search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
target/i386: optimize cross-page direct jumps in softmmu
[qemu/ar7.git] / target / i386 / translate.c
blobea113fe5aab5e265040f1cd692c46c7b5e40c6ac
1 /*
2 * i386 translation
3 *
4 * Copyright (c) 2003 Fabrice Bellard
5 *
6 * This library is free software; you can redistribute it and/or
7 * modify it under the terms of the GNU Lesser General Public
8 * License as published by the Free Software Foundation; either
9 * version 2 of the License, or (at your option) any later version.
10 *
11 * This library is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
14 * Lesser General Public License for more details.
15 *
16 * You should have received a copy of the GNU Lesser General Public
17 * License along with this library; if not, see <http://www.gnu.org/licenses/>.
18 */
19 #include "qemu/osdep.h"
20
21 #include "qemu/host-utils.h"
22 #include "cpu.h"
23 #include "disas/disas.h"
24 #include "exec/exec-all.h"
25 #include "tcg-op.h"
26 #include "exec/cpu_ldst.h"
27
28 #include "exec/helper-proto.h"
29 #include "exec/helper-gen.h"
30
31 #include "trace-tcg.h"
32 #include "exec/log.h"
33
34
35 #define PREFIX_REPZ 0x01
36 #define PREFIX_REPNZ 0x02
37 #define PREFIX_LOCK 0x04
38 #define PREFIX_DATA 0x08
39 #define PREFIX_ADR 0x10
40 #define PREFIX_VEX 0x20
41
42 #ifdef TARGET_X86_64
43 #define CODE64(s) ((s)->code64)
44 #define REX_X(s) ((s)->rex_x)
45 #define REX_B(s) ((s)->rex_b)
46 #else
47 #define CODE64(s) 0
48 #define REX_X(s) 0
49 #define REX_B(s) 0
50 #endif
51
52 #ifdef TARGET_X86_64
53 # define ctztl ctz64
54 # define clztl clz64
55 #else
56 # define ctztl ctz32
57 # define clztl clz32
58 #endif
59
60 /* For a switch indexed by MODRM, match all memory operands for a given OP. */
61 #define CASE_MODRM_MEM_OP(OP) \
62 case (0 << 6) | (OP << 3) | 0 ... (0 << 6) | (OP << 3) | 7: \
63 case (1 << 6) | (OP << 3) | 0 ... (1 << 6) | (OP << 3) | 7: \
64 case (2 << 6) | (OP << 3) | 0 ... (2 << 6) | (OP << 3) | 7
65
66 #define CASE_MODRM_OP(OP) \
67 case (0 << 6) | (OP << 3) | 0 ... (0 << 6) | (OP << 3) | 7: \
68 case (1 << 6) | (OP << 3) | 0 ... (1 << 6) | (OP << 3) | 7: \
69 case (2 << 6) | (OP << 3) | 0 ... (2 << 6) | (OP << 3) | 7: \
70 case (3 << 6) | (OP << 3) | 0 ... (3 << 6) | (OP << 3) | 7
71
72 //#define MACRO_TEST 1
73
74 /* global register indexes */
75 static TCGv_env cpu_env;
76 static TCGv cpu_A0;
77 static TCGv cpu_cc_dst, cpu_cc_src, cpu_cc_src2, cpu_cc_srcT;
78 static TCGv_i32 cpu_cc_op;
79 static TCGv cpu_regs[CPU_NB_REGS];
80 static TCGv cpu_seg_base[6];
81 static TCGv_i64 cpu_bndl[4];
82 static TCGv_i64 cpu_bndu[4];
83 /* local temps */
84 static TCGv cpu_T0, cpu_T1;
85 /* local register indexes (only used inside old micro ops) */
86 static TCGv cpu_tmp0, cpu_tmp4;
87 static TCGv_ptr cpu_ptr0, cpu_ptr1;
88 static TCGv_i32 cpu_tmp2_i32, cpu_tmp3_i32;
89 static TCGv_i64 cpu_tmp1_i64;
90
91 #include "exec/gen-icount.h"
92
93 #ifdef TARGET_X86_64
94 static int x86_64_hregs;
95 #endif
96
97 typedef struct DisasContext {
98 /* current insn context */
99 int override; /* -1 if no override */
100 int prefix;
101 TCGMemOp aflag;
102 TCGMemOp dflag;
103 target_ulong pc_start;
104 target_ulong pc; /* pc = eip + cs_base */
105 int is_jmp; /* 1 = means jump (stop translation), 2 means CPU
106 static state change (stop translation) */
107 /* current block context */
108 target_ulong cs_base; /* base of CS segment */
109 int pe; /* protected mode */
110 int code32; /* 32 bit code segment */
111 #ifdef TARGET_X86_64
112 int lma; /* long mode active */
113 int code64; /* 64 bit code segment */
114 int rex_x, rex_b;
115 #endif
116 int vex_l; /* vex vector length */
117 int vex_v; /* vex vvvv register, without 1's compliment. */
118 int ss32; /* 32 bit stack segment */
119 CCOp cc_op; /* current CC operation */
120 bool cc_op_dirty;
121 int addseg; /* non zero if either DS/ES/SS have a non zero base */
122 int f_st; /* currently unused */
123 int vm86; /* vm86 mode */
124 int cpl;
125 int iopl;
126 int tf; /* TF cpu flag */
127 int singlestep_enabled; /* "hardware" single step enabled */
128 int jmp_opt; /* use direct block chaining for direct jumps */
129 int repz_opt; /* optimize jumps within repz instructions */
130 int mem_index; /* select memory access functions */
131 uint64_t flags; /* all execution flags */
132 struct TranslationBlock *tb;
133 int popl_esp_hack; /* for correct popl with esp base handling */
134 int rip_offset; /* only used in x86_64, but left for simplicity */
135 int cpuid_features;
136 int cpuid_ext_features;
137 int cpuid_ext2_features;
138 int cpuid_ext3_features;
139 int cpuid_7_0_ebx_features;
140 int cpuid_xsave_features;
141 } DisasContext;
142
143 static void gen_eob(DisasContext *s);
144 static void gen_jr(DisasContext *s, TCGv dest);
145 static void gen_jmp(DisasContext *s, target_ulong eip);
146 static void gen_jmp_tb(DisasContext *s, target_ulong eip, int tb_num);
147 static void gen_op(DisasContext *s1, int op, TCGMemOp ot, int d);
148
149 /* i386 arith/logic operations */
150 enum {
151 OP_ADDL,
152 OP_ORL,
153 OP_ADCL,
154 OP_SBBL,
155 OP_ANDL,
156 OP_SUBL,
157 OP_XORL,
158 OP_CMPL,
159 };
160
161 /* i386 shift ops */
162 enum {
163 OP_ROL,
164 OP_ROR,
165 OP_RCL,
166 OP_RCR,
167 OP_SHL,
168 OP_SHR,
169 OP_SHL1, /* undocumented */
170 OP_SAR = 7,
171 };
172
173 enum {
174 JCC_O,
175 JCC_B,
176 JCC_Z,
177 JCC_BE,
178 JCC_S,
179 JCC_P,
180 JCC_L,
181 JCC_LE,
182 };
183
184 enum {
185 /* I386 int registers */
186 OR_EAX, /* MUST be even numbered */
187 OR_ECX,
188 OR_EDX,
189 OR_EBX,
190 OR_ESP,
191 OR_EBP,
192 OR_ESI,
193 OR_EDI,
194
195 OR_TMP0 = 16, /* temporary operand register */
196 OR_TMP1,
197 OR_A0, /* temporary register used when doing address evaluation */
198 };
199
200 enum {
201 USES_CC_DST = 1,
202 USES_CC_SRC = 2,
203 USES_CC_SRC2 = 4,
204 USES_CC_SRCT = 8,
205 };
206
207 /* Bit set if the global variable is live after setting CC_OP to X. */
208 static const uint8_t cc_op_live[CC_OP_NB] = {
209 [CC_OP_DYNAMIC] = USES_CC_DST | USES_CC_SRC | USES_CC_SRC2,
210 [CC_OP_EFLAGS] = USES_CC_SRC,
211 [CC_OP_MULB ... CC_OP_MULQ] = USES_CC_DST | USES_CC_SRC,
212 [CC_OP_ADDB ... CC_OP_ADDQ] = USES_CC_DST | USES_CC_SRC,
213 [CC_OP_ADCB ... CC_OP_ADCQ] = USES_CC_DST | USES_CC_SRC | USES_CC_SRC2,
214 [CC_OP_SUBB ... CC_OP_SUBQ] = USES_CC_DST | USES_CC_SRC | USES_CC_SRCT,
215 [CC_OP_SBBB ... CC_OP_SBBQ] = USES_CC_DST | USES_CC_SRC | USES_CC_SRC2,
216 [CC_OP_LOGICB ... CC_OP_LOGICQ] = USES_CC_DST,
217 [CC_OP_INCB ... CC_OP_INCQ] = USES_CC_DST | USES_CC_SRC,
218 [CC_OP_DECB ... CC_OP_DECQ] = USES_CC_DST | USES_CC_SRC,
219 [CC_OP_SHLB ... CC_OP_SHLQ] = USES_CC_DST | USES_CC_SRC,
220 [CC_OP_SARB ... CC_OP_SARQ] = USES_CC_DST | USES_CC_SRC,
221 [CC_OP_BMILGB ... CC_OP_BMILGQ] = USES_CC_DST | USES_CC_SRC,
222 [CC_OP_ADCX] = USES_CC_DST | USES_CC_SRC,
223 [CC_OP_ADOX] = USES_CC_SRC | USES_CC_SRC2,
224 [CC_OP_ADCOX] = USES_CC_DST | USES_CC_SRC | USES_CC_SRC2,
225 [CC_OP_CLR] = 0,
226 [CC_OP_POPCNT] = USES_CC_SRC,
227 };
228
229 static void set_cc_op(DisasContext *s, CCOp op)
230 {
231 int dead;
232
233 if (s->cc_op == op) {
234 return;
235 }
236
237 /* Discard CC computation that will no longer be used. */
238 dead = cc_op_live[s->cc_op] & ~cc_op_live[op];
239 if (dead & USES_CC_DST) {
240 tcg_gen_discard_tl(cpu_cc_dst);
241 }
242 if (dead & USES_CC_SRC) {
243 tcg_gen_discard_tl(cpu_cc_src);
244 }
245 if (dead & USES_CC_SRC2) {
246 tcg_gen_discard_tl(cpu_cc_src2);
247 }
248 if (dead & USES_CC_SRCT) {
249 tcg_gen_discard_tl(cpu_cc_srcT);
250 }
251
252 if (op == CC_OP_DYNAMIC) {
253 /* The DYNAMIC setting is translator only, and should never be
254 stored. Thus we always consider it clean. */
255 s->cc_op_dirty = false;
256 } else {
257 /* Discard any computed CC_OP value (see shifts). */
258 if (s->cc_op == CC_OP_DYNAMIC) {
259 tcg_gen_discard_i32(cpu_cc_op);
260 }
261 s->cc_op_dirty = true;
262 }
263 s->cc_op = op;
264 }
265
266 static void gen_update_cc_op(DisasContext *s)
267 {
268 if (s->cc_op_dirty) {
269 tcg_gen_movi_i32(cpu_cc_op, s->cc_op);
270 s->cc_op_dirty = false;
271 }
272 }
273
274 #ifdef TARGET_X86_64
275
276 #define NB_OP_SIZES 4
277
278 #else /* !TARGET_X86_64 */
279
280 #define NB_OP_SIZES 3
281
282 #endif /* !TARGET_X86_64 */
283
284 #if defined(HOST_WORDS_BIGENDIAN)
285 #define REG_B_OFFSET (sizeof(target_ulong) - 1)
286 #define REG_H_OFFSET (sizeof(target_ulong) - 2)
287 #define REG_W_OFFSET (sizeof(target_ulong) - 2)
288 #define REG_L_OFFSET (sizeof(target_ulong) - 4)
289 #define REG_LH_OFFSET (sizeof(target_ulong) - 8)
290 #else
291 #define REG_B_OFFSET 0
292 #define REG_H_OFFSET 1
293 #define REG_W_OFFSET 0
294 #define REG_L_OFFSET 0
295 #define REG_LH_OFFSET 4
296 #endif
297
298 /* In instruction encodings for byte register accesses the
299 * register number usually indicates "low 8 bits of register N";
300 * however there are some special cases where N 4..7 indicates
301 * [AH, CH, DH, BH], ie "bits 15..8 of register N-4". Return
302 * true for this special case, false otherwise.
303 */
304 static inline bool byte_reg_is_xH(int reg)
305 {
306 if (reg < 4) {
307 return false;
308 }
309 #ifdef TARGET_X86_64
310 if (reg >= 8 || x86_64_hregs) {
311 return false;
312 }
313 #endif
314 return true;
315 }
316
317 /* Select the size of a push/pop operation. */
318 static inline TCGMemOp mo_pushpop(DisasContext *s, TCGMemOp ot)
319 {
320 if (CODE64(s)) {
321 return ot == MO_16 ? MO_16 : MO_64;
322 } else {
323 return ot;
324 }
325 }
326
327 /* Select the size of the stack pointer. */
328 static inline TCGMemOp mo_stacksize(DisasContext *s)
329 {
330 return CODE64(s) ? MO_64 : s->ss32 ? MO_32 : MO_16;
331 }
332
333 /* Select only size 64 else 32. Used for SSE operand sizes. */
334 static inline TCGMemOp mo_64_32(TCGMemOp ot)
335 {
336 #ifdef TARGET_X86_64
337 return ot == MO_64 ? MO_64 : MO_32;
338 #else
339 return MO_32;
340 #endif
341 }
342
343 /* Select size 8 if lsb of B is clear, else OT. Used for decoding
344 byte vs word opcodes. */
345 static inline TCGMemOp mo_b_d(int b, TCGMemOp ot)
346 {
347 return b & 1 ? ot : MO_8;
348 }
349
350 /* Select size 8 if lsb of B is clear, else OT capped at 32.
351 Used for decoding operand size of port opcodes. */
352 static inline TCGMemOp mo_b_d32(int b, TCGMemOp ot)
353 {
354 return b & 1 ? (ot == MO_16 ? MO_16 : MO_32) : MO_8;
355 }
356
357 static void gen_op_mov_reg_v(TCGMemOp ot, int reg, TCGv t0)
358 {
359 switch(ot) {
360 case MO_8:
361 if (!byte_reg_is_xH(reg)) {
362 tcg_gen_deposit_tl(cpu_regs[reg], cpu_regs[reg], t0, 0, 8);
363 } else {
364 tcg_gen_deposit_tl(cpu_regs[reg - 4], cpu_regs[reg - 4], t0, 8, 8);
365 }
366 break;
367 case MO_16:
368 tcg_gen_deposit_tl(cpu_regs[reg], cpu_regs[reg], t0, 0, 16);
369 break;
370 case MO_32:
371 /* For x86_64, this sets the higher half of register to zero.
372 For i386, this is equivalent to a mov. */
373 tcg_gen_ext32u_tl(cpu_regs[reg], t0);
374 break;
375 #ifdef TARGET_X86_64
376 case MO_64:
377 tcg_gen_mov_tl(cpu_regs[reg], t0);
378 break;
379 #endif
380 default:
381 tcg_abort();
382 }
383 }
384
385 static inline void gen_op_mov_v_reg(TCGMemOp ot, TCGv t0, int reg)
386 {
387 if (ot == MO_8 && byte_reg_is_xH(reg)) {
388 tcg_gen_extract_tl(t0, cpu_regs[reg - 4], 8, 8);
389 } else {
390 tcg_gen_mov_tl(t0, cpu_regs[reg]);
391 }
392 }
393
394 static void gen_add_A0_im(DisasContext *s, int val)
395 {
396 tcg_gen_addi_tl(cpu_A0, cpu_A0, val);
397 if (!CODE64(s)) {
398 tcg_gen_ext32u_tl(cpu_A0, cpu_A0);
399 }
400 }
401
402 static inline void gen_op_jmp_v(TCGv dest)
403 {
404 tcg_gen_st_tl(dest, cpu_env, offsetof(CPUX86State, eip));
405 }
406
407 static inline void gen_op_add_reg_im(TCGMemOp size, int reg, int32_t val)
408 {
409 tcg_gen_addi_tl(cpu_tmp0, cpu_regs[reg], val);
410 gen_op_mov_reg_v(size, reg, cpu_tmp0);
411 }
412
413 static inline void gen_op_add_reg_T0(TCGMemOp size, int reg)
414 {
415 tcg_gen_add_tl(cpu_tmp0, cpu_regs[reg], cpu_T0);
416 gen_op_mov_reg_v(size, reg, cpu_tmp0);
417 }
418
419 static inline void gen_op_ld_v(DisasContext *s, int idx, TCGv t0, TCGv a0)
420 {
421 tcg_gen_qemu_ld_tl(t0, a0, s->mem_index, idx | MO_LE);
422 }
423
424 static inline void gen_op_st_v(DisasContext *s, int idx, TCGv t0, TCGv a0)
425 {
426 tcg_gen_qemu_st_tl(t0, a0, s->mem_index, idx | MO_LE);
427 }
428
429 static inline void gen_op_st_rm_T0_A0(DisasContext *s, int idx, int d)
430 {
431 if (d == OR_TMP0) {
432 gen_op_st_v(s, idx, cpu_T0, cpu_A0);
433 } else {
434 gen_op_mov_reg_v(idx, d, cpu_T0);
435 }
436 }
437
438 static inline void gen_jmp_im(target_ulong pc)
439 {
440 tcg_gen_movi_tl(cpu_tmp0, pc);
441 gen_op_jmp_v(cpu_tmp0);
442 }
443
444 /* Compute SEG:REG into A0. SEG is selected from the override segment
445 (OVR_SEG) and the default segment (DEF_SEG). OVR_SEG may be -1 to
446 indicate no override. */
447 static void gen_lea_v_seg(DisasContext *s, TCGMemOp aflag, TCGv a0,
448 int def_seg, int ovr_seg)
449 {
450 switch (aflag) {
451 #ifdef TARGET_X86_64
452 case MO_64:
453 if (ovr_seg < 0) {
454 tcg_gen_mov_tl(cpu_A0, a0);
455 return;
456 }
457 break;
458 #endif
459 case MO_32:
460 /* 32 bit address */
461 if (ovr_seg < 0 && s->addseg) {
462 ovr_seg = def_seg;
463 }
464 if (ovr_seg < 0) {
465 tcg_gen_ext32u_tl(cpu_A0, a0);
466 return;
467 }
468 break;
469 case MO_16:
470 /* 16 bit address */
471 tcg_gen_ext16u_tl(cpu_A0, a0);
472 a0 = cpu_A0;
473 if (ovr_seg < 0) {
474 if (s->addseg) {
475 ovr_seg = def_seg;
476 } else {
477 return;
478 }
479 }
480 break;
481 default:
482 tcg_abort();
483 }
484
485 if (ovr_seg >= 0) {
486 TCGv seg = cpu_seg_base[ovr_seg];
487
488 if (aflag == MO_64) {
489 tcg_gen_add_tl(cpu_A0, a0, seg);
490 } else if (CODE64(s)) {
491 tcg_gen_ext32u_tl(cpu_A0, a0);
492 tcg_gen_add_tl(cpu_A0, cpu_A0, seg);
493 } else {
494 tcg_gen_add_tl(cpu_A0, a0, seg);
495 tcg_gen_ext32u_tl(cpu_A0, cpu_A0);
496 }
497 }
498 }
499
500 static inline void gen_string_movl_A0_ESI(DisasContext *s)
501 {
502 gen_lea_v_seg(s, s->aflag, cpu_regs[R_ESI], R_DS, s->override);
503 }
504
505 static inline void gen_string_movl_A0_EDI(DisasContext *s)
506 {
507 gen_lea_v_seg(s, s->aflag, cpu_regs[R_EDI], R_ES, -1);
508 }
509
510 static inline void gen_op_movl_T0_Dshift(TCGMemOp ot)
511 {
512 tcg_gen_ld32s_tl(cpu_T0, cpu_env, offsetof(CPUX86State, df));
513 tcg_gen_shli_tl(cpu_T0, cpu_T0, ot);
514 };
515
516 static TCGv gen_ext_tl(TCGv dst, TCGv src, TCGMemOp size, bool sign)
517 {
518 switch (size) {
519 case MO_8:
520 if (sign) {
521 tcg_gen_ext8s_tl(dst, src);
522 } else {
523 tcg_gen_ext8u_tl(dst, src);
524 }
525 return dst;
526 case MO_16:
527 if (sign) {
528 tcg_gen_ext16s_tl(dst, src);
529 } else {
530 tcg_gen_ext16u_tl(dst, src);
531 }
532 return dst;
533 #ifdef TARGET_X86_64
534 case MO_32:
535 if (sign) {
536 tcg_gen_ext32s_tl(dst, src);
537 } else {
538 tcg_gen_ext32u_tl(dst, src);
539 }
540 return dst;
541 #endif
542 default:
543 return src;
544 }
545 }
546
547 static void gen_extu(TCGMemOp ot, TCGv reg)
548 {
549 gen_ext_tl(reg, reg, ot, false);
550 }
551
552 static void gen_exts(TCGMemOp ot, TCGv reg)
553 {
554 gen_ext_tl(reg, reg, ot, true);
555 }
556
557 static inline void gen_op_jnz_ecx(TCGMemOp size, TCGLabel *label1)
558 {
559 tcg_gen_mov_tl(cpu_tmp0, cpu_regs[R_ECX]);
560 gen_extu(size, cpu_tmp0);
561 tcg_gen_brcondi_tl(TCG_COND_NE, cpu_tmp0, 0, label1);
562 }
563
564 static inline void gen_op_jz_ecx(TCGMemOp size, TCGLabel *label1)
565 {
566 tcg_gen_mov_tl(cpu_tmp0, cpu_regs[R_ECX]);
567 gen_extu(size, cpu_tmp0);
568 tcg_gen_brcondi_tl(TCG_COND_EQ, cpu_tmp0, 0, label1);
569 }
570
571 static void gen_helper_in_func(TCGMemOp ot, TCGv v, TCGv_i32 n)
572 {
573 switch (ot) {
574 case MO_8:
575 gen_helper_inb(v, cpu_env, n);
576 break;
577 case MO_16:
578 gen_helper_inw(v, cpu_env, n);
579 break;
580 case MO_32:
581 gen_helper_inl(v, cpu_env, n);
582 break;
583 default:
584 tcg_abort();
585 }
586 }
587
588 static void gen_helper_out_func(TCGMemOp ot, TCGv_i32 v, TCGv_i32 n)
589 {
590 switch (ot) {
591 case MO_8:
592 gen_helper_outb(cpu_env, v, n);
593 break;
594 case MO_16:
595 gen_helper_outw(cpu_env, v, n);
596 break;
597 case MO_32:
598 gen_helper_outl(cpu_env, v, n);
599 break;
600 default:
601 tcg_abort();
602 }
603 }
604
605 static void gen_check_io(DisasContext *s, TCGMemOp ot, target_ulong cur_eip,
606 uint32_t svm_flags)
607 {
608 target_ulong next_eip;
609
610 if (s->pe && (s->cpl > s->iopl || s->vm86)) {
611 tcg_gen_trunc_tl_i32(cpu_tmp2_i32, cpu_T0);
612 switch (ot) {
613 case MO_8:
614 gen_helper_check_iob(cpu_env, cpu_tmp2_i32);
615 break;
616 case MO_16:
617 gen_helper_check_iow(cpu_env, cpu_tmp2_i32);
618 break;
619 case MO_32:
620 gen_helper_check_iol(cpu_env, cpu_tmp2_i32);
621 break;
622 default:
623 tcg_abort();
624 }
625 }
626 if(s->flags & HF_SVMI_MASK) {
627 gen_update_cc_op(s);
628 gen_jmp_im(cur_eip);
629 svm_flags |= (1 << (4 + ot));
630 next_eip = s->pc - s->cs_base;
631 tcg_gen_trunc_tl_i32(cpu_tmp2_i32, cpu_T0);
632 gen_helper_svm_check_io(cpu_env, cpu_tmp2_i32,
633 tcg_const_i32(svm_flags),
634 tcg_const_i32(next_eip - cur_eip));
635 }
636 }
637
638 static inline void gen_movs(DisasContext *s, TCGMemOp ot)
639 {
640 gen_string_movl_A0_ESI(s);
641 gen_op_ld_v(s, ot, cpu_T0, cpu_A0);
642 gen_string_movl_A0_EDI(s);
643 gen_op_st_v(s, ot, cpu_T0, cpu_A0);
644 gen_op_movl_T0_Dshift(ot);
645 gen_op_add_reg_T0(s->aflag, R_ESI);
646 gen_op_add_reg_T0(s->aflag, R_EDI);
647 }
648
649 static void gen_op_update1_cc(void)
650 {
651 tcg_gen_mov_tl(cpu_cc_dst, cpu_T0);
652 }
653
654 static void gen_op_update2_cc(void)
655 {
656 tcg_gen_mov_tl(cpu_cc_src, cpu_T1);
657 tcg_gen_mov_tl(cpu_cc_dst, cpu_T0);
658 }
659
660 static void gen_op_update3_cc(TCGv reg)
661 {
662 tcg_gen_mov_tl(cpu_cc_src2, reg);
663 tcg_gen_mov_tl(cpu_cc_src, cpu_T1);
664 tcg_gen_mov_tl(cpu_cc_dst, cpu_T0);
665 }
666
667 static inline void gen_op_testl_T0_T1_cc(void)
668 {
669 tcg_gen_and_tl(cpu_cc_dst, cpu_T0, cpu_T1);
670 }
671
672 static void gen_op_update_neg_cc(void)
673 {
674 tcg_gen_mov_tl(cpu_cc_dst, cpu_T0);
675 tcg_gen_neg_tl(cpu_cc_src, cpu_T0);
676 tcg_gen_movi_tl(cpu_cc_srcT, 0);
677 }
678
679 /* compute all eflags to cc_src */
680 static void gen_compute_eflags(DisasContext *s)
681 {
682 TCGv zero, dst, src1, src2;
683 int live, dead;
684
685 if (s->cc_op == CC_OP_EFLAGS) {
686 return;
687 }
688 if (s->cc_op == CC_OP_CLR) {
689 tcg_gen_movi_tl(cpu_cc_src, CC_Z | CC_P);
690 set_cc_op(s, CC_OP_EFLAGS);
691 return;
692 }
693
694 TCGV_UNUSED(zero);
695 dst = cpu_cc_dst;
696 src1 = cpu_cc_src;
697 src2 = cpu_cc_src2;
698
699 /* Take care to not read values that are not live. */
700 live = cc_op_live[s->cc_op] & ~USES_CC_SRCT;
701 dead = live ^ (USES_CC_DST | USES_CC_SRC | USES_CC_SRC2);
702 if (dead) {
703 zero = tcg_const_tl(0);
704 if (dead & USES_CC_DST) {
705 dst = zero;
706 }
707 if (dead & USES_CC_SRC) {
708 src1 = zero;
709 }
710 if (dead & USES_CC_SRC2) {
711 src2 = zero;
712 }
713 }
714
715 gen_update_cc_op(s);
716 gen_helper_cc_compute_all(cpu_cc_src, dst, src1, src2, cpu_cc_op);
717 set_cc_op(s, CC_OP_EFLAGS);
718
719 if (dead) {
720 tcg_temp_free(zero);
721 }
722 }
723
724 typedef struct CCPrepare {
725 TCGCond cond;
726 TCGv reg;
727 TCGv reg2;
728 target_ulong imm;
729 target_ulong mask;
730 bool use_reg2;
731 bool no_setcond;
732 } CCPrepare;
733
734 /* compute eflags.C to reg */
735 static CCPrepare gen_prepare_eflags_c(DisasContext *s, TCGv reg)
736 {
737 TCGv t0, t1;
738 int size, shift;
739
740 switch (s->cc_op) {
741 case CC_OP_SUBB ... CC_OP_SUBQ:
742 /* (DATA_TYPE)CC_SRCT < (DATA_TYPE)CC_SRC */
743 size = s->cc_op - CC_OP_SUBB;
744 t1 = gen_ext_tl(cpu_tmp0, cpu_cc_src, size, false);
745 /* If no temporary was used, be careful not to alias t1 and t0. */
746 t0 = TCGV_EQUAL(t1, cpu_cc_src) ? cpu_tmp0 : reg;
747 tcg_gen_mov_tl(t0, cpu_cc_srcT);
748 gen_extu(size, t0);
749 goto add_sub;
750
751 case CC_OP_ADDB ... CC_OP_ADDQ:
752 /* (DATA_TYPE)CC_DST < (DATA_TYPE)CC_SRC */
753 size = s->cc_op - CC_OP_ADDB;
754 t1 = gen_ext_tl(cpu_tmp0, cpu_cc_src, size, false);
755 t0 = gen_ext_tl(reg, cpu_cc_dst, size, false);
756 add_sub:
757 return (CCPrepare) { .cond = TCG_COND_LTU, .reg = t0,
758 .reg2 = t1, .mask = -1, .use_reg2 = true };
759
760 case CC_OP_LOGICB ... CC_OP_LOGICQ:
761 case CC_OP_CLR:
762 case CC_OP_POPCNT:
763 return (CCPrepare) { .cond = TCG_COND_NEVER, .mask = -1 };
764
765 case CC_OP_INCB ... CC_OP_INCQ:
766 case CC_OP_DECB ... CC_OP_DECQ:
767 return (CCPrepare) { .cond = TCG_COND_NE, .reg = cpu_cc_src,
768 .mask = -1, .no_setcond = true };
769
770 case CC_OP_SHLB ... CC_OP_SHLQ:
771 /* (CC_SRC >> (DATA_BITS - 1)) & 1 */
772 size = s->cc_op - CC_OP_SHLB;
773 shift = (8 << size) - 1;
774 return (CCPrepare) { .cond = TCG_COND_NE, .reg = cpu_cc_src,
775 .mask = (target_ulong)1 << shift };
776
777 case CC_OP_MULB ... CC_OP_MULQ:
778 return (CCPrepare) { .cond = TCG_COND_NE,
779 .reg = cpu_cc_src, .mask = -1 };
780
781 case CC_OP_BMILGB ... CC_OP_BMILGQ:
782 size = s->cc_op - CC_OP_BMILGB;
783 t0 = gen_ext_tl(reg, cpu_cc_src, size, false);
784 return (CCPrepare) { .cond = TCG_COND_EQ, .reg = t0, .mask = -1 };
785
786 case CC_OP_ADCX:
787 case CC_OP_ADCOX:
788 return (CCPrepare) { .cond = TCG_COND_NE, .reg = cpu_cc_dst,
789 .mask = -1, .no_setcond = true };
790
791 case CC_OP_EFLAGS:
792 case CC_OP_SARB ... CC_OP_SARQ:
793 /* CC_SRC & 1 */
794 return (CCPrepare) { .cond = TCG_COND_NE,
795 .reg = cpu_cc_src, .mask = CC_C };
796
797 default:
798 /* The need to compute only C from CC_OP_DYNAMIC is important
799 in efficiently implementing e.g. INC at the start of a TB. */
800 gen_update_cc_op(s);
801 gen_helper_cc_compute_c(reg, cpu_cc_dst, cpu_cc_src,
802 cpu_cc_src2, cpu_cc_op);
803 return (CCPrepare) { .cond = TCG_COND_NE, .reg = reg,
804 .mask = -1, .no_setcond = true };
805 }
806 }
807
808 /* compute eflags.P to reg */
809 static CCPrepare gen_prepare_eflags_p(DisasContext *s, TCGv reg)
810 {
811 gen_compute_eflags(s);
812 return (CCPrepare) { .cond = TCG_COND_NE, .reg = cpu_cc_src,
813 .mask = CC_P };
814 }
815
816 /* compute eflags.S to reg */
817 static CCPrepare gen_prepare_eflags_s(DisasContext *s, TCGv reg)
