search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
target/i386: Fix decoding of certain BMI instructions
[qemu/ar7.git] / target / i386 / tcg / translate.c
blobaf1faf9342ba1f12478838c34d09ecbc8d1642b8
1 /*
2 * i386 translation
3 *
4 * Copyright (c) 2003 Fabrice Bellard
5 *
6 * This library is free software; you can redistribute it and/or
7 * modify it under the terms of the GNU Lesser General Public
8 * License as published by the Free Software Foundation; either
9 * version 2.1 of the License, or (at your option) any later version.
10 *
11 * This library is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
14 * Lesser General Public License for more details.
15 *
16 * You should have received a copy of the GNU Lesser General Public
17 * License along with this library; if not, see <http://www.gnu.org/licenses/>.
18 */
19 #include "qemu/osdep.h"
20
21 #include "qemu/host-utils.h"
22 #include "cpu.h"
23 #include "disas/disas.h"
24 #include "exec/exec-all.h"
25 #include "tcg/tcg-op.h"
26 #include "exec/cpu_ldst.h"
27 #include "exec/translator.h"
28
29 #include "exec/helper-proto.h"
30 #include "exec/helper-gen.h"
31 #include "helper-tcg.h"
32
33 #include "trace-tcg.h"
34 #include "exec/log.h"
35
36 #define PREFIX_REPZ 0x01
37 #define PREFIX_REPNZ 0x02
38 #define PREFIX_LOCK 0x04
39 #define PREFIX_DATA 0x08
40 #define PREFIX_ADR 0x10
41 #define PREFIX_VEX 0x20
42
43 #ifdef TARGET_X86_64
44 #define CODE64(s) ((s)->code64)
45 #define REX_X(s) ((s)->rex_x)
46 #define REX_B(s) ((s)->rex_b)
47 #else
48 #define CODE64(s) 0
49 #define REX_X(s) 0
50 #define REX_B(s) 0
51 #endif
52
53 #ifdef TARGET_X86_64
54 # define ctztl ctz64
55 # define clztl clz64
56 #else
57 # define ctztl ctz32
58 # define clztl clz32
59 #endif
60
61 /* For a switch indexed by MODRM, match all memory operands for a given OP. */
62 #define CASE_MODRM_MEM_OP(OP) \
63 case (0 << 6) | (OP << 3) | 0 ... (0 << 6) | (OP << 3) | 7: \
64 case (1 << 6) | (OP << 3) | 0 ... (1 << 6) | (OP << 3) | 7: \
65 case (2 << 6) | (OP << 3) | 0 ... (2 << 6) | (OP << 3) | 7
66
67 #define CASE_MODRM_OP(OP) \
68 case (0 << 6) | (OP << 3) | 0 ... (0 << 6) | (OP << 3) | 7: \
69 case (1 << 6) | (OP << 3) | 0 ... (1 << 6) | (OP << 3) | 7: \
70 case (2 << 6) | (OP << 3) | 0 ... (2 << 6) | (OP << 3) | 7: \
71 case (3 << 6) | (OP << 3) | 0 ... (3 << 6) | (OP << 3) | 7
72
73 //#define MACRO_TEST 1
74
75 /* global register indexes */
76 static TCGv cpu_cc_dst, cpu_cc_src, cpu_cc_src2;
77 static TCGv_i32 cpu_cc_op;
78 static TCGv cpu_regs[CPU_NB_REGS];
79 static TCGv cpu_seg_base[6];
80 static TCGv_i64 cpu_bndl[4];
81 static TCGv_i64 cpu_bndu[4];
82
83 #include "exec/gen-icount.h"
84
85 typedef struct DisasContext {
86 DisasContextBase base;
87
88 /* current insn context */
89 int override; /* -1 if no override */
90 int prefix;
91 MemOp aflag;
92 MemOp dflag;
93 target_ulong pc_start;
94 target_ulong pc; /* pc = eip + cs_base */
95 /* current block context */
96 target_ulong cs_base; /* base of CS segment */
97 int pe; /* protected mode */
98 int code32; /* 32 bit code segment */
99 #ifdef TARGET_X86_64
100 int lma; /* long mode active */
101 int code64; /* 64 bit code segment */
102 int rex_x, rex_b;
103 #endif
104 int vex_l; /* vex vector length */
105 int vex_v; /* vex vvvv register, without 1's complement. */
106 int ss32; /* 32 bit stack segment */
107 CCOp cc_op; /* current CC operation */
108 bool cc_op_dirty;
109 #ifdef TARGET_X86_64
110 bool x86_64_hregs;
111 #endif
112 int addseg; /* non zero if either DS/ES/SS have a non zero base */
113 int f_st; /* currently unused */
114 int vm86; /* vm86 mode */
115 int cpl;
116 int iopl;
117 int tf; /* TF cpu flag */
118 int jmp_opt; /* use direct block chaining for direct jumps */
119 int repz_opt; /* optimize jumps within repz instructions */
120 int mem_index; /* select memory access functions */
121 uint64_t flags; /* all execution flags */
122 int popl_esp_hack; /* for correct popl with esp base handling */
123 int rip_offset; /* only used in x86_64, but left for simplicity */
124 int cpuid_features;
125 int cpuid_ext_features;
126 int cpuid_ext2_features;
127 int cpuid_ext3_features;
128 int cpuid_7_0_ebx_features;
129 int cpuid_xsave_features;
130
131 /* TCG local temps */
132 TCGv cc_srcT;
133 TCGv A0;
134 TCGv T0;
135 TCGv T1;
136
137 /* TCG local register indexes (only used inside old micro ops) */
138 TCGv tmp0;
139 TCGv tmp4;
140 TCGv_ptr ptr0;
141 TCGv_ptr ptr1;
142 TCGv_i32 tmp2_i32;
143 TCGv_i32 tmp3_i32;
144 TCGv_i64 tmp1_i64;
145
146 sigjmp_buf jmpbuf;
147 } DisasContext;
148
149 static void gen_eob(DisasContext *s);
150 static void gen_jr(DisasContext *s, TCGv dest);
151 static void gen_jmp(DisasContext *s, target_ulong eip);
152 static void gen_jmp_tb(DisasContext *s, target_ulong eip, int tb_num);
153 static void gen_op(DisasContext *s1, int op, MemOp ot, int d);
154
155 /* i386 arith/logic operations */
156 enum {
157 OP_ADDL,
158 OP_ORL,
159 OP_ADCL,
160 OP_SBBL,
161 OP_ANDL,
162 OP_SUBL,
163 OP_XORL,
164 OP_CMPL,
165 };
166
167 /* i386 shift ops */
168 enum {
169 OP_ROL,
170 OP_ROR,
171 OP_RCL,
172 OP_RCR,
173 OP_SHL,
174 OP_SHR,
175 OP_SHL1, /* undocumented */
176 OP_SAR = 7,
177 };
178
179 enum {
180 JCC_O,
181 JCC_B,
182 JCC_Z,
183 JCC_BE,
184 JCC_S,
185 JCC_P,
186 JCC_L,
187 JCC_LE,
188 };
189
190 enum {
191 /* I386 int registers */
192 OR_EAX, /* MUST be even numbered */
193 OR_ECX,
194 OR_EDX,
195 OR_EBX,
196 OR_ESP,
197 OR_EBP,
198 OR_ESI,
199 OR_EDI,
200
201 OR_TMP0 = 16, /* temporary operand register */
202 OR_TMP1,
203 OR_A0, /* temporary register used when doing address evaluation */
204 };
205
206 enum {
207 USES_CC_DST = 1,
208 USES_CC_SRC = 2,
209 USES_CC_SRC2 = 4,
210 USES_CC_SRCT = 8,
211 };
212
213 /* Bit set if the global variable is live after setting CC_OP to X. */
214 static const uint8_t cc_op_live[CC_OP_NB] = {
215 [CC_OP_DYNAMIC] = USES_CC_DST | USES_CC_SRC | USES_CC_SRC2,
216 [CC_OP_EFLAGS] = USES_CC_SRC,
217 [CC_OP_MULB ... CC_OP_MULQ] = USES_CC_DST | USES_CC_SRC,
218 [CC_OP_ADDB ... CC_OP_ADDQ] = USES_CC_DST | USES_CC_SRC,
219 [CC_OP_ADCB ... CC_OP_ADCQ] = USES_CC_DST | USES_CC_SRC | USES_CC_SRC2,
220 [CC_OP_SUBB ... CC_OP_SUBQ] = USES_CC_DST | USES_CC_SRC | USES_CC_SRCT,
221 [CC_OP_SBBB ... CC_OP_SBBQ] = USES_CC_DST | USES_CC_SRC | USES_CC_SRC2,
222 [CC_OP_LOGICB ... CC_OP_LOGICQ] = USES_CC_DST,
223 [CC_OP_INCB ... CC_OP_INCQ] = USES_CC_DST | USES_CC_SRC,
224 [CC_OP_DECB ... CC_OP_DECQ] = USES_CC_DST | USES_CC_SRC,
225 [CC_OP_SHLB ... CC_OP_SHLQ] = USES_CC_DST | USES_CC_SRC,
226 [CC_OP_SARB ... CC_OP_SARQ] = USES_CC_DST | USES_CC_SRC,
227 [CC_OP_BMILGB ... CC_OP_BMILGQ] = USES_CC_DST | USES_CC_SRC,
228 [CC_OP_ADCX] = USES_CC_DST | USES_CC_SRC,
229 [CC_OP_ADOX] = USES_CC_SRC | USES_CC_SRC2,
230 [CC_OP_ADCOX] = USES_CC_DST | USES_CC_SRC | USES_CC_SRC2,
231 [CC_OP_CLR] = 0,
232 [CC_OP_POPCNT] = USES_CC_SRC,
233 };
234
235 static void set_cc_op(DisasContext *s, CCOp op)
236 {
237 int dead;
238
239 if (s->cc_op == op) {
240 return;
241 }
242
243 /* Discard CC computation that will no longer be used. */
244 dead = cc_op_live[s->cc_op] & ~cc_op_live[op];
245 if (dead & USES_CC_DST) {
246 tcg_gen_discard_tl(cpu_cc_dst);
247 }
248 if (dead & USES_CC_SRC) {
249 tcg_gen_discard_tl(cpu_cc_src);
250 }
251 if (dead & USES_CC_SRC2) {
252 tcg_gen_discard_tl(cpu_cc_src2);
253 }
254 if (dead & USES_CC_SRCT) {
255 tcg_gen_discard_tl(s->cc_srcT);
256 }
257
258 if (op == CC_OP_DYNAMIC) {
259 /* The DYNAMIC setting is translator only, and should never be
260 stored. Thus we always consider it clean. */
261 s->cc_op_dirty = false;
262 } else {
263 /* Discard any computed CC_OP value (see shifts). */
264 if (s->cc_op == CC_OP_DYNAMIC) {
265 tcg_gen_discard_i32(cpu_cc_op);
266 }
267 s->cc_op_dirty = true;
268 }
269 s->cc_op = op;
270 }
271
272 static void gen_update_cc_op(DisasContext *s)
273 {
274 if (s->cc_op_dirty) {
275 tcg_gen_movi_i32(cpu_cc_op, s->cc_op);
276 s->cc_op_dirty = false;
277 }
278 }
279
280 #ifdef TARGET_X86_64
281
282 #define NB_OP_SIZES 4
283
284 #else /* !TARGET_X86_64 */
285
286 #define NB_OP_SIZES 3
287
288 #endif /* !TARGET_X86_64 */
289
290 #if defined(HOST_WORDS_BIGENDIAN)
291 #define REG_B_OFFSET (sizeof(target_ulong) - 1)
292 #define REG_H_OFFSET (sizeof(target_ulong) - 2)
293 #define REG_W_OFFSET (sizeof(target_ulong) - 2)
294 #define REG_L_OFFSET (sizeof(target_ulong) - 4)
295 #define REG_LH_OFFSET (sizeof(target_ulong) - 8)
296 #else
297 #define REG_B_OFFSET 0
298 #define REG_H_OFFSET 1
299 #define REG_W_OFFSET 0
300 #define REG_L_OFFSET 0
301 #define REG_LH_OFFSET 4
302 #endif
303
304 /* In instruction encodings for byte register accesses the
305 * register number usually indicates "low 8 bits of register N";
306 * however there are some special cases where N 4..7 indicates
307 * [AH, CH, DH, BH], ie "bits 15..8 of register N-4". Return
308 * true for this special case, false otherwise.
309 */
310 static inline bool byte_reg_is_xH(DisasContext *s, int reg)
311 {
312 if (reg < 4) {
313 return false;
314 }
315 #ifdef TARGET_X86_64
316 if (reg >= 8 || s->x86_64_hregs) {
317 return false;
318 }
319 #endif
320 return true;
321 }
322
323 /* Select the size of a push/pop operation. */
324 static inline MemOp mo_pushpop(DisasContext *s, MemOp ot)
325 {
326 if (CODE64(s)) {
327 return ot == MO_16 ? MO_16 : MO_64;
328 } else {
329 return ot;
330 }
331 }
332
333 /* Select the size of the stack pointer. */
334 static inline MemOp mo_stacksize(DisasContext *s)
335 {
336 return CODE64(s) ? MO_64 : s->ss32 ? MO_32 : MO_16;
337 }
338
339 /* Select only size 64 else 32. Used for SSE operand sizes. */
340 static inline MemOp mo_64_32(MemOp ot)
341 {
342 #ifdef TARGET_X86_64
343 return ot == MO_64 ? MO_64 : MO_32;
344 #else
345 return MO_32;
346 #endif
347 }
348
349 /* Select size 8 if lsb of B is clear, else OT. Used for decoding
350 byte vs word opcodes. */
351 static inline MemOp mo_b_d(int b, MemOp ot)
352 {
353 return b & 1 ? ot : MO_8;
354 }
355
356 /* Select size 8 if lsb of B is clear, else OT capped at 32.
357 Used for decoding operand size of port opcodes. */
358 static inline MemOp mo_b_d32(int b, MemOp ot)
359 {
360 return b & 1 ? (ot == MO_16 ? MO_16 : MO_32) : MO_8;
361 }
362
363 static void gen_op_mov_reg_v(DisasContext *s, MemOp ot, int reg, TCGv t0)
364 {
365 switch(ot) {
366 case MO_8:
367 if (!byte_reg_is_xH(s, reg)) {
368 tcg_gen_deposit_tl(cpu_regs[reg], cpu_regs[reg], t0, 0, 8);
369 } else {
370 tcg_gen_deposit_tl(cpu_regs[reg - 4], cpu_regs[reg - 4], t0, 8, 8);
371 }
372 break;
373 case MO_16:
374 tcg_gen_deposit_tl(cpu_regs[reg], cpu_regs[reg], t0, 0, 16);
375 break;
376 case MO_32:
377 /* For x86_64, this sets the higher half of register to zero.
378 For i386, this is equivalent to a mov. */
379 tcg_gen_ext32u_tl(cpu_regs[reg], t0);
380 break;
381 #ifdef TARGET_X86_64
382 case MO_64:
383 tcg_gen_mov_tl(cpu_regs[reg], t0);
384 break;
385 #endif
386 default:
387 tcg_abort();
388 }
389 }
390
391 static inline
392 void gen_op_mov_v_reg(DisasContext *s, MemOp ot, TCGv t0, int reg)
393 {
394 if (ot == MO_8 && byte_reg_is_xH(s, reg)) {
395 tcg_gen_extract_tl(t0, cpu_regs[reg - 4], 8, 8);
396 } else {
397 tcg_gen_mov_tl(t0, cpu_regs[reg]);
398 }
399 }
400
401 static void gen_add_A0_im(DisasContext *s, int val)
402 {
403 tcg_gen_addi_tl(s->A0, s->A0, val);
404 if (!CODE64(s)) {
405 tcg_gen_ext32u_tl(s->A0, s->A0);
406 }
407 }
408
409 static inline void gen_op_jmp_v(TCGv dest)
410 {
411 tcg_gen_st_tl(dest, cpu_env, offsetof(CPUX86State, eip));
412 }
413
414 static inline
415 void gen_op_add_reg_im(DisasContext *s, MemOp size, int reg, int32_t val)
416 {
417 tcg_gen_addi_tl(s->tmp0, cpu_regs[reg], val);
418 gen_op_mov_reg_v(s, size, reg, s->tmp0);
419 }
420
421 static inline void gen_op_add_reg_T0(DisasContext *s, MemOp size, int reg)
422 {
423 tcg_gen_add_tl(s->tmp0, cpu_regs[reg], s->T0);
424 gen_op_mov_reg_v(s, size, reg, s->tmp0);
425 }
426
427 static inline void gen_op_ld_v(DisasContext *s, int idx, TCGv t0, TCGv a0)
428 {
429 tcg_gen_qemu_ld_tl(t0, a0, s->mem_index, idx | MO_LE);
430 }
431
432 static inline void gen_op_st_v(DisasContext *s, int idx, TCGv t0, TCGv a0)
433 {
434 tcg_gen_qemu_st_tl(t0, a0, s->mem_index, idx | MO_LE);
435 }
436
437 static inline void gen_op_st_rm_T0_A0(DisasContext *s, int idx, int d)
438 {
439 if (d == OR_TMP0) {
440 gen_op_st_v(s, idx, s->T0, s->A0);
441 } else {
442 gen_op_mov_reg_v(s, idx, d, s->T0);
443 }
444 }
445
446 static inline void gen_jmp_im(DisasContext *s, target_ulong pc)
447 {
448 tcg_gen_movi_tl(s->tmp0, pc);
449 gen_op_jmp_v(s->tmp0);
450 }
451
452 /* Compute SEG:REG into A0. SEG is selected from the override segment
453 (OVR_SEG) and the default segment (DEF_SEG). OVR_SEG may be -1 to
454 indicate no override. */
455 static void gen_lea_v_seg(DisasContext *s, MemOp aflag, TCGv a0,
456 int def_seg, int ovr_seg)
457 {
458 switch (aflag) {
459 #ifdef TARGET_X86_64
460 case MO_64:
461 if (ovr_seg < 0) {
462 tcg_gen_mov_tl(s->A0, a0);
463 return;
464 }
465 break;
466 #endif
467 case MO_32:
468 /* 32 bit address */
469 if (ovr_seg < 0 && s->addseg) {
470 ovr_seg = def_seg;
471 }
472 if (ovr_seg < 0) {
473 tcg_gen_ext32u_tl(s->A0, a0);
474 return;
475 }
476 break;
477 case MO_16:
478 /* 16 bit address */
479 tcg_gen_ext16u_tl(s->A0, a0);
480 a0 = s->A0;
481 if (ovr_seg < 0) {
482 if (s->addseg) {
483 ovr_seg = def_seg;
484 } else {
485 return;
486 }
487 }
488 break;
489 default:
490 tcg_abort();
491 }
492
493 if (ovr_seg >= 0) {
494 TCGv seg = cpu_seg_base[ovr_seg];
495
496 if (aflag == MO_64) {
497 tcg_gen_add_tl(s->A0, a0, seg);
498 } else if (CODE64(s)) {
499 tcg_gen_ext32u_tl(s->A0, a0);
500 tcg_gen_add_tl(s->A0, s->A0, seg);
501 } else {
502 tcg_gen_add_tl(s->A0, a0, seg);
503 tcg_gen_ext32u_tl(s->A0, s->A0);
504 }
505 }
506 }
507
508 static inline void gen_string_movl_A0_ESI(DisasContext *s)
509 {
510 gen_lea_v_seg(s, s->aflag, cpu_regs[R_ESI], R_DS, s->override);
511 }
512
513 static inline void gen_string_movl_A0_EDI(DisasContext *s)
514 {
515 gen_lea_v_seg(s, s->aflag, cpu_regs[R_EDI], R_ES, -1);
516 }
517
518 static inline void gen_op_movl_T0_Dshift(DisasContext *s, MemOp ot)
519 {
520 tcg_gen_ld32s_tl(s->T0, cpu_env, offsetof(CPUX86State, df));
521 tcg_gen_shli_tl(s->T0, s->T0, ot);
522 };
523
524 static TCGv gen_ext_tl(TCGv dst, TCGv src, MemOp size, bool sign)
525 {
526 switch (size) {
527 case MO_8:
528 if (sign) {
529 tcg_gen_ext8s_tl(dst, src);
530 } else {
531 tcg_gen_ext8u_tl(dst, src);
532 }
533 return dst;
534 case MO_16:
535 if (sign) {
536 tcg_gen_ext16s_tl(dst, src);
537 } else {
538 tcg_gen_ext16u_tl(dst, src);
539 }
540 return dst;
541 #ifdef TARGET_X86_64
542 case MO_32:
543 if (sign) {
544 tcg_gen_ext32s_tl(dst, src);
545 } else {
546 tcg_gen_ext32u_tl(dst, src);
547 }
548 return dst;
549 #endif
550 default:
551 return src;
552 }
553 }
554
555 static void gen_extu(MemOp ot, TCGv reg)
556 {
557 gen_ext_tl(reg, reg, ot, false);
558 }
559
560 static void gen_exts(MemOp ot, TCGv reg)
561 {
562 gen_ext_tl(reg, reg, ot, true);
563 }
564
565 static inline
566 void gen_op_jnz_ecx(DisasContext *s, MemOp size, TCGLabel *label1)
567 {
568 tcg_gen_mov_tl(s->tmp0, cpu_regs[R_ECX]);
569 gen_extu(size, s->tmp0);
570 tcg_gen_brcondi_tl(TCG_COND_NE, s->tmp0, 0, label1);
571 }
572
573 static inline
574 void gen_op_jz_ecx(DisasContext *s, MemOp size, TCGLabel *label1)
575 {
576 tcg_gen_mov_tl(s->tmp0, cpu_regs[R_ECX]);
577 gen_extu(size, s->tmp0);
578 tcg_gen_brcondi_tl(TCG_COND_EQ, s->tmp0, 0, label1);
579 }
580
581 static void gen_helper_in_func(MemOp ot, TCGv v, TCGv_i32 n)
582 {
583 switch (ot) {
584 case MO_8:
585 gen_helper_inb(v, cpu_env, n);
586 break;
587 case MO_16:
588 gen_helper_inw(v, cpu_env, n);
589 break;
590 case MO_32:
591 gen_helper_inl(v, cpu_env, n);
592 break;
593 default:
594 tcg_abort();
595 }
596 }
597
598 static void gen_helper_out_func(MemOp ot, TCGv_i32 v, TCGv_i32 n)
599 {
600 switch (ot) {
601 case MO_8:
602 gen_helper_outb(cpu_env, v, n);
603 break;
604 case MO_16:
605 gen_helper_outw(cpu_env, v, n);
606 break;
607 case MO_32:
608 gen_helper_outl(cpu_env, v, n);
609 break;
610 default:
611 tcg_abort();
612 }
613 }
614
615 static void gen_check_io(DisasContext *s, MemOp ot, target_ulong cur_eip,
616 uint32_t svm_flags)
617 {
618 target_ulong next_eip;
619
620 if (s->pe && (s->cpl > s->iopl || s->vm86)) {
621 tcg_gen_trunc_tl_i32(s->tmp2_i32, s->T0);
622 switch (ot) {
623 case MO_8:
624 gen_helper_check_iob(cpu_env, s->tmp2_i32);
625 break;
626 case MO_16:
627 gen_helper_check_iow(cpu_env, s->tmp2_i32);
628 break;
629 case MO_32:
630 gen_helper_check_iol(cpu_env, s->tmp2_i32);
631 break;
632 default:
633 tcg_abort();
634 }
635 }
636 if(s->flags & HF_GUEST_MASK) {
637 gen_update_cc_op(s);
638 gen_jmp_im(s, cur_eip);
639 svm_flags |= (1 << (4 + ot));
640 next_eip = s->pc - s->cs_base;
641 tcg_gen_trunc_tl_i32(s->tmp2_i32, s->T0);
642 gen_helper_svm_check_io(cpu_env, s->tmp2_i32,
643 tcg_const_i32(svm_flags),
644 tcg_const_i32(next_eip - cur_eip));
645 }
646 }
647
648 static inline void gen_movs(DisasContext *s, MemOp ot)
649 {
650 gen_string_movl_A0_ESI(s);
651 gen_op_ld_v(s, ot, s->T0, s->A0);
652 gen_string_movl_A0_EDI(s);
653 gen_op_st_v(s, ot, s->T0, s->A0);
654 gen_op_movl_T0_Dshift(s, ot);
655 gen_op_add_reg_T0(s, s->aflag, R_ESI);
656 gen_op_add_reg_T0(s, s->aflag, R_EDI);
657 }
658
659 static void gen_op_update1_cc(DisasContext *s)
660 {
661 tcg_gen_mov_tl(cpu_cc_dst, s->T0);
662 }
663
664 static void gen_op_update2_cc(DisasContext *s)
665 {
666 tcg_gen_mov_tl(cpu_cc_src, s->T1);
667 tcg_gen_mov_tl(cpu_cc_dst, s->T0);
668 }
669
670 static void gen_op_update3_cc(DisasContext *s, TCGv reg)
671 {
672 tcg_gen_mov_tl(cpu_cc_src2, reg);
673 tcg_gen_mov_tl(cpu_cc_src, s->T1);
674 tcg_gen_mov_tl(cpu_cc_dst, s->T0);
675 }
676
677 static inline void gen_op_testl_T0_T1_cc(DisasContext *s)
678 {
679 tcg_gen_and_tl(cpu_cc_dst, s->T0, s->T1);
680 }
681
682 static void gen_op_update_neg_cc(DisasContext *s)
683 {
684 tcg_gen_mov_tl(cpu_cc_dst, s->T0);
685 tcg_gen_neg_tl(cpu_cc_src, s->T0);
686 tcg_gen_movi_tl(s->cc_srcT, 0);
687 }
688
689 /* compute all eflags to cc_src */
690 static void gen_compute_eflags(DisasContext *s)
691 {
692 TCGv zero, dst, src1, src2;
693 int live, dead;
694
695 if (s->cc_op == CC_OP_EFLAGS) {
696 return;
697 }
698 if (s->cc_op == CC_OP_CLR) {
699 tcg_gen_movi_tl(cpu_cc_src, CC_Z | CC_P);
700 set_cc_op(s, CC_OP_EFLAGS);
701 return;
702 }
703
704 zero = NULL;
705 dst = cpu_cc_dst;
706 src1 = cpu_cc_src;
707 src2 = cpu_cc_src2;
708
709 /* Take care to not read values that are not live. */
710 live = cc_op_live[s->cc_op] & ~USES_CC_SRCT;
711 dead = live ^ (USES_CC_DST | USES_CC_SRC | USES_CC_SRC2);
712 if (dead) {
713 zero = tcg_const_tl(0);
714 if (dead & USES_CC_DST) {
715 dst = zero;
716 }
717 if (dead & USES_CC_SRC) {
718 src1 = zero;
719 }
720 if (dead & USES_CC_SRC2) {
721 src2 = zero;
722 }
723 }
724
725 gen_update_cc_op(s);
726 gen_helper_cc_compute_all(cpu_cc_src, dst, src1, src2, cpu_cc_op);
727 set_cc_op(s, CC_OP_EFLAGS);
728
729 if (dead) {
730 tcg_temp_free(zero);
731 }
732 }
733
734 typedef struct CCPrepare {
735 TCGCond cond;
736 TCGv reg;
737 TCGv reg2;
738 target_ulong imm;
739 target_ulong mask;
740 bool use_reg2;
741 bool no_setcond;
742 } CCPrepare;
743
744 /* compute eflags.C to reg */
745 static CCPrepare gen_prepare_eflags_c(DisasContext *s, TCGv reg)
746 {
747 TCGv t0, t1;
748 int size, shift;
749
750 switch (s->cc_op) {
751 case CC_OP_SUBB ... CC_OP_SUBQ:
752 /* (DATA_TYPE)CC_SRCT < (DATA_TYPE)CC_SRC */
753 size = s->cc_op - CC_OP_SUBB;
754 t1 = gen_ext_tl(s->tmp0, cpu_cc_src, size, false);
755 /* If no temporary was used, be careful not to alias t1 and t0. */
756 t0 = t1 == cpu_cc_src ? s->tmp0 : reg;
757 tcg_gen_mov_tl(t0, s->cc_srcT);
758 gen_extu(size, t0);
759 goto add_sub;
760
761 case CC_OP_ADDB ... CC_OP_ADDQ:
762 /* (DATA_TYPE)CC_DST < (DATA_TYPE)CC_SRC */
763 size = s->cc_op - CC_OP_ADDB;
764 t1 = gen_ext_tl(s->tmp0, cpu_cc_src, size, false);
765 t0 = gen_ext_tl(reg, cpu_cc_dst, size, false);
766 add_sub:
767 return (CCPrepare) { .cond = TCG_COND_LTU, .reg = t0,
768 .reg2 = t1, .mask = -1, .use_reg2 = true };
769
770 case CC_OP_LOGICB ... CC_OP_LOGICQ:
771 case CC_OP_CLR:
772 case CC_OP_POPCNT:
773 return (CCPrepare) { .cond = TCG_COND_NEVER, .mask = -1 };
774
775 case CC_OP_INCB ... CC_OP_INCQ:
776 case CC_OP_DECB ... CC_OP_DECQ:
777 return (CCPrepare) { .cond = TCG_COND_NE, .reg = cpu_cc_src,
778 .mask = -1, .no_setcond = true };
779
780 case CC_OP_SHLB ... CC_OP_SHLQ:
781 /* (CC_SRC >> (DATA_BITS - 1)) & 1 */
782 size = s->cc_op - CC_OP_SHLB;
783 shift = (8 << size) - 1;
784 return (CCPrepare) { .cond = TCG_COND_NE, .reg = cpu_cc_src,
785 .mask = (target_ulong)1 << shift };
786
787 case CC_OP_MULB ... CC_OP_MULQ:
788 return (CCPrepare) { .cond = TCG_COND_NE,
789 .reg = cpu_cc_src, .mask = -1 };
790
791 case CC_OP_BMILGB ... CC_OP_BMILGQ:
792 size = s->cc_op - CC_OP_BMILGB;
793 t0 = gen_ext_tl(reg, cpu_cc_src, size, false);
794 return (CCPrepare) { .cond = TCG_COND_EQ, .reg = t0, .mask = -1 };
795
796 case CC_OP_ADCX:
797 case CC_OP_ADCOX:
798 return (CCPrepare) { .cond = TCG_COND_NE, .reg = cpu_cc_dst,
799 .mask = -1, .no_setcond = true };
800
801 case CC_OP_EFLAGS:
802 case CC_OP_SARB ... CC_OP_SARQ:
803 /* CC_SRC & 1 */
804 return (CCPrepare) { .cond = TCG_COND_NE,
805 .reg = cpu_cc_src, .mask = CC_C };
806
807 default:
808 /* The need to compute only C from CC_OP_DYNAMIC is important
809 in efficiently implementing e.g. INC at the start of a TB. */
810 gen_update_cc_op(s);
811 gen_helper_cc_compute_c(reg, cpu_cc_dst, cpu_cc_src,
812 cpu_cc_src2, cpu_cc_op);
813 return (CCPrepare) { .cond = TCG_COND_NE, .reg = reg,
814 .mask = -1, .no_setcond = true };
815 }
816 }
817
818 /* compute eflags.P to reg */
819 static CCPrepare gen_prepare_eflags_p(DisasContext *s, TCGv reg)
820 {
821 gen_compute_eflags(s);
822 return (CCPrepare) { .cond = TCG_COND_NE, .reg = cpu_cc_src,
823 .mask = CC_P };
824 }
825
826 /* compute eflags.S to reg */
827 static CCPrepare gen_prepare_eflags_s(DisasContext *s, TCGv reg)
828 {
829 switch (s->cc_op) {
830 case CC_OP_DYNAMIC:
831 gen_compute_eflags(s);
832 /* FALLTHRU */
833 case CC_OP_EFLAGS:
834 case CC_OP_ADCX:
835 case CC_OP_ADOX:
836 case CC_OP_ADCOX:
837 return (CCPrepare) { .cond = TCG_COND_NE, .reg = cpu_cc_src,
838 .mask = CC_S };
839 case CC_OP_CLR:
840 case CC_OP_POPCNT:
841 return (CCPrepare) { .cond = TCG_COND_NEVER, .mask = -1 };
842 default:
843 {
844 MemOp size = (s->cc_op - CC_OP_ADDB) & 3;
845 TCGv t0 = gen_ext_tl(reg, cpu_cc_dst, size, true);
846 return (CCPrepare) { .cond = TCG_COND_LT, .reg = t0, .mask = -1 };
847 }
848 }
849 }
850
851 /* compute eflags.O to reg */
852 static CCPrepare gen_prepare_eflags_o(DisasContext *s, TCGv reg)
853 {
854 switch (s->cc_op) {
855 case CC_OP_ADOX:
856 case CC_OP_ADCOX:
857 return (CCPrepare) { .cond = TCG_COND_NE, .reg = cpu_cc_src2,
858 .mask = -1, .no_setcond = true };
859 case CC_OP_CLR:
860 case CC_OP_POPCNT:
861 return (CCPrepare) { .cond = TCG_COND_NEVER, .mask = -1 };
862 default:
863 gen_compute_eflags(s);
864 return (CCPrepare) { .cond = TCG_COND_NE, .reg = cpu_cc_src,
865 .mask = CC_O };
866 }
867 }
868
869 /* compute eflags.Z to reg */
870 static CCPrepare gen_prepare_eflags_z(DisasContext *s, TCGv reg)
871 {
872 switch (s->cc_op) {
873 case CC_OP_DYNAMIC:
874 gen_compute_eflags(s);
875 /* FALLTHRU */
876 case CC_OP_EFLAGS:
877 case CC_OP_ADCX:
878 case CC_OP_ADOX:
879 case CC_OP_ADCOX:
880 return (CCPrepare) { .cond = TCG_COND_NE, .reg = cpu_cc_src,
881 .mask = CC_Z };
882 case CC_OP_CLR:
883 return (CCPrepare) { .cond = TCG_COND_ALWAYS, .mask = -1 };
884 case CC_OP_POPCNT:
885 return (CCPrepare) { .cond = TCG_COND_EQ, .reg = cpu_cc_src,
886 .mask = -1 };
887 default:
888 {
889 MemOp size = (s->cc_op - CC_OP_ADDB) & 3;
890 TCGv t0 = gen_ext_tl(reg, cpu_cc_dst, size, false);
891 return (CCPrepare) { .cond = TCG_COND_EQ, .reg = t0, .mask = -1 };
892 }
893 }
894 }
895
896 /* perform a conditional store into register 'reg' according to jump opcode
897 value 'b'. In the fast case, T0 is guaranted not to be used. */
898 static CCPrepare gen_prepare_cc(DisasContext *s, int b, TCGv reg)
899 {
900 int inv, jcc_op, cond;
901 MemOp size;
902 CCPrepare cc;
903 TCGv t0;
904
905 inv = b & 1;
906 jcc_op = (b >> 1) & 7;
907
908 switch (s->cc_op) {
909 case CC_OP_SUBB ... CC_OP_SUBQ:
910 /* We optimize relational operators for the cmp/jcc case. */
911 size = s->cc_op - CC_OP_SUBB;
912 switch (jcc_op) {
913 case JCC_BE:
914 tcg_gen_mov_tl(s->tmp4, s->cc_srcT);
915 gen_extu(size, s->tmp4);
916 t0 = gen_ext_tl(s->tmp0, cpu_cc_src, size, false);
917 cc = (CCPrepare) { .cond = TCG_COND_LEU, .reg = s->tmp4,
918 .reg2 = t0, .mask = -1, .use_reg2 = true };
919 break;
920
921 case JCC_L:
922 cond = TCG_COND_LT;
923 goto fast_jcc_l;
924 case JCC_LE:
925 cond = TCG_COND_LE;
926 fast_jcc_l:
927 tcg_gen_mov_tl(s->tmp4, s->cc_srcT);
928 gen_exts(size, s->tmp4);
929 t0 = gen_ext_tl(s->tmp0, cpu_cc_src, size, true);
930 cc = (CCPrepare) { .cond = cond, .reg = s->tmp4,
931 .reg2 = t0, .mask = -1, .use_reg2 = true };
932 break;
933
934 default:
935 goto slow_jcc;
936 }
937 break;
938
939 default:
940 slow_jcc:
941 /* This actually generates good code for JC, JZ and JS. */
942 switch (jcc_op) {
943 case JCC_O:
944 cc = gen_prepare_eflags_o(s, reg);
945 break;
946 case JCC_B:
947 cc = gen_prepare_eflags_c(s, reg);
948 break;
949 case JCC_Z:
950 cc = gen_prepare_eflags_z(s, reg);
951 break;
952 case JCC_BE:
953 gen_compute_eflags(s);
954 cc = (CCPrepare) { .cond = TCG_COND_NE, .reg = cpu_cc_src,
955 .mask = CC_Z | CC_C };
956 break;
957 case JCC_S:
958 cc = gen_prepare_eflags_s(s, reg);
959 break;
960 case JCC_P:
961 cc = gen_prepare_eflags_p(s, reg);
962 break;
963 case JCC_L:
964 gen_compute_eflags(s);
965 if (reg == cpu_cc_src) {
966 reg = s->tmp0;
967 }
968 tcg_gen_shri_tl(reg, cpu_cc_src, 4); /* CC_O -> CC_S */
969 tcg_gen_xor_tl(reg, reg, cpu_cc_src);
970 cc = (CCPrepare) { .cond = TCG_COND_NE, .reg = reg,
971 .mask = CC_S };
972 break;
973 default:
974 case JCC_LE:
975 gen_compute_eflags(s);
976 if (reg == cpu_cc_src) {
977 reg = s->tmp0;
978 }
979 tcg_gen_shri_tl(reg, cpu_cc_src, 4); /* CC_O -> CC_S */
980 tcg_gen_xor_tl(reg, reg, cpu_cc_src);
981 cc = (CCPrepare) { .cond = TCG_COND_NE, .reg = reg,
982 .mask = CC_S | CC_Z };
983 break;
984 }
985 break;
986 }
987
988 if (inv) {
989 cc.cond = tcg_invert_cond(cc.cond);
990 }
991 return cc;
992 }
993
994 static void gen_setcc1(DisasContext *s, int b, TCGv reg)
995 {
996 CCPrepare cc = gen_prepare_cc(s, b, reg);
997
998 if (cc.no_setcond) {
999 if (cc.cond == TCG_COND_EQ) {
1000 tcg_gen_xori_tl(reg, cc.reg, 1);
1001 } else {
1002 tcg_gen_mov_tl(reg, cc.reg);
1003 }
1004 return;
1005 }
1006
1007 if (cc.cond == TCG_COND_NE && !cc.use_reg2 && cc.imm == 0 &&
1008 cc.mask != 0 && (cc.mask & (cc.mask - 1)) == 0) {
1009 tcg_gen_shri_tl(reg, cc.reg, ctztl(cc.mask));
1010 tcg_gen_andi_tl(reg, reg, 1);
1011 return;
1012 }
1013 if (cc.mask != -1) {
1014 tcg_gen_andi_tl(reg, cc.reg, cc.mask);
1015 cc.reg = reg;
1016 }
1017 if (cc.use_reg2) {
1018 tcg_gen_setcond_tl(cc.cond, reg, cc.reg, cc.reg2);
1019 } else {
1020 tcg_gen_setcondi_tl(cc.cond, reg, cc.reg, cc.imm);
1021 }
1022 }
1023
1024 static inline void gen_compute_eflags_c(DisasContext *s, TCGv reg)
1025 {
1026 gen_setcc1(s, JCC_B << 1, reg);
1027 }
1028
1029 /* generate a conditional jump to label 'l1' according to jump opcode
1030 value 'b'. In the fast case, T0 is guaranted not to be used. */
1031 static inline void gen_jcc1_noeob(DisasContext *s, int b, TCGLabel *l1)
1032 {
1033 CCPrepare cc = gen_prepare_cc(s, b, s->T0);
1034
1035 if (cc.mask != -1) {
1036 tcg_gen_andi_tl(s->T0, cc.reg, cc.mask);
1037 cc.reg = s->T0;
1038 }
1039 if (cc.use_reg2) {
1040 tcg_gen_brcond_tl(cc.cond, cc.reg, cc.reg2, l1);
1041 } else {
1042 tcg_gen_brcondi_tl(cc.cond, cc.reg, cc.imm, l1);
1043 }
1044 }
1045
1046 /* Generate a conditional jump to label 'l1' according to jump opcode
1047 value 'b'. In the fast case, T0 is guaranted not to be used.
