(s, i);
9566 }
9567 gen_aa32_st32(s, tmp, addr, get_mem_index(s));
9568 tcg_temp_free_i32(tmp);
9569 }
9570 j++;
9571 /* no need to add after the last transfer */
9572 if (j != n)
9573 tcg_gen_addi_i32(addr, addr, 4);
9574 }
9575 }
9576 if (insn & (1 << 21)) {
9577 /* write back */
9578 if (insn & (1 << 23)) {
9579 if (insn & (1 << 24)) {
9580 /* pre increment */
9581 } else {
9582 /* post increment */
9583 tcg_gen_addi_i32(addr, addr, 4);
9584 }
9585 } else {
9586 if (insn & (1 << 24)) {
9587 /* pre decrement */
9588 if (n != 1)
9589 tcg_gen_addi_i32(addr, addr, -((n - 1) * 4));
9590 } else {
9591 /* post decrement */
9592 tcg_gen_addi_i32(addr, addr, -(n * 4));
9593 }
9594 }
9595 store_reg(s, rn, addr);
9596 } else {
9597 tcg_temp_free_i32(addr);
9598 }
9599 if (loaded_base) {
9600 store_reg(s, rn, loaded_var);
9601 }
9602 if (exc_return) {
9603 /* Restore CPSR from SPSR. */
9604 tmp = load_cpu_field(spsr);
9605 gen_helper_cpsr_write_eret(cpu_env, tmp);
9606 tcg_temp_free_i32(tmp);
9607 /* Must exit loop to check un-masked IRQs */
9608 s->base.is_jmp = DISAS_EXIT;
9609 }
9610 }
9611 break;
9612 case 0xa:
9613 case 0xb:
9614 {
9615 int32_t offset;
9616
9617 /* branch (and link) */
9618 val = (int32_t)s->pc;
9619 if (insn & (1 << 24)) {
9620 tmp = tcg_temp_new_i32();
9621 tcg_gen_movi_i32(tmp, val);
9622 store_reg(s, 14, tmp);
9623 }
9624 offset = sextract32(insn << 2, 0, 26);
9625 val += offset + 4;
9626 gen_jmp(s, val);
9627 }
9628 break;
9629 case 0xc:
9630 case 0xd:
9631 case 0xe:
9632 if (((insn >> 8) & 0xe) == 10) {
9633 /* VFP. */
9634 if (disas_vfp_insn(s, insn)) {
9635 goto illegal_op;
9636 }
9637 } else if (disas_coproc_insn(s, insn)) {
9638 /* Coprocessor. */
9639 goto illegal_op;
9640 }
9641 break;
9642 case 0xf:
9643 /* swi */
9644 gen_set_pc_im(s, s->pc);
9645 s->svc_imm = extract32(insn, 0, 24);
9646 s->base.is_jmp = DISAS_SWI;
9647 break;
9648 default:
9649 illegal_op:
9650 gen_exception_insn(s, 4, EXCP_UDEF, syn_uncategorized(),
9651 default_exception_el(s));
9652 break;
9653 }
9654 }
9655 }
9656
9657 static bool thumb_insn_is_16bit(DisasContext *s, uint32_t insn)
9658 {
9659 /* Return true if this is a 16 bit instruction. We must be precise
9660 * about this (matching the decode). We assume that s->pc still
9661 * points to the first 16 bits of the insn.
9662 */
9663 if ((insn >> 11) < 0x1d) {
9664 /* Definitely a 16-bit instruction */
9665 return true;
9666 }
9667
9668 /* Top five bits 0b11101 / 0b11110 / 0b11111 : this is the
9669 * first half of a 32-bit Thumb insn. Thumb-1 cores might
9670 * end up actually treating this as two 16-bit insns, though,
9671 * if it's half of a bl/blx pair that might span a page boundary.
9672 */
9673 if (arm_dc_feature(s, ARM_FEATURE_THUMB2)) {
9674 /* Thumb2 cores (including all M profile ones) always treat
9675 * 32-bit insns as 32-bit.
9676 */
9677 return false;
9678 }
9679
9680 if ((insn >> 11) == 0x1e && (s->pc < s->next_page_start - 3)) {
9681 /* 0b1111_0xxx_xxxx_xxxx : BL/BLX prefix, and the suffix
9682 * is not on the next page; we merge this into a 32-bit
9683 * insn.
9684 */
9685 return false;
9686 }
9687 /* 0b1110_1xxx_xxxx_xxxx : BLX suffix (or UNDEF);
9688 * 0b1111_1xxx_xxxx_xxxx : BL suffix;
9689 * 0b1111_0xxx_xxxx_xxxx : BL/BLX prefix on the end of a page
9690 * -- handle as single 16 bit insn
9691 */
9692 return true;
9693 }
9694
9695 /* Return true if this is a Thumb-2 logical op. */
9696 static int
9697 thumb2_logic_op(int op)
9698 {
9699 return (op < 8);
9700 }
9701
9702 /* Generate code for a Thumb-2 data processing operation. If CONDS is nonzero
9703 then set condition code flags based on the result of the operation.
9704 If SHIFTER_OUT is nonzero then set the carry flag for logical operations
9705 to the high bit of T1.
9706 Returns zero if the opcode is valid. */
9707
9708 static int
9709 gen_thumb2_data_op(DisasContext *s, int op, int conds, uint32_t shifter_out,
9710 TCGv_i32 t0, TCGv_i32 t1)
9711 {
9712 int logic_cc;
9713
9714 logic_cc = 0;
9715 switch (op) {
9716 case 0: /* and */
9717 tcg_gen_and_i32(t0, t0, t1);
9718 logic_cc = conds;
9719 break;
9720 case 1: /* bic */
9721 tcg_gen_andc_i32(t0, t0, t1);
9722 logic_cc = conds;
9723 break;
9724 case 2: /* orr */
9725 tcg_gen_or_i32(t0, t0, t1);
9726 logic_cc = conds;
9727 break;
9728 case 3: /* orn */
9729 tcg_gen_orc_i32(t0, t0, t1);
9730 logic_cc = conds;
9731 break;
9732 case 4: /* eor */
9733 tcg_gen_xor_i32(t0, t0, t1);
9734 logic_cc = conds;
9735 break;
9736 case 8: /* add */
9737 if (conds)
9738 gen_add_CC(t0, t0, t1);
9739 else
9740 tcg_gen_add_i32(t0, t0, t1);
9741 break;
9742 case 10: /* adc */
9743 if (conds)
9744 gen_adc_CC(t0, t0, t1);
9745 else
9746 gen_adc(t0, t1);
9747 break;
9748 case 11: /* sbc */
9749 if (conds) {
9750 gen_sbc_CC(t0, t0, t1);
9751 } else {
9752 gen_sub_carry(t0, t0, t1);
9753 }
9754 break;
9755 case 13: /* sub */
9756 if (conds)
9757 gen_sub_CC(t0, t0, t1);
9758 else
9759 tcg_gen_sub_i32(t0, t0, t1);
9760 break;
9761 case 14: /* rsb */
9762 if (conds)
9763 gen_sub_CC(t0, t1, t0);
9764 else
9765 tcg_gen_sub_i32(t0, t1, t0);
9766 break;
9767 default: /* 5, 6, 7, 9, 12, 15. */
9768 return 1;
9769 }
9770 if (logic_cc) {
9771 gen_logic_CC(t0);
9772 if (shifter_out)
9773 gen_set_CF_bit31(t1);
9774 }
9775 return 0;
9776 }
9777
9778 /* Translate a 32-bit thumb instruction. */
9779 static void disas_thumb2_insn(DisasContext *s, uint32_t insn)
9780 {
9781 uint32_t imm, shift, offset;
9782 uint32_t rd, rn, rm, rs;
9783 TCGv_i32 tmp;
9784 TCGv_i32 tmp2;
9785 TCGv_i32 tmp3;
9786 TCGv_i32 addr;
9787 TCGv_i64 tmp64;
9788 int op;
9789 int shiftop;
9790 int conds;
9791 int logic_cc;
9792
9793 /* The only 32 bit insn that's allowed for Thumb1 is the combined
9794 * BL/BLX prefix and suffix.
9795 */
9796 if ((insn & 0xf800e800) != 0xf000e800) {
9797 ARCH(6T2);
9798 }
9799
9800 rn = (insn >> 16) & 0xf;
9801 rs = (insn >> 12) & 0xf;
9802 rd = (insn >> 8) & 0xf;
9803 rm = insn & 0xf;
9804 switch ((insn >> 25) & 0xf) {
9805 case 0: case 1: case 2: case 3:
9806 /* 16-bit instructions. Should never happen. */
9807 abort();
9808 case 4:
9809 if (insn & (1 << 22)) {
9810 /* 0b1110_100x_x1xx_xxxx_xxxx_xxxx_xxxx_xxxx
9811 * - load/store doubleword, load/store exclusive, ldacq/strel,
9812 * table branch, TT.
9813 */
9814 if (insn == 0xe97fe97f && arm_dc_feature(s, ARM_FEATURE_M) &&
9815 arm_dc_feature(s, ARM_FEATURE_V8)) {
9816 /* 0b1110_1001_0111_1111_1110_1001_0111_111
9817 * - SG (v8M only)
9818 * The bulk of the behaviour for this instruction is implemented
9819 * in v7m_handle_execute_nsc(), which deals with the insn when
9820 * it is executed by a CPU in non-secure state from memory
9821 * which is Secure & NonSecure-Callable.
9822 * Here we only need to handle the remaining cases:
9823 * * in NS memory (including the "security extension not
9824 * implemented" case) : NOP
9825 * * in S memory but CPU already secure (clear IT bits)
9826 * We know that the attribute for the memory this insn is
9827 * in must match the current CPU state, because otherwise
9828 * get_phys_addr_pmsav8 would have generated an exception.
9829 */
9830 if (s->v8m_secure) {
9831 /* Like the IT insn, we don't need to generate any code */
9832 s->condexec_cond = 0;
9833 s->condexec_mask = 0;
9834 }
9835 } else if (insn & 0x01200000) {
9836 /* 0b1110_1000_x11x_xxxx_xxxx_xxxx_xxxx_xxxx
9837 * - load/store dual (post-indexed)
9838 * 0b1111_1001_x10x_xxxx_xxxx_xxxx_xxxx_xxxx
9839 * - load/store dual (literal and immediate)
9840 * 0b1111_1001_x11x_xxxx_xxxx_xxxx_xxxx_xxxx
9841 * - load/store dual (pre-indexed)
9842 */
9843 if (rn == 15) {
9844 if (insn & (1 << 21)) {
9845 /* UNPREDICTABLE */
9846 goto illegal_op;
9847 }
9848 addr = tcg_temp_new_i32();
9849 tcg_gen_movi_i32(addr, s->pc & ~3);
9850 } else {
9851 addr = load_reg(s, rn);
9852 }
9853 offset = (insn & 0xff) * 4;
9854 if ((insn & (1 << 23)) == 0)
9855 offset = -offset;
9856 if (insn & (1 << 24)) {
9857 tcg_gen_addi_i32(addr, addr, offset);
9858 offset = 0;
9859 }
9860 if (insn & (1 << 20)) {
9861 /* ldrd */
9862 tmp = tcg_temp_new_i32();
9863 gen_aa32_ld32u(s, tmp, addr, get_mem_index(s));
9864 store_reg(s, rs, tmp);
9865 tcg_gen_addi_i32(addr, addr, 4);
9866 tmp = tcg_temp_new_i32();
9867 gen_aa32_ld32u(s, tmp, addr, get_mem_index(s));
9868 store_reg(s, rd, tmp);
9869 } else {
9870 /* strd */
9871 tmp = load_reg(s, rs);
9872 gen_aa32_st32(s, tmp, addr, get_mem_index(s));
9873 tcg_temp_free_i32(tmp);
9874 tcg_gen_addi_i32(addr, addr, 4);
9875 tmp = load_reg(s, rd);
9876 gen_aa32_st32(s, tmp, addr, get_mem_index(s));
9877 tcg_temp_free_i32(tmp);
9878 }
9879 if (insn & (1 << 21)) {
9880 /* Base writeback. */
9881 tcg_gen_addi_i32(addr, addr, offset - 4);
9882 store_reg(s, rn, addr);
9883 } else {
9884 tcg_temp_free_i32(addr);
9885 }
9886 } else if ((insn & (1 << 23)) == 0) {
9887 /* 0b1110_1000_010x_xxxx_xxxx_xxxx_xxxx_xxxx
9888 * - load/store exclusive word
9889 * - TT (v8M only)
9890 */
9891 if (rs == 15) {
9892 if (!(insn & (1 << 20)) &&
9893 arm_dc_feature(s, ARM_FEATURE_M) &&
9894 arm_dc_feature(s, ARM_FEATURE_V8)) {
9895 /* 0b1110_1000_0100_xxxx_1111_xxxx_xxxx_xxxx
9896 * - TT (v8M only)
9897 */
9898 bool alt = insn & (1 << 7);
9899 TCGv_i32 addr, op, ttresp;
9900
9901 if ((insn & 0x3f) || rd == 13 || rd == 15 || rn == 15) {
9902 /* we UNDEF for these UNPREDICTABLE cases */
9903 goto illegal_op;
9904 }
9905
9906 if (alt && !s->v8m_secure) {
9907 goto illegal_op;
9908 }
9909
9910 addr = load_reg(s, rn);
9911 op = tcg_const_i32(extract32(insn, 6, 2));
9912 ttresp = tcg_temp_new_i32();
9913 gen_helper_v7m_tt(ttresp, cpu_env, addr, op);
9914 tcg_temp_free_i32(addr);
9915 tcg_temp_free_i32(op);
9916 store_reg(s, rd, ttresp);
9917 }
9918 goto illegal_op;
9919 }
9920 addr = tcg_temp_local_new_i32();
9921 load_reg_var(s, addr, rn);
9922 tcg_gen_addi_i32(addr, addr, (insn & 0xff) << 2);
9923 if (insn & (1 << 20)) {
9924 gen_load_exclusive(s, rs, 15, addr, 2);
9925 } else {
9926 gen_store_exclusive(s, rd, rs, 15, addr, 2);
9927 }
9928 tcg_temp_free_i32(addr);
9929 } else if ((insn & (7 << 5)) == 0) {
9930 /* Table Branch. */
9931 if (rn == 15) {
9932 addr = tcg_temp_new_i32();
9933 tcg_gen_movi_i32(addr, s->pc);
9934 } else {
9935 addr = load_reg(s, rn);
9936 }
9937 tmp = load_reg(s, rm);
9938 tcg_gen_add_i32(addr, addr, tmp);
9939 if (insn & (1 << 4)) {
9940 /* tbh */
9941 tcg_gen_add_i32(addr, addr, tmp);
9942 tcg_temp_free_i32(tmp);
9943 tmp = tcg_temp_new_i32();
9944 gen_aa32_ld16u(s, tmp, addr, get_mem_index(s));
9945 } else { /* tbb */
9946 tcg_temp_free_i32(tmp);
9947 tmp = tcg_temp_new_i32();
9948 gen_aa32_ld8u(s, tmp, addr, get_mem_index(s));
9949 }
9950 tcg_temp_free_i32(addr);
9951 tcg_gen_shli_i32(tmp, tmp, 1);
9952 tcg_gen_addi_i32(tmp, tmp, s->pc);
9953 store_reg(s, 15, tmp);
9954 } else {
9955 int op2 = (insn >> 6) & 0x3;
9956 op = (insn >> 4) & 0x3;
9957 switch (op2) {
9958 case 0:
9959 goto illegal_op;
9960 case 1:
9961 /* Load/store exclusive byte/halfword/doubleword */
9962 if (op == 2) {
9963 goto illegal_op;
9964 }
9965 ARCH(7);
9966 break;
9967 case 2:
9968 /* Load-acquire/store-release */
9969 if (op == 3) {
9970 goto illegal_op;
9971 }
9972 /* Fall through */
9973 case 3:
9974 /* Load-acquire/store-release exclusive */
9975 ARCH(8);
9976 break;
9977 }
9978 addr = tcg_temp_local_new_i32();
9979 load_reg_var(s, addr, rn);
9980 if (!(op2 & 1)) {
9981 if (insn & (1 << 20)) {
9982 tmp = tcg_temp_new_i32();
9983 switch (op) {
9984 case 0: /* ldab */
9985 gen_aa32_ld8u_iss(s, tmp, addr, get_mem_index(s),
9986 rs | ISSIsAcqRel);
9987 break;