818 {
819 switch (s->cc_op) {
820 case CC_OP_DYNAMIC:
821 gen_compute_eflags(s);
822 /* FALLTHRU */
823 case CC_OP_EFLAGS:
824 case CC_OP_ADCX:
825 case CC_OP_ADOX:
826 case CC_OP_ADCOX:
827 return (CCPrepare) { .cond = TCG_COND_NE, .reg = cpu_cc_src,
828 .mask = CC_S };
829 case CC_OP_CLR:
830 case CC_OP_POPCNT:
831 return (CCPrepare) { .cond = TCG_COND_NEVER, .mask = -1 };
832 default:
833 {
834 TCGMemOp size = (s->cc_op - CC_OP_ADDB) & 3;
835 TCGv t0 = gen_ext_tl(reg, cpu_cc_dst, size, true);
836 return (CCPrepare) { .cond = TCG_COND_LT, .reg = t0, .mask = -1 };
837 }
838 }
839 }
840
841 /* compute eflags.O to reg */
842 static CCPrepare gen_prepare_eflags_o(DisasContext *s, TCGv reg)
843 {
844 switch (s->cc_op) {
845 case CC_OP_ADOX:
846 case CC_OP_ADCOX:
847 return (CCPrepare) { .cond = TCG_COND_NE, .reg = cpu_cc_src2,
848 .mask = -1, .no_setcond = true };
849 case CC_OP_CLR:
850 case CC_OP_POPCNT:
851 return (CCPrepare) { .cond = TCG_COND_NEVER, .mask = -1 };
852 default:
853 gen_compute_eflags(s);
854 return (CCPrepare) { .cond = TCG_COND_NE, .reg = cpu_cc_src,
855 .mask = CC_O };
856 }
857 }
858
859 /* compute eflags.Z to reg */
860 static CCPrepare gen_prepare_eflags_z(DisasContext *s, TCGv reg)
861 {
862 switch (s->cc_op) {
863 case CC_OP_DYNAMIC:
864 gen_compute_eflags(s);
865 /* FALLTHRU */
866 case CC_OP_EFLAGS:
867 case CC_OP_ADCX:
868 case CC_OP_ADOX:
869 case CC_OP_ADCOX:
870 return (CCPrepare) { .cond = TCG_COND_NE, .reg = cpu_cc_src,
871 .mask = CC_Z };
872 case CC_OP_CLR:
873 return (CCPrepare) { .cond = TCG_COND_ALWAYS, .mask = -1 };
874 case CC_OP_POPCNT:
875 return (CCPrepare) { .cond = TCG_COND_EQ, .reg = cpu_cc_src,
876 .mask = -1 };
877 default:
878 {
879 TCGMemOp size = (s->cc_op - CC_OP_ADDB) & 3;
880 TCGv t0 = gen_ext_tl(reg, cpu_cc_dst, size, false);
881 return (CCPrepare) { .cond = TCG_COND_EQ, .reg = t0, .mask = -1 };
882 }
883 }
884 }
885
886 /* perform a conditional store into register 'reg' according to jump opcode
887 value 'b'. In the fast case, T0 is guaranted not to be used. */
888 static CCPrepare gen_prepare_cc(DisasContext *s, int b, TCGv reg)
889 {
890 int inv, jcc_op, cond;
891 TCGMemOp size;
892 CCPrepare cc;
893 TCGv t0;
894
895 inv = b & 1;
896 jcc_op = (b >> 1) & 7;
897
898 switch (s->cc_op) {
899 case CC_OP_SUBB ... CC_OP_SUBQ:
900 /* We optimize relational operators for the cmp/jcc case. */
901 size = s->cc_op - CC_OP_SUBB;
902 switch (jcc_op) {
903 case JCC_BE:
904 tcg_gen_mov_tl(cpu_tmp4, cpu_cc_srcT);
905 gen_extu(size, cpu_tmp4);
906 t0 = gen_ext_tl(cpu_tmp0, cpu_cc_src, size, false);
907 cc = (CCPrepare) { .cond = TCG_COND_LEU, .reg = cpu_tmp4,
908 .reg2 = t0, .mask = -1, .use_reg2 = true };
909 break;
910
911 case JCC_L:
912 cond = TCG_COND_LT;
913 goto fast_jcc_l;
914 case JCC_LE:
915 cond = TCG_COND_LE;
916 fast_jcc_l:
917 tcg_gen_mov_tl(cpu_tmp4, cpu_cc_srcT);
918 gen_exts(size, cpu_tmp4);
919 t0 = gen_ext_tl(cpu_tmp0, cpu_cc_src, size, true);
920 cc = (CCPrepare) { .cond = cond, .reg = cpu_tmp4,
921 .reg2 = t0, .mask = -1, .use_reg2 = true };
922 break;
923
924 default:
925 goto slow_jcc;
926 }
927 break;
928
929 default:
930 slow_jcc:
931 /* This actually generates good code for JC, JZ and JS. */
932 switch (jcc_op) {
933 case JCC_O:
934 cc = gen_prepare_eflags_o(s, reg);
935 break;
936 case JCC_B:
937 cc = gen_prepare_eflags_c(s, reg);
938 break;
939 case JCC_Z:
940 cc = gen_prepare_eflags_z(s, reg);
941 break;
942 case JCC_BE:
943 gen_compute_eflags(s);
944 cc = (CCPrepare) { .cond = TCG_COND_NE, .reg = cpu_cc_src,
945 .mask = CC_Z | CC_C };
946 break;
947 case JCC_S:
948 cc = gen_prepare_eflags_s(s, reg);
949 break;
950 case JCC_P:
951 cc = gen_prepare_eflags_p(s, reg);
952 break;
953 case JCC_L:
954 gen_compute_eflags(s);
955 if (TCGV_EQUAL(reg, cpu_cc_src)) {
956 reg = cpu_tmp0;
957 }
958 tcg_gen_shri_tl(reg, cpu_cc_src, 4); /* CC_O -> CC_S */
959 tcg_gen_xor_tl(reg, reg, cpu_cc_src);
960 cc = (CCPrepare) { .cond = TCG_COND_NE, .reg = reg,
961 .mask = CC_S };
962 break;
963 default:
964 case JCC_LE:
965 gen_compute_eflags(s);
966 if (TCGV_EQUAL(reg, cpu_cc_src)) {
967 reg = cpu_tmp0;
968 }
969 tcg_gen_shri_tl(reg, cpu_cc_src, 4); /* CC_O -> CC_S */
970 tcg_gen_xor_tl(reg, reg, cpu_cc_src);
971 cc = (CCPrepare) { .cond = TCG_COND_NE, .reg = reg,
972 .mask = CC_S | CC_Z };
973 break;
974 }
975 break;
976 }
977
978 if (inv) {
979 cc.cond = tcg_invert_cond(cc.cond);
980 }
981 return cc;
982 }
983
984 static void gen_setcc1(DisasContext *s, int b, TCGv reg)
985 {
986 CCPrepare cc = gen_prepare_cc(s, b, reg);
987
988 if (cc.no_setcond) {
989 if (cc.cond == TCG_COND_EQ) {
990 tcg_gen_xori_tl(reg, cc.reg, 1);
991 } else {
992 tcg_gen_mov_tl(reg, cc.reg);
993 }
994 return;
995 }
996
997 if (cc.cond == TCG_COND_NE && !cc.use_reg2 && cc.imm == 0 &&
998 cc.mask != 0 && (cc.mask & (cc.mask - 1)) == 0) {
999 tcg_gen_shri_tl(reg, cc.reg, ctztl(cc.mask));
1000 tcg_gen_andi_tl(reg, reg, 1);
1001 return;
1002 }
1003 if (cc.mask != -1) {
1004 tcg_gen_andi_tl(reg, cc.reg, cc.mask);
1005 cc.reg = reg;
1006 }
1007 if (cc.use_reg2) {
1008 tcg_gen_setcond_tl(cc.cond, reg, cc.reg, cc.reg2);
1009 } else {
1010 tcg_gen_setcondi_tl(cc.cond, reg, cc.reg, cc.imm);
1011 }
1012 }
1013
1014 static inline void gen_compute_eflags_c(DisasContext *s, TCGv reg)
1015 {
1016 gen_setcc1(s, JCC_B << 1, reg);
1017 }
1018
1019 /* generate a conditional jump to label 'l1' according to jump opcode
1020 value 'b'. In the fast case, T0 is guaranted not to be used. */
1021 static inline void gen_jcc1_noeob(DisasContext *s, int b, TCGLabel *l1)
1022 {
1023 CCPrepare cc = gen_prepare_cc(s, b, cpu_T0);
1024
1025 if (cc.mask != -1) {
1026 tcg_gen_andi_tl(cpu_T0, cc.reg, cc.mask);
1027 cc.reg = cpu_T0;
1028 }
1029 if (cc.use_reg2) {
1030 tcg_gen_brcond_tl(cc.cond, cc.reg, cc.reg2, l1);
1031 } else {
1032 tcg_gen_brcondi_tl(cc.cond, cc.reg, cc.imm, l1);
1033 }
1034 }
1035
1036 /* Generate a conditional jump to label 'l1' according to jump opcode
1037 value 'b'. In the fast case, T0 is guaranted not to be used.
1038 A translation block must end soon. */
1039 static inline void gen_jcc1(DisasContext *s, int b, TCGLabel *l1)
1040 {
1041 CCPrepare cc = gen_prepare_cc(s, b, cpu_T0);
1042
1043 gen_update_cc_op(s);
1044 if (cc.mask != -1) {
1045 tcg_gen_andi_tl(cpu_T0, cc.reg, cc.mask);
1046 cc.reg = cpu_T0;
1047 }
1048 set_cc_op(s, CC_OP_DYNAMIC);
1049 if (cc.use_reg2) {
1050 tcg_gen_brcond_tl(cc.cond, cc.reg, cc.reg2, l1);
1051 } else {
1052 tcg_gen_brcondi_tl(cc.cond, cc.reg, cc.imm, l1);
1053 }
1054 }
1055
1056 /* XXX: does not work with gdbstub "ice" single step - not a
1057 serious problem */
1058 static TCGLabel *gen_jz_ecx_string(DisasContext *s, target_ulong next_eip)
1059 {
1060 TCGLabel *l1 = gen_new_label();
1061 TCGLabel *l2 = gen_new_label();
1062 gen_op_jnz_ecx(s->aflag, l1);
1063 gen_set_label(l2);
1064 gen_jmp_tb(s, next_eip, 1);
1065 gen_set_label(l1);
1066 return l2;
1067 }
1068
1069 static inline void gen_stos(DisasContext *s, TCGMemOp ot)
1070 {
1071 gen_op_mov_v_reg(MO_32, cpu_T0, R_EAX);
1072 gen_string_movl_A0_EDI(s);
1073 gen_op_st_v(s, ot, cpu_T0, cpu_A0);
1074 gen_op_movl_T0_Dshift(ot);
1075 gen_op_add_reg_T0(s->aflag, R_EDI);
1076 }
1077
1078 static inline void gen_lods(DisasContext *s, TCGMemOp ot)
1079 {
1080 gen_string_movl_A0_ESI(s);
1081 gen_op_ld_v(s, ot, cpu_T0, cpu_A0);
1082 gen_op_mov_reg_v(ot, R_EAX, cpu_T0);
1083 gen_op_movl_T0_Dshift(ot);
1084 gen_op_add_reg_T0(s->aflag, R_ESI);
1085 }
1086
1087 static inline void gen_scas(DisasContext *s, TCGMemOp ot)
1088 {
1089 gen_string_movl_A0_EDI(s);
1090 gen_op_ld_v(s, ot, cpu_T1, cpu_A0);
1091 gen_op(s, OP_CMPL, ot, R_EAX);
1092 gen_op_movl_T0_Dshift(ot);
1093 gen_op_add_reg_T0(s->aflag, R_EDI);
1094 }
1095
1096 static inline void gen_cmps(DisasContext *s, TCGMemOp ot)
1097 {
1098 gen_string_movl_A0_EDI(s);
1099 gen_op_ld_v(s, ot, cpu_T1, cpu_A0);
1100 gen_string_movl_A0_ESI(s);
1101 gen_op(s, OP_CMPL, ot, OR_TMP0);
1102 gen_op_movl_T0_Dshift(ot);
1103 gen_op_add_reg_T0(s->aflag, R_ESI);
1104 gen_op_add_reg_T0(s->aflag, R_EDI);
1105 }
1106
1107 static void gen_bpt_io(DisasContext *s, TCGv_i32 t_port, int ot)
1108 {
1109 if (s->flags & HF_IOBPT_MASK) {
1110 TCGv_i32 t_size = tcg_const_i32(1 << ot);
1111 TCGv t_next = tcg_const_tl(s->pc - s->cs_base);
1112
1113 gen_helper_bpt_io(cpu_env, t_port, t_size, t_next);
1114 tcg_temp_free_i32(t_size);
1115 tcg_temp_free(t_next);
1116 }
1117 }
1118
1119
1120 static inline void gen_ins(DisasContext *s, TCGMemOp ot)
1121 {
1122 if (s->tb->cflags & CF_USE_ICOUNT) {
1123 gen_io_start();
1124 }
1125 gen_string_movl_A0_EDI(s);
1126 /* Note: we must do this dummy write first to be restartable in
1127 case of page fault. */
1128 tcg_gen_movi_tl(cpu_T0, 0);
1129 gen_op_st_v(s, ot, cpu_T0, cpu_A0);
1130 tcg_gen_trunc_tl_i32(cpu_tmp2_i32, cpu_regs[R_EDX]);
1131 tcg_gen_andi_i32(cpu_tmp2_i32, cpu_tmp2_i32, 0xffff);
1132 gen_helper_in_func(ot, cpu_T0, cpu_tmp2_i32);
1133 gen_op_st_v(s, ot, cpu_T0, cpu_A0);
1134 gen_op_movl_T0_Dshift(ot);
1135 gen_op_add_reg_T0(s->aflag, R_EDI);
1136 gen_bpt_io(s, cpu_tmp2_i32, ot);
1137 if (s->tb->cflags & CF_USE_ICOUNT) {
1138 gen_io_end();
1139 }
1140 }
1141
1142 static inline void gen_outs(DisasContext *s, TCGMemOp ot)
1143 {
1144 if (s->tb->cflags & CF_USE_ICOUNT) {
1145 gen_io_start();
1146 }
1147 gen_string_movl_A0_ESI(s);
1148 gen_op_ld_v(s, ot, cpu_T0, cpu_A0);
1149
1150 tcg_gen_trunc_tl_i32(cpu_tmp2_i32, cpu_regs[R_EDX]);
1151 tcg_gen_andi_i32(cpu_tmp2_i32, cpu_tmp2_i32, 0xffff);
1152 tcg_gen_trunc_tl_i32(cpu_tmp3_i32, cpu_T0);
1153 gen_helper_out_func(ot, cpu_tmp2_i32, cpu_tmp3_i32);
1154 gen_op_movl_T0_Dshift(ot);
1155 gen_op_add_reg_T0(s->aflag, R_ESI);
1156 gen_bpt_io(s, cpu_tmp2_i32, ot);
1157 if (s->tb->cflags & CF_USE_ICOUNT) {
1158 gen_io_end();
1159 }
1160 }
1161
1162 /* same method as Valgrind : we generate jumps to current or next
1163 instruction */
1164 #define GEN_REPZ(op) \
1165 static inline void gen_repz_ ## op(DisasContext *s, TCGMemOp ot, \
1166 target_ulong cur_eip, target_ulong next_eip) \
1167 { \
1168 TCGLabel *l2; \
1169 gen_update_cc_op(s); \
1170 l2 = gen_jz_ecx_string(s, next_eip); \
1171 gen_ ## op(s, ot); \
1172 gen_op_add_reg_im(s->aflag, R_ECX, -1); \
1173 /* a loop would cause two single step exceptions if ECX = 1 \
1174 before rep string_insn */ \
1175 if (s->repz_opt) \
1176 gen_op_jz_ecx(s->aflag, l2); \
1177 gen_jmp(s, cur_eip); \
1178 }
1179
1180 #define GEN_REPZ2(op) \
1181 static inline void gen_repz_ ## op(DisasContext *s, TCGMemOp ot, \
1182 target_ulong cur_eip, \
1183 target_ulong next_eip, \
1184 int nz) \
1185 { \
1186 TCGLabel *l2; \
1187 gen_update_cc_op(s); \
1188 l2 = gen_jz_ecx_string(s, next_eip); \
1189 gen_ ## op(s, ot); \
1190 gen_op_add_reg_im(s->aflag, R_ECX, -1); \
1191 gen_update_cc_op(s); \
1192 gen_jcc1(s, (JCC_Z << 1) | (nz ^ 1), l2); \
1193 if (s->repz_opt) \
1194 gen_op_jz_ecx(s->aflag, l2); \
1195 gen_jmp(s, cur_eip); \
1196 }
1197
1198 GEN_REPZ(movs)
1199 GEN_REPZ(stos)
1200 GEN_REPZ(lods)
1201 GEN_REPZ(ins)
1202 GEN_REPZ(outs)
1203 GEN_REPZ2(scas)
1204 GEN_REPZ2(cmps)
1205
1206 static void gen_helper_fp_arith_ST0_FT0(int op)
1207 {
1208 switch (op) {
1209 case 0:
1210 gen_helper_fadd_ST0_FT0(cpu_env);
1211 break;
1212 case 1:
1213 gen_helper_fmul_ST0_FT0(cpu_env);
1214 break;
1215 case 2:
1216 gen_helper_fcom_ST0_FT0(cpu_env);
1217 break;
1218 case 3:
1219 gen_helper_fcom_ST0_FT0(cpu_env);
1220 break;
1221 case 4:
1222 gen_helper_fsub_ST0_FT0(cpu_env);
1223 break;
1224 case 5:
1225 gen_helper_fsubr_ST0_FT0(cpu_env);
1226 break;
1227 case 6:
1228 gen_helper_fdiv_ST0_FT0(cpu_env);
1229 break;
1230 case 7:
1231 gen_helper_fdivr_ST0_FT0(cpu_env);
1232 break;
1233 }
1234 }
1235
1236 /* NOTE the exception in "r" op ordering */
1237 static void gen_helper_fp_arith_STN_ST0(int op, int opreg)
1238 {
1239 TCGv_i32 tmp = tcg_const_i32(opreg);
1240 switch (op) {
1241 case 0:
1242 gen_helper_fadd_STN_ST0(cpu_env, tmp);
1243 break;
1244 case 1:
1245 gen_helper_fmul_STN_ST0(cpu_env, tmp);
1246 break;
1247 case 4:
1248 gen_helper_fsubr_STN_ST0(cpu_env, tmp);
1249 break;
1250 case 5:
1251 gen_helper_fsub_STN_ST0(cpu_env, tmp);
1252 break;
1253 case 6:
1254 gen_helper_fdivr_STN_ST0(cpu_env, tmp);
1255 break;
1256 case 7:
1257 gen_helper_fdiv_STN_ST0(cpu_env, tmp);
1258 break;
1259 }
1260 }
1261
1262 /* if d == OR_TMP0, it means memory operand (address in A0) */
1263 static void gen_op(DisasContext *s1, int op, TCGMemOp ot, int d)
1264 {
1265 if (d != OR_TMP0) {
1266 gen_op_mov_v_reg(ot, cpu_T0, d);
1267 } else if (!(s1->prefix & PREFIX_LOCK)) {
1268 gen_op_ld_v(s1, ot, cpu_T0, cpu_A0);
1269 }
1270 switch(op) {
1271 case OP_ADCL:
1272 gen_compute_eflags_c(s1, cpu_tmp4);
1273 if (s1->prefix & PREFIX_LOCK) {
1274 tcg_gen_add_tl(cpu_T0, cpu_tmp4, cpu_T1);
1275 tcg_gen_atomic_add_fetch_tl(cpu_T0, cpu_A0, cpu_T0,
1276 s1->mem_index, ot | MO_LE);
1277 } else {
1278 tcg_gen_add_tl(cpu_T0, cpu_T0, cpu_T1);
1279 tcg_gen_add_tl(cpu_T0, cpu_T0, cpu_tmp4);
1280 gen_op_st_rm_T0_A0(s1, ot, d);
1281 }
1282 gen_op_update3_cc(cpu_tmp4);
1283 set_cc_op(s1, CC_OP_ADCB + ot);
1284 break;
1285 case OP_SBBL:
1286 gen_compute_eflags_c(s1, cpu_tmp4);
1287 if (s1->prefix & PREFIX_LOCK) {
1288 tcg_gen_add_tl(cpu_T0, cpu_T1, cpu_tmp4);
1289 tcg_gen_neg_tl(cpu_T0, cpu_T0);
1290 tcg_gen_atomic_add_fetch_tl(cpu_T0, cpu_A0, cpu_T0,
1291 s1->mem_index, ot | MO_LE);
1292 } else {
1293 tcg_gen_sub_tl(cpu_T0, cpu_T0, cpu_T1);
1294 tcg_gen_sub_tl(cpu_T0, cpu_T0, cpu_tmp4);
1295 gen_op_st_rm_T0_A0(s1, ot, d);
1296 }
1297 gen_op_update3_cc(cpu_tmp4);
1298 set_cc_op(s1, CC_OP_SBBB + ot);
1299 break;
1300 case OP_ADDL:
1301 if (s1->prefix & PREFIX_LOCK) {
1302 tcg_gen_atomic_add_fetch_tl(cpu_T0, cpu_A0, cpu_T1,
1303 s1->mem_index, ot | MO_LE);
1304 } else {
1305 tcg_gen_add_tl(cpu_T0, cpu_T0, cpu_T1);
1306 gen_op_st_rm_T0_A0(s1, ot, d);
1307 }
1308 gen_op_update2_cc();
1309 set_cc_op(s1, CC_OP_ADDB + ot);
1310 break;
1311 case OP_SUBL:
1312 if (s1->prefix & PREFIX_LOCK) {
1313 tcg_gen_neg_tl(cpu_T0, cpu_T1);
1314 tcg_gen_atomic_fetch_add_tl(cpu_cc_srcT, cpu_A0, cpu_T0,
1315 s1->mem_index, ot | MO_LE);
1316 tcg_gen_sub_tl(cpu_T0, cpu_cc_srcT, cpu_T1);
1317 } else {
1318 tcg_gen_mov_tl(cpu_cc_srcT, cpu_T0);
1319 tcg_gen_sub_tl(cpu_T0, cpu_T0, cpu_T1);
1320 gen_op_st_rm_T0_A0(s1, ot, d);
1321 }
1322 gen_op_update2_cc();
1323 set_cc_op(s1, CC_OP_SUBB + ot);
1324 break;
1325 default:
1326 case OP_ANDL:
1327 if (s1->prefix & PREFIX_LOCK) {
1328 tcg_gen_atomic_and_fetch_tl(cpu_T0, cpu_A0, cpu_T1,
1329 s1->mem_index, ot | MO_LE);
1330 } else {
1331 tcg_gen_and_tl(cpu_T0, cpu_T0, cpu_T1);
1332 gen_op_st_rm_T0_A0(s1, ot, d);
1333 }
1334 gen_op_update1_cc();
1335 set_cc_op(s1, CC_OP_LOGICB + ot);
1336 break;
1337 case OP_ORL:
1338 if (s1->prefix & PREFIX_LOCK) {
1339 tcg_gen_atomic_or_fetch_tl(cpu_T0, cpu_A0, cpu_T1,
1340 s1->mem_index, ot | MO_LE);
1341 } else {
1342 tcg_gen_or_tl(cpu_T0, cpu_T0, cpu_T1);
1343 gen_op_st_rm_T0_A0(s1, ot, d);
1344 }
1345 gen_op_update1_cc();
1346 set_cc_op(s1, CC_OP_LOGICB + ot);
1347 break;
1348 case OP_XORL:
1349 if (s1->prefix & PREFIX_LOCK) {
1350 tcg_gen_atomic_xor_fetch_tl(cpu_T0, cpu_A0, cpu_T1,
1351 s1->mem_index, ot | MO_LE);
1352 } else {
1353 tcg_gen_xor_tl(cpu_T0, cpu_T0, cpu_T1);
1354 gen_op_st_rm_T0_A0(s1, ot, d);
1355 }
1356 gen_op_update1_cc();
1357 set_cc_op(s1, CC_OP_LOGICB + ot);
1358 break;
1359 case OP_CMPL:
1360 tcg_gen_mov_tl(cpu_cc_src, cpu_T1);
1361 tcg_gen_mov_tl(cpu_cc_srcT, cpu_T0);
1362 tcg_gen_sub_tl(cpu_cc_dst, cpu_T0, cpu_T1);
1363 set_cc_op(s1, CC_OP_SUBB + ot);
1364 break;
1365 }
1366 }
1367
1368 /* if d == OR_TMP0, it means memory operand (address in A0) */
1369 static void gen_inc(DisasContext *s1, TCGMemOp ot, int d, int c)
1370 {
1371 if (s1->prefix & PREFIX_LOCK) {
1372 tcg_gen_movi_tl(cpu_T0, c > 0 ? 1 : -1);
1373 tcg_gen_atomic_add_fetch_tl(cpu_T0, cpu_A0, cpu_T0,
1374 s1->mem_index, ot | MO_LE);
1375 } else {
1376 if (d != OR_TMP0) {
1377 gen_op_mov_v_reg(ot, cpu_T0, d);
1378 } else {
1379 gen_op_ld_v(s1, ot, cpu_T0, cpu_A0);
1380 }
1381 tcg_gen_addi_tl(cpu_T0, cpu_T0, (c > 0 ? 1 : -1));
1382 gen_op_st_rm_T0_A0(s1, ot, d);
1383 }
1384
1385 gen_compute_eflags_c(s1, cpu_cc_src);
1386 tcg_gen_mov_tl(cpu_cc_dst, cpu_T0);
1387 set_cc_op(s1, (c > 0 ? CC_OP_INCB : CC_OP_DECB) + ot);
1388 }
1389
1390 static void gen_shift_flags(DisasContext *s, TCGMemOp ot, TCGv result,
1391 TCGv shm1, TCGv count, bool is_right)
1392 {
1393 TCGv_i32 z32, s32, oldop;
1394 TCGv z_tl;
1395
1396 /* Store the results into the CC variables. If we know that the
1397 variable must be dead, store unconditionally. Otherwise we'll
1398 need to not disrupt the current contents. */
1399 z_tl = tcg_const_tl(0);
1400 if (cc_op_live[s->cc_op] & USES_CC_DST) {
1401 tcg_gen_movcond_tl(TCG_COND_NE, cpu_cc_dst, count, z_tl,
1402 result, cpu_cc_dst);
1403 } else {
1404 tcg_gen_mov_tl(cpu_cc_dst, result);
1405 }
1406 if (cc_op_live[s->cc_op] & USES_CC_SRC) {
1407 tcg_gen_movcond_tl(TCG_COND_NE, cpu_cc_src, count, z_tl,
1408 shm1, cpu_cc_src);
1409 } else {
1410 tcg_gen_mov_tl(cpu_cc_src, shm1);
1411 }
1412 tcg_temp_free(z_tl);
1413
1414 /* Get the two potential CC_OP values into temporaries. */
1415 tcg_gen_movi_i32(cpu_tmp2_i32, (is_right ? CC_OP_SARB : CC_OP_SHLB) + ot);
1416 if (s->cc_op == CC_OP_DYNAMIC) {
1417 oldop = cpu_cc_op;
1418 } else {
1419 tcg_gen_movi_i32(cpu_tmp3_i32, s->cc_op);
1420 oldop = cpu_tmp3_i32;
1421 }
1422
1423 /* Conditionally store the CC_OP value. */
1424 z32 = tcg_const_i32(0);
1425 s32 = tcg_temp_new_i32();
1426 tcg_gen_trunc_tl_i32(s32, count);
1427 tcg_gen_movcond_i32(TCG_COND_NE, cpu_cc_op, s32, z32, cpu_tmp2_i32, oldop);
1428 tcg_temp_free_i32(z32);
1429 tcg_temp_free_i32(s32);
1430
1431 /* The CC_OP value is no longer predictable. */
1432 set_cc_op(s, CC_OP_DYNAMIC);
1433 }
1434
1435 static void gen_shift_rm_T1(DisasContext *s, TCGMemOp ot, int op1,
1436 int is_right, int is_arith)
1437 {
1438 target_ulong mask = (ot == MO_64 ? 0x3f : 0x1f);
1439
1440 /* load */
1441 if (op1 == OR_TMP0) {
1442 gen_op_ld_v(s, ot, cpu_T0, cpu_A0);
1443 } else {
1444 gen_op_mov_v_reg(ot, cpu_T0, op1);
1445 }
1446
1447 tcg_gen_andi_tl(cpu_T1, cpu_T1, mask);
1448 tcg_gen_subi_tl(cpu_tmp0, cpu_T1, 1);
1449
1450 if (is_right) {
1451 if (is_arith) {
1452 gen_exts(ot, cpu_T0);
1453 tcg_gen_sar_tl(cpu_tmp0, cpu_T0, cpu_tmp0);
1454 tcg_gen_sar_tl(cpu_T0, cpu_T0, cpu_T1);
1455 } else {
1456 gen_extu(ot, cpu_T0);
1457 tcg_gen_shr_tl(cpu_tmp0, cpu_T0, cpu_tmp0);
1458 tcg_gen_shr_tl(cpu_T0, cpu_T0, cpu_T1);
1459 }
1460 } else {
1461 tcg_gen_shl_tl(cpu_tmp0, cpu_T0, cpu_tmp0);
1462 tcg_gen_shl_tl(cpu_T0, cpu_T0, cpu_T1);
1463 }
1464
1465 /* store */
1466 gen_op_st_rm_T0_A0(s, ot, op1);
1467
1468 gen_shift_flags(s, ot, cpu_T0, cpu_tmp0, cpu_T1, is_right);
1469 }
1470
1471 static void gen_shift_rm_im(DisasContext *s, TCGMemOp ot, int op1, int op2,
1472 int is_right, int is_arith)
1473 {
1474 int mask = (ot == MO_64 ? 0x3f : 0x1f);
1475
1476 /* load */
1477 if (op1 == OR_TMP0)
1478 gen_op_ld_v(s, ot, cpu_T0, cpu_A0);
1479 else
1480 gen_op_mov_v_reg(ot, cpu_T0, op1);
1481
1482 op2 &= mask;
1483 if (op2 != 0) {
1484 if (is_right) {
1485 if (is_arith) {
1486 gen_exts(ot, cpu_T0);
1487 tcg_gen_sari_tl(cpu_tmp4, cpu_T0, op2 - 1);
1488 tcg_gen_sari_tl(cpu_T0, cpu_T0, op2);
1489 } else {
1490 gen_extu(ot, cpu_T0);
1491 tcg_gen_shri_tl(cpu_tmp4, cpu_T0, op2 - 1);
1492 tcg_gen_shri_tl(cpu_T0, cpu_T0, op2);
1493 }
1494 } else {
1495 tcg_gen_shli_tl(cpu_tmp4, cpu_T0, op2 - 1);
1496 tcg_gen_shli_tl(cpu_T0, cpu_T0, op2);
1497 }
1498 }
1499
1500 /* store */
1501 gen_op_st_rm_T0_A0(s, ot, op1);
1502
1503 /* update eflags if non zero shift */
1504 if (op2 != 0) {
1505 tcg_gen_mov_tl(cpu_cc_src, cpu_tmp4);
1506 tcg_gen_mov_tl(cpu_cc_dst, cpu_T0);
1507 set_cc_op(s, (is_right ? CC_OP_SARB : CC_OP_SHLB) + ot);
1508 }
1509 }
1510
1511 static void gen_rot_rm_T1(DisasContext *s, TCGMemOp ot, int op1, int is_right)
1512 {
1513 target_ulong mask = (ot == MO_64 ? 0x3f : 0x1f);
1514 TCGv_i32 t0, t1;
1515
1516 /* load */
1517 if (op1 == OR_TMP0) {
1518 gen_op_ld_v(s, ot, cpu_T0, cpu_A0);
1519 } else {
1520 gen_op_mov_v_reg(ot, cpu_T0, op1);
1521 }
1522
1523 tcg_gen_andi_tl(cpu_T1, cpu_T1, mask);
1524
1525 switch (ot) {
1526 case MO_8:
1527 /* Replicate the 8-bit input so that a 32-bit rotate works. */
1528 tcg_gen_ext8u_tl(cpu_T0, cpu_T0);
1529 tcg_gen_muli_tl(cpu_T0, cpu_T0, 0x01010101);
1530 goto do_long;
1531 case MO_16:
1532 /* Replicate the 16-bit input so that a 32-bit rotate works. */
1533 tcg_gen_deposit_tl(cpu_T0, cpu_T0, cpu_T0, 16, 16);
1534 goto do_long;
1535 do_long:
1536 #ifdef TARGET_X86_64
1537 case MO_32:
1538 tcg_gen_trunc_tl_i32(cpu_tmp2_i32, cpu_T0);
1539 tcg_gen_trunc_tl_i32(cpu_tmp3_i32, cpu_T1);
1540 if (is_right) {
1541 tcg_gen_rotr_i32(cpu_tmp2_i32, cpu_tmp2_i32, cpu_tmp3_i32);
1542 } else {
1543 tcg_gen_rotl_i32(cpu_tmp2_i32, cpu_tmp2_i32, cpu_tmp3_i32);
1544 }
1545 tcg_gen_extu_i32_tl(cpu_T0, cpu_tmp2_i32);
1546 break;
1547 #endif
1548 default:
1549 if (is_right) {
1550 tcg_gen_rotr_tl(cpu_T0, cpu_T0, cpu_T1);
1551 } else {
1552 tcg_gen_rotl_tl(cpu_T0, cpu_T0, cpu_T1);
1553 }
1554 break;
1555 }
1556
1557 /* store */
1558 gen_op_st_rm_T0_A0(s, ot, op1);
1559
1560 /* We'll need the flags computed into CC_SRC. */
1561 gen_compute_eflags(s);
1562
1563 /* The value that was "rotated out" is now present at the other end
1564 of the word. Compute C into CC_DST and O into CC_SRC2. Note that
1565 since we've computed the flags into CC_SRC, these variables are
1566 currently dead. */
1567 if (is_right) {
1568 tcg_gen_shri_tl(cpu_cc_src2, cpu_T0, mask - 1);
1569 tcg_gen_shri_tl(cpu_cc_dst, cpu_T0, mask);
1570 tcg_gen_andi_tl(cpu_cc_dst, cpu_cc_dst, 1);
1571 } else {
1572 tcg_gen_shri_tl(cpu_cc_src2, cpu_T0, mask);
1573 tcg_gen_andi_tl(cpu_cc_dst, cpu_T0, 1);
1574 }
1575 tcg_gen_andi_tl(cpu_cc_src2, cpu_cc_src2, 1);
1576 tcg_gen_xor_tl(cpu_cc_src2, cpu_cc_src2, cpu_cc_dst);
1577
1578 /* Now conditionally store the new CC_OP value. If the shift count
1579 is 0 we keep the CC_OP_EFLAGS setting so that only CC_SRC is live.