1048 A translation block must end soon. */
1049 static inline void gen_jcc1(DisasContext *s, int b, TCGLabel *l1)
1050 {
1051 CCPrepare cc = gen_prepare_cc(s, b, s->T0);
1052
1053 gen_update_cc_op(s);
1054 if (cc.mask != -1) {
1055 tcg_gen_andi_tl(s->T0, cc.reg, cc.mask);
1056 cc.reg = s->T0;
1057 }
1058 set_cc_op(s, CC_OP_DYNAMIC);
1059 if (cc.use_reg2) {
1060 tcg_gen_brcond_tl(cc.cond, cc.reg, cc.reg2, l1);
1061 } else {
1062 tcg_gen_brcondi_tl(cc.cond, cc.reg, cc.imm, l1);
1063 }
1064 }
1065
1066 /* XXX: does not work with gdbstub "ice" single step - not a
1067 serious problem */
1068 static TCGLabel *gen_jz_ecx_string(DisasContext *s, target_ulong next_eip)
1069 {
1070 TCGLabel *l1 = gen_new_label();
1071 TCGLabel *l2 = gen_new_label();
1072 gen_op_jnz_ecx(s, s->aflag, l1);
1073 gen_set_label(l2);
1074 gen_jmp_tb(s, next_eip, 1);
1075 gen_set_label(l1);
1076 return l2;
1077 }
1078
1079 static inline void gen_stos(DisasContext *s, MemOp ot)
1080 {
1081 gen_op_mov_v_reg(s, MO_32, s->T0, R_EAX);
1082 gen_string_movl_A0_EDI(s);
1083 gen_op_st_v(s, ot, s->T0, s->A0);
1084 gen_op_movl_T0_Dshift(s, ot);
1085 gen_op_add_reg_T0(s, s->aflag, R_EDI);
1086 }
1087
1088 static inline void gen_lods(DisasContext *s, MemOp ot)
1089 {
1090 gen_string_movl_A0_ESI(s);
1091 gen_op_ld_v(s, ot, s->T0, s->A0);
1092 gen_op_mov_reg_v(s, ot, R_EAX, s->T0);
1093 gen_op_movl_T0_Dshift(s, ot);
1094 gen_op_add_reg_T0(s, s->aflag, R_ESI);
1095 }
1096
1097 static inline void gen_scas(DisasContext *s, MemOp ot)
1098 {
1099 gen_string_movl_A0_EDI(s);
1100 gen_op_ld_v(s, ot, s->T1, s->A0);
1101 gen_op(s, OP_CMPL, ot, R_EAX);
1102 gen_op_movl_T0_Dshift(s, ot);
1103 gen_op_add_reg_T0(s, s->aflag, R_EDI);
1104 }
1105
1106 static inline void gen_cmps(DisasContext *s, MemOp ot)
1107 {
1108 gen_string_movl_A0_EDI(s);
1109 gen_op_ld_v(s, ot, s->T1, s->A0);
1110 gen_string_movl_A0_ESI(s);
1111 gen_op(s, OP_CMPL, ot, OR_TMP0);
1112 gen_op_movl_T0_Dshift(s, ot);
1113 gen_op_add_reg_T0(s, s->aflag, R_ESI);
1114 gen_op_add_reg_T0(s, s->aflag, R_EDI);
1115 }
1116
1117 static void gen_bpt_io(DisasContext *s, TCGv_i32 t_port, int ot)
1118 {
1119 if (s->flags & HF_IOBPT_MASK) {
1120 TCGv_i32 t_size = tcg_const_i32(1 << ot);
1121 TCGv t_next = tcg_const_tl(s->pc - s->cs_base);
1122
1123 gen_helper_bpt_io(cpu_env, t_port, t_size, t_next);
1124 tcg_temp_free_i32(t_size);
1125 tcg_temp_free(t_next);
1126 }
1127 }
1128
1129
1130 static inline void gen_ins(DisasContext *s, MemOp ot)
1131 {
1132 gen_string_movl_A0_EDI(s);
1133 /* Note: we must do this dummy write first to be restartable in
1134 case of page fault. */
1135 tcg_gen_movi_tl(s->T0, 0);
1136 gen_op_st_v(s, ot, s->T0, s->A0);
1137 tcg_gen_trunc_tl_i32(s->tmp2_i32, cpu_regs[R_EDX]);
1138 tcg_gen_andi_i32(s->tmp2_i32, s->tmp2_i32, 0xffff);
1139 gen_helper_in_func(ot, s->T0, s->tmp2_i32);
1140 gen_op_st_v(s, ot, s->T0, s->A0);
1141 gen_op_movl_T0_Dshift(s, ot);
1142 gen_op_add_reg_T0(s, s->aflag, R_EDI);
1143 gen_bpt_io(s, s->tmp2_i32, ot);
1144 }
1145
1146 static inline void gen_outs(DisasContext *s, MemOp ot)
1147 {
1148 gen_string_movl_A0_ESI(s);
1149 gen_op_ld_v(s, ot, s->T0, s->A0);
1150
1151 tcg_gen_trunc_tl_i32(s->tmp2_i32, cpu_regs[R_EDX]);
1152 tcg_gen_andi_i32(s->tmp2_i32, s->tmp2_i32, 0xffff);
1153 tcg_gen_trunc_tl_i32(s->tmp3_i32, s->T0);
1154 gen_helper_out_func(ot, s->tmp2_i32, s->tmp3_i32);
1155 gen_op_movl_T0_Dshift(s, ot);
1156 gen_op_add_reg_T0(s, s->aflag, R_ESI);
1157 gen_bpt_io(s, s->tmp2_i32, ot);
1158 }
1159
1160 /* same method as Valgrind : we generate jumps to current or next
1161 instruction */
1162 #define GEN_REPZ(op) \
1163 static inline void gen_repz_ ## op(DisasContext *s, MemOp ot, \
1164 target_ulong cur_eip, target_ulong next_eip) \
1165 { \
1166 TCGLabel *l2; \
1167 gen_update_cc_op(s); \
1168 l2 = gen_jz_ecx_string(s, next_eip); \
1169 gen_ ## op(s, ot); \
1170 gen_op_add_reg_im(s, s->aflag, R_ECX, -1); \
1171 /* a loop would cause two single step exceptions if ECX = 1 \
1172 before rep string_insn */ \
1173 if (s->repz_opt) \
1174 gen_op_jz_ecx(s, s->aflag, l2); \
1175 gen_jmp(s, cur_eip); \
1176 }
1177
1178 #define GEN_REPZ2(op) \
1179 static inline void gen_repz_ ## op(DisasContext *s, MemOp ot, \
1180 target_ulong cur_eip, \
1181 target_ulong next_eip, \
1182 int nz) \
1183 { \
1184 TCGLabel *l2; \
1185 gen_update_cc_op(s); \
1186 l2 = gen_jz_ecx_string(s, next_eip); \
1187 gen_ ## op(s, ot); \
1188 gen_op_add_reg_im(s, s->aflag, R_ECX, -1); \
1189 gen_update_cc_op(s); \
1190 gen_jcc1(s, (JCC_Z << 1) | (nz ^ 1), l2); \
1191 if (s->repz_opt) \
1192 gen_op_jz_ecx(s, s->aflag, l2); \
1193 gen_jmp(s, cur_eip); \
1194 }
1195
1196 GEN_REPZ(movs)
1197 GEN_REPZ(stos)
1198 GEN_REPZ(lods)
1199 GEN_REPZ(ins)
1200 GEN_REPZ(outs)
1201 GEN_REPZ2(scas)
1202 GEN_REPZ2(cmps)
1203
1204 static void gen_helper_fp_arith_ST0_FT0(int op)
1205 {
1206 switch (op) {
1207 case 0:
1208 gen_helper_fadd_ST0_FT0(cpu_env);
1209 break;
1210 case 1:
1211 gen_helper_fmul_ST0_FT0(cpu_env);
1212 break;
1213 case 2:
1214 gen_helper_fcom_ST0_FT0(cpu_env);
1215 break;
1216 case 3:
1217 gen_helper_fcom_ST0_FT0(cpu_env);
1218 break;
1219 case 4:
1220 gen_helper_fsub_ST0_FT0(cpu_env);
1221 break;
1222 case 5:
1223 gen_helper_fsubr_ST0_FT0(cpu_env);
1224 break;
1225 case 6:
1226 gen_helper_fdiv_ST0_FT0(cpu_env);
1227 break;
1228 case 7:
1229 gen_helper_fdivr_ST0_FT0(cpu_env);
1230 break;
1231 }
1232 }
1233
1234 /* NOTE the exception in "r" op ordering */
1235 static void gen_helper_fp_arith_STN_ST0(int op, int opreg)
1236 {
1237 TCGv_i32 tmp = tcg_const_i32(opreg);
1238 switch (op) {
1239 case 0:
1240 gen_helper_fadd_STN_ST0(cpu_env, tmp);
1241 break;
1242 case 1:
1243 gen_helper_fmul_STN_ST0(cpu_env, tmp);
1244 break;
1245 case 4:
1246 gen_helper_fsubr_STN_ST0(cpu_env, tmp);
1247 break;
1248 case 5:
1249 gen_helper_fsub_STN_ST0(cpu_env, tmp);
1250 break;
1251 case 6:
1252 gen_helper_fdivr_STN_ST0(cpu_env, tmp);
1253 break;
1254 case 7:
1255 gen_helper_fdiv_STN_ST0(cpu_env, tmp);
1256 break;
1257 }
1258 }
1259
1260 static void gen_exception(DisasContext *s, int trapno, target_ulong cur_eip)
1261 {
1262 gen_update_cc_op(s);
1263 gen_jmp_im(s, cur_eip);
1264 gen_helper_raise_exception(cpu_env, tcg_const_i32(trapno));
1265 s->base.is_jmp = DISAS_NORETURN;
1266 }
1267
1268 /* Generate #UD for the current instruction. The assumption here is that
1269 the instruction is known, but it isn't allowed in the current cpu mode. */
1270 static void gen_illegal_opcode(DisasContext *s)
1271 {
1272 gen_exception(s, EXCP06_ILLOP, s->pc_start - s->cs_base);
1273 }
1274
1275 /* if d == OR_TMP0, it means memory operand (address in A0) */
1276 static void gen_op(DisasContext *s1, int op, MemOp ot, int d)
1277 {
1278 if (d != OR_TMP0) {
1279 if (s1->prefix & PREFIX_LOCK) {
1280 /* Lock prefix when destination is not memory. */
1281 gen_illegal_opcode(s1);
1282 return;
1283 }
1284 gen_op_mov_v_reg(s1, ot, s1->T0, d);
1285 } else if (!(s1->prefix & PREFIX_LOCK)) {
1286 gen_op_ld_v(s1, ot, s1->T0, s1->A0);
1287 }
1288 switch(op) {
1289 case OP_ADCL:
1290 gen_compute_eflags_c(s1, s1->tmp4);
1291 if (s1->prefix & PREFIX_LOCK) {
1292 tcg_gen_add_tl(s1->T0, s1->tmp4, s1->T1);
1293 tcg_gen_atomic_add_fetch_tl(s1->T0, s1->A0, s1->T0,
1294 s1->mem_index, ot | MO_LE);
1295 } else {
1296 tcg_gen_add_tl(s1->T0, s1->T0, s1->T1);
1297 tcg_gen_add_tl(s1->T0, s1->T0, s1->tmp4);
1298 gen_op_st_rm_T0_A0(s1, ot, d);
1299 }
1300 gen_op_update3_cc(s1, s1->tmp4);
1301 set_cc_op(s1, CC_OP_ADCB + ot);
1302 break;
1303 case OP_SBBL:
1304 gen_compute_eflags_c(s1, s1->tmp4);
1305 if (s1->prefix & PREFIX_LOCK) {
1306 tcg_gen_add_tl(s1->T0, s1->T1, s1->tmp4);
1307 tcg_gen_neg_tl(s1->T0, s1->T0);
1308 tcg_gen_atomic_add_fetch_tl(s1->T0, s1->A0, s1->T0,
1309 s1->mem_index, ot | MO_LE);
1310 } else {
1311 tcg_gen_sub_tl(s1->T0, s1->T0, s1->T1);
1312 tcg_gen_sub_tl(s1->T0, s1->T0, s1->tmp4);
1313 gen_op_st_rm_T0_A0(s1, ot, d);
1314 }
1315 gen_op_update3_cc(s1, s1->tmp4);
1316 set_cc_op(s1, CC_OP_SBBB + ot);
1317 break;
1318 case OP_ADDL:
1319 if (s1->prefix & PREFIX_LOCK) {
1320 tcg_gen_atomic_add_fetch_tl(s1->T0, s1->A0, s1->T1,
1321 s1->mem_index, ot | MO_LE);
1322 } else {
1323 tcg_gen_add_tl(s1->T0, s1->T0, s1->T1);
1324 gen_op_st_rm_T0_A0(s1, ot, d);
1325 }
1326 gen_op_update2_cc(s1);
1327 set_cc_op(s1, CC_OP_ADDB + ot);
1328 break;
1329 case OP_SUBL:
1330 if (s1->prefix & PREFIX_LOCK) {
1331 tcg_gen_neg_tl(s1->T0, s1->T1);
1332 tcg_gen_atomic_fetch_add_tl(s1->cc_srcT, s1->A0, s1->T0,
1333 s1->mem_index, ot | MO_LE);
1334 tcg_gen_sub_tl(s1->T0, s1->cc_srcT, s1->T1);
1335 } else {
1336 tcg_gen_mov_tl(s1->cc_srcT, s1->T0);
1337 tcg_gen_sub_tl(s1->T0, s1->T0, s1->T1);
1338 gen_op_st_rm_T0_A0(s1, ot, d);
1339 }
1340 gen_op_update2_cc(s1);
1341 set_cc_op(s1, CC_OP_SUBB + ot);
1342 break;
1343 default:
1344 case OP_ANDL:
1345 if (s1->prefix & PREFIX_LOCK) {
1346 tcg_gen_atomic_and_fetch_tl(s1->T0, s1->A0, s1->T1,
1347 s1->mem_index, ot | MO_LE);
1348 } else {
1349 tcg_gen_and_tl(s1->T0, s1->T0, s1->T1);
1350 gen_op_st_rm_T0_A0(s1, ot, d);
1351 }
1352 gen_op_update1_cc(s1);
1353 set_cc_op(s1, CC_OP_LOGICB + ot);
1354 break;
1355 case OP_ORL:
1356 if (s1->prefix & PREFIX_LOCK) {
1357 tcg_gen_atomic_or_fetch_tl(s1->T0, s1->A0, s1->T1,
1358 s1->mem_index, ot | MO_LE);
1359 } else {
1360 tcg_gen_or_tl(s1->T0, s1->T0, s1->T1);
1361 gen_op_st_rm_T0_A0(s1, ot, d);
1362 }
1363 gen_op_update1_cc(s1);
1364 set_cc_op(s1, CC_OP_LOGICB + ot);
1365 break;
1366 case OP_XORL:
1367 if (s1->prefix & PREFIX_LOCK) {
1368 tcg_gen_atomic_xor_fetch_tl(s1->T0, s1->A0, s1->T1,
1369 s1->mem_index, ot | MO_LE);
1370 } else {
1371 tcg_gen_xor_tl(s1->T0, s1->T0, s1->T1);
1372 gen_op_st_rm_T0_A0(s1, ot, d);
1373 }
1374 gen_op_update1_cc(s1);
1375 set_cc_op(s1, CC_OP_LOGICB + ot);
1376 break;
1377 case OP_CMPL:
1378 tcg_gen_mov_tl(cpu_cc_src, s1->T1);
1379 tcg_gen_mov_tl(s1->cc_srcT, s1->T0);
1380 tcg_gen_sub_tl(cpu_cc_dst, s1->T0, s1->T1);
1381 set_cc_op(s1, CC_OP_SUBB + ot);
1382 break;
1383 }
1384 }
1385
1386 /* if d == OR_TMP0, it means memory operand (address in A0) */
1387 static void gen_inc(DisasContext *s1, MemOp ot, int d, int c)
1388 {
1389 if (s1->prefix & PREFIX_LOCK) {
1390 if (d != OR_TMP0) {
1391 /* Lock prefix when destination is not memory */
1392 gen_illegal_opcode(s1);
1393 return;
1394 }
1395 tcg_gen_movi_tl(s1->T0, c > 0 ? 1 : -1);
1396 tcg_gen_atomic_add_fetch_tl(s1->T0, s1->A0, s1->T0,
1397 s1->mem_index, ot | MO_LE);
1398 } else {
1399 if (d != OR_TMP0) {
1400 gen_op_mov_v_reg(s1, ot, s1->T0, d);
1401 } else {
1402 gen_op_ld_v(s1, ot, s1->T0, s1->A0);
1403 }
1404 tcg_gen_addi_tl(s1->T0, s1->T0, (c > 0 ? 1 : -1));
1405 gen_op_st_rm_T0_A0(s1, ot, d);
1406 }
1407
1408 gen_compute_eflags_c(s1, cpu_cc_src);
1409 tcg_gen_mov_tl(cpu_cc_dst, s1->T0);
1410 set_cc_op(s1, (c > 0 ? CC_OP_INCB : CC_OP_DECB) + ot);
1411 }
1412
1413 static void gen_shift_flags(DisasContext *s, MemOp ot, TCGv result,
1414 TCGv shm1, TCGv count, bool is_right)
1415 {
1416 TCGv_i32 z32, s32, oldop;
1417 TCGv z_tl;
1418
1419 /* Store the results into the CC variables. If we know that the
1420 variable must be dead, store unconditionally. Otherwise we'll
1421 need to not disrupt the current contents. */
1422 z_tl = tcg_const_tl(0);
1423 if (cc_op_live[s->cc_op] & USES_CC_DST) {
1424 tcg_gen_movcond_tl(TCG_COND_NE, cpu_cc_dst, count, z_tl,
1425 result, cpu_cc_dst);
1426 } else {
1427 tcg_gen_mov_tl(cpu_cc_dst, result);
1428 }
1429 if (cc_op_live[s->cc_op] & USES_CC_SRC) {
1430 tcg_gen_movcond_tl(TCG_COND_NE, cpu_cc_src, count, z_tl,
1431 shm1, cpu_cc_src);
1432 } else {
1433 tcg_gen_mov_tl(cpu_cc_src, shm1);
1434 }
1435 tcg_temp_free(z_tl);
1436
1437 /* Get the two potential CC_OP values into temporaries. */
1438 tcg_gen_movi_i32(s->tmp2_i32, (is_right ? CC_OP_SARB : CC_OP_SHLB) + ot);
1439 if (s->cc_op == CC_OP_DYNAMIC) {
1440 oldop = cpu_cc_op;
1441 } else {
1442 tcg_gen_movi_i32(s->tmp3_i32, s->cc_op);
1443 oldop = s->tmp3_i32;
1444 }
1445
1446 /* Conditionally store the CC_OP value. */
1447 z32 = tcg_const_i32(0);
1448 s32 = tcg_temp_new_i32();
1449 tcg_gen_trunc_tl_i32(s32, count);
1450 tcg_gen_movcond_i32(TCG_COND_NE, cpu_cc_op, s32, z32, s->tmp2_i32, oldop);
1451 tcg_temp_free_i32(z32);
1452 tcg_temp_free_i32(s32);
1453
1454 /* The CC_OP value is no longer predictable. */
1455 set_cc_op(s, CC_OP_DYNAMIC);
1456 }
1457
1458 static void gen_shift_rm_T1(DisasContext *s, MemOp ot, int op1,
1459 int is_right, int is_arith)
1460 {
1461 target_ulong mask = (ot == MO_64 ? 0x3f : 0x1f);
1462
1463 /* load */
1464 if (op1 == OR_TMP0) {
1465 gen_op_ld_v(s, ot, s->T0, s->A0);
1466 } else {
1467 gen_op_mov_v_reg(s, ot, s->T0, op1);
1468 }
1469
1470 tcg_gen_andi_tl(s->T1, s->T1, mask);
1471 tcg_gen_subi_tl(s->tmp0, s->T1, 1);
1472
1473 if (is_right) {
1474 if (is_arith) {
1475 gen_exts(ot, s->T0);
1476 tcg_gen_sar_tl(s->tmp0, s->T0, s->tmp0);
1477 tcg_gen_sar_tl(s->T0, s->T0, s->T1);
1478 } else {
1479 gen_extu(ot, s->T0);
1480 tcg_gen_shr_tl(s->tmp0, s->T0, s->tmp0);
1481 tcg_gen_shr_tl(s->T0, s->T0, s->T1);
1482 }
1483 } else {
1484 tcg_gen_shl_tl(s->tmp0, s->T0, s->tmp0);
1485 tcg_gen_shl_tl(s->T0, s->T0, s->T1);
1486 }
1487
1488 /* store */
1489 gen_op_st_rm_T0_A0(s, ot, op1);
1490
1491 gen_shift_flags(s, ot, s->T0, s->tmp0, s->T1, is_right);
1492 }
1493
1494 static void gen_shift_rm_im(DisasContext *s, MemOp ot, int op1, int op2,
1495 int is_right, int is_arith)
1496 {
1497 int mask = (ot == MO_64 ? 0x3f : 0x1f);
1498
1499 /* load */
1500 if (op1 == OR_TMP0)
1501 gen_op_ld_v(s, ot, s->T0, s->A0);
1502 else
1503 gen_op_mov_v_reg(s, ot, s->T0, op1);
1504
1505 op2 &= mask;
1506 if (op2 != 0) {
1507 if (is_right) {
1508 if (is_arith) {
1509 gen_exts(ot, s->T0);
1510 tcg_gen_sari_tl(s->tmp4, s->T0, op2 - 1);
1511 tcg_gen_sari_tl(s->T0, s->T0, op2);
1512 } else {
1513 gen_extu(ot, s->T0);
1514 tcg_gen_shri_tl(s->tmp4, s->T0, op2 - 1);
1515 tcg_gen_shri_tl(s->T0, s->T0, op2);
1516 }
1517 } else {
1518 tcg_gen_shli_tl(s->tmp4, s->T0, op2 - 1);
1519 tcg_gen_shli_tl(s->T0, s->T0, op2);
1520 }
1521 }
1522
1523 /* store */
1524 gen_op_st_rm_T0_A0(s, ot, op1);
1525
1526 /* update eflags if non zero shift */
1527 if (op2 != 0) {
1528 tcg_gen_mov_tl(cpu_cc_src, s->tmp4);
1529 tcg_gen_mov_tl(cpu_cc_dst, s->T0);
1530 set_cc_op(s, (is_right ? CC_OP_SARB : CC_OP_SHLB) + ot);
1531 }
1532 }
1533
1534 static void gen_rot_rm_T1(DisasContext *s, MemOp ot, int op1, int is_right)
1535 {
1536 target_ulong mask = (ot == MO_64 ? 0x3f : 0x1f);
1537 TCGv_i32 t0, t1;
1538
1539 /* load */
1540 if (op1 == OR_TMP0) {
1541 gen_op_ld_v(s, ot, s->T0, s->A0);
1542 } else {
1543 gen_op_mov_v_reg(s, ot, s->T0, op1);
1544 }
1545
1546 tcg_gen_andi_tl(s->T1, s->T1, mask);
1547
1548 switch (ot) {
1549 case MO_8:
1550 /* Replicate the 8-bit input so that a 32-bit rotate works. */
1551 tcg_gen_ext8u_tl(s->T0, s->T0);
1552 tcg_gen_muli_tl(s->T0, s->T0, 0x01010101);
1553 goto do_long;
1554 case MO_16:
1555 /* Replicate the 16-bit input so that a 32-bit rotate works. */
1556 tcg_gen_deposit_tl(s->T0, s->T0, s->T0, 16, 16);
1557 goto do_long;
1558 do_long:
1559 #ifdef TARGET_X86_64
1560 case MO_32:
1561 tcg_gen_trunc_tl_i32(s->tmp2_i32, s->T0);
1562 tcg_gen_trunc_tl_i32(s->tmp3_i32, s->T1);
1563 if (is_right) {
1564 tcg_gen_rotr_i32(s->tmp2_i32, s->tmp2_i32, s->tmp3_i32);
1565 } else {
1566 tcg_gen_rotl_i32(s->tmp2_i32, s->tmp2_i32, s->tmp3_i32);
1567 }
1568 tcg_gen_extu_i32_tl(s->T0, s->tmp2_i32);
1569 break;
1570 #endif
1571 default:
1572 if (is_right) {
1573 tcg_gen_rotr_tl(s->T0, s->T0, s->T1);
1574 } else {
1575 tcg_gen_rotl_tl(s->T0, s->T0, s->T1);
1576 }
1577 break;
1578 }
1579
1580 /* store */
1581 gen_op_st_rm_T0_A0(s, ot, op1);
1582
1583 /* We'll need the flags computed into CC_SRC. */
1584 gen_compute_eflags(s);
1585
1586 /* The value that was "rotated out" is now present at the other end
1587 of the word. Compute C into CC_DST and O into CC_SRC2. Note that
1588 since we've computed the flags into CC_SRC, these variables are
1589 currently dead. */
1590 if (is_right) {
1591 tcg_gen_shri_tl(cpu_cc_src2, s->T0, mask - 1);
1592 tcg_gen_shri_tl(cpu_cc_dst, s->T0, mask);
1593 tcg_gen_andi_tl(cpu_cc_dst, cpu_cc_dst, 1);
1594 } else {
1595 tcg_gen_shri_tl(cpu_cc_src2, s->T0, mask);
1596 tcg_gen_andi_tl(cpu_cc_dst, s->T0, 1);
1597 }
1598 tcg_gen_andi_tl(cpu_cc_src2, cpu_cc_src2, 1);
1599 tcg_gen_xor_tl(cpu_cc_src2, cpu_cc_src2, cpu_cc_dst);
1600
1601 /* Now conditionally store the new CC_OP value. If the shift count
1602 is 0 we keep the CC_OP_EFLAGS setting so that only CC_SRC is live.
1603 Otherwise reuse CC_OP_ADCOX which have the C and O flags split out
1604 exactly as we computed above. */
1605 t0 = tcg_const_i32(0);
1606 t1 = tcg_temp_new_i32();
1607 tcg_gen_trunc_tl_i32(t1, s->T1);
1608 tcg_gen_movi_i32(s->tmp2_i32, CC_OP_ADCOX);
1609 tcg_gen_movi_i32(s->tmp3_i32, CC_OP_EFLAGS);
1610 tcg_gen_movcond_i32(TCG_COND_NE, cpu_cc_op, t1, t0,
1611 s->tmp2_i32, s->tmp3_i32);
1612 tcg_temp_free_i32(t0);
1613 tcg_temp_free_i32(t1);
1614
1615 /* The CC_OP value is no longer predictable. */
1616 set_cc_op(s, CC_OP_DYNAMIC);
1617 }
1618
1619 static void gen_rot_rm_im(DisasContext *s, MemOp ot, int op1, int op2,
1620 int is_right)
1621 {
1622 int mask = (ot == MO_64 ? 0x3f : 0x1f);
1623 int shift;
1624
1625 /* load */
1626 if (op1 == OR_TMP0) {
1627 gen_op_ld_v(s, ot, s->T0, s->A0);
1628 } else {
1629 gen_op_mov_v_reg(s, ot, s->T0, op1);
1630 }
1631
1632 op2 &= mask;
1633 if (op2 != 0) {
1634 switch (ot) {
1635 #ifdef TARGET_X86_64
1636 case MO_32:
1637 tcg_gen_trunc_tl_i32(s->tmp2_i32, s->T0);
1638 if (is_right) {
1639 tcg_gen_rotri_i32(s->tmp2_i32, s->tmp2_i32, op2);
1640 } else {
1641 tcg_gen_rotli_i32(s->tmp2_i32, s->tmp2_i32, op2);
1642 }
1643 tcg_gen_extu_i32_tl(s->T0, s->tmp2_i32);
1644 break;
1645 #endif
1646 default:
1647 if (is_right) {
1648 tcg_gen_rotri_tl(s->T0, s->T0, op2);
1649 } else {
1650 tcg_gen_rotli_tl(s->T0, s->T0, op2);
1651 }
1652 break;
1653 case MO_8:
1654 mask = 7;
1655 goto do_shifts;
1656 case MO_16:
1657 mask = 15;
1658 do_shifts:
1659 shift = op2 & mask;
1660 if (is_right) {
1661 shift = mask + 1 - shift;
1662 }
1663 gen_extu(ot, s->T0);
1664 tcg_gen_shli_tl(s->tmp0, s->T0, shift);
1665 tcg_gen_shri_tl(s->T0, s->T0, mask + 1 - shift);
1666 tcg_gen_or_tl(s->T0, s->T0, s->tmp0);
1667 break;
1668 }
1669 }
1670
1671 /* store */
1672 gen_op_st_rm_T0_A0(s, ot, op1);
1673
1674 if (op2 != 0) {
1675 /* Compute the flags into CC_SRC. */
1676 gen_compute_eflags(s);
1677
1678 /* The value that was "rotated out" is now present at the other end
1679 of the word. Compute C into CC_DST and O into CC_SRC2. Note that
1680 since we've computed the flags into CC_SRC, these variables are
1681 currently dead. */
1682 if (is_right) {
1683 tcg_gen_shri_tl(cpu_cc_src2, s->T0, mask - 1);
1684 tcg_gen_shri_tl(cpu_cc_dst, s->T0, mask);
1685 tcg_gen_andi_tl(cpu_cc_dst, cpu_cc_dst, 1);
1686 } else {
1687 tcg_gen_shri_tl(cpu_cc_src2, s->T0, mask);
1688 tcg_gen_andi_tl(cpu_cc_dst, s->T0, 1);
1689 }
1690 tcg_gen_andi_tl(cpu_cc_src2, cpu_cc_src2, 1);
1691 tcg_gen_xor_tl(cpu_cc_src2, cpu_cc_src2, cpu_cc_dst);
1692 set_cc_op(s, CC_OP_ADCOX);
1693 }
1694 }
1695
1696 /* XXX: add faster immediate = 1 case */
1697 static void gen_rotc_rm_T1(DisasContext *s, MemOp ot, int op1,
1698 int is_right)
1699 {
1700 gen_compute_eflags(s);
1701 assert(s->cc_op == CC_OP_EFLAGS);
1702
1703 /* load */
1704 if (op1 == OR_TMP0)
1705 gen_op_ld_v(s, ot, s->T0, s->A0);
1706 else
1707 gen_op_mov_v_reg(s, ot, s->T0, op1);
1708
1709 if (is_right) {
1710 switch (ot) {
1711 case MO_8:
1712 gen_helper_rcrb(s->T0, cpu_env, s->T0, s->T1);
1713 break;
1714 case MO_16:
1715 gen_helper_rcrw(s->T0, cpu_env, s->T0, s->T1);
1716 break;
1717 case MO_32:
1718 gen_helper_rcrl(s->T0, cpu_env, s->T0, s->T1);
1719 break;
1720 #ifdef TARGET_X86_64
1721 case MO_64:
1722 gen_helper_rcrq(s->T0, cpu_env, s->T0, s->T1);
1723 break;
1724 #endif
1725 default:
1726 tcg_abort();
1727 }
1728 } else {
1729 switch (ot) {
1730 case MO_8:
1731 gen_helper_rclb(s->T0, cpu_env, s->T0, s->T1);
1732 break;
1733 case MO_16:
1734 gen_helper_rclw(s->T0, cpu_env, s->T0, s->T1);
1735 break;
1736 case MO_32:
1737 gen_helper_rcll(s->T0, cpu_env, s->T0, s->T1);
1738 break;
1739 #ifdef TARGET_X86_64
1740 case MO_64:
1741 gen_helper_rclq(s->T0, cpu_env, s->T0, s->T1);
1742 break;
1743 #endif
1744 default:
1745 tcg_abort();
1746 }
1747 }
1748 /* store */
1749 gen_op_st_rm_T0_A0(s, ot, op1);
1750 }
1751
1752 /* XXX: add faster immediate case */
1753 static void gen_shiftd_rm_T1(DisasContext *s, MemOp ot, int op1,
1754 bool is_right, TCGv count_in)
1755 {
1756 target_ulong mask = (ot == MO_64 ? 63 : 31);
1757 TCGv count;
1758
1759 /* load */
1760 if (op1 == OR_TMP0) {
1761 gen_op_ld_v(s, ot, s->T0, s->A0);
1762 } else {
1763 gen_op_mov_v_reg(s, ot, s->T0, op1);
1764 }
1765
1766 count = tcg_temp_new();
1767 tcg_gen_andi_tl(count, count_in, mask);
1768
1769 switch (ot) {
1770 case MO_16:
1771 /* Note: we implement the Intel behaviour for shift count > 16.
1772 This means "shrdw C, B, A" shifts A:B:A >> C. Build the B:A
1773 portion by constructing it as a 32-bit value. */
1774 if (is_right) {
1775 tcg_gen_deposit_tl(s->tmp0, s->T0, s->T1, 16, 16);
1776 tcg_gen_mov_tl(s->T1, s->T0);
1777 tcg_gen_mov_tl(s->T0, s->tmp0);
1778 } else {
1779 tcg_gen_deposit_tl(s->T1, s->T0, s->T1, 16, 16);
1780 }
1781 /*
1782 * If TARGET_X86_64 defined then fall through into MO_32 case,
1783 * otherwise fall through default case.
1784 */
1785 case MO_32:
1786 #ifdef TARGET_X86_64
1787 /* Concatenate the two 32-bit values and use a 64-bit shift. */
1788 tcg_gen_subi_tl(s->tmp0, count, 1);
1789 if (is_right) {
1790 tcg_gen_concat_tl_i64(s->T0, s->T0, s->T1);
1791 tcg_gen_shr_i64(s->tmp0, s->T0, s->tmp0);
1792 tcg_gen_shr_i64(s->T0, s->T0, count);
1793 } else {
1794 tcg_gen_concat_tl_i64(s->T0, s->T1, s->T0);
1795 tcg_gen_shl_i64(s->tmp0, s->T0, s->tmp0);
1796 tcg_gen_shl_i64(s->T0, s->T0, count);
1797 tcg_gen_shri_i64(s->tmp0, s->tmp0, 32);
1798 tcg_gen_shri_i64(s->T0, s->T0, 32);
1799 }
1800 break;
1801 #endif
1802 default:
1803 tcg_gen_subi_tl(s->tmp0, count, 1);
1804 if (is_right) {
1805 tcg_gen_shr_tl(s->tmp0, s->T0, s->tmp0);
1806
1807 tcg_gen_subfi_tl(s->tmp4, mask + 1, count);
1808 tcg_gen_shr_tl(s->T0, s->T0, count);
1809 tcg_gen_shl_tl(s->T1, s->T1, s->tmp4);
1810 } else {
1811 tcg_gen_shl_tl(s->tmp0, s->T0, s->tmp0);
1812 if (ot == MO_16) {
1813 /* Only needed if count > 16, for Intel behaviour. */
1814 tcg_gen_subfi_tl(s->tmp4, 33, count);
1815 tcg_gen_shr_tl(s->tmp4, s->T1, s->tmp4);
1816 tcg_gen_or_tl(s->tmp0, s->tmp0, s->tmp4);
1817 }
1818
1819 tcg_gen_subfi_tl(s->tmp4, mask + 1, count);
1820 tcg_gen_shl_tl(s->T0, s->T0, count);
1821 tcg_gen_shr_tl(s->T1, s->T1, s->tmp4);
1822 }
1823 tcg_gen_movi_tl(s->tmp4, 0);
1824 tcg_gen_movcond_tl(TCG_COND_EQ, s->T1, count, s->tmp4,
1825 s->tmp4, s->T1);
1826 tcg_gen_or_tl(s->T0, s->T0, s->T1);
1827 break;
1828 }
1829
1830 /* store */
1831 gen_op_st_rm_T0_A0(s, ot, op1);
1832
1833 gen_shift_flags(s, ot, s->T0, s->tmp0, count, is_right);
1834 tcg_temp_free(count);
1835 }
1836
1837 static void gen_shift(DisasContext *s1, int op, MemOp ot, int d, int s)
1838 {
1839 if (s != OR_TMP1)
1840 gen_op_mov_v_reg(s1, ot, s1->T1, s);
1841 switch(op) {
1842 case OP_ROL:
1843 gen_rot_rm_T1(s1, ot, d, 0);
1844 break;
1845 case OP_ROR:
1846 gen_rot_rm_T1(s1, ot, d, 1);
1847 break;
1848 case OP_SHL:
1849 case OP_SHL1:
1850 gen_shift_rm_T1(s1, ot, d, 0, 0);
1851 break;
1852 case OP_SHR:
1853 gen_shift_rm_T1(s1, ot, d, 1, 0);
1854 break;
1855 case OP_SAR:
1856 gen_shift_rm_T1(s1, ot, d, 1, 1);
1857 break;
1858 case OP_RCL:
1859 gen_rotc_rm_T1(s1, ot, d, 0);
1860 break;
1861 case OP_RCR:
1862 gen_rotc_rm_T1(s1, ot, d, 1);
1863 break;
1864 }
1865 }
1866
1867 static void gen_shifti(DisasContext *s1, int op, MemOp ot, int d, int c)
1868 {
1869 switch(op) {
1870 case OP_ROL:
1871 gen_rot_rm_im(s1, ot, d, c, 0);
1872 break;
1873 case OP_ROR:
1874 gen_rot_rm_im(s1, ot, d, c, 1);
1875 break;
1876 case OP_SHL:
1877 case OP_SHL1:
1878 gen_shift_rm_im(s1, ot, d, c, 0, 0);
1879 break;
1880 case OP_SHR:
1881 gen_shift_rm_im(s1, ot, d, c, 1, 0);
1882 break;
1883 case OP_SAR:
1884 gen_shift_rm_im(s1, ot, d, c, 1, 1);
1885 break;
1886 default:
1887 /* currently not optimized */
1888 tcg_gen_movi_tl(s1->T1, c);
1889 gen_shift(s1, op, ot, d, OR_TMP1);
1890 break;
1891 }
1892 }
1893
1894 #define X86_MAX_INSN_LENGTH 15
1895
1896 static uint64_t advance_pc(CPUX86State *env, DisasContext *s, int num_bytes)
1897 {
1898 uint64_t pc = s->pc;
1899
1900 s->pc += num_bytes;
1901 if (unlikely(s->pc - s->pc_start > X86_MAX_INSN_LENGTH)) {
1902 /* If the instruction's 16th byte is on a different page than the 1st, a
1903 * page fault on the second page wins over the general protection fault
1904 * caused by the instruction being too long.
1905 * This can happen even if the operand is only one byte long!
1906 */
1907 if (((s->pc - 1) ^ (pc - 1)) & TARGET_PAGE_MASK) {
1908 volatile uint8_t unused =
1909 cpu_ldub_code(env, (s->pc - 1) & TARGET_PAGE_MASK);
1910 (void) unused;
1911 }
1912 siglongjmp(s->jmpbuf, 1);
1913 }
1914
1915 return pc;
1916 }
1917
1918 static inline uint8_t x86_ldub_code(CPUX86State *env, DisasContext *s)
1919 {
1920 return translator_ldub(env, advance_pc(env, s, 1));
1921 }
1922
1923 static inline int16_t x86_ldsw_code(CPUX86State *env, DisasContext *s)
1924 {
1925 return translator_ldsw(env, advance_pc(env, s, 2));
1926 }
1927
1928 static inline uint16_t x86_lduw_code(CPUX86State *env, DisasContext *s)
1929 {
1930 return translator_lduw(env, advance_pc(env, s, 2));
1931 }
1932
1933 static inline uint32_t x86_ldl_code(CPUX86State *env, DisasContext *s)
1934 {
1935 return translator_ldl(env, advance_pc(env, s, 4));
1936 }
1937
1938 #ifdef TARGET_X86_64
1939 static inline uint64_t x86_ldq_code(CPUX86State *env, DisasContext *s)
1940 {
1941 return translator_ldq(env, advance_pc(env, s, 8));
1942 }
1943 #endif
1944
1945 /* Decompose an address. */
1946
1947 typedef struct AddressParts {
1948 int def_seg;
1949 int base;
1950 int index;
1951 int scale;
1952 target_long disp;
1953 } AddressParts;
1954
1955 static AddressParts gen_lea_modrm_0(CPUX86State *env, DisasContext *s,
1956 int modrm)
1957 {
1958 int def_seg, base, index, scale, mod, rm;
1959 target_long disp;
1960 bool havesib;
1961
1962 def_seg = R_DS;
1963 index = -1;
1964 scale = 0;
1965 disp = 0;
1966
1967 mod = (modrm >> 6) & 3;
1968 rm = modrm & 7;
1969 base = rm | REX_B(s);
1970
1971 if (mod == 3) {
1972 /* Normally filtered out earlier, but including this path
1973 simplifies multi-byte nop, as well as bndcl, bndcu, bndcn. */
1974 goto done;
1975 }
1976
1977 switch (s->aflag) {
1978 case MO_64:
1979 case MO_32:
1980 havesib = 0;
1981 if (rm == 4) {
1982 int code = x86_ldub_code(env, s);
1983 scale = (code >> 6) & 3;
1984 index = ((code >> 3) & 7) | REX_X(s);
1985 if (index == 4) {
1986 index = -1; /* no index */
1987 }
1988 base = (code & 7) | REX_B(s);
1989 havesib = 1;
1990 }
1991
1992 switch (mod) {
1993 case 0:
1994 if ((base & 7) == 5) {
1995 base = -1;
1996 disp = (int32_t)x86_ldl_code(env, s);
1997 if (CODE64(s) && !havesib) {
1998 base = -2;
1999 disp += s->pc + s->rip_offset;
2000 }
2001 }
2002 break;
2003 case 1:
2004 disp = (int8_t)x86_ldub_code(env, s);
2005 break;
2006 default:
2007 case 2:
2008 disp = (int32_t)x86_ldl_code(env, s);
2009 break;
2010 }
2011
2012 /* For correct popl handling with esp. */
2013 if (base == R_ESP && s->popl_esp_hack) {
2014 disp += s->popl_esp_hack;
2015 }
2016 if (base == R_EBP || base == R_ESP) {
2017 def_seg = R_SS;
2018 }
2019 break;
2020
2021 case MO_16:
2022 if (mod == 0) {
2023 if (rm == 6) {
2024 base = -1;
2025 disp = x86_lduw_code(env, s);
2026 break;
2027 }
2028 } else if (mod == 1) {
2029 disp = (int8_t)x86_ldub_code(env, s);
2030 } else {
2031 disp = (int16_t)x86_lduw_code(env, s);
2032 }
2033
2034 switch (rm) {
2035 case 0:
2036 base = R_EBX;
2037 index = R_ESI;
2038 break;
2039 case 1:
2040 base = R_EBX;
2041 index = R_EDI;
2042 break;
2043 case 2:
2044 base = R_EBP;
2045 index = R_ESI;
2046 def_seg = R_SS;
2047 break;
2048 case 3:
2049 base = R_EBP;
2050 index = R_EDI;
2051 def_seg = R_SS;
2052 break;
2053 case 4:
2054 base = R_ESI;
2055 break;
2056 case 5:
2057 base = R_EDI;
2058 break;
2059 case 6:
2060 base = R_EBP;
2061 def_seg = R_SS;
2062 break;
2063 default:
2064 case 7:
2065 base = R_EBX;
2066 break;
2067 }
2068 break;
2069
2070 default:
2071 tcg_abort();
2072 }
2073
2074 done:
2075 return (AddressParts){ def_seg, base, index, scale, disp };
2076 }
2077
2078 /* Compute the address, with a minimum number of TCG ops. */
2079 static TCGv gen_lea_modrm_1(DisasContext *s, AddressParts a)
2080 {
2081 TCGv ea = NULL;
2082
2083 if (a.index >= 0) {
2084 if (a.scale == 0) {
2085 ea = cpu_regs[a.index];
2086 } else {
2087 tcg_gen_shli_tl(s->A0, cpu_regs[a.index], a.scale);
2088 ea = s->A0;
2089 }
2090 if (a.base >= 0) {
2091 tcg_gen_add_tl(s->A0, ea, cpu_regs[a.base]);
2092 ea = s->A0;
2093 }
2094 } else if (a.base >= 0) {
2095 ea = cpu_regs[a.base];
2096 }
2097 if (!ea) {
2098 tcg_gen_movi_tl(s->A0, a.disp);
2099 ea = s->A0;
2100 } else if (a.disp != 0) {
2101 tcg_gen_addi_tl(s->A0, ea, a.disp);
2102 ea = s->A0;
2103 }
2104
2105 return ea;
2106 }
2107
2108 static void gen_lea_modrm(CPUX86State *env, DisasContext *s, int modrm)
2109 {
2110 AddressParts a = gen_lea_modrm_0(env, s, modrm);
2111 TCGv ea = gen_lea_modrm_1(s, a);
2112 gen_lea_v_seg(s, s->aflag, ea, a.def_seg, s->override);
2113 }
2114
2115 static void gen_nop_modrm(CPUX86State *env, DisasContext *s, int modrm)
2116 {
2117 (void)gen_lea_modrm_0(env, s, modrm);
2118 }
2119
2120 /* Used for BNDCL, BNDCU, BNDCN. */
2121 static void gen_bndck(CPUX86State *env, DisasContext *s, int modrm,
2122 TCGCond cond, TCGv_i64 bndv)
2123 {
2124 TCGv ea = gen_lea_modrm_1(s, gen_lea_modrm_0(env, s, modrm));
2125
2126 tcg_gen_extu_tl_i64(s->tmp1_i64, ea);
2127 if (!CODE64(s)) {
2128 tcg_gen_ext32u_i64(s->tmp1_i64, s->tmp1_i64);
2129 }
2130 tcg_gen_setcond_i64(cond, s->tmp1_i64, s->tmp1_i64, bndv);
2131 tcg_gen_extrl_i64_i32(s->tmp2_i32, s->tmp1_i64);
2132 gen_helper_bndck(cpu_env, s->tmp2_i32);
2133 }
2134
2135 /* used for LEA and MOV AX, mem */
2136 static void gen_add_A0_ds_seg(DisasContext *s)
2137 {
2138 gen_lea_v_seg(s, s->aflag, s->A0, R_DS, s->override);
2139 }
2140
2141 /* generate modrm memory load or store of 'reg'. TMP0 is used if reg ==
2142 OR_TMP0 */
2143 static void gen_ldst_modrm(CPUX86State *env, DisasContext *s, int modrm,
2144 MemOp ot, int reg, int is_store)
2145 {
2146 int mod, rm;
2147
2148 mod = (modrm >> 6) & 3;
2149 rm = (modrm & 7) | REX_B(s);
2150 if (mod == 3) {
2151 if (is_store) {
2152 if (reg != OR_TMP0)
2153 gen_op_mov_v_reg(s, ot, s->T0, reg);
2154 gen_op_mov_reg_v(s, ot, rm, s->T0);
2155 } else {
2156 gen_op_mov_v_reg(s, ot, s->T0, rm);
2157 if (reg != OR_TMP0)
2158 gen_op_mov_reg_v(s, ot, reg, s->T0);
2159 }
2160 } else {
2161 gen_lea_modrm(env, s, modrm);
2162 if (is_store) {
2163 if (reg != OR_TMP0)
2164 gen_op_mov_v_reg(s, ot, s->T0, reg);
2165 gen_op_st_v(s, ot, s->T0, s->A0);
2166 } else {
2167 gen_op_ld_v(s, ot, s->T0, s->A0);
2168 if (reg != OR_TMP0)
2169 gen_op_mov_reg_v(s, ot, reg, s->T0);
2170 }
2171 }
2172 }
2173
2174 static inline uint32_t insn_get(CPUX86State *env, DisasContext *s, MemOp ot)
2175 {
2176 uint32_t ret;
2177
2178 switch (ot) {
2179 case MO_8:
2180 ret = x86_ldub_code(env, s);
2181 break;
2182 case MO_16:
2183 ret = x86_lduw_code(env, s);
2184 break;
2185 case MO_32:
2186 #ifdef TARGET_X86_64
2187 case MO_64:
2188 #endif
2189 ret = x86_ldl_code(env, s);
2190 break;
2191 default:
2192 tcg_abort();
2193 }
2194 return ret;
2195 }
2196
2197 static inline int insn_const_size(MemOp ot)
2198 {
2199 if (ot <= MO_32) {
2200 return 1 << ot;
2201 } else {
2202 return 4;
2203 }
2204 }
2205
2206 static inline bool use_goto_tb(DisasContext *s, target_ulong pc)
2207 {
2208 #ifndef CONFIG_USER_ONLY
2209 return (pc & TARGET_PAGE_MASK) == (s->base.tb->pc & TARGET_PAGE_MASK) ||
2210 (pc & TARGET_PAGE_MASK) == (s->pc_start & TARGET_PAGE_MASK);
2211 #else
2212 return true;
2213 #endif
2214 }
2215
2216 static inline void gen_goto_tb(DisasContext *s, int tb_num, target_ulong eip)
2217 {
2218 target_ulong pc = s->cs_base + eip;
2219
2220 if (use_goto_tb(s, pc)) {
2221 /* jump to same page: we can use a direct jump */
2222 tcg_gen_goto_tb(tb_num);
2223 gen_jmp_im(s, eip);
2224 tcg_gen_exit_tb(s->base.tb, tb_num);
2225 s->base.is_jmp = DISAS_NORETURN;
2226 } else {
2227 /* jump to another page */
2228 gen_jmp_im(s, eip);
2229 gen_jr(s, s->tmp0);
2230 }
2231 }
2232
2233 static inline void gen_jcc(DisasContext *s, int b,
2234 target_ulong val, target_ulong next_eip)
2235 {
2236 TCGLabel *l1, *l2;
2237
2238 if (s->jmp_opt) {
2239 l1 = gen_new_label();
2240 gen_jcc1(s, b, l1);
2241
2242 gen_goto_tb(s, 0, next_eip);
2243
2244 gen_set_label(l1);
2245 gen_goto_tb(s, 1, val);
2246 } else {
2247 l1 = gen_new_label();
2248 l2 = gen_new_label();
2249 gen_jcc1(s, b, l1);
2250
2251 gen_jmp_im(s, next_eip);
2252 tcg_gen_br(l2);
2253
2254 gen_set_label(l1);
2255 gen_jmp_im(s, val);
2256 gen_set_label(l2);
2257 gen_eob(s);
2258 }
2259 }
2260
2261 static void gen_cmovcc1(CPUX86State *env, DisasContext *s, MemOp ot, int b,
2262 int modrm, int reg)
2263 {
2264 CCPrepare cc;
2265
2266 gen_ldst_modrm(env, s, modrm, ot, OR_TMP0, 0);
2267
2268 cc = gen_prepare_cc(s, b, s->T1);
2269 if (cc.mask != -1) {
2270 TCGv t0 = tcg_temp_new();
2271 tcg_gen_andi_tl(t0, cc.reg, cc.mask);
2272 cc.reg = t0;
2273 }
2274 if (!cc.use_reg2) {
2275 cc.reg2 = tcg_const_tl(cc.imm);
2276 }
2277
2278 tcg_gen_movcond_tl(cc.cond, s->T0, cc.reg, cc.reg2,
2279 s->T0, cpu_regs[reg]);
2280 gen_op_mov_reg_v(s, ot, reg, s->T0);
2281
2282 if (cc.mask != -1) {
2283 tcg_temp_free(cc.reg);
2284 }
2285 if (!cc.use_reg2) {
2286 tcg_temp_free(cc.reg2);
2287 }
2288 }
2289
2290 static inline void gen_op_movl_T0_seg(DisasContext *s, X86Seg seg_reg)
2291 {
2292 tcg_gen_ld32u_tl(s->T0, cpu_env,
2293 offsetof(CPUX86State,segs[seg_reg].selector));
2294 }
2295
2296 static inline void gen_op_movl_seg_T0_vm(DisasContext *s, X86Seg seg_reg)
2297 {
2298 tcg_gen_ext16u_tl(s->T0, s->T0);
2299 tcg_gen_st32_tl(s->T0, cpu_env,
2300 offsetof(CPUX86State,segs[seg_reg].selector));
2301 tcg_gen_shli_tl(cpu_seg_base[seg_reg], s->T0, 4);
2302 }
2303
2304 /* move T0 to seg_reg and compute if the CPU state may change. Never
2305 call this function with seg_reg == R_CS */
2306 static void gen_movl_seg_T0(DisasContext *s, X86Seg seg_reg)
2307 {
2308 if (s->pe && !s->vm86) {
2309 tcg_gen_trunc_tl_i32(s->tmp2_i32, s->T0);
2310 gen_helper_load_seg(cpu_env, tcg_const_i32(seg_reg), s->tmp2_i32);
2311 /* abort translation because the addseg value may change or
2312 because ss32 may change. For R_SS, translation must always
2313 stop as a special handling must be done to disable hardware
2314 interrupts for the next instruction */
2315 if (seg_reg == R_SS || (s->code32 && seg_reg < R_FS)) {
2316 s->base.is_jmp = DISAS_TOO_MANY;
2317 }
2318 } else {
2319 gen_op_movl_seg_T0_vm(s, seg_reg);
2320 if (seg_reg == R_SS) {
2321 s->base.is_jmp = DISAS_TOO_MANY;
2322 }
2323 }
2324 }
2325
2326 static inline int svm_is_rep(int prefixes)
2327 {
2328 return ((prefixes & (PREFIX_REPZ | PREFIX_REPNZ)) ? 8 : 0);
2329 }
2330
2331 static inline void
2332 gen_svm_check_intercept_param(DisasContext *s, target_ulong pc_start,
2333 uint32_t type, uint64_t param)
2334 {
2335 /* no SVM activated; fast case */
2336 if (likely(!(s->flags & HF_GUEST_MASK)))
2337 return;
2338 gen_update_cc_op(s);
2339 gen_jmp_im(s, pc_start - s->cs_base);
2340 gen_helper_svm_check_intercept_param(cpu_env, tcg_const_i32(type),
2341 tcg_const_i64(param));
2342 }
2343
2344 static inline void
2345 gen_svm_check_intercept(DisasContext *s, target_ulong pc_start, uint64_t type)
2346 {
2347 gen_svm_check_intercept_param(s, pc_start, type, 0);
2348 }
2349
2350 static inline void gen_stack_update(DisasContext *s, int addend)
2351 {
2352 gen_op_add_reg_im(s, mo_stacksize(s), R_ESP, addend);
2353 }
2354
2355 /* Generate a push. It depends on ss32, addseg and dflag. */
2356 static void gen_push_v(DisasContext *s, TCGv val)
2357 {
2358 MemOp d_ot = mo_pushpop(s, s->dflag);
2359 MemOp a_ot = mo_stacksize(s);
2360 int size = 1 << d_ot;
2361 TCGv new_esp = s->A0;
2362
2363 tcg_gen_subi_tl(s->A0, cpu_regs[R_ESP], size);
2364
2365 if (!CODE64(s)) {
2366 if (s->addseg) {
2367 new_esp = s->tmp4;
2368 tcg_gen_mov_tl(new_esp, s->A0);
2369 }
2370 gen_lea_v_seg(s, a_ot, s->A0, R_SS, -1);
2371 }
2372
2373 gen_op_st_v(s, d_ot, val, s->A0);
2374 gen_op_mov_reg_v(s, a_ot, R_ESP, new_esp);
2375 }
2376
2377 /* two step pop is necessary for precise exceptions */
2378 static MemOp gen_pop_T0(DisasContext *s)
2379 {
2380 MemOp d_ot = mo_pushpop(s, s->dflag);
2381
2382 gen_lea_v_seg(s, mo_stacksize(s), cpu_regs[R_ESP], R_SS, -1);
2383 gen_op_ld_v(s, d_ot, s->T0, s->A0);
2384
2385 return d_ot;
2386 }
2387
2388 static inline void gen_pop_update(DisasContext *s, MemOp ot)
2389 {
2390 gen_stack_update(s, 1 << ot);
2391 }
2392
2393 static inline void gen_stack_A0(DisasContext *s)
2394 {
2395 gen_lea_v_seg(s, s->ss32 ? MO_32 : MO_16, cpu_regs[R_ESP], R_SS, -1);
2396 }
2397
2398 static void gen_pusha(DisasContext *s)
2399 {
2400 MemOp s_ot = s->ss32 ? MO_32 : MO_16;
2401 MemOp d_ot = s->dflag;
2402 int size = 1 << d_ot;
2403 int i;
2404
2405 for (i = 0; i < 8; i++) {
2406 tcg_gen_addi_tl(s->A0, cpu_regs[R_ESP], (i - 8) * size);
2407 gen_lea_v_seg(s, s_ot, s->A0, R_SS, -1);
2408 gen_op_st_v(s, d_ot, cpu_regs[7 - i], s->A0);
2409 }
2410
2411 gen_stack_update(s, -8 * size);
2412 }
2413
2414 static void gen_popa(DisasContext *s)
2415 {
2416 MemOp s_ot = s->ss32 ? MO_32 : MO_16;
2417 MemOp d_ot = s->dflag;
2418 int size = 1 << d_ot;
2419 int i;
2420
2421 for (i = 0; i < 8; i++) {
2422 /* ESP is not reloaded */
2423 if (7 - i == R_ESP) {
2424 continue;
2425 }
2426 tcg_gen_addi_tl(s->A0, cpu_regs[R_ESP], i * size);
2427 gen_lea_v_seg(s, s_ot, s->A0, R_SS, -1);
2428 gen_op_ld_v(s, d_ot, s->T0, s->A0);
2429 gen_op_mov_reg_v(s, d_ot, 7 - i, s->T0);
2430 }
2431
2432 gen_stack_update(s, 8 * size);
2433 }
2434
2435 static void gen_enter(DisasContext *s, int esp_addend, int level)
2436 {
2437 MemOp d_ot = mo_pushpop(s, s->dflag);
2438 MemOp a_ot = CODE64(s) ? MO_64 : s->ss32 ? MO_32 : MO_16;
2439 int size = 1 << d_ot;
2440
2441 /* Push BP; compute FrameTemp into T1. */
2442 tcg_gen_subi_tl(s->T1, cpu_regs[R_ESP], size);
2443 gen_lea_v_seg(s, a_ot, s->T1, R_SS, -1);
2444 gen_op_st_v(s, d_ot, cpu_regs[R_EBP], s->A0);
2445
2446 level &= 31;
2447 if (level != 0) {
2448 int i;
2449
2450 /* Copy level-1 pointers from the previous frame. */
2451 for (i = 1; i < level; ++i) {
2452 tcg_gen_subi_tl(s->A0, cpu_regs[R_EBP], size * i);
2453 gen_lea_v_seg(s, a_ot, s->A0, R_SS, -1);
2454 gen_op_ld_v(s, d_ot, s->tmp0, s->A0);
2455
2456 tcg_gen_subi_tl(s->A0, s->T1, size * i);
2457 gen_lea_v_seg(s, a_ot, s->A0, R_SS, -1);
2458 gen_op_st_v(s, d_ot, s->tmp0, s->A0);
2459 }
2460
2461 /* Push the current FrameTemp as the last level. */
2462 tcg_gen_subi_tl(s->A0, s->T1, size * level);
2463 gen_lea_v_seg(s, a_ot, s->A0, R_SS, -1);
2464 gen_op_st_v(s, d_ot, s->T1, s->A0);
2465 }
2466
2467 /* Copy the FrameTemp value to EBP. */
2468 gen_op_mov_reg_v(s, a_ot, R_EBP, s->T1);
2469
2470 /* Compute the final value of ESP. */
2471 tcg_gen_subi_tl(s->T1, s->T1, esp_addend + size * level);
2472 gen_op_mov_reg_v(s, a_ot, R_ESP, s->T1);
2473 }
2474
2475 static void gen_leave(DisasContext *s)
2476 {
2477 MemOp d_ot = mo_pushpop(s, s->dflag);
2478 MemOp a_ot = mo_stacksize(s);
2479
2480 gen_lea_v_seg(s, a_ot, cpu_regs[R_EBP], R_SS, -1);
2481 gen_op_ld_v(s, d_ot, s->T0, s->A0);
2482
2483 tcg_gen_addi_tl(s->T1, cpu_regs[R_EBP], 1 << d_ot);
2484
2485 gen_op_mov_reg_v(s, d_ot, R_EBP, s->T0);
2486 gen_op_mov_reg_v(s, a_ot, R_ESP, s->T1);
2487 }
2488
2489 /* Similarly, except that the assumption here is that we don't decode
2490 the instruction at all -- either a missing opcode, an unimplemented
2491 feature, or just a bogus instruction stream. */
2492 static void gen_unknown_opcode(CPUX86State *env, DisasContext *s)
2493 {
2494 gen_illegal_opcode(s);
2495
2496 if (qemu_loglevel_mask(LOG_UNIMP)) {
2497 FILE *logfile = qemu_log_lock();
2498 target_ulong pc = s->pc_start, end = s->pc;
2499
2500 qemu_log("ILLOPC: " TARGET_FMT_lx ":", pc);
2501 for (; pc < end; ++pc) {
2502 qemu_log(" %02x", cpu_ldub_code(env, pc));
2503 }
2504 qemu_log("\n");
2505 qemu_log_unlock(logfile);
2506 }
2507 }
2508
2509 /* an interrupt is different from an exception because of the
2510 privilege checks */
2511 static void gen_interrupt(DisasContext *s, int intno,
2512 target_ulong cur_eip, target_ulong next_eip)
2513 {
2514 gen_update_cc_op(s);
2515 gen_jmp_im(s, cur_eip);
2516 gen_helper_raise_interrupt(cpu_env, tcg_const_i32(intno),
2517 tcg_const_i32(next_eip - cur_eip));
2518 s->base.is_jmp = DISAS_NORETURN;
2519 }
2520
2521 static void gen_debug(DisasContext *s, target_ulong cur_eip)
2522 {
2523 gen_update_cc_op(s);
2524 gen_jmp_im(s, cur_eip);
2525 gen_helper_debug(cpu_env);
2526 s->base.is_jmp = DISAS_NORETURN;
2527 }
2528
2529 static void gen_set_hflag(DisasContext *s, uint32_t mask)
2530 {
2531 if ((s->flags & mask) == 0) {
2532 TCGv_i32 t = tcg_temp_new_i32();
2533 tcg_gen_ld_i32(t, cpu_env, offsetof(CPUX86State, hflags));
2534 tcg_gen_ori_i32(t, t, mask);
2535 tcg_gen_st_i32(t, cpu_env, offsetof(CPUX86State, hflags));
2536 tcg_temp_free_i32(t);
2537 s->flags |= mask;
2538 }
2539 }
2540
2541 static void gen_reset_hflag(DisasContext *s, uint32_t mask)
2542 {
2543 if (s->flags & mask) {
2544 TCGv_i32 t = tcg_temp_new_i32();
2545 tcg_gen_ld_i32(t, cpu_env, offsetof(CPUX86State, hflags));
2546 tcg_gen_andi_i32(t, t, ~mask);
2547 tcg_gen_st_i32(t, cpu_env, offsetof(CPUX86State, hflags));
2548 tcg_temp_free_i32(t);
2549 s->flags &= ~mask;
2550 }
2551 }
2552
2553 /* Clear BND registers during legacy branches. */
2554 static void gen_bnd_jmp(DisasContext *s)
2555 {
2556 /* Clear the registers only if BND prefix is missing, MPX is enabled,
2557 and if the BNDREGs are known to be in use (non-zero) already.