9988 case 1: /* ldah */
9989 gen_aa32_ld16u_iss(s, tmp, addr, get_mem_index(s),
9990 rs | ISSIsAcqRel);
9991 break;
9992 case 2: /* lda */
9993 gen_aa32_ld32u_iss(s, tmp, addr, get_mem_index(s),
9994 rs | ISSIsAcqRel);
9995 break;
9996 default:
9997 abort();
9998 }
9999 store_reg(s, rs, tmp);
10000 } else {
10001 tmp = load_reg(s, rs);
10002 switch (op) {
10003 case 0: /* stlb */
10004 gen_aa32_st8_iss(s, tmp, addr, get_mem_index(s),
10005 rs | ISSIsAcqRel);
10006 break;
10007 case 1: /* stlh */
10008 gen_aa32_st16_iss(s, tmp, addr, get_mem_index(s),
10009 rs | ISSIsAcqRel);
10010 break;
10011 case 2: /* stl */
10012 gen_aa32_st32_iss(s, tmp, addr, get_mem_index(s),
10013 rs | ISSIsAcqRel);
10014 break;
10015 default:
10016 abort();
10017 }
10018 tcg_temp_free_i32(tmp);
10019 }
10020 } else if (insn & (1 << 20)) {
10021 gen_load_exclusive(s, rs, rd, addr, op);
10022 } else {
10023 gen_store_exclusive(s, rm, rs, rd, addr, op);
10024 }
10025 tcg_temp_free_i32(addr);
10026 }
10027 } else {
10028 /* Load/store multiple, RFE, SRS. */
10029 if (((insn >> 23) & 1) == ((insn >> 24) & 1)) {
10030 /* RFE, SRS: not available in user mode or on M profile */
10031 if (IS_USER(s) || arm_dc_feature(s, ARM_FEATURE_M)) {
10032 goto illegal_op;
10033 }
10034 if (insn & (1 << 20)) {
10035 /* rfe */
10036 addr = load_reg(s, rn);
10037 if ((insn & (1 << 24)) == 0)
10038 tcg_gen_addi_i32(addr, addr, -8);
10039 /* Load PC into tmp and CPSR into tmp2. */
10040 tmp = tcg_temp_new_i32();
10041 gen_aa32_ld32u(s, tmp, addr, get_mem_index(s));
10042 tcg_gen_addi_i32(addr, addr, 4);
10043 tmp2 = tcg_temp_new_i32();
10044 gen_aa32_ld32u(s, tmp2, addr, get_mem_index(s));
10045 if (insn & (1 << 21)) {
10046 /* Base writeback. */
10047 if (insn & (1 << 24)) {
10048 tcg_gen_addi_i32(addr, addr, 4);
10049 } else {
10050 tcg_gen_addi_i32(addr, addr, -4);
10051 }
10052 store_reg(s, rn, addr);
10053 } else {
10054 tcg_temp_free_i32(addr);
10055 }
10056 gen_rfe(s, tmp, tmp2);
10057 } else {
10058 /* srs */
10059 gen_srs(s, (insn & 0x1f), (insn & (1 << 24)) ? 1 : 2,
10060 insn & (1 << 21));
10061 }
10062 } else {
10063 int i, loaded_base = 0;
10064 TCGv_i32 loaded_var;
10065 /* Load/store multiple. */
10066 addr = load_reg(s, rn);
10067 offset = 0;
10068 for (i = 0; i < 16; i++) {
10069 if (insn & (1 << i))
10070 offset += 4;
10071 }
10072 if (insn & (1 << 24)) {
10073 tcg_gen_addi_i32(addr, addr, -offset);
10074 }
10075
10076 loaded_var = NULL;
10077 for (i = 0; i < 16; i++) {
10078 if ((insn & (1 << i)) == 0)
10079 continue;
10080 if (insn & (1 << 20)) {
10081 /* Load. */
10082 tmp = tcg_temp_new_i32();
10083 gen_aa32_ld32u(s, tmp, addr, get_mem_index(s));
10084 if (i == 15) {
10085 gen_bx_excret(s, tmp);
10086 } else if (i == rn) {
10087 loaded_var = tmp;
10088 loaded_base = 1;
10089 } else {
10090 store_reg(s, i, tmp);
10091 }
10092 } else {
10093 /* Store. */
10094 tmp = load_reg(s, i);
10095 gen_aa32_st32(s, tmp, addr, get_mem_index(s));
10096 tcg_temp_free_i32(tmp);
10097 }
10098 tcg_gen_addi_i32(addr, addr, 4);
10099 }
10100 if (loaded_base) {
10101 store_reg(s, rn, loaded_var);
10102 }
10103 if (insn & (1 << 21)) {
10104 /* Base register writeback. */
10105 if (insn & (1 << 24)) {
10106 tcg_gen_addi_i32(addr, addr, -offset);
10107 }
10108 /* Fault if writeback register is in register list. */
10109 if (insn & (1 << rn))
10110 goto illegal_op;
10111 store_reg(s, rn, addr);
10112 } else {
10113 tcg_temp_free_i32(addr);
10114 }
10115 }
10116 }
10117 break;
10118 case 5:
10119
10120 op = (insn >> 21) & 0xf;
10121 if (op == 6) {
10122 if (!arm_dc_feature(s, ARM_FEATURE_THUMB_DSP)) {
10123 goto illegal_op;
10124 }
10125 /* Halfword pack. */
10126 tmp = load_reg(s, rn);
10127 tmp2 = load_reg(s, rm);
10128 shift = ((insn >> 10) & 0x1c) | ((insn >> 6) & 0x3);
10129 if (insn & (1 << 5)) {
10130 /* pkhtb */
10131 if (shift == 0)
10132 shift = 31;
10133 tcg_gen_sari_i32(tmp2, tmp2, shift);
10134 tcg_gen_andi_i32(tmp, tmp, 0xffff0000);
10135 tcg_gen_ext16u_i32(tmp2, tmp2);
10136 } else {
10137 /* pkhbt */
10138 if (shift)
10139 tcg_gen_shli_i32(tmp2, tmp2, shift);
10140 tcg_gen_ext16u_i32(tmp, tmp);
10141 tcg_gen_andi_i32(tmp2, tmp2, 0xffff0000);
10142 }
10143 tcg_gen_or_i32(tmp, tmp, tmp2);
10144 tcg_temp_free_i32(tmp2);
10145 store_reg(s, rd, tmp);
10146 } else {
10147 /* Data processing register constant shift. */
10148 if (rn == 15) {
10149 tmp = tcg_temp_new_i32();
10150 tcg_gen_movi_i32(tmp, 0);
10151 } else {
10152 tmp = load_reg(s, rn);
10153 }
10154 tmp2 = load_reg(s, rm);
10155
10156 shiftop = (insn >> 4) & 3;
10157 shift = ((insn >> 6) & 3) | ((insn >> 10) & 0x1c);
10158 conds = (insn & (1 << 20)) != 0;
10159 logic_cc = (conds && thumb2_logic_op(op));
10160 gen_arm_shift_im(tmp2, shiftop, shift, logic_cc);
10161 if (gen_thumb2_data_op(s, op, conds, 0, tmp, tmp2))
10162 goto illegal_op;
10163 tcg_temp_free_i32(tmp2);
10164 if (rd != 15) {
10165 store_reg(s, rd, tmp);
10166 } else {
10167 tcg_temp_free_i32(tmp);
10168 }
10169 }
10170 break;
10171 case 13: /* Misc data processing. */
10172 op = ((insn >> 22) & 6) | ((insn >> 7) & 1);
10173 if (op < 4 && (insn & 0xf000) != 0xf000)
10174 goto illegal_op;
10175 switch (op) {
10176 case 0: /* Register controlled shift. */
10177 tmp = load_reg(s, rn);
10178 tmp2 = load_reg(s, rm);
10179 if ((insn & 0x70) != 0)
10180 goto illegal_op;
10181 op = (insn >> 21) & 3;
10182 logic_cc = (insn & (1 << 20)) != 0;
10183 gen_arm_shift_reg(tmp, op, tmp2, logic_cc);
10184 if (logic_cc)
10185 gen_logic_CC(tmp);
10186 store_reg(s, rd, tmp);
10187 break;
10188 case 1: /* Sign/zero extend. */
10189 op = (insn >> 20) & 7;
10190 switch (op) {
10191 case 0: /* SXTAH, SXTH */
10192 case 1: /* UXTAH, UXTH */
10193 case 4: /* SXTAB, SXTB */
10194 case 5: /* UXTAB, UXTB */
10195 break;
10196 case 2: /* SXTAB16, SXTB16 */
10197 case 3: /* UXTAB16, UXTB16 */
10198 if (!arm_dc_feature(s, ARM_FEATURE_THUMB_DSP)) {
10199 goto illegal_op;
10200 }
10201 break;
10202 default:
10203 goto illegal_op;
10204 }
10205 if (rn != 15) {
10206 if (!arm_dc_feature(s, ARM_FEATURE_THUMB_DSP)) {
10207 goto illegal_op;
10208 }
10209 }
10210 tmp = load_reg(s, rm);
10211 shift = (insn >> 4) & 3;
10212 /* ??? In many cases it's not necessary to do a
10213 rotate, a shift is sufficient. */
10214 if (shift != 0)
10215 tcg_gen_rotri_i32(tmp, tmp, shift * 8);
10216 op = (insn >> 20) & 7;
10217 switch (op) {
10218 case 0: gen_sxth(tmp); break;
10219 case 1: gen_uxth(tmp); break;
10220 case 2: gen_sxtb16(tmp); break;
10221 case 3: gen_uxtb16(tmp); break;
10222 case 4: gen_sxtb(tmp); break;
10223 case 5: gen_uxtb(tmp); break;
10224 default:
10225 g_assert_not_reached();
10226 }
10227 if (rn != 15) {
10228 tmp2 = load_reg(s, rn);
10229 if ((op >> 1) == 1) {
10230 gen_add16(tmp, tmp2);
10231 } else {
10232 tcg_gen_add_i32(tmp, tmp, tmp2);
10233 tcg_temp_free_i32(tmp2);
10234 }
10235 }
10236 store_reg(s, rd, tmp);
10237 break;
10238 case 2: /* SIMD add/subtract. */
10239 if (!arm_dc_feature(s, ARM_FEATURE_THUMB_DSP)) {
10240 goto illegal_op;
10241 }
10242 op = (insn >> 20) & 7;
10243 shift = (insn >> 4) & 7;
10244 if ((op & 3) == 3 || (shift & 3) == 3)
10245 goto illegal_op;
10246 tmp = load_reg(s, rn);
10247 tmp2 = load_reg(s, rm);
10248 gen_thumb2_parallel_addsub(op, shift, tmp, tmp2);
10249 tcg_temp_free_i32(tmp2);
10250 store_reg(s, rd, tmp);
10251 break;
10252 case 3: /* Other data processing. */
10253 op = ((insn >> 17) & 0x38) | ((insn >> 4) & 7);
10254 if (op < 4) {
10255 /* Saturating add/subtract. */
10256 if (!arm_dc_feature(s, ARM_FEATURE_THUMB_DSP)) {
10257 goto illegal_op;
10258 }
10259 tmp = load_reg(s, rn);
10260 tmp2 = load_reg(s, rm);
10261 if (op & 1)
10262 gen_helper_double_saturate(tmp, cpu_env, tmp);
10263 if (op & 2)
10264 gen_helper_sub_saturate(tmp, cpu_env, tmp2, tmp);
10265 else
10266 gen_helper_add_saturate(tmp, cpu_env, tmp, tmp2);
10267 tcg_temp_free_i32(tmp2);
10268 } else {
10269 switch (op) {
10270 case 0x0a: /* rbit */
10271 case 0x08: /* rev */
10272 case 0x09: /* rev16 */
10273 case 0x0b: /* revsh */
10274 case 0x18: /* clz */
10275 break;
10276 case 0x10: /* sel */
10277 if (!arm_dc_feature(s, ARM_FEATURE_THUMB_DSP)) {
10278 goto illegal_op;
10279 }
10280 break;
10281 case 0x20: /* crc32/crc32c */
10282 case 0x21:
10283 case 0x22:
10284 case 0x28:
10285 case 0x29:
10286 case 0x2a:
10287 if (!arm_dc_feature(s, ARM_FEATURE_CRC)) {
10288 goto illegal_op;
10289 }
10290 break;
10291 default:
10292 goto illegal_op;
10293 }
10294 tmp = load_reg(s, rn);
10295 switch (op) {
10296 case 0x0a: /* rbit */
10297 gen_helper_rbit(tmp, tmp);
10298 break;
10299 case 0x08: /* rev */
10300 tcg_gen_bswap32_i32(tmp, tmp);
10301 break;
10302 case 0x09: /* rev16 */
10303 gen_rev16(tmp);
10304 break;
10305 case 0x0b: /* revsh */
10306 gen_revsh(tmp);
10307 break;
10308 case 0x10: /* sel */
10309 tmp2 = load_reg(s, rm);
10310 tmp3 = tcg_temp_new_i32();
10311 tcg_gen_ld_i32(tmp3, cpu_env, offsetof(CPUARMState, GE));
10312 gen_helper_sel_flags(tmp, tmp3, tmp, tmp2);
10313 tcg_temp_free_i32(tmp3);
10314 tcg_temp_free_i32(tmp2);
10315 break;
10316 case 0x18: /* clz */
10317 tcg_gen_clzi_i32(tmp, tmp, 32);
10318 break;
10319 case 0x20:
10320 case 0x21:
10321 case 0x22:
10322 case 0x28:
10323 case 0x29:
10324 case 0x2a:
10325 {
10326 /* crc32/crc32c */
10327 uint32_t sz = op & 0x3;
10328 uint32_t c = op & 0x8;
10329
10330 tmp2 = load_reg(s, rm);
10331 if (sz == 0) {
10332 tcg_gen_andi_i32(tmp2, tmp2, 0xff);
10333 } else if (sz == 1) {
10334 tcg_gen_andi_i32(tmp2, tmp2, 0xffff);
10335 }
10336 tmp3 = tcg_const_i32(1 << sz);
10337 if (c) {
10338 gen_helper_crc32c(tmp, tmp, tmp2, tmp3);
10339 } else {
10340 gen_helper_crc32(tmp, tmp, tmp2, tmp3);
10341 }
10342 tcg_temp_free_i32(tmp2);
10343 tcg_temp_free_i32(tmp3);
10344 break;
10345 }
10346 default:
10347 g_assert_not_reached();
10348 }
10349 }
10350 store_reg(s, rd, tmp);
10351 break;
10352 case 4: case 5: /* 32-bit multiply. Sum of absolute differences. */
10353 switch ((insn >> 20) & 7) {
10354 case 0: /* 32 x 32 -> 32 */
10355 case 7: /* Unsigned sum of absolute differences. */
10356 break;
10357 case 1: /* 16 x 16 -> 32 */
10358 case 2: /* Dual multiply add. */
10359 case 3: /* 32 * 16 -> 32msb */
10360 case 4: /* Dual multiply subtract. */
10361 case 5: case 6: /* 32 * 32 -> 32msb (SMMUL, SMMLA, SMMLS) */
10362 if (!arm_dc_feature(s, ARM_FEATURE_THUMB_DSP)) {
10363 goto illegal_op;
10364 }
10365 break;
10366 }
10367 op = (insn >> 4) & 0xf;
10368 tmp = load_reg(s, rn);
10369 tmp2 = load_reg(s, rm);
10370 switch ((insn >> 20) & 7) {
10371 case 0: /* 32 x 32 -> 32 */
10372 tcg_gen_mul_i32(tmp, tmp, tmp2);
10373 tcg_temp_free_i32(tmp2);
10374 if (rs != 15) {
10375 tmp2 = load_reg(s, rs);
10376 if (op)
10377 tcg_gen_sub_i32(tmp, tmp2, tmp);
10378 else
10379 tcg_gen_add_i32(tmp, tmp, tmp2);
10380 tcg_temp_free_i32(tmp2);
10381 }
10382 break;
10383 case 1: /* 16 x 16 -> 32 */
10384 gen_mulxy(tmp, tmp2, op & 2, op & 1);
10385 tcg_temp_free_i32(tmp2);
10386 if (rs != 15) {
10387 tmp2 = load_reg(s, rs);
10388 gen_helper_add_setq(tmp, cpu_env, tmp, tmp2);
10389 tcg_temp_free_i32(tmp2);
10390 }
10391 break;
10392 case 2: /* Dual multiply add. */
10393 case 4: /* Dual multiply subtract. */
10394 if (op)
10395 gen_swap_half(tmp2);
10396 gen_smul_dual(tmp, tmp2);
10397 if (insn & (1 << 22)) {
10398 /* This subtraction cannot overflow. */
10399 tcg_gen_sub_i32(tmp, tmp, tmp2);
10400 } else {
10401 /* This addition cannot overflow 32 bits;
10402 * however it may overflow considered as a signed
10403 * operation, in which case we must set the Q flag.