1580 Otherwise reuse CC_OP_ADCOX which have the C and O flags split out
1581 exactly as we computed above. */
1582 t0 = tcg_const_i32(0);
1583 t1 = tcg_temp_new_i32();
1584 tcg_gen_trunc_tl_i32(t1, cpu_T1);
1585 tcg_gen_movi_i32(cpu_tmp2_i32, CC_OP_ADCOX);
1586 tcg_gen_movi_i32(cpu_tmp3_i32, CC_OP_EFLAGS);
1587 tcg_gen_movcond_i32(TCG_COND_NE, cpu_cc_op, t1, t0,
1588 cpu_tmp2_i32, cpu_tmp3_i32);
1589 tcg_temp_free_i32(t0);
1590 tcg_temp_free_i32(t1);
1591
1592 /* The CC_OP value is no longer predictable. */
1593 set_cc_op(s, CC_OP_DYNAMIC);
1594 }
1595
1596 static void gen_rot_rm_im(DisasContext *s, TCGMemOp ot, int op1, int op2,
1597 int is_right)
1598 {
1599 int mask = (ot == MO_64 ? 0x3f : 0x1f);
1600 int shift;
1601
1602 /* load */
1603 if (op1 == OR_TMP0) {
1604 gen_op_ld_v(s, ot, cpu_T0, cpu_A0);
1605 } else {
1606 gen_op_mov_v_reg(ot, cpu_T0, op1);
1607 }
1608
1609 op2 &= mask;
1610 if (op2 != 0) {
1611 switch (ot) {
1612 #ifdef TARGET_X86_64
1613 case MO_32:
1614 tcg_gen_trunc_tl_i32(cpu_tmp2_i32, cpu_T0);
1615 if (is_right) {
1616 tcg_gen_rotri_i32(cpu_tmp2_i32, cpu_tmp2_i32, op2);
1617 } else {
1618 tcg_gen_rotli_i32(cpu_tmp2_i32, cpu_tmp2_i32, op2);
1619 }
1620 tcg_gen_extu_i32_tl(cpu_T0, cpu_tmp2_i32);
1621 break;
1622 #endif
1623 default:
1624 if (is_right) {
1625 tcg_gen_rotri_tl(cpu_T0, cpu_T0, op2);
1626 } else {
1627 tcg_gen_rotli_tl(cpu_T0, cpu_T0, op2);
1628 }
1629 break;
1630 case MO_8:
1631 mask = 7;
1632 goto do_shifts;
1633 case MO_16:
1634 mask = 15;
1635 do_shifts:
1636 shift = op2 & mask;
1637 if (is_right) {
1638 shift = mask + 1 - shift;
1639 }
1640 gen_extu(ot, cpu_T0);
1641 tcg_gen_shli_tl(cpu_tmp0, cpu_T0, shift);
1642 tcg_gen_shri_tl(cpu_T0, cpu_T0, mask + 1 - shift);
1643 tcg_gen_or_tl(cpu_T0, cpu_T0, cpu_tmp0);
1644 break;
1645 }
1646 }
1647
1648 /* store */
1649 gen_op_st_rm_T0_A0(s, ot, op1);
1650
1651 if (op2 != 0) {
1652 /* Compute the flags into CC_SRC. */
1653 gen_compute_eflags(s);
1654
1655 /* The value that was "rotated out" is now present at the other end
1656 of the word. Compute C into CC_DST and O into CC_SRC2. Note that
1657 since we've computed the flags into CC_SRC, these variables are
1658 currently dead. */
1659 if (is_right) {
1660 tcg_gen_shri_tl(cpu_cc_src2, cpu_T0, mask - 1);
1661 tcg_gen_shri_tl(cpu_cc_dst, cpu_T0, mask);
1662 tcg_gen_andi_tl(cpu_cc_dst, cpu_cc_dst, 1);
1663 } else {
1664 tcg_gen_shri_tl(cpu_cc_src2, cpu_T0, mask);
1665 tcg_gen_andi_tl(cpu_cc_dst, cpu_T0, 1);
1666 }
1667 tcg_gen_andi_tl(cpu_cc_src2, cpu_cc_src2, 1);
1668 tcg_gen_xor_tl(cpu_cc_src2, cpu_cc_src2, cpu_cc_dst);
1669 set_cc_op(s, CC_OP_ADCOX);
1670 }
1671 }
1672
1673 /* XXX: add faster immediate = 1 case */
1674 static void gen_rotc_rm_T1(DisasContext *s, TCGMemOp ot, int op1,
1675 int is_right)
1676 {
1677 gen_compute_eflags(s);
1678 assert(s->cc_op == CC_OP_EFLAGS);
1679
1680 /* load */
1681 if (op1 == OR_TMP0)
1682 gen_op_ld_v(s, ot, cpu_T0, cpu_A0);
1683 else
1684 gen_op_mov_v_reg(ot, cpu_T0, op1);
1685
1686 if (is_right) {
1687 switch (ot) {
1688 case MO_8:
1689 gen_helper_rcrb(cpu_T0, cpu_env, cpu_T0, cpu_T1);
1690 break;
1691 case MO_16:
1692 gen_helper_rcrw(cpu_T0, cpu_env, cpu_T0, cpu_T1);
1693 break;
1694 case MO_32:
1695 gen_helper_rcrl(cpu_T0, cpu_env, cpu_T0, cpu_T1);
1696 break;
1697 #ifdef TARGET_X86_64
1698 case MO_64:
1699 gen_helper_rcrq(cpu_T0, cpu_env, cpu_T0, cpu_T1);
1700 break;
1701 #endif
1702 default:
1703 tcg_abort();
1704 }
1705 } else {
1706 switch (ot) {
1707 case MO_8:
1708 gen_helper_rclb(cpu_T0, cpu_env, cpu_T0, cpu_T1);
1709 break;
1710 case MO_16:
1711 gen_helper_rclw(cpu_T0, cpu_env, cpu_T0, cpu_T1);
1712 break;
1713 case MO_32:
1714 gen_helper_rcll(cpu_T0, cpu_env, cpu_T0, cpu_T1);
1715 break;
1716 #ifdef TARGET_X86_64
1717 case MO_64:
1718 gen_helper_rclq(cpu_T0, cpu_env, cpu_T0, cpu_T1);
1719 break;
1720 #endif
1721 default:
1722 tcg_abort();
1723 }
1724 }
1725 /* store */
1726 gen_op_st_rm_T0_A0(s, ot, op1);
1727 }
1728
1729 /* XXX: add faster immediate case */
1730 static void gen_shiftd_rm_T1(DisasContext *s, TCGMemOp ot, int op1,
1731 bool is_right, TCGv count_in)
1732 {
1733 target_ulong mask = (ot == MO_64 ? 63 : 31);
1734 TCGv count;
1735
1736 /* load */
1737 if (op1 == OR_TMP0) {
1738 gen_op_ld_v(s, ot, cpu_T0, cpu_A0);
1739 } else {
1740 gen_op_mov_v_reg(ot, cpu_T0, op1);
1741 }
1742
1743 count = tcg_temp_new();
1744 tcg_gen_andi_tl(count, count_in, mask);
1745
1746 switch (ot) {
1747 case MO_16:
1748 /* Note: we implement the Intel behaviour for shift count > 16.
1749 This means "shrdw C, B, A" shifts A:B:A >> C. Build the B:A
1750 portion by constructing it as a 32-bit value. */
1751 if (is_right) {
1752 tcg_gen_deposit_tl(cpu_tmp0, cpu_T0, cpu_T1, 16, 16);
1753 tcg_gen_mov_tl(cpu_T1, cpu_T0);
1754 tcg_gen_mov_tl(cpu_T0, cpu_tmp0);
1755 } else {
1756 tcg_gen_deposit_tl(cpu_T1, cpu_T0, cpu_T1, 16, 16);
1757 }
1758 /* FALLTHRU */
1759 #ifdef TARGET_X86_64
1760 case MO_32:
1761 /* Concatenate the two 32-bit values and use a 64-bit shift. */
1762 tcg_gen_subi_tl(cpu_tmp0, count, 1);
1763 if (is_right) {
1764 tcg_gen_concat_tl_i64(cpu_T0, cpu_T0, cpu_T1);
1765 tcg_gen_shr_i64(cpu_tmp0, cpu_T0, cpu_tmp0);
1766 tcg_gen_shr_i64(cpu_T0, cpu_T0, count);
1767 } else {
1768 tcg_gen_concat_tl_i64(cpu_T0, cpu_T1, cpu_T0);
1769 tcg_gen_shl_i64(cpu_tmp0, cpu_T0, cpu_tmp0);
1770 tcg_gen_shl_i64(cpu_T0, cpu_T0, count);
1771 tcg_gen_shri_i64(cpu_tmp0, cpu_tmp0, 32);
1772 tcg_gen_shri_i64(cpu_T0, cpu_T0, 32);
1773 }
1774 break;
1775 #endif
1776 default:
1777 tcg_gen_subi_tl(cpu_tmp0, count, 1);
1778 if (is_right) {
1779 tcg_gen_shr_tl(cpu_tmp0, cpu_T0, cpu_tmp0);
1780
1781 tcg_gen_subfi_tl(cpu_tmp4, mask + 1, count);
1782 tcg_gen_shr_tl(cpu_T0, cpu_T0, count);
1783 tcg_gen_shl_tl(cpu_T1, cpu_T1, cpu_tmp4);
1784 } else {
1785 tcg_gen_shl_tl(cpu_tmp0, cpu_T0, cpu_tmp0);
1786 if (ot == MO_16) {
1787 /* Only needed if count > 16, for Intel behaviour. */
1788 tcg_gen_subfi_tl(cpu_tmp4, 33, count);
1789 tcg_gen_shr_tl(cpu_tmp4, cpu_T1, cpu_tmp4);
1790 tcg_gen_or_tl(cpu_tmp0, cpu_tmp0, cpu_tmp4);
1791 }
1792
1793 tcg_gen_subfi_tl(cpu_tmp4, mask + 1, count);
1794 tcg_gen_shl_tl(cpu_T0, cpu_T0, count);
1795 tcg_gen_shr_tl(cpu_T1, cpu_T1, cpu_tmp4);
1796 }
1797 tcg_gen_movi_tl(cpu_tmp4, 0);
1798 tcg_gen_movcond_tl(TCG_COND_EQ, cpu_T1, count, cpu_tmp4,
1799 cpu_tmp4, cpu_T1);
1800 tcg_gen_or_tl(cpu_T0, cpu_T0, cpu_T1);
1801 break;
1802 }
1803
1804 /* store */
1805 gen_op_st_rm_T0_A0(s, ot, op1);
1806
1807 gen_shift_flags(s, ot, cpu_T0, cpu_tmp0, count, is_right);
1808 tcg_temp_free(count);
1809 }
1810
1811 static void gen_shift(DisasContext *s1, int op, TCGMemOp ot, int d, int s)
1812 {
1813 if (s != OR_TMP1)
1814 gen_op_mov_v_reg(ot, cpu_T1, s);
1815 switch(op) {
1816 case OP_ROL:
1817 gen_rot_rm_T1(s1, ot, d, 0);
1818 break;
1819 case OP_ROR:
1820 gen_rot_rm_T1(s1, ot, d, 1);
1821 break;
1822 case OP_SHL:
1823 case OP_SHL1:
1824 gen_shift_rm_T1(s1, ot, d, 0, 0);
1825 break;
1826 case OP_SHR:
1827 gen_shift_rm_T1(s1, ot, d, 1, 0);
1828 break;
1829 case OP_SAR:
1830 gen_shift_rm_T1(s1, ot, d, 1, 1);
1831 break;
1832 case OP_RCL:
1833 gen_rotc_rm_T1(s1, ot, d, 0);
1834 break;
1835 case OP_RCR:
1836 gen_rotc_rm_T1(s1, ot, d, 1);
1837 break;
1838 }
1839 }
1840
1841 static void gen_shifti(DisasContext *s1, int op, TCGMemOp ot, int d, int c)
1842 {
1843 switch(op) {
1844 case OP_ROL:
1845 gen_rot_rm_im(s1, ot, d, c, 0);
1846 break;
1847 case OP_ROR:
1848 gen_rot_rm_im(s1, ot, d, c, 1);
1849 break;
1850 case OP_SHL:
1851 case OP_SHL1:
1852 gen_shift_rm_im(s1, ot, d, c, 0, 0);
1853 break;
1854 case OP_SHR:
1855 gen_shift_rm_im(s1, ot, d, c, 1, 0);
1856 break;
1857 case OP_SAR:
1858 gen_shift_rm_im(s1, ot, d, c, 1, 1);
1859 break;
1860 default:
1861 /* currently not optimized */
1862 tcg_gen_movi_tl(cpu_T1, c);
1863 gen_shift(s1, op, ot, d, OR_TMP1);
1864 break;
1865 }
1866 }
1867
1868 /* Decompose an address. */
1869
1870 typedef struct AddressParts {
1871 int def_seg;
1872 int base;
1873 int index;
1874 int scale;
1875 target_long disp;
1876 } AddressParts;
1877
1878 static AddressParts gen_lea_modrm_0(CPUX86State *env, DisasContext *s,
1879 int modrm)
1880 {
1881 int def_seg, base, index, scale, mod, rm;
1882 target_long disp;
1883 bool havesib;
1884
1885 def_seg = R_DS;
1886 index = -1;
1887 scale = 0;
1888 disp = 0;
1889
1890 mod = (modrm >> 6) & 3;
1891 rm = modrm & 7;
1892 base = rm | REX_B(s);
1893
1894 if (mod == 3) {
1895 /* Normally filtered out earlier, but including this path
1896 simplifies multi-byte nop, as well as bndcl, bndcu, bndcn. */
1897 goto done;
1898 }
1899
1900 switch (s->aflag) {
1901 case MO_64:
1902 case MO_32:
1903 havesib = 0;
1904 if (rm == 4) {
1905 int code = cpu_ldub_code(env, s->pc++);
1906 scale = (code >> 6) & 3;
1907 index = ((code >> 3) & 7) | REX_X(s);
1908 if (index == 4) {
1909 index = -1; /* no index */
1910 }
1911 base = (code & 7) | REX_B(s);
1912 havesib = 1;
1913 }
1914
1915 switch (mod) {
1916 case 0:
1917 if ((base & 7) == 5) {
1918 base = -1;
1919 disp = (int32_t)cpu_ldl_code(env, s->pc);
1920 s->pc += 4;
1921 if (CODE64(s) && !havesib) {
1922 base = -2;
1923 disp += s->pc + s->rip_offset;
1924 }
1925 }
1926 break;
1927 case 1:
1928 disp = (int8_t)cpu_ldub_code(env, s->pc++);
1929 break;
1930 default:
1931 case 2:
1932 disp = (int32_t)cpu_ldl_code(env, s->pc);
1933 s->pc += 4;
1934 break;
1935 }
1936
1937 /* For correct popl handling with esp. */
1938 if (base == R_ESP && s->popl_esp_hack) {
1939 disp += s->popl_esp_hack;
1940 }
1941 if (base == R_EBP || base == R_ESP) {
1942 def_seg = R_SS;
1943 }
1944 break;
1945
1946 case MO_16:
1947 if (mod == 0) {
1948 if (rm == 6) {
1949 base = -1;
1950 disp = cpu_lduw_code(env, s->pc);
1951 s->pc += 2;
1952 break;
1953 }
1954 } else if (mod == 1) {
1955 disp = (int8_t)cpu_ldub_code(env, s->pc++);
1956 } else {
1957 disp = (int16_t)cpu_lduw_code(env, s->pc);
1958 s->pc += 2;
1959 }
1960
1961 switch (rm) {
1962 case 0:
1963 base = R_EBX;
1964 index = R_ESI;
1965 break;
1966 case 1:
1967 base = R_EBX;
1968 index = R_EDI;
1969 break;
1970 case 2:
1971 base = R_EBP;
1972 index = R_ESI;
1973 def_seg = R_SS;
1974 break;
1975 case 3:
1976 base = R_EBP;
1977 index = R_EDI;
1978 def_seg = R_SS;
1979 break;
1980 case 4:
1981 base = R_ESI;
1982 break;
1983 case 5:
1984 base = R_EDI;
1985 break;
1986 case 6:
1987 base = R_EBP;
1988 def_seg = R_SS;
1989 break;
1990 default:
1991 case 7:
1992 base = R_EBX;
1993 break;
1994 }
1995 break;
1996
1997 default:
1998 tcg_abort();
1999 }
2000
2001 done:
2002 return (AddressParts){ def_seg, base, index, scale, disp };
2003 }
2004
2005 /* Compute the address, with a minimum number of TCG ops. */
2006 static TCGv gen_lea_modrm_1(AddressParts a)
2007 {
2008 TCGv ea;
2009
2010 TCGV_UNUSED(ea);
2011 if (a.index >= 0) {
2012 if (a.scale == 0) {
2013 ea = cpu_regs[a.index];
2014 } else {
2015 tcg_gen_shli_tl(cpu_A0, cpu_regs[a.index], a.scale);
2016 ea = cpu_A0;
2017 }
2018 if (a.base >= 0) {
2019 tcg_gen_add_tl(cpu_A0, ea, cpu_regs[a.base]);
2020 ea = cpu_A0;
2021 }
2022 } else if (a.base >= 0) {
2023 ea = cpu_regs[a.base];
2024 }
2025 if (TCGV_IS_UNUSED(ea)) {
2026 tcg_gen_movi_tl(cpu_A0, a.disp);
2027 ea = cpu_A0;
2028 } else if (a.disp != 0) {
2029 tcg_gen_addi_tl(cpu_A0, ea, a.disp);
2030 ea = cpu_A0;
2031 }
2032
2033 return ea;
2034 }
2035
2036 static void gen_lea_modrm(CPUX86State *env, DisasContext *s, int modrm)
2037 {
2038 AddressParts a = gen_lea_modrm_0(env, s, modrm);
2039 TCGv ea = gen_lea_modrm_1(a);
2040 gen_lea_v_seg(s, s->aflag, ea, a.def_seg, s->override);
2041 }
2042
2043 static void gen_nop_modrm(CPUX86State *env, DisasContext *s, int modrm)
2044 {
2045 (void)gen_lea_modrm_0(env, s, modrm);
2046 }
2047
2048 /* Used for BNDCL, BNDCU, BNDCN. */
2049 static void gen_bndck(CPUX86State *env, DisasContext *s, int modrm,
2050 TCGCond cond, TCGv_i64 bndv)
2051 {
2052 TCGv ea = gen_lea_modrm_1(gen_lea_modrm_0(env, s, modrm));
2053
2054 tcg_gen_extu_tl_i64(cpu_tmp1_i64, ea);
2055 if (!CODE64(s)) {
2056 tcg_gen_ext32u_i64(cpu_tmp1_i64, cpu_tmp1_i64);
2057 }
2058 tcg_gen_setcond_i64(cond, cpu_tmp1_i64, cpu_tmp1_i64, bndv);
2059 tcg_gen_extrl_i64_i32(cpu_tmp2_i32, cpu_tmp1_i64);
2060 gen_helper_bndck(cpu_env, cpu_tmp2_i32);
2061 }
2062
2063 /* used for LEA and MOV AX, mem */
2064 static void gen_add_A0_ds_seg(DisasContext *s)
2065 {
2066 gen_lea_v_seg(s, s->aflag, cpu_A0, R_DS, s->override);
2067 }
2068
2069 /* generate modrm memory load or store of 'reg'. TMP0 is used if reg ==
2070 OR_TMP0 */
2071 static void gen_ldst_modrm(CPUX86State *env, DisasContext *s, int modrm,
2072 TCGMemOp ot, int reg, int is_store)
2073 {
2074 int mod, rm;
2075
2076 mod = (modrm >> 6) & 3;
2077 rm = (modrm & 7) | REX_B(s);
2078 if (mod == 3) {
2079 if (is_store) {
2080 if (reg != OR_TMP0)
2081 gen_op_mov_v_reg(ot, cpu_T0, reg);
2082 gen_op_mov_reg_v(ot, rm, cpu_T0);
2083 } else {
2084 gen_op_mov_v_reg(ot, cpu_T0, rm);
2085 if (reg != OR_TMP0)
2086 gen_op_mov_reg_v(ot, reg, cpu_T0);
2087 }
2088 } else {
2089 gen_lea_modrm(env, s, modrm);
2090 if (is_store) {
2091 if (reg != OR_TMP0)
2092 gen_op_mov_v_reg(ot, cpu_T0, reg);
2093 gen_op_st_v(s, ot, cpu_T0, cpu_A0);
2094 } else {
2095 gen_op_ld_v(s, ot, cpu_T0, cpu_A0);
2096 if (reg != OR_TMP0)
2097 gen_op_mov_reg_v(ot, reg, cpu_T0);
2098 }
2099 }
2100 }
2101
2102 static inline uint32_t insn_get(CPUX86State *env, DisasContext *s, TCGMemOp ot)
2103 {
2104 uint32_t ret;
2105
2106 switch (ot) {
2107 case MO_8:
2108 ret = cpu_ldub_code(env, s->pc);
2109 s->pc++;
2110 break;
2111 case MO_16:
2112 ret = cpu_lduw_code(env, s->pc);
2113 s->pc += 2;
2114 break;
2115 case MO_32:
2116 #ifdef TARGET_X86_64
2117 case MO_64:
2118 #endif
2119 ret = cpu_ldl_code(env, s->pc);
2120 s->pc += 4;
2121 break;
2122 default:
2123 tcg_abort();
2124 }
2125 return ret;
2126 }
2127
2128 static inline int insn_const_size(TCGMemOp ot)
2129 {
2130 if (ot <= MO_32) {
2131 return 1 << ot;
2132 } else {
2133 return 4;
2134 }
2135 }
2136
2137 static inline bool use_goto_tb(DisasContext *s, target_ulong pc)
2138 {
2139 #ifndef CONFIG_USER_ONLY
2140 return (pc & TARGET_PAGE_MASK) == (s->tb->pc & TARGET_PAGE_MASK) ||
2141 (pc & TARGET_PAGE_MASK) == (s->pc_start & TARGET_PAGE_MASK);
2142 #else
2143 return true;
2144 #endif
2145 }
2146
2147 static inline void gen_goto_tb(DisasContext *s, int tb_num, target_ulong eip)
2148 {
2149 target_ulong pc = s->cs_base + eip;
2150
2151 if (use_goto_tb(s, pc)) {
2152 /* jump to same page: we can use a direct jump */
2153 tcg_gen_goto_tb(tb_num);
2154 gen_jmp_im(eip);
2155 tcg_gen_exit_tb((uintptr_t)s->tb + tb_num);
2156 } else {
2157 /* jump to another page */
2158 gen_jmp_im(eip);
2159 gen_jr(s, cpu_tmp0);
2160 }
2161 }
2162
2163 static inline void gen_jcc(DisasContext *s, int b,
2164 target_ulong val, target_ulong next_eip)
2165 {
2166 TCGLabel *l1, *l2;
2167
2168 if (s->jmp_opt) {
2169 l1 = gen_new_label();
2170 gen_jcc1(s, b, l1);
2171
2172 gen_goto_tb(s, 0, next_eip);
2173
2174 gen_set_label(l1);
2175 gen_goto_tb(s, 1, val);
2176 s->is_jmp = DISAS_TB_JUMP;
2177 } else {
2178 l1 = gen_new_label();
2179 l2 = gen_new_label();
2180 gen_jcc1(s, b, l1);
2181
2182 gen_jmp_im(next_eip);
2183 tcg_gen_br(l2);
2184
2185 gen_set_label(l1);
2186 gen_jmp_im(val);
2187 gen_set_label(l2);
2188 gen_eob(s);
2189 }
2190 }
2191
2192 static void gen_cmovcc1(CPUX86State *env, DisasContext *s, TCGMemOp ot, int b,
2193 int modrm, int reg)
2194 {
2195 CCPrepare cc;
2196
2197 gen_ldst_modrm(env, s, modrm, ot, OR_TMP0, 0);
2198
2199 cc = gen_prepare_cc(s, b, cpu_T1);
2200 if (cc.mask != -1) {
2201 TCGv t0 = tcg_temp_new();
2202 tcg_gen_andi_tl(t0, cc.reg, cc.mask);
2203 cc.reg = t0;
2204 }
2205 if (!cc.use_reg2) {
2206 cc.reg2 = tcg_const_tl(cc.imm);
2207 }
2208
2209 tcg_gen_movcond_tl(cc.cond, cpu_T0, cc.reg, cc.reg2,
2210 cpu_T0, cpu_regs[reg]);
2211 gen_op_mov_reg_v(ot, reg, cpu_T0);
2212
2213 if (cc.mask != -1) {
2214 tcg_temp_free(cc.reg);
2215 }
2216 if (!cc.use_reg2) {
2217 tcg_temp_free(cc.reg2);
2218 }
2219 }
2220
2221 static inline void gen_op_movl_T0_seg(int seg_reg)
2222 {
2223 tcg_gen_ld32u_tl(cpu_T0, cpu_env,
2224 offsetof(CPUX86State,segs[seg_reg].selector));
2225 }
2226
2227 static inline void gen_op_movl_seg_T0_vm(int seg_reg)
2228 {
2229 tcg_gen_ext16u_tl(cpu_T0, cpu_T0);
2230 tcg_gen_st32_tl(cpu_T0, cpu_env,
2231 offsetof(CPUX86State,segs[seg_reg].selector));
2232 tcg_gen_shli_tl(cpu_seg_base[seg_reg], cpu_T0, 4);
2233 }
2234
2235 /* move T0 to seg_reg and compute if the CPU state may change. Never
2236 call this function with seg_reg == R_CS */
2237 static void gen_movl_seg_T0(DisasContext *s, int seg_reg)
2238 {
2239 if (s->pe && !s->vm86) {
2240 tcg_gen_trunc_tl_i32(cpu_tmp2_i32, cpu_T0);
2241 gen_helper_load_seg(cpu_env, tcg_const_i32(seg_reg), cpu_tmp2_i32);
2242 /* abort translation because the addseg value may change or
2243 because ss32 may change. For R_SS, translation must always
2244 stop as a special handling must be done to disable hardware
2245 interrupts for the next instruction */