2558 The helper itself will check BNDPRESERVE at runtime. */
2559 if ((s->prefix & PREFIX_REPNZ) == 0
2560 && (s->flags & HF_MPX_EN_MASK) != 0
2561 && (s->flags & HF_MPX_IU_MASK) != 0) {
2562 gen_helper_bnd_jmp(cpu_env);
2563 }
2564 }
2565
2566 /* Generate an end of block. Trace exception is also generated if needed.
2567 If INHIBIT, set HF_INHIBIT_IRQ_MASK if it isn't already set.
2568 If RECHECK_TF, emit a rechecking helper for #DB, ignoring the state of
2569 S->TF. This is used by the syscall/sysret insns. */
2570 static void
2571 do_gen_eob_worker(DisasContext *s, bool inhibit, bool recheck_tf, bool jr)
2572 {
2573 gen_update_cc_op(s);
2574
2575 /* If several instructions disable interrupts, only the first does it. */
2576 if (inhibit && !(s->flags & HF_INHIBIT_IRQ_MASK)) {
2577 gen_set_hflag(s, HF_INHIBIT_IRQ_MASK);
2578 } else {
2579 gen_reset_hflag(s, HF_INHIBIT_IRQ_MASK);
2580 }
2581
2582 if (s->base.tb->flags & HF_RF_MASK) {
2583 gen_helper_reset_rf(cpu_env);
2584 }
2585 if (s->base.singlestep_enabled) {
2586 gen_helper_debug(cpu_env);
2587 } else if (recheck_tf) {
2588 gen_helper_rechecking_single_step(cpu_env);
2589 tcg_gen_exit_tb(NULL, 0);
2590 } else if (s->tf) {
2591 gen_helper_single_step(cpu_env);
2592 } else if (jr) {
2593 tcg_gen_lookup_and_goto_ptr();
2594 } else {
2595 tcg_gen_exit_tb(NULL, 0);
2596 }
2597 s->base.is_jmp = DISAS_NORETURN;
2598 }
2599
2600 static inline void
2601 gen_eob_worker(DisasContext *s, bool inhibit, bool recheck_tf)
2602 {
2603 do_gen_eob_worker(s, inhibit, recheck_tf, false);
2604 }
2605
2606 /* End of block.
2607 If INHIBIT, set HF_INHIBIT_IRQ_MASK if it isn't already set. */
2608 static void gen_eob_inhibit_irq(DisasContext *s, bool inhibit)
2609 {
2610 gen_eob_worker(s, inhibit, false);
2611 }
2612
2613 /* End of block, resetting the inhibit irq flag. */
2614 static void gen_eob(DisasContext *s)
2615 {
2616 gen_eob_worker(s, false, false);
2617 }
2618
2619 /* Jump to register */
2620 static void gen_jr(DisasContext *s, TCGv dest)
2621 {
2622 do_gen_eob_worker(s, false, false, true);
2623 }
2624
2625 /* generate a jump to eip. No segment change must happen before as a
2626 direct call to the next block may occur */
2627 static void gen_jmp_tb(DisasContext *s, target_ulong eip, int tb_num)
2628 {
2629 gen_update_cc_op(s);
2630 set_cc_op(s, CC_OP_DYNAMIC);
2631 if (s->jmp_opt) {
2632 gen_goto_tb(s, tb_num, eip);
2633 } else {
2634 gen_jmp_im(s, eip);
2635 gen_eob(s);
2636 }
2637 }
2638
2639 static void gen_jmp(DisasContext *s, target_ulong eip)
2640 {
2641 gen_jmp_tb(s, eip, 0);
2642 }
2643
2644 static inline void gen_ldq_env_A0(DisasContext *s, int offset)
2645 {
2646 tcg_gen_qemu_ld_i64(s->tmp1_i64, s->A0, s->mem_index, MO_LEQ);
2647 tcg_gen_st_i64(s->tmp1_i64, cpu_env, offset);
2648 }
2649
2650 static inline void gen_stq_env_A0(DisasContext *s, int offset)
2651 {
2652 tcg_gen_ld_i64(s->tmp1_i64, cpu_env, offset);
2653 tcg_gen_qemu_st_i64(s->tmp1_i64, s->A0, s->mem_index, MO_LEQ);
2654 }
2655
2656 static inline void gen_ldo_env_A0(DisasContext *s, int offset)
2657 {
2658 int mem_index = s->mem_index;
2659 tcg_gen_qemu_ld_i64(s->tmp1_i64, s->A0, mem_index, MO_LEQ);
2660 tcg_gen_st_i64(s->tmp1_i64, cpu_env, offset + offsetof(ZMMReg, ZMM_Q(0)));
2661 tcg_gen_addi_tl(s->tmp0, s->A0, 8);
2662 tcg_gen_qemu_ld_i64(s->tmp1_i64, s->tmp0, mem_index, MO_LEQ);
2663 tcg_gen_st_i64(s->tmp1_i64, cpu_env, offset + offsetof(ZMMReg, ZMM_Q(1)));
2664 }
2665
2666 static inline void gen_sto_env_A0(DisasContext *s, int offset)
2667 {
2668 int mem_index = s->mem_index;
2669 tcg_gen_ld_i64(s->tmp1_i64, cpu_env, offset + offsetof(ZMMReg, ZMM_Q(0)));
2670 tcg_gen_qemu_st_i64(s->tmp1_i64, s->A0, mem_index, MO_LEQ);
2671 tcg_gen_addi_tl(s->tmp0, s->A0, 8);
2672 tcg_gen_ld_i64(s->tmp1_i64, cpu_env, offset + offsetof(ZMMReg, ZMM_Q(1)));
2673 tcg_gen_qemu_st_i64(s->tmp1_i64, s->tmp0, mem_index, MO_LEQ);
2674 }
2675
2676 static inline void gen_op_movo(DisasContext *s, int d_offset, int s_offset)
2677 {
2678 tcg_gen_ld_i64(s->tmp1_i64, cpu_env, s_offset + offsetof(ZMMReg, ZMM_Q(0)));
2679 tcg_gen_st_i64(s->tmp1_i64, cpu_env, d_offset + offsetof(ZMMReg, ZMM_Q(0)));
2680 tcg_gen_ld_i64(s->tmp1_i64, cpu_env, s_offset + offsetof(ZMMReg, ZMM_Q(1)));
2681 tcg_gen_st_i64(s->tmp1_i64, cpu_env, d_offset + offsetof(ZMMReg, ZMM_Q(1)));
2682 }
2683
2684 static inline void gen_op_movq(DisasContext *s, int d_offset, int s_offset)
2685 {
2686 tcg_gen_ld_i64(s->tmp1_i64, cpu_env, s_offset);
2687 tcg_gen_st_i64(s->tmp1_i64, cpu_env, d_offset);
2688 }
2689
2690 static inline void gen_op_movl(DisasContext *s, int d_offset, int s_offset)
2691 {
2692 tcg_gen_ld_i32(s->tmp2_i32, cpu_env, s_offset);
2693 tcg_gen_st_i32(s->tmp2_i32, cpu_env, d_offset);
2694 }
2695
2696 static inline void gen_op_movq_env_0(DisasContext *s, int d_offset)
2697 {
2698 tcg_gen_movi_i64(s->tmp1_i64, 0);
2699 tcg_gen_st_i64(s->tmp1_i64, cpu_env, d_offset);
2700 }
2701
2702 typedef void (*SSEFunc_i_ep)(TCGv_i32 val, TCGv_ptr env, TCGv_ptr reg);
2703 typedef void (*SSEFunc_l_ep)(TCGv_i64 val, TCGv_ptr env, TCGv_ptr reg);
2704 typedef void (*SSEFunc_0_epi)(TCGv_ptr env, TCGv_ptr reg, TCGv_i32 val);
2705 typedef void (*SSEFunc_0_epl)(TCGv_ptr env, TCGv_ptr reg, TCGv_i64 val);
2706 typedef void (*SSEFunc_0_epp)(TCGv_ptr env, TCGv_ptr reg_a, TCGv_ptr reg_b);
2707 typedef void (*SSEFunc_0_eppi)(TCGv_ptr env, TCGv_ptr reg_a, TCGv_ptr reg_b,
2708 TCGv_i32 val);
2709 typedef void (*SSEFunc_0_ppi)(TCGv_ptr reg_a, TCGv_ptr reg_b, TCGv_i32 val);
2710 typedef void (*SSEFunc_0_eppt)(TCGv_ptr env, TCGv_ptr reg_a, TCGv_ptr reg_b,
2711 TCGv val);
2712
2713 #define SSE_SPECIAL ((void *)1)
2714 #define SSE_DUMMY ((void *)2)
2715
2716 #define MMX_OP2(x) { gen_helper_ ## x ## _mmx, gen_helper_ ## x ## _xmm }
2717 #define SSE_FOP(x) { gen_helper_ ## x ## ps, gen_helper_ ## x ## pd, \
2718 gen_helper_ ## x ## ss, gen_helper_ ## x ## sd, }
2719
2720 static const SSEFunc_0_epp sse_op_table1[256][4] = {
2721 /* 3DNow! extensions */
2722 [0x0e] = { SSE_DUMMY }, /* femms */
2723 [0x0f] = { SSE_DUMMY }, /* pf... */
2724 /* pure SSE operations */
2725 [0x10] = { SSE_SPECIAL, SSE_SPECIAL, SSE_SPECIAL, SSE_SPECIAL }, /* movups, movupd, movss, movsd */
2726 [0x11] = { SSE_SPECIAL, SSE_SPECIAL, SSE_SPECIAL, SSE_SPECIAL }, /* movups, movupd, movss, movsd */
2727 [0x12] = { SSE_SPECIAL, SSE_SPECIAL, SSE_SPECIAL, SSE_SPECIAL }, /* movlps, movlpd, movsldup, movddup */
2728 [0x13] = { SSE_SPECIAL, SSE_SPECIAL }, /* movlps, movlpd */
2729 [0x14] = { gen_helper_punpckldq_xmm, gen_helper_punpcklqdq_xmm },
2730 [0x15] = { gen_helper_punpckhdq_xmm, gen_helper_punpckhqdq_xmm },
2731 [0x16] = { SSE_SPECIAL, SSE_SPECIAL, SSE_SPECIAL }, /* movhps, movhpd, movshdup */
2732 [0x17] = { SSE_SPECIAL, SSE_SPECIAL }, /* movhps, movhpd */
2733
2734 [0x28] = { SSE_SPECIAL, SSE_SPECIAL }, /* movaps, movapd */
2735 [0x29] = { SSE_SPECIAL, SSE_SPECIAL }, /* movaps, movapd */
2736 [0x2a] = { SSE_SPECIAL, SSE_SPECIAL, SSE_SPECIAL, SSE_SPECIAL }, /* cvtpi2ps, cvtpi2pd, cvtsi2ss, cvtsi2sd */
2737 [0x2b] = { SSE_SPECIAL, SSE_SPECIAL, SSE_SPECIAL, SSE_SPECIAL }, /* movntps, movntpd, movntss, movntsd */
2738 [0x2c] = { SSE_SPECIAL, SSE_SPECIAL, SSE_SPECIAL, SSE_SPECIAL }, /* cvttps2pi, cvttpd2pi, cvttsd2si, cvttss2si */
2739 [0x2d] = { SSE_SPECIAL, SSE_SPECIAL, SSE_SPECIAL, SSE_SPECIAL }, /* cvtps2pi, cvtpd2pi, cvtsd2si, cvtss2si */
2740 [0x2e] = { gen_helper_ucomiss, gen_helper_ucomisd },
2741 [0x2f] = { gen_helper_comiss, gen_helper_comisd },
2742 [0x50] = { SSE_SPECIAL, SSE_SPECIAL }, /* movmskps, movmskpd */
2743 [0x51] = SSE_FOP(sqrt),
2744 [0x52] = { gen_helper_rsqrtps, NULL, gen_helper_rsqrtss, NULL },
2745 [0x53] = { gen_helper_rcpps, NULL, gen_helper_rcpss, NULL },
2746 [0x54] = { gen_helper_pand_xmm, gen_helper_pand_xmm }, /* andps, andpd */
2747 [0x55] = { gen_helper_pandn_xmm, gen_helper_pandn_xmm }, /* andnps, andnpd */
2748 [0x56] = { gen_helper_por_xmm, gen_helper_por_xmm }, /* orps, orpd */
2749 [0x57] = { gen_helper_pxor_xmm, gen_helper_pxor_xmm }, /* xorps, xorpd */
2750 [0x58] = SSE_FOP(add),
2751 [0x59] = SSE_FOP(mul),
2752 [0x5a] = { gen_helper_cvtps2pd, gen_helper_cvtpd2ps,
2753 gen_helper_cvtss2sd, gen_helper_cvtsd2ss },
2754 [0x5b] = { gen_helper_cvtdq2ps, gen_helper_cvtps2dq, gen_helper_cvttps2dq },
2755 [0x5c] = SSE_FOP(sub),
2756 [0x5d] = SSE_FOP(min),
2757 [0x5e] = SSE_FOP(div),
2758 [0x5f] = SSE_FOP(max),
2759
2760 [0xc2] = SSE_FOP(cmpeq),
2761 [0xc6] = { (SSEFunc_0_epp)gen_helper_shufps,
2762 (SSEFunc_0_epp)gen_helper_shufpd }, /* XXX: casts */
2763
2764 /* SSSE3, SSE4, MOVBE, CRC32, BMI1, BMI2, ADX. */
2765 [0x38] = { SSE_SPECIAL, SSE_SPECIAL, SSE_SPECIAL, SSE_SPECIAL },
2766 [0x3a] = { SSE_SPECIAL, SSE_SPECIAL, SSE_SPECIAL, SSE_SPECIAL },
2767
2768 /* MMX ops and their SSE extensions */
2769 [0x60] = MMX_OP2(punpcklbw),
2770 [0x61] = MMX_OP2(punpcklwd),
2771 [0x62] = MMX_OP2(punpckldq),
2772 [0x63] = MMX_OP2(packsswb),
2773 [0x64] = MMX_OP2(pcmpgtb),
2774 [0x65] = MMX_OP2(pcmpgtw),
2775 [0x66] = MMX_OP2(pcmpgtl),
2776 [0x67] = MMX_OP2(packuswb),
2777 [0x68] = MMX_OP2(punpckhbw),
2778 [0x69] = MMX_OP2(punpckhwd),
2779 [0x6a] = MMX_OP2(punpckhdq),
2780 [0x6b] = MMX_OP2(packssdw),
2781 [0x6c] = { NULL, gen_helper_punpcklqdq_xmm },
2782 [0x6d] = { NULL, gen_helper_punpckhqdq_xmm },
2783 [0x6e] = { SSE_SPECIAL, SSE_SPECIAL }, /* movd mm, ea */
2784 [0x6f] = { SSE_SPECIAL, SSE_SPECIAL, SSE_SPECIAL }, /* movq, movdqa, , movqdu */
2785 [0x70] = { (SSEFunc_0_epp)gen_helper_pshufw_mmx,
2786 (SSEFunc_0_epp)gen_helper_pshufd_xmm,
2787 (SSEFunc_0_epp)gen_helper_pshufhw_xmm,
2788 (SSEFunc_0_epp)gen_helper_pshuflw_xmm }, /* XXX: casts */
2789 [0x71] = { SSE_SPECIAL, SSE_SPECIAL }, /* shiftw */
2790 [0x72] = { SSE_SPECIAL, SSE_SPECIAL }, /* shiftd */
2791 [0x73] = { SSE_SPECIAL, SSE_SPECIAL }, /* shiftq */
2792 [0x74] = MMX_OP2(pcmpeqb),
2793 [0x75] = MMX_OP2(pcmpeqw),
2794 [0x76] = MMX_OP2(pcmpeql),
2795 [0x77] = { SSE_DUMMY }, /* emms */
2796 [0x78] = { NULL, SSE_SPECIAL, NULL, SSE_SPECIAL }, /* extrq_i, insertq_i */
2797 [0x79] = { NULL, gen_helper_extrq_r, NULL, gen_helper_insertq_r },
2798 [0x7c] = { NULL, gen_helper_haddpd, NULL, gen_helper_haddps },
2799 [0x7d] = { NULL, gen_helper_hsubpd, NULL, gen_helper_hsubps },
2800 [0x7e] = { SSE_SPECIAL, SSE_SPECIAL, SSE_SPECIAL }, /* movd, movd, , movq */
2801 [0x7f] = { SSE_SPECIAL, SSE_SPECIAL, SSE_SPECIAL }, /* movq, movdqa, movdqu */
2802 [0xc4] = { SSE_SPECIAL, SSE_SPECIAL }, /* pinsrw */
2803 [0xc5] = { SSE_SPECIAL, SSE_SPECIAL }, /* pextrw */
2804 [0xd0] = { NULL, gen_helper_addsubpd, NULL, gen_helper_addsubps },
2805 [0xd1] = MMX_OP2(psrlw),
2806 [0xd2] = MMX_OP2(psrld),
2807 [0xd3] = MMX_OP2(psrlq),
2808 [0xd4] = MMX_OP2(paddq),
2809 [0xd5] = MMX_OP2(pmullw),
2810 [0xd6] = { NULL, SSE_SPECIAL, SSE_SPECIAL, SSE_SPECIAL },
2811 [0xd7] = { SSE_SPECIAL, SSE_SPECIAL }, /* pmovmskb */
2812 [0xd8] = MMX_OP2(psubusb),
2813 [0xd9] = MMX_OP2(psubusw),
2814 [0xda] = MMX_OP2(pminub),
2815 [0xdb] = MMX_OP2(pand),
2816 [0xdc] = MMX_OP2(paddusb),
2817 [0xdd] = MMX_OP2(paddusw),
2818 [0xde] = MMX_OP2(pmaxub),
2819 [0xdf] = MMX_OP2(pandn),
2820 [0xe0] = MMX_OP2(pavgb),
2821 [0xe1] = MMX_OP2(psraw),
2822 [0xe2] = MMX_OP2(psrad),
2823 [0xe3] = MMX_OP2(pavgw),
2824 [0xe4] = MMX_OP2(pmulhuw),
2825 [0xe5] = MMX_OP2(pmulhw),
2826 [0xe6] = { NULL, gen_helper_cvttpd2dq, gen_helper_cvtdq2pd, gen_helper_cvtpd2dq },
2827 [0xe7] = { SSE_SPECIAL , SSE_SPECIAL }, /* movntq, movntq */
2828 [0xe8] = MMX_OP2(psubsb),
2829 [0xe9] = MMX_OP2(psubsw),
2830 [0xea] = MMX_OP2(pminsw),
2831 [0xeb] = MMX_OP2(por),
2832 [0xec] = MMX_OP2(paddsb),
2833 [0xed] = MMX_OP2(paddsw),
2834 [0xee] = MMX_OP2(pmaxsw),
2835 [0xef] = MMX_OP2(pxor),
2836 [0xf0] = { NULL, NULL, NULL, SSE_SPECIAL }, /* lddqu */
2837 [0xf1] = MMX_OP2(psllw),
2838 [0xf2] = MMX_OP2(pslld),
2839 [0xf3] = MMX_OP2(psllq),
2840 [0xf4] = MMX_OP2(pmuludq),
2841 [0xf5] = MMX_OP2(pmaddwd),
2842 [0xf6] = MMX_OP2(psadbw),
2843 [0xf7] = { (SSEFunc_0_epp)gen_helper_maskmov_mmx,
2844 (SSEFunc_0_epp)gen_helper_maskmov_xmm }, /* XXX: casts */
2845 [0xf8] = MMX_OP2(psubb),
2846 [0xf9] = MMX_OP2(psubw),
2847 [0xfa] = MMX_OP2(psubl),
2848 [0xfb] = MMX_OP2(psubq),
2849 [0xfc] = MMX_OP2(paddb),
2850 [0xfd] = MMX_OP2(paddw),
2851 [0xfe] = MMX_OP2(paddl),
2852 };
2853
2854 static const SSEFunc_0_epp sse_op_table2[3 * 8][2] = {
2855 [0 + 2] = MMX_OP2(psrlw),
2856 [0 + 4] = MMX_OP2(psraw),
2857 [0 + 6] = MMX_OP2(psllw),
2858 [8 + 2] = MMX_OP2(psrld),
2859 [8 + 4] = MMX_OP2(psrad),
2860 [8 + 6] = MMX_OP2(pslld),
2861 [16 + 2] = MMX_OP2(psrlq),
2862 [16 + 3] = { NULL, gen_helper_psrldq_xmm },
2863 [16 + 6] = MMX_OP2(psllq),
2864 [16 + 7] = { NULL, gen_helper_pslldq_xmm },
2865 };
2866
2867 static const SSEFunc_0_epi sse_op_table3ai[] = {
2868 gen_helper_cvtsi2ss,
2869 gen_helper_cvtsi2sd
2870 };
2871
2872 #ifdef TARGET_X86_64
2873 static const SSEFunc_0_epl sse_op_table3aq[] = {
2874 gen_helper_cvtsq2ss,
2875 gen_helper_cvtsq2sd
2876 };
2877 #endif
2878
2879 static const SSEFunc_i_ep sse_op_table3bi[] = {
2880 gen_helper_cvttss2si,
2881 gen_helper_cvtss2si,
2882 gen_helper_cvttsd2si,
2883 gen_helper_cvtsd2si
2884 };
2885
2886 #ifdef TARGET_X86_64
2887 static const SSEFunc_l_ep sse_op_table3bq[] = {
2888 gen_helper_cvttss2sq,
2889 gen_helper_cvtss2sq,
2890 gen_helper_cvttsd2sq,
2891 gen_helper_cvtsd2sq
2892 };
2893 #endif
2894
2895 static const SSEFunc_0_epp sse_op_table4[8][4] = {
2896 SSE_FOP(cmpeq),
2897 SSE_FOP(cmplt),
2898 SSE_FOP(cmple),
2899 SSE_FOP(cmpunord),
2900 SSE_FOP(cmpneq),
2901 SSE_FOP(cmpnlt),
2902 SSE_FOP(cmpnle),
2903 SSE_FOP(cmpord),
2904 };
2905
2906 static const SSEFunc_0_epp sse_op_table5[256] = {
2907 [0x0c] = gen_helper_pi2fw,
2908 [0x0d] = gen_helper_pi2fd,
2909 [0x1c] = gen_helper_pf2iw,
2910 [0x1d] = gen_helper_pf2id,
2911 [0x8a] = gen_helper_pfnacc,
2912 [0x8e] = gen_helper_pfpnacc,
2913 [0x90] = gen_helper_pfcmpge,
2914 [0x94] = gen_helper_pfmin,
2915 [0x96] = gen_helper_pfrcp,
2916 [0x97] = gen_helper_pfrsqrt,
2917 [0x9a] = gen_helper_pfsub,
2918 [0x9e] = gen_helper_pfadd,
2919 [0xa0] = gen_helper_pfcmpgt,
2920 [0xa4] = gen_helper_pfmax,
2921 [0xa6] = gen_helper_movq, /* pfrcpit1; no need to actually increase precision */
2922 [0xa7] = gen_helper_movq, /* pfrsqit1 */
2923 [0xaa] = gen_helper_pfsubr,
2924 [0xae] = gen_helper_pfacc,
2925 [0xb0] = gen_helper_pfcmpeq,
2926 [0xb4] = gen_helper_pfmul,
2927 [0xb6] = gen_helper_movq, /* pfrcpit2 */
2928 [0xb7] = gen_helper_pmulhrw_mmx,
2929 [0xbb] = gen_helper_pswapd,
2930 [0xbf] = gen_helper_pavgb_mmx /* pavgusb */
2931 };
2932
2933 struct SSEOpHelper_epp {
2934 SSEFunc_0_epp op[2];
2935 uint32_t ext_mask;
2936 };
2937
2938 struct SSEOpHelper_eppi {
2939 SSEFunc_0_eppi op[2];
2940 uint32_t ext_mask;
2941 };
2942
2943 #define SSSE3_OP(x) { MMX_OP2(x), CPUID_EXT_SSSE3 }
2944 #define SSE41_OP(x) { { NULL, gen_helper_ ## x ## _xmm }, CPUID_EXT_SSE41 }
2945 #define SSE42_OP(x) { { NULL, gen_helper_ ## x ## _xmm }, CPUID_EXT_SSE42 }
2946 #define SSE41_SPECIAL { { NULL, SSE_SPECIAL }, CPUID_EXT_SSE41 }
2947 #define PCLMULQDQ_OP(x) { { NULL, gen_helper_ ## x ## _xmm }, \
2948 CPUID_EXT_PCLMULQDQ }
2949 #define AESNI_OP(x) { { NULL, gen_helper_ ## x ## _xmm }, CPUID_EXT_AES }
2950
2951 static const struct SSEOpHelper_epp sse_op_table6[256] = {
2952 [0x00] = SSSE3_OP(pshufb),
2953 [0x01] = SSSE3_OP(phaddw),
2954 [0x02] = SSSE3_OP(phaddd),
2955 [0x03] = SSSE3_OP(phaddsw),
2956 [0x04] = SSSE3_OP(pmaddubsw),
2957 [0x05] = SSSE3_OP(phsubw),
2958 [0x06] = SSSE3_OP(phsubd),
2959 [0x07] = SSSE3_OP(phsubsw),
2960 [0x08] = SSSE3_OP(psignb),
2961 [0x09] = SSSE3_OP(psignw),
2962 [0x0a] = SSSE3_OP(psignd),
2963 [0x0b] = SSSE3_OP(pmulhrsw),
2964 [0x10] = SSE41_OP(pblendvb),
2965 [0x14] = SSE41_OP(blendvps),
2966 [0x15] = SSE41_OP(blendvpd),
2967 [0x17] = SSE41_OP(ptest),
2968 [0x1c] = SSSE3_OP(pabsb),
2969 [0x1d] = SSSE3_OP(pabsw),
2970 [0x1e] = SSSE3_OP(pabsd),
2971 [0x20] = SSE41_OP(pmovsxbw),
2972 [0x21] = SSE41_OP(pmovsxbd),
2973 [0x22] = SSE41_OP(pmovsxbq),
2974 [0x23] = SSE41_OP(pmovsxwd),
2975 [0x24] = SSE41_OP(pmovsxwq),
2976 [0x25] = SSE41_OP(pmovsxdq),
2977 [0x28] = SSE41_OP(pmuldq),
2978 [0x29] = SSE41_OP(pcmpeqq),
2979 [0x2a] = SSE41_SPECIAL, /* movntqda */
2980 [0x2b] = SSE41_OP(packusdw),
2981 [0x30] = SSE41_OP(pmovzxbw),
2982 [0x31] = SSE41_OP(pmovzxbd),
2983 [0x32] = SSE41_OP(pmovzxbq),
2984 [0x33] = SSE41_OP(pmovzxwd),
2985 [0x34] = SSE41_OP(pmovzxwq),
2986 [0x35] = SSE41_OP(pmovzxdq),
2987 [0x37] = SSE42_OP(pcmpgtq),
2988 [0x38] = SSE41_OP(pminsb),
2989 [0x39] = SSE41_OP(pminsd),
2990 [0x3a] = SSE41_OP(pminuw),
2991 [0x3b] = SSE41_OP(pminud),
2992 [0x3c] = SSE41_OP(pmaxsb),
2993 [0x3d] = SSE41_OP(pmaxsd),
2994 [0x3e] = SSE41_OP(pmaxuw),
2995 [0x3f] = SSE41_OP(pmaxud),
2996 [0x40] = SSE41_OP(pmulld),
2997 [0x41] = SSE41_OP(phminposuw),
2998 [0xdb] = AESNI_OP(aesimc),
2999 [0xdc] = AESNI_OP(aesenc),
3000 [0xdd] = AESNI_OP(aesenclast),
3001 [0xde] = AESNI_OP(aesdec),
3002 [0xdf] = AESNI_OP(aesdeclast),
3003 };
3004
3005 static const struct SSEOpHelper_eppi sse_op_table7[256] = {
3006 [0x08] = SSE41_OP(roundps),
3007 [0x09] = SSE41_OP(roundpd),
3008 [0x0a] = SSE41_OP(roundss),
3009 [0x0b] = SSE41_OP(roundsd),
3010 [0x0c] = SSE41_OP(blendps),
3011 [0x0d] = SSE41_OP(blendpd),
3012 [0x0e] = SSE41_OP(pblendw),
3013 [0x0f] = SSSE3_OP(palignr),
3014 [0x14] = SSE41_SPECIAL, /* pextrb */
3015 [0x15] = SSE41_SPECIAL, /* pextrw */
3016 [0x16] = SSE41_SPECIAL, /* pextrd/pextrq */
3017 [0x17] = SSE41_SPECIAL, /* extractps */
3018 [0x20] = SSE41_SPECIAL, /* pinsrb */
3019 [0x21] = SSE41_SPECIAL, /* insertps */
3020 [0x22] = SSE41_SPECIAL, /* pinsrd/pinsrq */
3021 [0x40] = SSE41_OP(dpps),
3022 [0x41] = SSE41_OP(dppd),
3023 [0x42] = SSE41_OP(mpsadbw),
3024 [0x44] = PCLMULQDQ_OP(pclmulqdq),
3025 [0x60] = SSE42_OP(pcmpestrm),
3026 [0x61] = SSE42_OP(pcmpestri),
3027 [0x62] = SSE42_OP(pcmpistrm),
3028 [0x63] = SSE42_OP(pcmpistri),
3029 [0xdf] = AESNI_OP(aeskeygenassist),
3030 };
3031
3032 static void gen_sse(CPUX86State *env, DisasContext *s, int b,
3033 target_ulong pc_start, int rex_r)
3034 {
3035 int b1, op1_offset, op2_offset, is_xmm, val;
3036 int modrm, mod, rm, reg;
3037 SSEFunc_0_epp sse_fn_epp;
3038 SSEFunc_0_eppi sse_fn_eppi;
3039 SSEFunc_0_ppi sse_fn_ppi;
3040 SSEFunc_0_eppt sse_fn_eppt;
3041 MemOp ot;
3042
3043 b &= 0xff;
3044 if (s->prefix & PREFIX_DATA)
3045 b1 = 1;
3046 else if (s->prefix & PREFIX_REPZ)
3047 b1 = 2;
3048 else if (s->prefix & PREFIX_REPNZ)
3049 b1 = 3;
3050 else
3051 b1 = 0;
3052 sse_fn_epp = sse_op_table1[b][b1];
3053 if (!sse_fn_epp) {
3054 goto unknown_op;
3055 }
3056 if ((b <= 0x5f && b >= 0x10) || b == 0xc6 || b == 0xc2) {
3057 is_xmm = 1;
3058 } else {
3059 if (b1 == 0) {
3060 /* MMX case */
3061 is_xmm = 0;
3062 } else {
3063 is_xmm = 1;
3064 }
3065 }
3066 /* simple MMX/SSE operation */
3067 if (s->flags & HF_TS_MASK) {
3068 gen_exception(s, EXCP07_PREX, pc_start - s->cs_base);
3069 return;
3070 }
3071 if (s->flags & HF_EM_MASK) {
3072 illegal_op:
3073 gen_illegal_opcode(s);
3074 return;
3075 }
3076 if (is_xmm
3077 && !(s->flags & HF_OSFXSR_MASK)
3078 && (b != 0x38 && b != 0x3a)) {
3079 goto unknown_op;
3080 }
3081 if (b == 0x0e) {
3082 if (!(s->cpuid_ext2_features & CPUID_EXT2_3DNOW)) {
3083 /* If we were fully decoding this we might use illegal_op. */
3084 goto unknown_op;
3085 }
3086 /* femms */
3087 gen_helper_emms(cpu_env);
3088 return;
3089 }
3090 if (b == 0x77) {
3091 /* emms */
3092 gen_helper_emms(cpu_env);
3093 return;
3094 }
3095 /* prepare MMX state (XXX: optimize by storing fptt and fptags in
3096 the static cpu state) */
3097 if (!is_xmm) {
3098 gen_helper_enter_mmx(cpu_env);
3099 }
3100
3101 modrm = x86_ldub_code(env, s);
3102 reg = ((modrm >> 3) & 7);
3103 if (is_xmm)
3104 reg |= rex_r;
3105 mod = (modrm >> 6) & 3;
3106 if (sse_fn_epp == SSE_SPECIAL) {
3107 b |= (b1 << 8);
3108 switch(b) {
3109 case 0x0e7: /* movntq */
3110 if (mod == 3) {
3111 goto illegal_op;
3112 }
3113 gen_lea_modrm(env, s, modrm);
3114 gen_stq_env_A0(s, offsetof(CPUX86State, fpregs[reg].mmx));
3115 break;
3116 case 0x1e7: /* movntdq */
3117 case 0x02b: /* movntps */
3118 case 0x12b: /* movntps */
3119 if (mod == 3)
3120 goto illegal_op;
3121 gen_lea_modrm(env, s, modrm);
3122 gen_sto_env_A0(s, offsetof(CPUX86State, xmm_regs[reg]));
3123 break;
3124 case 0x3f0: /* lddqu */
3125 if (mod == 3)
3126 goto illegal_op;
3127 gen_lea_modrm(env, s, modrm);
3128 gen_ldo_env_A0(s, offsetof(CPUX86State, xmm_regs[reg]));
3129 break;
3130 case 0x22b: /* movntss */
3131 case 0x32b: /* movntsd */
3132 if (mod == 3)
3133 goto illegal_op;
3134 gen_lea_modrm(env, s, modrm);
3135 if (b1 & 1) {
3136 gen_stq_env_A0(s, offsetof(CPUX86State,
3137 xmm_regs[reg].ZMM_Q(0)));
3138 } else {
3139 tcg_gen_ld32u_tl(s->T0, cpu_env, offsetof(CPUX86State,
3140 xmm_regs[reg].ZMM_L(0)));
3141 gen_op_st_v(s, MO_32, s->T0, s->A0);
3142 }
3143 break;
3144 case 0x6e: /* movd mm, ea */
3145 #ifdef TARGET_X86_64
3146 if (s->dflag == MO_64) {
3147 gen_ldst_modrm(env, s, modrm, MO_64, OR_TMP0, 0);
3148 tcg_gen_st_tl(s->T0, cpu_env,
3149 offsetof(CPUX86State, fpregs[reg].mmx));
3150 } else
3151 #endif
3152 {
3153 gen_ldst_modrm(env, s, modrm, MO_32, OR_TMP0, 0);
3154 tcg_gen_addi_ptr(s->ptr0, cpu_env,
3155 offsetof(CPUX86State,fpregs[reg].mmx));
3156 tcg_gen_trunc_tl_i32(s->tmp2_i32, s->T0);
3157 gen_helper_movl_mm_T0_mmx(s->ptr0, s->tmp2_i32);
3158 }
3159 break;
3160 case 0x16e: /* movd xmm, ea */
3161 #ifdef TARGET_X86_64
3162 if (s->dflag == MO_64) {
3163 gen_ldst_modrm(env, s, modrm, MO_64, OR_TMP0, 0);
3164 tcg_gen_addi_ptr(s->ptr0, cpu_env,
3165 offsetof(CPUX86State,xmm_regs[reg]));
3166 gen_helper_movq_mm_T0_xmm(s->ptr0, s->T0);
3167 } else
3168 #endif
3169 {
3170 gen_ldst_modrm(env, s, modrm, MO_32, OR_TMP0, 0);
3171 tcg_gen_addi_ptr(s->ptr0, cpu_env,
3172 offsetof(CPUX86State,xmm_regs[reg]));
3173 tcg_gen_trunc_tl_i32(s->tmp2_i32, s->T0);
3174 gen_helper_movl_mm_T0_xmm(s->ptr0, s->tmp2_i32);
3175 }
3176 break;
3177 case 0x6f: /* movq mm, ea */
3178 if (mod != 3) {
3179 gen_lea_modrm(env, s, modrm);
3180 gen_ldq_env_A0(s, offsetof(CPUX86State, fpregs[reg].mmx));
3181 } else {
3182 rm = (modrm & 7);
3183 tcg_gen_ld_i64(s->tmp1_i64, cpu_env,
3184 offsetof(CPUX86State,fpregs[rm].mmx));
3185 tcg_gen_st_i64(s->tmp1_i64, cpu_env,
3186 offsetof(CPUX86State,fpregs[reg].mmx));
3187 }
3188 break;
3189 case 0x010: /* movups */
3190 case 0x110: /* movupd */
3191 case 0x028: /* movaps */
3192 case 0x128: /* movapd */
3193 case 0x16f: /* movdqa xmm, ea */
3194 case 0x26f: /* movdqu xmm, ea */
3195 if (mod != 3) {
3196 gen_lea_modrm(env, s, modrm);
3197 gen_ldo_env_A0(s, offsetof(CPUX86State, xmm_regs[reg]));
3198 } else {
3199 rm = (modrm & 7) | REX_B(s);
3200 gen_op_movo(s, offsetof(CPUX86State, xmm_regs[reg]),
3201 offsetof(CPUX86State,xmm_regs[rm]));
3202 }
3203 break;
3204 case 0x210: /* movss xmm, ea */
3205 if (mod != 3) {
3206 gen_lea_modrm(env, s, modrm);
3207 gen_op_ld_v(s, MO_32, s->T0, s->A0);
3208 tcg_gen_st32_tl(s->T0, cpu_env,
3209 offsetof(CPUX86State, xmm_regs[reg].ZMM_L(0)));
3210 tcg_gen_movi_tl(s->T0, 0);
3211 tcg_gen_st32_tl(s->T0, cpu_env,
3212 offsetof(CPUX86State, xmm_regs[reg].ZMM_L(1)));
3213 tcg_gen_st32_tl(s->T0, cpu_env,
3214 offsetof(CPUX86State, xmm_regs[reg].ZMM_L(2)));
3215 tcg_gen_st32_tl(s->T0, cpu_env,
3216 offsetof(CPUX86State, xmm_regs[reg].ZMM_L(3)));
3217 } else {
3218 rm = (modrm & 7) | REX_B(s);
3219 gen_op_movl(s, offsetof(CPUX86State, xmm_regs[reg].ZMM_L(0)),
3220 offsetof(CPUX86State,xmm_regs[rm].ZMM_L(0)));
3221 }
3222 break;
3223 case 0x310: /* movsd xmm, ea */
3224 if (mod != 3) {
3225 gen_lea_modrm(env, s, modrm);
3226 gen_ldq_env_A0(s, offsetof(CPUX86State,
3227 xmm_regs[reg].ZMM_Q(0)));
3228 tcg_gen_movi_tl(s->T0, 0);
3229 tcg_gen_st32_tl(s->T0, cpu_env,
3230 offsetof(CPUX86State, xmm_regs[reg].ZMM_L(2)));
3231 tcg_gen_st32_tl(s->T0, cpu_env,
3232 offsetof(CPUX86State, xmm_regs[reg].ZMM_L(3)));
3233 } else {
3234 rm = (modrm & 7) | REX_B(s);
3235 gen_op_movq(s, offsetof(CPUX86State, xmm_regs[reg].ZMM_Q(0)),
3236 offsetof(CPUX86State,xmm_regs[rm].ZMM_Q(0)));
3237 }
3238 break;
3239 case 0x012: /* movlps */
3240 case 0x112: /* movlpd */
3241 if (mod != 3) {
3242 gen_lea_modrm(env, s, modrm);
3243 gen_ldq_env_A0(s, offsetof(CPUX86State,
3244 xmm_regs[reg].ZMM_Q(0)));
3245 } else {
3246 /* movhlps */
3247 rm = (modrm & 7) | REX_B(s);
3248 gen_op_movq(s, offsetof(CPUX86State, xmm_regs[reg].ZMM_Q(0)),
3249 offsetof(CPUX86State,xmm_regs[rm].ZMM_Q(1)));
3250 }
3251 break;
3252 case 0x212: /* movsldup */
3253 if (mod != 3) {
3254 gen_lea_modrm(env, s, modrm);
3255 gen_ldo_env_A0(s, offsetof(CPUX86State, xmm_regs[reg]));
3256 } else {
3257 rm = (modrm & 7) | REX_B(s);
3258 gen_op_movl(s, offsetof(CPUX86State, xmm_regs[reg].ZMM_L(0)),
3259 offsetof(CPUX86State,xmm_regs[rm].ZMM_L(0)));
3260 gen_op_movl(s, offsetof(CPUX86State, xmm_regs[reg].ZMM_L(2)),
3261 offsetof(CPUX86State,xmm_regs[rm].ZMM_L(2)));
3262 }
3263 gen_op_movl(s, offsetof(CPUX86State, xmm_regs[reg].ZMM_L(1)),
3264 offsetof(CPUX86State,xmm_regs[reg].ZMM_L(0)));
3265 gen_op_movl(s, offsetof(CPUX86State, xmm_regs[reg].ZMM_L(3)),
3266 offsetof(CPUX86State,xmm_regs[reg].ZMM_L(2)));
3267 break;
3268 case 0x312: /* movddup */
3269 if (mod != 3) {
3270 gen_lea_modrm(env, s, modrm);
3271 gen_ldq_env_A0(s, offsetof(CPUX86State,
3272 xmm_regs[reg].ZMM_Q(0)));
3273 } else {
3274 rm = (modrm & 7) | REX_B(s);
3275 gen_op_movq(s, offsetof(CPUX86State, xmm_regs[reg].ZMM_Q(0)),
3276 offsetof(CPUX86State,xmm_regs[rm].ZMM_Q(0)));
3277 }
3278 gen_op_movq(s, offsetof(CPUX86State, xmm_regs[reg].ZMM_Q(1)),
3279 offsetof(CPUX86State,xmm_regs[reg].ZMM_Q(0)));
3280 break;
3281 case 0x016: /* movhps */
3282 case 0x116: /* movhpd */
3283 if (mod != 3) {
3284 gen_lea_modrm(env, s, modrm);
3285 gen_ldq_env_A0(s, offsetof(CPUX86State,
3286 xmm_regs[reg].ZMM_Q(1)));
3287 } else {
3288 /* movlhps */
3289 rm = (modrm & 7) | REX_B(s);
3290 gen_op_movq(s, offsetof(CPUX86State, xmm_regs[reg].ZMM_Q(1)),
3291 offsetof(CPUX86State,xmm_regs[rm].ZMM_Q(0)));
3292 }
3293 break;
3294 case 0x216: /* movshdup */
3295 if (mod != 3) {
3296 gen_lea_modrm(env, s, modrm);
3297 gen_ldo_env_A0(s, offsetof(CPUX86State, xmm_regs[reg]));
3298 } else {
3299 rm = (modrm & 7) | REX_B(s);
3300 gen_op_movl(s, offsetof(CPUX86State, xmm_regs[reg].ZMM_L(1)),
3301 offsetof(CPUX86State,xmm_regs[rm].ZMM_L(1)));
3302 gen_op_movl(s, offsetof(CPUX86State, xmm_regs[reg].ZMM_L(3)),
3303 offsetof(CPUX86State,xmm_regs[rm].ZMM_L(3)));
3304 }
3305 gen_op_movl(s, offsetof(CPUX86State, xmm_regs[reg].ZMM_L(0)),
3306 offsetof(CPUX86State,xmm_regs[reg].ZMM_L(1)));
3307 gen_op_movl(s, offsetof(CPUX86State, xmm_regs[reg].ZMM_L(2)),
3308 offsetof(CPUX86State,xmm_regs[reg].ZMM_L(3)));
3309 break;
3310 case 0x178:
3311 case 0x378:
3312 {
3313 int bit_index, field_length;
3314
3315 if (b1 == 1 && reg != 0)
3316 goto illegal_op;
3317 field_length = x86_ldub_code(env, s) & 0x3F;
3318 bit_index = x86_ldub_code(env, s) & 0x3F;
3319 tcg_gen_addi_ptr(s->ptr0, cpu_env,
3320 offsetof(CPUX86State,xmm_regs[reg]));
3321 if (b1 == 1)
3322 gen_helper_extrq_i(cpu_env, s->ptr0,
3323 tcg_const_i32(bit_index),
3324 tcg_const_i32(field_length));
3325 else
3326 gen_helper_insertq_i(cpu_env, s->ptr0,
3327 tcg_const_i32(bit_index),
3328 tcg_const_i32(field_length));
3329 }
3330 break;
3331 case 0x7e: /* movd ea, mm */
3332 #ifdef TARGET_X86_64
3333 if (s->dflag == MO_64) {
3334 tcg_gen_ld_i64(s->T0, cpu_env,
3335 offsetof(CPUX86State,fpregs[reg].mmx));
3336 gen_ldst_modrm(env, s, modrm, MO_64, OR_TMP0, 1);
3337 } else
3338 #endif
3339 {
3340 tcg_gen_ld32u_tl(s->T0, cpu_env,
3341 offsetof(CPUX86State,fpregs[reg].mmx.MMX_L(0)));
3342 gen_ldst_modrm(env, s, modrm, MO_32, OR_TMP0, 1);
3343 }
3344 break;
3345 case 0x17e: /* movd ea, xmm */
3346 #ifdef TARGET_X86_64
3347 if (s->dflag == MO_64) {
3348 tcg_gen_ld_i64(s->T0, cpu_env,
3349 offsetof(CPUX86State,xmm_regs[reg].ZMM_Q(0)));
3350 gen_ldst_modrm(env, s, modrm, MO_64, OR_TMP0, 1);
3351 } else
3352 #endif
3353 {
3354 tcg_gen_ld32u_tl(s->T0, cpu_env,
3355 offsetof(CPUX86State,xmm_regs[reg].ZMM_L(0)));
3356 gen_ldst_modrm(env, s, modrm, MO_32, OR_TMP0, 1);
3357 }
3358 break;
3359 case 0x27e: /* movq xmm, ea */
3360 if (mod != 3) {
3361 gen_lea_modrm(env, s, modrm);
3362 gen_ldq_env_A0(s, offsetof(CPUX86State,
3363 xmm_regs[reg].ZMM_Q(0)));
3364 } else {
3365 rm = (modrm & 7) | REX_B(s);
3366 gen_op_movq(s, offsetof(CPUX86State, xmm_regs[reg].ZMM_Q(0)),
3367 offsetof(CPUX86State,xmm_regs[rm].ZMM_Q(0)));
3368 }
3369 gen_op_movq_env_0(s, offsetof(CPUX86State, xmm_regs[reg].ZMM_Q(1)));
3370 break;
3371 case 0x7f: /* movq ea, mm */
3372 if (mod != 3) {
3373 gen_lea_modrm(env, s, modrm);
3374 gen_stq_env_A0(s, offsetof(CPUX86State, fpregs[reg].mmx));
3375 } else {
3376 rm = (modrm & 7);
3377 gen_op_movq(s, offsetof(CPUX86State, fpregs[rm].mmx),
3378 offsetof(CPUX86State,fpregs[reg].mmx));
3379 }
3380 break;
3381 case 0x011: /* movups */
3382 case 0x111: /* movupd */
3383 case 0x029: /* movaps */
3384 case 0x129: /* movapd */
3385 case 0x17f: /* movdqa ea, xmm */
3386 case 0x27f: /* movdqu ea, xmm */
3387 if (mod != 3) {
3388 gen_lea_modrm(env, s, modrm);
3389 gen_sto_env_A0(s, offsetof(CPUX86State, xmm_regs[reg]));
3390 } else {
3391 rm = (modrm & 7) | REX_B(s);
3392 gen_op_movo(s, offsetof(CPUX86State, xmm_regs[rm]),
3393 offsetof(CPUX86State,xmm_regs[reg]));
3394 }
3395 break;
3396 case 0x211: /* movss ea, xmm */
3397 if (mod != 3) {
3398 gen_lea_modrm(env, s, modrm);
3399 tcg_gen_ld32u_tl(s->T0, cpu_env,
3400 offsetof(CPUX86State, xmm_regs[reg].ZMM_L(0)));
3401 gen_op_st_v(s, MO_32, s->T0, s->A0);
3402 } else {
3403 rm = (modrm & 7) | REX_B(s);
3404 gen_op_movl(s, offsetof(CPUX86State, xmm_regs[rm].ZMM_L(0)),
3405 offsetof(CPUX86State,xmm_regs[reg].ZMM_L(0)));
3406 }
3407 break;
3408 case 0x311: /* movsd ea, xmm */
3409 if (mod != 3) {
3410 gen_lea_modrm(env, s, modrm);
3411 gen_stq_env_A0(s, offsetof(CPUX86State,
3412 xmm_regs[reg].ZMM_Q(0)));
3413 } else {
3414 rm = (modrm & 7) | REX_B(s);
3415 gen_op_movq(s, offsetof(CPUX86State, xmm_regs[rm].ZMM_Q(0)),
3416 offsetof(CPUX86State,xmm_regs[reg].ZMM_Q(0)));
3417 }
3418 break;
3419 case 0x013: /* movlps */
3420 case 0x113: /* movlpd */
3421 if (mod != 3) {
3422 gen_lea_modrm(env, s, modrm);
3423 gen_stq_env_A0(s, offsetof(CPUX86State,
3424 xmm_regs[reg].ZMM_Q(0)));
3425 } else {
3426 goto illegal_op;
3427 }
3428 break;
3429 case 0x017: /* movhps */
3430 case 0x117: /* movhpd */
3431 if (mod != 3) {
3432 gen_lea_modrm(env, s, modrm);
3433 gen_stq_env_A0(s, offsetof(CPUX86State,
3434 xmm_regs[reg].ZMM_Q(1)));
3435 } else {
3436 goto illegal_op;
3437 }
3438 break;
3439 case 0x71: /* shift mm, im */
3440 case 0x72:
3441 case 0x73:
3442 case 0x171: /* shift xmm, im */
3443 case 0x172:
3444 case 0x173:
3445 if (b1 >= 2) {
3446 goto unknown_op;
3447 }
3448 val = x86_ldub_code(env, s);
3449 if (is_xmm) {
3450 tcg_gen_movi_tl(s->T0, val);
3451 tcg_gen_st32_tl(s->T0, cpu_env,
3452 offsetof(CPUX86State, xmm_t0.ZMM_L(0)));
3453 tcg_gen_movi_tl(s->T0, 0);
3454 tcg_gen_st32_tl(s->T0, cpu_env,
3455 offsetof(CPUX86State, xmm_t0.ZMM_L(1)));
3456 op1_offset = offsetof(CPUX86State,xmm_t0);
3457 } else {
3458 tcg_gen_movi_tl(s->T0, val);
3459 tcg_gen_st32_tl(s->T0, cpu_env,
3460 offsetof(CPUX86State, mmx_t0.MMX_L(0)));
3461 tcg_gen_movi_tl(s->T0, 0);
3462 tcg_gen_st32_tl(s->T0, cpu_env,
3463 offsetof(CPUX86State, mmx_t0.MMX_L(1)));
3464 op1_offset = offsetof(CPUX86State,mmx_t0);
3465 }
3466 sse_fn_epp = sse_op_table2[((b - 1) & 3) * 8 +