10404 */
10405 gen_helper_add_setq(tmp, cpu_env, tmp, tmp2);
10406 }
10407 tcg_temp_free_i32(tmp2);
10408 if (rs != 15)
10409 {
10410 tmp2 = load_reg(s, rs);
10411 gen_helper_add_setq(tmp, cpu_env, tmp, tmp2);
10412 tcg_temp_free_i32(tmp2);
10413 }
10414 break;
10415 case 3: /* 32 * 16 -> 32msb */
10416 if (op)
10417 tcg_gen_sari_i32(tmp2, tmp2, 16);
10418 else
10419 gen_sxth(tmp2);
10420 tmp64 = gen_muls_i64_i32(tmp, tmp2);
10421 tcg_gen_shri_i64(tmp64, tmp64, 16);
10422 tmp = tcg_temp_new_i32();
10423 tcg_gen_extrl_i64_i32(tmp, tmp64);
10424 tcg_temp_free_i64(tmp64);
10425 if (rs != 15)
10426 {
10427 tmp2 = load_reg(s, rs);
10428 gen_helper_add_setq(tmp, cpu_env, tmp, tmp2);
10429 tcg_temp_free_i32(tmp2);
10430 }
10431 break;
10432 case 5: case 6: /* 32 * 32 -> 32msb (SMMUL, SMMLA, SMMLS) */
10433 tmp64 = gen_muls_i64_i32(tmp, tmp2);
10434 if (rs != 15) {
10435 tmp = load_reg(s, rs);
10436 if (insn & (1 << 20)) {
10437 tmp64 = gen_addq_msw(tmp64, tmp);
10438 } else {
10439 tmp64 = gen_subq_msw(tmp64, tmp);
10440 }
10441 }
10442 if (insn & (1 << 4)) {
10443 tcg_gen_addi_i64(tmp64, tmp64, 0x80000000u);
10444 }
10445 tcg_gen_shri_i64(tmp64, tmp64, 32);
10446 tmp = tcg_temp_new_i32();
10447 tcg_gen_extrl_i64_i32(tmp, tmp64);
10448 tcg_temp_free_i64(tmp64);
10449 break;
10450 case 7: /* Unsigned sum of absolute differences. */
10451 gen_helper_usad8(tmp, tmp, tmp2);
10452 tcg_temp_free_i32(tmp2);
10453 if (rs != 15) {
10454 tmp2 = load_reg(s, rs);
10455 tcg_gen_add_i32(tmp, tmp, tmp2);
10456 tcg_temp_free_i32(tmp2);
10457 }
10458 break;
10459 }
10460 store_reg(s, rd, tmp);
10461 break;
10462 case 6: case 7: /* 64-bit multiply, Divide. */
10463 op = ((insn >> 4) & 0xf) | ((insn >> 16) & 0x70);
10464 tmp = load_reg(s, rn);
10465 tmp2 = load_reg(s, rm);
10466 if ((op & 0x50) == 0x10) {
10467 /* sdiv, udiv */
10468 if (!arm_dc_feature(s, ARM_FEATURE_THUMB_DIV)) {
10469 goto illegal_op;
10470 }
10471 if (op & 0x20)
10472 gen_helper_udiv(tmp, tmp, tmp2);
10473 else
10474 gen_helper_sdiv(tmp, tmp, tmp2);
10475 tcg_temp_free_i32(tmp2);
10476 store_reg(s, rd, tmp);
10477 } else if ((op & 0xe) == 0xc) {
10478 /* Dual multiply accumulate long. */
10479 if (!arm_dc_feature(s, ARM_FEATURE_THUMB_DSP)) {
10480 tcg_temp_free_i32(tmp);
10481 tcg_temp_free_i32(tmp2);
10482 goto illegal_op;
10483 }
10484 if (op & 1)
10485 gen_swap_half(tmp2);
10486 gen_smul_dual(tmp, tmp2);
10487 if (op & 0x10) {
10488 tcg_gen_sub_i32(tmp, tmp, tmp2);
10489 } else {
10490 tcg_gen_add_i32(tmp, tmp, tmp2);
10491 }
10492 tcg_temp_free_i32(tmp2);
10493 /* BUGFIX */
10494 tmp64 = tcg_temp_new_i64();
10495 tcg_gen_ext_i32_i64(tmp64, tmp);
10496 tcg_temp_free_i32(tmp);
10497 gen_addq(s, tmp64, rs, rd);
10498 gen_storeq_reg(s, rs, rd, tmp64);
10499 tcg_temp_free_i64(tmp64);
10500 } else {
10501 if (op & 0x20) {
10502 /* Unsigned 64-bit multiply */
10503 tmp64 = gen_mulu_i64_i32(tmp, tmp2);
10504 } else {
10505 if (op & 8) {
10506 /* smlalxy */
10507 if (!arm_dc_feature(s, ARM_FEATURE_THUMB_DSP)) {
10508 tcg_temp_free_i32(tmp2);
10509 tcg_temp_free_i32(tmp);
10510 goto illegal_op;
10511 }
10512 gen_mulxy(tmp, tmp2, op & 2, op & 1);
10513 tcg_temp_free_i32(tmp2);
10514 tmp64 = tcg_temp_new_i64();
10515 tcg_gen_ext_i32_i64(tmp64, tmp);
10516 tcg_temp_free_i32(tmp);
10517 } else {
10518 /* Signed 64-bit multiply */
10519 tmp64 = gen_muls_i64_i32(tmp, tmp2);
10520 }
10521 }
10522 if (op & 4) {
10523 /* umaal */
10524 if (!arm_dc_feature(s, ARM_FEATURE_THUMB_DSP)) {
10525 tcg_temp_free_i64(tmp64);
10526 goto illegal_op;
10527 }
10528 gen_addq_lo(s, tmp64, rs);
10529 gen_addq_lo(s, tmp64, rd);
10530 } else if (op & 0x40) {
10531 /* 64-bit accumulate. */
10532 gen_addq(s, tmp64, rs, rd);
10533 }
10534 gen_storeq_reg(s, rs, rd, tmp64);
10535 tcg_temp_free_i64(tmp64);
10536 }
10537 break;
10538 }
10539 break;
10540 case 6: case 7: case 14: case 15:
10541 /* Coprocessor. */
10542 if (arm_dc_feature(s, ARM_FEATURE_M)) {
10543 /* We don't currently implement M profile FP support,
10544 * so this entire space should give a NOCP fault.
10545 */
10546 gen_exception_insn(s, 4, EXCP_NOCP, syn_uncategorized(),
10547 default_exception_el(s));
10548 break;
10549 }
10550 if (((insn >> 24) & 3) == 3) {
10551 /* Translate into the equivalent ARM encoding. */
10552 insn = (insn & 0xe2ffffff) | ((insn & (1 << 28)) >> 4) | (1 << 28);
10553 if (disas_neon_data_insn(s, insn)) {
10554 goto illegal_op;
10555 }
10556 } else if (((insn >> 8) & 0xe) == 10) {
10557 if (disas_vfp_insn(s, insn)) {
10558 goto illegal_op;
10559 }
10560 } else {
10561 if (insn & (1 << 28))
10562 goto illegal_op;
10563 if (disas_coproc_insn(s, insn)) {
10564 goto illegal_op;
10565 }
10566 }
10567 break;
10568 case 8: case 9: case 10: case 11:
10569 if (insn & (1 << 15)) {
10570 /* Branches, misc control. */
10571 if (insn & 0x5000) {
10572 /* Unconditional branch. */
10573 /* signextend(hw1[10:0]) -> offset[:12]. */
10574 offset = ((int32_t)insn << 5) >> 9 & ~(int32_t)0xfff;
10575 /* hw1[10:0] -> offset[11:1]. */
10576 offset |= (insn & 0x7ff) << 1;
10577 /* (~hw2[13, 11] ^ offset[24]) -> offset[23,22]
10578 offset[24:22] already have the same value because of the
10579 sign extension above. */
10580 offset ^= ((~insn) & (1 << 13)) << 10;
10581 offset ^= ((~insn) & (1 << 11)) << 11;
10582
10583 if (insn & (1 << 14)) {
10584 /* Branch and link. */
10585 tcg_gen_movi_i32(cpu_R[14], s->pc | 1);
10586 }
10587
10588 offset += s->pc;
10589 if (insn & (1 << 12)) {
10590 /* b/bl */
10591 gen_jmp(s, offset);
10592 } else {
10593 /* blx */
10594 offset &= ~(uint32_t)2;
10595 /* thumb2 bx, no need to check */
10596 gen_bx_im(s, offset);
10597 }
10598 } else if (((insn >> 23) & 7) == 7) {
10599 /* Misc control */
10600 if (insn & (1 << 13))
10601 goto illegal_op;
10602
10603 if (insn & (1 << 26)) {
10604 if (arm_dc_feature(s, ARM_FEATURE_M)) {
10605 goto illegal_op;
10606 }
10607 if (!(insn & (1 << 20))) {
10608 /* Hypervisor call (v7) */
10609 int imm16 = extract32(insn, 16, 4) << 12
10610 | extract32(insn, 0, 12);
10611 ARCH(7);
10612 if (IS_USER(s)) {
10613 goto illegal_op;
10614 }
10615 gen_hvc(s, imm16);
10616 } else {
10617 /* Secure monitor call (v6+) */
10618 ARCH(6K);
10619 if (IS_USER(s)) {
10620 goto illegal_op;
10621 }
10622 gen_smc(s);
10623 }
10624 } else {
10625 op = (insn >> 20) & 7;
10626 switch (op) {
10627 case 0: /* msr cpsr. */
10628 if (arm_dc_feature(s, ARM_FEATURE_M)) {
10629 tmp = load_reg(s, rn);
10630 /* the constant is the mask and SYSm fields */
10631 addr = tcg_const_i32(insn & 0xfff);
10632 gen_helper_v7m_msr(cpu_env, addr, tmp);
10633 tcg_temp_free_i32(addr);
10634 tcg_temp_free_i32(tmp);
10635 gen_lookup_tb(s);
10636 break;
10637 }
10638 /* fall through */
10639 case 1: /* msr spsr. */
10640 if (arm_dc_feature(s, ARM_FEATURE_M)) {
10641 goto illegal_op;
10642 }
10643
10644 if (extract32(insn, 5, 1)) {
10645 /* MSR (banked) */
10646 int sysm = extract32(insn, 8, 4) |
10647 (extract32(insn, 4, 1) << 4);
10648 int r = op & 1;
10649
10650 gen_msr_banked(s, r, sysm, rm);
10651 break;
10652 }
10653
10654 /* MSR (for PSRs) */
10655 tmp = load_reg(s, rn);
10656 if (gen_set_psr(s,
10657 msr_mask(s, (insn >> 8) & 0xf, op == 1),
10658 op == 1, tmp))
10659 goto illegal_op;
10660 break;
10661 case 2: /* cps, nop-hint. */
10662 if (((insn >> 8) & 7) == 0) {
10663 gen_nop_hint(s, insn & 0xff);
10664 }
10665 /* Implemented as NOP in user mode. */
10666 if (IS_USER(s))
10667 break;
10668 offset = 0;
10669 imm = 0;
10670 if (insn & (1 << 10)) {
10671 if (insn & (1 << 7))
10672 offset |= CPSR_A;
10673 if (insn & (1 << 6))
10674 offset |= CPSR_I;
10675 if (insn & (1 << 5))
10676 offset |= CPSR_F;
10677 if (insn & (1 << 9))
10678 imm = CPSR_A | CPSR_I | CPSR_F;
10679 }
10680 if (insn & (1 << 8)) {
10681 offset |= 0x1f;
10682 imm |= (insn & 0x1f);
10683 }
10684 if (offset) {
10685 gen_set_psr_im(s, offset, 0, imm);
10686 }
10687 break;
10688 case 3: /* Special control operations. */
10689 ARCH(7);
10690 op = (insn >> 4) & 0xf;
10691 switch (op) {
10692 case 2: /* clrex */
10693 gen_clrex(s);
10694 break;
10695 case 4: /* dsb */
10696 case 5: /* dmb */
10697 tcg_gen_mb(TCG_MO_ALL | TCG_BAR_SC);
10698 break;
10699 case 6: /* isb */
10700 /* We need to break the TB after this insn
10701 * to execute self-modifying code correctly
10702 * and also to take any pending interrupts
10703 * immediately.