2246 if (seg_reg == R_SS || (s->code32 && seg_reg < R_FS))
2247 s->is_jmp = DISAS_TB_JUMP;
2248 } else {
2249 gen_op_movl_seg_T0_vm(seg_reg);
2250 if (seg_reg == R_SS)
2251 s->is_jmp = DISAS_TB_JUMP;
2252 }
2253 }
2254
2255 static inline int svm_is_rep(int prefixes)
2256 {
2257 return ((prefixes & (PREFIX_REPZ | PREFIX_REPNZ)) ? 8 : 0);
2258 }
2259
2260 static inline void
2261 gen_svm_check_intercept_param(DisasContext *s, target_ulong pc_start,
2262 uint32_t type, uint64_t param)
2263 {
2264 /* no SVM activated; fast case */
2265 if (likely(!(s->flags & HF_SVMI_MASK)))
2266 return;
2267 gen_update_cc_op(s);
2268 gen_jmp_im(pc_start - s->cs_base);
2269 gen_helper_svm_check_intercept_param(cpu_env, tcg_const_i32(type),
2270 tcg_const_i64(param));
2271 }
2272
2273 static inline void
2274 gen_svm_check_intercept(DisasContext *s, target_ulong pc_start, uint64_t type)
2275 {
2276 gen_svm_check_intercept_param(s, pc_start, type, 0);
2277 }
2278
2279 static inline void gen_stack_update(DisasContext *s, int addend)
2280 {
2281 gen_op_add_reg_im(mo_stacksize(s), R_ESP, addend);
2282 }
2283
2284 /* Generate a push. It depends on ss32, addseg and dflag. */
2285 static void gen_push_v(DisasContext *s, TCGv val)
2286 {
2287 TCGMemOp d_ot = mo_pushpop(s, s->dflag);
2288 TCGMemOp a_ot = mo_stacksize(s);
2289 int size = 1 << d_ot;
2290 TCGv new_esp = cpu_A0;
2291
2292 tcg_gen_subi_tl(cpu_A0, cpu_regs[R_ESP], size);
2293
2294 if (!CODE64(s)) {
2295 if (s->addseg) {
2296 new_esp = cpu_tmp4;
2297 tcg_gen_mov_tl(new_esp, cpu_A0);
2298 }
2299 gen_lea_v_seg(s, a_ot, cpu_A0, R_SS, -1);
2300 }
2301
2302 gen_op_st_v(s, d_ot, val, cpu_A0);
2303 gen_op_mov_reg_v(a_ot, R_ESP, new_esp);
2304 }
2305
2306 /* two step pop is necessary for precise exceptions */
2307 static TCGMemOp gen_pop_T0(DisasContext *s)
2308 {
2309 TCGMemOp d_ot = mo_pushpop(s, s->dflag);
2310
2311 gen_lea_v_seg(s, mo_stacksize(s), cpu_regs[R_ESP], R_SS, -1);
2312 gen_op_ld_v(s, d_ot, cpu_T0, cpu_A0);
2313
2314 return d_ot;
2315 }
2316
2317 static inline void gen_pop_update(DisasContext *s, TCGMemOp ot)
2318 {
2319 gen_stack_update(s, 1 << ot);
2320 }
2321
2322 static inline void gen_stack_A0(DisasContext *s)
2323 {
2324 gen_lea_v_seg(s, s->ss32 ? MO_32 : MO_16, cpu_regs[R_ESP], R_SS, -1);
2325 }
2326
2327 static void gen_pusha(DisasContext *s)
2328 {
2329 TCGMemOp s_ot = s->ss32 ? MO_32 : MO_16;
2330 TCGMemOp d_ot = s->dflag;
2331 int size = 1 << d_ot;
2332 int i;
2333
2334 for (i = 0; i < 8; i++) {
2335 tcg_gen_addi_tl(cpu_A0, cpu_regs[R_ESP], (i - 8) * size);
2336 gen_lea_v_seg(s, s_ot, cpu_A0, R_SS, -1);
2337 gen_op_st_v(s, d_ot, cpu_regs[7 - i], cpu_A0);
2338 }
2339
2340 gen_stack_update(s, -8 * size);
2341 }
2342
2343 static void gen_popa(DisasContext *s)
2344 {
2345 TCGMemOp s_ot = s->ss32 ? MO_32 : MO_16;
2346 TCGMemOp d_ot = s->dflag;
2347 int size = 1 << d_ot;
2348 int i;
2349
2350 for (i = 0; i < 8; i++) {
2351 /* ESP is not reloaded */
2352 if (7 - i == R_ESP) {
2353 continue;
2354 }
2355 tcg_gen_addi_tl(cpu_A0, cpu_regs[R_ESP], i * size);
2356 gen_lea_v_seg(s, s_ot, cpu_A0, R_SS, -1);
2357 gen_op_ld_v(s, d_ot, cpu_T0, cpu_A0);
2358 gen_op_mov_reg_v(d_ot, 7 - i, cpu_T0);
2359 }
2360
2361 gen_stack_update(s, 8 * size);
2362 }
2363
2364 static void gen_enter(DisasContext *s, int esp_addend, int level)
2365 {
2366 TCGMemOp d_ot = mo_pushpop(s, s->dflag);
2367 TCGMemOp a_ot = CODE64(s) ? MO_64 : s->ss32 ? MO_32 : MO_16;
2368 int size = 1 << d_ot;
2369
2370 /* Push BP; compute FrameTemp into T1. */
2371 tcg_gen_subi_tl(cpu_T1, cpu_regs[R_ESP], size);
2372 gen_lea_v_seg(s, a_ot, cpu_T1, R_SS, -1);
2373 gen_op_st_v(s, d_ot, cpu_regs[R_EBP], cpu_A0);
2374
2375 level &= 31;
2376 if (level != 0) {
2377 int i;
2378
2379 /* Copy level-1 pointers from the previous frame. */
2380 for (i = 1; i < level; ++i) {
2381 tcg_gen_subi_tl(cpu_A0, cpu_regs[R_EBP], size * i);
2382 gen_lea_v_seg(s, a_ot, cpu_A0, R_SS, -1);
2383 gen_op_ld_v(s, d_ot, cpu_tmp0, cpu_A0);
2384
2385 tcg_gen_subi_tl(cpu_A0, cpu_T1, size * i);
2386 gen_lea_v_seg(s, a_ot, cpu_A0, R_SS, -1);
2387 gen_op_st_v(s, d_ot, cpu_tmp0, cpu_A0);
2388 }
2389
2390 /* Push the current FrameTemp as the last level. */
2391 tcg_gen_subi_tl(cpu_A0, cpu_T1, size * level);
2392 gen_lea_v_seg(s, a_ot, cpu_A0, R_SS, -1);
2393 gen_op_st_v(s, d_ot, cpu_T1, cpu_A0);
2394 }
2395
2396 /* Copy the FrameTemp value to EBP. */
2397 gen_op_mov_reg_v(a_ot, R_EBP, cpu_T1);
2398
2399 /* Compute the final value of ESP. */
2400 tcg_gen_subi_tl(cpu_T1, cpu_T1, esp_addend + size * level);
2401 gen_op_mov_reg_v(a_ot, R_ESP, cpu_T1);
2402 }
2403
2404 static void gen_leave(DisasContext *s)
2405 {
2406 TCGMemOp d_ot = mo_pushpop(s, s->dflag);
2407 TCGMemOp a_ot = mo_stacksize(s);
2408
2409 gen_lea_v_seg(s, a_ot, cpu_regs[R_EBP], R_SS, -1);
2410 gen_op_ld_v(s, d_ot, cpu_T0, cpu_A0);
2411
2412 tcg_gen_addi_tl(cpu_T1, cpu_regs[R_EBP], 1 << d_ot);
2413
2414 gen_op_mov_reg_v(d_ot, R_EBP, cpu_T0);
2415 gen_op_mov_reg_v(a_ot, R_ESP, cpu_T1);
2416 }
2417
2418 static void gen_exception(DisasContext *s, int trapno, target_ulong cur_eip)
2419 {
2420 gen_update_cc_op(s);
2421 gen_jmp_im(cur_eip);
2422 gen_helper_raise_exception(cpu_env, tcg_const_i32(trapno));
2423 s->is_jmp = DISAS_TB_JUMP;
2424 }
2425
2426 /* Generate #UD for the current instruction. The assumption here is that
2427 the instruction is known, but it isn't allowed in the current cpu mode. */
2428 static void gen_illegal_opcode(DisasContext *s)
2429 {
2430 gen_exception(s, EXCP06_ILLOP, s->pc_start - s->cs_base);
2431 }
2432
2433 /* Similarly, except that the assumption here is that we don't decode
2434 the instruction at all -- either a missing opcode, an unimplemented
2435 feature, or just a bogus instruction stream. */
2436 static void gen_unknown_opcode(CPUX86State *env, DisasContext *s)
2437 {
2438 gen_illegal_opcode(s);
2439
2440 if (qemu_loglevel_mask(LOG_UNIMP)) {
2441 target_ulong pc = s->pc_start, end = s->pc;
2442 qemu_log_lock();
2443 qemu_log("ILLOPC: " TARGET_FMT_lx ":", pc);
2444 for (; pc < end; ++pc) {
2445 qemu_log(" %02x", cpu_ldub_code(env, pc));
2446 }
2447 qemu_log("\n");
2448 qemu_log_unlock();
2449 }
2450 }
2451
2452 /* an interrupt is different from an exception because of the
2453 privilege checks */
2454 static void gen_interrupt(DisasContext *s, int intno,
2455 target_ulong cur_eip, target_ulong next_eip)
2456 {
2457 gen_update_cc_op(s);
2458 gen_jmp_im(cur_eip);
2459 gen_helper_raise_interrupt(cpu_env, tcg_const_i32(intno),
2460 tcg_const_i32(next_eip - cur_eip));
2461 s->is_jmp = DISAS_TB_JUMP;
2462 }
2463
2464 static void gen_debug(DisasContext *s, target_ulong cur_eip)
2465 {
2466 gen_update_cc_op(s);
2467 gen_jmp_im(cur_eip);
2468 gen_helper_debug(cpu_env);
2469 s->is_jmp = DISAS_TB_JUMP;
2470 }
2471
2472 static void gen_set_hflag(DisasContext *s, uint32_t mask)
2473 {
2474 if ((s->flags & mask) == 0) {
2475 TCGv_i32 t = tcg_temp_new_i32();
2476 tcg_gen_ld_i32(t, cpu_env, offsetof(CPUX86State, hflags));
2477 tcg_gen_ori_i32(t, t, mask);
2478 tcg_gen_st_i32(t, cpu_env, offsetof(CPUX86State, hflags));
2479 tcg_temp_free_i32(t);
2480 s->flags |= mask;
2481 }
2482 }
2483
2484 static void gen_reset_hflag(DisasContext *s, uint32_t mask)
2485 {
2486 if (s->flags & mask) {
2487 TCGv_i32 t = tcg_temp_new_i32();
2488 tcg_gen_ld_i32(t, cpu_env, offsetof(CPUX86State, hflags));
2489 tcg_gen_andi_i32(t, t, ~mask);
2490 tcg_gen_st_i32(t, cpu_env, offsetof(CPUX86State, hflags));
2491 tcg_temp_free_i32(t);
2492 s->flags &= ~mask;
2493 }
2494 }
2495
2496 /* Clear BND registers during legacy branches. */
2497 static void gen_bnd_jmp(DisasContext *s)
2498 {
2499 /* Clear the registers only if BND prefix is missing, MPX is enabled,
2500 and if the BNDREGs are known to be in use (non-zero) already.
2501 The helper itself will check BNDPRESERVE at runtime. */
2502 if ((s->prefix & PREFIX_REPNZ) == 0
2503 && (s->flags & HF_MPX_EN_MASK) != 0
2504 && (s->flags & HF_MPX_IU_MASK) != 0) {
2505 gen_helper_bnd_jmp(cpu_env);
2506 }
2507 }
2508
2509 /* Generate an end of block. Trace exception is also generated if needed.
2510 If INHIBIT, set HF_INHIBIT_IRQ_MASK if it isn't already set.
2511 If RECHECK_TF, emit a rechecking helper for #DB, ignoring the state of
2512 S->TF. This is used by the syscall/sysret insns. */
2513 static void
2514 do_gen_eob_worker(DisasContext *s, bool inhibit, bool recheck_tf, TCGv jr)
2515 {
2516 gen_update_cc_op(s);
2517
2518 /* If several instructions disable interrupts, only the first does it. */
2519 if (inhibit && !(s->flags & HF_INHIBIT_IRQ_MASK)) {
2520 gen_set_hflag(s, HF_INHIBIT_IRQ_MASK);
2521 } else {
2522 gen_reset_hflag(s, HF_INHIBIT_IRQ_MASK);
2523 }
2524
2525 if (s->tb->flags & HF_RF_MASK) {
2526 gen_helper_reset_rf(cpu_env);
2527 }
2528 if (s->singlestep_enabled) {
2529 gen_helper_debug(cpu_env);
2530 } else if (recheck_tf) {
2531 gen_helper_rechecking_single_step(cpu_env);
2532 tcg_gen_exit_tb(0);
2533 } else if (s->tf) {
2534 gen_helper_single_step(cpu_env);
2535 } else if (!TCGV_IS_UNUSED(jr)) {
2536 TCGv vaddr = tcg_temp_new();
2537
2538 tcg_gen_add_tl(vaddr, jr, cpu_seg_base[R_CS]);
2539 tcg_gen_lookup_and_goto_ptr(vaddr);
2540 tcg_temp_free(vaddr);
2541 } else {
2542 tcg_gen_exit_tb(0);
2543 }
2544 s->is_jmp = DISAS_TB_JUMP;
2545 }
2546
2547 static inline void
2548 gen_eob_worker(DisasContext *s, bool inhibit, bool recheck_tf)
2549 {
2550 TCGv unused;
2551
2552 TCGV_UNUSED(unused);
2553 do_gen_eob_worker(s, inhibit, recheck_tf, unused);
2554 }
2555
2556 /* End of block.
2557 If INHIBIT, set HF_INHIBIT_IRQ_MASK if it isn't already set. */
2558 static void gen_eob_inhibit_irq(DisasContext *s, bool inhibit)
2559 {
2560 gen_eob_worker(s, inhibit, false);
2561 }
2562
2563 /* End of block, resetting the inhibit irq flag. */
2564 static void gen_eob(DisasContext *s)
2565 {
2566 gen_eob_worker(s, false, false);
2567 }
2568
2569 /* Jump to register */
2570 static void gen_jr(DisasContext *s, TCGv dest)
2571 {
2572 do_gen_eob_worker(s, false, false, dest);
2573 }
2574
2575 /* generate a jump to eip. No segment change must happen before as a
2576 direct call to the next block may occur */
2577 static void gen_jmp_tb(DisasContext *s, target_ulong eip, int tb_num)
2578 {
2579 gen_update_cc_op(s);
2580 set_cc_op(s, CC_OP_DYNAMIC);
2581 if (s->jmp_opt) {
2582 gen_goto_tb(s, tb_num, eip);
2583 s->is_jmp = DISAS_TB_JUMP;
2584 } else {
2585 gen_jmp_im(eip);
2586 gen_eob(s);
2587 }
2588 }
2589
2590 static void gen_jmp(DisasContext *s, target_ulong eip)
2591 {
2592 gen_jmp_tb(s, eip, 0);
2593 }
2594
2595 static inline void gen_ldq_env_A0(DisasContext *s, int offset)
2596 {
2597 tcg_gen_qemu_ld_i64(cpu_tmp1_i64, cpu_A0, s->mem_index, MO_LEQ);
2598 tcg_gen_st_i64(cpu_tmp1_i64, cpu_env, offset);
2599 }
2600
2601 static inline void gen_stq_env_A0(DisasContext *s, int offset)
2602 {
2603 tcg_gen_ld_i64(cpu_tmp1_i64, cpu_env, offset);
2604 tcg_gen_qemu_st_i64(cpu_tmp1_i64, cpu_A0, s->mem_index, MO_LEQ);
2605 }
2606
2607 static inline void gen_ldo_env_A0(DisasContext *s, int offset)
2608 {
2609 int mem_index = s->mem_index;
2610 tcg_gen_qemu_ld_i64(cpu_tmp1_i64, cpu_A0, mem_index, MO_LEQ);
2611 tcg_gen_st_i64(cpu_tmp1_i64, cpu_env, offset + offsetof(ZMMReg, ZMM_Q(0)));
2612 tcg_gen_addi_tl(cpu_tmp0, cpu_A0, 8);
2613 tcg_gen_qemu_ld_i64(cpu_tmp1_i64, cpu_tmp0, mem_index, MO_LEQ);
2614 tcg_gen_st_i64(cpu_tmp1_i64, cpu_env, offset + offsetof(ZMMReg, ZMM_Q(1)));
2615 }
2616
2617 static inline void gen_sto_env_A0(DisasContext *s, int offset)
2618 {
2619 int mem_index = s->mem_index;
2620 tcg_gen_ld_i64(cpu_tmp1_i64, cpu_env, offset + offsetof(ZMMReg, ZMM_Q(0)));
2621 tcg_gen_qemu_st_i64(cpu_tmp1_i64, cpu_A0, mem_index, MO_LEQ);
2622 tcg_gen_addi_tl(cpu_tmp0, cpu_A0, 8);
2623 tcg_gen_ld_i64(cpu_tmp1_i64, cpu_env, offset + offsetof(ZMMReg, ZMM_Q(1)));
2624 tcg_gen_qemu_st_i64(cpu_tmp1_i64, cpu_tmp0, mem_index, MO_LEQ);
2625 }
2626
2627 static inline void gen_op_movo(int d_offset, int s_offset)
2628 {
2629 tcg_gen_ld_i64(cpu_tmp1_i64, cpu_env, s_offset + offsetof(ZMMReg, ZMM_Q(0)));
2630 tcg_gen_st_i64(cpu_tmp1_i64, cpu_env, d_offset + offsetof(ZMMReg, ZMM_Q(0)));
2631 tcg_gen_ld_i64(cpu_tmp1_i64, cpu_env, s_offset + offsetof(ZMMReg, ZMM_Q(1)));
2632 tcg_gen_st_i64(cpu_tmp1_i64, cpu_env, d_offset + offsetof(ZMMReg, ZMM_Q(1)));
2633 }
2634
2635 static inline void gen_op_movq(int d_offset, int s_offset)
2636 {
2637 tcg_gen_ld_i64(cpu_tmp1_i64, cpu_env, s_offset);
2638 tcg_gen_st_i64(cpu_tmp1_i64, cpu_env, d_offset);
2639 }
2640
2641 static inline void gen_op_movl(int d_offset, int s_offset)
2642 {
2643 tcg_gen_ld_i32(cpu_tmp2_i32, cpu_env, s_offset);
2644 tcg_gen_st_i32(cpu_tmp2_i32, cpu_env, d_offset);
2645 }
2646
2647 static inline void gen_op_movq_env_0(int d_offset)
2648 {
2649 tcg_gen_movi_i64(cpu_tmp1_i64, 0);
2650 tcg_gen_st_i64(cpu_tmp1_i64, cpu_env, d_offset);
2651 }
2652
2653 typedef void (*SSEFunc_i_ep)(TCGv_i32 val, TCGv_ptr env, TCGv_ptr reg);
2654 typedef void (*SSEFunc_l_ep)(TCGv_i64 val, TCGv_ptr env, TCGv_ptr reg);
2655 typedef void (*SSEFunc_0_epi)(TCGv_ptr env, TCGv_ptr reg, TCGv_i32 val);
2656 typedef void (*SSEFunc_0_epl)(TCGv_ptr env, TCGv_ptr reg, TCGv_i64 val);
2657 typedef void (*SSEFunc_0_epp)(TCGv_ptr env, TCGv_ptr reg_a, TCGv_ptr reg_b);
2658 typedef void (*SSEFunc_0_eppi)(TCGv_ptr env, TCGv_ptr reg_a, TCGv_ptr reg_b,
2659 TCGv_i32 val);
2660 typedef void (*SSEFunc_0_ppi)(TCGv_ptr reg_a, TCGv_ptr reg_b, TCGv_i32 val);
2661 typedef void (*SSEFunc_0_eppt)(TCGv_ptr env, TCGv_ptr reg_a, TCGv_ptr reg_b,
2662 TCGv val);
2663
2664 #define SSE_SPECIAL ((void *)1)
2665 #define SSE_DUMMY ((void *)2)
2666
2667 #define MMX_OP2(x) { gen_helper_ ## x ## _mmx, gen_helper_ ## x ## _xmm }
2668 #define SSE_FOP(x) { gen_helper_ ## x ## ps, gen_helper_ ## x ## pd, \
2669 gen_helper_ ## x ## ss, gen_helper_ ## x ## sd, }
2670
2671 static const SSEFunc_0_epp sse_op_table1[256][4] = {
2672 /* 3DNow! extensions */
2673 [0x0e] = { SSE_DUMMY }, /* femms */
2674 [0x0f] = { SSE_DUMMY }, /* pf... */
2675 /* pure SSE operations */
2676 [0x10] = { SSE_SPECIAL, SSE_SPECIAL, SSE_SPECIAL, SSE_SPECIAL }, /* movups, movupd, movss, movsd */
2677 [0x11] = { SSE_SPECIAL, SSE_SPECIAL, SSE_SPECIAL, SSE_SPECIAL }, /* movups, movupd, movss, movsd */
2678 [0x12] = { SSE_SPECIAL, SSE_SPECIAL, SSE_SPECIAL, SSE_SPECIAL }, /* movlps, movlpd, movsldup, movddup */
2679 [0x13] = { SSE_SPECIAL, SSE_SPECIAL }, /* movlps, movlpd */
2680 [0x14] = { gen_helper_punpckldq_xmm, gen_helper_punpcklqdq_xmm },
2681 [0x15] = { gen_helper_punpckhdq_xmm, gen_helper_punpckhqdq_xmm },
2682 [0x16] = { SSE_SPECIAL, SSE_SPECIAL, SSE_SPECIAL }, /* movhps, movhpd, movshdup */
2683 [0x17] = { SSE_SPECIAL, SSE_SPECIAL }, /* movhps, movhpd */
2684
2685 [0x28] = { SSE_SPECIAL, SSE_SPECIAL }, /* movaps, movapd */
2686 [0x29] = { SSE_SPECIAL, SSE_SPECIAL }, /* movaps, movapd */
2687 [0x2a] = { SSE_SPECIAL, SSE_SPECIAL, SSE_SPECIAL, SSE_SPECIAL }, /* cvtpi2ps, cvtpi2pd, cvtsi2ss, cvtsi2sd */
2688 [0x2b] = { SSE_SPECIAL, SSE_SPECIAL, SSE_SPECIAL, SSE_SPECIAL }, /* movntps, movntpd, movntss, movntsd */
2689 [0x2c] = { SSE_SPECIAL, SSE_SPECIAL, SSE_SPECIAL, SSE_SPECIAL }, /* cvttps2pi, cvttpd2pi, cvttsd2si, cvttss2si */
2690 [0x2d] = { SSE_SPECIAL, SSE_SPECIAL, SSE_SPECIAL, SSE_SPECIAL }, /* cvtps2pi, cvtpd2pi, cvtsd2si, cvtss2si */
2691 [0x2e] = { gen_helper_ucomiss, gen_helper_ucomisd },
2692 [0x2f] = { gen_helper_comiss, gen_helper_comisd },
2693 [0x50] = { SSE_SPECIAL, SSE_SPECIAL }, /* movmskps, movmskpd */
2694 [0x51] = SSE_FOP(sqrt),
2695 [0x52] = { gen_helper_rsqrtps, NULL, gen_helper_rsqrtss, NULL },
2696 [0x53] = { gen_helper_rcpps, NULL, gen_helper_rcpss, NULL },
2697 [0x54] = { gen_helper_pand_xmm, gen_helper_pand_xmm }, /* andps, andpd */
2698 [0x55] = { gen_helper_pandn_xmm, gen_helper_pandn_xmm }, /* andnps, andnpd */
2699 [0x56] = { gen_helper_por_xmm, gen_helper_por_xmm }, /* orps, orpd */
2700 [0x57] = { gen_helper_pxor_xmm, gen_helper_pxor_xmm }, /* xorps, xorpd */
2701 [0x58] = SSE_FOP(add),
2702 [0x59] = SSE_FOP(mul),
2703 [0x5a] = { gen_helper_cvtps2pd, gen_helper_cvtpd2ps,
2704 gen_helper_cvtss2sd, gen_helper_cvtsd2ss },
2705 [0x5b] = { gen_helper_cvtdq2ps, gen_helper_cvtps2dq, gen_helper_cvttps2dq },
2706 [0x5c] = SSE_FOP(sub),
2707 [0x5d] = SSE_FOP(min),
2708 [0x5e] = SSE_FOP(div),
2709 [0x5f] = SSE_FOP(max),
2710
2711 [0xc2] = SSE_FOP(cmpeq),
2712 [0xc6] = { (SSEFunc_0_epp)gen_helper_shufps,
2713 (SSEFunc_0_epp)gen_helper_shufpd }, /* XXX: casts */
2714
2715 /* SSSE3, SSE4, MOVBE, CRC32, BMI1, BMI2, ADX. */
2716 [0x38] = { SSE_SPECIAL, SSE_SPECIAL, SSE_SPECIAL, SSE_SPECIAL },
2717 [0x3a] = { SSE_SPECIAL, SSE_SPECIAL, SSE_SPECIAL, SSE_SPECIAL },
2718
2719 /* MMX ops and their SSE extensions */
2720 [0x60] = MMX_OP2(punpcklbw),
2721 [0x61] = MMX_OP2(punpcklwd),
2722 [0x62] = MMX_OP2(punpckldq),
2723 [0x63] = MMX_OP2(packsswb),
2724 [0x64] = MMX_OP2(pcmpgtb),
2725 [0x65] = MMX_OP2(pcmpgtw),
2726 [0x66] = MMX_OP2(pcmpgtl),
2727 [0x67] = MMX_OP2(packuswb),
2728 [0x68] = MMX_OP2(punpckhbw),
2729 [0x69] = MMX_OP2(punpckhwd),