3467 (((modrm >> 3)) & 7)][b1];
3468 if (!sse_fn_epp) {
3469 goto unknown_op;
3470 }
3471 if (is_xmm) {
3472 rm = (modrm & 7) | REX_B(s);
3473 op2_offset = offsetof(CPUX86State,xmm_regs[rm]);
3474 } else {
3475 rm = (modrm & 7);
3476 op2_offset = offsetof(CPUX86State,fpregs[rm].mmx);
3477 }
3478 tcg_gen_addi_ptr(s->ptr0, cpu_env, op2_offset);
3479 tcg_gen_addi_ptr(s->ptr1, cpu_env, op1_offset);
3480 sse_fn_epp(cpu_env, s->ptr0, s->ptr1);
3481 break;
3482 case 0x050: /* movmskps */
3483 rm = (modrm & 7) | REX_B(s);
3484 tcg_gen_addi_ptr(s->ptr0, cpu_env,
3485 offsetof(CPUX86State,xmm_regs[rm]));
3486 gen_helper_movmskps(s->tmp2_i32, cpu_env, s->ptr0);
3487 tcg_gen_extu_i32_tl(cpu_regs[reg], s->tmp2_i32);
3488 break;
3489 case 0x150: /* movmskpd */
3490 rm = (modrm & 7) | REX_B(s);
3491 tcg_gen_addi_ptr(s->ptr0, cpu_env,
3492 offsetof(CPUX86State,xmm_regs[rm]));
3493 gen_helper_movmskpd(s->tmp2_i32, cpu_env, s->ptr0);
3494 tcg_gen_extu_i32_tl(cpu_regs[reg], s->tmp2_i32);
3495 break;
3496 case 0x02a: /* cvtpi2ps */
3497 case 0x12a: /* cvtpi2pd */
3498 gen_helper_enter_mmx(cpu_env);
3499 if (mod != 3) {
3500 gen_lea_modrm(env, s, modrm);
3501 op2_offset = offsetof(CPUX86State,mmx_t0);
3502 gen_ldq_env_A0(s, op2_offset);
3503 } else {
3504 rm = (modrm & 7);
3505 op2_offset = offsetof(CPUX86State,fpregs[rm].mmx);
3506 }
3507 op1_offset = offsetof(CPUX86State,xmm_regs[reg]);
3508 tcg_gen_addi_ptr(s->ptr0, cpu_env, op1_offset);
3509 tcg_gen_addi_ptr(s->ptr1, cpu_env, op2_offset);
3510 switch(b >> 8) {
3511 case 0x0:
3512 gen_helper_cvtpi2ps(cpu_env, s->ptr0, s->ptr1);
3513 break;
3514 default:
3515 case 0x1:
3516 gen_helper_cvtpi2pd(cpu_env, s->ptr0, s->ptr1);
3517 break;
3518 }
3519 break;
3520 case 0x22a: /* cvtsi2ss */
3521 case 0x32a: /* cvtsi2sd */
3522 ot = mo_64_32(s->dflag);
3523 gen_ldst_modrm(env, s, modrm, ot, OR_TMP0, 0);
3524 op1_offset = offsetof(CPUX86State,xmm_regs[reg]);
3525 tcg_gen_addi_ptr(s->ptr0, cpu_env, op1_offset);
3526 if (ot == MO_32) {
3527 SSEFunc_0_epi sse_fn_epi = sse_op_table3ai[(b >> 8) & 1];
3528 tcg_gen_trunc_tl_i32(s->tmp2_i32, s->T0);
3529 sse_fn_epi(cpu_env, s->ptr0, s->tmp2_i32);
3530 } else {
3531 #ifdef TARGET_X86_64
3532 SSEFunc_0_epl sse_fn_epl = sse_op_table3aq[(b >> 8) & 1];
3533 sse_fn_epl(cpu_env, s->ptr0, s->T0);
3534 #else
3535 goto illegal_op;
3536 #endif
3537 }
3538 break;
3539 case 0x02c: /* cvttps2pi */
3540 case 0x12c: /* cvttpd2pi */
3541 case 0x02d: /* cvtps2pi */
3542 case 0x12d: /* cvtpd2pi */
3543 gen_helper_enter_mmx(cpu_env);
3544 if (mod != 3) {
3545 gen_lea_modrm(env, s, modrm);
3546 op2_offset = offsetof(CPUX86State,xmm_t0);
3547 gen_ldo_env_A0(s, op2_offset);
3548 } else {
3549 rm = (modrm & 7) | REX_B(s);
3550 op2_offset = offsetof(CPUX86State,xmm_regs[rm]);
3551 }
3552 op1_offset = offsetof(CPUX86State,fpregs[reg & 7].mmx);
3553 tcg_gen_addi_ptr(s->ptr0, cpu_env, op1_offset);
3554 tcg_gen_addi_ptr(s->ptr1, cpu_env, op2_offset);
3555 switch(b) {
3556 case 0x02c:
3557 gen_helper_cvttps2pi(cpu_env, s->ptr0, s->ptr1);
3558 break;
3559 case 0x12c:
3560 gen_helper_cvttpd2pi(cpu_env, s->ptr0, s->ptr1);
3561 break;
3562 case 0x02d:
3563 gen_helper_cvtps2pi(cpu_env, s->ptr0, s->ptr1);
3564 break;
3565 case 0x12d:
3566 gen_helper_cvtpd2pi(cpu_env, s->ptr0, s->ptr1);
3567 break;
3568 }
3569 break;
3570 case 0x22c: /* cvttss2si */
3571 case 0x32c: /* cvttsd2si */
3572 case 0x22d: /* cvtss2si */
3573 case 0x32d: /* cvtsd2si */
3574 ot = mo_64_32(s->dflag);
3575 if (mod != 3) {
3576 gen_lea_modrm(env, s, modrm);
3577 if ((b >> 8) & 1) {
3578 gen_ldq_env_A0(s, offsetof(CPUX86State, xmm_t0.ZMM_Q(0)));
3579 } else {
3580 gen_op_ld_v(s, MO_32, s->T0, s->A0);
3581 tcg_gen_st32_tl(s->T0, cpu_env,
3582 offsetof(CPUX86State, xmm_t0.ZMM_L(0)));
3583 }
3584 op2_offset = offsetof(CPUX86State,xmm_t0);
3585 } else {
3586 rm = (modrm & 7) | REX_B(s);
3587 op2_offset = offsetof(CPUX86State,xmm_regs[rm]);
3588 }
3589 tcg_gen_addi_ptr(s->ptr0, cpu_env, op2_offset);
3590 if (ot == MO_32) {
3591 SSEFunc_i_ep sse_fn_i_ep =
3592 sse_op_table3bi[((b >> 7) & 2) | (b & 1)];
3593 sse_fn_i_ep(s->tmp2_i32, cpu_env, s->ptr0);
3594 tcg_gen_extu_i32_tl(s->T0, s->tmp2_i32);
3595 } else {
3596 #ifdef TARGET_X86_64
3597 SSEFunc_l_ep sse_fn_l_ep =
3598 sse_op_table3bq[((b >> 7) & 2) | (b & 1)];
3599 sse_fn_l_ep(s->T0, cpu_env, s->ptr0);
3600 #else
3601 goto illegal_op;
3602 #endif
3603 }
3604 gen_op_mov_reg_v(s, ot, reg, s->T0);
3605 break;
3606 case 0xc4: /* pinsrw */
3607 case 0x1c4:
3608 s->rip_offset = 1;
3609 gen_ldst_modrm(env, s, modrm, MO_16, OR_TMP0, 0);
3610 val = x86_ldub_code(env, s);
3611 if (b1) {
3612 val &= 7;
3613 tcg_gen_st16_tl(s->T0, cpu_env,
3614 offsetof(CPUX86State,xmm_regs[reg].ZMM_W(val)));
3615 } else {
3616 val &= 3;
3617 tcg_gen_st16_tl(s->T0, cpu_env,
3618 offsetof(CPUX86State,fpregs[reg].mmx.MMX_W(val)));
3619 }
3620 break;
3621 case 0xc5: /* pextrw */
3622 case 0x1c5:
3623 if (mod != 3)
3624 goto illegal_op;
3625 ot = mo_64_32(s->dflag);
3626 val = x86_ldub_code(env, s);
3627 if (b1) {
3628 val &= 7;
3629 rm = (modrm & 7) | REX_B(s);
3630 tcg_gen_ld16u_tl(s->T0, cpu_env,
3631 offsetof(CPUX86State,xmm_regs[rm].ZMM_W(val)));
3632 } else {
3633 val &= 3;
3634 rm = (modrm & 7);
3635 tcg_gen_ld16u_tl(s->T0, cpu_env,
3636 offsetof(CPUX86State,fpregs[rm].mmx.MMX_W(val)));
3637 }
3638 reg = ((modrm >> 3) & 7) | rex_r;
3639 gen_op_mov_reg_v(s, ot, reg, s->T0);
3640 break;
3641 case 0x1d6: /* movq ea, xmm */
3642 if (mod != 3) {
3643 gen_lea_modrm(env, s, modrm);
3644 gen_stq_env_A0(s, offsetof(CPUX86State,
3645 xmm_regs[reg].ZMM_Q(0)));
3646 } else {
3647 rm = (modrm & 7) | REX_B(s);
3648 gen_op_movq(s, offsetof(CPUX86State, xmm_regs[rm].ZMM_Q(0)),
3649 offsetof(CPUX86State,xmm_regs[reg].ZMM_Q(0)));
3650 gen_op_movq_env_0(s,
3651 offsetof(CPUX86State, xmm_regs[rm].ZMM_Q(1)));
3652 }
3653 break;
3654 case 0x2d6: /* movq2dq */
3655 gen_helper_enter_mmx(cpu_env);
3656 rm = (modrm & 7);
3657 gen_op_movq(s, offsetof(CPUX86State, xmm_regs[reg].ZMM_Q(0)),
3658 offsetof(CPUX86State,fpregs[rm].mmx));
3659 gen_op_movq_env_0(s, offsetof(CPUX86State, xmm_regs[reg].ZMM_Q(1)));
3660 break;
3661 case 0x3d6: /* movdq2q */
3662 gen_helper_enter_mmx(cpu_env);
3663 rm = (modrm & 7) | REX_B(s);
3664 gen_op_movq(s, offsetof(CPUX86State, fpregs[reg & 7].mmx),
3665 offsetof(CPUX86State,xmm_regs[rm].ZMM_Q(0)));
3666 break;
3667 case 0xd7: /* pmovmskb */
3668 case 0x1d7:
3669 if (mod != 3)
3670 goto illegal_op;
3671 if (b1) {
3672 rm = (modrm & 7) | REX_B(s);
3673 tcg_gen_addi_ptr(s->ptr0, cpu_env,
3674 offsetof(CPUX86State, xmm_regs[rm]));
3675 gen_helper_pmovmskb_xmm(s->tmp2_i32, cpu_env, s->ptr0);
3676 } else {
3677 rm = (modrm & 7);
3678 tcg_gen_addi_ptr(s->ptr0, cpu_env,
3679 offsetof(CPUX86State, fpregs[rm].mmx));
3680 gen_helper_pmovmskb_mmx(s->tmp2_i32, cpu_env, s->ptr0);
3681 }
3682 reg = ((modrm >> 3) & 7) | rex_r;
3683 tcg_gen_extu_i32_tl(cpu_regs[reg], s->tmp2_i32);
3684 break;
3685
3686 case 0x138:
3687 case 0x038:
3688 b = modrm;
3689 if ((b & 0xf0) == 0xf0) {
3690 goto do_0f_38_fx;
3691 }
3692 modrm = x86_ldub_code(env, s);
3693 rm = modrm & 7;
3694 reg = ((modrm >> 3) & 7) | rex_r;
3695 mod = (modrm >> 6) & 3;
3696 if (b1 >= 2) {
3697 goto unknown_op;
3698 }
3699
3700 sse_fn_epp = sse_op_table6[b].op[b1];
3701 if (!sse_fn_epp) {
3702 goto unknown_op;
3703 }
3704 if (!(s->cpuid_ext_features & sse_op_table6[b].ext_mask))
3705 goto illegal_op;
3706
3707 if (b1) {
3708 op1_offset = offsetof(CPUX86State,xmm_regs[reg]);
3709 if (mod == 3) {
3710 op2_offset = offsetof(CPUX86State,xmm_regs[rm | REX_B(s)]);
3711 } else {
3712 op2_offset = offsetof(CPUX86State,xmm_t0);
3713 gen_lea_modrm(env, s, modrm);
3714 switch (b) {
3715 case 0x20: case 0x30: /* pmovsxbw, pmovzxbw */
3716 case 0x23: case 0x33: /* pmovsxwd, pmovzxwd */
3717 case 0x25: case 0x35: /* pmovsxdq, pmovzxdq */
3718 gen_ldq_env_A0(s, op2_offset +
3719 offsetof(ZMMReg, ZMM_Q(0)));
3720 break;
3721 case 0x21: case 0x31: /* pmovsxbd, pmovzxbd */
3722 case 0x24: case 0x34: /* pmovsxwq, pmovzxwq */
3723 tcg_gen_qemu_ld_i32(s->tmp2_i32, s->A0,
3724 s->mem_index, MO_LEUL);
3725 tcg_gen_st_i32(s->tmp2_i32, cpu_env, op2_offset +
3726 offsetof(ZMMReg, ZMM_L(0)));
3727 break;
3728 case 0x22: case 0x32: /* pmovsxbq, pmovzxbq */
3729 tcg_gen_qemu_ld_tl(s->tmp0, s->A0,
3730 s->mem_index, MO_LEUW);
3731 tcg_gen_st16_tl(s->tmp0, cpu_env, op2_offset +
3732 offsetof(ZMMReg, ZMM_W(0)));
3733 break;
3734 case 0x2a: /* movntqda */
3735 gen_ldo_env_A0(s, op1_offset);
3736 return;
3737 default:
3738 gen_ldo_env_A0(s, op2_offset);
3739 }
3740 }
3741 } else {
3742 op1_offset = offsetof(CPUX86State,fpregs[reg].mmx);
3743 if (mod == 3) {
3744 op2_offset = offsetof(CPUX86State,fpregs[rm].mmx);
3745 } else {
3746 op2_offset = offsetof(CPUX86State,mmx_t0);
3747 gen_lea_modrm(env, s, modrm);
3748 gen_ldq_env_A0(s, op2_offset);
3749 }
3750 }
3751 if (sse_fn_epp == SSE_SPECIAL) {
3752 goto unknown_op;
3753 }
3754
3755 tcg_gen_addi_ptr(s->ptr0, cpu_env, op1_offset);
3756 tcg_gen_addi_ptr(s->ptr1, cpu_env, op2_offset);
3757 sse_fn_epp(cpu_env, s->ptr0, s->ptr1);
3758
3759 if (b == 0x17) {
3760 set_cc_op(s, CC_OP_EFLAGS);
3761 }
3762 break;
3763
3764 case 0x238:
3765 case 0x338:
3766 do_0f_38_fx:
3767 /* Various integer extensions at 0f 38 f[0-f]. */
3768 b = modrm | (b1 << 8);
3769 modrm = x86_ldub_code(env, s);
3770 reg = ((modrm >> 3) & 7) | rex_r;
3771
3772 switch (b) {
3773 case 0x3f0: /* crc32 Gd,Eb */
3774 case 0x3f1: /* crc32 Gd,Ey */
3775 do_crc32:
3776 if (!(s->cpuid_ext_features & CPUID_EXT_SSE42)) {
3777 goto illegal_op;
3778 }
3779 if ((b & 0xff) == 0xf0) {
3780 ot = MO_8;
3781 } else if (s->dflag != MO_64) {
3782 ot = (s->prefix & PREFIX_DATA ? MO_16 : MO_32);
3783 } else {
3784 ot = MO_64;
3785 }
3786
3787 tcg_gen_trunc_tl_i32(s->tmp2_i32, cpu_regs[reg]);
3788 gen_ldst_modrm(env, s, modrm, ot, OR_TMP0, 0);
3789 gen_helper_crc32(s->T0, s->tmp2_i32,
3790 s->T0, tcg_const_i32(8 << ot));
3791
3792 ot = mo_64_32(s->dflag);
3793 gen_op_mov_reg_v(s, ot, reg, s->T0);
3794 break;
3795
3796 case 0x1f0: /* crc32 or movbe */
3797 case 0x1f1:
3798 /* For these insns, the f3 prefix is supposed to have priority
3799 over the 66 prefix, but that's not what we implement above
3800 setting b1. */
3801 if (s->prefix & PREFIX_REPNZ) {
3802 goto do_crc32;
3803 }
3804 /* FALLTHRU */
3805 case 0x0f0: /* movbe Gy,My */
3806 case 0x0f1: /* movbe My,Gy */
3807 if (!(s->cpuid_ext_features & CPUID_EXT_MOVBE)) {
3808 goto illegal_op;
3809 }
3810 if (s->dflag != MO_64) {
3811 ot = (s->prefix & PREFIX_DATA ? MO_16 : MO_32);
3812 } else {
3813 ot = MO_64;
3814 }
3815
3816 gen_lea_modrm(env, s, modrm);
3817 if ((b & 1) == 0) {
3818 tcg_gen_qemu_ld_tl(s->T0, s->A0,
3819 s->mem_index, ot | MO_BE);
3820 gen_op_mov_reg_v(s, ot, reg, s->T0);
3821 } else {
3822 tcg_gen_qemu_st_tl(cpu_regs[reg], s->A0,
3823 s->mem_index, ot | MO_BE);
3824 }
3825 break;
3826
3827 case 0x0f2: /* andn Gy, By, Ey */
3828 if (!(s->cpuid_7_0_ebx_features & CPUID_7_0_EBX_BMI1)
3829 || !(s->prefix & PREFIX_VEX)
3830 || s->vex_l != 0) {
3831 goto illegal_op;
3832 }
3833 ot = mo_64_32(s->dflag);
3834 gen_ldst_modrm(env, s, modrm, ot, OR_TMP0, 0);
3835 tcg_gen_andc_tl(s->T0, s->T0, cpu_regs[s->vex_v]);
3836 gen_op_mov_reg_v(s, ot, reg, s->T0);
3837 gen_op_update1_cc(s);
3838 set_cc_op(s, CC_OP_LOGICB + ot);
3839 break;
3840
3841 case 0x0f7: /* bextr Gy, Ey, By */
3842 if (!(s->cpuid_7_0_ebx_features & CPUID_7_0_EBX_BMI1)
3843 || !(s->prefix & PREFIX_VEX)
3844 || s->vex_l != 0) {
3845 goto illegal_op;
3846 }
3847 ot = mo_64_32(s->dflag);
3848 {
3849 TCGv bound, zero;
3850
3851 gen_ldst_modrm(env, s, modrm, ot, OR_TMP0, 0);
3852 /* Extract START, and shift the operand.
3853 Shifts larger than operand size get zeros. */
3854 tcg_gen_ext8u_tl(s->A0, cpu_regs[s->vex_v]);
3855 tcg_gen_shr_tl(s->T0, s->T0, s->A0);
3856
3857 bound = tcg_const_tl(ot == MO_64 ? 63 : 31);
3858 zero = tcg_const_tl(0);
3859 tcg_gen_movcond_tl(TCG_COND_LEU, s->T0, s->A0, bound,
3860 s->T0, zero);
3861 tcg_temp_free(zero);
3862
3863 /* Extract the LEN into a mask. Lengths larger than
3864 operand size get all ones. */
3865 tcg_gen_extract_tl(s->A0, cpu_regs[s->vex_v], 8, 8);
3866 tcg_gen_movcond_tl(TCG_COND_LEU, s->A0, s->A0, bound,
3867 s->A0, bound);
3868 tcg_temp_free(bound);
3869 tcg_gen_movi_tl(s->T1, 1);
3870 tcg_gen_shl_tl(s->T1, s->T1, s->A0);
3871 tcg_gen_subi_tl(s->T1, s->T1, 1);
3872 tcg_gen_and_tl(s->T0, s->T0, s->T1);
3873
3874 gen_op_mov_reg_v(s, ot, reg, s->T0);
3875 gen_op_update1_cc(s);
3876 set_cc_op(s, CC_OP_LOGICB + ot);
3877 }
3878 break;
3879
3880 case 0x0f5: /* bzhi Gy, Ey, By */
3881 if (!(s->cpuid_7_0_ebx_features & CPUID_7_0_EBX_BMI2)
3882 || !(s->prefix & PREFIX_VEX)
3883 || s->vex_l != 0) {
3884 goto illegal_op;
3885 }
3886 ot = mo_64_32(s->dflag);
3887 gen_ldst_modrm(env, s, modrm, ot, OR_TMP0, 0);
3888 tcg_gen_ext8u_tl(s->T1, cpu_regs[s->vex_v]);
3889 {
3890 TCGv bound = tcg_const_tl(ot == MO_64 ? 63 : 31);
3891 /* Note that since we're using BMILG (in order to get O
3892 cleared) we need to store the inverse into C. */
3893 tcg_gen_setcond_tl(TCG_COND_LT, cpu_cc_src,
3894 s->T1, bound);
3895 tcg_gen_movcond_tl(TCG_COND_GT, s->T1, s->T1,
3896 bound, bound, s->T1);
3897 tcg_temp_free(bound);
3898 }
3899 tcg_gen_movi_tl(s->A0, -1);
3900 tcg_gen_shl_tl(s->A0, s->A0, s->T1);
3901 tcg_gen_andc_tl(s->T0, s->T0, s->A0);
3902 gen_op_mov_reg_v(s, ot, reg, s->T0);
3903 gen_op_update1_cc(s);
3904 set_cc_op(s, CC_OP_BMILGB + ot);
3905 break;
3906
3907 case 0x3f6: /* mulx By, Gy, rdx, Ey */
3908 if (!(s->cpuid_7_0_ebx_features & CPUID_7_0_EBX_BMI2)
3909 || !(s->prefix & PREFIX_VEX)
3910 || s->vex_l != 0) {
3911 goto illegal_op;
3912 }
3913 ot = mo_64_32(s->dflag);
3914 gen_ldst_modrm(env, s, modrm, ot, OR_TMP0, 0);
3915 switch (ot) {
3916 default:
3917 tcg_gen_trunc_tl_i32(s->tmp2_i32, s->T0);
3918 tcg_gen_trunc_tl_i32(s->tmp3_i32, cpu_regs[R_EDX]);
3919 tcg_gen_mulu2_i32(s->tmp2_i32, s->tmp3_i32,
3920 s->tmp2_i32, s->tmp3_i32);
3921 tcg_gen_extu_i32_tl(cpu_regs[s->vex_v], s->tmp2_i32);
3922 tcg_gen_extu_i32_tl(cpu_regs[reg], s->tmp3_i32);
3923 break;
3924 #ifdef TARGET_X86_64
3925 case MO_64:
3926 tcg_gen_mulu2_i64(s->T0, s->T1,
3927 s->T0, cpu_regs[R_EDX]);
3928 tcg_gen_mov_i64(cpu_regs[s->vex_v], s->T0);
3929 tcg_gen_mov_i64(cpu_regs[reg], s->T1);
3930 break;
3931 #endif
3932 }
3933 break;
3934
3935 case 0x3f5: /* pdep Gy, By, Ey */
3936 if (!(s->cpuid_7_0_ebx_features & CPUID_7_0_EBX_BMI2)
3937 || !(s->prefix & PREFIX_VEX)
3938 || s->vex_l != 0) {
3939 goto illegal_op;
3940 }
3941 ot = mo_64_32(s->dflag);
3942 gen_ldst_modrm(env, s, modrm, ot, OR_TMP0, 0);
3943 /* Note that by zero-extending the source operand, we
3944 automatically handle zero-extending the result. */
3945 if (ot == MO_64) {
3946 tcg_gen_mov_tl(s->T1, cpu_regs[s->vex_v]);
3947 } else {
3948 tcg_gen_ext32u_tl(s->T1, cpu_regs[s->vex_v]);
3949 }
3950 gen_helper_pdep(cpu_regs[reg], s->T1, s->T0);
3951 break;
3952
3953 case 0x2f5: /* pext Gy, By, Ey */
3954 if (!(s->cpuid_7_0_ebx_features & CPUID_7_0_EBX_BMI2)
3955 || !(s->prefix & PREFIX_VEX)
3956 || s->vex_l != 0) {
3957 goto illegal_op;
3958 }
3959 ot = mo_64_32(s->dflag);
3960 gen_ldst_modrm(env, s, modrm, ot, OR_TMP0, 0);
3961 /* Note that by zero-extending the source operand, we
3962 automatically handle zero-extending the result. */
3963 if (ot == MO_64) {
3964 tcg_gen_mov_tl(s->T1, cpu_regs[s->vex_v]);
3965 } else {
3966 tcg_gen_ext32u_tl(s->T1, cpu_regs[s->vex_v]);
3967 }
3968 gen_helper_pext(cpu_regs[reg], s->T1, s->T0);
3969 break;
3970
3971 case 0x1f6: /* adcx Gy, Ey */
3972 case 0x2f6: /* adox Gy, Ey */
3973 if (!(s->cpuid_7_0_ebx_features & CPUID_7_0_EBX_ADX)) {
3974 goto illegal_op;
3975 } else {
3976 TCGv carry_in, carry_out, zero;
3977 int end_op;
3978
3979 ot = mo_64_32(s->dflag);
3980 gen_ldst_modrm(env, s, modrm, ot, OR_TMP0, 0);
3981
3982 /* Re-use the carry-out from a previous round. */
3983 carry_in = NULL;
3984 carry_out = (b == 0x1f6 ? cpu_cc_dst : cpu_cc_src2);
3985 switch (s->cc_op) {
3986 case CC_OP_ADCX:
3987 if (b == 0x1f6) {
3988 carry_in = cpu_cc_dst;
3989 end_op = CC_OP_ADCX;
3990 } else {
3991 end_op = CC_OP_ADCOX;
3992 }
3993 break;
3994 case CC_OP_ADOX:
3995 if (b == 0x1f6) {
3996 end_op = CC_OP_ADCOX;
3997 } else {
3998 carry_in = cpu_cc_src2;
3999 end_op = CC_OP_ADOX;
4000 }
4001 break;
4002 case CC_OP_ADCOX:
4003 end_op = CC_OP_ADCOX;
4004 carry_in = carry_out;
4005 break;
4006 default:
4007 end_op = (b == 0x1f6 ? CC_OP_ADCX : CC_OP_ADOX);
4008 break;
4009 }
4010 /* If we can't reuse carry-out, get it out of EFLAGS. */
4011 if (!carry_in) {
4012 if (s->cc_op != CC_OP_ADCX && s->cc_op != CC_OP_ADOX) {
4013 gen_compute_eflags(s);
4014 }
4015 carry_in = s->tmp0;
4016 tcg_gen_extract_tl(carry_in, cpu_cc_src,
4017 ctz32(b == 0x1f6 ? CC_C : CC_O), 1);
4018 }
4019
4020 switch (ot) {
4021 #ifdef TARGET_X86_64
4022 case MO_32:
4023 /* If we know TL is 64-bit, and we want a 32-bit
4024 result, just do everything in 64-bit arithmetic. */
4025 tcg_gen_ext32u_i64(cpu_regs[reg], cpu_regs[reg]);
4026 tcg_gen_ext32u_i64(s->T0, s->T0);
4027 tcg_gen_add_i64(s->T0, s->T0, cpu_regs[reg]);
4028 tcg_gen_add_i64(s->T0, s->T0, carry_in);
4029 tcg_gen_ext32u_i64(cpu_regs[reg], s->T0);
4030 tcg_gen_shri_i64(carry_out, s->T0, 32);
4031 break;
4032 #endif
4033 default:
4034 /* Otherwise compute the carry-out in two steps. */
4035 zero = tcg_const_tl(0);
4036 tcg_gen_add2_tl(s->T0, carry_out,
4037 s->T0, zero,
4038 carry_in, zero);
4039 tcg_gen_add2_tl(cpu_regs[reg], carry_out,
4040 cpu_regs[reg], carry_out,
4041 s->T0, zero);
4042 tcg_temp_free(zero);
4043 break;
4044 }
4045 set_cc_op(s, end_op);
4046 }
4047 break;
4048
4049 case 0x1f7: /* shlx Gy, Ey, By */
4050 case 0x2f7: /* sarx Gy, Ey, By */
4051 case 0x3f7: /* shrx Gy, Ey, By */
4052 if (!(s->cpuid_7_0_ebx_features & CPUID_7_0_EBX_BMI2)
4053 || !(s->prefix & PREFIX_VEX)
4054 || s->vex_l != 0) {
4055 goto illegal_op;
4056 }
4057 ot = mo_64_32(s->dflag);
4058 gen_ldst_modrm(env, s, modrm, ot, OR_TMP0, 0);
4059 if (ot == MO_64) {
4060 tcg_gen_andi_tl(s->T1, cpu_regs[s->vex_v], 63);
4061 } else {
4062 tcg_gen_andi_tl(s->T1, cpu_regs[s->vex_v], 31);
4063 }
4064 if (b == 0x1f7) {
4065 tcg_gen_shl_tl(s->T0, s->T0, s->T1);
4066 } else if (b == 0x2f7) {
4067 if (ot != MO_64) {
4068 tcg_gen_ext32s_tl(s->T0, s->T0);
4069 }
4070 tcg_gen_sar_tl(s->T0, s->T0, s->T1);
4071 } else {
4072 if (ot != MO_64) {
4073 tcg_gen_ext32u_tl(s->T0, s->T0);
4074 }
4075 tcg_gen_shr_tl(s->T0, s->T0, s->T1);
4076 }
4077 gen_op_mov_reg_v(s, ot, reg, s->T0);
4078 break;
4079
4080 case 0x0f3:
4081 case 0x1f3:
4082 case 0x2f3:
4083 case 0x3f3: /* Group 17 */
4084 if (!(s->cpuid_7_0_ebx_features & CPUID_7_0_EBX_BMI1)
4085 || !(s->prefix & PREFIX_VEX)
4086 || s->vex_l != 0) {
4087 goto illegal_op;
4088 }
4089 ot = mo_64_32(s->dflag);
4090 gen_ldst_modrm(env, s, modrm, ot, OR_TMP0, 0);
4091
4092 tcg_gen_mov_tl(cpu_cc_src, s->T0);
4093 switch (reg & 7) {
4094 case 1: /* blsr By,Ey */
4095 tcg_gen_subi_tl(s->T1, s->T0, 1);
4096 tcg_gen_and_tl(s->T0, s->T0, s->T1);
4097 break;
4098 case 2: /* blsmsk By,Ey */
4099 tcg_gen_subi_tl(s->T1, s->T0, 1);
4100 tcg_gen_xor_tl(s->T0, s->T0, s->T1);
4101 break;
4102 case 3: /* blsi By, Ey */
4103 tcg_gen_neg_tl(s->T1, s->T0);
4104 tcg_gen_and_tl(s->T0, s->T0, s->T1);
4105 break;
4106 default:
4107 goto unknown_op;
4108 }
4109 tcg_gen_mov_tl(cpu_cc_dst, s->T0);
4110 gen_op_mov_reg_v(s, ot, s->vex_v, s->T0);
4111 set_cc_op(s, CC_OP_BMILGB + ot);
4112 break;
4113
4114 default:
4115 goto unknown_op;
4116 }
4117 break;
4118
4119 case 0x03a:
4120 case 0x13a:
4121 b = modrm;
4122 modrm = x86_ldub_code(env, s);
4123 rm = modrm & 7;
4124 reg = ((modrm >> 3) & 7) | rex_r;
4125 mod = (modrm >> 6) & 3;
4126 if (b1 >= 2) {
4127 goto unknown_op;
4128 }
4129
4130 sse_fn_eppi = sse_op_table7[b].op[b1];
4131 if (!sse_fn_eppi) {
4132 goto unknown_op;
4133 }
4134 if (!(s->cpuid_ext_features & sse_op_table7[b].ext_mask))
4135 goto illegal_op;
4136
4137 s->rip_offset = 1;
4138
4139 if (sse_fn_eppi == SSE_SPECIAL) {
4140 ot = mo_64_32(s->dflag);
4141 rm = (modrm & 7) | REX_B(s);
4142 if (mod != 3)
4143 gen_lea_modrm(env, s, modrm);
4144 reg = ((modrm >> 3) & 7) | rex_r;
4145 val = x86_ldub_code(env, s);
4146 switch (b) {
4147 case 0x14: /* pextrb */
4148 tcg_gen_ld8u_tl(s->T0, cpu_env, offsetof(CPUX86State,
4149 xmm_regs[reg].ZMM_B(val & 15)));
4150 if (mod == 3) {
4151 gen_op_mov_reg_v(s, ot, rm, s->T0);
4152 } else {
4153 tcg_gen_qemu_st_tl(s->T0, s->A0,
4154 s->mem_index, MO_UB);
4155 }
4156 break;
4157 case 0x15: /* pextrw */
4158 tcg_gen_ld16u_tl(s->T0, cpu_env, offsetof(CPUX86State,
4159 xmm_regs[reg].ZMM_W(val & 7)));
4160 if (mod == 3) {
4161 gen_op_mov_reg_v(s, ot, rm, s->T0);
4162 } else {
4163 tcg_gen_qemu_st_tl(s->T0, s->A0,
4164 s->mem_index, MO_LEUW);
4165 }
4166 break;
4167 case 0x16:
4168 if (ot == MO_32) { /* pextrd */
4169 tcg_gen_ld_i32(s->tmp2_i32, cpu_env,
4170 offsetof(CPUX86State,
4171 xmm_regs[reg].ZMM_L(val & 3)));
4172 if (mod == 3) {
4173 tcg_gen_extu_i32_tl(cpu_regs[rm], s->tmp2_i32);
4174 } else {
4175 tcg_gen_qemu_st_i32(s->tmp2_i32, s->A0,
4176 s->mem_index, MO_LEUL);
4177 }
4178 } else { /* pextrq */
4179 #ifdef TARGET_X86_64
4180 tcg_gen_ld_i64(s->tmp1_i64, cpu_env,
4181 offsetof(CPUX86State,
4182 xmm_regs[reg].ZMM_Q(val & 1)));
4183 if (mod == 3) {
4184 tcg_gen_mov_i64(cpu_regs[rm], s->tmp1_i64);
4185 } else {
4186 tcg_gen_qemu_st_i64(s->tmp1_i64, s->A0,
4187 s->mem_index, MO_LEQ);
4188 }
4189 #else
4190 goto illegal_op;
4191 #endif
4192 }
4193 break;
4194 case 0x17: /* extractps */
4195 tcg_gen_ld32u_tl(s->T0, cpu_env, offsetof(CPUX86State,
4196 xmm_regs[reg].ZMM_L(val & 3)));
4197 if (mod == 3) {
4198 gen_op_mov_reg_v(s, ot, rm, s->T0);
4199 } else {
4200 tcg_gen_qemu_st_tl(s->T0, s->A0,
4201 s->mem_index, MO_LEUL);
4202 }
4203 break;
4204 case 0x20: /* pinsrb */
4205 if (mod == 3) {
4206 gen_op_mov_v_reg(s, MO_32, s->T0, rm);
4207 } else {
4208 tcg_gen_qemu_ld_tl(s->T0, s->A0,
4209 s->mem_index, MO_UB);
4210 }
4211 tcg_gen_st8_tl(s->T0, cpu_env, offsetof(CPUX86State,
4212 xmm_regs[reg].ZMM_B(val & 15)));
4213 break;
4214 case 0x21: /* insertps */
4215 if (mod == 3) {
4216 tcg_gen_ld_i32(s->tmp2_i32, cpu_env,
4217 offsetof(CPUX86State,xmm_regs[rm]
4218 .ZMM_L((val >> 6) & 3)));
4219 } else {
4220 tcg_gen_qemu_ld_i32(s->tmp2_i32, s->A0,
4221 s->mem_index, MO_LEUL);
4222 }
4223 tcg_gen_st_i32(s->tmp2_i32, cpu_env,
4224 offsetof(CPUX86State,xmm_regs[reg]
4225 .ZMM_L((val >> 4) & 3)));
4226 if ((val >> 0) & 1)
4227 tcg_gen_st_i32(tcg_const_i32(0 /*float32_zero*/),
4228 cpu_env, offsetof(CPUX86State,
4229 xmm_regs[reg].ZMM_L(0)));
4230 if ((val >> 1) & 1)
4231 tcg_gen_st_i32(tcg_const_i32(0 /*float32_zero*/),
4232 cpu_env, offsetof(CPUX86State,
4233 xmm_regs[reg].ZMM_L(1)));
4234 if ((val >> 2) & 1)
4235 tcg_gen_st_i32(tcg_const_i32(0 /*float32_zero*/),
4236 cpu_env, offsetof(CPUX86State,
4237 xmm_regs[reg].ZMM_L(2)));
4238 if ((val >> 3) & 1)
4239 tcg_gen_st_i32(tcg_const_i32(0 /*float32_zero*/),
4240 cpu_env, offsetof(CPUX86State,
4241 xmm_regs[reg].ZMM_L(3)));
4242 break;
4243 case 0x22:
4244 if (ot == MO_32) { /* pinsrd */
4245 if (mod == 3) {
4246 tcg_gen_trunc_tl_i32(s->tmp2_i32, cpu_regs[rm]);
4247 } else {
4248 tcg_gen_qemu_ld_i32(s->tmp2_i32, s->A0,
4249 s->mem_index, MO_LEUL);
4250 }
4251 tcg_gen_st_i32(s->tmp2_i32, cpu_env,
4252 offsetof(CPUX86State,
4253 xmm_regs[reg].ZMM_L(val & 3)));
4254 } else { /* pinsrq */
4255 #ifdef TARGET_X86_64
4256 if (mod == 3) {
4257 gen_op_mov_v_reg(s, ot, s->tmp1_i64, rm);
4258 } else {
4259 tcg_gen_qemu_ld_i64(s->tmp1_i64, s->A0,
4260 s->mem_index, MO_LEQ);
4261 }
4262 tcg_gen_st_i64(s->tmp1_i64, cpu_env,
4263 offsetof(CPUX86State,
4264 xmm_regs[reg].ZMM_Q(val & 1)));
4265 #else
4266 goto illegal_op;
4267 #endif
4268 }
4269 break;
4270 }
4271 return;
4272 }
4273
4274 if (b1) {
4275 op1_offset = offsetof(CPUX86State,xmm_regs[reg]);
4276 if (mod == 3) {
4277 op2_offset = offsetof(CPUX86State,xmm_regs[rm | REX_B(s)]);
4278 } else {
4279 op2_offset = offsetof(CPUX86State,xmm_t0);
4280 gen_lea_modrm(env, s, modrm);
4281 gen_ldo_env_A0(s, op2_offset);
4282 }
4283 } else {
4284 op1_offset = offsetof(CPUX86State,fpregs[reg].mmx);
4285 if (mod == 3) {
4286 op2_offset = offsetof(CPUX86State,fpregs[rm].mmx);
4287 } else {
4288 op2_offset = offsetof(CPUX86State,mmx_t0);
4289 gen_lea_modrm(env, s, modrm);
4290 gen_ldq_env_A0(s, op2_offset);
4291 }
4292 }
4293 val = x86_ldub_code(env, s);
4294
4295 if ((b & 0xfc) == 0x60) { /* pcmpXstrX */
4296 set_cc_op(s, CC_OP_EFLAGS);
4297
4298 if (s->dflag == MO_64) {
4299 /* The helper must use entire 64-bit gp registers */
4300 val |= 1 << 8;
4301 }
4302 }
4303
4304 tcg_gen_addi_ptr(s->ptr0, cpu_env, op1_offset);
4305 tcg_gen_addi_ptr(s->ptr1, cpu_env, op2_offset);
4306 sse_fn_eppi(cpu_env, s->ptr0, s->ptr1, tcg_const_i32(val));
4307 break;
4308
4309 case 0x33a:
4310 /* Various integer extensions at 0f 3a f[0-f]. */
4311 b = modrm | (b1 << 8);
4312 modrm = x86_ldub_code(env, s);
4313 reg = ((modrm >> 3) & 7) | rex_r;
4314
4315 switch (b) {
4316 case 0x3f0: /* rorx Gy,Ey, Ib */
4317 if (!(s->cpuid_7_0_ebx_features & CPUID_7_0_EBX_BMI2)
4318 || !(s->prefix & PREFIX_VEX)
4319 || s->vex_l != 0) {
4320 goto illegal_op;
4321 }
4322 ot = mo_64_32(s->dflag);
4323 gen_ldst_modrm(env, s, modrm, ot, OR_TMP0, 0);
4324 b = x86_ldub_code(env, s);
4325 if (ot == MO_64) {
4326 tcg_gen_rotri_tl(s->T0, s->T0, b & 63);
4327 } else {
4328 tcg_gen_trunc_tl_i32(s->tmp2_i32, s->T0);
4329 tcg_gen_rotri_i32(s->tmp2_i32, s->tmp2_i32, b & 31);
4330 tcg_gen_extu_i32_tl(s->T0, s->tmp2_i32);
4331 }
4332 gen_op_mov_reg_v(s, ot, reg, s->T0);
4333 break;
4334
4335 default:
4336 goto unknown_op;
4337 }
4338 break;
4339
4340 default:
4341 unknown_op:
4342 gen_unknown_opcode(env, s);
4343 return;
4344 }
4345 } else {
4346 /* generic MMX or SSE operation */
4347 switch(b) {
4348 case 0x70: /* pshufx insn */
4349 case 0xc6: /* pshufx insn */
4350 case 0xc2: /* compare insns */
4351 s->rip_offset = 1;
4352 break;
4353 default:
4354 break;
4355 }
4356 if (is_xmm) {
4357 op1_offset = offsetof(CPUX86State,xmm_regs[reg]);
4358 if (mod != 3) {
4359 int sz = 4;
4360
4361 gen_lea_modrm(env, s, modrm);
4362 op2_offset = offsetof(CPUX86State,xmm_t0);
4363
4364 switch (b) {
4365 case 0x50 ... 0x5a:
4366 case 0x5c ... 0x5f:
4367 case 0xc2:
4368 /* Most sse scalar operations. */
4369 if (b1 == 2) {
4370 sz = 2;
4371 } else if (b1 == 3) {
4372 sz = 3;
4373 }
4374 break;
4375
4376 case 0x2e: /* ucomis[sd] */
4377 case 0x2f: /* comis[sd] */
4378 if (b1 == 0) {
4379 sz = 2;
4380 } else {
4381 sz = 3;
4382 }
4383 break;
4384 }
4385
4386 switch (sz) {
4387 case 2:
4388 /* 32 bit access */
4389 gen_op_ld_v(s, MO_32, s->T0, s->A0);
4390 tcg_gen_st32_tl(s->T0, cpu_env,
4391 offsetof(CPUX86State,xmm_t0.ZMM_L(0)));
4392 break;
4393 case 3:
4394 /* 64 bit access */
4395 gen_ldq_env_A0(s, offsetof(CPUX86State, xmm_t0.ZMM_D(0)));
4396 break;
4397 default:
4398 /* 128 bit access */
4399 gen_ldo_env_A0(s, op2_offset);
4400 break;
4401 }
4402 } else {
4403 rm = (modrm & 7) | REX_B(s);
4404 op2_offset = offsetof(CPUX86State,xmm_regs[rm]);
4405 }
4406 } else {
4407 op1_offset = offsetof(CPUX86State,fpregs[reg].mmx);
4408 if (mod != 3) {
4409 gen_lea_modrm(env, s, modrm);
4410 op2_offset = offsetof(CPUX86State,mmx_t0);
4411 gen_ldq_env_A0(s, op2_offset);
4412 } else {
4413 rm = (modrm & 7);
4414 op2_offset = offsetof(CPUX86State,fpregs[rm].mmx);
4415 }
4416 }
4417 switch(b) {
4418 case 0x0f: /* 3DNow! data insns */
4419 val = x86_ldub_code(env, s);
4420 sse_fn_epp = sse_op_table5[val];
4421 if (!sse_fn_epp) {
4422 goto unknown_op;
4423 }
4424 if (!(s->cpuid_ext2_features & CPUID_EXT2_3DNOW)) {
4425 goto illegal_op;
4426 }
4427 tcg_gen_addi_ptr(s->ptr0, cpu_env, op1_offset);
4428 tcg_gen_addi_ptr(s->ptr1, cpu_env, op2_offset);
4429 sse_fn_epp(cpu_env, s->ptr0, s->ptr1);
4430 break;
4431 case 0x70: /* pshufx insn */
4432 case 0xc6: /* pshufx insn */
4433 val = x86_ldub_code(env, s);
4434 tcg_gen_addi_ptr(s->ptr0, cpu_env, op1_offset);
4435 tcg_gen_addi_ptr(s->ptr1, cpu_env, op2_offset);
4436 /* XXX: introduce a new table? */
4437 sse_fn_ppi = (SSEFunc_0_ppi)sse_fn_epp;
4438 sse_fn_ppi(s->ptr0, s->ptr1, tcg_const_i32(val));
4439 break;
4440 case 0xc2:
4441 /* compare insns */
4442 val = x86_ldub_code(env, s);
4443 if (val >= 8)
4444 goto unknown_op;
4445 sse_fn_epp = sse_op_table4[val][b1];
4446
4447 tcg_gen_addi_ptr(s->ptr0, cpu_env, op1_offset);
4448 tcg_gen_addi_ptr(s->ptr1, cpu_env, op2_offset);
4449 sse_fn_epp(cpu_env, s->ptr0, s->ptr1);
4450 break;
4451 case 0xf7:
4452 /* maskmov : we must prepare A0 */
4453 if (mod != 3)
4454 goto illegal_op;
4455 tcg_gen_mov_tl(s->A0, cpu_regs[R_EDI]);
4456 gen_extu(s->aflag, s->A0);
4457 gen_add_A0_ds_seg(s);
4458
4459 tcg_gen_addi_ptr(s->ptr0, cpu_env, op1_offset);
4460 tcg_gen_addi_ptr(s->ptr1, cpu_env, op2_offset);
4461 /* XXX: introduce a new table? */
4462 sse_fn_eppt = (SSEFunc_0_eppt)sse_fn_epp;
4463 sse_fn_eppt(cpu_env, s->ptr0, s->ptr1, s->A0);
4464 break;
4465 default:
4466 tcg_gen_addi_ptr(s->ptr0, cpu_env, op1_offset);
4467 tcg_gen_addi_ptr(s->ptr1, cpu_env, op2_offset);
4468 sse_fn_epp(cpu_env, s->ptr0, s->ptr1);
4469 break;
4470 }
4471 if (b == 0x2e || b == 0x2f) {
4472 set_cc_op(s, CC_OP_EFLAGS);
4473 }
4474 }
4475 }
4476
4477 /* convert one instruction. s->base.is_jmp is set if the translation must
4478 be stopped. Return the next pc value */
4479 static target_ulong disas_insn(DisasContext *s, CPUState *cpu)
4480 {
4481 CPUX86State *env = cpu->env_ptr;
4482 int b, prefixes;
4483 int shift;
4484 MemOp ot, aflag, dflag;
4485 int modrm, reg, rm, mod, op, opreg, val;
4486 target_ulong next_eip, tval;
4487 int rex_w, rex_r;
4488 target_ulong pc_start = s->base.pc_next;
4489
4490 s->pc_start = s->pc = pc_start;
4491 s->override = -1;
4492 #ifdef TARGET_X86_64
4493 s->rex_x = 0;
4494 s->rex_b = 0;
4495 s->x86_64_hregs = false;
4496 #endif
4497 s->rip_offset = 0; /* for relative ip address */
4498 s->vex_l = 0;
4499 s->vex_v = 0;
4500 if (sigsetjmp(s->jmpbuf, 0) != 0) {
4501 gen_exception(s, EXCP0D_GPF, pc_start - s->cs_base);
4502 return s->pc;
4503 }
4504
4505 prefixes = 0;
4506 rex_w = -1;
4507 rex_r = 0;
4508
4509 next_byte:
4510 b = x86_ldub_code(env, s);
4511 /* Collect prefixes. */
4512 switch (b) {
4513 case 0xf3:
4514 prefixes |= PREFIX_REPZ;
4515 goto next_byte;
4516 case 0xf2:
4517 prefixes |= PREFIX_REPNZ;
4518 goto next_byte;
4519 case 0xf0:
4520 prefixes |= PREFIX_LOCK;
4521 goto next_byte;
4522 case 0x2e:
4523 s->override = R_CS;
4524 goto next_byte;
4525 case 0x36:
4526 s->override = R_SS;
4527 goto next_byte;
4528 case 0x3e:
4529 s->override = R_DS;
4530 goto next_byte;
4531 case 0x26:
4532 s->override = R_ES;
4533 goto next_byte;
4534 case 0x64:
4535 s->override = R_FS;
4536 goto next_byte;
4537 case 0x65:
4538 s->override = R_GS;
4539 goto next_byte;
4540 case 0x66:
4541 prefixes |= PREFIX_DATA;
4542 goto next_byte;
4543 case 0x67:
4544 prefixes |= PREFIX_ADR;
4545 goto next_byte;
4546 #ifdef TARGET_X86_64
4547 case 0x40 ... 0x4f:
4548 if (CODE64(s)) {
4549 /* REX prefix */
4550 rex_w = (b >> 3) & 1;
4551 rex_r = (b & 0x4) << 1;
4552 s->rex_x = (b & 0x2) << 2;
4553 REX_B(s) = (b & 0x1) << 3;
4554 /* select uniform byte register addressing */
4555 s->x86_64_hregs = true;
4556 goto next_byte;
4557 }
4558 break;
4559 #endif
4560 case 0xc5: /* 2-byte VEX */
4561 case 0xc4: /* 3-byte VEX */
4562 /* VEX prefixes cannot be used except in 32-bit mode.