10704 */
10705 gen_goto_tb(s, 0, s->pc & ~1);
10706 break;
10707 default:
10708 goto illegal_op;
10709 }
10710 break;
10711 case 4: /* bxj */
10712 /* Trivial implementation equivalent to bx.
10713 * This instruction doesn't exist at all for M-profile.
10714 */
10715 if (arm_dc_feature(s, ARM_FEATURE_M)) {
10716 goto illegal_op;
10717 }
10718 tmp = load_reg(s, rn);
10719 gen_bx(s, tmp);
10720 break;
10721 case 5: /* Exception return. */
10722 if (IS_USER(s)) {
10723 goto illegal_op;
10724 }
10725 if (rn != 14 || rd != 15) {
10726 goto illegal_op;
10727 }
10728 tmp = load_reg(s, rn);
10729 tcg_gen_subi_i32(tmp, tmp, insn & 0xff);
10730 gen_exception_return(s, tmp);
10731 break;
10732 case 6: /* MRS */
10733 if (extract32(insn, 5, 1) &&
10734 !arm_dc_feature(s, ARM_FEATURE_M)) {
10735 /* MRS (banked) */
10736 int sysm = extract32(insn, 16, 4) |
10737 (extract32(insn, 4, 1) << 4);
10738
10739 gen_mrs_banked(s, 0, sysm, rd);
10740 break;
10741 }
10742
10743 if (extract32(insn, 16, 4) != 0xf) {
10744 goto illegal_op;
10745 }
10746 if (!arm_dc_feature(s, ARM_FEATURE_M) &&
10747 extract32(insn, 0, 8) != 0) {
10748 goto illegal_op;
10749 }
10750
10751 /* mrs cpsr */
10752 tmp = tcg_temp_new_i32();
10753 if (arm_dc_feature(s, ARM_FEATURE_M)) {
10754 addr = tcg_const_i32(insn & 0xff);
10755 gen_helper_v7m_mrs(tmp, cpu_env, addr);
10756 tcg_temp_free_i32(addr);
10757 } else {
10758 gen_helper_cpsr_read(tmp, cpu_env);
10759 }
10760 store_reg(s, rd, tmp);
10761 break;
10762 case 7: /* MRS */
10763 if (extract32(insn, 5, 1) &&
10764 !arm_dc_feature(s, ARM_FEATURE_M)) {
10765 /* MRS (banked) */
10766 int sysm = extract32(insn, 16, 4) |
10767 (extract32(insn, 4, 1) << 4);
10768
10769 gen_mrs_banked(s, 1, sysm, rd);
10770 break;
10771 }
10772
10773 /* mrs spsr. */
10774 /* Not accessible in user mode. */
10775 if (IS_USER(s) || arm_dc_feature(s, ARM_FEATURE_M)) {
10776 goto illegal_op;
10777 }
10778
10779 if (extract32(insn, 16, 4) != 0xf ||
10780 extract32(insn, 0, 8) != 0) {
10781 goto illegal_op;
10782 }
10783
10784 tmp = load_cpu_field(spsr);
10785 store_reg(s, rd, tmp);
10786 break;
10787 }
10788 }
10789 } else {
10790 /* Conditional branch. */
10791 op = (insn >> 22) & 0xf;
10792 /* Generate a conditional jump to next instruction. */
10793 s->condlabel = gen_new_label();
10794 arm_gen_test_cc(op ^ 1, s->condlabel);
10795 s->condjmp = 1;
10796
10797 /* offset[11:1] = insn[10:0] */
10798 offset = (insn & 0x7ff) << 1;
10799 /* offset[17:12] = insn[21:16]. */
10800 offset |= (insn & 0x003f0000) >> 4;
10801 /* offset[31:20] = insn[26]. */
10802 offset |= ((int32_t)((insn << 5) & 0x80000000)) >> 11;
10803 /* offset[18] = insn[13]. */
10804 offset |= (insn & (1 << 13)) << 5;
10805 /* offset[19] = insn[11]. */
10806 offset |= (insn & (1 << 11)) << 8;
10807
10808 /* jump to the offset */
10809 gen_jmp(s, s->pc + offset);
10810 }
10811 } else {
10812 /* Data processing immediate. */
10813 if (insn & (1 << 25)) {
10814 if (insn & (1 << 24)) {
10815 if (insn & (1 << 20))
10816 goto illegal_op;
10817 /* Bitfield/Saturate. */
10818 op = (insn >> 21) & 7;
10819 imm = insn & 0x1f;
10820 shift = ((insn >> 6) & 3) | ((insn >> 10) & 0x1c);
10821 if (rn == 15) {
10822 tmp = tcg_temp_new_i32();
10823 tcg_gen_movi_i32(tmp, 0);
10824 } else {
10825 tmp = load_reg(s, rn);
10826 }
10827 switch (op) {
10828 case 2: /* Signed bitfield extract. */
10829 imm++;
10830 if (shift + imm > 32)
10831 goto illegal_op;
10832 if (imm < 32) {
10833 tcg_gen_sextract_i32(tmp, tmp, shift, imm);
10834 }
10835 break;
10836 case 6: /* Unsigned bitfield extract. */
10837 imm++;
10838 if (shift + imm > 32)
10839 goto illegal_op;
10840 if (imm < 32) {
10841 tcg_gen_extract_i32(tmp, tmp, shift, imm);
10842 }
10843 break;
10844 case 3: /* Bitfield insert/clear. */
10845 if (imm < shift)
10846 goto illegal_op;
10847 imm = imm + 1 - shift;
10848 if (imm != 32) {
10849 tmp2 = load_reg(s, rd);
10850 tcg_gen_deposit_i32(tmp, tmp2, tmp, shift, imm);
10851 tcg_temp_free_i32(tmp2);
10852 }
10853 break;
10854 case 7:
10855 goto illegal_op;
10856 default: /* Saturate. */
10857 if (shift) {
10858 if (op & 1)
10859 tcg_gen_sari_i32(tmp, tmp, shift);
10860 else
10861 tcg_gen_shli_i32(tmp, tmp, shift);
10862 }
10863 tmp2 = tcg_const_i32(imm);
10864 if (op & 4) {
10865 /* Unsigned. */
10866 if ((op & 1) && shift == 0) {
10867 if (!arm_dc_feature(s, ARM_FEATURE_THUMB_DSP)) {
10868 tcg_temp_free_i32(tmp);
10869 tcg_temp_free_i32(tmp2);
10870 goto illegal_op;
10871 }
10872 gen_helper_usat16(tmp, cpu_env, tmp, tmp2);
10873 } else {
10874 gen_helper_usat(tmp, cpu_env, tmp, tmp2);
10875 }
10876 } else {
10877 /* Signed. */
10878 if ((op & 1) && shift == 0) {
10879 if (!arm_dc_feature(s, ARM_FEATURE_THUMB_DSP)) {
10880 tcg_temp_free_i32(tmp);
10881 tcg_temp_free_i32(tmp2);
10882 goto illegal_op;
10883 }
10884 gen_helper_ssat16(tmp, cpu_env, tmp, tmp2);
10885 } else {
10886 gen_helper_ssat(tmp, cpu_env, tmp, tmp2);
10887 }
10888 }
10889 tcg_temp_free_i32(tmp2);
10890 break;
10891 }
10892 store_reg(s, rd, tmp);
10893 } else {
10894 imm = ((insn & 0x04000000) >> 15)
10895 | ((insn & 0x7000) >> 4) | (insn & 0xff);
10896 if (insn & (1 << 22)) {
10897 /* 16-bit immediate. */
10898 imm |= (insn >> 4) & 0xf000;
10899 if (insn & (1 << 23)) {
10900 /* movt */
10901 tmp = load_reg(s, rd);
10902 tcg_gen_ext16u_i32(tmp, tmp);
10903 tcg_gen_ori_i32(tmp, tmp, imm << 16);
10904 } else {
10905 /* movw */
10906 tmp = tcg_temp_new_i32();
10907 tcg_gen_movi_i32(tmp, imm);
10908 }
10909 } else {
10910 /* Add/sub 12-bit immediate. */
10911 if (rn == 15) {
10912 offset = s->pc & ~(uint32_t)3;
10913 if (insn & (1 << 23))
10914 offset -= imm;
10915 else
10916 offset += imm;
10917 tmp = tcg_temp_new_i32();
10918 tcg_gen_movi_i32(tmp, offset);
10919 } else {
10920 tmp = load_reg(s, rn);
10921 if (insn & (1 << 23))
10922 tcg_gen_subi_i32(tmp, tmp, imm);
10923 else
10924 tcg_gen_addi_i32(tmp, tmp, imm);
10925 }
10926 }
10927 store_reg(s, rd, tmp);
10928 }
10929 } else {
10930 int shifter_out = 0;
10931 /* modified 12-bit immediate. */
10932 shift = ((insn & 0x04000000) >> 23) | ((insn & 0x7000) >> 12);
10933 imm = (insn & 0xff);
10934 switch (shift) {
10935 case 0: /* XY */
10936 /* Nothing to do. */
10937 break;
10938 case 1: /* 00XY00XY */
10939 imm |= imm << 16;
10940 break;
10941 case 2: /* XY00XY00 */
10942 imm |= imm << 16;
10943 imm <<= 8;
10944 break;
10945 case 3: /* XYXYXYXY */
10946 imm |= imm << 16;
10947 imm |= imm << 8;
10948 break;
10949 default: /* Rotated constant. */
10950 shift = (shift << 1) | (imm >> 7);
10951 imm |= 0x80;
10952 imm = imm << (32 - shift);
10953 shifter_out = 1;
10954 break;
10955 }
10956 tmp2 = tcg_temp_new_i32();
10957 tcg_gen_movi_i32(tmp2, imm);
10958 rn = (insn >> 16) & 0xf;
10959 if (rn == 15) {
10960 tmp = tcg_temp_new_i32();
10961 tcg_gen_movi_i32(tmp, 0);
10962 } else {
10963 tmp = load_reg(s, rn);
10964 }
10965 op = (insn >> 21) & 0xf;
10966 if (gen_thumb2_data_op(s, op, (insn & (1 << 20)) != 0,
10967 shifter_out, tmp, tmp2))
10968 goto illegal_op;
10969 tcg_temp_free_i32(tmp2);
10970 rd = (insn >> 8) & 0xf;
10971 if (rd != 15) {
10972 store_reg(s, rd, tmp);
10973 } else {
10974 tcg_temp_free_i32(tmp);
10975 }
10976 }
10977 }
10978 break;
10979 case 12: /* Load/store single data item. */
10980 {
10981 int postinc = 0;
10982 int writeback = 0;
10983 int memidx;
10984 ISSInfo issinfo;
10985
10986 if ((insn & 0x01100000) == 0x01000000) {
10987 if (disas_neon_ls_insn(s, insn)) {
10988 goto illegal_op;
10989 }
10990 break;
10991 }
10992 op = ((insn >> 21) & 3) | ((insn >> 22) & 4);
10993 if (rs == 15) {
10994 if (!(insn & (1 << 20))) {
10995 goto illegal_op;
10996 }
10997 if (op != 2) {
10998 /* Byte or halfword load space with dest == r15 : memory hints.
10999 * Catch them early so we don't emit pointless addressing code.