2730 [0x6a] = MMX_OP2(punpckhdq),
2731 [0x6b] = MMX_OP2(packssdw),
2732 [0x6c] = { NULL, gen_helper_punpcklqdq_xmm },
2733 [0x6d] = { NULL, gen_helper_punpckhqdq_xmm },
2734 [0x6e] = { SSE_SPECIAL, SSE_SPECIAL }, /* movd mm, ea */
2735 [0x6f] = { SSE_SPECIAL, SSE_SPECIAL, SSE_SPECIAL }, /* movq, movdqa, , movqdu */
2736 [0x70] = { (SSEFunc_0_epp)gen_helper_pshufw_mmx,
2737 (SSEFunc_0_epp)gen_helper_pshufd_xmm,
2738 (SSEFunc_0_epp)gen_helper_pshufhw_xmm,
2739 (SSEFunc_0_epp)gen_helper_pshuflw_xmm }, /* XXX: casts */
2740 [0x71] = { SSE_SPECIAL, SSE_SPECIAL }, /* shiftw */
2741 [0x72] = { SSE_SPECIAL, SSE_SPECIAL }, /* shiftd */
2742 [0x73] = { SSE_SPECIAL, SSE_SPECIAL }, /* shiftq */
2743 [0x74] = MMX_OP2(pcmpeqb),
2744 [0x75] = MMX_OP2(pcmpeqw),
2745 [0x76] = MMX_OP2(pcmpeql),
2746 [0x77] = { SSE_DUMMY }, /* emms */
2747 [0x78] = { NULL, SSE_SPECIAL, NULL, SSE_SPECIAL }, /* extrq_i, insertq_i */
2748 [0x79] = { NULL, gen_helper_extrq_r, NULL, gen_helper_insertq_r },
2749 [0x7c] = { NULL, gen_helper_haddpd, NULL, gen_helper_haddps },
2750 [0x7d] = { NULL, gen_helper_hsubpd, NULL, gen_helper_hsubps },
2751 [0x7e] = { SSE_SPECIAL, SSE_SPECIAL, SSE_SPECIAL }, /* movd, movd, , movq */
2752 [0x7f] = { SSE_SPECIAL, SSE_SPECIAL, SSE_SPECIAL }, /* movq, movdqa, movdqu */
2753 [0xc4] = { SSE_SPECIAL, SSE_SPECIAL }, /* pinsrw */
2754 [0xc5] = { SSE_SPECIAL, SSE_SPECIAL }, /* pextrw */
2755 [0xd0] = { NULL, gen_helper_addsubpd, NULL, gen_helper_addsubps },
2756 [0xd1] = MMX_OP2(psrlw),
2757 [0xd2] = MMX_OP2(psrld),
2758 [0xd3] = MMX_OP2(psrlq),
2759 [0xd4] = MMX_OP2(paddq),
2760 [0xd5] = MMX_OP2(pmullw),
2761 [0xd6] = { NULL, SSE_SPECIAL, SSE_SPECIAL, SSE_SPECIAL },
2762 [0xd7] = { SSE_SPECIAL, SSE_SPECIAL }, /* pmovmskb */
2763 [0xd8] = MMX_OP2(psubusb),
2764 [0xd9] = MMX_OP2(psubusw),
2765 [0xda] = MMX_OP2(pminub),
2766 [0xdb] = MMX_OP2(pand),
2767 [0xdc] = MMX_OP2(paddusb),
2768 [0xdd] = MMX_OP2(paddusw),
2769 [0xde] = MMX_OP2(pmaxub),
2770 [0xdf] = MMX_OP2(pandn),
2771 [0xe0] = MMX_OP2(pavgb),
2772 [0xe1] = MMX_OP2(psraw),
2773 [0xe2] = MMX_OP2(psrad),
2774 [0xe3] = MMX_OP2(pavgw),
2775 [0xe4] = MMX_OP2(pmulhuw),
2776 [0xe5] = MMX_OP2(pmulhw),
2777 [0xe6] = { NULL, gen_helper_cvttpd2dq, gen_helper_cvtdq2pd, gen_helper_cvtpd2dq },
2778 [0xe7] = { SSE_SPECIAL , SSE_SPECIAL }, /* movntq, movntq */
2779 [0xe8] = MMX_OP2(psubsb),
2780 [0xe9] = MMX_OP2(psubsw),
2781 [0xea] = MMX_OP2(pminsw),
2782 [0xeb] = MMX_OP2(por),
2783 [0xec] = MMX_OP2(paddsb),
2784 [0xed] = MMX_OP2(paddsw),
2785 [0xee] = MMX_OP2(pmaxsw),
2786 [0xef] = MMX_OP2(pxor),
2787 [0xf0] = { NULL, NULL, NULL, SSE_SPECIAL }, /* lddqu */
2788 [0xf1] = MMX_OP2(psllw),
2789 [0xf2] = MMX_OP2(pslld),
2790 [0xf3] = MMX_OP2(psllq),
2791 [0xf4] = MMX_OP2(pmuludq),
2792 [0xf5] = MMX_OP2(pmaddwd),
2793 [0xf6] = MMX_OP2(psadbw),
2794 [0xf7] = { (SSEFunc_0_epp)gen_helper_maskmov_mmx,
2795 (SSEFunc_0_epp)gen_helper_maskmov_xmm }, /* XXX: casts */
2796 [0xf8] = MMX_OP2(psubb),
2797 [0xf9] = MMX_OP2(psubw),
2798 [0xfa] = MMX_OP2(psubl),
2799 [0xfb] = MMX_OP2(psubq),
2800 [0xfc] = MMX_OP2(paddb),
2801 [0xfd] = MMX_OP2(paddw),
2802 [0xfe] = MMX_OP2(paddl),
2803 };
2804
2805 static const SSEFunc_0_epp sse_op_table2[3 * 8][2] = {
2806 [0 + 2] = MMX_OP2(psrlw),
2807 [0 + 4] = MMX_OP2(psraw),
2808 [0 + 6] = MMX_OP2(psllw),
2809 [8 + 2] = MMX_OP2(psrld),
2810 [8 + 4] = MMX_OP2(psrad),
2811 [8 + 6] = MMX_OP2(pslld),
2812 [16 + 2] = MMX_OP2(psrlq),
2813 [16 + 3] = { NULL, gen_helper_psrldq_xmm },
2814 [16 + 6] = MMX_OP2(psllq),
2815 [16 + 7] = { NULL, gen_helper_pslldq_xmm },
2816 };
2817
2818 static const SSEFunc_0_epi sse_op_table3ai[] = {
2819 gen_helper_cvtsi2ss,
2820 gen_helper_cvtsi2sd
2821 };
2822
2823 #ifdef TARGET_X86_64
2824 static const SSEFunc_0_epl sse_op_table3aq[] = {
2825 gen_helper_cvtsq2ss,
2826 gen_helper_cvtsq2sd
2827 };
2828 #endif
2829
2830 static const SSEFunc_i_ep sse_op_table3bi[] = {
2831 gen_helper_cvttss2si,
2832 gen_helper_cvtss2si,
2833 gen_helper_cvttsd2si,
2834 gen_helper_cvtsd2si
2835 };
2836
2837 #ifdef TARGET_X86_64
2838 static const SSEFunc_l_ep sse_op_table3bq[] = {
2839 gen_helper_cvttss2sq,
2840 gen_helper_cvtss2sq,
2841 gen_helper_cvttsd2sq,
2842 gen_helper_cvtsd2sq
2843 };
2844 #endif
2845
2846 static const SSEFunc_0_epp sse_op_table4[8][4] = {
2847 SSE_FOP(cmpeq),
2848 SSE_FOP(cmplt),
2849 SSE_FOP(cmple),
2850 SSE_FOP(cmpunord),
2851 SSE_FOP(cmpneq),
2852 SSE_FOP(cmpnlt),
2853 SSE_FOP(cmpnle),
2854 SSE_FOP(cmpord),
2855 };
2856
2857 static const SSEFunc_0_epp sse_op_table5[256] = {
2858 [0x0c] = gen_helper_pi2fw,
2859 [0x0d] = gen_helper_pi2fd,
2860 [0x1c] = gen_helper_pf2iw,
2861 [0x1d] = gen_helper_pf2id,
2862 [0x8a] = gen_helper_pfnacc,
2863 [0x8e] = gen_helper_pfpnacc,
2864 [0x90] = gen_helper_pfcmpge,
2865 [0x94] = gen_helper_pfmin,
2866 [0x96] = gen_helper_pfrcp,
2867 [0x97] = gen_helper_pfrsqrt,
2868 [0x9a] = gen_helper_pfsub,
2869 [0x9e] = gen_helper_pfadd,
2870 [0xa0] = gen_helper_pfcmpgt,
2871 [0xa4] = gen_helper_pfmax,
2872 [0xa6] = gen_helper_movq, /* pfrcpit1; no need to actually increase precision */
2873 [0xa7] = gen_helper_movq, /* pfrsqit1 */
2874 [0xaa] = gen_helper_pfsubr,
2875 [0xae] = gen_helper_pfacc,
2876 [0xb0] = gen_helper_pfcmpeq,
2877 [0xb4] = gen_helper_pfmul,
2878 [0xb6] = gen_helper_movq, /* pfrcpit2 */
2879 [0xb7] = gen_helper_pmulhrw_mmx,
2880 [0xbb] = gen_helper_pswapd,
2881 [0xbf] = gen_helper_pavgb_mmx /* pavgusb */
2882 };
2883
2884 struct SSEOpHelper_epp {
2885 SSEFunc_0_epp op[2];
2886 uint32_t ext_mask;
2887 };
2888
2889 struct SSEOpHelper_eppi {
2890 SSEFunc_0_eppi op[2];
2891 uint32_t ext_mask;
2892 };
2893
2894 #define SSSE3_OP(x) { MMX_OP2(x), CPUID_EXT_SSSE3 }
2895 #define SSE41_OP(x) { { NULL, gen_helper_ ## x ## _xmm }, CPUID_EXT_SSE41 }
2896 #define SSE42_OP(x) { { NULL, gen_helper_ ## x ## _xmm }, CPUID_EXT_SSE42 }
2897 #define SSE41_SPECIAL { { NULL, SSE_SPECIAL }, CPUID_EXT_SSE41 }
2898 #define PCLMULQDQ_OP(x) { { NULL, gen_helper_ ## x ## _xmm }, \
2899 CPUID_EXT_PCLMULQDQ }
2900 #define AESNI_OP(x) { { NULL, gen_helper_ ## x ## _xmm }, CPUID_EXT_AES }
2901
2902 static const struct SSEOpHelper_epp sse_op_table6[256] = {
2903 [0x00] = SSSE3_OP(pshufb),
2904 [0x01] = SSSE3_OP(phaddw),
2905 [0x02] = SSSE3_OP(phaddd),
2906 [0x03] = SSSE3_OP(phaddsw),
2907 [0x04] = SSSE3_OP(pmaddubsw),
2908 [0x05] = SSSE3_OP(phsubw),
2909 [0x06] = SSSE3_OP(phsubd),
2910 [0x07] = SSSE3_OP(phsubsw),
2911 [0x08] = SSSE3_OP(psignb),
2912 [0x09] = SSSE3_OP(psignw),
2913 [0x0a] = SSSE3_OP(psignd),
2914 [0x0b] = SSSE3_OP(pmulhrsw),
2915 [0x10] = SSE41_OP(pblendvb),
2916 [0x14] = SSE41_OP(blendvps),
2917 [0x15] = SSE41_OP(blendvpd),
2918 [0x17] = SSE41_OP(ptest),
2919 [0x1c] = SSSE3_OP(pabsb),
2920 [0x1d] = SSSE3_OP(pabsw),
2921 [0x1e] = SSSE3_OP(pabsd),
2922 [0x20] = SSE41_OP(pmovsxbw),
2923 [0x21] = SSE41_OP(pmovsxbd),
2924 [0x22] = SSE41_OP(pmovsxbq),
2925 [0x23] = SSE41_OP(pmovsxwd),
2926 [0x24] = SSE41_OP(pmovsxwq),
2927 [0x25] = SSE41_OP(pmovsxdq),
2928 [0x28] = SSE41_OP(pmuldq),
2929 [0x29] = SSE41_OP(pcmpeqq),
2930 [0x2a] = SSE41_SPECIAL, /* movntqda */
2931 [0x2b] = SSE41_OP(packusdw),
2932 [0x30] = SSE41_OP(pmovzxbw),
2933 [0x31] = SSE41_OP(pmovzxbd),
2934 [0x32] = SSE41_OP(pmovzxbq),
2935 [0x33] = SSE41_OP(pmovzxwd),
2936 [0x34] = SSE41_OP(pmovzxwq),
2937 [0x35] = SSE41_OP(pmovzxdq),
2938 [0x37] = SSE42_OP(pcmpgtq),
2939 [0x38] = SSE41_OP(pminsb),
2940 [0x39] = SSE41_OP(pminsd),
2941 [0x3a] = SSE41_OP(pminuw),
2942 [0x3b] = SSE41_OP(pminud),
2943 [0x3c] = SSE41_OP(pmaxsb),
2944 [0x3d] = SSE41_OP(pmaxsd),
2945 [0x3e] = SSE41_OP(pmaxuw),
2946 [0x3f] = SSE41_OP(pmaxud),
2947 [0x40] = SSE41_OP(pmulld),
2948 [0x41] = SSE41_OP(phminposuw),
2949 [0xdb] = AESNI_OP(aesimc),
2950 [0xdc] = AESNI_OP(aesenc),
2951 [0xdd] = AESNI_OP(aesenclast),
2952 [0xde] = AESNI_OP(aesdec),
2953 [0xdf] = AESNI_OP(aesdeclast),
2954 };
2955
2956 static const struct SSEOpHelper_eppi sse_op_table7[256] = {
2957 [0x08] = SSE41_OP(roundps),
2958 [0x09] = SSE41_OP(roundpd),
2959 [0x0a] = SSE41_OP(roundss),
2960 [0x0b] = SSE41_OP(roundsd),
2961 [0x0c] = SSE41_OP(blendps),
2962 [0x0d] = SSE41_OP(blendpd),
2963 [0x0e] = SSE41_OP(pblendw),
2964 [0x0f] = SSSE3_OP(palignr),
2965 [0x14] = SSE41_SPECIAL, /* pextrb */
2966 [0x15] = SSE41_SPECIAL, /* pextrw */
2967 [0x16] = SSE41_SPECIAL, /* pextrd/pextrq */
2968 [0x17] = SSE41_SPECIAL, /* extractps */
2969 [0x20] = SSE41_SPECIAL, /* pinsrb */
2970 [0x21] = SSE41_SPECIAL, /* insertps */
2971 [0x22] = SSE41_SPECIAL, /* pinsrd/pinsrq */
2972 [0x40] = SSE41_OP(dpps),
2973 [0x41] = SSE41_OP(dppd),
2974 [0x42] = SSE41_OP(mpsadbw),
2975 [0x44] = PCLMULQDQ_OP(pclmulqdq),
2976 [0x60] = SSE42_OP(pcmpestrm),
2977 [0x61] = SSE42_OP(pcmpestri),
2978 [0x62] = SSE42_OP(pcmpistrm),
2979 [0x63] = SSE42_OP(pcmpistri),
2980 [0xdf] = AESNI_OP(aeskeygenassist),
2981 };
2982
2983 static void gen_sse(CPUX86State *env, DisasContext *s, int b,
2984 target_ulong pc_start, int rex_r)
2985 {
2986 int b1, op1_offset, op2_offset, is_xmm, val;
2987 int modrm, mod, rm, reg;
2988 SSEFunc_0_epp sse_fn_epp;
2989 SSEFunc_0_eppi sse_fn_eppi;
2990 SSEFunc_0_ppi sse_fn_ppi;
2991 SSEFunc_0_eppt sse_fn_eppt;
2992 TCGMemOp ot;
2993
2994 b &= 0xff;
2995 if (s->prefix & PREFIX_DATA)
2996 b1 = 1;
2997 else if (s->prefix & PREFIX_REPZ)
2998 b1 = 2;
2999 else if (s->prefix & PREFIX_REPNZ)
3000 b1 = 3;
3001 else
3002 b1 = 0;
3003 sse_fn_epp = sse_op_table1[b][b1];
3004 if (!sse_fn_epp) {
3005 goto unknown_op;
3006 }
3007 if ((b <= 0x5f && b >= 0x10) || b == 0xc6 || b == 0xc2) {
3008 is_xmm = 1;
3009 } else {
3010 if (b1 == 0) {
3011 /* MMX case */
3012 is_xmm = 0;
3013 } else {
3014 is_xmm = 1;
3015 }
3016 }
3017 /* simple MMX/SSE operation */
3018 if (s->flags & HF_TS_MASK) {
3019 gen_exception(s, EXCP07_PREX, pc_start - s->cs_base);
3020 return;
3021 }
3022 if (s->flags & HF_EM_MASK) {
3023 illegal_op:
3024 gen_illegal_opcode(s);
3025 return;
3026 }
3027 if (is_xmm
3028 && !(s->flags & HF_OSFXSR_MASK)
3029 && ((b != 0x38 && b != 0x3a) || (s->prefix & PREFIX_DATA))) {
3030 goto unknown_op;
3031 }
3032 if (b == 0x0e) {
3033 if (!(s->cpuid_ext2_features & CPUID_EXT2_3DNOW)) {
3034 /* If we were fully decoding this we might use illegal_op. */
3035 goto unknown_op;
3036 }
3037 /* femms */
3038 gen_helper_emms(cpu_env);
3039 return;
3040 }
3041 if (b == 0x77) {
3042 /* emms */
3043 gen_helper_emms(cpu_env);
3044 return;
3045 }
3046 /* prepare MMX state (XXX: optimize by storing fptt and fptags in
3047 the static cpu state) */
3048 if (!is_xmm) {
3049 gen_helper_enter_mmx(cpu_env);
3050 }
3051
3052 modrm = cpu_ldub_code(env, s->pc++);
3053 reg = ((modrm >> 3) & 7);
3054 if (is_xmm)
3055 reg |= rex_r;
3056 mod = (modrm >> 6) & 3;
3057 if (sse_fn_epp == SSE_SPECIAL) {
3058 b |= (b1 << 8);
3059 switch(b) {
3060 case 0x0e7: /* movntq */
3061 if (mod == 3) {
3062 goto illegal_op;
3063 }
3064 gen_lea_modrm(env, s, modrm);
3065 gen_stq_env_A0(s, offsetof(CPUX86State, fpregs[reg].mmx));
3066 break;
3067 case 0x1e7: /* movntdq */
3068 case 0x02b: /* movntps */
3069 case 0x12b: /* movntps */
3070 if (mod == 3)
3071 goto illegal_op;
3072 gen_lea_modrm(env, s, modrm);
3073 gen_sto_env_A0(s, offsetof(CPUX86State, xmm_regs[reg]));
3074 break;
3075 case 0x3f0: /* lddqu */
3076 if (mod == 3)
3077 goto illegal_op;
3078 gen_lea_modrm(env, s, modrm);
3079 gen_ldo_env_A0(s, offsetof(CPUX86State, xmm_regs[reg]));
3080 break;
3081 case 0x22b: /* movntss */
3082 case 0x32b: /* movntsd */
3083 if (mod == 3)
3084 goto illegal_op;
3085 gen_lea_modrm(env, s, modrm);
3086 if (b1 & 1) {
3087 gen_stq_env_A0(s, offsetof(CPUX86State,
3088 xmm_regs[reg].ZMM_Q(0)));
3089 } else {
3090 tcg_gen_ld32u_tl(cpu_T0, cpu_env, offsetof(CPUX86State,
3091 xmm_regs[reg].ZMM_L(0)));
3092 gen_op_st_v(s, MO_32, cpu_T0, cpu_A0);
3093 }
3094 break;
3095 case 0x6e: /* movd mm, ea */
3096 #ifdef TARGET_X86_64
3097 if (s->dflag == MO_64) {
3098 gen_ldst_modrm(env, s, modrm, MO_64, OR_TMP0, 0);
3099 tcg_gen_st_tl(cpu_T0, cpu_env, offsetof(CPUX86State,fpregs[reg].mmx));
3100 } else
3101 #endif
3102 {
3103 gen_ldst_modrm(env, s, modrm, MO_32, OR_TMP0, 0);
3104 tcg_gen_addi_ptr(cpu_ptr0, cpu_env,
3105 offsetof(CPUX86State,fpregs[reg].mmx));
3106 tcg_gen_trunc_tl_i32(cpu_tmp2_i32, cpu_T0);
3107 gen_helper_movl_mm_T0_mmx(cpu_ptr0, cpu_tmp2_i32);
3108 }
3109 break;
3110 case 0x16e: /* movd xmm, ea */
3111 #ifdef TARGET_X86_64
3112 if (s->dflag == MO_64) {
3113 gen_ldst_modrm(env, s, modrm, MO_64, OR_TMP0, 0);
3114 tcg_gen_addi_ptr(cpu_ptr0, cpu_env,
3115 offsetof(CPUX86State,xmm_regs[reg]));
3116 gen_helper_movq_mm_T0_xmm(cpu_ptr0, cpu_T0);
3117 } else
3118 #endif
3119 {
3120 gen_ldst_modrm(env, s, modrm, MO_32, OR_TMP0, 0);
3121 tcg_gen_addi_ptr(cpu_ptr0, cpu_env,
3122 offsetof(CPUX86State,xmm_regs[reg]));
3123 tcg_gen_trunc_tl_i32(cpu_tmp2_i32, cpu_T0);
3124 gen_helper_movl_mm_T0_xmm(cpu_ptr0, cpu_tmp2_i32);
3125 }
3126 break;
3127 case 0x6f: /* movq mm, ea */
3128 if (mod != 3) {
3129 gen_lea_modrm(env, s, modrm);
3130 gen_ldq_env_A0(s, offsetof(CPUX86State, fpregs[reg].mmx));
3131 } else {
3132 rm = (modrm & 7);
3133 tcg_gen_ld_i64(cpu_tmp1_i64, cpu_env,
3134 offsetof(CPUX86State,fpregs[rm].mmx));
3135 tcg_gen_st_i64(cpu_tmp1_i64, cpu_env,
3136 offsetof(CPUX86State,fpregs[reg].mmx));
3137 }
3138 break;
3139 case 0x010: /* movups */
3140 case 0x110: /* movupd */
3141 case 0x028: /* movaps */
3142 case 0x128: /* movapd */
3143 case 0x16f: /* movdqa xmm, ea */
3144 case 0x26f: /* movdqu xmm, ea */
3145 if (mod != 3) {
3146 gen_lea_modrm(env, s, modrm);
3147 gen_ldo_env_A0(s, offsetof(CPUX86State, xmm_regs[reg]));
3148 } else {
3149 rm = (modrm & 7) | REX_B(s);
3150 gen_op_movo(offsetof(CPUX86State,xmm_regs[reg]),
3151 offsetof(CPUX86State,xmm_regs[rm]));
3152 }
3153 break;
3154 case 0x210: /* movss xmm, ea */
3155 if (mod != 3) {
3156 gen_lea_modrm(env, s, modrm);
3157 gen_op_ld_v(s, MO_32, cpu_T0, cpu_A0);
3158 tcg_gen_st32_tl(cpu_T0, cpu_env, offsetof(CPUX86State,xmm_regs[reg].ZMM_L(0)));
3159 tcg_gen_movi_tl(cpu_T0, 0);
3160 tcg_gen_st32_tl(cpu_T0, cpu_env, offsetof(CPUX86State,xmm_regs[reg].ZMM_L(1)));
3161 tcg_gen_st32_tl(cpu_T0, cpu_env, offsetof(CPUX86State,xmm_regs[reg].ZMM_L(2)));
3162 tcg_gen_st32_tl(cpu_T0, cpu_env, offsetof(CPUX86State,xmm_regs[reg].ZMM_L(3)));
3163 } else {
3164 rm = (modrm & 7) | REX_B(s);
3165 gen_op_movl(offsetof(CPUX86State,xmm_regs[reg].ZMM_L(0)),
3166 offsetof(CPUX86State,xmm_regs[rm].ZMM_L(0)));
3167 }
3168 break;
3169 case 0x310: /* movsd xmm, ea */
3170 if (mod != 3) {
3171 gen_lea_modrm(env, s, modrm);
3172 gen_ldq_env_A0(s, offsetof(CPUX86State,
3173 xmm_regs[reg].ZMM_Q(0)));
3174 tcg_gen_movi_tl(cpu_T0, 0);
3175 tcg_gen_st32_tl(cpu_T0, cpu_env, offsetof(CPUX86State,xmm_regs[reg].ZMM_L(2)));
3176 tcg_gen_st32_tl(cpu_T0, cpu_env, offsetof(CPUX86State,xmm_regs[reg].ZMM_L(3)));
3177 } else {
3178 rm = (modrm & 7) | REX_B(s);
3179 gen_op_movq(offsetof(CPUX86State,xmm_regs[reg].ZMM_Q(0)),
3180 offsetof(CPUX86State,xmm_regs[rm].ZMM_Q(0)));
3181 }
3182 break;
3183 case 0x012: /* movlps */
3184 case 0x112: /* movlpd */
3185 if (mod != 3) {
3186 gen_lea_modrm(env, s, modrm);
3187 gen_ldq_env_A0(s, offsetof(CPUX86State,
3188 xmm_regs[reg].ZMM_Q(0)));
3189 } else {
3190 /* movhlps */
3191 rm = (modrm & 7) | REX_B(s);
3192 gen_op_movq(offsetof(CPUX86State,xmm_regs[reg].ZMM_Q(0)),
3193 offsetof(CPUX86State,xmm_regs[rm].ZMM_Q(1)));
3194 }
3195 break;
3196 case 0x212: /* movsldup */
3197 if (mod != 3) {
3198 gen_lea_modrm(env, s, modrm);
3199 gen_ldo_env_A0(s, offsetof(CPUX86State, xmm_regs[reg]));
3200 } else {
3201 rm = (modrm & 7) | REX_B(s);
3202 gen_op_movl(offsetof(CPUX86State,xmm_regs[reg].ZMM_L(0)),
3203 offsetof(CPUX86State,xmm_regs[rm].ZMM_L(0)));
3204 gen_op_movl(offsetof(CPUX86State,xmm_regs[reg].ZMM_L(2)),
3205 offsetof(CPUX86State,xmm_regs[rm].ZMM_L(2)));
3206 }
3207 gen_op_movl(offsetof(CPUX86State,xmm_regs[reg].ZMM_L(1)),
3208 offsetof(CPUX86State,xmm_regs[reg].ZMM_L(0)));
3209 gen_op_movl(offsetof(CPUX86State,xmm_regs[reg].ZMM_L(3)),
3210 offsetof(CPUX86State,xmm_regs[reg].ZMM_L(2)));
3211 break;
3212 case 0x312: /* movddup */
3213 if (mod != 3) {
3214 gen_lea_modrm(env, s, modrm);
3215 gen_ldq_env_A0(s, offsetof(CPUX86State,
3216 xmm_regs[reg].ZMM_Q(0)));
3217 } else {
3218 rm = (modrm & 7) | REX_B(s);
3219 gen_op_movq(offsetof(CPUX86State,xmm_regs[reg].ZMM_Q(0)),
3220 offsetof(CPUX86State,xmm_regs[rm].ZMM_Q(0)));
3221 }
3222 gen_op_movq(offsetof(CPUX86State,xmm_regs[reg].ZMM_Q(1)),
3223 offsetof(CPUX86State,xmm_regs[reg].ZMM_Q(0)));
3224 break;
3225 case 0x016: /* movhps */
3226 case 0x116: /* movhpd */
3227 if (mod != 3) {
3228 gen_lea_modrm(env, s, modrm);
3229 gen_ldq_env_A0(s, offsetof(CPUX86State,
3230 xmm_regs[reg].ZMM_Q(1)));
3231 } else {
3232 /* movlhps */
3233 rm = (modrm & 7) | REX_B(s);
3234 gen_op_movq(offsetof(CPUX86State,xmm_regs[reg].ZMM_Q(1)),
3235 offsetof(CPUX86State,xmm_regs[rm].ZMM_Q(0)));
3236 }
3237 break;
3238 case 0x216: /* movshdup */
3239 if (mod != 3) {
3240 gen_lea_modrm(env, s, modrm);
3241 gen_ldo_env_A0(s, offsetof(CPUX86State, xmm_regs[reg]));