4563 Otherwise the instruction is LES or LDS. */
4564 if (s->code32 && !s->vm86) {
4565 static const int pp_prefix[4] = {
4566 0, PREFIX_DATA, PREFIX_REPZ, PREFIX_REPNZ
4567 };
4568 int vex3, vex2 = x86_ldub_code(env, s);
4569
4570 if (!CODE64(s) && (vex2 & 0xc0) != 0xc0) {
4571 /* 4.1.4.6: In 32-bit mode, bits [7:6] must be 11b,
4572 otherwise the instruction is LES or LDS. */
4573 s->pc--; /* rewind the advance_pc() x86_ldub_code() did */
4574 break;
4575 }
4576
4577 /* 4.1.1-4.1.3: No preceding lock, 66, f2, f3, or rex prefixes. */
4578 if (prefixes & (PREFIX_REPZ | PREFIX_REPNZ
4579 | PREFIX_LOCK | PREFIX_DATA)) {
4580 goto illegal_op;
4581 }
4582 #ifdef TARGET_X86_64
4583 if (s->x86_64_hregs) {
4584 goto illegal_op;
4585 }
4586 #endif
4587 rex_r = (~vex2 >> 4) & 8;
4588 if (b == 0xc5) {
4589 /* 2-byte VEX prefix: RVVVVlpp, implied 0f leading opcode byte */
4590 vex3 = vex2;
4591 b = x86_ldub_code(env, s) | 0x100;
4592 } else {
4593 /* 3-byte VEX prefix: RXBmmmmm wVVVVlpp */
4594 #ifdef TARGET_X86_64
4595 s->rex_x = (~vex2 >> 3) & 8;
4596 s->rex_b = (~vex2 >> 2) & 8;
4597 #endif
4598 vex3 = x86_ldub_code(env, s);
4599 rex_w = (vex3 >> 7) & 1;
4600 switch (vex2 & 0x1f) {
4601 case 0x01: /* Implied 0f leading opcode bytes. */
4602 b = x86_ldub_code(env, s) | 0x100;
4603 break;
4604 case 0x02: /* Implied 0f 38 leading opcode bytes. */
4605 b = 0x138;
4606 break;
4607 case 0x03: /* Implied 0f 3a leading opcode bytes. */
4608 b = 0x13a;
4609 break;
4610 default: /* Reserved for future use. */
4611 goto unknown_op;
4612 }
4613 }
4614 s->vex_v = (~vex3 >> 3) & 0xf;
4615 s->vex_l = (vex3 >> 2) & 1;
4616 prefixes |= pp_prefix[vex3 & 3] | PREFIX_VEX;
4617 }
4618 break;
4619 }
4620
4621 /* Post-process prefixes. */
4622 if (CODE64(s)) {
4623 /* In 64-bit mode, the default data size is 32-bit. Select 64-bit
4624 data with rex_w, and 16-bit data with 0x66; rex_w takes precedence
4625 over 0x66 if both are present. */
4626 dflag = (rex_w > 0 ? MO_64 : prefixes & PREFIX_DATA ? MO_16 : MO_32);
4627 /* In 64-bit mode, 0x67 selects 32-bit addressing. */
4628 aflag = (prefixes & PREFIX_ADR ? MO_32 : MO_64);
4629 } else {
4630 /* In 16/32-bit mode, 0x66 selects the opposite data size. */
4631 if (s->code32 ^ ((prefixes & PREFIX_DATA) != 0)) {
4632 dflag = MO_32;
4633 } else {
4634 dflag = MO_16;
4635 }
4636 /* In 16/32-bit mode, 0x67 selects the opposite addressing. */
4637 if (s->code32 ^ ((prefixes & PREFIX_ADR) != 0)) {
4638 aflag = MO_32;
4639 } else {
4640 aflag = MO_16;
4641 }
4642 }
4643
4644 s->prefix = prefixes;
4645 s->aflag = aflag;
4646 s->dflag = dflag;
4647
4648 /* now check op code */
4649 reswitch:
4650 switch(b) {
4651 case 0x0f:
4652 /**************************/
4653 /* extended op code */
4654 b = x86_ldub_code(env, s) | 0x100;
4655 goto reswitch;
4656
4657 /**************************/
4658 /* arith & logic */
4659 case 0x00 ... 0x05:
4660 case 0x08 ... 0x0d:
4661 case 0x10 ... 0x15:
4662 case 0x18 ... 0x1d:
4663 case 0x20 ... 0x25:
4664 case 0x28 ... 0x2d:
4665 case 0x30 ... 0x35:
4666 case 0x38 ... 0x3d:
4667 {
4668 int op, f, val;
4669 op = (b >> 3) & 7;
4670 f = (b >> 1) & 3;
4671
4672 ot = mo_b_d(b, dflag);
4673
4674 switch(f) {
4675 case 0: /* OP Ev, Gv */
4676 modrm = x86_ldub_code(env, s);
4677 reg = ((modrm >> 3) & 7) | rex_r;
4678 mod = (modrm >> 6) & 3;
4679 rm = (modrm & 7) | REX_B(s);
4680 if (mod != 3) {
4681 gen_lea_modrm(env, s, modrm);
4682 opreg = OR_TMP0;
4683 } else if (op == OP_XORL && rm == reg) {
4684 xor_zero:
4685 /* xor reg, reg optimisation */
4686 set_cc_op(s, CC_OP_CLR);
4687 tcg_gen_movi_tl(s->T0, 0);
4688 gen_op_mov_reg_v(s, ot, reg, s->T0);
4689 break;
4690 } else {
4691 opreg = rm;
4692 }
4693 gen_op_mov_v_reg(s, ot, s->T1, reg);
4694 gen_op(s, op, ot, opreg);
4695 break;
4696 case 1: /* OP Gv, Ev */
4697 modrm = x86_ldub_code(env, s);
4698 mod = (modrm >> 6) & 3;
4699 reg = ((modrm >> 3) & 7) | rex_r;
4700 rm = (modrm & 7) | REX_B(s);
4701 if (mod != 3) {
4702 gen_lea_modrm(env, s, modrm);
4703 gen_op_ld_v(s, ot, s->T1, s->A0);
4704 } else if (op == OP_XORL && rm == reg) {
4705 goto xor_zero;
4706 } else {
4707 gen_op_mov_v_reg(s, ot, s->T1, rm);
4708 }
4709 gen_op(s, op, ot, reg);
4710 break;
4711 case 2: /* OP A, Iv */
4712 val = insn_get(env, s, ot);
4713 tcg_gen_movi_tl(s->T1, val);
4714 gen_op(s, op, ot, OR_EAX);
4715 break;
4716 }
4717 }
4718 break;
4719
4720 case 0x82:
4721 if (CODE64(s))
4722 goto illegal_op;
4723 /* fall through */
4724 case 0x80: /* GRP1 */
4725 case 0x81:
4726 case 0x83:
4727 {
4728 int val;
4729
4730 ot = mo_b_d(b, dflag);
4731
4732 modrm = x86_ldub_code(env, s);
4733 mod = (modrm >> 6) & 3;
4734 rm = (modrm & 7) | REX_B(s);
4735 op = (modrm >> 3) & 7;
4736
4737 if (mod != 3) {
4738 if (b == 0x83)
4739 s->rip_offset = 1;
4740 else
4741 s->rip_offset = insn_const_size(ot);
4742 gen_lea_modrm(env, s, modrm);
4743 opreg = OR_TMP0;
4744 } else {
4745 opreg = rm;
4746 }
4747
4748 switch(b) {
4749 default:
4750 case 0x80:
4751 case 0x81:
4752 case 0x82:
4753 val = insn_get(env, s, ot);
4754 break;
4755 case 0x83:
4756 val = (int8_t)insn_get(env, s, MO_8);
4757 break;
4758 }
4759 tcg_gen_movi_tl(s->T1, val);
4760 gen_op(s, op, ot, opreg);
4761 }
4762 break;
4763
4764 /**************************/
4765 /* inc, dec, and other misc arith */
4766 case 0x40 ... 0x47: /* inc Gv */
4767 ot = dflag;
4768 gen_inc(s, ot, OR_EAX + (b & 7), 1);
4769 break;
4770 case 0x48 ... 0x4f: /* dec Gv */
4771 ot = dflag;
4772 gen_inc(s, ot, OR_EAX + (b & 7), -1);
4773 break;
4774 case 0xf6: /* GRP3 */
4775 case 0xf7:
4776 ot = mo_b_d(b, dflag);
4777
4778 modrm = x86_ldub_code(env, s);
4779 mod = (modrm >> 6) & 3;
4780 rm = (modrm & 7) | REX_B(s);
4781 op = (modrm >> 3) & 7;
4782 if (mod != 3) {
4783 if (op == 0) {
4784 s->rip_offset = insn_const_size(ot);
4785 }
4786 gen_lea_modrm(env, s, modrm);
4787 /* For those below that handle locked memory, don't load here. */
4788 if (!(s->prefix & PREFIX_LOCK)
4789 || op != 2) {
4790 gen_op_ld_v(s, ot, s->T0, s->A0);
4791 }
4792 } else {
4793 gen_op_mov_v_reg(s, ot, s->T0, rm);
4794 }
4795
4796 switch(op) {
4797 case 0: /* test */
4798 val = insn_get(env, s, ot);
4799 tcg_gen_movi_tl(s->T1, val);
4800 gen_op_testl_T0_T1_cc(s);
4801 set_cc_op(s, CC_OP_LOGICB + ot);
4802 break;
4803 case 2: /* not */
4804 if (s->prefix & PREFIX_LOCK) {
4805 if (mod == 3) {
4806 goto illegal_op;
4807 }
4808 tcg_gen_movi_tl(s->T0, ~0);
4809 tcg_gen_atomic_xor_fetch_tl(s->T0, s->A0, s->T0,
4810 s->mem_index, ot | MO_LE);
4811 } else {
4812 tcg_gen_not_tl(s->T0, s->T0);
4813 if (mod != 3) {
4814 gen_op_st_v(s, ot, s->T0, s->A0);
4815 } else {
4816 gen_op_mov_reg_v(s, ot, rm, s->T0);
4817 }
4818 }
4819 break;
4820 case 3: /* neg */
4821 if (s->prefix & PREFIX_LOCK) {
4822 TCGLabel *label1;
4823 TCGv a0, t0, t1, t2;
4824
4825 if (mod == 3) {
4826 goto illegal_op;
4827 }
4828 a0 = tcg_temp_local_new();
4829 t0 = tcg_temp_local_new();
4830 label1 = gen_new_label();
4831
4832 tcg_gen_mov_tl(a0, s->A0);
4833 tcg_gen_mov_tl(t0, s->T0);
4834
4835 gen_set_label(label1);
4836 t1 = tcg_temp_new();
4837 t2 = tcg_temp_new();
4838 tcg_gen_mov_tl(t2, t0);
4839 tcg_gen_neg_tl(t1, t0);
4840 tcg_gen_atomic_cmpxchg_tl(t0, a0, t0, t1,
4841 s->mem_index, ot | MO_LE);
4842 tcg_temp_free(t1);
4843 tcg_gen_brcond_tl(TCG_COND_NE, t0, t2, label1);
4844
4845 tcg_temp_free(t2);
4846 tcg_temp_free(a0);
4847 tcg_gen_mov_tl(s->T0, t0);
4848 tcg_temp_free(t0);
4849 } else {
4850 tcg_gen_neg_tl(s->T0, s->T0);
4851 if (mod != 3) {
4852 gen_op_st_v(s, ot, s->T0, s->A0);
4853 } else {
4854 gen_op_mov_reg_v(s, ot, rm, s->T0);
4855 }
4856 }
4857 gen_op_update_neg_cc(s);
4858 set_cc_op(s, CC_OP_SUBB + ot);
4859 break;
4860 case 4: /* mul */
4861 switch(ot) {
4862 case MO_8:
4863 gen_op_mov_v_reg(s, MO_8, s->T1, R_EAX);
4864 tcg_gen_ext8u_tl(s->T0, s->T0);
4865 tcg_gen_ext8u_tl(s->T1, s->T1);
4866 /* XXX: use 32 bit mul which could be faster */
4867 tcg_gen_mul_tl(s->T0, s->T0, s->T1);
4868 gen_op_mov_reg_v(s, MO_16, R_EAX, s->T0);
4869 tcg_gen_mov_tl(cpu_cc_dst, s->T0);
4870 tcg_gen_andi_tl(cpu_cc_src, s->T0, 0xff00);
4871 set_cc_op(s, CC_OP_MULB);
4872 break;
4873 case MO_16:
4874 gen_op_mov_v_reg(s, MO_16, s->T1, R_EAX);
4875 tcg_gen_ext16u_tl(s->T0, s->T0);
4876 tcg_gen_ext16u_tl(s->T1, s->T1);
4877 /* XXX: use 32 bit mul which could be faster */
4878 tcg_gen_mul_tl(s->T0, s->T0, s->T1);
4879 gen_op_mov_reg_v(s, MO_16, R_EAX, s->T0);
4880 tcg_gen_mov_tl(cpu_cc_dst, s->T0);
4881 tcg_gen_shri_tl(s->T0, s->T0, 16);
4882 gen_op_mov_reg_v(s, MO_16, R_EDX, s->T0);
4883 tcg_gen_mov_tl(cpu_cc_src, s->T0);
4884 set_cc_op(s, CC_OP_MULW);
4885 break;
4886 default:
4887 case MO_32:
4888 tcg_gen_trunc_tl_i32(s->tmp2_i32, s->T0);
4889 tcg_gen_trunc_tl_i32(s->tmp3_i32, cpu_regs[R_EAX]);
4890 tcg_gen_mulu2_i32(s->tmp2_i32, s->tmp3_i32,
4891 s->tmp2_i32, s->tmp3_i32);
4892 tcg_gen_extu_i32_tl(cpu_regs[R_EAX], s->tmp2_i32);
4893 tcg_gen_extu_i32_tl(cpu_regs[R_EDX], s->tmp3_i32);
4894 tcg_gen_mov_tl(cpu_cc_dst, cpu_regs[R_EAX]);
4895 tcg_gen_mov_tl(cpu_cc_src, cpu_regs[R_EDX]);
4896 set_cc_op(s, CC_OP_MULL);
4897 break;
4898 #ifdef TARGET_X86_64
4899 case MO_64:
4900 tcg_gen_mulu2_i64(cpu_regs[R_EAX], cpu_regs[R_EDX],
4901 s->T0, cpu_regs[R_EAX]);
4902 tcg_gen_mov_tl(cpu_cc_dst, cpu_regs[R_EAX]);
4903 tcg_gen_mov_tl(cpu_cc_src, cpu_regs[R_EDX]);
4904 set_cc_op(s, CC_OP_MULQ);
4905 break;
4906 #endif
4907 }
4908 break;
4909 case 5: /* imul */
4910 switch(ot) {
4911 case MO_8:
4912 gen_op_mov_v_reg(s, MO_8, s->T1, R_EAX);
4913 tcg_gen_ext8s_tl(s->T0, s->T0);
4914 tcg_gen_ext8s_tl(s->T1, s->T1);
4915 /* XXX: use 32 bit mul which could be faster */
4916 tcg_gen_mul_tl(s->T0, s->T0, s->T1);
4917 gen_op_mov_reg_v(s, MO_16, R_EAX, s->T0);
4918 tcg_gen_mov_tl(cpu_cc_dst, s->T0);
4919 tcg_gen_ext8s_tl(s->tmp0, s->T0);
4920 tcg_gen_sub_tl(cpu_cc_src, s->T0, s->tmp0);
4921 set_cc_op(s, CC_OP_MULB);
4922 break;
4923 case MO_16:
4924 gen_op_mov_v_reg(s, MO_16, s->T1, R_EAX);
4925 tcg_gen_ext16s_tl(s->T0, s->T0);
4926 tcg_gen_ext16s_tl(s->T1, s->T1);
4927 /* XXX: use 32 bit mul which could be faster */
4928 tcg_gen_mul_tl(s->T0, s->T0, s->T1);
4929 gen_op_mov_reg_v(s, MO_16, R_EAX, s->T0);
4930 tcg_gen_mov_tl(cpu_cc_dst, s->T0);
4931 tcg_gen_ext16s_tl(s->tmp0, s->T0);
4932 tcg_gen_sub_tl(cpu_cc_src, s->T0, s->tmp0);
4933 tcg_gen_shri_tl(s->T0, s->T0, 16);
4934 gen_op_mov_reg_v(s, MO_16, R_EDX, s->T0);
4935 set_cc_op(s, CC_OP_MULW);
4936 break;
4937 default:
4938 case MO_32:
4939 tcg_gen_trunc_tl_i32(s->tmp2_i32, s->T0);
4940 tcg_gen_trunc_tl_i32(s->tmp3_i32, cpu_regs[R_EAX]);
4941 tcg_gen_muls2_i32(s->tmp2_i32, s->tmp3_i32,
4942 s->tmp2_i32, s->tmp3_i32);
4943 tcg_gen_extu_i32_tl(cpu_regs[R_EAX], s->tmp2_i32);
4944 tcg_gen_extu_i32_tl(cpu_regs[R_EDX], s->tmp3_i32);
4945 tcg_gen_sari_i32(s->tmp2_i32, s->tmp2_i32, 31);
4946 tcg_gen_mov_tl(cpu_cc_dst, cpu_regs[R_EAX]);
4947 tcg_gen_sub_i32(s->tmp2_i32, s->tmp2_i32, s->tmp3_i32);
4948 tcg_gen_extu_i32_tl(cpu_cc_src, s->tmp2_i32);
4949 set_cc_op(s, CC_OP_MULL);
4950 break;
4951 #ifdef TARGET_X86_64
4952 case MO_64:
4953 tcg_gen_muls2_i64(cpu_regs[R_EAX], cpu_regs[R_EDX],
4954 s->T0, cpu_regs[R_EAX]);
4955 tcg_gen_mov_tl(cpu_cc_dst, cpu_regs[R_EAX]);
4956 tcg_gen_sari_tl(cpu_cc_src, cpu_regs[R_EAX], 63);
4957 tcg_gen_sub_tl(cpu_cc_src, cpu_cc_src, cpu_regs[R_EDX]);
4958 set_cc_op(s, CC_OP_MULQ);
4959 break;
4960 #endif
4961 }
4962 break;
4963 case 6: /* div */
4964 switch(ot) {
4965 case MO_8:
4966 gen_helper_divb_AL(cpu_env, s->T0);
4967 break;
4968 case MO_16:
4969 gen_helper_divw_AX(cpu_env, s->T0);
4970 break;
4971 default:
4972 case MO_32:
4973 gen_helper_divl_EAX(cpu_env, s->T0);
4974 break;
4975 #ifdef TARGET_X86_64
4976 case MO_64:
4977 gen_helper_divq_EAX(cpu_env, s->T0);
4978 break;
4979 #endif
4980 }
4981 break;
4982 case 7: /* idiv */
4983 switch(ot) {
4984 case MO_8:
4985 gen_helper_idivb_AL(cpu_env, s->T0);
4986 break;
4987 case MO_16:
4988 gen_helper_idivw_AX(cpu_env, s->T0);
4989 break;
4990 default:
4991 case MO_32:
4992 gen_helper_idivl_EAX(cpu_env, s->T0);
4993 break;
4994 #ifdef TARGET_X86_64
4995 case MO_64:
4996 gen_helper_idivq_EAX(cpu_env, s->T0);
4997 break;
4998 #endif
4999 }
5000 break;
5001 default:
5002 goto unknown_op;
5003 }
5004 break;
5005
5006 case 0xfe: /* GRP4 */
5007 case 0xff: /* GRP5 */
5008 ot = mo_b_d(b, dflag);
5009
5010 modrm = x86_ldub_code(env, s);
5011 mod = (modrm >> 6) & 3;
5012 rm = (modrm & 7) | REX_B(s);
5013 op = (modrm >> 3) & 7;
5014 if (op >= 2 && b == 0xfe) {
5015 goto unknown_op;
5016 }
5017 if (CODE64(s)) {
5018 if (op == 2 || op == 4) {
5019 /* operand size for jumps is 64 bit */
5020 ot = MO_64;
5021 } else if (op == 3 || op == 5) {
5022 ot = dflag != MO_16 ? MO_32 + (rex_w == 1) : MO_16;
5023 } else if (op == 6) {
5024 /* default push size is 64 bit */
5025 ot = mo_pushpop(s, dflag);
5026 }
5027 }
5028 if (mod != 3) {
5029 gen_lea_modrm(env, s, modrm);
5030 if (op >= 2 && op != 3 && op != 5)
5031 gen_op_ld_v(s, ot, s->T0, s->A0);
5032 } else {
5033 gen_op_mov_v_reg(s, ot, s->T0, rm);
5034 }
5035
5036 switch(op) {
5037 case 0: /* inc Ev */
5038 if (mod != 3)
5039 opreg = OR_TMP0;
5040 else
5041 opreg = rm;
5042 gen_inc(s, ot, opreg, 1);
5043 break;
5044 case 1: /* dec Ev */
5045 if (mod != 3)
5046 opreg = OR_TMP0;
5047 else
5048 opreg = rm;
5049 gen_inc(s, ot, opreg, -1);
5050 break;
5051 case 2: /* call Ev */
5052 /* XXX: optimize if memory (no 'and' is necessary) */
5053 if (dflag == MO_16) {
5054 tcg_gen_ext16u_tl(s->T0, s->T0);
5055 }
5056 next_eip = s->pc - s->cs_base;
5057 tcg_gen_movi_tl(s->T1, next_eip);
5058 gen_push_v(s, s->T1);
5059 gen_op_jmp_v(s->T0);
5060 gen_bnd_jmp(s);
5061 gen_jr(s, s->T0);
5062 break;
5063 case 3: /* lcall Ev */
5064 gen_op_ld_v(s, ot, s->T1, s->A0);
5065 gen_add_A0_im(s, 1 << ot);
5066 gen_op_ld_v(s, MO_16, s->T0, s->A0);
5067 do_lcall:
5068 if (s->pe && !s->vm86) {
5069 tcg_gen_trunc_tl_i32(s->tmp2_i32, s->T0);
5070 gen_helper_lcall_protected(cpu_env, s->tmp2_i32, s->T1,
5071 tcg_const_i32(dflag - 1),
5072 tcg_const_tl(s->pc - s->cs_base));
5073 } else {
5074 tcg_gen_trunc_tl_i32(s->tmp2_i32, s->T0);
5075 gen_helper_lcall_real(cpu_env, s->tmp2_i32, s->T1,
5076 tcg_const_i32(dflag - 1),
5077 tcg_const_i32(s->pc - s->cs_base));
5078 }
5079 tcg_gen_ld_tl(s->tmp4, cpu_env, offsetof(CPUX86State, eip));
5080 gen_jr(s, s->tmp4);
5081 break;
5082 case 4: /* jmp Ev */
5083 if (dflag == MO_16) {
5084 tcg_gen_ext16u_tl(s->T0, s->T0);
5085 }
5086 gen_op_jmp_v(s->T0);
5087 gen_bnd_jmp(s);
5088 gen_jr(s, s->T0);
5089 break;
5090 case 5: /* ljmp Ev */
5091 gen_op_ld_v(s, ot, s->T1, s->A0);
5092 gen_add_A0_im(s, 1 << ot);
5093 gen_op_ld_v(s, MO_16, s->T0, s->A0);
5094 do_ljmp:
5095 if (s->pe && !s->vm86) {
5096 tcg_gen_trunc_tl_i32(s->tmp2_i32, s->T0);
5097 gen_helper_ljmp_protected(cpu_env, s->tmp2_i32, s->T1,
5098 tcg_const_tl(s->pc - s->cs_base));
5099 } else {
5100 gen_op_movl_seg_T0_vm(s, R_CS);
5101 gen_op_jmp_v(s->T1);
5102 }
5103 tcg_gen_ld_tl(s->tmp4, cpu_env, offsetof(CPUX86State, eip));
5104 gen_jr(s, s->tmp4);
5105 break;
5106 case 6: /* push Ev */
5107 gen_push_v(s, s->T0);
5108 break;
5109 default:
5110 goto unknown_op;
5111 }
5112 break;
5113
5114 case 0x84: /* test Ev, Gv */
5115 case 0x85:
5116 ot = mo_b_d(b, dflag);
5117
5118 modrm = x86_ldub_code(env, s);
5119 reg = ((modrm >> 3) & 7) | rex_r;
5120
5121 gen_ldst_modrm(env, s, modrm, ot, OR_TMP0, 0);
5122 gen_op_mov_v_reg(s, ot, s->T1, reg);
5123 gen_op_testl_T0_T1_cc(s);
5124 set_cc_op(s, CC_OP_LOGICB + ot);
5125 break;
5126
5127 case 0xa8: /* test eAX, Iv */
5128 case 0xa9:
5129 ot = mo_b_d(b, dflag);
5130 val = insn_get(env, s, ot);
5131
5132 gen_op_mov_v_reg(s, ot, s->T0, OR_EAX);
5133 tcg_gen_movi_tl(s->T1, val);
5134 gen_op_testl_T0_T1_cc(s);
5135 set_cc_op(s, CC_OP_LOGICB + ot);
5136 break;
5137
5138 case 0x98: /* CWDE/CBW */
5139 switch (dflag) {
5140 #ifdef TARGET_X86_64
5141 case MO_64:
5142 gen_op_mov_v_reg(s, MO_32, s->T0, R_EAX);
5143 tcg_gen_ext32s_tl(s->T0, s->T0);
5144 gen_op_mov_reg_v(s, MO_64, R_EAX, s->T0);
5145 break;
5146 #endif
5147 case MO_32:
5148 gen_op_mov_v_reg(s, MO_16, s->T0, R_EAX);
5149 tcg_gen_ext16s_tl(s->T0, s->T0);
5150 gen_op_mov_reg_v(s, MO_32, R_EAX, s->T0);
5151 break;
5152 case MO_16:
5153 gen_op_mov_v_reg(s, MO_8, s->T0, R_EAX);
5154 tcg_gen_ext8s_tl(s->T0, s->T0);
5155 gen_op_mov_reg_v(s, MO_16, R_EAX, s->T0);
5156 break;
5157 default:
5158 tcg_abort();
5159 }
5160 break;
5161 case 0x99: /* CDQ/CWD */
5162 switch (dflag) {
5163 #ifdef TARGET_X86_64
5164 case MO_64:
5165 gen_op_mov_v_reg(s, MO_64, s->T0, R_EAX);
5166 tcg_gen_sari_tl(s->T0, s->T0, 63);
5167 gen_op_mov_reg_v(s, MO_64, R_EDX, s->T0);
5168 break;
5169 #endif
5170 case MO_32:
5171 gen_op_mov_v_reg(s, MO_32, s->T0, R_EAX);
5172 tcg_gen_ext32s_tl(s->T0, s->T0);
5173 tcg_gen_sari_tl(s->T0, s->T0, 31);
5174 gen_op_mov_reg_v(s, MO_32, R_EDX, s->T0);
5175 break;
5176 case MO_16:
5177 gen_op_mov_v_reg(s, MO_16, s->T0, R_EAX);
5178 tcg_gen_ext16s_tl(s->T0, s->T0);
5179 tcg_gen_sari_tl(s->T0, s->T0, 15);
5180 gen_op_mov_reg_v(s, MO_16, R_EDX, s->T0);
5181 break;
5182 default:
5183 tcg_abort();
5184 }
5185 break;
5186 case 0x1af: /* imul Gv, Ev */
5187 case 0x69: /* imul Gv, Ev, I */
5188 case 0x6b:
5189 ot = dflag;
5190 modrm = x86_ldub_code(env, s);
5191 reg = ((modrm >> 3) & 7) | rex_r;
5192 if (b == 0x69)
5193 s->rip_offset = insn_const_size(ot);
5194 else if (b == 0x6b)
5195 s->rip_offset = 1;
5196 gen_ldst_modrm(env, s, modrm, ot, OR_TMP0, 0);
5197 if (b == 0x69) {
5198 val = insn_get(env, s, ot);
5199 tcg_gen_movi_tl(s->T1, val);
5200 } else if (b == 0x6b) {
5201 val = (int8_t)insn_get(env, s, MO_8);
5202 tcg_gen_movi_tl(s->T1, val);
5203 } else {
5204 gen_op_mov_v_reg(s, ot, s->T1, reg);
5205 }
5206 switch (ot) {
5207 #ifdef TARGET_X86_64
5208 case MO_64:
5209 tcg_gen_muls2_i64(cpu_regs[reg], s->T1, s->T0, s->T1);
5210 tcg_gen_mov_tl(cpu_cc_dst, cpu_regs[reg]);
5211 tcg_gen_sari_tl(cpu_cc_src, cpu_cc_dst, 63);
5212 tcg_gen_sub_tl(cpu_cc_src, cpu_cc_src, s->T1);
5213 break;
5214 #endif
5215 case MO_32:
5216 tcg_gen_trunc_tl_i32(s->tmp2_i32, s->T0);
5217 tcg_gen_trunc_tl_i32(s->tmp3_i32, s->T1);
5218 tcg_gen_muls2_i32(s->tmp2_i32, s->tmp3_i32,
5219 s->tmp2_i32, s->tmp3_i32);
5220 tcg_gen_extu_i32_tl(cpu_regs[reg], s->tmp2_i32);
5221 tcg_gen_sari_i32(s->tmp2_i32, s->tmp2_i32, 31);
5222 tcg_gen_mov_tl(cpu_cc_dst, cpu_regs[reg]);
5223 tcg_gen_sub_i32(s->tmp2_i32, s->tmp2_i32, s->tmp3_i32);
5224 tcg_gen_extu_i32_tl(cpu_cc_src, s->tmp2_i32);
5225 break;
5226 default:
5227 tcg_gen_ext16s_tl(s->T0, s->T0);
5228 tcg_gen_ext16s_tl(s->T1, s->T1);
5229 /* XXX: use 32 bit mul which could be faster */
5230 tcg_gen_mul_tl(s->T0, s->T0, s->T1);
5231 tcg_gen_mov_tl(cpu_cc_dst, s->T0);
5232 tcg_gen_ext16s_tl(s->tmp0, s->T0);
5233 tcg_gen_sub_tl(cpu_cc_src, s->T0, s->tmp0);
5234 gen_op_mov_reg_v(s, ot, reg, s->T0);
5235 break;
5236 }
5237 set_cc_op(s, CC_OP_MULB + ot);
5238 break;
5239 case 0x1c0:
5240 case 0x1c1: /* xadd Ev, Gv */
5241 ot = mo_b_d(b, dflag);
5242 modrm = x86_ldub_code(env, s);
5243 reg = ((modrm >> 3) & 7) | rex_r;
5244 mod = (modrm >> 6) & 3;
5245 gen_op_mov_v_reg(s, ot, s->T0, reg);
5246 if (mod == 3) {
5247 rm = (modrm & 7) | REX_B(s);
5248 gen_op_mov_v_reg(s, ot, s->T1, rm);
5249 tcg_gen_add_tl(s->T0, s->T0, s->T1);
5250 gen_op_mov_reg_v(s, ot, reg, s->T1);
5251 gen_op_mov_reg_v(s, ot, rm, s->T0);
5252 } else {
5253 gen_lea_modrm(env, s, modrm);
5254 if (s->prefix & PREFIX_LOCK) {
5255 tcg_gen_atomic_fetch_add_tl(s->T1, s->A0, s->T0,
5256 s->mem_index, ot | MO_LE);
5257 tcg_gen_add_tl(s->T0, s->T0, s->T1);
5258 } else {
5259 gen_op_ld_v(s, ot, s->T1, s->A0);
5260 tcg_gen_add_tl(s->T0, s->T0, s->T1);
5261 gen_op_st_v(s, ot, s->T0, s->A0);
5262 }
5263 gen_op_mov_reg_v(s, ot, reg, s->T1);
5264 }
5265 gen_op_update2_cc(s);
5266 set_cc_op(s, CC_OP_ADDB + ot);
5267 break;
5268 case 0x1b0:
5269 case 0x1b1: /* cmpxchg Ev, Gv */
5270 {
5271 TCGv oldv, newv, cmpv;
5272
5273 ot = mo_b_d(b, dflag);
5274 modrm = x86_ldub_code(env, s);
5275 reg = ((modrm >> 3) & 7) | rex_r;
5276 mod = (modrm >> 6) & 3;
5277 oldv = tcg_temp_new();
5278 newv = tcg_temp_new();
5279 cmpv = tcg_temp_new();
5280 gen_op_mov_v_reg(s, ot, newv, reg);
5281 tcg_gen_mov_tl(cmpv, cpu_regs[R_EAX]);
5282
5283 if (s->prefix & PREFIX_LOCK) {
5284 if (mod == 3) {
5285 goto illegal_op;
5286 }
5287 gen_lea_modrm(env, s, modrm);
5288 tcg_gen_atomic_cmpxchg_tl(oldv, s->A0, cmpv, newv,
5289 s->mem_index, ot | MO_LE);
5290 gen_op_mov_reg_v(s, ot, R_EAX, oldv);
5291 } else {
5292 if (mod == 3) {
5293 rm = (modrm & 7) | REX_B(s);
5294 gen_op_mov_v_reg(s, ot, oldv, rm);
5295 } else {
5296 gen_lea_modrm(env, s, modrm);
5297 gen_op_ld_v(s, ot, oldv, s->A0);
5298 rm = 0; /* avoid warning */
5299 }
5300 gen_extu(ot, oldv);
5301 gen_extu(ot, cmpv);
5302 /* store value = (old == cmp ? new : old); */
5303 tcg_gen_movcond_tl(TCG_COND_EQ, newv, oldv, cmpv, newv, oldv);
5304 if (mod == 3) {
5305 gen_op_mov_reg_v(s, ot, R_EAX, oldv);
5306 gen_op_mov_reg_v(s, ot, rm, newv);
5307 } else {
5308 /* Perform an unconditional store cycle like physical cpu;
5309 must be before changing accumulator to ensure
5310 idempotency if the store faults and the instruction
5311 is restarted */
5312 gen_op_st_v(s, ot, newv, s->A0);
5313 gen_op_mov_reg_v(s, ot, R_EAX, oldv);
5314 }
5315 }
5316 tcg_gen_mov_tl(cpu_cc_src, oldv);
5317 tcg_gen_mov_tl(s->cc_srcT, cmpv);
5318 tcg_gen_sub_tl(cpu_cc_dst, cmpv, oldv);
5319 set_cc_op(s, CC_OP_SUBB + ot);
5320 tcg_temp_free(oldv);
5321 tcg_temp_free(newv);
5322 tcg_temp_free(cmpv);
5323 }
5324 break;
5325 case 0x1c7: /* cmpxchg8b */
5326 modrm = x86_ldub_code(env, s);
5327 mod = (modrm >> 6) & 3;
5328 switch ((modrm >> 3) & 7) {
5329 case 1: /* CMPXCHG8, CMPXCHG16 */
5330 if (mod == 3) {
5331 goto illegal_op;
5332 }
5333 #ifdef TARGET_X86_64
5334 if (dflag == MO_64) {
5335 if (!(s->cpuid_ext_features & CPUID_EXT_CX16)) {
5336 goto illegal_op;
5337 }
5338 gen_lea_modrm(env, s, modrm);
5339 if ((s->prefix & PREFIX_LOCK) &&
5340 (tb_cflags(s->base.tb) & CF_PARALLEL)) {
5341 gen_helper_cmpxchg16b(cpu_env, s->A0);
5342 } else {
5343 gen_helper_cmpxchg16b_unlocked(cpu_env, s->A0);
5344 }
5345 set_cc_op(s, CC_OP_EFLAGS);
5346 break;
5347 }
5348 #endif
5349 if (!(s->cpuid_features & CPUID_CX8)) {
5350 goto illegal_op;
5351 }
5352 gen_lea_modrm(env, s, modrm);
5353 if ((s->prefix & PREFIX_LOCK) &&
5354 (tb_cflags(s->base.tb) & CF_PARALLEL)) {
5355 gen_helper_cmpxchg8b(cpu_env, s->A0);
5356 } else {
5357 gen_helper_cmpxchg8b_unlocked(cpu_env, s->A0);
5358 }
5359 set_cc_op(s, CC_OP_EFLAGS);
5360 break;
5361
5362 case 7: /* RDSEED */
5363 case 6: /* RDRAND */
5364 if (mod != 3 ||
5365 (s->prefix & (PREFIX_LOCK | PREFIX_REPZ | PREFIX_REPNZ)) ||
5366 !(s->cpuid_ext_features & CPUID_EXT_RDRAND)) {
5367 goto illegal_op;
5368 }
5369 if (tb_cflags(s->base.tb) & CF_USE_ICOUNT) {
5370 gen_io_start();
5371 }
5372 gen_helper_rdrand(s->T0, cpu_env);
5373 rm = (modrm & 7) | REX_B(s);
5374 gen_op_mov_reg_v(s, dflag, rm, s->T0);
5375 set_cc_op(s, CC_OP_EFLAGS);
5376 if (tb_cflags(s->base.tb) & CF_USE_ICOUNT) {
5377 gen_jmp(s, s->pc - s->cs_base);
5378 }
5379 break;
5380
5381 default:
5382 goto illegal_op;
5383 }
5384 break;
5385
5386 /**************************/
5387 /* push/pop */
5388 case 0x50 ... 0x57: /* push */
5389 gen_op_mov_v_reg(s, MO_32, s->T0, (b & 7) | REX_B(s));
5390 gen_push_v(s, s->T0);
5391 break;
5392 case 0x58 ... 0x5f: /* pop */
5393 ot = gen_pop_T0(s);
5394 /* NOTE: order is important for pop %sp */
5395 gen_pop_update(s, ot);
5396 gen_op_mov_reg_v(s, ot, (b & 7) | REX_B(s), s->T0);
5397 break;
5398 case 0x60: /* pusha */
5399 if (CODE64(s))
5400 goto illegal_op;
5401 gen_pusha(s);
5402 break;
5403 case 0x61: /* popa */
5404 if (CODE64(s))
5405 goto illegal_op;
5406 gen_popa(s);
5407 break;
5408 case 0x68: /* push Iv */
5409 case 0x6a:
5410 ot = mo_pushpop(s, dflag);
5411 if (b == 0x68)
5412 val = insn_get(env, s, ot);
5413 else
5414 val = (int8_t)insn_get(env, s, MO_8);
5415 tcg_gen_movi_tl(s->T0, val);
5416 gen_push_v(s, s->T0);
5417 break;
5418 case 0x8f: /* pop Ev */
5419 modrm = x86_ldub_code(env, s);
5420 mod = (modrm >> 6) & 3;
5421 ot = gen_pop_T0(s);
5422 if (mod == 3) {
5423 /* NOTE: order is important for pop %sp */
5424 gen_pop_update(s, ot);
5425 rm = (modrm & 7) | REX_B(s);
5426 gen_op_mov_reg_v(s, ot, rm, s->T0);
5427 } else {
5428 /* NOTE: order is important too for MMU exceptions */
5429 s->popl_esp_hack = 1 << ot;
5430 gen_ldst_modrm(env, s, modrm, ot, OR_TMP0, 1);
5431 s->popl_esp_hack = 0;
5432 gen_pop_update(s, ot);
5433 }
5434 break;
5435 case 0xc8: /* enter */
5436 {
5437 int level;
5438 val = x86_lduw_code(env, s);
5439 level = x86_ldub_code(env, s);
5440 gen_enter(s, val, level);
5441 }
5442 break;
5443 case 0xc9: /* leave */
5444 gen_leave(s);
5445 break;
5446 case 0x06: /* push es */
5447 case 0x0e: /* push cs */
5448 case 0x16: /* push ss */
5449 case 0x1e: /* push ds */
5450 if (CODE64(s))
5451 goto illegal_op;
5452 gen_op_movl_T0_seg(s, b >> 3);
5453 gen_push_v(s, s->T0);
5454 break;
5455 case 0x1a0: /* push fs */
5456 case 0x1a8: /* push gs */
5457 gen_op_movl_T0_seg(s, (b >> 3) & 7);
5458 gen_push_v(s, s->T0);
5459 break;
5460 case 0x07: /* pop es */
5461 case 0x17: /* pop ss */
5462 case 0x1f: /* pop ds */
5463 if (CODE64(s))
5464 goto illegal_op;
5465 reg = b >> 3;
5466 ot = gen_pop_T0(s);
5467 gen_movl_seg_T0(s, reg);
5468 gen_pop_update(s, ot);
5469 /* Note that reg == R_SS in gen_movl_seg_T0 always sets is_jmp. */
5470 if (s->base.is_jmp) {
5471 gen_jmp_im(s, s->pc - s->cs_base);
5472 if (reg == R_SS) {
5473 s->tf = 0;
5474 gen_eob_inhibit_irq(s, true);
5475 } else {
5476 gen_eob(s);
5477 }
5478 }
5479 break;
5480 case 0x1a1: /* pop fs */
5481 case 0x1a9: /* pop gs */
5482 ot = gen_pop_T0(s);
5483 gen_movl_seg_T0(s, (b >> 3) & 7);
5484 gen_pop_update(s, ot);
5485 if (s->base.is_jmp) {
5486 gen_jmp_im(s, s->pc - s->cs_base);
5487 gen_eob(s);
5488 }
5489 break;
5490
5491 /**************************/
5492 /* mov */
5493 case 0x88:
5494 case 0x89: /* mov Gv, Ev */
5495 ot = mo_b_d(b, dflag);
5496 modrm = x86_ldub_code(env, s);
5497 reg = ((modrm >> 3) & 7) | rex_r;
5498
5499 /* generate a generic store */
5500 gen_ldst_modrm(env, s, modrm, ot, reg, 1);
5501 break;
5502 case 0xc6:
5503 case 0xc7: /* mov Ev, Iv */
5504 ot = mo_b_d(b, dflag);
5505 modrm = x86_ldub_code(env, s);
5506 mod = (modrm >> 6) & 3;
5507 if (mod != 3) {
5508 s->rip_offset = insn_const_size(ot);
5509 gen_lea_modrm(env, s, modrm);
5510 }
5511 val = insn_get(env, s, ot);
5512 tcg_gen_movi_tl(s->T0, val);
5513 if (mod != 3) {
5514 gen_op_st_v(s, ot, s->T0, s->A0);
5515 } else {
5516 gen_op_mov_reg_v(s, ot, (modrm & 7) | REX_B(s), s->T0);
5517 }
5518 break;
5519 case 0x8a:
5520 case 0x8b: /* mov Ev, Gv */
5521 ot = mo_b_d(b, dflag);
5522 modrm = x86_ldub_code(env, s);
5523 reg = ((modrm >> 3) & 7) | rex_r;
5524
5525 gen_ldst_modrm(env, s, modrm, ot, OR_TMP0, 0);
5526 gen_op_mov_reg_v(s, ot, reg, s->T0);
5527 break;
5528 case 0x8e: /* mov seg, Gv */
5529 modrm = x86_ldub_code(env, s);
5530 reg = (modrm >> 3) & 7;
5531 if (reg >= 6 || reg == R_CS)
5532 goto illegal_op;
5533 gen_ldst_modrm(env, s, modrm, MO_16, OR_TMP0, 0);
5534 gen_movl_seg_T0(s, reg);
5535 /* Note that reg == R_SS in gen_movl_seg_T0 always sets is_jmp. */
5536 if (s->base.is_jmp) {
5537 gen_jmp_im(s, s->pc - s->cs_base);
5538 if (reg == R_SS) {
5539 s->tf = 0;
5540 gen_eob_inhibit_irq(s, true);
5541 } else {
5542 gen_eob(s);
5543 }
5544 }
5545 break;
5546 case 0x8c: /* mov Gv, seg */
5547 modrm = x86_ldub_code(env, s);
5548 reg = (modrm >> 3) & 7;
5549 mod = (modrm >> 6) & 3;
5550 if (reg >= 6)
5551 goto illegal_op;
5552 gen_op_movl_T0_seg(s, reg);
5553 ot = mod == 3 ? dflag : MO_16;
5554 gen_ldst_modrm(env, s, modrm, ot, OR_TMP0, 1);
5555 break;
5556
5557 case 0x1b6: /* movzbS Gv, Eb */
5558 case 0x1b7: /* movzwS Gv, Eb */
5559 case 0x1be: /* movsbS Gv, Eb */
5560 case 0x1bf: /* movswS Gv, Eb */
5561 {
5562 MemOp d_ot;
5563 MemOp s_ot;
5564
5565 /* d_ot is the size of destination */
5566 d_ot = dflag;
5567 /* ot is the size of source */
5568 ot = (b & 1) + MO_8;
5569 /* s_ot is the sign+size of source */
5570 s_ot = b & 8 ? MO_SIGN | ot : ot;
5571
5572 modrm = x86_ldub_code(env, s);
5573 reg = ((modrm >> 3) & 7) | rex_r;
5574 mod = (modrm >> 6) & 3;
5575 rm = (modrm & 7) | REX_B(s);
5576
5577 if (mod == 3) {
5578 if (s_ot == MO_SB && byte_reg_is_xH(s, rm)) {
5579 tcg_gen_sextract_tl(s->T0, cpu_regs[rm - 4], 8, 8);
5580 } else {
5581 gen_op_mov_v_reg(s, ot, s->T0, rm);
5582 switch (s_ot) {
5583 case MO_UB:
5584 tcg_gen_ext8u_tl(s->T0, s->T0);
5585 break;
5586 case MO_SB:
5587 tcg_gen_ext8s_tl(s->T0, s->T0);
5588 break;
5589 case MO_UW:
5590 tcg_gen_ext16u_tl(s->T0, s->T0);
5591 break;
5592 default:
5593 case MO_SW:
5594 tcg_gen_ext16s_tl(s->T0, s->T0);
5595 break;
5596 }
5597 }
5598 gen_op_mov_reg_v(s, d_ot, reg, s->T0);
5599 } else {
5600 gen_lea_modrm(env, s, modrm);
5601 gen_op_ld_v(s, s_ot, s->T0, s->A0);
5602 gen_op_mov_reg_v(s, d_ot, reg, s->T0);
5603 }
5604 }
5605 break;
5606
5607 case 0x8d: /* lea */
5608 modrm = x86_ldub_code(env, s);
5609 mod = (modrm >> 6) & 3;
5610 if (mod == 3)
5611 goto illegal_op;
5612 reg = ((modrm >> 3) & 7) | rex_r;
5613 {
5614 AddressParts a = gen_lea_modrm_0(env, s, modrm);
5615 TCGv ea = gen_lea_modrm_1(s, a);
5616 gen_lea_v_seg(s, s->aflag, ea, -1, -1);
5617 gen_op_mov_reg_v(s, dflag, reg, s->A0);
5618 }
5619 break;
5620
5621 case 0xa0: /* mov EAX, Ov */
5622 case 0xa1:
5623 case 0xa2: /* mov Ov, EAX */
5624 case 0xa3:
5625 {
5626 target_ulong offset_addr;
5627
5628 ot = mo_b_d(b, dflag);
5629 switch (s->aflag) {
5630 #ifdef TARGET_X86_64
5631 case MO_64:
5632 offset_addr = x86_ldq_code(env, s);
5633 break;
5634 #endif
5635 default:
5636 offset_addr = insn_get(env, s, s->aflag);
5637 break;
5638 }
5639 tcg_gen_movi_tl(s->A0, offset_addr);
5640 gen_add_A0_ds_seg(s);
5641 if ((b & 2) == 0) {
5642 gen_op_ld_v(s, ot, s->T0, s->A0);
5643 gen_op_mov_reg_v(s, ot, R_EAX, s->T0);
5644 } else {
5645 gen_op_mov_v_reg(s, ot, s->T0, R_EAX);
5646 gen_op_st_v(s, ot, s->T0, s->A0);
5647 }
5648 }
5649 break;
5650 case 0xd7: /* xlat */
5651 tcg_gen_mov_tl(s->A0, cpu_regs[R_EBX]);
5652 tcg_gen_ext8u_tl(s->T0, cpu_regs[R_EAX]);
5653 tcg_gen_add_tl(s->A0, s->A0, s->T0);
5654 gen_extu(s->aflag, s->A0);
5655 gen_add_A0_ds_seg(s);
5656 gen_op_ld_v(s, MO_8, s->T0, s->A0);
5657 gen_op_mov_reg_v(s, MO_8, R_EAX, s->T0);
5658 break;
5659 case 0xb0 ... 0xb7: /* mov R, Ib */
5660 val = insn_get(env, s, MO_8);
5661 tcg_gen_movi_tl(s->T0, val);
5662 gen_op_mov_reg_v(s, MO_8, (b & 7) | REX_B(s), s->T0);
5663 break;
5664 case 0xb8 ... 0xbf: /* mov R, Iv */
5665 #ifdef TARGET_X86_64
5666 if (dflag == MO_64) {
5667 uint64_t tmp;
5668 /* 64 bit case */
5669 tmp = x86_ldq_code(env, s);
5670 reg = (b & 7) | REX_B(s);
5671 tcg_gen_movi_tl(s->T0, tmp);
5672 gen_op_mov_reg_v(s, MO_64, reg, s->T0);
5673 } else
5674 #endif
5675 {
5676 ot = dflag;
5677 val = insn_get(env, s, ot);
5678 reg = (b & 7) | REX_B(s);
5679 tcg_gen_movi_tl(s->T0, val);
5680 gen_op_mov_reg_v(s, ot, reg, s->T0);
5681 }
5682 break;
5683
5684 case 0x91 ... 0x97: /* xchg R, EAX */
5685 do_xchg_reg_eax:
5686 ot = dflag;
5687 reg = (b & 7) | REX_B(s);
5688 rm = R_EAX;
5689 goto do_xchg_reg;
5690 case 0x86:
5691 case 0x87: /* xchg Ev, Gv */
5692 ot = mo_b_d(b, dflag);
5693 modrm = x86_ldub_code(env, s);
5694 reg = ((modrm >> 3) & 7) | rex_r;
5695 mod = (modrm >> 6) & 3;
5696 if (mod == 3) {
5697 rm = (modrm & 7) | REX_B(s);
5698 do_xchg_reg:
5699 gen_op_mov_v_reg(s, ot, s->T0, reg);
5700 gen_op_mov_v_reg(s, ot, s->T1, rm);
5701 gen_op_mov_reg_v(s, ot, rm, s->T0);
5702 gen_op_mov_reg_v(s, ot, reg, s->T1);
5703 } else {
5704 gen_lea_modrm(env, s, modrm);
5705 gen_op_mov_v_reg(s, ot, s->T0, reg);
5706 /* for xchg, lock is implicit */
5707 tcg_gen_atomic_xchg_tl(s->T1, s->A0, s->T0,
5708 s->mem_index, ot | MO_LE);
5709 gen_op_mov_reg_v(s, ot, reg, s->T1);
5710 }
5711 break;
5712 case 0xc4: /* les Gv */
5713 /* In CODE64 this is VEX3; see above. */
5714 op = R_ES;
5715 goto do_lxx;
5716 case 0xc5: /* lds Gv */
5717 /* In CODE64 this is VEX2; see above. */
5718 op = R_DS;
5719 goto do_lxx;
5720 case 0x1b2: /* lss Gv */
5721 op = R_SS;
5722 goto do_lxx;
5723 case 0x1b4: /* lfs Gv */
5724 op = R_FS;
5725 goto do_lxx;
5726 case 0x1b5: /* lgs Gv */
5727 op = R_GS;
5728 do_lxx:
5729 ot = dflag != MO_16 ? MO_32 : MO_16;
5730 modrm = x86_ldub_code(env, s);
5731 reg = ((modrm >> 3) & 7) | rex_r;
5732 mod = (modrm >> 6) & 3;
5733 if (mod == 3)
5734 goto illegal_op;
5735 gen_lea_modrm(env, s, modrm);
5736 gen_op_ld_v(s, ot, s->T1, s->A0);
5737 gen_add_A0_im(s, 1 << ot);
5738 /* load the segment first to handle exceptions properly */
5739 gen_op_ld_v(s, MO_16, s->T0, s->A0);
5740 gen_movl_seg_T0(s, op);
5741 /* then put the data */
5742 gen_op_mov_reg_v(s, ot, reg, s->T1);
5743 if (s->base.is_jmp) {
5744 gen_jmp_im(s, s->pc - s->cs_base);
5745 gen_eob(s);
5746 }
5747 break;
5748
5749 /************************/
5750 /* shifts */
5751 case 0xc0:
5752 case 0xc1:
5753 /* shift Ev,Ib */
5754 shift = 2;
5755 grp2:
5756 {
5757 ot = mo_b_d(b, dflag);
5758 modrm = x86_ldub_code(env, s);
5759 mod = (modrm >> 6) & 3;
5760 op = (modrm >> 3) & 7;
5761
5762 if (mod != 3) {
5763 if (shift == 2) {
5764 s->rip_offset = 1;
5765 }
5766 gen_lea_modrm(env, s, modrm);
5767 opreg = OR_TMP0;
5768 } else {
5769 opreg = (modrm & 7) | REX_B(s);
5770 }
5771
5772 /* simpler op */
5773 if (shift == 0) {
5774 gen_shift(s, op, ot, opreg, OR_ECX);
5775 } else {
5776 if (shift == 2) {
5777 shift = x86_ldub_code(env, s);
5778 }
5779 gen_shifti(s, op, ot, opreg, shift);
5780 }
5781 }
5782 break;
5783 case 0xd0:
5784 case 0xd1:
5785 /* shift Ev,1 */
5786 shift = 1;
5787 goto grp2;
5788 case 0xd2:
5789 case 0xd3:
5790 /* shift Ev,cl */
5791 shift = 0;
5792 goto grp2;
5793
5794 case 0x1a4: /* shld imm */
5795 op = 0;
5796 shift = 1;
5797 goto do_shiftd;
5798 case 0x1a5: /* shld cl */
5799 op = 0;
5800 shift = 0;
5801 goto do_shiftd;
5802 case 0x1ac: /* shrd imm */
5803 op = 1;
5804 shift = 1;
5805 goto do_shiftd;
5806 case 0x1ad: /* shrd cl */
5807 op = 1;
5808 shift = 0;
5809 do_shiftd:
5810 ot = dflag;
5811 modrm = x86_ldub_code(env, s);
5812 mod = (modrm >> 6) & 3;
5813 rm = (modrm & 7) | REX_B(s);
5814 reg = ((modrm >> 3) & 7) | rex_r;
5815 if (mod != 3) {
5816 gen_lea_modrm(env, s, modrm);
5817 opreg = OR_TMP0;
5818 } else {
5819 opreg = rm;
5820 }
5821 gen_op_mov_v_reg(s, ot, s->T1, reg);
5822
5823 if (shift) {
5824 TCGv imm = tcg_const_tl(x86_ldub_code(env, s));
5825 gen_shiftd_rm_T1(s, ot, opreg, op, imm);
5826 tcg_temp_free(imm);
5827 } else {
5828 gen_shiftd_rm_T1(s, ot, opreg, op, cpu_regs[R_ECX]);
5829 }
5830 break;
5831
5832 /************************/
5833 /* floats */
5834 case 0xd8 ... 0xdf:
5835 if (s->flags & (HF_EM_MASK | HF_TS_MASK)) {
5836 /* if CR0.EM or CR0.TS are set, generate an FPU exception */
5837 /* XXX: what to do if illegal op ? */
5838 gen_exception(s, EXCP07_PREX, pc_start - s->cs_base);
5839 break;
5840 }
5841 modrm = x86_ldub_code(env, s);
5842 mod = (modrm >> 6) & 3;
5843 rm = modrm & 7;
5844 op = ((b & 7) << 3) | ((modrm >> 3) & 7);
5845 if (mod != 3) {
5846 /* memory op */
5847 gen_lea_modrm(env, s, modrm);
5848 switch(op) {
5849 case 0x00 ... 0x07: /* fxxxs */
5850 case 0x10 ... 0x17: /* fixxxl */
5851 case 0x20 ... 0x27: /* fxxxl */
5852 case 0x30 ... 0x37: /* fixxx */
5853 {
5854 int op1;
5855 op1 = op & 7;
5856
5857 switch(op >> 4) {
5858 case 0:
5859 tcg_gen_qemu_ld_i32(s->tmp2_i32, s->A0,
5860 s->mem_index, MO_LEUL);
5861 gen_helper_flds_FT0(cpu_env, s->tmp2_i32);
5862 break;
5863 case 1:
5864 tcg_gen_qemu_ld_i32(s->tmp2_i32, s->A0,
5865 s->mem_index, MO_LEUL);
5866 gen_helper_fildl_FT0(cpu_env, s->tmp2_i32);
5867 break;
5868 case 2:
5869 tcg_gen_qemu_ld_i64(s->tmp1_i64, s->A0,
5870 s->mem_index, MO_LEQ);
5871 gen_helper_fldl_FT0(cpu_env, s->tmp1_i64);
5872 break;
5873 case 3:
5874 default:
5875 tcg_gen_qemu_ld_i32(s->tmp2_i32, s->A0,
5876 s->mem_index, MO_LESW);
5877 gen_helper_fildl_FT0(cpu_env, s->tmp2_i32);
5878 break;
5879 }
5880
5881 gen_helper_fp_arith_ST0_FT0(op1);
5882 if (op1 == 3) {
5883 /* fcomp needs pop */
5884 gen_helper_fpop(cpu_env);
5885 }
5886 }
5887 break;
5888 case 0x08: /* flds */
5889 case 0x0a: /* fsts */
5890 case 0x0b: /* fstps */
5891 case 0x18 ... 0x1b: /* fildl, fisttpl, fistl, fistpl */
5892 case 0x28 ... 0x2b: /* fldl, fisttpll, fstl, fstpl */
5893 case 0x38 ... 0x3b: /* filds, fisttps, fists, fistps */
5894 switch(op & 7) {
5895 case 0:
5896 switch(op >> 4) {
5897 case 0:
5898 tcg_gen_qemu_ld_i32(s->tmp2_i32, s->A0,
5899 s->mem_index, MO_LEUL);
5900 gen_helper_flds_ST0(cpu_env, s->tmp2_i32);
5901 break;
5902 case 1:
5903 tcg_gen_qemu_ld_i32(s->tmp2_i32, s->A0,
5904 s->mem_index, MO_LEUL);
5905 gen_helper_fildl_ST0(cpu_env, s->tmp2_i32);
5906 break;
5907 case 2:
5908 tcg_gen_qemu_ld_i64(s->tmp1_i64, s->A0,
5909 s->mem_index, MO_LEQ);
5910 gen_helper_fldl_ST0(cpu_env, s->tmp1_i64);
5911 break;
5912 case 3:
5913 default:
5914 tcg_gen_qemu_ld_i32(s->tmp2_i32, s->A0,
5915 s->mem_index, MO_LESW);
5916 gen_helper_fildl_ST0(cpu_env, s->tmp2_i32);
5917 break;
5918 }
5919 break;
5920 case 1:
5921 /* XXX: the corresponding CPUID bit must be tested ! */
5922 switch(op >> 4) {
5923 case 1:
5924 gen_helper_fisttl_ST0(s->tmp2_i32, cpu_env);
5925 tcg_gen_qemu_st_i32(s->tmp2_i32, s->A0,
5926 s->mem_index, MO_LEUL);
5927 break;
5928 case 2:
5929 gen_helper_fisttll_ST0(s->tmp1_i64, cpu_env);
5930 tcg_gen_qemu_st_i64(s->tmp1_i64, s->A0,
5931 s->mem_index, MO_LEQ);
5932 break;
5933 case 3:
5934 default:
5935 gen_helper_fistt_ST0(s->tmp2_i32, cpu_env);
5936 tcg_gen_qemu_st_i32(s->tmp2_i32, s->A0,
5937 s->mem_index, MO_LEUW);
5938 break;
5939 }
5940 gen_helper_fpop(cpu_env);
5941 break;
5942 default:
5943 switch(op >> 4) {
5944 case 0:
5945 gen_helper_fsts_ST0(s->tmp2_i32, cpu_env);
5946 tcg_gen_qemu_st_i32(s->tmp2_i32, s->A0,
5947 s->mem_index, MO_LEUL);
5948 break;
5949 case 1:
5950 gen_helper_fistl_ST0(s->tmp2_i32, cpu_env);
5951 tcg_gen_qemu_st_i32(s->tmp2_i32, s->A0,
5952 s->mem_index, MO_LEUL);
5953 break;
5954 case 2:
5955 gen_helper_fstl_ST0(s->tmp1_i64, cpu_env);
5956 tcg_gen_qemu_st_i64(s->tmp1_i64, s->A0,
5957 s->mem_index, MO_LEQ);
5958 break;
5959 case 3:
5960 default:
5961 gen_helper_fist_ST0(s->tmp2_i32, cpu_env);
5962 tcg_gen_qemu_st_i32(s->tmp2_i32, s->A0,
5963 s->mem_index, MO_LEUW);
5964 break;
5965 }
5966 if ((op & 7) == 3)
5967 gen_helper_fpop(cpu_env);
5968 break;
5969 }
5970 break;
5971 case 0x0c: /* fldenv mem */
5972 gen_helper_fldenv(cpu_env, s->A0, tcg_const_i32(dflag - 1));
5973 break;
5974 case 0x0d: /* fldcw mem */
5975 tcg_gen_qemu_ld_i32(s->tmp2_i32, s->A0,
5976 s->mem_index, MO_LEUW);
5977 gen_helper_fldcw(cpu_env, s->tmp2_i32);
5978 break;
5979 case 0x0e: /* fnstenv mem */
5980 gen_helper_fstenv(cpu_env, s->A0, tcg_const_i32(dflag - 1));
5981 break;
5982 case 0x0f: /* fnstcw mem */
5983 gen_helper_fnstcw(s->tmp2_i32, cpu_env);
5984 tcg_gen_qemu_st_i32(s->tmp2_i32, s->A0,
5985 s->mem_index, MO_LEUW);
5986 break;
5987 case 0x1d: /* fldt mem */
5988 gen_helper_fldt_ST0(cpu_env, s->A0);
5989 break;
5990 case 0x1f: /* fstpt mem */
5991 gen_helper_fstt_ST0(cpu_env, s->A0);
5992 gen_helper_fpop(cpu_env);
5993 break;
5994 case 0x2c: /* frstor mem */
5995 gen_helper_frstor(cpu_env, s->A0, tcg_const_i32(dflag - 1));
5996 break;
5997 case 0x2e: /* fnsave mem */
5998 gen_helper_fsave(cpu_env, s->A0, tcg_const_i32(dflag - 1));
5999 break;
6000 case 0x2f: /* fnstsw mem */
6001 gen_helper_fnstsw(s->tmp2_i32, cpu_env);
6002 tcg_gen_qemu_st_i32(s->tmp2_i32, s->A0,
6003 s->mem_index, MO_LEUW);
6004 break;
6005 case 0x3c: /* fbld */
6006 gen_helper_fbld_ST0(cpu_env, s->A0);
6007 break;
6008 case 0x3e: /* fbstp */
6009 gen_helper_fbst_ST0(cpu_env, s->A0);
6010 gen_helper_fpop(cpu_env);
6011 break;
6012 case 0x3d: /* fildll */
6013 tcg_gen_qemu_ld_i64(s->tmp1_i64, s->A0, s->mem_index, MO_LEQ);
6014 gen_helper_fildll_ST0(cpu_env, s->tmp1_i64);
6015 break;
6016 case 0x3f: /* fistpll */
6017 gen_helper_fistll_ST0(s->tmp1_i64, cpu_env);
6018 tcg_gen_qemu_st_i64(s->tmp1_i64, s->A0, s->mem_index, MO_LEQ);
6019 gen_helper_fpop(cpu_env);
6020 break;
6021 default:
6022 goto unknown_op;
6023 }
6024 } else {
6025 /* register float ops */
6026 opreg = rm;
6027
6028 switch(op) {
6029 case 0x08: /* fld sti */
6030 gen_helper_fpush(cpu_env);
6031 gen_helper_fmov_ST0_STN(cpu_env,
6032 tcg_const_i32((opreg + 1) & 7));
6033 break;
6034 case 0x09: /* fxchg sti */
6035 case 0x29: /* fxchg4 sti, undocumented op */
6036 case 0x39: /* fxchg7 sti, undocumented op */
6037 gen_helper_fxchg_ST0_STN(cpu_env, tcg_const_i32(opreg));
6038 break;
6039 case 0x0a: /* grp d9/2 */
6040 switch(rm) {
6041 case 0: /* fnop */
6042 /* check exceptions (FreeBSD FPU probe) */
6043 gen_helper_fwait(cpu_env);
6044 break;
6045 default:
6046 goto unknown_op;
6047 }
6048 break;
6049 case 0x0c: /* grp d9/4 */
6050 switch(rm) {
6051 case 0: /* fchs */
6052 gen_helper_fchs_ST0(cpu_env);
6053 break;
6054 case 1: /* fabs */
6055 gen_helper_fabs_ST0(cpu_env);
6056 break;
6057 case 4: /* ftst */
6058 gen_helper_fldz_FT0(cpu_env);
6059 gen_helper_fcom_ST0_FT0(cpu_env);
6060 break;
6061 case 5: /* fxam */
6062 gen_helper_fxam_ST0(cpu_env);
6063 break;
6064 default:
6065 goto unknown_op;
6066 }
6067 break;
6068 case 0x0d: /* grp d9/5 */
6069 {
6070 switch(rm) {
6071 case 0:
6072 gen_helper_fpush(cpu_env);
6073 gen_helper_fld1_ST0(cpu_env);
6074 break;
6075 case 1:
6076 gen_helper_fpush(cpu_env);
6077 gen_helper_fldl2t_ST0(cpu_env);
6078 break;
6079 case 2:
6080 gen_helper_fpush(cpu_env);
6081 gen_helper_fldl2e_ST0(cpu_env);
6082 break;
6083 case 3:
6084 gen_helper_fpush(cpu_env);
6085 gen_helper_fldpi_ST0(cpu_env);
6086 break;
6087 case 4:
6088 gen_helper_fpush(cpu_env);
6089 gen_helper_fldlg2_ST0(cpu_env);
6090 break;
6091 case 5:
6092 gen_helper_fpush(cpu_env);
6093 gen_helper_fldln2_ST0(cpu_env);
6094 break;
6095 case 6:
6096 gen_helper_fpush(cpu_env);
6097 gen_helper_fldz_ST0(cpu_env);
6098 break;
6099 default:
6100 goto unknown_op;
6101 }
6102 }
6103 break;
6104 case 0x0e: /* grp d9/6 */
6105 switch(rm) {
6106 case 0: /* f2xm1 */
6107 gen_helper_f2xm1(cpu_env);
6108 break;
6109 case 1: /* fyl2x */
6110 gen_helper_fyl2x(cpu_env);
6111 break;
6112 case 2: /* fptan */
6113 gen_helper_fptan(cpu_env);
6114 break;
6115 case 3: /* fpatan */
6116 gen_helper_fpatan(cpu_env);
6117 break;
6118 case 4: /* fxtract */
6119 gen_helper_fxtract(cpu_env);
6120 break;
6121 case 5: /* fprem1 */
6122 gen_helper_fprem1(cpu_env);
6123 break;
6124 case 6: /* fdecstp */
6125 gen_helper_fdecstp(cpu_env);
6126 break;
6127 default:
6128 case 7: /* fincstp */
6129 gen_helper_fincstp(cpu_env);
6130 break;
6131 }
6132 break;
6133 case 0x0f: /* grp d9/7 */
6134 switch(rm) {
6135 case 0: /* fprem */
6136 gen_helper_fprem(cpu_env);
6137 break;
6138 case 1: /* fyl2xp1 */
6139 gen_helper_fyl2xp1(cpu_env);
6140 break;
6141 case 2: /* fsqrt */
6142 gen_helper_fsqrt(cpu_env);
6143 break;
6144 case 3: /* fsincos */
6145 gen_helper_fsincos(cpu_env);
6146 break;
6147 case 5: /* fscale */
6148 gen_helper_fscale(cpu_env);
6149 break;
6150 case 4: /* frndint */
6151 gen_helper_frndint(cpu_env);
6152 break;
6153 case 6: /* fsin */
6154 gen_helper_fsin(cpu_env);
6155 break;
6156 default:
6157 case 7: /* fcos */
6158 gen_helper_fcos(cpu_env);
6159 break;
6160 }
6161 break;
6162 case 0x00: case 0x01: case 0x04 ... 0x07: /* fxxx st, sti */
6163 case 0x20: case 0x21: case 0x24 ... 0x27: /* fxxx sti, st */
6164 case 0x30: case 0x31: case 0x34 ... 0x37: /* fxxxp sti, st */
6165 {
6166 int op1;
6167
6168 op1 = op & 7;
6169 if (op >= 0x20) {
6170 gen_helper_fp_arith_STN_ST0(op1, opreg);
6171 if (op >= 0x30)
6172 gen_helper_fpop(cpu_env);
6173 } else {
6174 gen_helper_fmov_FT0_STN(cpu_env, tcg_const_i32(opreg));
6175 gen_helper_fp_arith_ST0_FT0(op1);
6176 }
6177 }
6178 break;
6179 case 0x02: /* fcom */
6180 case 0x22: /* fcom2, undocumented op */
6181 gen_helper_fmov_FT0_STN(cpu_env, tcg_const_i32(opreg));
6182 gen_helper_fcom_ST0_FT0(cpu_env);
6183 break;
6184 case 0x03: /* fcomp */
6185 case 0x23: /* fcomp3, undocumented op */
6186 case 0x32: /* fcomp5, undocumented op */
6187 gen_helper_fmov_FT0_STN(cpu_env, tcg_const_i32(opreg));
6188 gen_helper_fcom_ST0_FT0(cpu_env);
6189 gen_helper_fpop(cpu_env);
6190 break;
6191 case 0x15: /* da/5 */
6192 switch(rm) {
6193 case 1: /* fucompp */
6194 gen_helper_fmov_FT0_STN(cpu_env, tcg_const_i32(1));
6195 gen_helper_fucom_ST0_FT0(cpu_env);
6196 gen_helper_fpop(cpu_env);
6197 gen_helper_fpop(cpu_env);
6198 break;
6199 default:
6200 goto unknown_op;
6201 }
6202 break;
6203 case 0x1c:
6204 switch(rm) {
6205 case 0: /* feni (287 only, just do nop here) */
6206 break;
6207 case 1: /* fdisi (287 only, just do nop here) */
6208 break;
6209 case 2: /* fclex */
6210 gen_helper_fclex(cpu_env);
6211 break;
6212 case 3: /* fninit */
6213 gen_helper_fninit(cpu_env);
6214 break;
6215 case 4: /* fsetpm (287 only, just do nop here) */
6216 break;
6217 default:
6218 goto unknown_op;
6219 }
6220 break;
6221 case 0x1d: /* fucomi */
6222 if (!(s->cpuid_features & CPUID_CMOV)) {
6223 goto illegal_op;
6224 }
6225 gen_update_cc_op(s);
6226 gen_helper_fmov_FT0_STN(cpu_env, tcg_const_i32(opreg));
6227 gen_helper_fucomi_ST0_FT0(cpu_env);
6228 set_cc_op(s, CC_OP_EFLAGS);
6229 break;
6230 case 0x1e: /* fcomi */
6231 if (!(s->cpuid_features & CPUID_CMOV)) {
6232 goto illegal_op;
6233 }
6234 gen_update_cc_op(s);
6235 gen_helper_fmov_FT0_STN(cpu_env, tcg_const_i32(opreg));
6236 gen_helper_fcomi_ST0_FT0(cpu_env);
6237 set_cc_op(s, CC_OP_EFLAGS);
6238 break;
6239 case 0x28: /* ffree sti */
6240 gen_helper_ffree_STN(cpu_env, tcg_const_i32(opreg));
6241 break;
6242 case 0x2a: /* fst sti */
6243 gen_helper_fmov_STN_ST0(cpu_env, tcg_const_i32(opreg));
6244 break;
6245 case 0x2b: /* fstp sti */
6246 case 0x0b: /* fstp1 sti, undocumented op */
6247 case 0x3a: /* fstp8 sti, undocumented op */
6248 case 0x3b: /* fstp9 sti, undocumented op */
6249 gen_helper_fmov_STN_ST0(cpu_env, tcg_const_i32(opreg));
6250 gen_helper_fpop(cpu_env);
6251 break;
6252 case 0x2c: /* fucom st(i) */
6253 gen_helper_fmov_FT0_STN(cpu_env, tcg_const_i32(opreg));
6254 gen_helper_fucom_ST0_FT0(cpu_env);
6255 break;
6256 case 0x2d: /* fucomp st(i) */
6257 gen_helper_fmov_FT0_STN(cpu_env, tcg_const_i32(opreg));
6258 gen_helper_fucom_ST0_FT0(cpu_env);
6259 gen_helper_fpop(cpu_env);
6260 break;
6261 case 0x33: /* de/3 */
6262 switch(rm) {
6263 case 1: /* fcompp */
6264 gen_helper_fmov_FT0_STN(cpu_env, tcg_const_i32(1));
6265 gen_helper_fcom_ST0_FT0(cpu_env);
6266 gen_helper_fpop(cpu_env);
6267 gen_helper_fpop(cpu_env);
6268 break;
6269 default:
6270 goto unknown_op;
6271 }
6272 break;
6273 case 0x38: /* ffreep sti, undocumented op */
6274 gen_helper_ffree_STN(cpu_env, tcg_const_i32(opreg));
6275 gen_helper_fpop(cpu_env);
6276 break;
6277 case 0x3c: /* df/4 */
6278 switch(rm) {
6279 case 0:
6280 gen_helper_fnstsw(s->tmp2_i32, cpu_env);
6281 tcg_gen_extu_i32_tl(s->T0, s->tmp2_i32);
6282 gen_op_mov_reg_v(s, MO_16, R_EAX, s->T0);
6283 break;
6284 default:
6285 goto unknown_op;
6286 }
6287 break;
6288 case 0x3d: /* fucomip */
6289 if (!(s->cpuid_features & CPUID_CMOV)) {
6290 goto illegal_op;
6291 }
6292 gen_update_cc_op(s);
6293 gen_helper_fmov_FT0_STN(cpu_env, tcg_const_i32(opreg));
6294 gen_helper_fucomi_ST0_FT0(cpu_env);
6295 gen_helper_fpop(cpu_env);
6296 set_cc_op(s, CC_OP_EFLAGS);
6297 break;
6298 case 0x3e: /* fcomip */
6299 if (!(s->cpuid_features & CPUID_CMOV)) {
6300 goto illegal_op;
6301 }
6302 gen_update_cc_op(s);
6303 gen_helper_fmov_FT0_STN(cpu_env, tcg_const_i32(opreg));
6304 gen_helper_fcomi_ST0_FT0(cpu_env);
6305 gen_helper_fpop(cpu_env);
6306 set_cc_op(s, CC_OP_EFLAGS);
6307 break;
6308 case 0x10 ... 0x13: /* fcmovxx */
6309 case 0x18 ... 0x1b:
6310 {
6311 int op1;
6312 TCGLabel *l1;
6313 static const uint8_t fcmov_cc[8] = {
6314 (JCC_B << 1),
6315 (JCC_Z << 1),
6316 (JCC_BE << 1),
6317 (JCC_P << 1),
6318 };
6319
6320 if (!(s->cpuid_features & CPUID_CMOV)) {
6321 goto illegal_op;
6322 }
6323 op1 = fcmov_cc[op & 3] | (((op >> 3) & 1) ^ 1);
6324 l1 = gen_new_label();
6325 gen_jcc1_noeob(s, op1, l1);
6326 gen_helper_fmov_ST0_STN(cpu_env, tcg_const_i32(opreg));
6327 gen_set_label(l1);
6328 }
6329 break;
6330 default:
6331 goto unknown_op;
6332 }
6333 }
6334 break;
6335 /************************/
6336 /* string ops */
6337
6338 case 0xa4: /* movsS */
6339 case 0xa5:
6340 ot = mo_b_d(b, dflag);
6341 if (prefixes & (PREFIX_REPZ | PREFIX_REPNZ)) {
6342 gen_repz_movs(s, ot, pc_start - s->cs_base, s->pc - s->cs_base);
6343 } else {
6344 gen_movs(s, ot);
6345 }
6346 break;
6347
6348 case 0xaa: /* stosS */
6349 case 0xab:
6350 ot = mo_b_d(b, dflag);
6351 if (prefixes & (PREFIX_REPZ | PREFIX_REPNZ)) {
6352 gen_repz_stos(s, ot, pc_start - s->cs_base, s->pc - s->cs_base);
6353 } else {
6354 gen_stos(s, ot);
6355 }
6356 break;
6357 case 0xac: /* lodsS */
6358 case 0xad:
6359 ot = mo_b_d(b, dflag);
6360 if (prefixes & (PREFIX_REPZ | PREFIX_REPNZ)) {
6361 gen_repz_lods(s, ot, pc_start - s->cs_base, s->pc - s->cs_base);
6362 } else {
6363 gen_lods(s, ot);
6364 }
6365 break;
6366 case 0xae: /* scasS */
6367 case 0xaf:
6368 ot = mo_b_d(b, dflag);
6369 if (prefixes & PREFIX_REPNZ) {
6370 gen_repz_scas(s, ot, pc_start - s->cs_base, s->pc - s->cs_base, 1);
6371 } else if (prefixes & PREFIX_REPZ) {
6372 gen_repz_scas(s, ot, pc_start - s->cs_base, s->pc - s->cs_base, 0);
6373 } else {
6374 gen_scas(s, ot);
6375 }
6376 break;
6377
6378 case 0xa6: /* cmpsS */
6379 case 0xa7:
6380 ot = mo_b_d(b, dflag);
6381 if (prefixes & PREFIX_REPNZ) {
6382 gen_repz_cmps(s, ot, pc_start - s->cs_base, s->pc - s->cs_base, 1);
6383 } else if (prefixes & PREFIX_REPZ) {
6384 gen_repz_cmps(s, ot, pc_start - s->cs_base, s->pc - s->cs_base, 0);
6385 } else {
6386 gen_cmps(s, ot);
6387 }
6388 break;
6389 case 0x6c: /* insS */
6390 case 0x6d:
6391 ot = mo_b_d32(b, dflag);
6392 tcg_gen_ext16u_tl(s->T0, cpu_regs[R_EDX]);
6393 gen_check_io(s, ot, pc_start - s->cs_base,
6394 SVM_IOIO_TYPE_MASK | svm_is_rep(prefixes) | 4);
6395 if (tb_cflags(s->base.tb) & CF_USE_ICOUNT) {
6396 gen_io_start();
6397 }
6398 if (prefixes & (PREFIX_REPZ | PREFIX_REPNZ)) {
6399 gen_repz_ins(s, ot, pc_start - s->cs_base, s->pc - s->cs_base);
6400 /* jump generated by gen_repz_ins */
6401 } else {
6402 gen_ins(s, ot);
6403 if (tb_cflags(s->base.tb) & CF_USE_ICOUNT) {
6404 gen_jmp(s, s->pc - s->cs_base);
6405 }
6406 }
6407 break;
6408 case 0x6e: /* outsS */
6409 case 0x6f:
6410 ot = mo_b_d32(b, dflag);
6411 tcg_gen_ext16u_tl(s->T0, cpu_regs[R_EDX]);
6412 gen_check_io(s, ot, pc_start - s->cs_base,
6413 svm_is_rep(prefixes) | 4);
6414 if (tb_cflags(s->base.tb) & CF_USE_ICOUNT) {
6415 gen_io_start();
6416 }
6417 if (prefixes & (PREFIX_REPZ | PREFIX_REPNZ)) {
6418 gen_repz_outs(s, ot, pc_start - s->cs_base, s->pc - s->cs_base);
6419 /* jump generated by gen_repz_outs */
6420 } else {
6421 gen_outs(s, ot);
6422 if (tb_cflags(s->base.tb) & CF_USE_ICOUNT) {
6423 gen_jmp(s, s->pc - s->cs_base);
6424 }
6425 }
6426 break;
6427
6428 /************************/
6429 /* port I/O */
6430
6431 case 0xe4:
6432 case 0xe5:
6433 ot = mo_b_d32(b, dflag);
6434 val = x86_ldub_code(env, s);
6435 tcg_gen_movi_tl(s->T0, val);
6436 gen_check_io(s, ot, pc_start - s->cs_base,
6437 SVM_IOIO_TYPE_MASK | svm_is_rep(prefixes));
6438 if (tb_cflags(s->base.tb) & CF_USE_ICOUNT) {
6439 gen_io_start();
6440 }
6441 tcg_gen_movi_i32(s->tmp2_i32, val);
6442 gen_helper_in_func(ot, s->T1, s->tmp2_i32);
6443 gen_op_mov_reg_v(s, ot, R_EAX, s->T1);
6444 gen_bpt_io(s, s->tmp2_i32, ot);
6445 if (tb_cflags(s->base.tb) & CF_USE_ICOUNT) {
6446 gen_jmp(s, s->pc - s->cs_base);
6447 }
6448 break;
6449 case 0xe6:
6450 case 0xe7:
6451 ot = mo_b_d32(b, dflag);
6452 val = x86_ldub_code(env, s);
6453 tcg_gen_movi_tl(s->T0, val);
6454 gen_check_io(s, ot, pc_start - s->cs_base,
6455 svm_is_rep(prefixes));
6456 gen_op_mov_v_reg(s, ot, s->T1, R_EAX);
6457
6458 if (tb_cflags(s->base.tb) & CF_USE_ICOUNT) {
6459 gen_io_start();
6460 }
6461 tcg_gen_movi_i32(s->tmp2_i32, val);
6462 tcg_gen_trunc_tl_i32(s->tmp3_i32, s->T1);
6463 gen_helper_out_func(ot, s->tmp2_i32, s->tmp3_i32);
6464 gen_bpt_io(s, s->tmp2_i32, ot);
6465 if (tb_cflags(s->base.tb) & CF_USE_ICOUNT) {
6466 gen_jmp(s, s->pc - s->cs_base);
6467 }
6468 break;
6469 case 0xec:
6470 case 0xed:
6471 ot = mo_b_d32(b, dflag);
6472 tcg_gen_ext16u_tl(s->T0, cpu_regs[R_EDX]);
6473 gen_check_io(s, ot, pc_start - s->cs_base,
6474 SVM_IOIO_TYPE_MASK | svm_is_rep(prefixes));
6475 if (tb_cflags(s->base.tb) & CF_USE_ICOUNT) {
6476 gen_io_start();
6477 }
6478 tcg_gen_trunc_tl_i32(s->tmp2_i32, s->T0);
6479 gen_helper_in_func(ot, s->T1, s->tmp2_i32);
6480 gen_op_mov_reg_v(s, ot, R_EAX, s->T1);
6481 gen_bpt_io(s, s->tmp2_i32, ot);
6482 if (tb_cflags(s->base.tb) & CF_USE_ICOUNT) {
6483 gen_jmp(s, s->pc - s->cs_base);
6484 }
6485 break;
6486 case 0xee:
6487 case 0xef:
6488 ot = mo_b_d32(b, dflag);
6489 tcg_gen_ext16u_tl(s->T0, cpu_regs[R_EDX]);
6490 gen_check_io(s, ot, pc_start - s->cs_base,
6491 svm_is_rep(prefixes));
6492 gen_op_mov_v_reg(s, ot, s->T1, R_EAX);
6493
6494 if (tb_cflags(s->base.tb) & CF_USE_ICOUNT) {
6495 gen_io_start();
6496 }
6497 tcg_gen_trunc_tl_i32(s->tmp2_i32, s->T0);
6498 tcg_gen_trunc_tl_i32(s->tmp3_i32, s->T1);
6499 gen_helper_out_func(ot, s->tmp2_i32, s->tmp3_i32);
6500 gen_bpt_io(s, s->tmp2_i32, ot);
6501 if (tb_cflags(s->base.tb) & CF_USE_ICOUNT) {
6502 gen_jmp(s, s->pc - s->cs_base);
6503 }
6504 break;
6505
6506 /************************/
6507 /* control */
6508 case 0xc2: /* ret im */
6509 val = x86_ldsw_code(env, s);
6510 ot = gen_pop_T0(s);
6511 gen_stack_update(s, val + (1 << ot));
6512 /* Note that gen_pop_T0 uses a zero-extending load. */
6513 gen_op_jmp_v(s->T0);
6514 gen_bnd_jmp(s);
6515 gen_jr(s, s->T0);
6516 break;
6517 case 0xc3: /* ret */
6518 ot = gen_pop_T0(s);
6519 gen_pop_update(s, ot);
6520 /* Note that gen_pop_T0 uses a zero-extending load. */
6521 gen_op_jmp_v(s->T0);
6522 gen_bnd_jmp(s);
6523 gen_jr(s, s->T0);
6524 break;
6525 case 0xca: /* lret im */
6526 val = x86_ldsw_code(env, s);
6527 do_lret:
6528 if (s->pe && !s->vm86) {
6529 gen_update_cc_op(s);
6530 gen_jmp_im(s, pc_start - s->cs_base);
6531 gen_helper_lret_protected(cpu_env, tcg_const_i32(dflag - 1),
6532 tcg_const_i32(val));
6533 } else {
6534 gen_stack_A0(s);
6535 /* pop offset */
6536 gen_op_ld_v(s, dflag, s->T0, s->A0);
6537 /* NOTE: keeping EIP updated is not a problem in case of
6538 exception */
6539 gen_op_jmp_v(s->T0);
6540 /* pop selector */
6541 gen_add_A0_im(s, 1 << dflag);
6542 gen_op_ld_v(s, dflag, s->T0, s->A0);
6543 gen_op_movl_seg_T0_vm(s, R_CS);
6544 /* add stack offset */
6545 gen_stack_update(s, val + (2 << dflag));
6546 }
6547 gen_eob(s);
6548 break;
6549 case 0xcb: /* lret */
6550 val = 0;
6551 goto do_lret;
6552 case 0xcf: /* iret */
6553 gen_svm_check_intercept(s, pc_start, SVM_EXIT_IRET);
6554 if (!s->pe) {
6555 /* real mode */
6556 gen_helper_iret_real(cpu_env, tcg_const_i32(dflag - 1));
6557 set_cc_op(s, CC_OP_EFLAGS);
6558 } else if (s->vm86) {
6559 if (s->iopl != 3) {
6560 gen_exception(s, EXCP0D_GPF, pc_start - s->cs_base);
6561 } else {
6562 gen_helper_iret_real(cpu_env, tcg_const_i32(dflag - 1));
6563 set_cc_op(s, CC_OP_EFLAGS);
6564 }
6565 } else {
6566 gen_helper_iret_protected(cpu_env, tcg_const_i32(dflag - 1),
6567 tcg_const_i32(s->pc - s->cs_base));
6568 set_cc_op(s, CC_OP_EFLAGS);
6569 }
6570 gen_eob(s);
6571 break;
6572 case 0xe8: /* call im */
6573 {
6574 if (dflag != MO_16) {
6575 tval = (int32_t)insn_get(env, s, MO_32);
6576 } else {
6577 tval = (int16_t)insn_get(env, s, MO_16);
6578 }
6579 next_eip = s->pc - s->cs_base;
6580 tval += next_eip;
6581 if (dflag == MO_16) {
6582 tval &= 0xffff;
6583 } else if (!CODE64(s)) {
6584 tval &= 0xffffffff;
6585 }
6586 tcg_gen_movi_tl(s->T0, next_eip);
6587 gen_push_v(s, s->T0);
6588 gen_bnd_jmp(s);
6589 gen_jmp(s, tval);
6590 }
6591 break;
6592 case 0x9a: /* lcall im */
6593 {
6594 unsigned int selector, offset;
6595
6596 if (CODE64(s))
6597 goto illegal_op;
6598 ot = dflag;
6599 offset = insn_get(env, s, ot);
6600 selector = insn_get(env, s, MO_16);
6601
6602 tcg_gen_movi_tl(s->T0, selector);
6603 tcg_gen_movi_tl(s->T1, offset);
6604 }
6605 goto do_lcall;
6606 case 0xe9: /* jmp im */
6607 if (dflag != MO_16) {
6608 tval = (int32_t)insn_get(env, s, MO_32);
6609 } else {
6610 tval = (int16_t)insn_get(env, s, MO_16);
6611 }
6612 tval += s->pc - s->cs_base;
6613 if (dflag == MO_16) {
6614 tval &= 0xffff;
6615 } else if (!CODE64(s)) {
6616 tval &= 0xffffffff;
6617 }
6618 gen_bnd_jmp(s);
6619 gen_jmp(s, tval);
6620 break;
6621 case 0xea: /* ljmp im */
6622 {
6623 unsigned int selector, offset;
6624
6625 if (CODE64(s))
6626 goto illegal_op;
6627 ot = dflag;
6628 offset = insn_get(env, s, ot);
6629 selector = insn_get(env, s, MO_16);
6630
6631 tcg_gen_movi_tl(s->T0, selector);
6632 tcg_gen_movi_tl(s->T1, offset);
6633 }
6634 goto do_ljmp;
6635 case 0xeb: /* jmp Jb */
6636 tval = (int8_t)insn_get(env, s, MO_8);
6637 tval += s->pc - s->cs_base;
6638 if (dflag == MO_16) {
6639 tval &= 0xffff;