11000 * This space is a mix of:
11001 * PLD/PLDW/PLI, which we implement as NOPs (note that unlike
11002 * the ARM encodings, PLDW space doesn't UNDEF for non-v7MP
11003 * cores)
11004 * unallocated hints, which must be treated as NOPs
11005 * UNPREDICTABLE space, which we NOP or UNDEF depending on
11006 * which is easiest for the decoding logic
11007 * Some space which must UNDEF
11008 */
11009 int op1 = (insn >> 23) & 3;
11010 int op2 = (insn >> 6) & 0x3f;
11011 if (op & 2) {
11012 goto illegal_op;
11013 }
11014 if (rn == 15) {
11015 /* UNPREDICTABLE, unallocated hint or
11016 * PLD/PLDW/PLI (literal)
11017 */
11018 return;
11019 }
11020 if (op1 & 1) {
11021 return; /* PLD/PLDW/PLI or unallocated hint */
11022 }
11023 if ((op2 == 0) || ((op2 & 0x3c) == 0x30)) {
11024 return; /* PLD/PLDW/PLI or unallocated hint */
11025 }
11026 /* UNDEF space, or an UNPREDICTABLE */
11027 goto illegal_op;
11028 }
11029 }
11030 memidx = get_mem_index(s);
11031 if (rn == 15) {
11032 addr = tcg_temp_new_i32();
11033 /* PC relative. */
11034 /* s->pc has already been incremented by 4. */
11035 imm = s->pc & 0xfffffffc;
11036 if (insn & (1 << 23))
11037 imm += insn & 0xfff;
11038 else
11039 imm -= insn & 0xfff;
11040 tcg_gen_movi_i32(addr, imm);
11041 } else {
11042 addr = load_reg(s, rn);
11043 if (insn & (1 << 23)) {
11044 /* Positive offset. */
11045 imm = insn & 0xfff;
11046 tcg_gen_addi_i32(addr, addr, imm);
11047 } else {
11048 imm = insn & 0xff;
11049 switch ((insn >> 8) & 0xf) {
11050 case 0x0: /* Shifted Register. */
11051 shift = (insn >> 4) & 0xf;
11052 if (shift > 3) {
11053 tcg_temp_free_i32(addr);
11054 goto illegal_op;
11055 }
11056 tmp = load_reg(s, rm);
11057 if (shift)
11058 tcg_gen_shli_i32(tmp, tmp, shift);
11059 tcg_gen_add_i32(addr, addr, tmp);
11060 tcg_temp_free_i32(tmp);
11061 break;
11062 case 0xc: /* Negative offset. */
11063 tcg_gen_addi_i32(addr, addr, -imm);
11064 break;
11065 case 0xe: /* User privilege. */
11066 tcg_gen_addi_i32(addr, addr, imm);
11067 memidx = get_a32_user_mem_index(s);
11068 break;
11069 case 0x9: /* Post-decrement. */
11070 imm = -imm;
11071 /* Fall through. */
11072 case 0xb: /* Post-increment. */
11073 postinc = 1;
11074 writeback = 1;
11075 break;
11076 case 0xd: /* Pre-decrement. */
11077 imm = -imm;
11078 /* Fall through. */
11079 case 0xf: /* Pre-increment. */
11080 tcg_gen_addi_i32(addr, addr, imm);
11081 writeback = 1;
11082 break;
11083 default:
11084 tcg_temp_free_i32(addr);
11085 goto illegal_op;
11086 }
11087 }
11088 }
11089
11090 issinfo = writeback ? ISSInvalid : rs;
11091
11092 if (insn & (1 << 20)) {
11093 /* Load. */
11094 tmp = tcg_temp_new_i32();
11095 switch (op) {
11096 case 0:
11097 gen_aa32_ld8u_iss(s, tmp, addr, memidx, issinfo);
11098 break;
11099 case 4:
11100 gen_aa32_ld8s_iss(s, tmp, addr, memidx, issinfo);
11101 break;
11102 case 1:
11103 gen_aa32_ld16u_iss(s, tmp, addr, memidx, issinfo);
11104 break;
11105 case 5:
11106 gen_aa32_ld16s_iss(s, tmp, addr, memidx, issinfo);
11107 break;
11108 case 2:
11109 gen_aa32_ld32u_iss(s, tmp, addr, memidx, issinfo);
11110 break;
11111 default:
11112 tcg_temp_free_i32(tmp);
11113 tcg_temp_free_i32(addr);
11114 goto illegal_op;
11115 }
11116 if (rs == 15) {
11117 gen_bx_excret(s, tmp);
11118 } else {
11119 store_reg(s, rs, tmp);
11120 }
11121 } else {
11122 /* Store. */
11123 tmp = load_reg(s, rs);
11124 switch (op) {
11125 case 0:
11126 gen_aa32_st8_iss(s, tmp, addr, memidx, issinfo);
11127 break;
11128 case 1:
11129 gen_aa32_st16_iss(s, tmp, addr, memidx, issinfo);
11130 break;
11131 case 2:
11132 gen_aa32_st32_iss(s, tmp, addr, memidx, issinfo);
11133 break;
11134 default:
11135 tcg_temp_free_i32(tmp);
11136 tcg_temp_free_i32(addr);
11137 goto illegal_op;
11138 }
11139 tcg_temp_free_i32(tmp);
11140 }
11141 if (postinc)
11142 tcg_gen_addi_i32(addr, addr, imm);
11143 if (writeback) {
11144 store_reg(s, rn, addr);
11145 } else {
11146 tcg_temp_free_i32(addr);
11147 }
11148 }
11149 break;
11150 default:
11151 goto illegal_op;
11152 }
11153 return;
11154 illegal_op:
11155 gen_exception_insn(s, 4, EXCP_UDEF, syn_uncategorized(),
11156 default_exception_el(s));
11157 }
11158
11159 static void disas_thumb_insn(DisasContext *s, uint32_t insn)
11160 {
11161 uint32_t val, op, rm, rn, rd, shift, cond;
11162 int32_t offset;
11163 int i;
11164 TCGv_i32 tmp;
11165 TCGv_i32 tmp2;
11166 TCGv_i32 addr;
11167
11168 switch (insn >> 12) {
11169 case 0: case 1:
11170
11171 rd = insn & 7;
11172 op = (insn >> 11) & 3;
11173 if (op == 3) {
11174 /* add/subtract */
11175 rn = (insn >> 3) & 7;
11176 tmp = load_reg(s, rn);
11177 if (insn & (1 << 10)) {
11178 /* immediate */
11179 tmp2 = tcg_temp_new_i32();
11180 tcg_gen_movi_i32(tmp2, (insn >> 6) & 7);
11181 } else {
11182 /* reg */
11183 rm = (insn >> 6) & 7;
11184 tmp2 = load_reg(s, rm);
11185 }
11186 if (insn & (1 << 9)) {
11187 if (s->condexec_mask)
11188 tcg_gen_sub_i32(tmp, tmp, tmp2);
11189 else
11190 gen_sub_CC(tmp, tmp, tmp2);
11191 } else {
11192 if (s->condexec_mask)
11193 tcg_gen_add_i32(tmp, tmp, tmp2);
11194 else
11195 gen_add_CC(tmp, tmp, tmp2);
11196 }
11197 tcg_temp_free_i32(tmp2);
11198 store_reg(s, rd, tmp);
11199 } else {
11200 /* shift immediate */
11201 rm = (insn >> 3) & 7;
11202 shift = (insn >> 6) & 0x1f;
11203 tmp = load_reg(s, rm);
11204 gen_arm_shift_im(tmp, op, shift, s->condexec_mask == 0);
11205 if (!s->condexec_mask)
11206 gen_logic_CC(tmp);
11207 store_reg(s, rd, tmp);
11208 }
11209 break;
11210 case 2: case 3:
11211 /* arithmetic large immediate */
11212 op = (insn >> 11) & 3;
11213 rd = (insn >> 8) & 0x7;
11214 if (op == 0) { /* mov */
11215 tmp = tcg_temp_new_i32();
11216 tcg_gen_movi_i32(tmp, insn & 0xff);
11217 if (!s->condexec_mask)
11218 gen_logic_CC(tmp);
11219 store_reg(s, rd, tmp);
11220 } else {
11221 tmp = load_reg(s, rd);
11222 tmp2 = tcg_temp_new_i32();
11223 tcg_gen_movi_i32(tmp2, insn & 0xff);
11224 switch (op) {
11225 case 1: /* cmp */
11226 gen_sub_CC(tmp, tmp, tmp2);
11227 tcg_temp_free_i32(tmp);
11228 tcg_temp_free_i32(tmp2);
11229 break;
11230 case 2: /* add */
11231 if (s->condexec_mask)
11232 tcg_gen_add_i32(tmp, tmp, tmp2);
11233 else
11234 gen_add_CC(tmp, tmp, tmp2);
11235 tcg_temp_free_i32(tmp2);
11236 store_reg(s, rd, tmp);
11237 break;
11238 case 3: /* sub */
11239 if (s->condexec_mask)
11240 tcg_gen_sub_i32(tmp, tmp, tmp2);
11241 else
11242 gen_sub_CC(tmp, tmp, tmp2);
11243 tcg_temp_free_i32(tmp2);
11244 store_reg(s, rd, tmp);
11245 break;
11246 }
11247 }
11248 break;
11249 case 4:
11250 if (insn & (1 << 11)) {
11251 rd = (insn >> 8) & 7;
11252 /* load pc-relative. Bit 1 of PC is ignored. */
11253 val = s->pc + 2 + ((insn & 0xff) * 4);
11254 val &= ~(uint32_t)2;
11255 addr = tcg_temp_new_i32();
11256 tcg_gen_movi_i32(addr, val);
11257 tmp = tcg_temp_new_i32();
11258 gen_aa32_ld32u_iss(s, tmp, addr, get_mem_index(s),
11259 rd | ISSIs16Bit);
11260 tcg_temp_free_i32(addr);
11261 store_reg(s, rd, tmp);
11262 break;
11263 }
11264 if (insn & (1 << 10)) {
11265 /* 0b0100_01xx_xxxx_xxxx
11266 * - data processing extended, branch and exchange
11267 */
11268 rd = (insn & 7) | ((insn >> 4) & 8);
11269 rm = (insn >> 3) & 0xf;
11270 op = (insn >> 8) & 3;
11271 switch (op) {
11272 case 0: /* add */
11273 tmp = load_reg(s, rd);
11274 tmp2 = load_reg(s, rm);
11275 tcg_gen_add_i32(tmp, tmp, tmp2);
11276 tcg_temp_free_i32(tmp2);
11277 store_reg(s, rd, tmp);
11278 break;
11279 case 1: /* cmp */
11280 tmp = load_reg(s, rd);
11281 tmp2 = load_reg(s, rm);
11282 gen_sub_CC(tmp, tmp, tmp2);
11283 tcg_temp_free_i32(tmp2);
11284 tcg_temp_free_i32(tmp);
11285 break;
11286 case 2: /* mov/cpy */
11287 tmp = load_reg(s, rm);
11288 store_reg(s, rd, tmp);
11289 break;
11290 case 3:
11291 {
11292 /* 0b0100_0111_xxxx_xxxx
11293 * - branch [and link] exchange thumb register
11294 */
11295 bool link = insn & (1 << 7);
11296
11297 if (insn & 3) {
11298 goto undef;
11299 }
11300 if (link) {
11301 ARCH(5);
11302 }
11303 if ((insn & 4)) {
11304 /* BXNS/BLXNS: only exists for v8M with the
11305 * security extensions, and always UNDEF if NonSecure.
11306 * We don't implement these in the user-only mode
11307 * either (in theory you can use them from Secure User
11308 * mode but they are too tied in to system emulation.)
11309 */
11310 if (!s->v8m_secure || IS_USER_ONLY) {
11311 goto undef;
11312 }
11313 if (link) {
11314 gen_blxns(s, rm);
11315 } else {
11316 gen_bxns(s, rm);
11317 }
11318 break;
11319 }
11320 /* BLX/BX */
11321 tmp = load_reg(s, rm);
11322 if (link) {
11323 val = (uint32_t)s->pc | 1;
11324 tmp2 = tcg_temp_new_i32();
11325 tcg_gen_movi_i32(tmp2, val);
11326 store_reg(s, 14, tmp2);
11327 gen_bx(s, tmp);
11328 } else {
11329 /* Only BX works as exception-return, not BLX */
11330 gen_bx_excret(s, tmp);
11331 }
11332 break;
11333 }
11334 }
11335 break;
11336 }
11337
11338 /* data processing register */
11339 rd = insn & 7;
11340 rm = (insn >> 3) & 7;
11341 op = (insn >> 6) & 0xf;
11342 if (op == 2 || op == 3 || op == 4 || op == 7) {
11343 /* the shift/rotate ops want the operands backwards */
11344 val = rm;
11345 rm = rd;
11346 rd = val;
11347 val = 1;
11348 } else {
11349 val = 0;
11350 }
11351
11352 if (op == 9) { /* neg */
11353 tmp = tcg_temp_new_i32();
11354 tcg_gen_movi_i32(tmp, 0);
11355 } else if (op != 0xf) { /* mvn doesn't read its first operand */
11356 tmp = load_reg(s, rd);
11357 } else {
11358 tmp = NULL;
11359 }
11360
11361 tmp2 = load_reg(s, rm);
11362 switch (op) {
11363 case 0x0: /* and */
11364 tcg_gen_and_i32(tmp, tmp, tmp2);
11365 if (!s->condexec_mask)
11366 gen_logic_CC(tmp);
11367 break;
11368 case 0x1: /* eor */
11369 tcg_gen_xor_i32(tmp, tmp, tmp2);
11370 if (!s->condexec_mask)
11371 gen_logic_CC(tmp);
11372 break;
11373 case 0x2: /* lsl */
11374 if (s->condexec_mask) {
11375 gen_shl(tmp2, tmp2, tmp);
11376 } else {
11377 gen_helper_shl_cc(tmp2, cpu_env, tmp2, tmp);
11378 gen_logic_CC(tmp2);
11379 }
11380 break;
11381 case 0x3: /* lsr */
11382 if (s->condexec_mask) {
11383 gen_shr(tmp2, tmp2, tmp);
11384 } else {
11385 gen_helper_shr_cc(tmp2, cpu_env, tmp2, tmp);
11386 gen_logic_CC(tmp2);
11387 }
11388 break;
11389 case 0x4: /* asr */
11390 if (s->condexec_mask) {
11391 gen_sar(tmp2, tmp2, tmp);
11392 } else {
11393 gen_helper_sar_cc(tmp2, cpu_env, tmp2, tmp);
11394 gen_logic_CC(tmp2);
11395 }
11396 break;
11397 case 0x5: /* adc */
11398 if (s->condexec_mask) {
11399 gen_adc(tmp, tmp2);
11400 } else {
11401 gen_adc_CC(tmp, tmp, tmp2);
11402 }
11403 break;
11404 case 0x6: /* sbc */
11405 if (s->condexec_mask) {
11406 gen_sub_carry(tmp, tmp, tmp2);
11407 } else {
11408 gen_sbc_CC(tmp, tmp, tmp2);
11409 }
11410 break;
11411 case 0x7: /* ror */
11412 if (s->condexec_mask) {
11413 tcg_gen_andi_i32(tmp, tmp, 0x1f);
11414 tcg_gen_rotr_i32(tmp2, tmp2, tmp);
11415 } else {
11416 gen_helper_ror_cc(tmp2, cpu_env, tmp2, tmp);
11417 gen_logic_CC(tmp2);
11418 }
11419 break;
11420 case 0x8: /* tst */
11421 tcg_gen_and_i32(tmp, tmp, tmp2);
11422 gen_logic_CC(tmp);
11423 rd = 16;
11424 break;
11425 case 0x9: /* neg */
11426 if (s->condexec_mask)
11427 tcg_gen_neg_i32(tmp, tmp2);
11428 else
11429 gen_sub_CC(tmp, tmp, tmp2);
11430 break;
11431 case 0xa: /* cmp */
11432 gen_sub_CC(tmp, tmp, tmp2);
11433 rd = 16;
11434 break;
11435 case 0xb: /* cmn */
11436 gen_add_CC(tmp, tmp, tmp2);
11437 rd = 16;
11438 break;
11439 case 0xc: /* orr */
11440 tcg_gen_or_i32(tmp, tmp, tmp2);
11441 if (!s->condexec_mask)
11442 gen_logic_CC(tmp);
11443 break;
11444 case 0xd: /* mul */
11445 tcg_gen_mul_i32(tmp, tmp, tmp2);
11446 if (!s->condexec_mask)
11447 gen_logic_CC(tmp);
11448 break;
11449 case 0xe: /* bic */
11450 tcg_gen_andc_i32(tmp, tmp, tmp2);
11451 if (!s->condexec_mask)
11452 gen_logic_CC(tmp);
11453 break;
11454 case 0xf: /* mvn */
11455 tcg_gen_not_i32(tmp2, tmp2);
11456 if (!s->condexec_mask)
11457 gen_logic_CC(tmp2);
11458 val = 1;
11459 rm = rd;
11460 break;
11461 }
11462 if (rd != 16) {
11463 if (val) {
11464 store_reg(s, rm, tmp2);
11465 if (op != 0xf)
11466 tcg_temp_free_i32(tmp);
11467 } else {
11468 store_reg(s, rd, tmp);
11469 tcg_temp_free_i32(tmp2);
11470 }
11471 } else {