3242 } else {
3243 rm = (modrm & 7) | REX_B(s);
3244 gen_op_movl(offsetof(CPUX86State,xmm_regs[reg].ZMM_L(1)),
3245 offsetof(CPUX86State,xmm_regs[rm].ZMM_L(1)));
3246 gen_op_movl(offsetof(CPUX86State,xmm_regs[reg].ZMM_L(3)),
3247 offsetof(CPUX86State,xmm_regs[rm].ZMM_L(3)));
3248 }
3249 gen_op_movl(offsetof(CPUX86State,xmm_regs[reg].ZMM_L(0)),
3250 offsetof(CPUX86State,xmm_regs[reg].ZMM_L(1)));
3251 gen_op_movl(offsetof(CPUX86State,xmm_regs[reg].ZMM_L(2)),
3252 offsetof(CPUX86State,xmm_regs[reg].ZMM_L(3)));
3253 break;
3254 case 0x178:
3255 case 0x378:
3256 {
3257 int bit_index, field_length;
3258
3259 if (b1 == 1 && reg != 0)
3260 goto illegal_op;
3261 field_length = cpu_ldub_code(env, s->pc++) & 0x3F;
3262 bit_index = cpu_ldub_code(env, s->pc++) & 0x3F;
3263 tcg_gen_addi_ptr(cpu_ptr0, cpu_env,
3264 offsetof(CPUX86State,xmm_regs[reg]));
3265 if (b1 == 1)
3266 gen_helper_extrq_i(cpu_env, cpu_ptr0,
3267 tcg_const_i32(bit_index),
3268 tcg_const_i32(field_length));
3269 else
3270 gen_helper_insertq_i(cpu_env, cpu_ptr0,
3271 tcg_const_i32(bit_index),
3272 tcg_const_i32(field_length));
3273 }
3274 break;
3275 case 0x7e: /* movd ea, mm */
3276 #ifdef TARGET_X86_64
3277 if (s->dflag == MO_64) {
3278 tcg_gen_ld_i64(cpu_T0, cpu_env,
3279 offsetof(CPUX86State,fpregs[reg].mmx));
3280 gen_ldst_modrm(env, s, modrm, MO_64, OR_TMP0, 1);
3281 } else
3282 #endif
3283 {
3284 tcg_gen_ld32u_tl(cpu_T0, cpu_env,
3285 offsetof(CPUX86State,fpregs[reg].mmx.MMX_L(0)));
3286 gen_ldst_modrm(env, s, modrm, MO_32, OR_TMP0, 1);
3287 }
3288 break;
3289 case 0x17e: /* movd ea, xmm */
3290 #ifdef TARGET_X86_64
3291 if (s->dflag == MO_64) {
3292 tcg_gen_ld_i64(cpu_T0, cpu_env,
3293 offsetof(CPUX86State,xmm_regs[reg].ZMM_Q(0)));
3294 gen_ldst_modrm(env, s, modrm, MO_64, OR_TMP0, 1);
3295 } else
3296 #endif
3297 {
3298 tcg_gen_ld32u_tl(cpu_T0, cpu_env,
3299 offsetof(CPUX86State,xmm_regs[reg].ZMM_L(0)));
3300 gen_ldst_modrm(env, s, modrm, MO_32, OR_TMP0, 1);
3301 }
3302 break;
3303 case 0x27e: /* movq xmm, ea */
3304 if (mod != 3) {
3305 gen_lea_modrm(env, s, modrm);
3306 gen_ldq_env_A0(s, offsetof(CPUX86State,
3307 xmm_regs[reg].ZMM_Q(0)));
3308 } else {
3309 rm = (modrm & 7) | REX_B(s);
3310 gen_op_movq(offsetof(CPUX86State,xmm_regs[reg].ZMM_Q(0)),
3311 offsetof(CPUX86State,xmm_regs[rm].ZMM_Q(0)));
3312 }
3313 gen_op_movq_env_0(offsetof(CPUX86State,xmm_regs[reg].ZMM_Q(1)));
3314 break;
3315 case 0x7f: /* movq ea, mm */
3316 if (mod != 3) {
3317 gen_lea_modrm(env, s, modrm);
3318 gen_stq_env_A0(s, offsetof(CPUX86State, fpregs[reg].mmx));
3319 } else {
3320 rm = (modrm & 7);
3321 gen_op_movq(offsetof(CPUX86State,fpregs[rm].mmx),
3322 offsetof(CPUX86State,fpregs[reg].mmx));
3323 }
3324 break;
3325 case 0x011: /* movups */
3326 case 0x111: /* movupd */
3327 case 0x029: /* movaps */
3328 case 0x129: /* movapd */
3329 case 0x17f: /* movdqa ea, xmm */
3330 case 0x27f: /* movdqu ea, xmm */
3331 if (mod != 3) {
3332 gen_lea_modrm(env, s, modrm);
3333 gen_sto_env_A0(s, offsetof(CPUX86State, xmm_regs[reg]));
3334 } else {
3335 rm = (modrm & 7) | REX_B(s);
3336 gen_op_movo(offsetof(CPUX86State,xmm_regs[rm]),
3337 offsetof(CPUX86State,xmm_regs[reg]));
3338 }
3339 break;
3340 case 0x211: /* movss ea, xmm */
3341 if (mod != 3) {
3342 gen_lea_modrm(env, s, modrm);
3343 tcg_gen_ld32u_tl(cpu_T0, cpu_env, offsetof(CPUX86State,xmm_regs[reg].ZMM_L(0)));
3344 gen_op_st_v(s, MO_32, cpu_T0, cpu_A0);
3345 } else {
3346 rm = (modrm & 7) | REX_B(s);
3347 gen_op_movl(offsetof(CPUX86State,xmm_regs[rm].ZMM_L(0)),
3348 offsetof(CPUX86State,xmm_regs[reg].ZMM_L(0)));
3349 }
3350 break;
3351 case 0x311: /* movsd ea, xmm */
3352 if (mod != 3) {
3353 gen_lea_modrm(env, s, modrm);
3354 gen_stq_env_A0(s, offsetof(CPUX86State,
3355 xmm_regs[reg].ZMM_Q(0)));
3356 } else {
3357 rm = (modrm & 7) | REX_B(s);
3358 gen_op_movq(offsetof(CPUX86State,xmm_regs[rm].ZMM_Q(0)),
3359 offsetof(CPUX86State,xmm_regs[reg].ZMM_Q(0)));
3360 }
3361 break;
3362 case 0x013: /* movlps */
3363 case 0x113: /* movlpd */
3364 if (mod != 3) {
3365 gen_lea_modrm(env, s, modrm);
3366 gen_stq_env_A0(s, offsetof(CPUX86State,
3367 xmm_regs[reg].ZMM_Q(0)));
3368 } else {
3369 goto illegal_op;
3370 }
3371 break;
3372 case 0x017: /* movhps */
3373 case 0x117: /* movhpd */
3374 if (mod != 3) {
3375 gen_lea_modrm(env, s, modrm);
3376 gen_stq_env_A0(s, offsetof(CPUX86State,
3377 xmm_regs[reg].ZMM_Q(1)));
3378 } else {
3379 goto illegal_op;
3380 }
3381 break;
3382 case 0x71: /* shift mm, im */
3383 case 0x72:
3384 case 0x73:
3385 case 0x171: /* shift xmm, im */
3386 case 0x172:
3387 case 0x173:
3388 if (b1 >= 2) {
3389 goto unknown_op;
3390 }
3391 val = cpu_ldub_code(env, s->pc++);
3392 if (is_xmm) {
3393 tcg_gen_movi_tl(cpu_T0, val);
3394 tcg_gen_st32_tl(cpu_T0, cpu_env, offsetof(CPUX86State,xmm_t0.ZMM_L(0)));
3395 tcg_gen_movi_tl(cpu_T0, 0);
3396 tcg_gen_st32_tl(cpu_T0, cpu_env, offsetof(CPUX86State,xmm_t0.ZMM_L(1)));
3397 op1_offset = offsetof(CPUX86State,xmm_t0);
3398 } else {
3399 tcg_gen_movi_tl(cpu_T0, val);
3400 tcg_gen_st32_tl(cpu_T0, cpu_env, offsetof(CPUX86State,mmx_t0.MMX_L(0)));
3401 tcg_gen_movi_tl(cpu_T0, 0);
3402 tcg_gen_st32_tl(cpu_T0, cpu_env, offsetof(CPUX86State,mmx_t0.MMX_L(1)));
3403 op1_offset = offsetof(CPUX86State,mmx_t0);
3404 }
3405 sse_fn_epp = sse_op_table2[((b - 1) & 3) * 8 +
3406 (((modrm >> 3)) & 7)][b1];
3407 if (!sse_fn_epp) {
3408 goto unknown_op;
3409 }
3410 if (is_xmm) {
3411 rm = (modrm & 7) | REX_B(s);
3412 op2_offset = offsetof(CPUX86State,xmm_regs[rm]);
3413 } else {
3414 rm = (modrm & 7);
3415 op2_offset = offsetof(CPUX86State,fpregs[rm].mmx);
3416 }
3417 tcg_gen_addi_ptr(cpu_ptr0, cpu_env, op2_offset);
3418 tcg_gen_addi_ptr(cpu_ptr1, cpu_env, op1_offset);
3419 sse_fn_epp(cpu_env, cpu_ptr0, cpu_ptr1);
3420 break;
3421 case 0x050: /* movmskps */
3422 rm = (modrm & 7) | REX_B(s);
3423 tcg_gen_addi_ptr(cpu_ptr0, cpu_env,
3424 offsetof(CPUX86State,xmm_regs[rm]));
3425 gen_helper_movmskps(cpu_tmp2_i32, cpu_env, cpu_ptr0);
3426 tcg_gen_extu_i32_tl(cpu_regs[reg], cpu_tmp2_i32);
3427 break;
3428 case 0x150: /* movmskpd */
3429 rm = (modrm & 7) | REX_B(s);
3430 tcg_gen_addi_ptr(cpu_ptr0, cpu_env,
3431 offsetof(CPUX86State,xmm_regs[rm]));
3432 gen_helper_movmskpd(cpu_tmp2_i32, cpu_env, cpu_ptr0);
3433 tcg_gen_extu_i32_tl(cpu_regs[reg], cpu_tmp2_i32);
3434 break;
3435 case 0x02a: /* cvtpi2ps */
3436 case 0x12a: /* cvtpi2pd */
3437 gen_helper_enter_mmx(cpu_env);
3438 if (mod != 3) {
3439 gen_lea_modrm(env, s, modrm);
3440 op2_offset = offsetof(CPUX86State,mmx_t0);
3441 gen_ldq_env_A0(s, op2_offset);
3442 } else {
3443 rm = (modrm & 7);
3444 op2_offset = offsetof(CPUX86State,fpregs[rm].mmx);
3445 }
3446 op1_offset = offsetof(CPUX86State,xmm_regs[reg]);
3447 tcg_gen_addi_ptr(cpu_ptr0, cpu_env, op1_offset);
3448 tcg_gen_addi_ptr(cpu_ptr1, cpu_env, op2_offset);
3449 switch(b >> 8) {
3450 case 0x0:
3451 gen_helper_cvtpi2ps(cpu_env, cpu_ptr0, cpu_ptr1);
3452 break;
3453 default:
3454 case 0x1:
3455 gen_helper_cvtpi2pd(cpu_env, cpu_ptr0, cpu_ptr1);
3456 break;
3457 }
3458 break;
3459 case 0x22a: /* cvtsi2ss */
3460 case 0x32a: /* cvtsi2sd */
3461 ot = mo_64_32(s->dflag);
3462 gen_ldst_modrm(env, s, modrm, ot, OR_TMP0, 0);
3463 op1_offset = offsetof(CPUX86State,xmm_regs[reg]);
3464 tcg_gen_addi_ptr(cpu_ptr0, cpu_env, op1_offset);
3465 if (ot == MO_32) {
3466 SSEFunc_0_epi sse_fn_epi = sse_op_table3ai[(b >> 8) & 1];
3467 tcg_gen_trunc_tl_i32(cpu_tmp2_i32, cpu_T0);
3468 sse_fn_epi(cpu_env, cpu_ptr0, cpu_tmp2_i32);
3469 } else {
3470 #ifdef TARGET_X86_64
3471 SSEFunc_0_epl sse_fn_epl = sse_op_table3aq[(b >> 8) & 1];
3472 sse_fn_epl(cpu_env, cpu_ptr0, cpu_T0);
3473 #else
3474 goto illegal_op;
3475 #endif
3476 }
3477 break;
3478 case 0x02c: /* cvttps2pi */
3479 case 0x12c: /* cvttpd2pi */
3480 case 0x02d: /* cvtps2pi */
3481 case 0x12d: /* cvtpd2pi */
3482 gen_helper_enter_mmx(cpu_env);
3483 if (mod != 3) {
3484 gen_lea_modrm(env, s, modrm);
3485 op2_offset = offsetof(CPUX86State,xmm_t0);
3486 gen_ldo_env_A0(s, op2_offset);
3487 } else {
3488 rm = (modrm & 7) | REX_B(s);
3489 op2_offset = offsetof(CPUX86State,xmm_regs[rm]);
3490 }
3491 op1_offset = offsetof(CPUX86State,fpregs[reg & 7].mmx);
3492 tcg_gen_addi_ptr(cpu_ptr0, cpu_env, op1_offset);
3493 tcg_gen_addi_ptr(cpu_ptr1, cpu_env, op2_offset);
3494 switch(b) {
3495 case 0x02c:
3496 gen_helper_cvttps2pi(cpu_env, cpu_ptr0, cpu_ptr1);
3497 break;
3498 case 0x12c:
3499 gen_helper_cvttpd2pi(cpu_env, cpu_ptr0, cpu_ptr1);
3500 break;
3501 case 0x02d:
3502 gen_helper_cvtps2pi(cpu_env, cpu_ptr0, cpu_ptr1);
3503 break;
3504 case 0x12d:
3505 gen_helper_cvtpd2pi(cpu_env, cpu_ptr0, cpu_ptr1);
3506 break;
3507 }
3508 break;
3509 case 0x22c: /* cvttss2si */
3510 case 0x32c: /* cvttsd2si */
3511 case 0x22d: /* cvtss2si */
3512 case 0x32d: /* cvtsd2si */
3513 ot = mo_64_32(s->dflag);
3514 if (mod != 3) {
3515 gen_lea_modrm(env, s, modrm);
3516 if ((b >> 8) & 1) {
3517 gen_ldq_env_A0(s, offsetof(CPUX86State, xmm_t0.ZMM_Q(0)));
3518 } else {
3519 gen_op_ld_v(s, MO_32, cpu_T0, cpu_A0);
3520 tcg_gen_st32_tl(cpu_T0, cpu_env, offsetof(CPUX86State,xmm_t0.ZMM_L(0)));
3521 }
3522 op2_offset = offsetof(CPUX86State,xmm_t0);
3523 } else {
3524 rm = (modrm & 7) | REX_B(s);
3525 op2_offset = offsetof(CPUX86State,xmm_regs[rm]);
3526 }
3527 tcg_gen_addi_ptr(cpu_ptr0, cpu_env, op2_offset);
3528 if (ot == MO_32) {
3529 SSEFunc_i_ep sse_fn_i_ep =
3530 sse_op_table3bi[((b >> 7) & 2) | (b & 1)];
3531 sse_fn_i_ep(cpu_tmp2_i32, cpu_env, cpu_ptr0);
3532 tcg_gen_extu_i32_tl(cpu_T0, cpu_tmp2_i32);
3533 } else {
3534 #ifdef TARGET_X86_64
3535 SSEFunc_l_ep sse_fn_l_ep =
3536 sse_op_table3bq[((b >> 7) & 2) | (b & 1)];
3537 sse_fn_l_ep(cpu_T0, cpu_env, cpu_ptr0);
3538 #else
3539 goto illegal_op;
3540 #endif
3541 }
3542 gen_op_mov_reg_v(ot, reg, cpu_T0);
3543 break;
3544 case 0xc4: /* pinsrw */
3545 case 0x1c4:
3546 s->rip_offset = 1;
3547 gen_ldst_modrm(env, s, modrm, MO_16, OR_TMP0, 0);
3548 val = cpu_ldub_code(env, s->pc++);
3549 if (b1) {
3550 val &= 7;
3551 tcg_gen_st16_tl(cpu_T0, cpu_env,
3552 offsetof(CPUX86State,xmm_regs[reg].ZMM_W(val)));
3553 } else {
3554 val &= 3;
3555 tcg_gen_st16_tl(cpu_T0, cpu_env,
3556 offsetof(CPUX86State,fpregs[reg].mmx.MMX_W(val)));
3557 }
3558 break;
3559 case 0xc5: /* pextrw */
3560 case 0x1c5:
3561 if (mod != 3)
3562 goto illegal_op;
3563 ot = mo_64_32(s->dflag);
3564 val = cpu_ldub_code(env, s->pc++);
3565 if (b1) {
3566 val &= 7;
3567 rm = (modrm & 7) | REX_B(s);
3568 tcg_gen_ld16u_tl(cpu_T0, cpu_env,
3569 offsetof(CPUX86State,xmm_regs[rm].ZMM_W(val)));
3570 } else {
3571 val &= 3;
3572 rm = (modrm & 7);
3573 tcg_gen_ld16u_tl(cpu_T0, cpu_env,
3574 offsetof(CPUX86State,fpregs[rm].mmx.MMX_W(val)));
3575 }
3576 reg = ((modrm >> 3) & 7) | rex_r;
3577 gen_op_mov_reg_v(ot, reg, cpu_T0);
3578 break;
3579 case 0x1d6: /* movq ea, xmm */
3580 if (mod != 3) {
3581 gen_lea_modrm(env, s, modrm);
3582 gen_stq_env_A0(s, offsetof(CPUX86State,
3583 xmm_regs[reg].ZMM_Q(0)));
3584 } else {
3585 rm = (modrm & 7) | REX_B(s);
3586 gen_op_movq(offsetof(CPUX86State,xmm_regs[rm].ZMM_Q(0)),
3587 offsetof(CPUX86State,xmm_regs[reg].ZMM_Q(0)));
3588 gen_op_movq_env_0(offsetof(CPUX86State,xmm_regs[rm].ZMM_Q(1)));
3589 }
3590 break;
3591 case 0x2d6: /* movq2dq */
3592 gen_helper_enter_mmx(cpu_env);
3593 rm = (modrm & 7);
3594 gen_op_movq(offsetof(CPUX86State,xmm_regs[reg].ZMM_Q(0)),
3595 offsetof(CPUX86State,fpregs[rm].mmx));
3596 gen_op_movq_env_0(offsetof(CPUX86State,xmm_regs[reg].ZMM_Q(1)));
3597 break;
3598 case 0x3d6: /* movdq2q */
3599 gen_helper_enter_mmx(cpu_env);
3600 rm = (modrm & 7) | REX_B(s);
3601 gen_op_movq(offsetof(CPUX86State,fpregs[reg & 7].mmx),
3602 offsetof(CPUX86State,xmm_regs[rm].ZMM_Q(0)));
3603 break;
3604 case 0xd7: /* pmovmskb */
3605 case 0x1d7:
3606 if (mod != 3)
3607 goto illegal_op;
3608 if (b1) {
3609 rm = (modrm & 7) | REX_B(s);
3610 tcg_gen_addi_ptr(cpu_ptr0, cpu_env, offsetof(CPUX86State,xmm_regs[rm]));
3611 gen_helper_pmovmskb_xmm(cpu_tmp2_i32, cpu_env, cpu_ptr0);
3612 } else {
3613 rm = (modrm & 7);
3614 tcg_gen_addi_ptr(cpu_ptr0, cpu_env, offsetof(CPUX86State,fpregs[rm].mmx));
3615 gen_helper_pmovmskb_mmx(cpu_tmp2_i32, cpu_env, cpu_ptr0);
3616 }
3617 reg = ((modrm >> 3) & 7) | rex_r;
3618 tcg_gen_extu_i32_tl(cpu_regs[reg], cpu_tmp2_i32);
3619 break;
3620
3621 case 0x138:
3622 case 0x038:
3623 b = modrm;
3624 if ((b & 0xf0) == 0xf0) {
3625 goto do_0f_38_fx;
3626 }
3627 modrm = cpu_ldub_code(env, s->pc++);
3628 rm = modrm & 7;
3629 reg = ((modrm >> 3) & 7) | rex_r;
3630 mod = (modrm >> 6) & 3;
3631 if (b1 >= 2) {
3632 goto unknown_op;
3633 }
3634
3635 sse_fn_epp = sse_op_table6[b].op[b1];
3636 if (!sse_fn_epp) {
3637 goto unknown_op;
3638 }
3639 if (!(s->cpuid_ext_features & sse_op_table6[b].ext_mask))
3640 goto illegal_op;
3641
3642 if (b1) {
3643 op1_offset = offsetof(CPUX86State,xmm_regs[reg]);
3644 if (mod == 3) {
3645 op2_offset = offsetof(CPUX86State,xmm_regs[rm | REX_B(s)]);
3646 } else {
3647 op2_offset = offsetof(CPUX86State,xmm_t0);
3648 gen_lea_modrm(env, s, modrm);
3649 switch (b) {
3650 case 0x20: case 0x30: /* pmovsxbw, pmovzxbw */
3651 case 0x23: case 0x33: /* pmovsxwd, pmovzxwd */
3652 case 0x25: case 0x35: /* pmovsxdq, pmovzxdq */
3653 gen_ldq_env_A0(s, op2_offset +
3654 offsetof(ZMMReg, ZMM_Q(0)));
3655 break;
3656 case 0x21: case 0x31: /* pmovsxbd, pmovzxbd */
3657 case 0x24: case 0x34: /* pmovsxwq, pmovzxwq */
3658 tcg_gen_qemu_ld_i32(cpu_tmp2_i32, cpu_A0,
3659 s->mem_index, MO_LEUL);
3660 tcg_gen_st_i32(cpu_tmp2_i32, cpu_env, op2_offset +
3661 offsetof(ZMMReg, ZMM_L(0)));
3662 break;
3663 case 0x22: case 0x32: /* pmovsxbq, pmovzxbq */
3664 tcg_gen_qemu_ld_tl(cpu_tmp0, cpu_A0,
3665 s->mem_index, MO_LEUW);
3666 tcg_gen_st16_tl(cpu_tmp0, cpu_env, op2_offset +
3667 offsetof(ZMMReg, ZMM_W(0)));
3668 break;
3669 case 0x2a: /* movntqda */
3670 gen_ldo_env_A0(s, op1_offset);
3671 return;
3672 default:
3673 gen_ldo_env_A0(s, op2_offset);
3674 }
3675 }
3676 } else {
3677 op1_offset = offsetof(CPUX86State,fpregs[reg].mmx);
3678 if (mod == 3) {
3679 op2_offset = offsetof(CPUX86State,fpregs[rm].mmx);
3680 } else {
3681 op2_offset = offsetof(CPUX86State,mmx_t0);
3682 gen_lea_modrm(env, s, modrm);
3683 gen_ldq_env_A0(s, op2_offset);
3684 }
3685 }
3686 if (sse_fn_epp == SSE_SPECIAL) {
3687 goto unknown_op;
3688 }
3689
3690 tcg_gen_addi_ptr(cpu_ptr0, cpu_env, op1_offset);
3691 tcg_gen_addi_ptr(cpu_ptr1, cpu_env, op2_offset);
3692 sse_fn_epp(cpu_env, cpu_ptr0, cpu_ptr1);
3693
3694 if (b == 0x17) {
3695 set_cc_op(s, CC_OP_EFLAGS);
3696 }
3697 break;
3698
3699 case 0x238:
3700 case 0x338:
3701 do_0f_38_fx:
3702 /* Various integer extensions at 0f 38 f[0-f]. */
3703 b = modrm | (b1 << 8);
3704 modrm = cpu_ldub_code(env, s->pc++);
3705 reg = ((modrm >> 3) & 7) | rex_r;
3706
3707 switch (b) {
3708 case 0x3f0: /* crc32 Gd,Eb */
3709 case 0x3f1: /* crc32 Gd,Ey */
3710 do_crc32:
3711 if (!(s->cpuid_ext_features & CPUID_EXT_SSE42)) {
3712 goto illegal_op;
3713 }
3714 if ((b & 0xff) == 0xf0) {
3715 ot = MO_8;
3716 } else if (s->dflag != MO_64) {
3717 ot = (s->prefix & PREFIX_DATA ? MO_16 : MO_32);
3718 } else {
3719 ot = MO_64;
3720 }
3721
3722 tcg_gen_trunc_tl_i32(cpu_tmp2_i32, cpu_regs[reg]);
3723 gen_ldst_modrm(env, s, modrm, ot, OR_TMP0, 0);
3724 gen_helper_crc32(cpu_T0, cpu_tmp2_i32,
3725 cpu_T0, tcg_const_i32(8 << ot));
3726
3727 ot = mo_64_32(s->dflag);
3728 gen_op_mov_reg_v(ot, reg, cpu_T0);
3729 break;
3730
3731 case 0x1f0: /* crc32 or movbe */
3732 case 0x1f1:
3733 /* For these insns, the f3 prefix is supposed to have priority
3734 over the 66 prefix, but that's not what we implement above
3735 setting b1. */
3736 if (s->prefix & PREFIX_REPNZ) {
3737 goto do_crc32;
3738 }
3739 /* FALLTHRU */
3740 case 0x0f0: /* movbe Gy,My */
3741 case 0x0f1: /* movbe My,Gy */
3742 if (!(s->cpuid_ext_features & CPUID_EXT_MOVBE)) {
3743 goto illegal_op;
3744 }
3745 if (s->dflag != MO_64) {
3746 ot = (s->prefix & PREFIX_DATA ? MO_16 : MO_32);
3747 } else {
3748 ot = MO_64;
3749 }
3750
3751 gen_lea_modrm(env, s, modrm);
3752 if ((b & 1) == 0) {
3753 tcg_gen_qemu_ld_tl(cpu_T0, cpu_A0,
3754 s->mem_index, ot | MO_BE);
3755 gen_op_mov_reg_v(ot, reg, cpu_T0);
3756 } else {
3757 tcg_gen_qemu_st_tl(cpu_regs[reg], cpu_A0,
3758 s->mem_index, ot | MO_BE);
3759 }
3760 break;
3761
3762 case 0x0f2: /* andn Gy, By, Ey */
3763 if (!(s->cpuid_7_0_ebx_features & CPUID_7_0_EBX_BMI1)
3764 || !(s->prefix & PREFIX_VEX)
3765 || s->vex_l != 0) {
3766 goto illegal_op;
3767 }
3768 ot = mo_64_32(s->dflag);
3769 gen_ldst_modrm(env, s, modrm, ot, OR_TMP0, 0);
3770 tcg_gen_andc_tl(cpu_T0, cpu_regs[s->vex_v], cpu_T0);
3771 gen_op_mov_reg_v(ot, reg, cpu_T0);
3772 gen_op_update1_cc();
3773 set_cc_op(s, CC_OP_LOGICB + ot);
3774 break;
3775
3776 case 0x0f7: /* bextr Gy, Ey, By */
3777 if (!(s->cpuid_7_0_ebx_features & CPUID_7_0_EBX_BMI1)
3778 || !(s->prefix & PREFIX_VEX)
3779 || s->vex_l != 0) {
3780 goto illegal_op;
3781 }
3782 ot = mo_64_32(s->dflag);
3783 {
3784 TCGv bound, zero;
3785
3786 gen_ldst_modrm(env, s, modrm, ot, OR_TMP0, 0);
3787 /* Extract START, and shift the operand.