6640 }
6641 gen_jmp(s, tval);
6642 break;
6643 case 0x70 ... 0x7f: /* jcc Jb */
6644 tval = (int8_t)insn_get(env, s, MO_8);
6645 goto do_jcc;
6646 case 0x180 ... 0x18f: /* jcc Jv */
6647 if (dflag != MO_16) {
6648 tval = (int32_t)insn_get(env, s, MO_32);
6649 } else {
6650 tval = (int16_t)insn_get(env, s, MO_16);
6651 }
6652 do_jcc:
6653 next_eip = s->pc - s->cs_base;
6654 tval += next_eip;
6655 if (dflag == MO_16) {
6656 tval &= 0xffff;
6657 }
6658 gen_bnd_jmp(s);
6659 gen_jcc(s, b, tval, next_eip);
6660 break;
6661
6662 case 0x190 ... 0x19f: /* setcc Gv */
6663 modrm = x86_ldub_code(env, s);
6664 gen_setcc1(s, b, s->T0);
6665 gen_ldst_modrm(env, s, modrm, MO_8, OR_TMP0, 1);
6666 break;
6667 case 0x140 ... 0x14f: /* cmov Gv, Ev */
6668 if (!(s->cpuid_features & CPUID_CMOV)) {
6669 goto illegal_op;
6670 }
6671 ot = dflag;
6672 modrm = x86_ldub_code(env, s);
6673 reg = ((modrm >> 3) & 7) | rex_r;
6674 gen_cmovcc1(env, s, ot, b, modrm, reg);
6675 break;
6676
6677 /************************/
6678 /* flags */
6679 case 0x9c: /* pushf */
6680 gen_svm_check_intercept(s, pc_start, SVM_EXIT_PUSHF);
6681 if (s->vm86 && s->iopl != 3) {
6682 gen_exception(s, EXCP0D_GPF, pc_start - s->cs_base);
6683 } else {
6684 gen_update_cc_op(s);
6685 gen_helper_read_eflags(s->T0, cpu_env);
6686 gen_push_v(s, s->T0);
6687 }
6688 break;
6689 case 0x9d: /* popf */
6690 gen_svm_check_intercept(s, pc_start, SVM_EXIT_POPF);
6691 if (s->vm86 && s->iopl != 3) {
6692 gen_exception(s, EXCP0D_GPF, pc_start - s->cs_base);
6693 } else {
6694 ot = gen_pop_T0(s);
6695 if (s->cpl == 0) {
6696 if (dflag != MO_16) {
6697 gen_helper_write_eflags(cpu_env, s->T0,
6698 tcg_const_i32((TF_MASK | AC_MASK |
6699 ID_MASK | NT_MASK |
6700 IF_MASK |
6701 IOPL_MASK)));
6702 } else {
6703 gen_helper_write_eflags(cpu_env, s->T0,
6704 tcg_const_i32((TF_MASK | AC_MASK |
6705 ID_MASK | NT_MASK |
6706 IF_MASK | IOPL_MASK)
6707 & 0xffff));
6708 }
6709 } else {
6710 if (s->cpl <= s->iopl) {
6711 if (dflag != MO_16) {
6712 gen_helper_write_eflags(cpu_env, s->T0,
6713 tcg_const_i32((TF_MASK |
6714 AC_MASK |
6715 ID_MASK |
6716 NT_MASK |
6717 IF_MASK)));
6718 } else {
6719 gen_helper_write_eflags(cpu_env, s->T0,
6720 tcg_const_i32((TF_MASK |
6721 AC_MASK |
6722 ID_MASK |
6723 NT_MASK |
6724 IF_MASK)
6725 & 0xffff));
6726 }
6727 } else {
6728 if (dflag != MO_16) {
6729 gen_helper_write_eflags(cpu_env, s->T0,
6730 tcg_const_i32((TF_MASK | AC_MASK |
6731 ID_MASK | NT_MASK)));
6732 } else {
6733 gen_helper_write_eflags(cpu_env, s->T0,
6734 tcg_const_i32((TF_MASK | AC_MASK |
6735 ID_MASK | NT_MASK)
6736 & 0xffff));
6737 }
6738 }
6739 }
6740 gen_pop_update(s, ot);
6741 set_cc_op(s, CC_OP_EFLAGS);
6742 /* abort translation because TF/AC flag may change */
6743 gen_jmp_im(s, s->pc - s->cs_base);
6744 gen_eob(s);
6745 }
6746 break;
6747 case 0x9e: /* sahf */
6748 if (CODE64(s) && !(s->cpuid_ext3_features & CPUID_EXT3_LAHF_LM))
6749 goto illegal_op;
6750 gen_op_mov_v_reg(s, MO_8, s->T0, R_AH);
6751 gen_compute_eflags(s);
6752 tcg_gen_andi_tl(cpu_cc_src, cpu_cc_src, CC_O);
6753 tcg_gen_andi_tl(s->T0, s->T0, CC_S | CC_Z | CC_A | CC_P | CC_C);
6754 tcg_gen_or_tl(cpu_cc_src, cpu_cc_src, s->T0);
6755 break;
6756 case 0x9f: /* lahf */
6757 if (CODE64(s) && !(s->cpuid_ext3_features & CPUID_EXT3_LAHF_LM))
6758 goto illegal_op;
6759 gen_compute_eflags(s);
6760 /* Note: gen_compute_eflags() only gives the condition codes */
6761 tcg_gen_ori_tl(s->T0, cpu_cc_src, 0x02);
6762 gen_op_mov_reg_v(s, MO_8, R_AH, s->T0);
6763 break;
6764 case 0xf5: /* cmc */
6765 gen_compute_eflags(s);
6766 tcg_gen_xori_tl(cpu_cc_src, cpu_cc_src, CC_C);
6767 break;
6768 case 0xf8: /* clc */
6769 gen_compute_eflags(s);
6770 tcg_gen_andi_tl(cpu_cc_src, cpu_cc_src, ~CC_C);
6771 break;
6772 case 0xf9: /* stc */
6773 gen_compute_eflags(s);
6774 tcg_gen_ori_tl(cpu_cc_src, cpu_cc_src, CC_C);
6775 break;
6776 case 0xfc: /* cld */
6777 tcg_gen_movi_i32(s->tmp2_i32, 1);
6778 tcg_gen_st_i32(s->tmp2_i32, cpu_env, offsetof(CPUX86State, df));
6779 break;
6780 case 0xfd: /* std */
6781 tcg_gen_movi_i32(s->tmp2_i32, -1);
6782 tcg_gen_st_i32(s->tmp2_i32, cpu_env, offsetof(CPUX86State, df));
6783 break;
6784
6785 /************************/
6786 /* bit operations */
6787 case 0x1ba: /* bt/bts/btr/btc Gv, im */
6788 ot = dflag;
6789 modrm = x86_ldub_code(env, s);
6790 op = (modrm >> 3) & 7;
6791 mod = (modrm >> 6) & 3;
6792 rm = (modrm & 7) | REX_B(s);
6793 if (mod != 3) {
6794 s->rip_offset = 1;
6795 gen_lea_modrm(env, s, modrm);
6796 if (!(s->prefix & PREFIX_LOCK)) {
6797 gen_op_ld_v(s, ot, s->T0, s->A0);
6798 }
6799 } else {
6800 gen_op_mov_v_reg(s, ot, s->T0, rm);
6801 }
6802 /* load shift */
6803 val = x86_ldub_code(env, s);
6804 tcg_gen_movi_tl(s->T1, val);
6805 if (op < 4)
6806 goto unknown_op;
6807 op -= 4;
6808 goto bt_op;
6809 case 0x1a3: /* bt Gv, Ev */
6810 op = 0;
6811 goto do_btx;
6812 case 0x1ab: /* bts */
6813 op = 1;
6814 goto do_btx;
6815 case 0x1b3: /* btr */
6816 op = 2;
6817 goto do_btx;
6818 case 0x1bb: /* btc */
6819 op = 3;
6820 do_btx:
6821 ot = dflag;
6822 modrm = x86_ldub_code(env, s);
6823 reg = ((modrm >> 3) & 7) | rex_r;
6824 mod = (modrm >> 6) & 3;
6825 rm = (modrm & 7) | REX_B(s);
6826 gen_op_mov_v_reg(s, MO_32, s->T1, reg);
6827 if (mod != 3) {
6828 AddressParts a = gen_lea_modrm_0(env, s, modrm);
6829 /* specific case: we need to add a displacement */
6830 gen_exts(ot, s->T1);
6831 tcg_gen_sari_tl(s->tmp0, s->T1, 3 + ot);
6832 tcg_gen_shli_tl(s->tmp0, s->tmp0, ot);
6833 tcg_gen_add_tl(s->A0, gen_lea_modrm_1(s, a), s->tmp0);
6834 gen_lea_v_seg(s, s->aflag, s->A0, a.def_seg, s->override);
6835 if (!(s->prefix & PREFIX_LOCK)) {
6836 gen_op_ld_v(s, ot, s->T0, s->A0);
6837 }
6838 } else {
6839 gen_op_mov_v_reg(s, ot, s->T0, rm);
6840 }
6841 bt_op:
6842 tcg_gen_andi_tl(s->T1, s->T1, (1 << (3 + ot)) - 1);
6843 tcg_gen_movi_tl(s->tmp0, 1);
6844 tcg_gen_shl_tl(s->tmp0, s->tmp0, s->T1);
6845 if (s->prefix & PREFIX_LOCK) {
6846 switch (op) {
6847 case 0: /* bt */
6848 /* Needs no atomic ops; we surpressed the normal
6849 memory load for LOCK above so do it now. */
6850 gen_op_ld_v(s, ot, s->T0, s->A0);
6851 break;
6852 case 1: /* bts */
6853 tcg_gen_atomic_fetch_or_tl(s->T0, s->A0, s->tmp0,
6854 s->mem_index, ot | MO_LE);
6855 break;
6856 case 2: /* btr */
6857 tcg_gen_not_tl(s->tmp0, s->tmp0);
6858 tcg_gen_atomic_fetch_and_tl(s->T0, s->A0, s->tmp0,
6859 s->mem_index, ot | MO_LE);
6860 break;
6861 default:
6862 case 3: /* btc */
6863 tcg_gen_atomic_fetch_xor_tl(s->T0, s->A0, s->tmp0,
6864 s->mem_index, ot | MO_LE);
6865 break;
6866 }
6867 tcg_gen_shr_tl(s->tmp4, s->T0, s->T1);
6868 } else {
6869 tcg_gen_shr_tl(s->tmp4, s->T0, s->T1);
6870 switch (op) {
6871 case 0: /* bt */
6872 /* Data already loaded; nothing to do. */
6873 break;
6874 case 1: /* bts */
6875 tcg_gen_or_tl(s->T0, s->T0, s->tmp0);
6876 break;
6877 case 2: /* btr */
6878 tcg_gen_andc_tl(s->T0, s->T0, s->tmp0);
6879 break;
6880 default:
6881 case 3: /* btc */
6882 tcg_gen_xor_tl(s->T0, s->T0, s->tmp0);
6883 break;
6884 }
6885 if (op != 0) {
6886 if (mod != 3) {
6887 gen_op_st_v(s, ot, s->T0, s->A0);
6888 } else {
6889 gen_op_mov_reg_v(s, ot, rm, s->T0);
6890 }
6891 }
6892 }
6893
6894 /* Delay all CC updates until after the store above. Note that
6895 C is the result of the test, Z is unchanged, and the others
6896 are all undefined. */
6897 switch (s->cc_op) {
6898 case CC_OP_MULB ... CC_OP_MULQ:
6899 case CC_OP_ADDB ... CC_OP_ADDQ:
6900 case CC_OP_ADCB ... CC_OP_ADCQ:
6901 case CC_OP_SUBB ... CC_OP_SUBQ:
6902 case CC_OP_SBBB ... CC_OP_SBBQ:
6903 case CC_OP_LOGICB ... CC_OP_LOGICQ:
6904 case CC_OP_INCB ... CC_OP_INCQ:
6905 case CC_OP_DECB ... CC_OP_DECQ:
6906 case CC_OP_SHLB ... CC_OP_SHLQ:
6907 case CC_OP_SARB ... CC_OP_SARQ:
6908 case CC_OP_BMILGB ... CC_OP_BMILGQ:
6909 /* Z was going to be computed from the non-zero status of CC_DST.
6910 We can get that same Z value (and the new C value) by leaving
6911 CC_DST alone, setting CC_SRC, and using a CC_OP_SAR of the
6912 same width. */
6913 tcg_gen_mov_tl(cpu_cc_src, s->tmp4);
6914 set_cc_op(s, ((s->cc_op - CC_OP_MULB) & 3) + CC_OP_SARB);
6915 break;
6916 default:
6917 /* Otherwise, generate EFLAGS and replace the C bit. */
6918 gen_compute_eflags(s);
6919 tcg_gen_deposit_tl(cpu_cc_src, cpu_cc_src, s->tmp4,
6920 ctz32(CC_C), 1);
6921 break;
6922 }
6923 break;
6924 case 0x1bc: /* bsf / tzcnt */
6925 case 0x1bd: /* bsr / lzcnt */
6926 ot = dflag;
6927 modrm = x86_ldub_code(env, s);
6928 reg = ((modrm >> 3) & 7) | rex_r;
6929 gen_ldst_modrm(env, s, modrm, ot, OR_TMP0, 0);
6930 gen_extu(ot, s->T0);
6931
6932 /* Note that lzcnt and tzcnt are in different extensions. */
6933 if ((prefixes & PREFIX_REPZ)
6934 && (b & 1
6935 ? s->cpuid_ext3_features & CPUID_EXT3_ABM
6936 : s->cpuid_7_0_ebx_features & CPUID_7_0_EBX_BMI1)) {
6937 int size = 8 << ot;
6938 /* For lzcnt/tzcnt, C bit is defined related to the input. */
6939 tcg_gen_mov_tl(cpu_cc_src, s->T0);
6940 if (b & 1) {
6941 /* For lzcnt, reduce the target_ulong result by the
6942 number of zeros that we expect to find at the top. */
6943 tcg_gen_clzi_tl(s->T0, s->T0, TARGET_LONG_BITS);
6944 tcg_gen_subi_tl(s->T0, s->T0, TARGET_LONG_BITS - size);
6945 } else {
6946 /* For tzcnt, a zero input must return the operand size. */
6947 tcg_gen_ctzi_tl(s->T0, s->T0, size);
6948 }
6949 /* For lzcnt/tzcnt, Z bit is defined related to the result. */
6950 gen_op_update1_cc(s);
6951 set_cc_op(s, CC_OP_BMILGB + ot);
6952 } else {
6953 /* For bsr/bsf, only the Z bit is defined and it is related
6954 to the input and not the result. */
6955 tcg_gen_mov_tl(cpu_cc_dst, s->T0);
6956 set_cc_op(s, CC_OP_LOGICB + ot);
6957
6958 /* ??? The manual says that the output is undefined when the
6959 input is zero, but real hardware leaves it unchanged, and
6960 real programs appear to depend on that. Accomplish this
6961 by passing the output as the value to return upon zero. */
6962 if (b & 1) {
6963 /* For bsr, return the bit index of the first 1 bit,
6964 not the count of leading zeros. */
6965 tcg_gen_xori_tl(s->T1, cpu_regs[reg], TARGET_LONG_BITS - 1);
6966 tcg_gen_clz_tl(s->T0, s->T0, s->T1);
6967 tcg_gen_xori_tl(s->T0, s->T0, TARGET_LONG_BITS - 1);
6968 } else {
6969 tcg_gen_ctz_tl(s->T0, s->T0, cpu_regs[reg]);
6970 }
6971 }
6972 gen_op_mov_reg_v(s, ot, reg, s->T0);
6973 break;
6974 /************************/
6975 /* bcd */
6976 case 0x27: /* daa */
6977 if (CODE64(s))
6978 goto illegal_op;
6979 gen_update_cc_op(s);
6980 gen_helper_daa(cpu_env);
6981 set_cc_op(s, CC_OP_EFLAGS);
6982 break;
6983 case 0x2f: /* das */
6984 if (CODE64(s))
6985 goto illegal_op;
6986 gen_update_cc_op(s);
6987 gen_helper_das(cpu_env);
6988 set_cc_op(s, CC_OP_EFLAGS);
6989 break;
6990 case 0x37: /* aaa */
6991 if (CODE64(s))
6992 goto illegal_op;
6993 gen_update_cc_op(s);
6994 gen_helper_aaa(cpu_env);
6995 set_cc_op(s, CC_OP_EFLAGS);
6996 break;
6997 case 0x3f: /* aas */
6998 if (CODE64(s))
6999 goto illegal_op;
7000 gen_update_cc_op(s);
7001 gen_helper_aas(cpu_env);
7002 set_cc_op(s, CC_OP_EFLAGS);
7003 break;
7004 case 0xd4: /* aam */
7005 if (CODE64(s))
7006 goto illegal_op;
7007 val = x86_ldub_code(env, s);
7008 if (val == 0) {
7009 gen_exception(s, EXCP00_DIVZ, pc_start - s->cs_base);
7010 } else {
7011 gen_helper_aam(cpu_env, tcg_const_i32(val));
7012 set_cc_op(s, CC_OP_LOGICB);
7013 }
7014 break;
7015 case 0xd5: /* aad */
7016 if (CODE64(s))
7017 goto illegal_op;
7018 val = x86_ldub_code(env, s);
7019 gen_helper_aad(cpu_env, tcg_const_i32(val));
7020 set_cc_op(s, CC_OP_LOGICB);
7021 break;
7022 /************************/
7023 /* misc */
7024 case 0x90: /* nop */
7025 /* XXX: correct lock test for all insn */
7026 if (prefixes & PREFIX_LOCK) {
7027 goto illegal_op;
7028 }
7029 /* If REX_B is set, then this is xchg eax, r8d, not a nop. */
7030 if (REX_B(s)) {
7031 goto do_xchg_reg_eax;
7032 }
7033 if (prefixes & PREFIX_REPZ) {
7034 gen_update_cc_op(s);
7035 gen_jmp_im(s, pc_start - s->cs_base);
7036 gen_helper_pause(cpu_env, tcg_const_i32(s->pc - pc_start));
7037 s->base.is_jmp = DISAS_NORETURN;
7038 }
7039 break;
7040 case 0x9b: /* fwait */
7041 if ((s->flags & (HF_MP_MASK | HF_TS_MASK)) ==
7042 (HF_MP_MASK | HF_TS_MASK)) {
7043 gen_exception(s, EXCP07_PREX, pc_start - s->cs_base);
7044 } else {
7045 gen_helper_fwait(cpu_env);
7046 }
7047 break;
7048 case 0xcc: /* int3 */
7049 gen_interrupt(s, EXCP03_INT3, pc_start - s->cs_base, s->pc - s->cs_base);
7050 break;
7051 case 0xcd: /* int N */
7052 val = x86_ldub_code(env, s);
7053 if (s->vm86 && s->iopl != 3) {
7054 gen_exception(s, EXCP0D_GPF, pc_start - s->cs_base);
7055 } else {
7056 gen_interrupt(s, val, pc_start - s->cs_base, s->pc - s->cs_base);
7057 }
7058 break;
7059 case 0xce: /* into */
7060 if (CODE64(s))
7061 goto illegal_op;
7062 gen_update_cc_op(s);
7063 gen_jmp_im(s, pc_start - s->cs_base);
7064 gen_helper_into(cpu_env, tcg_const_i32(s->pc - pc_start));
7065 break;
7066 #ifdef WANT_ICEBP
7067 case 0xf1: /* icebp (undocumented, exits to external debugger) */
7068 gen_svm_check_intercept(s, pc_start, SVM_EXIT_ICEBP);
7069 gen_debug(s, pc_start - s->cs_base);
7070 break;
7071 #endif
7072 case 0xfa: /* cli */
7073 if (!s->vm86) {
7074 if (s->cpl <= s->iopl) {
7075 gen_helper_cli(cpu_env);
7076 } else {
7077 gen_exception(s, EXCP0D_GPF, pc_start - s->cs_base);
7078 }
7079 } else {
7080 if (s->iopl == 3) {
7081 gen_helper_cli(cpu_env);
7082 } else {
7083 gen_exception(s, EXCP0D_GPF, pc_start - s->cs_base);
7084 }
7085 }
7086 break;
7087 case 0xfb: /* sti */
7088 if (s->vm86 ? s->iopl == 3 : s->cpl <= s->iopl) {
7089 gen_helper_sti(cpu_env);
7090 /* interruptions are enabled only the first insn after sti */
7091 gen_jmp_im(s, s->pc - s->cs_base);
7092 gen_eob_inhibit_irq(s, true);
7093 } else {
7094 gen_exception(s, EXCP0D_GPF, pc_start - s->cs_base);
7095 }
7096 break;
7097 case 0x62: /* bound */
7098 if (CODE64(s))
7099 goto illegal_op;
7100 ot = dflag;
7101 modrm = x86_ldub_code(env, s);
7102 reg = (modrm >> 3) & 7;
7103 mod = (modrm >> 6) & 3;
7104 if (mod == 3)
7105 goto illegal_op;
7106 gen_op_mov_v_reg(s, ot, s->T0, reg);
7107 gen_lea_modrm(env, s, modrm);
7108 tcg_gen_trunc_tl_i32(s->tmp2_i32, s->T0);
7109 if (ot == MO_16) {
7110 gen_helper_boundw(cpu_env, s->A0, s->tmp2_i32);
7111 } else {
7112 gen_helper_boundl(cpu_env, s->A0, s->tmp2_i32);
7113 }
7114 break;
7115 case 0x1c8 ... 0x1cf: /* bswap reg */
7116 reg = (b & 7) | REX_B(s);
7117 #ifdef TARGET_X86_64
7118 if (dflag == MO_64) {
7119 gen_op_mov_v_reg(s, MO_64, s->T0, reg);
7120 tcg_gen_bswap64_i64(s->T0, s->T0);
7121 gen_op_mov_reg_v(s, MO_64, reg, s->T0);
7122 } else
7123 #endif
7124 {
7125 gen_op_mov_v_reg(s, MO_32, s->T0, reg);
7126 tcg_gen_ext32u_tl(s->T0, s->T0);
7127 tcg_gen_bswap32_tl(s->T0, s->T0);
7128 gen_op_mov_reg_v(s, MO_32, reg, s->T0);
7129 }
7130 break;
7131 case 0xd6: /* salc */
7132 if (CODE64(s))
7133 goto illegal_op;
7134 gen_compute_eflags_c(s, s->T0);
7135 tcg_gen_neg_tl(s->T0, s->T0);
7136 gen_op_mov_reg_v(s, MO_8, R_EAX, s->T0);
7137 break;
7138 case 0xe0: /* loopnz */
7139 case 0xe1: /* loopz */
7140 case 0xe2: /* loop */
7141 case 0xe3: /* jecxz */
7142 {
7143 TCGLabel *l1, *l2, *l3;
7144
7145 tval = (int8_t)insn_get(env, s, MO_8);
7146 next_eip = s->pc - s->cs_base;
7147 tval += next_eip;
7148 if (dflag == MO_16) {
7149 tval &= 0xffff;
7150 }
7151
7152 l1 = gen_new_label();
7153 l2 = gen_new_label();
7154 l3 = gen_new_label();
7155 gen_update_cc_op(s);
7156 b &= 3;
7157 switch(b) {
7158 case 0: /* loopnz */
7159 case 1: /* loopz */
7160 gen_op_add_reg_im(s, s->aflag, R_ECX, -1);
7161 gen_op_jz_ecx(s, s->aflag, l3);
7162 gen_jcc1(s, (JCC_Z << 1) | (b ^ 1), l1);
7163 break;
7164 case 2: /* loop */
7165 gen_op_add_reg_im(s, s->aflag, R_ECX, -1);
7166 gen_op_jnz_ecx(s, s->aflag, l1);
7167 break;
7168 default:
7169 case 3: /* jcxz */
7170 gen_op_jz_ecx(s, s->aflag, l1);
7171 break;
7172 }
7173
7174 gen_set_label(l3);
7175 gen_jmp_im(s, next_eip);
7176 tcg_gen_br(l2);
7177
7178 gen_set_label(l1);
7179 gen_jmp_im(s, tval);
7180 gen_set_label(l2);
7181 gen_eob(s);
7182 }
7183 break;
7184 case 0x130: /* wrmsr */
7185 case 0x132: /* rdmsr */
7186 if (s->cpl != 0) {
7187 gen_exception(s, EXCP0D_GPF, pc_start - s->cs_base);
7188 } else {
7189 gen_update_cc_op(s);
7190 gen_jmp_im(s, pc_start - s->cs_base);
7191 if (b & 2) {
7192 gen_helper_rdmsr(cpu_env);
7193 } else {
7194 gen_helper_wrmsr(cpu_env);
7195 }
7196 }
7197 break;
7198 case 0x131: /* rdtsc */
7199 gen_update_cc_op(s);
7200 gen_jmp_im(s, pc_start - s->cs_base);
7201 if (tb_cflags(s->base.tb) & CF_USE_ICOUNT) {
7202 gen_io_start();
7203 }
7204 gen_helper_rdtsc(cpu_env);
7205 if (tb_cflags(s->base.tb) & CF_USE_ICOUNT) {
7206 gen_jmp(s, s->pc - s->cs_base);
7207 }
7208 break;
7209 case 0x133: /* rdpmc */
7210 gen_update_cc_op(s);
7211 gen_jmp_im(s, pc_start - s->cs_base);
7212 gen_helper_rdpmc(cpu_env);
7213 break;
7214 case 0x134: /* sysenter */
7215 /* For Intel SYSENTER is valid on 64-bit */
7216 if (CODE64(s) && env->cpuid_vendor1 != CPUID_VENDOR_INTEL_1)
7217 goto illegal_op;
7218 if (!s->pe) {
7219 gen_exception(s, EXCP0D_GPF, pc_start - s->cs_base);
7220 } else {
7221 gen_helper_sysenter(cpu_env);
7222 gen_eob(s);
7223 }
7224 break;
7225 case 0x135: /* sysexit */
7226 /* For Intel SYSEXIT is valid on 64-bit */
7227 if (CODE64(s) && env->cpuid_vendor1 != CPUID_VENDOR_INTEL_1)
7228 goto illegal_op;
7229 if (!s->pe) {
7230 gen_exception(s, EXCP0D_GPF, pc_start - s->cs_base);
7231 } else {
7232 gen_helper_sysexit(cpu_env, tcg_const_i32(dflag - 1));
7233 gen_eob(s);
7234 }
7235 break;
7236 #ifdef TARGET_X86_64
7237 case 0x105: /* syscall */
7238 /* XXX: is it usable in real mode ? */
7239 gen_update_cc_op(s);
7240 gen_jmp_im(s, pc_start - s->cs_base);
7241 gen_helper_syscall(cpu_env, tcg_const_i32(s->pc - pc_start));
7242 /* TF handling for the syscall insn is different. The TF bit is checked
7243 after the syscall insn completes. This allows #DB to not be
7244 generated after one has entered CPL0 if TF is set in FMASK. */
7245 gen_eob_worker(s, false, true);
7246 break;
7247 case 0x107: /* sysret */
7248 if (!s->pe) {
7249 gen_exception(s, EXCP0D_GPF, pc_start - s->cs_base);
7250 } else {
7251 gen_helper_sysret(cpu_env, tcg_const_i32(dflag - 1));
7252 /* condition codes are modified only in long mode */
7253 if (s->lma) {
7254 set_cc_op(s, CC_OP_EFLAGS);
7255 }
7256 /* TF handling for the sysret insn is different. The TF bit is
7257 checked after the sysret insn completes. This allows #DB to be
7258 generated "as if" the syscall insn in userspace has just
7259 completed. */
7260 gen_eob_worker(s, false, true);
7261 }
7262 break;
7263 #endif
7264 case 0x1a2: /* cpuid */
7265 gen_update_cc_op(s);
7266 gen_jmp_im(s, pc_start - s->cs_base);
7267 gen_helper_cpuid(cpu_env);
7268 break;
7269 case 0xf4: /* hlt */
7270 if (s->cpl != 0) {
7271 gen_exception(s, EXCP0D_GPF, pc_start - s->cs_base);
7272 } else {
7273 gen_update_cc_op(s);
7274 gen_jmp_im(s, pc_start - s->cs_base);
7275 gen_helper_hlt(cpu_env, tcg_const_i32(s->pc - pc_start));
7276 s->base.is_jmp = DISAS_NORETURN;
7277 }
7278 break;
7279 case 0x100:
7280 modrm = x86_ldub_code(env, s);
7281 mod = (modrm >> 6) & 3;
7282 op = (modrm >> 3) & 7;
7283 switch(op) {
7284 case 0: /* sldt */
7285 if (!s->pe || s->vm86)
7286 goto illegal_op;
7287 gen_svm_check_intercept(s, pc_start, SVM_EXIT_LDTR_READ);
7288 tcg_gen_ld32u_tl(s->T0, cpu_env,
7289 offsetof(CPUX86State, ldt.selector));
7290 ot = mod == 3 ? dflag : MO_16;
7291 gen_ldst_modrm(env, s, modrm, ot, OR_TMP0, 1);
7292 break;
7293 case 2: /* lldt */
7294 if (!s->pe || s->vm86)
7295 goto illegal_op;
7296 if (s->cpl != 0) {
7297 gen_exception(s, EXCP0D_GPF, pc_start - s->cs_base);
7298 } else {
7299 gen_svm_check_intercept(s, pc_start, SVM_EXIT_LDTR_WRITE);
7300 gen_ldst_modrm(env, s, modrm, MO_16, OR_TMP0, 0);
7301 tcg_gen_trunc_tl_i32(s->tmp2_i32, s->T0);
7302 gen_helper_lldt(cpu_env, s->tmp2_i32);
7303 }
7304 break;
7305 case 1: /* str */
7306 if (!s->pe || s->vm86)
7307 goto illegal_op;
7308 gen_svm_check_intercept(s, pc_start, SVM_EXIT_TR_READ);
7309 tcg_gen_ld32u_tl(s->T0, cpu_env,
7310 offsetof(CPUX86State, tr.selector));
7311 ot = mod == 3 ? dflag : MO_16;
7312 gen_ldst_modrm(env, s, modrm, ot, OR_TMP0, 1);
7313 break;
7314 case 3: /* ltr */
7315 if (!s->pe || s->vm86)
7316 goto illegal_op;
7317 if (s->cpl != 0) {
7318 gen_exception(s, EXCP0D_GPF, pc_start - s->cs_base);
7319 } else {
7320 gen_svm_check_intercept(s, pc_start, SVM_EXIT_TR_WRITE);
7321 gen_ldst_modrm(env, s, modrm, MO_16, OR_TMP0, 0);
7322 tcg_gen_trunc_tl_i32(s->tmp2_i32, s->T0);
7323 gen_helper_ltr(cpu_env, s->tmp2_i32);
7324 }
7325 break;
7326 case 4: /* verr */
7327 case 5: /* verw */
7328 if (!s->pe || s->vm86)
7329 goto illegal_op;
7330 gen_ldst_modrm(env, s, modrm, MO_16, OR_TMP0, 0);
7331 gen_update_cc_op(s);
7332 if (op == 4) {
7333 gen_helper_verr(cpu_env, s->T0);
7334 } else {
7335 gen_helper_verw(cpu_env, s->T0);
7336 }
7337 set_cc_op(s, CC_OP_EFLAGS);
7338 break;
7339 default:
7340 goto unknown_op;
7341 }
7342 break;
7343
7344 case 0x101:
7345 modrm = x86_ldub_code(env, s);
7346 switch (modrm) {
7347 CASE_MODRM_MEM_OP(0): /* sgdt */
7348 gen_svm_check_intercept(s, pc_start, SVM_EXIT_GDTR_READ);
7349 gen_lea_modrm(env, s, modrm);
7350 tcg_gen_ld32u_tl(s->T0,
7351 cpu_env, offsetof(CPUX86State, gdt.limit));
7352 gen_op_st_v(s, MO_16, s->T0, s->A0);
7353 gen_add_A0_im(s, 2);
7354 tcg_gen_ld_tl(s->T0, cpu_env, offsetof(CPUX86State, gdt.base));
7355 if (dflag == MO_16) {
7356 tcg_gen_andi_tl(s->T0, s->T0, 0xffffff);
7357 }
7358 gen_op_st_v(s, CODE64(s) + MO_32, s->T0, s->A0);
7359 break;
7360
7361 case 0xc8: /* monitor */
7362 if (!(s->cpuid_ext_features & CPUID_EXT_MONITOR) || s->cpl != 0) {
7363 goto illegal_op;
7364 }
7365 gen_update_cc_op(s);
7366 gen_jmp_im(s, pc_start - s->cs_base);
7367 tcg_gen_mov_tl(s->A0, cpu_regs[R_EAX]);
7368 gen_extu(s->aflag, s->A0);
7369 gen_add_A0_ds_seg(s);
7370 gen_helper_monitor(cpu_env, s->A0);
7371 break;
7372
7373 case 0xc9: /* mwait */
7374 if (!(s->cpuid_ext_features & CPUID_EXT_MONITOR) || s->cpl != 0) {
7375 goto illegal_op;
7376 }
7377 gen_update_cc_op(s);
7378 gen_jmp_im(s, pc_start - s->cs_base);
7379 gen_helper_mwait(cpu_env, tcg_const_i32(s->pc - pc_start));
7380 gen_eob(s);
7381 break;
7382
7383 case 0xca: /* clac */
7384 if (!(s->cpuid_7_0_ebx_features & CPUID_7_0_EBX_SMAP)
7385 || s->cpl != 0) {
7386 goto illegal_op;
7387 }
7388 gen_helper_clac(cpu_env);
7389 gen_jmp_im(s, s->pc - s->cs_base);
7390 gen_eob(s);
7391 break;
7392
7393 case 0xcb: /* stac */
7394 if (!(s->cpuid_7_0_ebx_features & CPUID_7_0_EBX_SMAP)
7395 || s->cpl != 0) {
7396 goto illegal_op;
7397 }
7398 gen_helper_stac(cpu_env);
7399 gen_jmp_im(s, s->pc - s->cs_base);
7400 gen_eob(s);
7401 break;
7402
7403 CASE_MODRM_MEM_OP(1): /* sidt */
7404 gen_svm_check_intercept(s, pc_start, SVM_EXIT_IDTR_READ);
7405 gen_lea_modrm(env, s, modrm);
7406 tcg_gen_ld32u_tl(s->T0, cpu_env, offsetof(CPUX86State, idt.limit));
7407 gen_op_st_v(s, MO_16, s->T0, s->A0);
7408 gen_add_A0_im(s, 2);
7409 tcg_gen_ld_tl(s->T0, cpu_env, offsetof(CPUX86State, idt.base));
7410 if (dflag == MO_16) {
7411 tcg_gen_andi_tl(s->T0, s->T0, 0xffffff);
7412 }
7413 gen_op_st_v(s, CODE64(s) + MO_32, s->T0, s->A0);
7414 break;
7415
7416 case 0xd0: /* xgetbv */
7417 if ((s->cpuid_ext_features & CPUID_EXT_XSAVE) == 0
7418 || (s->prefix & (PREFIX_LOCK | PREFIX_DATA
7419 | PREFIX_REPZ | PREFIX_REPNZ))) {
7420 goto illegal_op;
7421 }
7422 tcg_gen_trunc_tl_i32(s->tmp2_i32, cpu_regs[R_ECX]);
7423 gen_helper_xgetbv(s->tmp1_i64, cpu_env, s->tmp2_i32);
7424 tcg_gen_extr_i64_tl(cpu_regs[R_EAX], cpu_regs[R_EDX], s->tmp1_i64);
7425 break;
7426
7427 case 0xd1: /* xsetbv */
7428 if ((s->cpuid_ext_features & CPUID_EXT_XSAVE) == 0
7429 || (s->prefix & (PREFIX_LOCK | PREFIX_DATA
7430 | PREFIX_REPZ | PREFIX_REPNZ))) {
7431 goto illegal_op;
7432 }
7433 if (s->cpl != 0) {
7434 gen_exception(s, EXCP0D_GPF, pc_start - s->cs_base);
7435 break;
7436 }
7437 tcg_gen_concat_tl_i64(s->tmp1_i64, cpu_regs[R_EAX],
7438 cpu_regs[R_EDX]);
7439 tcg_gen_trunc_tl_i32(s->tmp2_i32, cpu_regs[R_ECX]);
7440 gen_helper_xsetbv(cpu_env, s->tmp2_i32, s->tmp1_i64);
7441 /* End TB because translation flags may change. */
7442 gen_jmp_im(s, s->pc - s->cs_base);
7443 gen_eob(s);
7444 break;
7445
7446 case 0xd8: /* VMRUN */
7447 if (!(s->flags & HF_SVME_MASK) || !s->pe) {
7448 goto illegal_op;
7449 }
7450 if (s->cpl != 0) {
7451 gen_exception(s, EXCP0D_GPF, pc_start - s->cs_base);
7452 break;
7453 }
7454 gen_update_cc_op(s);
7455 gen_jmp_im(s, pc_start - s->cs_base);
7456 gen_helper_vmrun(cpu_env, tcg_const_i32(s->aflag - 1),
7457 tcg_const_i32(s->pc - pc_start));
7458 tcg_gen_exit_tb(NULL, 0);
7459 s->base.is_jmp = DISAS_NORETURN;
7460 break;
7461
7462 case 0xd9: /* VMMCALL */
7463 if (!(s->flags & HF_SVME_MASK)) {
7464 goto illegal_op;
7465 }
7466 gen_update_cc_op(s);
7467 gen_jmp_im(s, pc_start - s->cs_base);
7468 gen_helper_vmmcall(cpu_env);
7469 break;
7470
7471 case 0xda: /* VMLOAD */
7472 if (!(s->flags & HF_SVME_MASK) || !s->pe) {
7473 goto illegal_op;
7474 }
7475 if (s->cpl != 0) {
7476 gen_exception(s, EXCP0D_GPF, pc_start - s->cs_base);
7477 break;
7478 }
7479 gen_update_cc_op(s);
7480 gen_jmp_im(s, pc_start - s->cs_base);
7481 gen_helper_vmload(cpu_env, tcg_const_i32(s->aflag - 1));
7482 break;
7483
7484 case 0xdb: /* VMSAVE */
7485 if (!(s->flags & HF_SVME_MASK) || !s->pe) {
7486 goto illegal_op;
7487 }
7488 if (s->cpl != 0) {
7489 gen_exception(s, EXCP0D_GPF, pc_start - s->cs_base);
7490 break;
7491 }
7492 gen_update_cc_op(s);
7493 gen_jmp_im(s, pc_start - s->cs_base);
7494 gen_helper_vmsave(cpu_env, tcg_const_i32(s->aflag - 1));
7495 break;
7496
7497 case 0xdc: /* STGI */
7498 if ((!(s->flags & HF_SVME_MASK)
7499 && !(s->cpuid_ext3_features & CPUID_EXT3_SKINIT))
7500 || !s->pe) {
7501 goto illegal_op;
7502 }
7503 if (s->cpl != 0) {
7504 gen_exception(s, EXCP0D_GPF, pc_start - s->cs_base);
7505 break;
7506 }
7507 gen_update_cc_op(s);
7508 gen_helper_stgi(cpu_env);
7509 gen_jmp_im(s, s->pc - s->cs_base);
7510 gen_eob(s);
7511 break;
7512
7513 case 0xdd: /* CLGI */
7514 if (!(s->flags & HF_SVME_MASK) || !s->pe) {
7515 goto illegal_op;
7516 }
7517 if (s->cpl != 0) {
7518 gen_exception(s, EXCP0D_GPF, pc_start - s->cs_base);
7519 break;
7520 }
7521 gen_update_cc_op(s);
7522 gen_jmp_im(s, pc_start - s->cs_base);
7523 gen_helper_clgi(cpu_env);
7524 break;
7525
7526 case 0xde: /* SKINIT */
7527 if ((!(s->flags & HF_SVME_MASK)
7528 && !(s->cpuid_ext3_features & CPUID_EXT3_SKINIT))
7529 || !s->pe) {
7530 goto illegal_op;
7531 }
7532 gen_update_cc_op(s);
7533 gen_jmp_im(s, pc_start - s->cs_base);
7534 gen_helper_skinit(cpu_env);
7535 break;
7536
7537 case 0xdf: /* INVLPGA */
7538 if (!(s->flags & HF_SVME_MASK) || !s->pe) {
7539 goto illegal_op;
7540 }
7541 if (s->cpl != 0) {
7542 gen_exception(s, EXCP0D_GPF, pc_start - s->cs_base);
7543 break;
7544 }
7545 gen_update_cc_op(s);
7546 gen_jmp_im(s, pc_start - s->cs_base);
7547 gen_helper_invlpga(cpu_env, tcg_const_i32(s->aflag - 1));
7548 break;
7549
7550 CASE_MODRM_MEM_OP(2): /* lgdt */
7551 if (s->cpl != 0) {
7552 gen_exception(s, EXCP0D_GPF, pc_start - s->cs_base);
7553 break;
7554 }
7555 gen_svm_check_intercept(s, pc_start, SVM_EXIT_GDTR_WRITE);
7556 gen_lea_modrm(env, s, modrm);
7557 gen_op_ld_v(s, MO_16, s->T1, s->A0);
7558 gen_add_A0_im(s, 2);
7559 gen_op_ld_v(s, CODE64(s) + MO_32, s->T0, s->A0);
7560 if (dflag == MO_16) {
7561 tcg_gen_andi_tl(s->T0, s->T0, 0xffffff);
7562 }
7563 tcg_gen_st_tl(s->T0, cpu_env, offsetof(CPUX86State, gdt.base));
7564 tcg_gen_st32_tl(s->T1, cpu_env, offsetof(CPUX86State, gdt.limit));
7565 break;
7566
7567 CASE_MODRM_MEM_OP(3): /* lidt */
7568 if (s->cpl != 0) {
7569 gen_exception(s, EXCP0D_GPF, pc_start - s->cs_base);
7570 break;
7571 }
7572 gen_svm_check_intercept(s, pc_start, SVM_EXIT_IDTR_WRITE);
7573 gen_lea_modrm(env, s, modrm);
7574 gen_op_ld_v(s, MO_16, s->T1, s->A0);
7575 gen_add_A0_im(s, 2);
7576 gen_op_ld_v(s, CODE64(s) + MO_32, s->T0, s->A0);
7577 if (dflag == MO_16) {
7578 tcg_gen_andi_tl(s->T0, s->T0, 0xffffff);
7579 }
7580 tcg_gen_st_tl(s->T0, cpu_env, offsetof(CPUX86State, idt.base));
7581 tcg_gen_st32_tl(s->T1, cpu_env, offsetof(CPUX86State, idt.limit));
7582 break;
7583
7584 CASE_MODRM_OP(4): /* smsw */
7585 gen_svm_check_intercept(s, pc_start, SVM_EXIT_READ_CR0);
7586 tcg_gen_ld_tl(s->T0, cpu_env, offsetof(CPUX86State, cr[0]));
7587 /*
7588 * In 32-bit mode, the higher 16 bits of the destination
7589 * register are undefined. In practice CR0[31:0] is stored
7590 * just like in 64-bit mode.