11472 tcg_temp_free_i32(tmp);
11473 tcg_temp_free_i32(tmp2);
11474 }
11475 break;
11476
11477 case 5:
11478 /* load/store register offset. */
11479 rd = insn & 7;
11480 rn = (insn >> 3) & 7;
11481 rm = (insn >> 6) & 7;
11482 op = (insn >> 9) & 7;
11483 addr = load_reg(s, rn);
11484 tmp = load_reg(s, rm);
11485 tcg_gen_add_i32(addr, addr, tmp);
11486 tcg_temp_free_i32(tmp);
11487
11488 if (op < 3) { /* store */
11489 tmp = load_reg(s, rd);
11490 } else {
11491 tmp = tcg_temp_new_i32();
11492 }
11493
11494 switch (op) {
11495 case 0: /* str */
11496 gen_aa32_st32_iss(s, tmp, addr, get_mem_index(s), rd | ISSIs16Bit);
11497 break;
11498 case 1: /* strh */
11499 gen_aa32_st16_iss(s, tmp, addr, get_mem_index(s), rd | ISSIs16Bit);
11500 break;
11501 case 2: /* strb */
11502 gen_aa32_st8_iss(s, tmp, addr, get_mem_index(s), rd | ISSIs16Bit);
11503 break;
11504 case 3: /* ldrsb */
11505 gen_aa32_ld8s_iss(s, tmp, addr, get_mem_index(s), rd | ISSIs16Bit);
11506 break;
11507 case 4: /* ldr */
11508 gen_aa32_ld32u_iss(s, tmp, addr, get_mem_index(s), rd | ISSIs16Bit);
11509 break;
11510 case 5: /* ldrh */
11511 gen_aa32_ld16u_iss(s, tmp, addr, get_mem_index(s), rd | ISSIs16Bit);
11512 break;
11513 case 6: /* ldrb */
11514 gen_aa32_ld8u_iss(s, tmp, addr, get_mem_index(s), rd | ISSIs16Bit);
11515 break;
11516 case 7: /* ldrsh */
11517 gen_aa32_ld16s_iss(s, tmp, addr, get_mem_index(s), rd | ISSIs16Bit);
11518 break;
11519 }
11520 if (op >= 3) { /* load */
11521 store_reg(s, rd, tmp);
11522 } else {
11523 tcg_temp_free_i32(tmp);
11524 }
11525 tcg_temp_free_i32(addr);
11526 break;
11527
11528 case 6:
11529 /* load/store word immediate offset */
11530 rd = insn & 7;
11531 rn = (insn >> 3) & 7;
11532 addr = load_reg(s, rn);
11533 val = (insn >> 4) & 0x7c;
11534 tcg_gen_addi_i32(addr, addr, val);
11535
11536 if (insn & (1 << 11)) {
11537 /* load */
11538 tmp = tcg_temp_new_i32();
11539 gen_aa32_ld32u(s, tmp, addr, get_mem_index(s));
11540 store_reg(s, rd, tmp);
11541 } else {
11542 /* store */
11543 tmp = load_reg(s, rd);
11544 gen_aa32_st32(s, tmp, addr, get_mem_index(s));
11545 tcg_temp_free_i32(tmp);
11546 }
11547 tcg_temp_free_i32(addr);
11548 break;
11549
11550 case 7:
11551 /* load/store byte immediate offset */
11552 rd = insn & 7;
11553 rn = (insn >> 3) & 7;
11554 addr = load_reg(s, rn);
11555 val = (insn >> 6) & 0x1f;
11556 tcg_gen_addi_i32(addr, addr, val);
11557
11558 if (insn & (1 << 11)) {
11559 /* load */
11560 tmp = tcg_temp_new_i32();
11561 gen_aa32_ld8u_iss(s, tmp, addr, get_mem_index(s), rd | ISSIs16Bit);
11562 store_reg(s, rd, tmp);
11563 } else {
11564 /* store */
11565 tmp = load_reg(s, rd);
11566 gen_aa32_st8_iss(s, tmp, addr, get_mem_index(s), rd | ISSIs16Bit);
11567 tcg_temp_free_i32(tmp);
11568 }
11569 tcg_temp_free_i32(addr);
11570 break;
11571
11572 case 8:
11573 /* load/store halfword immediate offset */
11574 rd = insn & 7;
11575 rn = (insn >> 3) & 7;
11576 addr = load_reg(s, rn);
11577 val = (insn >> 5) & 0x3e;
11578 tcg_gen_addi_i32(addr, addr, val);
11579
11580 if (insn & (1 << 11)) {
11581 /* load */
11582 tmp = tcg_temp_new_i32();
11583 gen_aa32_ld16u_iss(s, tmp, addr, get_mem_index(s), rd | ISSIs16Bit);
11584 store_reg(s, rd, tmp);
11585 } else {
11586 /* store */
11587 tmp = load_reg(s, rd);
11588 gen_aa32_st16_iss(s, tmp, addr, get_mem_index(s), rd | ISSIs16Bit);
11589 tcg_temp_free_i32(tmp);
11590 }
11591 tcg_temp_free_i32(addr);
11592 break;
11593
11594 case 9:
11595 /* load/store from stack */
11596 rd = (insn >> 8) & 7;
11597 addr = load_reg(s, 13);
11598 val = (insn & 0xff) * 4;
11599 tcg_gen_addi_i32(addr, addr, val);
11600
11601 if (insn & (1 << 11)) {
11602 /* load */
11603 tmp = tcg_temp_new_i32();
11604 gen_aa32_ld32u_iss(s, tmp, addr, get_mem_index(s), rd | ISSIs16Bit);
11605 store_reg(s, rd, tmp);
11606 } else {
11607 /* store */
11608 tmp = load_reg(s, rd);
11609 gen_aa32_st32_iss(s, tmp, addr, get_mem_index(s), rd | ISSIs16Bit);
11610 tcg_temp_free_i32(tmp);
11611 }
11612 tcg_temp_free_i32(addr);
11613 break;
11614
11615 case 10:
11616 /* add to high reg */
11617 rd = (insn >> 8) & 7;
11618 if (insn & (1 << 11)) {
11619 /* SP */
11620 tmp = load_reg(s, 13);
11621 } else {
11622 /* PC. bit 1 is ignored. */
11623 tmp = tcg_temp_new_i32();
11624 tcg_gen_movi_i32(tmp, (s->pc + 2) & ~(uint32_t)2);
11625 }
11626 val = (insn & 0xff) * 4;
11627 tcg_gen_addi_i32(tmp, tmp, val);
11628 store_reg(s, rd, tmp);
11629 break;
11630
11631 case 11:
11632 /* misc */
11633 op = (insn >> 8) & 0xf;
11634 switch (op) {
11635 case 0:
11636 /* adjust stack pointer */
11637 tmp = load_reg(s, 13);
11638 val = (insn & 0x7f) * 4;
11639 if (insn & (1 << 7))
11640 val = -(int32_t)val;
11641 tcg_gen_addi_i32(tmp, tmp, val);
11642 store_reg(s, 13, tmp);
11643 break;
11644
11645 case 2: /* sign/zero extend. */
11646 ARCH(6);
11647 rd = insn & 7;
11648 rm = (insn >> 3) & 7;
11649 tmp = load_reg(s, rm);
11650 switch ((insn >> 6) & 3) {
11651 case 0: gen_sxth(tmp); break;
11652 case 1: gen_sxtb(tmp); break;
11653 case 2: gen_uxth(tmp); break;
11654 case 3: gen_uxtb(tmp); break;
11655 }
11656 store_reg(s, rd, tmp);
11657 break;
11658 case 4: case 5: case 0xc: case 0xd:
11659 /* push/pop */
11660 addr = load_reg(s, 13);
11661 if (insn & (1 << 8))
11662 offset = 4;
11663 else
11664 offset = 0;
11665 for (i = 0; i < 8; i++) {
11666 if (insn & (1 << i))
11667 offset += 4;
11668 }
11669 if ((insn & (1 << 11)) == 0) {
11670 tcg_gen_addi_i32(addr, addr, -offset);
11671 }
11672 for (i = 0; i < 8; i++) {
11673 if (insn & (1 << i)) {
11674 if (insn & (1 << 11)) {
11675 /* pop */
11676 tmp = tcg_temp_new_i32();
11677 gen_aa32_ld32u(s, tmp, addr, get_mem_index(s));
11678 store_reg(s, i, tmp);
11679 } else {
11680 /* push */
11681 tmp = load_reg(s, i);
11682 gen_aa32_st32(s, tmp, addr, get_mem_index(s));
11683 tcg_temp_free_i32(tmp);
11684 }
11685 /* advance to the next address. */
11686 tcg_gen_addi_i32(addr, addr, 4);
11687 }
11688 }
11689 tmp = NULL;
11690 if (insn & (1 << 8)) {
11691 if (insn & (1 << 11)) {
11692 /* pop pc */
11693 tmp = tcg_temp_new_i32();
11694 gen_aa32_ld32u(s, tmp, addr, get_mem_index(s));
11695 /* don't set the pc until the rest of the instruction
11696 has completed */
11697 } else {
11698 /* push lr */
11699 tmp = load_reg(s, 14);
11700 gen_aa32_st32(s, tmp, addr, get_mem_index(s));
11701 tcg_temp_free_i32(tmp);
11702 }
11703 tcg_gen_addi_i32(addr, addr, 4);
11704 }
11705 if ((insn & (1 << 11)) == 0) {
11706 tcg_gen_addi_i32(addr, addr, -offset);
11707 }
11708 /* write back the new stack pointer */
11709 store_reg(s, 13, addr);
11710 /* set the new PC value */
11711 if ((insn & 0x0900) == 0x0900) {
11712 store_reg_from_load(s, 15, tmp);
11713 }
11714 break;
11715
11716 case 1: case 3: case 9: case 11: /* czb */
11717 rm = insn & 7;
11718 tmp = load_reg(s, rm);
11719 s->condlabel = gen_new_label();
11720 s->condjmp = 1;
11721 if (insn & (1 << 11))
11722 tcg_gen_brcondi_i32(TCG_COND_EQ, tmp, 0, s->condlabel);
11723 else
11724 tcg_gen_brcondi_i32(TCG_COND_NE, tmp, 0, s->condlabel);
11725 tcg_temp_free_i32(tmp);
11726 offset = ((insn & 0xf8) >> 2) | (insn & 0x200) >> 3;
11727 val = (uint32_t)s->pc + 2;
11728 val += offset;
11729 gen_jmp(s, val);
11730 break;
11731
11732 case 15: /* IT, nop-hint. */
11733 if ((insn & 0xf) == 0) {
11734 gen_nop_hint(s, (insn >> 4) & 0xf);
11735 break;
11736 }
11737 /* If Then. */
11738 s->condexec_cond = (insn >> 4) & 0xe;
11739 s->condexec_mask = insn & 0x1f;
11740 /* No actual code generated for this insn, just setup state. */
11741 break;
11742
11743 case 0xe: /* bkpt */
11744 {
11745 int imm8 = extract32(insn, 0, 8);
11746 ARCH(5);
11747 gen_exception_insn(s, 2, EXCP_BKPT, syn_aa32_bkpt(imm8, true),
11748 default_exception_el(s));
11749 break;
11750 }
11751
11752 case 0xa: /* rev, and hlt */
11753 {
11754 int op1 = extract32(insn, 6, 2);
11755
11756 if (op1 == 2) {
11757 /* HLT */
11758 int imm6 = extract32(insn, 0, 6);
11759
11760 gen_hlt(s, imm6);
11761 break;
11762 }
11763
11764 /* Otherwise this is rev */
11765 ARCH(6);
11766 rn = (insn >> 3) & 0x7;
11767 rd = insn & 0x7;
11768 tmp = load_reg(s, rn);
11769 switch (op1) {
11770 case 0: tcg_gen_bswap32_i32(tmp, tmp); break;
11771 case 1: gen_rev16(tmp); break;
11772 case 3: gen_revsh(tmp); break;
11773 default:
11774 g_assert_not_reached();
11775 }
11776 store_reg(s, rd, tmp);
11777 break;
11778 }
11779
11780 case 6:
11781 switch ((insn >> 5) & 7) {
11782 case 2:
11783 /* setend */
11784 ARCH(6);
11785 if (((insn >> 3) & 1) != !!(s->be_data == MO_BE)) {
11786 gen_helper_setend(cpu_env);
11787 s->base.is_jmp = DISAS_UPDATE;
11788 }
11789 break;
11790 case 3:
11791 /* cps */
11792 ARCH(6);
11793 if (IS_USER(s)) {
11794 break;
11795 }
11796 if (arm_dc_feature(s, ARM_FEATURE_M)) {
11797 tmp = tcg_const_i32((insn & (1 << 4)) != 0);
11798 /* FAULTMASK */
11799 if (insn & 1) {
11800 addr = tcg_const_i32(19);
11801 gen_helper_v7m_msr(cpu_env, addr, tmp);
11802 tcg_temp_free_i32(addr);
11803 }
11804 /* PRIMASK */
11805 if (insn & 2) {
11806 addr = tcg_const_i32(16);
11807 gen_helper_v7m_msr(cpu_env, addr, tmp);
11808 tcg_temp_free_i32(addr);
11809 }
11810 tcg_temp_free_i32(tmp);
11811 gen_lookup_tb(s);
11812 } else {
11813 if (insn & (1 << 4)) {
11814 shift = CPSR_A | CPSR_I | CPSR_F;
11815 } else {
11816 shift = 0;
11817 }
11818 gen_set_psr_im(s, ((insn & 7) << 6), 0, shift);
11819 }
11820 break;
11821 default:
11822 goto undef;
11823 }
11824 break;
11825
11826 default:
11827 goto undef;
11828 }
11829 break;
11830
11831 case 12:
11832 {
11833 /* load/store multiple */
11834 TCGv_i32 loaded_var = NULL;
11835 rn = (insn >> 8) & 0x7;
11836 addr = load_reg(s, rn);
11837 for (i = 0; i < 8; i++) {
11838 if (insn & (1 << i)) {
11839 if (insn & (1 << 11)) {
11840 /* load */
11841 tmp = tcg_temp_new_i32();
11842 gen_aa32_ld32u(s, tmp, addr, get_mem_index(s));
11843 if (i == rn) {
11844 loaded_var = tmp;
11845 } else {
11846 store_reg(s, i, tmp);
11847 }
11848 } else {
11849 /* store */
11850 tmp = load_reg(s, i);
11851 gen_aa32_st32(s, tmp, addr, get_mem_index(s));
11852 tcg_temp_free_i32(tmp);
11853 }
11854 /* advance to the next address */
11855 tcg_gen_addi_i32(addr, addr, 4);
11856 }
11857 }
11858 if ((insn & (1 << rn)) == 0) {
11859 /* base reg not in list: base register writeback */
11860 store_reg(s, rn, addr);
11861 } else {
11862 /* base reg in list: if load, complete it now */
11863 if (insn & (1 << 11)) {
11864 store_reg(s, rn, loaded_var);
11865 }
11866 tcg_temp_free_i32(addr);
11867 }
11868 break;
11869 }
11870 case 13:
11871 /* conditional branch or swi */
11872 cond = (insn >> 8) & 0xf;
11873 if (cond == 0xe)
11874 goto undef;
11875
11876 if (cond == 0xf) {
11877 /* swi */
11878 gen_set_pc_im(s, s->pc);
11879 s->svc_imm = extract32(insn, 0, 8);
11880 s->base.is_jmp = DISAS_SWI;
11881 break;
11882 }
11883 /* generate a conditional jump to next instruction */
11884 s->condlabel = gen_new_label();
11885 arm_gen_test_cc(cond ^ 1, s->condlabel);
11886 s->condjmp = 1;
11887
11888 /* jump to the offset */
11889 val = (uint32_t)s->pc + 2;
11890 offset = ((int32_t)insn << 24) >> 24;
11891 val += offset << 1;
11892 gen_jmp(s, val);
11893 break;
11894
11895 case 14:
11896 if (insn & (1 << 11)) {
11897 /* thumb_insn_is_16bit() ensures we can't get here for
11898 * a Thumb2 CPU, so this must be a thumb1 split BL/BLX:
11899 * 0b1110_1xxx_xxxx_xxxx : BLX suffix (or UNDEF)
11900 */
11901 assert(!arm_dc_feature(s, ARM_FEATURE_THUMB2));
11902 ARCH(5);
11903 offset = ((insn & 0x7ff) << 1);
11904 tmp = load_reg(s, 14);
11905 tcg_gen_addi_i32(tmp, tmp, offset);
11906 tcg_gen_andi_i32(tmp, tmp, 0xfffffffc);
11907
11908 tmp2 = tcg_temp_new_i32();
11909 tcg_gen_movi_i32(tmp2, s->pc | 1);
11910 store_reg(s, 14, tmp2);
11911 gen_bx(s, tmp);
11912 break;
11913 }
11914 /* unconditional branch */
11915 val = (uint32_t)s->pc;
11916 offset = ((int32_t)insn << 21) >> 21;
11917 val += (offset << 1) + 2;
11918 gen_jmp(s, val);
11919 break;
11920
11921 case 15:
11922 /* thumb_insn_is_16bit() ensures we can't get here for
11923 * a Thumb2 CPU, so this must be a thumb1 split BL/BLX.