3788 Shifts larger than operand size get zeros. */
3789 tcg_gen_ext8u_tl(cpu_A0, cpu_regs[s->vex_v]);
3790 tcg_gen_shr_tl(cpu_T0, cpu_T0, cpu_A0);
3791
3792 bound = tcg_const_tl(ot == MO_64 ? 63 : 31);
3793 zero = tcg_const_tl(0);
3794 tcg_gen_movcond_tl(TCG_COND_LEU, cpu_T0, cpu_A0, bound,
3795 cpu_T0, zero);
3796 tcg_temp_free(zero);
3797
3798 /* Extract the LEN into a mask. Lengths larger than
3799 operand size get all ones. */
3800 tcg_gen_extract_tl(cpu_A0, cpu_regs[s->vex_v], 8, 8);
3801 tcg_gen_movcond_tl(TCG_COND_LEU, cpu_A0, cpu_A0, bound,
3802 cpu_A0, bound);
3803 tcg_temp_free(bound);
3804 tcg_gen_movi_tl(cpu_T1, 1);
3805 tcg_gen_shl_tl(cpu_T1, cpu_T1, cpu_A0);
3806 tcg_gen_subi_tl(cpu_T1, cpu_T1, 1);
3807 tcg_gen_and_tl(cpu_T0, cpu_T0, cpu_T1);
3808
3809 gen_op_mov_reg_v(ot, reg, cpu_T0);
3810 gen_op_update1_cc();
3811 set_cc_op(s, CC_OP_LOGICB + ot);
3812 }
3813 break;
3814
3815 case 0x0f5: /* bzhi Gy, Ey, By */
3816 if (!(s->cpuid_7_0_ebx_features & CPUID_7_0_EBX_BMI2)
3817 || !(s->prefix & PREFIX_VEX)
3818 || s->vex_l != 0) {
3819 goto illegal_op;
3820 }
3821 ot = mo_64_32(s->dflag);
3822 gen_ldst_modrm(env, s, modrm, ot, OR_TMP0, 0);
3823 tcg_gen_ext8u_tl(cpu_T1, cpu_regs[s->vex_v]);
3824 {
3825 TCGv bound = tcg_const_tl(ot == MO_64 ? 63 : 31);
3826 /* Note that since we're using BMILG (in order to get O
3827 cleared) we need to store the inverse into C. */
3828 tcg_gen_setcond_tl(TCG_COND_LT, cpu_cc_src,
3829 cpu_T1, bound);
3830 tcg_gen_movcond_tl(TCG_COND_GT, cpu_T1, cpu_T1,
3831 bound, bound, cpu_T1);
3832 tcg_temp_free(bound);
3833 }
3834 tcg_gen_movi_tl(cpu_A0, -1);
3835 tcg_gen_shl_tl(cpu_A0, cpu_A0, cpu_T1);
3836 tcg_gen_andc_tl(cpu_T0, cpu_T0, cpu_A0);
3837 gen_op_mov_reg_v(ot, reg, cpu_T0);
3838 gen_op_update1_cc();
3839 set_cc_op(s, CC_OP_BMILGB + ot);
3840 break;
3841
3842 case 0x3f6: /* mulx By, Gy, rdx, Ey */
3843 if (!(s->cpuid_7_0_ebx_features & CPUID_7_0_EBX_BMI2)
3844 || !(s->prefix & PREFIX_VEX)
3845 || s->vex_l != 0) {
3846 goto illegal_op;
3847 }
3848 ot = mo_64_32(s->dflag);
3849 gen_ldst_modrm(env, s, modrm, ot, OR_TMP0, 0);
3850 switch (ot) {
3851 default:
3852 tcg_gen_trunc_tl_i32(cpu_tmp2_i32, cpu_T0);
3853 tcg_gen_trunc_tl_i32(cpu_tmp3_i32, cpu_regs[R_EDX]);
3854 tcg_gen_mulu2_i32(cpu_tmp2_i32, cpu_tmp3_i32,
3855 cpu_tmp2_i32, cpu_tmp3_i32);
3856 tcg_gen_extu_i32_tl(cpu_regs[s->vex_v], cpu_tmp2_i32);
3857 tcg_gen_extu_i32_tl(cpu_regs[reg], cpu_tmp3_i32);
3858 break;
3859 #ifdef TARGET_X86_64
3860 case MO_64:
3861 tcg_gen_mulu2_i64(cpu_T0, cpu_T1,
3862 cpu_T0, cpu_regs[R_EDX]);
3863 tcg_gen_mov_i64(cpu_regs[s->vex_v], cpu_T0);
3864 tcg_gen_mov_i64(cpu_regs[reg], cpu_T1);
3865 break;
3866 #endif
3867 }
3868 break;
3869
3870 case 0x3f5: /* pdep Gy, By, Ey */
3871 if (!(s->cpuid_7_0_ebx_features & CPUID_7_0_EBX_BMI2)
3872 || !(s->prefix & PREFIX_VEX)
3873 || s->vex_l != 0) {
3874 goto illegal_op;
3875 }
3876 ot = mo_64_32(s->dflag);
3877 gen_ldst_modrm(env, s, modrm, ot, OR_TMP0, 0);
3878 /* Note that by zero-extending the mask operand, we
3879 automatically handle zero-extending the result. */
3880 if (ot == MO_64) {
3881 tcg_gen_mov_tl(cpu_T1, cpu_regs[s->vex_v]);
3882 } else {
3883 tcg_gen_ext32u_tl(cpu_T1, cpu_regs[s->vex_v]);
3884 }
3885 gen_helper_pdep(cpu_regs[reg], cpu_T0, cpu_T1);
3886 break;
3887
3888 case 0x2f5: /* pext Gy, By, Ey */
3889 if (!(s->cpuid_7_0_ebx_features & CPUID_7_0_EBX_BMI2)
3890 || !(s->prefix & PREFIX_VEX)
3891 || s->vex_l != 0) {
3892 goto illegal_op;
3893 }
3894 ot = mo_64_32(s->dflag);
3895 gen_ldst_modrm(env, s, modrm, ot, OR_TMP0, 0);
3896 /* Note that by zero-extending the mask operand, we
3897 automatically handle zero-extending the result. */
3898 if (ot == MO_64) {
3899 tcg_gen_mov_tl(cpu_T1, cpu_regs[s->vex_v]);
3900 } else {
3901 tcg_gen_ext32u_tl(cpu_T1, cpu_regs[s->vex_v]);
3902 }
3903 gen_helper_pext(cpu_regs[reg], cpu_T0, cpu_T1);
3904 break;
3905
3906 case 0x1f6: /* adcx Gy, Ey */
3907 case 0x2f6: /* adox Gy, Ey */
3908 if (!(s->cpuid_7_0_ebx_features & CPUID_7_0_EBX_ADX)) {
3909 goto illegal_op;
3910 } else {
3911 TCGv carry_in, carry_out, zero;
3912 int end_op;
3913
3914 ot = mo_64_32(s->dflag);
3915 gen_ldst_modrm(env, s, modrm, ot, OR_TMP0, 0);
3916
3917 /* Re-use the carry-out from a previous round. */
3918 TCGV_UNUSED(carry_in);
3919 carry_out = (b == 0x1f6 ? cpu_cc_dst : cpu_cc_src2);
3920 switch (s->cc_op) {
3921 case CC_OP_ADCX:
3922 if (b == 0x1f6) {
3923 carry_in = cpu_cc_dst;
3924 end_op = CC_OP_ADCX;
3925 } else {
3926 end_op = CC_OP_ADCOX;
3927 }
3928 break;
3929 case CC_OP_ADOX:
3930 if (b == 0x1f6) {
3931 end_op = CC_OP_ADCOX;
3932 } else {
3933 carry_in = cpu_cc_src2;
3934 end_op = CC_OP_ADOX;
3935 }
3936 break;
3937 case CC_OP_ADCOX:
3938 end_op = CC_OP_ADCOX;
3939 carry_in = carry_out;
3940 break;
3941 default:
3942 end_op = (b == 0x1f6 ? CC_OP_ADCX : CC_OP_ADOX);
3943 break;
3944 }
3945 /* If we can't reuse carry-out, get it out of EFLAGS. */
3946 if (TCGV_IS_UNUSED(carry_in)) {
3947 if (s->cc_op != CC_OP_ADCX && s->cc_op != CC_OP_ADOX) {
3948 gen_compute_eflags(s);
3949 }
3950 carry_in = cpu_tmp0;
3951 tcg_gen_extract_tl(carry_in, cpu_cc_src,
3952 ctz32(b == 0x1f6 ? CC_C : CC_O), 1);
3953 }
3954
3955 switch (ot) {
3956 #ifdef TARGET_X86_64
3957 case MO_32:
3958 /* If we know TL is 64-bit, and we want a 32-bit
3959 result, just do everything in 64-bit arithmetic. */
3960 tcg_gen_ext32u_i64(cpu_regs[reg], cpu_regs[reg]);
3961 tcg_gen_ext32u_i64(cpu_T0, cpu_T0);
3962 tcg_gen_add_i64(cpu_T0, cpu_T0, cpu_regs[reg]);
3963 tcg_gen_add_i64(cpu_T0, cpu_T0, carry_in);
3964 tcg_gen_ext32u_i64(cpu_regs[reg], cpu_T0);
3965 tcg_gen_shri_i64(carry_out, cpu_T0, 32);
3966 break;
3967 #endif
3968 default:
3969 /* Otherwise compute the carry-out in two steps. */
3970 zero = tcg_const_tl(0);
3971 tcg_gen_add2_tl(cpu_T0, carry_out,
3972 cpu_T0, zero,
3973 carry_in, zero);
3974 tcg_gen_add2_tl(cpu_regs[reg], carry_out,
3975 cpu_regs[reg], carry_out,
3976 cpu_T0, zero);
3977 tcg_temp_free(zero);
3978 break;
3979 }
3980 set_cc_op(s, end_op);
3981 }
3982 break;
3983
3984 case 0x1f7: /* shlx Gy, Ey, By */
3985 case 0x2f7: /* sarx Gy, Ey, By */
3986 case 0x3f7: /* shrx Gy, Ey, By */
3987 if (!(s->cpuid_7_0_ebx_features & CPUID_7_0_EBX_BMI2)
3988 || !(s->prefix & PREFIX_VEX)
3989 || s->vex_l != 0) {
3990 goto illegal_op;
3991 }
3992 ot = mo_64_32(s->dflag);
3993 gen_ldst_modrm(env, s, modrm, ot, OR_TMP0, 0);
3994 if (ot == MO_64) {
3995 tcg_gen_andi_tl(cpu_T1, cpu_regs[s->vex_v], 63);
3996 } else {
3997 tcg_gen_andi_tl(cpu_T1, cpu_regs[s->vex_v], 31);
3998 }
3999 if (b == 0x1f7) {
4000 tcg_gen_shl_tl(cpu_T0, cpu_T0, cpu_T1);
4001 } else if (b == 0x2f7) {
4002 if (ot != MO_64) {
4003 tcg_gen_ext32s_tl(cpu_T0, cpu_T0);
4004 }
4005 tcg_gen_sar_tl(cpu_T0, cpu_T0, cpu_T1);
4006 } else {
4007 if (ot != MO_64) {
4008 tcg_gen_ext32u_tl(cpu_T0, cpu_T0);
4009 }
4010 tcg_gen_shr_tl(cpu_T0, cpu_T0, cpu_T1);
4011 }
4012 gen_op_mov_reg_v(ot, reg, cpu_T0);
4013 break;
4014
4015 case 0x0f3:
4016 case 0x1f3:
4017 case 0x2f3:
4018 case 0x3f3: /* Group 17 */
4019 if (!(s->cpuid_7_0_ebx_features & CPUID_7_0_EBX_BMI1)
4020 || !(s->prefix & PREFIX_VEX)
4021 || s->vex_l != 0) {
4022 goto illegal_op;
4023 }
4024 ot = mo_64_32(s->dflag);
4025 gen_ldst_modrm(env, s, modrm, ot, OR_TMP0, 0);
4026
4027 switch (reg & 7) {
4028 case 1: /* blsr By,Ey */
4029 tcg_gen_neg_tl(cpu_T1, cpu_T0);
4030 tcg_gen_and_tl(cpu_T0, cpu_T0, cpu_T1);
4031 gen_op_mov_reg_v(ot, s->vex_v, cpu_T0);
4032 gen_op_update2_cc();
4033 set_cc_op(s, CC_OP_BMILGB + ot);
4034 break;
4035
4036 case 2: /* blsmsk By,Ey */
4037 tcg_gen_mov_tl(cpu_cc_src, cpu_T0);
4038 tcg_gen_subi_tl(cpu_T0, cpu_T0, 1);
4039 tcg_gen_xor_tl(cpu_T0, cpu_T0, cpu_cc_src);
4040 tcg_gen_mov_tl(cpu_cc_dst, cpu_T0);
4041 set_cc_op(s, CC_OP_BMILGB + ot);
4042 break;
4043
4044 case 3: /* blsi By, Ey */
4045 tcg_gen_mov_tl(cpu_cc_src, cpu_T0);
4046 tcg_gen_subi_tl(cpu_T0, cpu_T0, 1);
4047 tcg_gen_and_tl(cpu_T0, cpu_T0, cpu_cc_src);
4048 tcg_gen_mov_tl(cpu_cc_dst, cpu_T0);
4049 set_cc_op(s, CC_OP_BMILGB + ot);
4050 break;
4051
4052 default:
4053 goto unknown_op;
4054 }
4055 break;
4056
4057 default:
4058 goto unknown_op;
4059 }
4060 break;
4061
4062 case 0x03a:
4063 case 0x13a:
4064 b = modrm;
4065 modrm = cpu_ldub_code(env, s->pc++);
4066 rm = modrm & 7;
4067 reg = ((modrm >> 3) & 7) | rex_r;
4068 mod = (modrm >> 6) & 3;
4069 if (b1 >= 2) {
4070 goto unknown_op;
4071 }
4072
4073 sse_fn_eppi = sse_op_table7[b].op[b1];
4074 if (!sse_fn_eppi) {
4075 goto unknown_op;
4076 }
4077 if (!(s->cpuid_ext_features & sse_op_table7[b].ext_mask))
4078 goto illegal_op;
4079
4080 if (sse_fn_eppi == SSE_SPECIAL) {
4081 ot = mo_64_32(s->dflag);
4082 rm = (modrm & 7) | REX_B(s);
4083 if (mod != 3)
4084 gen_lea_modrm(env, s, modrm);
4085 reg = ((modrm >> 3) & 7) | rex_r;
4086 val = cpu_ldub_code(env, s->pc++);
4087 switch (b) {
4088 case 0x14: /* pextrb */
4089 tcg_gen_ld8u_tl(cpu_T0, cpu_env, offsetof(CPUX86State,
4090 xmm_regs[reg].ZMM_B(val & 15)));
4091 if (mod == 3) {
4092 gen_op_mov_reg_v(ot, rm, cpu_T0);
4093 } else {
4094 tcg_gen_qemu_st_tl(cpu_T0, cpu_A0,
4095 s->mem_index, MO_UB);
4096 }
4097 break;
4098 case 0x15: /* pextrw */
4099 tcg_gen_ld16u_tl(cpu_T0, cpu_env, offsetof(CPUX86State,
4100 xmm_regs[reg].ZMM_W(val & 7)));
4101 if (mod == 3) {
4102 gen_op_mov_reg_v(ot, rm, cpu_T0);
4103 } else {
4104 tcg_gen_qemu_st_tl(cpu_T0, cpu_A0,
4105 s->mem_index, MO_LEUW);
4106 }
4107 break;
4108 case 0x16:
4109 if (ot == MO_32) { /* pextrd */
4110 tcg_gen_ld_i32(cpu_tmp2_i32, cpu_env,
4111 offsetof(CPUX86State,
4112 xmm_regs[reg].ZMM_L(val & 3)));
4113 if (mod == 3) {
4114 tcg_gen_extu_i32_tl(cpu_regs[rm], cpu_tmp2_i32);
4115 } else {
4116 tcg_gen_qemu_st_i32(cpu_tmp2_i32, cpu_A0,
4117 s->mem_index, MO_LEUL);
4118 }
4119 } else { /* pextrq */
4120 #ifdef TARGET_X86_64
4121 tcg_gen_ld_i64(cpu_tmp1_i64, cpu_env,
4122 offsetof(CPUX86State,
4123 xmm_regs[reg].ZMM_Q(val & 1)));
4124 if (mod == 3) {
4125 tcg_gen_mov_i64(cpu_regs[rm], cpu_tmp1_i64);
4126 } else {
4127 tcg_gen_qemu_st_i64(cpu_tmp1_i64, cpu_A0,
4128 s->mem_index, MO_LEQ);
4129 }
4130 #else
4131 goto illegal_op;
4132 #endif
4133 }
4134 break;
4135 case 0x17: /* extractps */
4136 tcg_gen_ld32u_tl(cpu_T0, cpu_env, offsetof(CPUX86State,
4137 xmm_regs[reg].ZMM_L(val & 3)));
4138 if (mod == 3) {
4139 gen_op_mov_reg_v(ot, rm, cpu_T0);
4140 } else {
4141 tcg_gen_qemu_st_tl(cpu_T0, cpu_A0,
4142 s->mem_index, MO_LEUL);
4143 }
4144 break;
4145 case 0x20: /* pinsrb */
4146 if (mod == 3) {
4147 gen_op_mov_v_reg(MO_32, cpu_T0, rm);
4148 } else {
4149 tcg_gen_qemu_ld_tl(cpu_T0, cpu_A0,
4150 s->mem_index, MO_UB);
4151 }
4152 tcg_gen_st8_tl(cpu_T0, cpu_env, offsetof(CPUX86State,
4153 xmm_regs[reg].ZMM_B(val & 15)));
4154 break;
4155 case 0x21: /* insertps */
4156 if (mod == 3) {
4157 tcg_gen_ld_i32(cpu_tmp2_i32, cpu_env,
4158 offsetof(CPUX86State,xmm_regs[rm]
4159 .ZMM_L((val >> 6) & 3)));
4160 } else {
4161 tcg_gen_qemu_ld_i32(cpu_tmp2_i32, cpu_A0,
4162 s->mem_index, MO_LEUL);
4163 }
4164 tcg_gen_st_i32(cpu_tmp2_i32, cpu_env,
4165 offsetof(CPUX86State,xmm_regs[reg]
4166 .ZMM_L((val >> 4) & 3)));
4167 if ((val >> 0) & 1)
4168 tcg_gen_st_i32(tcg_const_i32(0 /*float32_zero*/),
4169 cpu_env, offsetof(CPUX86State,
4170 xmm_regs[reg].ZMM_L(0)));
4171 if ((val >> 1) & 1)
4172 tcg_gen_st_i32(tcg_const_i32(0 /*float32_zero*/),
4173 cpu_env, offsetof(CPUX86State,
4174 xmm_regs[reg].ZMM_L(1)));
4175 if ((val >> 2) & 1)
4176 tcg_gen_st_i32(tcg_const_i32(0 /*float32_zero*/),
4177 cpu_env, offsetof(CPUX86State,
4178 xmm_regs[reg].ZMM_L(2)));
4179 if ((val >> 3) & 1)
4180 tcg_gen_st_i32(tcg_const_i32(0 /*float32_zero*/),
4181 cpu_env, offsetof(CPUX86State,
4182 xmm_regs[reg].ZMM_L(3)));
4183 break;
4184 case 0x22:
4185 if (ot == MO_32) { /* pinsrd */
4186 if (mod == 3) {
4187 tcg_gen_trunc_tl_i32(cpu_tmp2_i32, cpu_regs[rm]);
4188 } else {
4189 tcg_gen_qemu_ld_i32(cpu_tmp2_i32, cpu_A0,
4190 s->mem_index, MO_LEUL);
4191 }
4192 tcg_gen_st_i32(cpu_tmp2_i32, cpu_env,
4193 offsetof(CPUX86State,
4194 xmm_regs[reg].ZMM_L(val & 3)));
4195 } else { /* pinsrq */
4196 #ifdef TARGET_X86_64
4197 if (mod == 3) {
4198 gen_op_mov_v_reg(ot, cpu_tmp1_i64, rm);
4199 } else {
4200 tcg_gen_qemu_ld_i64(cpu_tmp1_i64, cpu_A0,
4201 s->mem_index, MO_LEQ);
4202 }
4203 tcg_gen_st_i64(cpu_tmp1_i64, cpu_env,
4204 offsetof(CPUX86State,
4205 xmm_regs[reg].ZMM_Q(val & 1)));
4206 #else
4207 goto illegal_op;
4208 #endif
4209 }
4210 break;
4211 }
4212 return;
4213 }
4214
4215 if (b1) {
4216 op1_offset = offsetof(CPUX86State,xmm_regs[reg]);
4217 if (mod == 3) {
4218 op2_offset = offsetof(CPUX86State,xmm_regs[rm | REX_B(s)]);
4219 } else {
4220 op2_offset = offsetof(CPUX86State,xmm_t0);
4221 gen_lea_modrm(env, s, modrm);
4222 gen_ldo_env_A0(s, op2_offset);
4223 }
4224 } else {
4225 op1_offset = offsetof(CPUX86State,fpregs[reg].mmx);
4226 if (mod == 3) {
4227 op2_offset = offsetof(CPUX86State,fpregs[rm].mmx);
4228 } else {
4229 op2_offset = offsetof(CPUX86State,mmx_t0);
4230 gen_lea_modrm(env, s, modrm);
4231 gen_ldq_env_A0(s, op2_offset);
4232 }
4233 }
4234 val = cpu_ldub_code(env, s->pc++);
4235
4236 if ((b & 0xfc) == 0x60) { /* pcmpXstrX */
4237 set_cc_op(s, CC_OP_EFLAGS);
4238
4239 if (s->dflag == MO_64) {
4240 /* The helper must use entire 64-bit gp registers */
4241 val |= 1 << 8;
4242 }
4243 }
4244
4245 tcg_gen_addi_ptr(cpu_ptr0, cpu_env, op1_offset);
4246 tcg_gen_addi_ptr(cpu_ptr1, cpu_env, op2_offset);
4247 sse_fn_eppi(cpu_env, cpu_ptr0, cpu_ptr1, tcg_const_i32(val));
4248 break;
4249
4250 case 0x33a:
4251 /* Various integer extensions at 0f 3a f[0-f]. */
4252 b = modrm | (b1 << 8);
4253 modrm = cpu_ldub_code(env, s->pc++);
4254 reg = ((modrm >> 3) & 7) | rex_r;
4255
4256 switch (b) {
4257 case 0x3f0: /* rorx Gy,Ey, Ib */
4258 if (!(s->cpuid_7_0_ebx_features & CPUID_7_0_EBX_BMI2)
4259 || !(s->prefix & PREFIX_VEX)
4260 || s->vex_l != 0) {
4261 goto illegal_op;
4262 }
4263 ot = mo_64_32(s->dflag);
4264 gen_ldst_modrm(env, s, modrm, ot, OR_TMP0, 0);
4265 b = cpu_ldub_code(env, s->pc++);
4266 if (ot == MO_64) {
4267 tcg_gen_rotri_tl(cpu_T0, cpu_T0, b & 63);
4268 } else {
4269 tcg_gen_trunc_tl_i32(cpu_tmp2_i32, cpu_T0);
4270 tcg_gen_rotri_i32(cpu_tmp2_i32, cpu_tmp2_i32, b & 31);
4271 tcg_gen_extu_i32_tl(cpu_T0, cpu_tmp2_i32);
4272 }
4273 gen_op_mov_reg_v(ot, reg, cpu_T0);
4274 break;
4275
4276 default:
4277 goto unknown_op;
4278 }
4279 break;
4280
4281 default:
4282 unknown_op:
4283 gen_unknown_opcode(env, s);
4284 return;
4285 }
4286 } else {
4287 /* generic MMX or SSE operation */
4288 switch(b) {
4289 case 0x70: /* pshufx insn */
4290 case 0xc6: /* pshufx insn */
4291 case 0xc2: /* compare insns */
4292 s->rip_offset = 1;
4293 break;
4294 default:
4295 break;
4296 }
4297 if (is_xmm) {
4298 op1_offset = offsetof(CPUX86State,xmm_regs[reg]);
4299 if (mod != 3) {
4300 int sz = 4;
4301
4302 gen_lea_modrm(env, s, modrm);
4303 op2_offset = offsetof(CPUX86State,xmm_t0);
4304
4305 switch (b) {
4306 case 0x50 ... 0x5a:
4307 case 0x5c ... 0x5f:
4308 case 0xc2:
4309 /* Most sse scalar operations. */
4310 if (b1 == 2) {
4311 sz = 2;
4312 } else if (b1 == 3) {
4313 sz = 3;
4314 }
4315 break;
4316
4317 case 0x2e: /* ucomis[sd] */
4318 case 0x2f: /* comis[sd] */
4319 if (b1 == 0) {
4320 sz = 2;
4321 } else {
4322 sz = 3;
4323 }
4324 break;
4325 }
4326
4327 switch (sz) {
4328 case 2:
4329 /* 32 bit access */
4330 gen_op_ld_v(s, MO_32, cpu_T0, cpu_A0);
4331 tcg_gen_st32_tl(cpu_T0, cpu_env,
4332 offsetof(CPUX86State,xmm_t0.ZMM_L(0)));
4333 break;
4334 case 3:
4335 /* 64 bit access */
4336 gen_ldq_env_A0(s, offsetof(CPUX86State, xmm_t0.ZMM_D(0)));
4337 break;
4338 default:
4339 /* 128 bit access */
4340 gen_ldo_env_A0(s, op2_offset);
4341 break;
4342 }
4343 } else {
4344 rm = (modrm & 7) | REX_B(s);
4345 op2_offset = offsetof(CPUX86State,xmm_regs[rm]);
4346 }
4347 } else {
4348 op1_offset = offsetof(CPUX86State,fpregs[reg].mmx);
4349 if (mod != 3) {
4350 gen_lea_modrm(env, s, modrm);
4351 op2_offset = offsetof(CPUX86State,mmx_t0);
4352 gen_ldq_env_A0(s, op2_offset);
4353 } else {
4354 rm = (modrm & 7);
4355 op2_offset = offsetof(CPUX86State,fpregs[rm].mmx);
4356 }
4357 }
4358 switch(b) {
4359 case 0x0f: /* 3DNow! data insns */
4360 val = cpu_ldub_code(env, s->pc++);
4361 sse_fn_epp = sse_op_table5[val];
4362 if (!sse_fn_epp) {
4363 goto unknown_op;
4364 }
4365 if (!(s->cpuid_ext2_features & CPUID_EXT2_3DNOW)) {
4366 goto illegal_op;
4367 }
4368 tcg_gen_addi_ptr(cpu_ptr0, cpu_env, op1_offset);
4369 tcg_gen_addi_ptr(cpu_ptr1, cpu_env, op2_offset);
4370 sse_fn_epp(cpu_env, cpu_ptr0, cpu_ptr1);
4371 break;
4372 case 0x70: /* pshufx insn */
4373 case 0xc6: /* pshufx insn */
4374 val = cpu_ldub_code(env, s->pc++);
4375 tcg_gen_addi_ptr(cpu_ptr0, cpu_env, op1_offset);
4376 tcg_gen_addi_ptr(cpu_ptr1, cpu_env, op2_offset);
4377 /* XXX: introduce a new table? */
4378 sse_fn_ppi = (SSEFunc_0_ppi)sse_fn_epp;
4379 sse_fn_ppi(cpu_ptr0, cpu_ptr1, tcg_const_i32(val));
4380 break;
4381 case 0xc2:
4382 /* compare insns */
4383 val = cpu_ldub_code(env, s->pc++);
4384 if (val >= 8)
4385 goto unknown_op;
4386 sse_fn_epp = sse_op_table4[val][b1];
4387
4388 tcg_gen_addi_ptr(cpu_ptr0, cpu_env, op1_offset);
4389 tcg_gen_addi_ptr(cpu_ptr1, cpu_env, op2_offset);
4390 sse_fn_epp(cpu_env, cpu_ptr0, cpu_ptr1);
4391 break;
4392 case 0xf7:
4393 /* maskmov : we must prepare A0 */
4394 if (mod != 3)
4395 goto illegal_op;
4396 tcg_gen_mov_tl(cpu_A0, cpu_regs[R_EDI]);
4397 gen_extu(s->aflag, cpu_A0);
4398 gen_add_A0_ds_seg(s);
4399
4400 tcg_gen_addi_ptr(cpu_ptr0, cpu_env, op1_offset);
4401 tcg_gen_addi_ptr(cpu_ptr1, cpu_env, op2_offset);
4402 /* XXX: introduce a new table? */
4403 sse_fn_eppt = (SSEFunc_0_eppt)sse_fn_epp;
4404 sse_fn_eppt(cpu_env, cpu_ptr0, cpu_ptr1, cpu_A0);
4405 break;
4406 default:
4407 tcg_gen_addi_ptr(cpu_ptr0, cpu_env, op1_offset);
4408 tcg_gen_addi_ptr(cpu_ptr1, cpu_env, op2_offset);
4409 sse_fn_epp(cpu_env, cpu_ptr0, cpu_ptr1);
4410 break;
4411 }
4412 if (b == 0x2e || b == 0x2f) {
4413 set_cc_op(s, CC_OP_EFLAGS);
4414 }
4415 }
4416 }
4417
4418 /* convert one instruction. s->is_jmp is set if the translation must
4419 be stopped. Return the next pc value */
4420 static target_ulong disas_insn(CPUX86State *env, DisasContext *s,
4421 target_ulong pc_start)
4422 {
4423 int b, prefixes;
4424 int shift;
4425 TCGMemOp ot, aflag, dflag;
4426 int modrm, reg, rm, mod, op, opreg, val;
4427 target_ulong next_eip, tval;
4428 int rex_w, rex_r;
4429
4430 s->pc_start = s->pc = pc_start;
4431 prefixes = 0;
4432 s->override = -1;
4433 rex_w = -1;
4434 rex_r = 0;
4435 #ifdef TARGET_X86_64
4436 s->rex_x = 0;
4437 s->rex_b = 0;
4438 x86_64_hregs = 0;
4439 #endif
4440 s->rip_offset = 0; /* for relative ip address */
4441 s->vex_l = 0;
4442 s->vex_v = 0;
4443 next_byte:
4444 /* x86 has an upper limit of 15 bytes for an instruction. Since we
4445 * do not want to decode and generate IR for an illegal
4446 * instruction, the following check limits the instruction size to
4447 * 25 bytes: 14 prefix + 1 opc + 6 (modrm+sib+ofs) + 4 imm */
4448 if (s->pc - pc_start > 14) {
4449 goto illegal_op;
4450 }
4451 b = cpu_ldub_code(env, s->pc);
4452 s->pc++;
4453 /* Collect prefixes. */
4454 switch (b) {
4455 case 0xf3:
4456 prefixes |= PREFIX_REPZ;
4457 goto next_byte;
4458 case 0xf2:
4459 prefixes |= PREFIX_REPNZ;
4460 goto next_byte;
4461 case 0xf0:
4462 prefixes |= PREFIX_LOCK;
4463 goto next_byte;
4464 case 0x2e:
4465 s->override = R_CS;
4466 goto next_byte;
4467 case 0x36:
4468 s->override = R_SS;
4469 goto next_byte;
4470 case 0x3e:
4471 s->override = R_DS;
4472 goto next_byte;
4473 case 0x26:
4474 s->override = R_ES;
4475 goto next_byte;
4476 case 0x64:
4477 s->override = R_FS;
4478 goto next_byte;
4479 case 0x65:
4480 s->override = R_GS;
4481 goto next_byte;
4482 case 0x66:
4483 prefixes |= PREFIX_DATA;
4484 goto next_byte;
4485 case 0x67:
4486 prefixes |= PREFIX_ADR;
4487 goto next_byte;
4488 #ifdef TARGET_X86_64
4489 case 0x40 ... 0x4f:
4490 if (CODE64(s)) {
4491 /* REX prefix */
4492 rex_w = (b >> 3) & 1;
4493 rex_r = (b & 0x4) << 1;
4494 s->rex_x = (b & 0x2) << 2;
4495 REX_B(s) = (b & 0x1) << 3;
4496 x86_64_hregs = 1; /* select uniform byte register addressing */
4497 goto next_byte;
4498 }
4499 break;
4500 #endif
4501 case 0xc5: /* 2-byte VEX */
4502 case 0xc4: /* 3-byte VEX */
4503 /* VEX prefixes cannot be used except in 32-bit mode.