7591 */
7592 mod = (modrm >> 6) & 3;
7593 ot = (mod != 3 ? MO_16 : s->dflag);
7594 gen_ldst_modrm(env, s, modrm, ot, OR_TMP0, 1);
7595 break;
7596 case 0xee: /* rdpkru */
7597 if (prefixes & PREFIX_LOCK) {
7598 goto illegal_op;
7599 }
7600 tcg_gen_trunc_tl_i32(s->tmp2_i32, cpu_regs[R_ECX]);
7601 gen_helper_rdpkru(s->tmp1_i64, cpu_env, s->tmp2_i32);
7602 tcg_gen_extr_i64_tl(cpu_regs[R_EAX], cpu_regs[R_EDX], s->tmp1_i64);
7603 break;
7604 case 0xef: /* wrpkru */
7605 if (prefixes & PREFIX_LOCK) {
7606 goto illegal_op;
7607 }
7608 tcg_gen_concat_tl_i64(s->tmp1_i64, cpu_regs[R_EAX],
7609 cpu_regs[R_EDX]);
7610 tcg_gen_trunc_tl_i32(s->tmp2_i32, cpu_regs[R_ECX]);
7611 gen_helper_wrpkru(cpu_env, s->tmp2_i32, s->tmp1_i64);
7612 break;
7613 CASE_MODRM_OP(6): /* lmsw */
7614 if (s->cpl != 0) {
7615 gen_exception(s, EXCP0D_GPF, pc_start - s->cs_base);
7616 break;
7617 }
7618 gen_svm_check_intercept(s, pc_start, SVM_EXIT_WRITE_CR0);
7619 gen_ldst_modrm(env, s, modrm, MO_16, OR_TMP0, 0);
7620 gen_helper_lmsw(cpu_env, s->T0);
7621 gen_jmp_im(s, s->pc - s->cs_base);
7622 gen_eob(s);
7623 break;
7624
7625 CASE_MODRM_MEM_OP(7): /* invlpg */
7626 if (s->cpl != 0) {
7627 gen_exception(s, EXCP0D_GPF, pc_start - s->cs_base);
7628 break;
7629 }
7630 gen_update_cc_op(s);
7631 gen_jmp_im(s, pc_start - s->cs_base);
7632 gen_lea_modrm(env, s, modrm);
7633 gen_helper_invlpg(cpu_env, s->A0);
7634 gen_jmp_im(s, s->pc - s->cs_base);
7635 gen_eob(s);
7636 break;
7637
7638 case 0xf8: /* swapgs */
7639 #ifdef TARGET_X86_64
7640 if (CODE64(s)) {
7641 if (s->cpl != 0) {
7642 gen_exception(s, EXCP0D_GPF, pc_start - s->cs_base);
7643 } else {
7644 tcg_gen_mov_tl(s->T0, cpu_seg_base[R_GS]);
7645 tcg_gen_ld_tl(cpu_seg_base[R_GS], cpu_env,
7646 offsetof(CPUX86State, kernelgsbase));
7647 tcg_gen_st_tl(s->T0, cpu_env,
7648 offsetof(CPUX86State, kernelgsbase));
7649 }
7650 break;
7651 }
7652 #endif
7653 goto illegal_op;
7654
7655 case 0xf9: /* rdtscp */
7656 if (!(s->cpuid_ext2_features & CPUID_EXT2_RDTSCP)) {
7657 goto illegal_op;
7658 }
7659 gen_update_cc_op(s);
7660 gen_jmp_im(s, pc_start - s->cs_base);
7661 if (tb_cflags(s->base.tb) & CF_USE_ICOUNT) {
7662 gen_io_start();
7663 }
7664 gen_helper_rdtscp(cpu_env);
7665 if (tb_cflags(s->base.tb) & CF_USE_ICOUNT) {
7666 gen_jmp(s, s->pc - s->cs_base);
7667 }
7668 break;
7669
7670 default:
7671 goto unknown_op;
7672 }
7673 break;
7674
7675 case 0x108: /* invd */
7676 case 0x109: /* wbinvd */
7677 if (s->cpl != 0) {
7678 gen_exception(s, EXCP0D_GPF, pc_start - s->cs_base);
7679 } else {
7680 gen_svm_check_intercept(s, pc_start, (b & 2) ? SVM_EXIT_INVD : SVM_EXIT_WBINVD);
7681 /* nothing to do */
7682 }
7683 break;
7684 case 0x63: /* arpl or movslS (x86_64) */
7685 #ifdef TARGET_X86_64
7686 if (CODE64(s)) {
7687 int d_ot;
7688 /* d_ot is the size of destination */
7689 d_ot = dflag;
7690
7691 modrm = x86_ldub_code(env, s);
7692 reg = ((modrm >> 3) & 7) | rex_r;
7693 mod = (modrm >> 6) & 3;
7694 rm = (modrm & 7) | REX_B(s);
7695
7696 if (mod == 3) {
7697 gen_op_mov_v_reg(s, MO_32, s->T0, rm);
7698 /* sign extend */
7699 if (d_ot == MO_64) {
7700 tcg_gen_ext32s_tl(s->T0, s->T0);
7701 }
7702 gen_op_mov_reg_v(s, d_ot, reg, s->T0);
7703 } else {
7704 gen_lea_modrm(env, s, modrm);
7705 gen_op_ld_v(s, MO_32 | MO_SIGN, s->T0, s->A0);
7706 gen_op_mov_reg_v(s, d_ot, reg, s->T0);
7707 }
7708 } else
7709 #endif
7710 {
7711 TCGLabel *label1;
7712 TCGv t0, t1, t2, a0;
7713
7714 if (!s->pe || s->vm86)
7715 goto illegal_op;
7716 t0 = tcg_temp_local_new();
7717 t1 = tcg_temp_local_new();
7718 t2 = tcg_temp_local_new();
7719 ot = MO_16;
7720 modrm = x86_ldub_code(env, s);
7721 reg = (modrm >> 3) & 7;
7722 mod = (modrm >> 6) & 3;
7723 rm = modrm & 7;
7724 if (mod != 3) {
7725 gen_lea_modrm(env, s, modrm);
7726 gen_op_ld_v(s, ot, t0, s->A0);
7727 a0 = tcg_temp_local_new();
7728 tcg_gen_mov_tl(a0, s->A0);
7729 } else {
7730 gen_op_mov_v_reg(s, ot, t0, rm);
7731 a0 = NULL;
7732 }
7733 gen_op_mov_v_reg(s, ot, t1, reg);
7734 tcg_gen_andi_tl(s->tmp0, t0, 3);
7735 tcg_gen_andi_tl(t1, t1, 3);
7736 tcg_gen_movi_tl(t2, 0);
7737 label1 = gen_new_label();
7738 tcg_gen_brcond_tl(TCG_COND_GE, s->tmp0, t1, label1);
7739 tcg_gen_andi_tl(t0, t0, ~3);
7740 tcg_gen_or_tl(t0, t0, t1);
7741 tcg_gen_movi_tl(t2, CC_Z);
7742 gen_set_label(label1);
7743 if (mod != 3) {
7744 gen_op_st_v(s, ot, t0, a0);
7745 tcg_temp_free(a0);
7746 } else {
7747 gen_op_mov_reg_v(s, ot, rm, t0);
7748 }
7749 gen_compute_eflags(s);
7750 tcg_gen_andi_tl(cpu_cc_src, cpu_cc_src, ~CC_Z);
7751 tcg_gen_or_tl(cpu_cc_src, cpu_cc_src, t2);
7752 tcg_temp_free(t0);
7753 tcg_temp_free(t1);
7754 tcg_temp_free(t2);
7755 }
7756 break;
7757 case 0x102: /* lar */
7758 case 0x103: /* lsl */
7759 {
7760 TCGLabel *label1;
7761 TCGv t0;
7762 if (!s->pe || s->vm86)
7763 goto illegal_op;
7764 ot = dflag != MO_16 ? MO_32 : MO_16;
7765 modrm = x86_ldub_code(env, s);
7766 reg = ((modrm >> 3) & 7) | rex_r;
7767 gen_ldst_modrm(env, s, modrm, MO_16, OR_TMP0, 0);
7768 t0 = tcg_temp_local_new();
7769 gen_update_cc_op(s);
7770 if (b == 0x102) {
7771 gen_helper_lar(t0, cpu_env, s->T0);
7772 } else {
7773 gen_helper_lsl(t0, cpu_env, s->T0);
7774 }
7775 tcg_gen_andi_tl(s->tmp0, cpu_cc_src, CC_Z);
7776 label1 = gen_new_label();
7777 tcg_gen_brcondi_tl(TCG_COND_EQ, s->tmp0, 0, label1);
7778 gen_op_mov_reg_v(s, ot, reg, t0);
7779 gen_set_label(label1);
7780 set_cc_op(s, CC_OP_EFLAGS);
7781 tcg_temp_free(t0);
7782 }
7783 break;
7784 case 0x118:
7785 modrm = x86_ldub_code(env, s);
7786 mod = (modrm >> 6) & 3;
7787 op = (modrm >> 3) & 7;
7788 switch(op) {
7789 case 0: /* prefetchnta */
7790 case 1: /* prefetchnt0 */
7791 case 2: /* prefetchnt0 */
7792 case 3: /* prefetchnt0 */
7793 if (mod == 3)
7794 goto illegal_op;
7795 gen_nop_modrm(env, s, modrm);
7796 /* nothing more to do */
7797 break;
7798 default: /* nop (multi byte) */
7799 gen_nop_modrm(env, s, modrm);
7800 break;
7801 }
7802 break;
7803 case 0x11a:
7804 modrm = x86_ldub_code(env, s);
7805 if (s->flags & HF_MPX_EN_MASK) {
7806 mod = (modrm >> 6) & 3;
7807 reg = ((modrm >> 3) & 7) | rex_r;
7808 if (prefixes & PREFIX_REPZ) {
7809 /* bndcl */
7810 if (reg >= 4
7811 || (prefixes & PREFIX_LOCK)
7812 || s->aflag == MO_16) {
7813 goto illegal_op;
7814 }
7815 gen_bndck(env, s, modrm, TCG_COND_LTU, cpu_bndl[reg]);
7816 } else if (prefixes & PREFIX_REPNZ) {
7817 /* bndcu */
7818 if (reg >= 4
7819 || (prefixes & PREFIX_LOCK)
7820 || s->aflag == MO_16) {
7821 goto illegal_op;
7822 }
7823 TCGv_i64 notu = tcg_temp_new_i64();
7824 tcg_gen_not_i64(notu, cpu_bndu[reg]);
7825 gen_bndck(env, s, modrm, TCG_COND_GTU, notu);
7826 tcg_temp_free_i64(notu);
7827 } else if (prefixes & PREFIX_DATA) {
7828 /* bndmov -- from reg/mem */
7829 if (reg >= 4 || s->aflag == MO_16) {
7830 goto illegal_op;
7831 }
7832 if (mod == 3) {
7833 int reg2 = (modrm & 7) | REX_B(s);
7834 if (reg2 >= 4 || (prefixes & PREFIX_LOCK)) {
7835 goto illegal_op;
7836 }
7837 if (s->flags & HF_MPX_IU_MASK) {
7838 tcg_gen_mov_i64(cpu_bndl[reg], cpu_bndl[reg2]);
7839 tcg_gen_mov_i64(cpu_bndu[reg], cpu_bndu[reg2]);
7840 }
7841 } else {
7842 gen_lea_modrm(env, s, modrm);
7843 if (CODE64(s)) {
7844 tcg_gen_qemu_ld_i64(cpu_bndl[reg], s->A0,
7845 s->mem_index, MO_LEQ);
7846 tcg_gen_addi_tl(s->A0, s->A0, 8);
7847 tcg_gen_qemu_ld_i64(cpu_bndu[reg], s->A0,
7848 s->mem_index, MO_LEQ);
7849 } else {
7850 tcg_gen_qemu_ld_i64(cpu_bndl[reg], s->A0,
7851 s->mem_index, MO_LEUL);
7852 tcg_gen_addi_tl(s->A0, s->A0, 4);
7853 tcg_gen_qemu_ld_i64(cpu_bndu[reg], s->A0,
7854 s->mem_index, MO_LEUL);
7855 }
7856 /* bnd registers are now in-use */
7857 gen_set_hflag(s, HF_MPX_IU_MASK);
7858 }
7859 } else if (mod != 3) {
7860 /* bndldx */
7861 AddressParts a = gen_lea_modrm_0(env, s, modrm);
7862 if (reg >= 4
7863 || (prefixes & PREFIX_LOCK)
7864 || s->aflag == MO_16
7865 || a.base < -1) {
7866 goto illegal_op;
7867 }
7868 if (a.base >= 0) {
7869 tcg_gen_addi_tl(s->A0, cpu_regs[a.base], a.disp);
7870 } else {
7871 tcg_gen_movi_tl(s->A0, 0);
7872 }
7873 gen_lea_v_seg(s, s->aflag, s->A0, a.def_seg, s->override);
7874 if (a.index >= 0) {
7875 tcg_gen_mov_tl(s->T0, cpu_regs[a.index]);
7876 } else {
7877 tcg_gen_movi_tl(s->T0, 0);
7878 }
7879 if (CODE64(s)) {
7880 gen_helper_bndldx64(cpu_bndl[reg], cpu_env, s->A0, s->T0);
7881 tcg_gen_ld_i64(cpu_bndu[reg], cpu_env,
7882 offsetof(CPUX86State, mmx_t0.MMX_Q(0)));
7883 } else {
7884 gen_helper_bndldx32(cpu_bndu[reg], cpu_env, s->A0, s->T0);
7885 tcg_gen_ext32u_i64(cpu_bndl[reg], cpu_bndu[reg]);
7886 tcg_gen_shri_i64(cpu_bndu[reg], cpu_bndu[reg], 32);
7887 }
7888 gen_set_hflag(s, HF_MPX_IU_MASK);
7889 }
7890 }
7891 gen_nop_modrm(env, s, modrm);
7892 break;
7893 case 0x11b:
7894 modrm = x86_ldub_code(env, s);
7895 if (s->flags & HF_MPX_EN_MASK) {
7896 mod = (modrm >> 6) & 3;
7897 reg = ((modrm >> 3) & 7) | rex_r;
7898 if (mod != 3 && (prefixes & PREFIX_REPZ)) {
7899 /* bndmk */
7900 if (reg >= 4
7901 || (prefixes & PREFIX_LOCK)
7902 || s->aflag == MO_16) {
7903 goto illegal_op;
7904 }
7905 AddressParts a = gen_lea_modrm_0(env, s, modrm);
7906 if (a.base >= 0) {
7907 tcg_gen_extu_tl_i64(cpu_bndl[reg], cpu_regs[a.base]);
7908 if (!CODE64(s)) {
7909 tcg_gen_ext32u_i64(cpu_bndl[reg], cpu_bndl[reg]);
7910 }
7911 } else if (a.base == -1) {
7912 /* no base register has lower bound of 0 */
7913 tcg_gen_movi_i64(cpu_bndl[reg], 0);
7914 } else {
7915 /* rip-relative generates #ud */
7916 goto illegal_op;
7917 }
7918 tcg_gen_not_tl(s->A0, gen_lea_modrm_1(s, a));
7919 if (!CODE64(s)) {
7920 tcg_gen_ext32u_tl(s->A0, s->A0);
7921 }
7922 tcg_gen_extu_tl_i64(cpu_bndu[reg], s->A0);
7923 /* bnd registers are now in-use */
7924 gen_set_hflag(s, HF_MPX_IU_MASK);
7925 break;
7926 } else if (prefixes & PREFIX_REPNZ) {
7927 /* bndcn */
7928 if (reg >= 4
7929 || (prefixes & PREFIX_LOCK)
7930 || s->aflag == MO_16) {
7931 goto illegal_op;
7932 }
7933 gen_bndck(env, s, modrm, TCG_COND_GTU, cpu_bndu[reg]);
7934 } else if (prefixes & PREFIX_DATA) {
7935 /* bndmov -- to reg/mem */
7936 if (reg >= 4 || s->aflag == MO_16) {
7937 goto illegal_op;
7938 }
7939 if (mod == 3) {
7940 int reg2 = (modrm & 7) | REX_B(s);
7941 if (reg2 >= 4 || (prefixes & PREFIX_LOCK)) {
7942 goto illegal_op;
7943 }
7944 if (s->flags & HF_MPX_IU_MASK) {
7945 tcg_gen_mov_i64(cpu_bndl[reg2], cpu_bndl[reg]);
7946 tcg_gen_mov_i64(cpu_bndu[reg2], cpu_bndu[reg]);
7947 }
7948 } else {
7949 gen_lea_modrm(env, s, modrm);
7950 if (CODE64(s)) {
7951 tcg_gen_qemu_st_i64(cpu_bndl[reg], s->A0,
7952 s->mem_index, MO_LEQ);
7953 tcg_gen_addi_tl(s->A0, s->A0, 8);
7954 tcg_gen_qemu_st_i64(cpu_bndu[reg], s->A0,
7955 s->mem_index, MO_LEQ);
7956 } else {
7957 tcg_gen_qemu_st_i64(cpu_bndl[reg], s->A0,
7958 s->mem_index, MO_LEUL);
7959 tcg_gen_addi_tl(s->A0, s->A0, 4);
7960 tcg_gen_qemu_st_i64(cpu_bndu[reg], s->A0,
7961 s->mem_index, MO_LEUL);
7962 }
7963 }
7964 } else if (mod != 3) {
7965 /* bndstx */
7966 AddressParts a = gen_lea_modrm_0(env, s, modrm);
7967 if (reg >= 4
7968 || (prefixes & PREFIX_LOCK)
7969 || s->aflag == MO_16
7970 || a.base < -1) {
7971 goto illegal_op;
7972 }
7973 if (a.base >= 0) {
7974 tcg_gen_addi_tl(s->A0, cpu_regs[a.base], a.disp);
7975 } else {
7976 tcg_gen_movi_tl(s->A0, 0);
7977 }
7978 gen_lea_v_seg(s, s->aflag, s->A0, a.def_seg, s->override);
7979 if (a.index >= 0) {
7980 tcg_gen_mov_tl(s->T0, cpu_regs[a.index]);
7981 } else {
7982 tcg_gen_movi_tl(s->T0, 0);
7983 }
7984 if (CODE64(s)) {
7985 gen_helper_bndstx64(cpu_env, s->A0, s->T0,
7986 cpu_bndl[reg], cpu_bndu[reg]);
7987 } else {
7988 gen_helper_bndstx32(cpu_env, s->A0, s->T0,
7989 cpu_bndl[reg], cpu_bndu[reg]);
7990 }
7991 }
7992 }
7993 gen_nop_modrm(env, s, modrm);
7994 break;
7995 case 0x119: case 0x11c ... 0x11f: /* nop (multi byte) */
7996 modrm = x86_ldub_code(env, s);
7997 gen_nop_modrm(env, s, modrm);
7998 break;
7999 case 0x120: /* mov reg, crN */
8000 case 0x122: /* mov crN, reg */
8001 if (s->cpl != 0) {
8002 gen_exception(s, EXCP0D_GPF, pc_start - s->cs_base);
8003 } else {
8004 modrm = x86_ldub_code(env, s);
8005 /* Ignore the mod bits (assume (modrm&0xc0)==0xc0).
8006 * AMD documentation (24594.pdf) and testing of
8007 * intel 386 and 486 processors all show that the mod bits
8008 * are assumed to be 1's, regardless of actual values.
8009 */
8010 rm = (modrm & 7) | REX_B(s);
8011 reg = ((modrm >> 3) & 7) | rex_r;
8012 if (CODE64(s))
8013 ot = MO_64;
8014 else
8015 ot = MO_32;
8016 if ((prefixes & PREFIX_LOCK) && (reg == 0) &&
8017 (s->cpuid_ext3_features & CPUID_EXT3_CR8LEG)) {
8018 reg = 8;
8019 }
8020 switch(reg) {
8021 case 0:
8022 case 2:
8023 case 3:
8024 case 4:
8025 case 8:
8026 gen_update_cc_op(s);
8027 gen_jmp_im(s, pc_start - s->cs_base);
8028 if (b & 2) {
8029 if (tb_cflags(s->base.tb) & CF_USE_ICOUNT) {
8030 gen_io_start();
8031 }
8032 gen_op_mov_v_reg(s, ot, s->T0, rm);
8033 gen_helper_write_crN(cpu_env, tcg_const_i32(reg),
8034 s->T0);
8035 gen_jmp_im(s, s->pc - s->cs_base);
8036 gen_eob(s);
8037 } else {
8038 if (tb_cflags(s->base.tb) & CF_USE_ICOUNT) {
8039 gen_io_start();
8040 }
8041 gen_helper_read_crN(s->T0, cpu_env, tcg_const_i32(reg));
8042 gen_op_mov_reg_v(s, ot, rm, s->T0);
8043 if (tb_cflags(s->base.tb) & CF_USE_ICOUNT) {
8044 gen_jmp(s, s->pc - s->cs_base);
8045 }
8046 }
8047 break;
8048 default:
8049 goto unknown_op;
8050 }
8051 }
8052 break;
8053 case 0x121: /* mov reg, drN */
8054 case 0x123: /* mov drN, reg */
8055 if (s->cpl != 0) {
8056 gen_exception(s, EXCP0D_GPF, pc_start - s->cs_base);
8057 } else {
8058 modrm = x86_ldub_code(env, s);
8059 /* Ignore the mod bits (assume (modrm&0xc0)==0xc0).
8060 * AMD documentation (24594.pdf) and testing of
8061 * intel 386 and 486 processors all show that the mod bits
8062 * are assumed to be 1's, regardless of actual values.
8063 */
8064 rm = (modrm & 7) | REX_B(s);
8065 reg = ((modrm >> 3) & 7) | rex_r;
8066 if (CODE64(s))
8067 ot = MO_64;
8068 else
8069 ot = MO_32;
8070 if (reg >= 8) {
8071 goto illegal_op;
8072 }
8073 if (b & 2) {
8074 gen_svm_check_intercept(s, pc_start, SVM_EXIT_WRITE_DR0 + reg);
8075 gen_op_mov_v_reg(s, ot, s->T0, rm);
8076 tcg_gen_movi_i32(s->tmp2_i32, reg);
8077 gen_helper_set_dr(cpu_env, s->tmp2_i32, s->T0);
8078 gen_jmp_im(s, s->pc - s->cs_base);
8079 gen_eob(s);
8080 } else {
8081 gen_svm_check_intercept(s, pc_start, SVM_EXIT_READ_DR0 + reg);
8082 tcg_gen_movi_i32(s->tmp2_i32, reg);
8083 gen_helper_get_dr(s->T0, cpu_env, s->tmp2_i32);
8084 gen_op_mov_reg_v(s, ot, rm, s->T0);
8085 }
8086 }
8087 break;
8088 case 0x106: /* clts */
8089 if (s->cpl != 0) {
8090 gen_exception(s, EXCP0D_GPF, pc_start - s->cs_base);
8091 } else {
8092 gen_svm_check_intercept(s, pc_start, SVM_EXIT_WRITE_CR0);
8093 gen_helper_clts(cpu_env);
8094 /* abort block because static cpu state changed */
8095 gen_jmp_im(s, s->pc - s->cs_base);
8096 gen_eob(s);
8097 }
8098 break;
8099 /* MMX/3DNow!/SSE/SSE2/SSE3/SSSE3/SSE4 support */
8100 case 0x1c3: /* MOVNTI reg, mem */
8101 if (!(s->cpuid_features & CPUID_SSE2))
8102 goto illegal_op;
8103 ot = mo_64_32(dflag);
8104 modrm = x86_ldub_code(env, s);
8105 mod = (modrm >> 6) & 3;
8106 if (mod == 3)
8107 goto illegal_op;
8108 reg = ((modrm >> 3) & 7) | rex_r;
8109 /* generate a generic store */
8110 gen_ldst_modrm(env, s, modrm, ot, reg, 1);
8111 break;
8112 case 0x1ae:
8113 modrm = x86_ldub_code(env, s);
8114 switch (modrm) {
8115 CASE_MODRM_MEM_OP(0): /* fxsave */
8116 if (!(s->cpuid_features & CPUID_FXSR)
8117 || (prefixes & PREFIX_LOCK)) {
8118 goto illegal_op;
8119 }
8120 if ((s->flags & HF_EM_MASK) || (s->flags & HF_TS_MASK)) {
8121 gen_exception(s, EXCP07_PREX, pc_start - s->cs_base);
8122 break;
8123 }
8124 gen_lea_modrm(env, s, modrm);
8125 gen_helper_fxsave(cpu_env, s->A0);
8126 break;
8127
8128 CASE_MODRM_MEM_OP(1): /* fxrstor */
8129 if (!(s->cpuid_features & CPUID_FXSR)
8130 || (prefixes & PREFIX_LOCK)) {
8131 goto illegal_op;
8132 }
8133 if ((s->flags & HF_EM_MASK) || (s->flags & HF_TS_MASK)) {
8134 gen_exception(s, EXCP07_PREX, pc_start - s->cs_base);
8135 break;
8136 }
8137 gen_lea_modrm(env, s, modrm);
8138 gen_helper_fxrstor(cpu_env, s->A0);
8139 break;
8140
8141 CASE_MODRM_MEM_OP(2): /* ldmxcsr */
8142 if ((s->flags & HF_EM_MASK) || !(s->flags & HF_OSFXSR_MASK)) {
8143 goto illegal_op;
8144 }
8145 if (s->flags & HF_TS_MASK) {
8146 gen_exception(s, EXCP07_PREX, pc_start - s->cs_base);
8147 break;
8148 }
8149 gen_lea_modrm(env, s, modrm);
8150 tcg_gen_qemu_ld_i32(s->tmp2_i32, s->A0, s->mem_index, MO_LEUL);
8151 gen_helper_ldmxcsr(cpu_env, s->tmp2_i32);
8152 break;
8153
8154 CASE_MODRM_MEM_OP(3): /* stmxcsr */
8155 if ((s->flags & HF_EM_MASK) || !(s->flags & HF_OSFXSR_MASK)) {
8156 goto illegal_op;
8157 }
8158 if (s->flags & HF_TS_MASK) {
8159 gen_exception(s, EXCP07_PREX, pc_start - s->cs_base);
8160 break;
8161 }
8162 gen_helper_update_mxcsr(cpu_env);
8163 gen_lea_modrm(env, s, modrm);
8164 tcg_gen_ld32u_tl(s->T0, cpu_env, offsetof(CPUX86State, mxcsr));
8165 gen_op_st_v(s, MO_32, s->T0, s->A0);
8166 break;
8167
8168 CASE_MODRM_MEM_OP(4): /* xsave */
8169 if ((s->cpuid_ext_features & CPUID_EXT_XSAVE) == 0
8170 || (prefixes & (PREFIX_LOCK | PREFIX_DATA
8171 | PREFIX_REPZ | PREFIX_REPNZ))) {
8172 goto illegal_op;
8173 }
8174 gen_lea_modrm(env, s, modrm);
8175 tcg_gen_concat_tl_i64(s->tmp1_i64, cpu_regs[R_EAX],
8176 cpu_regs[R_EDX]);
8177 gen_helper_xsave(cpu_env, s->A0, s->tmp1_i64);
8178 break;
8179
8180 CASE_MODRM_MEM_OP(5): /* xrstor */
8181 if ((s->cpuid_ext_features & CPUID_EXT_XSAVE) == 0
8182 || (prefixes & (PREFIX_LOCK | PREFIX_DATA
8183 | PREFIX_REPZ | PREFIX_REPNZ))) {
8184 goto illegal_op;
8185 }
8186 gen_lea_modrm(env, s, modrm);
8187 tcg_gen_concat_tl_i64(s->tmp1_i64, cpu_regs[R_EAX],
8188 cpu_regs[R_EDX]);
8189 gen_helper_xrstor(cpu_env, s->A0, s->tmp1_i64);
8190 /* XRSTOR is how MPX is enabled, which changes how
8191 we translate. Thus we need to end the TB. */
8192 gen_update_cc_op(s);
8193 gen_jmp_im(s, s->pc - s->cs_base);
8194 gen_eob(s);
8195 break;
8196
8197 CASE_MODRM_MEM_OP(6): /* xsaveopt / clwb */
8198 if (prefixes & PREFIX_LOCK) {
8199 goto illegal_op;
8200 }
8201 if (prefixes & PREFIX_DATA) {
8202 /* clwb */
8203 if (!(s->cpuid_7_0_ebx_features & CPUID_7_0_EBX_CLWB)) {
8204 goto illegal_op;
8205 }
8206 gen_nop_modrm(env, s, modrm);
8207 } else {
8208 /* xsaveopt */
8209 if ((s->cpuid_ext_features & CPUID_EXT_XSAVE) == 0
8210 || (s->cpuid_xsave_features & CPUID_XSAVE_XSAVEOPT) == 0
8211 || (prefixes & (PREFIX_REPZ | PREFIX_REPNZ))) {
8212 goto illegal_op;
8213 }
8214 gen_lea_modrm(env, s, modrm);
8215 tcg_gen_concat_tl_i64(s->tmp1_i64, cpu_regs[R_EAX],
8216 cpu_regs[R_EDX]);
8217 gen_helper_xsaveopt(cpu_env, s->A0, s->tmp1_i64);
8218 }
8219 break;
8220
8221 CASE_MODRM_MEM_OP(7): /* clflush / clflushopt */
8222 if (prefixes & PREFIX_LOCK) {
8223 goto illegal_op;
8224 }
8225 if (prefixes & PREFIX_DATA) {
8226 /* clflushopt */
8227 if (!(s->cpuid_7_0_ebx_features & CPUID_7_0_EBX_CLFLUSHOPT)) {
8228 goto illegal_op;
8229 }
8230 } else {
8231 /* clflush */
8232 if ((s->prefix & (PREFIX_REPZ | PREFIX_REPNZ))
8233 || !(s->cpuid_features & CPUID_CLFLUSH)) {
8234 goto illegal_op;
8235 }
8236 }
8237 gen_nop_modrm(env, s, modrm);
8238 break;
8239
8240 case 0xc0 ... 0xc7: /* rdfsbase (f3 0f ae /0) */
8241 case 0xc8 ... 0xcf: /* rdgsbase (f3 0f ae /1) */
8242 case 0xd0 ... 0xd7: /* wrfsbase (f3 0f ae /2) */
8243 case 0xd8 ... 0xdf: /* wrgsbase (f3 0f ae /3) */
8244 if (CODE64(s)
8245 && (prefixes & PREFIX_REPZ)
8246 && !(prefixes & PREFIX_LOCK)
8247 && (s->cpuid_7_0_ebx_features & CPUID_7_0_EBX_FSGSBASE)) {
8248 TCGv base, treg, src, dst;
8249
8250 /* Preserve hflags bits by testing CR4 at runtime. */
8251 tcg_gen_movi_i32(s->tmp2_i32, CR4_FSGSBASE_MASK);
8252 gen_helper_cr4_testbit(cpu_env, s->tmp2_i32);
8253
8254 base = cpu_seg_base[modrm & 8 ? R_GS : R_FS];
8255 treg = cpu_regs[(modrm & 7) | REX_B(s)];
8256
8257 if (modrm & 0x10) {
8258 /* wr*base */
8259 dst = base, src = treg;
8260 } else {
8261 /* rd*base */
8262 dst = treg, src = base;
8263 }
8264
8265 if (s->dflag == MO_32) {
8266 tcg_gen_ext32u_tl(dst, src);
8267 } else {
8268 tcg_gen_mov_tl(dst, src);
8269 }
8270 break;
8271 }
8272 goto unknown_op;
8273
8274 case 0xf8: /* sfence / pcommit */
8275 if (prefixes & PREFIX_DATA) {
8276 /* pcommit */
8277 if (!(s->cpuid_7_0_ebx_features & CPUID_7_0_EBX_PCOMMIT)
8278 || (prefixes & PREFIX_LOCK)) {
8279 goto illegal_op;
8280 }
8281 break;
8282 }
8283 /* fallthru */
8284 case 0xf9 ... 0xff: /* sfence */
8285 if (!(s->cpuid_features & CPUID_SSE)
8286 || (prefixes & PREFIX_LOCK)) {
8287 goto illegal_op;
8288 }
8289 tcg_gen_mb(TCG_MO_ST_ST | TCG_BAR_SC);
8290 break;
8291 case 0xe8 ... 0xef: /* lfence */
8292 if (!(s->cpuid_features & CPUID_SSE)
8293 || (prefixes & PREFIX_LOCK)) {
8294 goto illegal_op;
8295 }
8296 tcg_gen_mb(TCG_MO_LD_LD | TCG_BAR_SC);
8297 break;
8298 case 0xf0 ... 0xf7: /* mfence */
8299 if (!(s->cpuid_features & CPUID_SSE2)
8300 || (prefixes & PREFIX_LOCK)) {
8301 goto illegal_op;
8302 }
8303 tcg_gen_mb(TCG_MO_ALL | TCG_BAR_SC);
8304 break;
8305
8306 default:
8307 goto unknown_op;
8308 }
8309 break;
8310
8311 case 0x10d: /* 3DNow! prefetch(w) */
8312 modrm = x86_ldub_code(env, s);
8313 mod = (modrm >> 6) & 3;
8314 if (mod == 3)
8315 goto illegal_op;
8316 gen_nop_modrm(env, s, modrm);
8317 break;
8318 case 0x1aa: /* rsm */
8319 gen_svm_check_intercept(s, pc_start, SVM_EXIT_RSM);
8320 if (!(s->flags & HF_SMM_MASK))
8321 goto illegal_op;
8322 gen_update_cc_op(s);
8323 gen_jmp_im(s, s->pc - s->cs_base);
8324 gen_helper_rsm(cpu_env);
8325 gen_eob(s);
8326 break;
8327 case 0x1b8: /* SSE4.2 popcnt */
8328 if ((prefixes & (PREFIX_REPZ | PREFIX_LOCK | PREFIX_REPNZ)) !=
8329 PREFIX_REPZ)
8330 goto illegal_op;
8331 if (!(s->cpuid_ext_features & CPUID_EXT_POPCNT))
8332 goto illegal_op;
8333
8334 modrm = x86_ldub_code(env, s);
8335 reg = ((modrm >> 3) & 7) | rex_r;
8336
8337 if (s->prefix & PREFIX_DATA) {
8338 ot = MO_16;
8339 } else {
8340 ot = mo_64_32(dflag);
8341 }
8342
8343 gen_ldst_modrm(env, s, modrm, ot, OR_TMP0, 0);
8344 gen_extu(ot, s->T0);
8345 tcg_gen_mov_tl(cpu_cc_src, s->T0);
8346 tcg_gen_ctpop_tl(s->T0, s->T0);
8347 gen_op_mov_reg_v(s, ot, reg, s->T0);
8348
8349 set_cc_op(s, CC_OP_POPCNT);
8350 break;
8351 case 0x10e ... 0x10f:
8352 /* 3DNow! instructions, ignore prefixes */
8353 s->prefix &= ~(PREFIX_REPZ | PREFIX_REPNZ | PREFIX_DATA);
8354 /* fall through */
8355 case 0x110 ... 0x117:
8356 case 0x128 ... 0x12f:
8357 case 0x138 ... 0x13a:
8358 case 0x150 ... 0x179:
8359 case 0x17c ... 0x17f:
8360 case 0x1c2:
8361 case 0x1c4 ... 0x1c6:
8362 case 0x1d0 ... 0x1fe:
8363 gen_sse(env, s, b, pc_start, rex_r);
8364 break;
8365 default:
8366 goto unknown_op;
8367 }
8368 return s->pc;
8369 illegal_op:
8370 gen_illegal_opcode(s);
8371 return s->pc;
8372 unknown_op:
8373 gen_unknown_opcode(env, s);
8374 return s->pc;
8375 }
8376
8377 void tcg_x86_init(void)
8378 {
8379 static const char reg_names[CPU_NB_REGS][4] = {
8380 #ifdef TARGET_X86_64
8381 [R_EAX] = "rax",
8382 [R_EBX] = "rbx",
8383 [R_ECX] = "rcx",
8384 [R_EDX] = "rdx",
8385 [R_ESI] = "rsi",
8386 [R_EDI] = "rdi",
8387 [R_EBP] = "rbp",
8388 [R_ESP] = "rsp",
8389 [8] = "r8",
8390 [9] = "r9",
8391 [10] = "r10",
8392 [11] = "r11",
8393 [12] = "r12",
8394 [13] = "r13",
8395 [14] = "r14",
8396 [15] = "r15",
8397 #else
8398 [R_EAX] = "eax",
8399 [R_EBX] = "ebx",
8400 [R_ECX] = "ecx",
8401 [R_EDX] = "edx",
8402 [R_ESI] = "esi",
8403 [R_EDI] = "edi",
8404 [R_EBP] = "ebp",
8405 [R_ESP] = "esp",
8406 #endif
8407 };
8408 static const char seg_base_names[6][8] = {
8409 [R_CS] = "cs_base",
8410 [R_DS] = "ds_base",
8411 [R_ES] = "es_base",
8412 [R_FS] = "fs_base",
8413 [R_GS] = "gs_base",
8414 [R_SS] = "ss_base",
8415 };
8416 static const char bnd_regl_names[4][8] = {
8417 "bnd0_lb", "bnd1_lb", "bnd2_lb", "bnd3_lb"
8418 };
8419 static const char bnd_regu_names[4][8] = {
8420 "bnd0_ub", "bnd1_ub", "bnd2_ub", "bnd3_ub"
8421 };
8422 int i;
8423
8424 cpu_cc_op = tcg_global_mem_new_i32(cpu_env,
8425 offsetof(CPUX86State, cc_op), "cc_op");
8426 cpu_cc_dst = tcg_global_mem_new(cpu_env, offsetof(CPUX86State, cc_dst),
8427 "cc_dst");
8428 cpu_cc_src = tcg_global_mem_new(cpu_env, offsetof(CPUX86State, cc_src),
8429 "cc_src");
8430 cpu_cc_src2 = tcg_global_mem_new(cpu_env, offsetof(CPUX86State, cc_src2),
8431 "cc_src2");
8432
8433 for (i = 0; i < CPU_NB_REGS; ++i) {
8434 cpu_regs[i] = tcg_global_mem_new(cpu_env,
8435 offsetof(CPUX86State, regs[i]),
8436 reg_names[i]);
8437 }
8438
8439 for (i = 0; i < 6; ++i) {
8440 cpu_seg_base[i]
8441 = tcg_global_mem_new(cpu_env,
8442 offsetof(CPUX86State, segs[i].base),
8443 seg_base_names[i]);
8444 }
8445
8446 for (i = 0; i < 4; ++i) {
8447 cpu_bndl[i]
8448 = tcg_global_mem_new_i64(cpu_env,
8449 offsetof(CPUX86State, bnd_regs[i].lb),
8450 bnd_regl_names[i]);
8451 cpu_bndu[i]
8452 = tcg_global_mem_new_i64(cpu_env,
8453 offsetof(CPUX86State, bnd_regs[i].ub),
8454 bnd_regu_names[i]);
8455 }
8456 }
8457
8458 static void i386_tr_init_disas_context(DisasContextBase *dcbase, CPUState *cpu)
8459 {
8460 DisasContext *dc = container_of(dcbase, DisasContext, base);
8461 CPUX86State *env = cpu->env_ptr;
8462 uint32_t flags = dc->base.tb->flags;
8463 target_ulong cs_base = dc->base.tb->cs_base;
8464
8465 dc->pe = (flags >> HF_PE_SHIFT) & 1;
8466 dc->code32 = (flags >> HF_CS32_SHIFT) & 1;
8467 dc->ss32 = (flags >> HF_SS32_SHIFT) & 1;
8468 dc->addseg = (flags >> HF_ADDSEG_SHIFT) & 1;
8469 dc->f_st = 0;
8470 dc->vm86 = (flags >> VM_SHIFT) & 1;
8471 dc->cpl = (flags >> HF_CPL_SHIFT) & 3;
8472 dc->iopl = (flags >> IOPL_SHIFT) & 3;
8473 dc->tf = (flags >> TF_SHIFT) & 1;
8474 dc->cc_op = CC_OP_DYNAMIC;
8475 dc->cc_op_dirty = false;
8476 dc->cs_base = cs_base;
8477 dc->popl_esp_hack = 0;
8478 /* select memory access functions */
8479 dc->mem_index = 0;
8480 #ifdef CONFIG_SOFTMMU
8481 dc->mem_index = cpu_mmu_index(env, false);
8482 #endif
8483 dc->cpuid_features = env->features[FEAT_1_EDX];
8484 dc->cpuid_ext_features = env->features[FEAT_1_ECX];
8485 dc->cpuid_ext2_features = env->features[FEAT_8000_0001_EDX];
8486 dc->cpuid_ext3_features = env->features[FEAT_8000_0001_ECX];
8487 dc->cpuid_7_0_ebx_features = env->features[FEAT_7_0_EBX];
8488 dc->cpuid_xsave_features = env->features[FEAT_XSAVE];
8489 #ifdef TARGET_X86_64
8490 dc->lma = (flags >> HF_LMA_SHIFT) & 1;
8491 dc->code64 = (flags >> HF_CS64_SHIFT) & 1;
8492 #endif
8493 dc->flags = flags;
8494 dc->jmp_opt = !(dc->tf || dc->base.singlestep_enabled ||
8495 (flags & HF_INHIBIT_IRQ_MASK));
8496 /* Do not optimize repz jumps at all in icount mode, because
8497 rep movsS instructions are execured with different paths
8498 in !repz_opt and repz_opt modes. The first one was used
8499 always except single step mode. And this setting
8500 disables jumps optimization and control paths become
8501 equivalent in run and single step modes.
8502 Now there will be no jump optimization for repz in
8503 record/replay modes and there will always be an
8504 additional step for ecx=0 when icount is enabled.
8505 */
8506 dc->repz_opt = !dc->jmp_opt && !(tb_cflags(dc->base.tb) & CF_USE_ICOUNT);
8507 #if 0
8508 /* check addseg logic */
8509 if (!dc->addseg && (dc->vm86 || !dc->pe || !dc->code32))
8510 printf("ERROR addseg\n");
8511 #endif
8512
8513 dc->T0 = tcg_temp_new();
8514 dc->T1 = tcg_temp_new();
8515 dc->A0 = tcg_temp_new();
8516
8517 dc->tmp0 = tcg_temp_new();
8518 dc->tmp1_i64 = tcg_temp_new_i64();
8519 dc->tmp2_i32 = tcg_temp_new_i32();
8520 dc->tmp3_i32 = tcg_temp_new_i32();
8521 dc->tmp4 = tcg_temp_new();
8522 dc->ptr0 = tcg_temp_new_ptr();
8523 dc->ptr1 = tcg_temp_new_ptr();
8524 dc->cc_srcT = tcg_temp_local_new();
8525 }
8526
8527 static void i386_tr_tb_start(DisasContextBase *db, CPUState *cpu)
8528 {
8529 }
8530
8531 static void i386_tr_insn_start(DisasContextBase *dcbase, CPUState *cpu)
8532 {
8533 DisasContext *dc = container_of(dcbase, DisasContext, base);
8534
8535 tcg_gen_insn_start(dc->base.pc_next, dc->cc_op);
8536 }
8537
8538 static bool i386_tr_breakpoint_check(DisasContextBase *dcbase, CPUState *cpu,
8539 const CPUBreakpoint *bp)
8540 {
8541 DisasContext *dc = container_of(dcbase, DisasContext, base);
8542 /* If RF is set, suppress an internally generated breakpoint. */
8543 int flags = dc->base.tb->flags & HF_RF_MASK ? BP_GDB : BP_ANY;
8544 if (bp->flags & flags) {
8545 gen_debug(dc, dc->base.pc_next - dc->cs_base);
8546 dc->base.is_jmp = DISAS_NORETURN;
8547 /* The address covered by the breakpoint must be included in
8548 [tb->pc, tb->pc + tb->size) in order to for it to be
8549 properly cleared -- thus we increment the PC here so that
8550 the generic logic setting tb->size later does the right thing. */
8551 dc->base.pc_next += 1;
8552 return true;
8553 } else {
8554 return false;
8555 }
8556 }
8557
8558 static void i386_tr_translate_insn(DisasContextBase *dcbase, CPUState *cpu)
8559 {
8560 DisasContext *dc = container_of(dcbase, DisasContext, base);
8561 target_ulong pc_next;
8562
8563 #ifdef TARGET_VSYSCALL_PAGE
8564 /*
8565 * Detect entry into the vsyscall page and invoke the syscall.
8566 */
8567 if ((dc->base.pc_next & TARGET_PAGE_MASK) == TARGET_VSYSCALL_PAGE) {
8568 gen_exception(dc, EXCP_VSYSCALL, dc->base.pc_next);
8569 return;
8570 }
8571 #endif
8572
8573 pc_next = disas_insn(dc, cpu);
8574
8575 if (dc->tf || (dc->base.tb->flags & HF_INHIBIT_IRQ_MASK)) {
8576 /* if single step mode, we generate only one instruction and
8577 generate an exception */
8578 /* if irq were inhibited with HF_INHIBIT_IRQ_MASK, we clear
8579 the flag and abort the translation to give the irqs a
8580 chance to happen */
8581 dc->base.is_jmp = DISAS_TOO_MANY;
8582 } else if ((tb_cflags(dc->base.tb) & CF_USE_ICOUNT)
8583 && ((pc_next & TARGET_PAGE_MASK)
8584 != ((pc_next + TARGET_MAX_INSN_SIZE - 1)
8585 & TARGET_PAGE_MASK)
8586 || (pc_next & ~TARGET_PAGE_MASK) == 0)) {
8587 /* Do not cross the boundary of the pages in icount mode,
8588 it can cause an exception. Do it only when boundary is
8589 crossed by the first instruction in the block.
8590 If current instruction already crossed the bound - it's ok,
8591 because an exception hasn't stopped this code.
8592 */
8593 dc->base.is_jmp = DISAS_TOO_MANY;
8594 } else if ((pc_next - dc->base.pc_first) >= (TARGET_PAGE_SIZE - 32)) {
8595 dc->base.is_jmp = DISAS_TOO_MANY;
8596 }
8597
8598 dc->base.pc_next = pc_next;
8599 }
8600
8601 static void i386_tr_tb_stop(DisasContextBase *dcbase, CPUState *cpu)
8602 {
8603 DisasContext *dc = container_of(dcbase, DisasContext, base);
8604
8605 if (dc->base.is_jmp == DISAS_TOO_MANY) {
8606 gen_jmp_im(dc, dc->base.pc_next - dc->cs_base);
8607 gen_eob(dc);
8608 }
8609 }
8610
8611 static void i386_tr_disas_log(const DisasContextBase *dcbase,
8612 CPUState *cpu)
8613 {
8614 DisasContext *dc = container_of(dcbase, DisasContext, base);
8615
8616 qemu_log("IN: %s\n", lookup_symbol(dc->base.pc_first));
8617 log_target_disas(cpu, dc->base.pc_first, dc->base.tb->size);
8618 }
8619
8620 static const TranslatorOps i386_tr_ops = {
8621 .init_disas_context = i386_tr_init_disas_context,
8622 .tb_start = i386_tr_tb_start,
8623 .insn_start = i386_tr_insn_start,
8624 .breakpoint_check = i386_tr_breakpoint_check,
8625 .translate_insn = i386_tr_translate_insn,
8626 .tb_stop = i386_tr_tb_stop,
8627 .disas_log = i386_tr_disas_log,
8628 };
8629
8630 /* generate intermediate code for basic block 'tb'. */
8631 void gen_intermediate_code(CPUState *cpu, TranslationBlock *tb, int max_insns)
8632 {
8633 DisasContext dc;
8634
8635 translator_loop(&i386_tr_ops, &dc.base, cpu, tb, max_insns);
8636 }
8637
8638 void restore_state_to_opc(CPUX86State *env, TranslationBlock *tb,
8639 target_ulong *data)
8640 {
8641 int cc_op = data[1];
8642 env->eip = data[0] - tb->cs_base;
8643 if (cc_op != CC_OP_DYNAMIC) {
8644 env->cc_op = cc_op;
8645 }
8646 }
AR7 emulation for QEMU