11924 */
11925 assert(!arm_dc_feature(s, ARM_FEATURE_THUMB2));
11926
11927 if (insn & (1 << 11)) {
11928 /* 0b1111_1xxx_xxxx_xxxx : BL suffix */
11929 offset = ((insn & 0x7ff) << 1) | 1;
11930 tmp = load_reg(s, 14);
11931 tcg_gen_addi_i32(tmp, tmp, offset);
11932
11933 tmp2 = tcg_temp_new_i32();
11934 tcg_gen_movi_i32(tmp2, s->pc | 1);
11935 store_reg(s, 14, tmp2);
11936 gen_bx(s, tmp);
11937 } else {
11938 /* 0b1111_0xxx_xxxx_xxxx : BL/BLX prefix */
11939 uint32_t uoffset = ((int32_t)insn << 21) >> 9;
11940
11941 tcg_gen_movi_i32(cpu_R[14], s->pc + 2 + uoffset);
11942 }
11943 break;
11944 }
11945 return;
11946 illegal_op:
11947 undef:
11948 gen_exception_insn(s, 2, EXCP_UDEF, syn_uncategorized(),
11949 default_exception_el(s));
11950 }
11951
11952 static bool insn_crosses_page(CPUARMState *env, DisasContext *s)
11953 {
11954 /* Return true if the insn at dc->pc might cross a page boundary.
11955 * (False positives are OK, false negatives are not.)
11956 * We know this is a Thumb insn, and our caller ensures we are
11957 * only called if dc->pc is less than 4 bytes from the page
11958 * boundary, so we cross the page if the first 16 bits indicate
11959 * that this is a 32 bit insn.
11960 */
11961 uint16_t insn = arm_lduw_code(env, s->pc, s->sctlr_b);
11962
11963 return !thumb_insn_is_16bit(s, insn);
11964 }
11965
11966 static int arm_tr_init_disas_context(DisasContextBase *dcbase,
11967 CPUState *cs, int max_insns)
11968 {
11969 DisasContext *dc = container_of(dcbase, DisasContext, base);
11970 CPUARMState *env = cs->env_ptr;
11971 ARMCPU *cpu = arm_env_get_cpu(env);
11972
11973 dc->pc = dc->base.pc_first;
11974 dc->condjmp = 0;
11975
11976 dc->aarch64 = 0;
11977 /* If we are coming from secure EL0 in a system with a 32-bit EL3, then
11978 * there is no secure EL1, so we route exceptions to EL3.
11979 */
11980 dc->secure_routed_to_el3 = arm_feature(env, ARM_FEATURE_EL3) &&
11981 !arm_el_is_aa64(env, 3);
11982 dc->thumb = ARM_TBFLAG_THUMB(dc->base.tb->flags);
11983 dc->sctlr_b = ARM_TBFLAG_SCTLR_B(dc->base.tb->flags);
11984 dc->be_data = ARM_TBFLAG_BE_DATA(dc->base.tb->flags) ? MO_BE : MO_LE;
11985 dc->condexec_mask = (ARM_TBFLAG_CONDEXEC(dc->base.tb->flags) & 0xf) << 1;
11986 dc->condexec_cond = ARM_TBFLAG_CONDEXEC(dc->base.tb->flags) >> 4;
11987 dc->mmu_idx = core_to_arm_mmu_idx(env, ARM_TBFLAG_MMUIDX(dc->base.tb->flags));
11988 dc->current_el = arm_mmu_idx_to_el(dc->mmu_idx);
11989 #if !defined(CONFIG_USER_ONLY)
11990 dc->user = (dc->current_el == 0);
11991 #endif
11992 dc->ns = ARM_TBFLAG_NS(dc->base.tb->flags);
11993 dc->fp_excp_el = ARM_TBFLAG_FPEXC_EL(dc->base.tb->flags);
11994 dc->vfp_enabled = ARM_TBFLAG_VFPEN(dc->base.tb->flags);
11995 dc->vec_len = ARM_TBFLAG_VECLEN(dc->base.tb->flags);
11996 dc->vec_stride = ARM_TBFLAG_VECSTRIDE(dc->base.tb->flags);
11997 dc->c15_cpar = ARM_TBFLAG_XSCALE_CPAR(dc->base.tb->flags);
11998 dc->v7m_handler_mode = ARM_TBFLAG_HANDLER(dc->base.tb->flags);
11999 dc->v8m_secure = arm_feature(env, ARM_FEATURE_M_SECURITY) &&
12000 regime_is_secure(env, dc->mmu_idx);
12001 dc->cp_regs = cpu->cp_regs;
12002 dc->features = env->features;
12003
12004 /* Single step state. The code-generation logic here is:
12005 * SS_ACTIVE == 0:
12006 * generate code with no special handling for single-stepping (except
12007 * that anything that can make us go to SS_ACTIVE == 1 must end the TB;
12008 * this happens anyway because those changes are all system register or
12009 * PSTATE writes).
12010 * SS_ACTIVE == 1, PSTATE.SS == 1: (active-not-pending)
12011 * emit code for one insn
12012 * emit code to clear PSTATE.SS
12013 * emit code to generate software step exception for completed step
12014 * end TB (as usual for having generated an exception)
12015 * SS_ACTIVE == 1, PSTATE.SS == 0: (active-pending)
12016 * emit code to generate a software step exception
12017 * end the TB
12018 */
12019 dc->ss_active = ARM_TBFLAG_SS_ACTIVE(dc->base.tb->flags);
12020 dc->pstate_ss = ARM_TBFLAG_PSTATE_SS(dc->base.tb->flags);
12021 dc->is_ldex = false;
12022 dc->ss_same_el = false; /* Can't be true since EL_d must be AArch64 */
12023
12024 dc->next_page_start =
12025 (dc->base.pc_first & TARGET_PAGE_MASK) + TARGET_PAGE_SIZE;
12026
12027 /* If architectural single step active, limit to 1. */
12028 if (is_singlestepping(dc)) {
12029 max_insns = 1;
12030 }
12031
12032 /* ARM is a fixed-length ISA. Bound the number of insns to execute
12033 to those left on the page. */
12034 if (!dc->thumb) {
12035 int bound = (dc->next_page_start - dc->base.pc_first) / 4;
12036 max_insns = MIN(max_insns, bound);
12037 }
12038
12039 cpu_F0s = tcg_temp_new_i32();
12040 cpu_F1s = tcg_temp_new_i32();
12041 cpu_F0d = tcg_temp_new_i64();
12042 cpu_F1d = tcg_temp_new_i64();
12043 cpu_V0 = cpu_F0d;
12044 cpu_V1 = cpu_F1d;
12045 /* FIXME: cpu_M0 can probably be the same as cpu_V0. */
12046 cpu_M0 = tcg_temp_new_i64();
12047
12048 return max_insns;
12049 }
12050
12051 static void arm_tr_tb_start(DisasContextBase *dcbase, CPUState *cpu)
12052 {
12053 DisasContext *dc = container_of(dcbase, DisasContext, base);
12054
12055 /* A note on handling of the condexec (IT) bits:
12056 *
12057 * We want to avoid the overhead of having to write the updated condexec
12058 * bits back to the CPUARMState for every instruction in an IT block. So:
12059 * (1) if the condexec bits are not already zero then we write
12060 * zero back into the CPUARMState now. This avoids complications trying
12061 * to do it at the end of the block. (For example if we don't do this
12062 * it's hard to identify whether we can safely skip writing condexec
12063 * at the end of the TB, which we definitely want to do for the case
12064 * where a TB doesn't do anything with the IT state at all.)
12065 * (2) if we are going to leave the TB then we call gen_set_condexec()
12066 * which will write the correct value into CPUARMState if zero is wrong.
12067 * This is done both for leaving the TB at the end, and for leaving
12068 * it because of an exception we know will happen, which is done in
12069 * gen_exception_insn(). The latter is necessary because we need to
12070 * leave the TB with the PC/IT state just prior to execution of the
12071 * instruction which caused the exception.
12072 * (3) if we leave the TB unexpectedly (eg a data abort on a load)
12073 * then the CPUARMState will be wrong and we need to reset it.
12074 * This is handled in the same way as restoration of the
12075 * PC in these situations; we save the value of the condexec bits
12076 * for each PC via tcg_gen_insn_start(), and restore_state_to_opc()
12077 * then uses this to restore them after an exception.
12078 *
12079 * Note that there are no instructions which can read the condexec
12080 * bits, and none which can write non-static values to them, so
12081 * we don't need to care about whether CPUARMState is correct in the
12082 * middle of a TB.
12083 */
12084
12085 /* Reset the conditional execution bits immediately. This avoids
12086 complications trying to do it at the end of the block. */
12087 if (dc->condexec_mask || dc->condexec_cond) {
12088 TCGv_i32 tmp = tcg_temp_new_i32();
12089 tcg_gen_movi_i32(tmp, 0);
12090 store_cpu_field(tmp, condexec_bits);
12091 }
12092 tcg_clear_temp_count();
12093 }
12094
12095 static void arm_tr_insn_start(DisasContextBase *dcbase, CPUState *cpu)
12096 {
12097 DisasContext *dc = container_of(dcbase, DisasContext, base);
12098
12099 tcg_gen_insn_start(dc->pc,
12100 (dc->condexec_cond << 4) | (dc->condexec_mask >> 1),
12101 0);
12102 dc->insn_start = tcg_last_op();
12103 }
12104
12105 static bool arm_tr_breakpoint_check(DisasContextBase *dcbase, CPUState *cpu,
12106 const CPUBreakpoint *bp)
12107 {
12108 DisasContext *dc = container_of(dcbase, DisasContext, base);
12109
12110 if (bp->flags & BP_CPU) {
12111 gen_set_condexec(dc);
12112 gen_set_pc_im(dc, dc->pc);
12113 gen_helper_check_breakpoints(cpu_env);
12114 /* End the TB early; it's likely not going to be executed */
12115 dc->base.is_jmp = DISAS_TOO_MANY;
12116 } else {
12117 gen_exception_internal_insn(dc, 0, EXCP_DEBUG);
12118 /* The address covered by the breakpoint must be
12119 included in [tb->pc, tb->pc + tb->size) in order
12120 to for it to be properly cleared -- thus we
12121 increment the PC here so that the logic setting
12122 tb->size below does the right thing. */
12123 /* TODO: Advance PC by correct instruction length to
12124 * avoid disassembler error messages */
12125 dc->pc += 2;
12126 dc->base.is_jmp = DISAS_NORETURN;
12127 }
12128
12129 return true;
12130 }
12131
12132 static bool arm_pre_translate_insn(DisasContext *dc)
12133 {
12134 #ifdef CONFIG_USER_ONLY
12135 /* Intercept jump to the magic kernel page. */
12136 if (dc->pc >= 0xffff0000) {
12137 /* We always get here via a jump, so know we are not in a
12138 conditional execution block. */
12139 gen_exception_internal(EXCP_KERNEL_TRAP);
12140 dc->base.is_jmp = DISAS_NORETURN;
12141 return true;
12142 }
12143 #endif
12144
12145 if (dc->ss_active && !dc->pstate_ss) {
12146 /* Singlestep state is Active-pending.
12147 * If we're in this state at the start of a TB then either
12148 * a) we just took an exception to an EL which is being debugged
12149 * and this is the first insn in the exception handler
12150 * b) debug exceptions were masked and we just unmasked them
12151 * without changing EL (eg by clearing PSTATE.D)
12152 * In either case we're going to take a swstep exception in the
12153 * "did not step an insn" case, and so the syndrome ISV and EX
12154 * bits should be zero.
12155 */
12156 assert(dc->base.num_insns == 1);
12157 gen_exception(EXCP_UDEF, syn_swstep(dc->ss_same_el, 0, 0),
12158 default_exception_el(dc));
12159 dc->base.is_jmp = DISAS_NORETURN;
12160 return true;
12161 }
12162
12163 return false;
12164 }
12165
12166 static void arm_post_translate_insn(DisasContext *dc)
12167 {
12168 if (dc->condjmp && !dc->base.is_jmp) {
12169 gen_set_label(dc->condlabel);
12170 dc->condjmp = 0;
12171 }
12172 dc->base.pc_next = dc->pc;
12173 translator_loop_temp_check(&dc->base);
12174 }
12175
12176 static void arm_tr_translate_insn(DisasContextBase *dcbase, CPUState *cpu)
12177 {
12178 DisasContext *dc = container_of(dcbase, DisasContext, base);
12179 CPUARMState *env = cpu->env_ptr;
12180 unsigned int insn;
12181
12182 if (arm_pre_translate_insn(dc)) {
12183 return;
12184 }
12185
12186 insn = arm_ldl_code(env, dc->pc, dc->sctlr_b);
12187 dc->insn = insn;
12188 dc->pc += 4;
12189 disas_arm_insn(dc, insn);
12190
12191 arm_post_translate_insn(dc);
12192
12193 /* ARM is a fixed-length ISA. We performed the cross-page check
12194 in init_disas_context by adjusting max_insns. */
12195 }
12196
12197 static bool thumb_insn_is_unconditional(DisasContext *s, uint32_t insn)
12198 {
12199 /* Return true if this Thumb insn is always unconditional,
12200 * even inside an IT block. This is true of only a very few
12201 * instructions: BKPT, HLT, and SG.
12202 *
12203 * A larger class of instructions are UNPREDICTABLE if used
12204 * inside an IT block; we do not need to detect those here, because
12205 * what we do by default (perform the cc check and update the IT
12206 * bits state machine) is a permitted CONSTRAINED UNPREDICTABLE
12207 * choice for those situations.
12208 *
12209 * insn is either a 16-bit or a 32-bit instruction; the two are
12210 * distinguishable because for the 16-bit case the top 16 bits
12211 * are zeroes, and that isn't a valid 32-bit encoding.
12212 */
12213 if ((insn & 0xffffff00) == 0xbe00) {
12214 /* BKPT */
12215 return true;
12216 }
12217
12218 if ((insn & 0xffffffc0) == 0xba80 && arm_dc_feature(s, ARM_FEATURE_V8) &&
12219 !arm_dc_feature(s, ARM_FEATURE_M)) {
12220 /* HLT: v8A only. This is unconditional even when it is going to
12221 * UNDEF; see the v8A ARM ARM DDI0487B.a H3.3.
12222 * For v7 cores this was a plain old undefined encoding and so
12223 * honours its cc check. (We might be using the encoding as
12224 * a semihosting trap, but we don't change the cc check behaviour
12225 * on that account, because a debugger connected to a real v7A
12226 * core and emulating semihosting traps by catching the UNDEF
12227 * exception would also only see cases where the cc check passed.
12228 * No guest code should be trying to do a HLT semihosting trap
12229 * in an IT block anyway.
12230 */
12231 return true;
12232 }
12233
12234 if (insn == 0xe97fe97f && arm_dc_feature(s, ARM_FEATURE_V8) &&
12235 arm_dc_feature(s, ARM_FEATURE_M)) {
12236 /* SG: v8M only */
12237 return true;
12238 }
12239
12240 return false;
12241 }
12242
12243 static void thumb_tr_translate_insn(DisasContextBase *dcbase, CPUState *cpu)
12244 {
12245 DisasContext *dc = container_of(dcbase, DisasContext, base);
12246 CPUARMState *env = cpu->env_ptr;
12247 uint32_t insn;
12248 bool is_16bit;
12249
12250 if (arm_pre_translate_insn(dc)) {
12251 return;
12252 }
12253
12254 insn = arm_lduw_code(env, dc->pc, dc->sctlr_b);
12255 is_16bit = thumb_insn_is_16bit(dc, insn);
12256 dc->pc += 2;
12257 if (!is_16bit) {
12258 uint32_t insn2 = arm_lduw_code(env, dc->pc, dc->sctlr_b);
12259
12260 insn = insn << 16 | insn2;
12261 dc->pc += 2;
12262 }
12263 dc->insn = insn;
12264
12265 if (dc->condexec_mask && !thumb_insn_is_unconditional(dc, insn)) {
12266 uint32_t cond = dc->condexec_cond;
12267
12268 if (cond != 0x0e) { /* Skip conditional when condition is AL. */
12269 dc->condlabel = gen_new_label();
12270 arm_gen_test_cc(cond ^ 1, dc->condlabel);
12271 dc->condjmp = 1;
12272 }
12273 }
12274
12275 if (is_16bit) {
12276 disas_thumb_insn(dc, insn);
12277 } else {
12278 disas_thumb2_insn(dc, insn);
12279 }
12280
12281 /* Advance the Thumb condexec condition. */
12282 if (dc->condexec_mask) {
12283 dc->condexec_cond = ((dc->condexec_cond & 0xe) |
12284 ((dc->condexec_mask >> 4) & 1));
12285 dc->condexec_mask = (dc->condexec_mask << 1) & 0x1f;
12286 if (dc->condexec_mask == 0) {
12287 dc->condexec_cond = 0;
12288 }
12289 }
12290
12291 arm_post_translate_insn(dc);
12292
12293 /* Thumb is a variable-length ISA. Stop translation when the next insn
12294 * will touch a new page. This ensures that prefetch aborts occur at
12295 * the right place.
12296 *
12297 * We want to stop the TB if the next insn starts in a new page,
12298 * or if it spans between this page and the next. This means that
12299 * if we're looking at the last halfword in the page we need to
12300 * see if it's a 16-bit Thumb insn (which will fit in this TB)
12301 * or a 32-bit Thumb insn (which won't).
12302 * This is to avoid generating a silly TB with a single 16-bit insn
12303 * in it at the end of this page (which would execute correctly
12304 * but isn't very efficient).
12305 */
12306 if (dc->base.is_jmp == DISAS_NEXT
12307 && (dc->pc >= dc->next_page_start
12308 || (dc->pc >= dc->next_page_start - 3
12309 && insn_crosses_page(env, dc)))) {
12310 dc->base.is_jmp = DISAS_TOO_MANY;
12311 }
12312 }
12313
12314 static void arm_tr_tb_stop(DisasContextBase *dcbase, CPUState *cpu)
12315 {
12316 DisasContext *dc = container_of(dcbase, DisasContext, base);
12317
12318 if (tb_cflags(dc->base.tb) & CF_LAST_IO && dc->condjmp) {
12319 /* FIXME: This can theoretically happen with self-modifying code. */
12320 cpu_abort(cpu, "IO on conditional branch instruction");
12321 }
12322
12323 /* At this stage dc->condjmp will only be set when the skipped
12324 instruction was a conditional branch or trap, and the PC has
12325 already been written. */
12326 gen_set_condexec(dc);
12327 if (dc->base.is_jmp == DISAS_BX_EXCRET) {
12328 /* Exception return branches need some special case code at the
12329 * end of the TB, which is complex enough that it has to
12330 * handle the single-step vs not and the condition-failed
12331 * insn codepath itself.
12332 */
12333 gen_bx_excret_final_code(dc);
12334 } else if (unlikely(is_singlestepping(dc))) {
12335 /* Unconditional and "condition passed" instruction codepath. */
12336 switch (dc->base.is_jmp) {
12337 case DISAS_SWI:
12338 gen_ss_advance(dc);
12339 gen_exception(EXCP_SWI, syn_aa32_svc(dc->svc_imm, dc->thumb),
12340 default_exception_el(dc));
12341 break;
12342 case DISAS_HVC:
12343 gen_ss_advance(dc);
12344 gen_exception(EXCP_HVC, syn_aa32_hvc(dc->svc_imm), 2);
12345 break;
12346 case DISAS_SMC:
12347 gen_ss_advance(dc);
12348 gen_exception(EXCP_SMC, syn_aa32_smc(), 3);
12349 break;
12350 case DISAS_NEXT:
12351 case DISAS_TOO_MANY:
12352 case DISAS_UPDATE:
12353 gen_set_pc_im(dc, dc->pc);
12354 /* fall through */
12355 default:
12356 /* FIXME: Single stepping a WFI insn will not halt the CPU. */
12357 gen_singlestep_exception(dc);
12358 break;
12359 case DISAS_NORETURN:
12360 break;
12361 }
12362 } else {
12363 /* While branches must always occur at the end of an IT block,
12364 there are a few other things that can cause us to terminate
12365 the TB in the middle of an IT block:
12366 - Exception generating instructions (bkpt, swi, undefined).
12367 - Page boundaries.
12368 - Hardware watchpoints.
12369 Hardware breakpoints have already been handled and skip this code.
12370 */
12371 switch(dc->base.is_jmp) {
12372 case DISAS_NEXT:
12373 case DISAS_TOO_MANY:
12374 gen_goto_tb(dc, 1, dc->pc);
12375 break;
12376 case DISAS_JUMP:
12377 gen_goto_ptr();
12378 break;
12379 case DISAS_UPDATE:
12380 gen_set_pc_im(dc, dc->pc);
12381 /* fall through */
12382 default:
12383 /* indicate that the hash table must be used to find the next TB */
12384 tcg_gen_exit_tb(0);
12385 break;
12386 case DISAS_NORETURN:
12387 /* nothing more to generate */
12388 break;
12389 case DISAS_WFI:
12390 {
12391 TCGv_i32 tmp = tcg_const_i32((dc->thumb &&
12392 !(dc->insn & (1U << 31))) ? 2 : 4);
12393
12394 gen_helper_wfi(cpu_env, tmp);
12395 tcg_temp_free_i32(tmp);
12396 /* The helper doesn't necessarily throw an exception, but we
12397 * must go back to the main loop to check for interrupts anyway.
12398 */
12399 tcg_gen_exit_tb(0);
12400 break;
12401 }
12402 case DISAS_WFE:
12403 gen_helper_wfe(cpu_env);
12404 break;
12405 case DISAS_YIELD:
12406 gen_helper_yield(cpu_env);
12407 break;
12408 case DISAS_SWI:
12409 gen_exception(EXCP_SWI, syn_aa32_svc(dc->svc_imm, dc->thumb),
12410 default_exception_el(dc));
12411 break;
12412 case DISAS_HVC:
12413 gen_exception(EXCP_HVC, syn_aa32_hvc(dc->svc_imm), 2);
12414 break;
12415 case DISAS_SMC:
12416 gen_exception(EXCP_SMC, syn_aa32_smc(), 3);
12417 break;
12418 }
12419 }
12420
12421 if (dc->condjmp) {
12422 /* "Condition failed" instruction codepath for the branch/trap insn */
12423 gen_set_label(dc->condlabel);
12424 gen_set_condexec(dc);
12425 if (unlikely(is_singlestepping(dc))) {
12426 gen_set_pc_im(dc, dc->pc);
12427 gen_singlestep_exception(dc);
12428 } else {
12429 gen_goto_tb(dc, 1, dc->pc);
12430 }
12431 }
12432
12433 /* Functions above can change dc->pc, so re-align db->pc_next */
12434 dc->base.pc_next = dc->pc;
12435 }
12436
12437 static void arm_tr_disas_log(const DisasContextBase *dcbase, CPUState *cpu)
12438 {
12439 DisasContext *dc = container_of(dcbase, DisasContext, base);
12440
12441 qemu_log("IN: %s\n", lookup_symbol(dc->base.pc_first));
12442 log_target_disas(cpu, dc->base.pc_first, dc->base.tb->size);
12443 }
12444
12445 static const TranslatorOps arm_translator_ops = {
12446 .init_disas_context = arm_tr_init_disas_context,
12447 .tb_start = arm_tr_tb_start,
12448 .insn_start = arm_tr_insn_start,
12449 .breakpoint_check = arm_tr_breakpoint_check,
12450 .translate_insn = arm_tr_translate_insn,
12451 .tb_stop = arm_tr_tb_stop,
12452 .disas_log = arm_tr_disas_log,
12453 };
12454
12455 static const TranslatorOps thumb_translator_ops = {
12456 .init_disas_context = arm_tr_init_disas_context,
12457 .tb_start = arm_tr_tb_start,
12458 .insn_start = arm_tr_insn_start,
12459 .breakpoint_check = arm_tr_breakpoint_check,
12460 .translate_insn = thumb_tr_translate_insn,
12461 .tb_stop = arm_tr_tb_stop,
12462 .disas_log = arm_tr_disas_log,
12463 };
12464
12465 /* generate intermediate code for basic block 'tb'. */
12466 void gen_intermediate_code(CPUState *cpu, TranslationBlock *tb)
12467 {
12468 DisasContext dc;
12469 const TranslatorOps *ops = &arm_translator_ops;
12470
12471 if (ARM_TBFLAG_THUMB(tb->flags)) {
12472 ops = &thumb_translator_ops;
12473 }
12474 #ifdef TARGET_AARCH64
12475 if (ARM_TBFLAG_AARCH64_STATE(tb->flags)) {
12476 ops = &aarch64_translator_ops;
12477 }
12478 #endif
12479
12480 translator_loop(ops, &dc.base, cpu, tb);
12481 }
12482
12483 static const char *cpu_mode_names[16] = {
12484 "usr", "fiq", "irq", "svc", "???", "???", "mon", "abt",
12485 "???", "???", "hyp", "und", "???", "???", "???", "sys"
12486 };
12487
12488 void arm_cpu_dump_state(CPUState *cs, FILE *f, fprintf_function cpu_fprintf,
12489 int flags)
12490 {
12491 ARMCPU *cpu = ARM_CPU(cs);
12492 CPUARMState *env = &cpu->env;
12493 int i;
12494
12495 if (is_a64(env)) {
12496 aarch64_cpu_dump_state(cs, f, cpu_fprintf, flags);
12497 return;
12498 }
12499
12500 for(i=0;i<16;i++) {
12501 cpu_fprintf(f, "R%02d=%08x", i, env->regs[i]);
12502 if ((i % 4) == 3)
12503 cpu_fprintf(f, "\n");
12504 else
12505 cpu_fprintf(f, " ");
12506 }
12507
12508 if (arm_feature(env, ARM_FEATURE_M)) {
12509 uint32_t xpsr = xpsr_read(env);
12510 const char *mode;
12511 const char *ns_status = "";
12512
12513 if (arm_feature(env, ARM_FEATURE_M_SECURITY)) {
12514 ns_status = env->v7m.secure ? "S " : "NS ";
12515 }
12516
12517 if (xpsr & XPSR_EXCP) {
12518 mode = "handler";
12519 } else {
12520 if (env->v7m.control[env->v7m.secure] & R_V7M_CONTROL_NPRIV_MASK) {
12521 mode = "unpriv-thread";
12522 } else {
12523 mode = "priv-thread";
12524 }
12525 }
12526
12527 cpu_fprintf(f, "XPSR=%08x %c%c%c%c %c %s%s\n",
12528 xpsr,
12529 xpsr & XPSR_N ? 'N' : '-',
12530 xpsr & XPSR_Z ? 'Z' : '-',
12531 xpsr & XPSR_C ? 'C' : '-',
12532 xpsr & XPSR_V ? 'V' : '-',
12533 xpsr & XPSR_T ? 'T' : 'A',
12534 ns_status,
12535 mode);
12536 } else {
12537 uint32_t psr = cpsr_read(env);
12538 const char *ns_status = "";
12539
12540 if (arm_feature(env, ARM_FEATURE_EL3) &&
12541 (psr & CPSR_M) != ARM_CPU_MODE_MON) {
12542 ns_status = env->cp15.scr_el3 & SCR_NS ? "NS " : "S ";
12543 }
12544
12545 cpu_fprintf(f, "PSR=%08x %c%c%c%c %c %s%s%d\n",
12546 psr,
12547 psr & CPSR_N ? 'N' : '-',
12548 psr & CPSR_Z ? 'Z' : '-',
12549 psr & CPSR_C ? 'C' : '-',
12550 psr & CPSR_V ? 'V' : '-',
12551 psr & CPSR_T ? 'T' : 'A',
12552 ns_status,
12553 cpu_mode_names[psr & 0xf], (psr & 0x10) ? 32 : 26);
12554 }
12555
12556 if (flags & CPU_DUMP_FPU) {
12557 int numvfpregs = 0;
12558 if (arm_feature(env, ARM_FEATURE_VFP)) {
12559 numvfpregs += 16;
12560 }
12561 if (arm_feature(env, ARM_FEATURE_VFP3)) {
12562 numvfpregs += 16;
12563 }
12564 for (i = 0; i < numvfpregs; i++) {
12565 uint64_t v = float64_val(env->vfp.regs[i]);
12566 cpu_fprintf(f, "s%02d=%08x s%02d=%08x d%02d=%016" PRIx64 "\n",
12567 i * 2, (uint32_t)v,
12568 i * 2 + 1, (uint32_t)(v >> 32),
12569 i, v);
12570 }
12571 cpu_fprintf(f, "FPSCR: %08x\n", (int)env->vfp.xregs[ARM_VFP_FPSCR]);
12572 }
12573 }
12574
12575 void restore_state_to_opc(CPUARMState *env, TranslationBlock *tb,
12576 target_ulong *data)
12577 {
12578 if (is_a64(env)) {
12579 env->pc = data[0];
12580 env->condexec_bits = 0;
12581 env->exception.syndrome = data[2] << ARM_INSN_START_WORD2_SHIFT;
12582 } else {
12583 env->regs[15] = data[0];
12584 env->condexec_bits = data[1];
12585 env->exception.syndrome = data[2] << ARM_INSN_START_WORD2_SHIFT;
12586 }
12587 }
AR7 emulation for QEMU