4504 Otherwise the instruction is LES or LDS. */
4505 if (s->code32 && !s->vm86) {
4506 static const int pp_prefix[4] = {
4507 0, PREFIX_DATA, PREFIX_REPZ, PREFIX_REPNZ
4508 };
4509 int vex3, vex2 = cpu_ldub_code(env, s->pc);
4510
4511 if (!CODE64(s) && (vex2 & 0xc0) != 0xc0) {
4512 /* 4.1.4.6: In 32-bit mode, bits [7:6] must be 11b,
4513 otherwise the instruction is LES or LDS. */
4514 break;
4515 }
4516 s->pc++;
4517
4518 /* 4.1.1-4.1.3: No preceding lock, 66, f2, f3, or rex prefixes. */
4519 if (prefixes & (PREFIX_REPZ | PREFIX_REPNZ
4520 | PREFIX_LOCK | PREFIX_DATA)) {
4521 goto illegal_op;
4522 }
4523 #ifdef TARGET_X86_64
4524 if (x86_64_hregs) {
4525 goto illegal_op;
4526 }
4527 #endif
4528 rex_r = (~vex2 >> 4) & 8;
4529 if (b == 0xc5) {
4530 vex3 = vex2;
4531 b = cpu_ldub_code(env, s->pc++);
4532 } else {
4533 #ifdef TARGET_X86_64
4534 s->rex_x = (~vex2 >> 3) & 8;
4535 s->rex_b = (~vex2 >> 2) & 8;
4536 #endif
4537 vex3 = cpu_ldub_code(env, s->pc++);
4538 rex_w = (vex3 >> 7) & 1;
4539 switch (vex2 & 0x1f) {
4540 case 0x01: /* Implied 0f leading opcode bytes. */
4541 b = cpu_ldub_code(env, s->pc++) | 0x100;
4542 break;
4543 case 0x02: /* Implied 0f 38 leading opcode bytes. */
4544 b = 0x138;
4545 break;
4546 case 0x03: /* Implied 0f 3a leading opcode bytes. */
4547 b = 0x13a;
4548 break;
4549 default: /* Reserved for future use. */
4550 goto unknown_op;
4551 }
4552 }
4553 s->vex_v = (~vex3 >> 3) & 0xf;
4554 s->vex_l = (vex3 >> 2) & 1;
4555 prefixes |= pp_prefix[vex3 & 3] | PREFIX_VEX;
4556 }
4557 break;
4558 }
4559
4560 /* Post-process prefixes. */
4561 if (CODE64(s)) {
4562 /* In 64-bit mode, the default data size is 32-bit. Select 64-bit
4563 data with rex_w, and 16-bit data with 0x66; rex_w takes precedence
4564 over 0x66 if both are present. */
4565 dflag = (rex_w > 0 ? MO_64 : prefixes & PREFIX_DATA ? MO_16 : MO_32);
4566 /* In 64-bit mode, 0x67 selects 32-bit addressing. */
4567 aflag = (prefixes & PREFIX_ADR ? MO_32 : MO_64);
4568 } else {
4569 /* In 16/32-bit mode, 0x66 selects the opposite data size. */
4570 if (s->code32 ^ ((prefixes & PREFIX_DATA) != 0)) {
4571 dflag = MO_32;
4572 } else {
4573 dflag = MO_16;
4574 }
4575 /* In 16/32-bit mode, 0x67 selects the opposite addressing. */
4576 if (s->code32 ^ ((prefixes & PREFIX_ADR) != 0)) {
4577 aflag = MO_32;
4578 } else {
4579 aflag = MO_16;
4580 }
4581 }
4582
4583 s->prefix = prefixes;
4584 s->aflag = aflag;
4585 s->dflag = dflag;
4586
4587 /* now check op code */
4588 reswitch:
4589 switch(b) {
4590 case 0x0f:
4591 /**************************/
4592 /* extended op code */
4593 b = cpu_ldub_code(env, s->pc++) | 0x100;
4594 goto reswitch;
4595
4596 /**************************/
4597 /* arith & logic */
4598 case 0x00 ... 0x05:
4599 case 0x08 ... 0x0d:
4600 case 0x10 ... 0x15:
4601 case 0x18 ... 0x1d:
4602 case 0x20 ... 0x25:
4603 case 0x28 ... 0x2d:
4604 case 0x30 ... 0x35:
4605 case 0x38 ... 0x3d:
4606 {
4607 int op, f, val;
4608 op = (b >> 3) & 7;
4609 f = (b >> 1) & 3;
4610
4611 ot = mo_b_d(b, dflag);
4612
4613 switch(f) {
4614 case 0: /* OP Ev, Gv */
4615 modrm = cpu_ldub_code(env, s->pc++);
4616 reg = ((modrm >> 3) & 7) | rex_r;
4617 mod = (modrm >> 6) & 3;
4618 rm = (modrm & 7) | REX_B(s);
4619 if (mod != 3) {
4620 gen_lea_modrm(env, s, modrm);
4621 opreg = OR_TMP0;
4622 } else if (op == OP_XORL && rm == reg) {
4623 xor_zero:
4624 /* xor reg, reg optimisation */
4625 set_cc_op(s, CC_OP_CLR);
4626 tcg_gen_movi_tl(cpu_T0, 0);
4627 gen_op_mov_reg_v(ot, reg, cpu_T0);
4628 break;
4629 } else {
4630 opreg = rm;
4631 }
4632 gen_op_mov_v_reg(ot, cpu_T1, reg);
4633 gen_op(s, op, ot, opreg);
4634 break;
4635 case 1: /* OP Gv, Ev */
4636 modrm = cpu_ldub_code(env, s->pc++);
4637 mod = (modrm >> 6) & 3;
4638 reg = ((modrm >> 3) & 7) | rex_r;
4639 rm = (modrm & 7) | REX_B(s);
4640 if (mod != 3) {
4641 gen_lea_modrm(env, s, modrm);
4642 gen_op_ld_v(s, ot, cpu_T1, cpu_A0);
4643 } else if (op == OP_XORL && rm == reg) {
4644 goto xor_zero;
4645 } else {
4646 gen_op_mov_v_reg(ot, cpu_T1, rm);
4647 }
4648 gen_op(s, op, ot, reg);
4649 break;
4650 case 2: /* OP A, Iv */
4651 val = insn_get(env, s, ot);
4652 tcg_gen_movi_tl(cpu_T1, val);
4653 gen_op(s, op, ot, OR_EAX);
4654 break;
4655 }
4656 }
4657 break;
4658
4659 case 0x82:
4660 if (CODE64(s))
4661 goto illegal_op;
4662 case 0x80: /* GRP1 */
4663 case 0x81:
4664 case 0x83:
4665 {
4666 int val;
4667
4668 ot = mo_b_d(b, dflag);
4669
4670 modrm = cpu_ldub_code(env, s->pc++);
4671 mod = (modrm >> 6) & 3;
4672 rm = (modrm & 7) | REX_B(s);
4673 op = (modrm >> 3) & 7;
4674
4675 if (mod != 3) {
4676 if (b == 0x83)
4677 s->rip_offset = 1;
4678 else
4679 s->rip_offset = insn_const_size(ot);
4680 gen_lea_modrm(env, s, modrm);
4681 opreg = OR_TMP0;
4682 } else {
4683 opreg = rm;
4684 }
4685
4686 switch(b) {
4687 default:
4688 case 0x80:
4689 case 0x81:
4690 case 0x82:
4691 val = insn_get(env, s, ot);
4692 break;
4693 case 0x83:
4694 val = (int8_t)insn_get(env, s, MO_8);
4695 break;
4696 }
4697 tcg_gen_movi_tl(cpu_T1, val);
4698 gen_op(s, op, ot, opreg);
4699 }
4700 break;
4701
4702 /**************************/
4703 /* inc, dec, and other misc arith */
4704 case 0x40 ... 0x47: /* inc Gv */
4705 ot = dflag;
4706 gen_inc(s, ot, OR_EAX + (b & 7), 1);
4707 break;
4708 case 0x48 ... 0x4f: /* dec Gv */
4709 ot = dflag;
4710 gen_inc(s, ot, OR_EAX + (b & 7), -1);
4711 break;
4712 case 0xf6: /* GRP3 */
4713 case 0xf7:
4714 ot = mo_b_d(b, dflag);
4715
4716 modrm = cpu_ldub_code(env, s->pc++);
4717 mod = (modrm >> 6) & 3;
4718 rm = (modrm & 7) | REX_B(s);
4719 op = (modrm >> 3) & 7;
4720 if (mod != 3) {
4721 if (op == 0) {
4722 s->rip_offset = insn_const_size(ot);
4723 }
4724 gen_lea_modrm(env, s, modrm);
4725 /* For those below that handle locked memory, don't load here. */
4726 if (!(s->prefix & PREFIX_LOCK)
4727 || op != 2) {
4728 gen_op_ld_v(s, ot, cpu_T0, cpu_A0);
4729 }
4730 } else {
4731 gen_op_mov_v_reg(ot, cpu_T0, rm);
4732 }
4733
4734 switch(op) {
4735 case 0: /* test */
4736 val = insn_get(env, s, ot);
4737 tcg_gen_movi_tl(cpu_T1, val);
4738 gen_op_testl_T0_T1_cc();
4739 set_cc_op(s, CC_OP_LOGICB + ot);
4740 break;
4741 case 2: /* not */
4742 if (s->prefix & PREFIX_LOCK) {
4743 if (mod == 3) {
4744 goto illegal_op;
4745 }
4746 tcg_gen_movi_tl(cpu_T0, ~0);
4747 tcg_gen_atomic_xor_fetch_tl(cpu_T0, cpu_A0, cpu_T0,
4748 s->mem_index, ot | MO_LE);
4749 } else {
4750 tcg_gen_not_tl(cpu_T0, cpu_T0);
4751 if (mod != 3) {
4752 gen_op_st_v(s, ot, cpu_T0, cpu_A0);
4753 } else {
4754 gen_op_mov_reg_v(ot, rm, cpu_T0);
4755 }
4756 }
4757 break;
4758 case 3: /* neg */
4759 if (s->prefix & PREFIX_LOCK) {
4760 TCGLabel *label1;
4761 TCGv a0, t0, t1, t2;
4762
4763 if (mod == 3) {
4764 goto illegal_op;
4765 }
4766 a0 = tcg_temp_local_new();
4767 t0 = tcg_temp_local_new();
4768 label1 = gen_new_label();
4769
4770 tcg_gen_mov_tl(a0, cpu_A0);
4771 tcg_gen_mov_tl(t0, cpu_T0);
4772
4773 gen_set_label(label1);
4774 t1 = tcg_temp_new();
4775 t2 = tcg_temp_new();
4776 tcg_gen_mov_tl(t2, t0);
4777 tcg_gen_neg_tl(t1, t0);
4778 tcg_gen_atomic_cmpxchg_tl(t0, a0, t0, t1,
4779 s->mem_index, ot | MO_LE);
4780 tcg_temp_free(t1);
4781 tcg_gen_brcond_tl(TCG_COND_NE, t0, t2, label1);
4782
4783 tcg_temp_free(t2);
4784 tcg_temp_free(a0);
4785 tcg_gen_mov_tl(cpu_T0, t0);
4786 tcg_temp_free(t0);
4787 } else {
4788 tcg_gen_neg_tl(cpu_T0, cpu_T0);
4789 if (mod != 3) {
4790 gen_op_st_v(s, ot, cpu_T0, cpu_A0);
4791 } else {
4792 gen_op_mov_reg_v(ot, rm, cpu_T0);
4793 }
4794 }
4795 gen_op_update_neg_cc();
4796 set_cc_op(s, CC_OP_SUBB + ot);
4797 break;
4798 case 4: /* mul */
4799 switch(ot) {
4800 case MO_8:
4801 gen_op_mov_v_reg(MO_8, cpu_T1, R_EAX);
4802 tcg_gen_ext8u_tl(cpu_T0, cpu_T0);
4803 tcg_gen_ext8u_tl(cpu_T1, cpu_T1);
4804 /* XXX: use 32 bit mul which could be faster */
4805 tcg_gen_mul_tl(cpu_T0, cpu_T0, cpu_T1);
4806 gen_op_mov_reg_v(MO_16, R_EAX, cpu_T0);
4807 tcg_gen_mov_tl(cpu_cc_dst, cpu_T0);
4808 tcg_gen_andi_tl(cpu_cc_src, cpu_T0, 0xff00);
4809 set_cc_op(s, CC_OP_MULB);
4810 break;
4811 case MO_16:
4812 gen_op_mov_v_reg(MO_16, cpu_T1, R_EAX);
4813 tcg_gen_ext16u_tl(cpu_T0, cpu_T0);
4814 tcg_gen_ext16u_tl(cpu_T1, cpu_T1);
4815 /* XXX: use 32 bit mul which could be faster */
4816 tcg_gen_mul_tl(cpu_T0, cpu_T0, cpu_T1);
4817 gen_op_mov_reg_v(MO_16, R_EAX, cpu_T0);
4818 tcg_gen_mov_tl(cpu_cc_dst, cpu_T0);
4819 tcg_gen_shri_tl(cpu_T0, cpu_T0, 16);
4820 gen_op_mov_reg_v(MO_16, R_EDX, cpu_T0);
4821 tcg_gen_mov_tl(cpu_cc_src, cpu_T0);
4822 set_cc_op(s, CC_OP_MULW);
4823 break;
4824 default:
4825 case MO_32:
4826 tcg_gen_trunc_tl_i32(cpu_tmp2_i32, cpu_T0);
4827 tcg_gen_trunc_tl_i32(cpu_tmp3_i32, cpu_regs[R_EAX]);
4828 tcg_gen_mulu2_i32(cpu_tmp2_i32, cpu_tmp3_i32,
4829 cpu_tmp2_i32, cpu_tmp3_i32);
4830 tcg_gen_extu_i32_tl(cpu_regs[R_EAX], cpu_tmp2_i32);
4831 tcg_gen_extu_i32_tl(cpu_regs[R_EDX], cpu_tmp3_i32);
4832 tcg_gen_mov_tl(cpu_cc_dst, cpu_regs[R_EAX]);
4833 tcg_gen_mov_tl(cpu_cc_src, cpu_regs[R_EDX]);
4834 set_cc_op(s, CC_OP_MULL);
4835 break;
4836 #ifdef TARGET_X86_64
4837 case MO_64:
4838 tcg_gen_mulu2_i64(cpu_regs[R_EAX], cpu_regs[R_EDX],
4839 cpu_T0, cpu_regs[R_EAX]);
4840 tcg_gen_mov_tl(cpu_cc_dst, cpu_regs[R_EAX]);
4841 tcg_gen_mov_tl(cpu_cc_src, cpu_regs[R_EDX]);
4842 set_cc_op(s, CC_OP_MULQ);
4843 break;
4844 #endif
4845 }
4846 break;
4847 case 5: /* imul */
4848 switch(ot) {
4849 case MO_8:
4850 gen_op_mov_v_reg(MO_8, cpu_T1, R_EAX);
4851 tcg_gen_ext8s_tl(cpu_T0, cpu_T0);
4852 tcg_gen_ext8s_tl(cpu_T1, cpu_T1);
4853 /* XXX: use 32 bit mul which could be faster */
4854 tcg_gen_mul_tl(cpu_T0, cpu_T0, cpu_T1);
4855 gen_op_mov_reg_v(MO_16, R_EAX, cpu_T0);
4856 tcg_gen_mov_tl(cpu_cc_dst, cpu_T0);
4857 tcg_gen_ext8s_tl(cpu_tmp0, cpu_T0);
4858 tcg_gen_sub_tl(cpu_cc_src, cpu_T0, cpu_tmp0);
4859 set_cc_op(s, CC_OP_MULB);
4860 break;
4861 case MO_16:
4862 gen_op_mov_v_reg(MO_16, cpu_T1, R_EAX);
4863 tcg_gen_ext16s_tl(cpu_T0, cpu_T0);
4864 tcg_gen_ext16s_tl(cpu_T1, cpu_T1);
4865 /* XXX: use 32 bit mul which could be faster */
4866 tcg_gen_mul_tl(cpu_T0, cpu_T0, cpu_T1);
4867 gen_op_mov_reg_v(MO_16, R_EAX, cpu_T0);
4868 tcg_gen_mov_tl(cpu_cc_dst, cpu_T0);
4869 tcg_gen_ext16s_tl(cpu_tmp0, cpu_T0);
4870 tcg_gen_sub_tl(cpu_cc_src, cpu_T0, cpu_tmp0);
4871 tcg_gen_shri_tl(cpu_T0, cpu_T0, 16);
4872 gen_op_mov_reg_v(MO_16, R_EDX, cpu_T0);
4873 set_cc_op(s, CC_OP_MULW);
4874 break;
4875 default:
4876 case MO_32:
4877 tcg_gen_trunc_tl_i32(cpu_tmp2_i32, cpu_T0);
4878 tcg_gen_trunc_tl_i32(cpu_tmp3_i32, cpu_regs[R_EAX]);
4879 tcg_gen_muls2_i32(cpu_tmp2_i32, cpu_tmp3_i32,
4880 cpu_tmp2_i32, cpu_tmp3_i32);
4881 tcg_gen_extu_i32_tl(cpu_regs[R_EAX], cpu_tmp2_i32);
4882 tcg_gen_extu_i32_tl(cpu_regs[R_EDX], cpu_tmp3_i32);
4883 tcg_gen_sari_i32(cpu_tmp2_i32, cpu_tmp2_i32, 31);
4884 tcg_gen_mov_tl(cpu_cc_dst, cpu_regs[R_EAX]);
4885 tcg_gen_sub_i32(cpu_tmp2_i32, cpu_tmp2_i32, cpu_tmp3_i32);
4886 tcg_gen_extu_i32_tl(cpu_cc_src, cpu_tmp2_i32);
4887 set_cc_op(s, CC_OP_MULL);
4888 break;
4889 #ifdef TARGET_X86_64
4890 case MO_64:
4891 tcg_gen_muls2_i64(cpu_regs[R_EAX], cpu_regs[R_EDX],
4892 cpu_T0, cpu_regs[R_EAX]);
4893 tcg_gen_mov_tl(cpu_cc_dst, cpu_regs[R_EAX]);
4894 tcg_gen_sari_tl(cpu_cc_src, cpu_regs[R_EAX], 63);
4895 tcg_gen_sub_tl(cpu_cc_src, cpu_cc_src, cpu_regs[R_EDX]);
4896 set_cc_op(s, CC_OP_MULQ);
4897 break;
4898 #endif
4899 }
4900 break;
4901 case 6: /* div */
4902 switch(ot) {
4903 case MO_8:
4904 gen_helper_divb_AL(cpu_env, cpu_T0);
4905 break;
4906 case MO_16:
4907 gen_helper_divw_AX(cpu_env, cpu_T0);
4908 break;
4909 default:
4910 case MO_32:
4911 gen_helper_divl_EAX(cpu_env, cpu_T0);
4912 break;
4913 #ifdef TARGET_X86_64
4914 case MO_64:
4915 gen_helper_divq_EAX(cpu_env, cpu_T0);
4916 break;
4917 #endif
4918 }
4919 break;
4920 case 7: /* idiv */
4921 switch(ot) {
4922 case MO_8:
4923 gen_helper_idivb_AL(cpu_env, cpu_T0);
4924 break;
4925 case MO_16:
4926 gen_helper_idivw_AX(cpu_env, cpu_T0);
4927 break;
4928 default:
4929 case MO_32:
4930 gen_helper_idivl_EAX(cpu_env, cpu_T0);
4931 break;
4932 #ifdef TARGET_X86_64
4933 case MO_64:
4934 gen_helper_idivq_EAX(cpu_env, cpu_T0);
4935 break;
4936 #endif
4937 }
4938 break;
4939 default:
4940 goto unknown_op;
4941 }
4942 break;
4943
4944 case 0xfe: /* GRP4 */
4945 case 0xff: /* GRP5 */
4946 ot = mo_b_d(b, dflag);
4947
4948 modrm = cpu_ldub_code(env, s->pc++);
4949 mod = (modrm >> 6) & 3;
4950 rm = (modrm & 7) | REX_B(s);
4951 op = (modrm >> 3) & 7;
4952 if (op >= 2 && b == 0xfe) {
4953 goto unknown_op;
4954 }
4955 if (CODE64(s)) {
4956 if (op == 2 || op == 4) {
4957 /* operand size for jumps is 64 bit */
4958 ot = MO_64;
4959 } else if (op == 3 || op == 5) {
4960 ot = dflag != MO_16 ? MO_32 + (rex_w == 1) : MO_16;
4961 } else if (op == 6) {
4962 /* default push size is 64 bit */
4963 ot = mo_pushpop(s, dflag);
4964 }
4965 }
4966 if (mod != 3) {
4967 gen_lea_modrm(env, s, modrm);
4968 if (op >= 2 && op != 3 && op != 5)
4969 gen_op_ld_v(s, ot, cpu_T0, cpu_A0);
4970 } else {
4971 gen_op_mov_v_reg(ot, cpu_T0, rm);
4972 }
4973
4974 switch(op) {
4975 case 0: /* inc Ev */
4976 if (mod != 3)
4977 opreg = OR_TMP0;
4978 else
4979 opreg = rm;
4980 gen_inc(s, ot, opreg, 1);
4981 break;
4982 case 1: /* dec Ev */
4983 if (mod != 3)
4984 opreg = OR_TMP0;
4985 else
4986 opreg = rm;
4987 gen_inc(s, ot, opreg, -1);
4988 break;
4989 case 2: /* call Ev */
4990 /* XXX: optimize if memory (no 'and' is necessary) */
4991 if (dflag == MO_16) {
4992 tcg_gen_ext16u_tl(cpu_T0, cpu_T0);
4993 }
4994 next_eip = s->pc - s->cs_base;
4995 tcg_gen_movi_tl(cpu_T1, next_eip);
4996 gen_push_v(s, cpu_T1);
4997 gen_op_jmp_v(cpu_T0);
4998 gen_bnd_jmp(s);
4999 gen_eob(s);
5000 break;
5001 case 3: /* lcall Ev */
5002 gen_op_ld_v(s, ot, cpu_T1, cpu_A0);
5003 gen_add_A0_im(s, 1 << ot);
5004 gen_op_ld_v(s, MO_16, cpu_T0, cpu_A0);
5005 do_lcall:
5006 if (s->pe && !s->vm86) {
5007 tcg_gen_trunc_tl_i32(cpu_tmp2_i32, cpu_T0);
5008 gen_helper_lcall_protected(cpu_env, cpu_tmp2_i32, cpu_T1,
5009 tcg_const_i32(dflag - 1),
5010 tcg_const_tl(s->pc - s->cs_base));
5011 } else {
5012 tcg_gen_trunc_tl_i32(cpu_tmp2_i32, cpu_T0);
5013 gen_helper_lcall_real(cpu_env, cpu_tmp2_i32, cpu_T1,
5014 tcg_const_i32(dflag - 1),
5015 tcg_const_i32(s->pc - s->cs_base));
5016 }
5017 gen_eob(s);
5018 break;
5019 case 4: /* jmp Ev */
5020 if (dflag == MO_16) {
5021 tcg_gen_ext16u_tl(cpu_T0, cpu_T0);
5022 }
5023 gen_op_jmp_v(cpu_T0);
5024 gen_bnd_jmp(s);
5025 gen_eob(s);
5026 break;
5027 case 5: /* ljmp Ev */
5028 gen_op_ld_v(s, ot, cpu_T1, cpu_A0);
5029 gen_add_A0_im(s, 1 << ot);
5030 gen_op_ld_v(s, MO_16, cpu_T0, cpu_A0);
5031 do_ljmp:
5032 if (s->pe && !s->vm86) {
5033 tcg_gen_trunc_tl_i32(cpu_tmp2_i32, cpu_T0);
5034 gen_helper_ljmp_protected(cpu_env, cpu_tmp2_i32, cpu_T1,
5035 tcg_const_tl(s->pc - s->cs_base));
5036 } else {
5037 gen_op_movl_seg_T0_vm(R_CS);
5038 gen_op_jmp_v(cpu_T1);
5039 }
5040 gen_eob(s);
5041 break;
5042 case 6: /* push Ev */
5043 gen_push_v(s, cpu_T0);
5044 break;
5045 default:
5046 goto unknown_op;
5047 }
5048 break;
5049
5050 case 0x84: /* test Ev, Gv */
5051 case 0x85:
5052 ot = mo_b_d(b, dflag);
5053
5054 modrm = cpu_ldub_code(env, s->pc++);
5055 reg = ((modrm >> 3) & 7) | rex_r;
5056
5057 gen_ldst_modrm(env, s, modrm, ot, OR_TMP0, 0);
5058 gen_op_mov_v_reg(ot, cpu_T1, reg);
5059 gen_op_testl_T0_T1_cc();
5060 set_cc_op(s, CC_OP_LOGICB + ot);
5061 break;
5062
5063 case 0xa8: /* test eAX, Iv */
5064 case 0xa9:
5065 ot = mo_b_d(b, dflag);
5066 val = insn_get(env, s, ot);
5067
5068 gen_op_mov_v_reg(ot, cpu_T0, OR_EAX);
5069 tcg_gen_movi_tl(cpu_T1, val);
5070 gen_op_testl_T0_T1_cc();
5071 set_cc_op(s, CC_OP_LOGICB + ot);
5072 break;
5073
5074 case 0x98: /* CWDE/CBW */
5075 switch (dflag) {
5076 #ifdef TARGET_X86_64
5077 case MO_64:
5078 gen_op_mov_v_reg(MO_32, cpu_T0, R_EAX);
5079 tcg_gen_ext32s_tl(cpu_T0, cpu_T0);
5080 gen_op_mov_reg_v(MO_64, R_EAX, cpu_T0);
5081 break;
5082 #endif
5083 case MO_32:
5084 gen_op_mov_v_reg(MO_16, cpu_T0, R_EAX);
5085 tcg_gen_ext16s_tl(cpu_T0, cpu_T0);
5086 gen_op_mov_reg_v(MO_32, R_EAX, cpu_T0);
5087 break;
5088 case MO_16:
5089 gen_op_mov_v_reg(MO_8, cpu_T0, R_EAX);
5090 tcg_gen_ext8s_tl(cpu_T0, cpu_T0);
5091 gen_op_mov_reg_v(MO_16, R_EAX, cpu_T0);
5092 break;
5093 default:
5094 tcg_abort();
5095 }
5096 break;
5097 case 0x99: /* CDQ/CWD */
5098 switch (dflag) {
5099 #ifdef TARGET_X86_64
5100 case MO_64:
5101 gen_op_mov_v_reg(MO_64, cpu_T0, R_EAX);
5102 tcg_gen_sari_tl(cpu_T0, cpu_T0, 63);
5103 gen_op_mov_reg_v(MO_64, R_EDX, cpu_T0);
5104 break;
5105 #endif
5106 case MO_32:
5107 gen_op_mov_v_reg(MO_32, cpu_T0, R_EAX);
5108 tcg_gen_ext32s_tl(cpu_T0, cpu_T0);
5109 tcg_gen_sari_tl(cpu_T0, cpu_T0, 31);
5110 gen_op_mov_reg_v(MO_32, R_EDX, cpu_T0);
5111 break;
5112 case MO_16:
5113 gen_op_mov_v_reg(MO_16, cpu_T0, R_EAX);
5114 tcg_gen_ext16s_tl(cpu_T0, cpu_T0);
5115 tcg_gen_sari_tl(cpu_T0, cpu_T0, 15);
5116 gen_op_mov_reg_v(MO_16, R_EDX, cpu_T0);
5117 break;
5118 default:
5119 tcg_abort();
5120 }
5121 break;
5122 case 0x1af: /* imul Gv, Ev */
5123 case 0x69: /* imul Gv, Ev, I */
5124 case 0x6b:
5125 ot = dflag;
5126 modrm = cpu_ldub_code(env, s->pc++);
5127 reg = ((modrm >> 3) & 7) | rex_r;
5128 if (b == 0x69)
5129 s->rip_offset = insn_const_size(ot);
5130 else if (b == 0x6b)
5131 s->rip_offset = 1;
5132 gen_ldst_modrm(env, s, modrm, ot, OR_TMP0, 0);
5133 if (b == 0x69) {
5134 val = insn_get(env, s, ot);
5135 tcg_gen_movi_tl(cpu_T1, val);
5136 } else if (b == 0x6b) {
5137 val = (int8_t)insn_get(env, s, MO_8);
5138 tcg_gen_movi_tl(cpu_T1, val);
5139 } else {
5140 gen_op_mov_v_reg(ot, cpu_T1, reg);
5141 }
5142 switch (ot) {
5143 #ifdef TARGET_X86_64
5144 case MO_64:
5145 tcg_gen_muls2_i64(cpu_regs[reg], cpu_T1, cpu_T0, cpu_T1);
5146 tcg_gen_mov_tl(cpu_cc_dst, cpu_regs[reg]);
5147 tcg_gen_sari_tl(cpu_cc_src, cpu_cc_dst, 63);
5148 tcg_gen_sub_tl(cpu_cc_src, cpu_cc_src, cpu_T1);
5149 break;
5150 #endif
5151 case MO_32:
5152 tcg_gen_trunc_tl_i32(cpu_tmp2_i32, cpu_T0);
5153 tcg_gen_trunc_tl_i32(cpu_tmp3_i32, cpu_T1);
5154 tcg_gen_muls2_i32(cpu_tmp2_i32, cpu_tmp3_i32,
5155 cpu_tmp2_i32, cpu_tmp3_i32);
5156 tcg_gen_extu_i32_tl(cpu_regs[reg], cpu_tmp2_i32);
5157 tcg_gen_sari_i32(cpu_tmp2_i32, cpu_tmp2_i32, 31);
5158 tcg_gen_mov_tl(cpu_cc_dst, cpu_regs[reg]);
5159 tcg_gen_sub_i32(cpu_tmp2_i32, cpu_tmp2_i32, cpu_tmp3_i32);
5160 tcg_gen_extu_i32_tl(cpu_cc_src, cpu_tmp2_i32);
5161 break;
5162 default:
5163 tcg_gen_ext16s_tl(cpu_T0, cpu_T0);
5164 tcg_gen_ext16s_tl(cpu_T1, cpu_T1);
5165 /* XXX: use 32 bit mul which could be faster */
5166 tcg_gen_mul_tl(cpu_T0, cpu_T0, cpu_T1);
5167 tcg_gen_mov_tl(cpu_cc_dst, cpu_T0);
5168 tcg_gen_ext16s_tl(cpu_tmp0, cpu_T0);
5169 tcg_gen_sub_tl(cpu_cc_src, cpu_T0, cpu_tmp0);
5170 gen_op_mov_reg_v(ot, reg, cpu_T0);
5171 break;
5172 }
5173 set_cc_op(s, CC_OP_MULB + ot);
5174 break;
5175 case 0x1c0:
5176 case 0x1c1: /* xadd Ev, Gv */
5177 ot = mo_b_d(b, dflag);
5178 modrm = cpu_ldub_code(env, s->pc++);
5179 reg = ((modrm >> 3) & 7) | rex_r;
5180 mod = (modrm >> 6) & 3;
5181 gen_op_mov_v_reg(ot, cpu_T0, reg);
5182 if (mod == 3) {
5183 rm = (modrm & 7) | REX_B(s);
5184 gen_op_mov_v_reg(ot, cpu_T1, rm);
5185 tcg_gen_add_tl(cpu_T0, cpu_T0, cpu_T1);
5186 gen_op_mov_reg_v(ot, reg, cpu_T1);
5187 gen_op_mov_reg_v(ot, rm, cpu_T0);
5188 } else {
5189 gen_lea_modrm(env, s, modrm);
5190 if (s->prefix & PREFIX_LOCK) {
5191 tcg_gen_atomic_fetch_add_tl(cpu_T1, cpu_A0, cpu_T0,
5192 s->mem_index, ot | MO_LE);
5193 tcg_gen_add_tl(cpu_T0, cpu_T0, cpu_T1);
5194 } else {
5195 gen_op_ld_v(s, ot, cpu_T1, cpu_A0);
5196 tcg_gen_add_tl(cpu_T0, cpu_T0, cpu_T1);
5197 gen_op_st_v(s, ot, cpu_T0, cpu_A0);
5198 }
5199 gen_op_mov_reg_v(ot, reg, cpu_T1);
5200 }
5201 gen_op_update2_cc();
5202 set_cc_op(s, CC_OP_ADDB + ot);
5203 break;
5204 case 0x1b0:
5205 case 0x1b1: /* cmpxchg Ev, Gv */
5206 {
5207 TCGv oldv, newv, cmpv;
5208
5209 ot = mo_b_d(b, dflag);
5210 modrm = cpu_ldub_code(env, s->pc++);
5211 reg = ((modrm >> 3) & 7) | rex_r;
5212 mod = (modrm >> 6) & 3;
5213 oldv = tcg_temp_new();
5214 newv = tcg_temp_new();
5215 cmpv = tcg_temp_new();
5216 gen_op_mov_v_reg(ot, newv, reg);
5217 tcg_gen_mov_tl(cmpv, cpu_regs[R_EAX]);
5218
5219 if (s->prefix & PREFIX_LOCK) {
5220 if (mod == 3) {
5221 goto illegal_op;
5222 }
5223 gen_lea_modrm(env, s, modrm);
5224 tcg_gen_atomic_cmpxchg_tl(oldv, cpu_A0, cmpv, newv,
5225 s->mem_index, ot | MO_LE);
5226 gen_op_mov_reg_v(ot, R_EAX, oldv);
5227 } else {
5228 if (mod == 3) {
5229 rm = (modrm & 7) | REX_B(s);
5230 gen_op_mov_v_reg(ot, oldv, rm);
5231 } else {
5232 gen_lea_modrm(env, s, modrm);
5233 gen_op_ld_v(s, ot, oldv, cpu_A0);
5234 rm = 0; /* avoid warning */
5235 }
5236 gen_extu(ot, oldv);
5237 gen_extu(ot, cmpv);
5238 /* store value = (old == cmp ? new : old); */
5239 tcg_gen_movcond_tl(TCG_COND_EQ, newv, oldv, cmpv, newv, oldv);
5240 if (mod == 3) {
5241 gen_op_mov_reg_v(ot, R_EAX, oldv);
5242 gen_op_mov_reg_v(ot, rm, newv);
5243 } else {
5244 /* Perform an unconditional store cycle like physical cpu;
5245 must be before changing accumulator to ensure
5246 idempotency if the store faults and the instruction
5247 is restarted */
5248 gen_op_st_v(s, ot, newv, cpu_A0);
5249 gen_op_mov_reg_v(ot, R_EAX, oldv);
5250 }
5251 }
5252 tcg_gen_mov_tl(cpu_cc_src, oldv);
5253 tcg_gen_mov_tl(cpu_cc_srcT, cmpv);
5254 tcg_gen_sub_tl(cpu_cc_dst, cmpv, oldv);
5255 set_cc_op(s, CC_OP_SUBB + ot);
5256 tcg_temp_free(oldv);
5257 tcg_temp_free(newv);
5258 tcg_temp_free(cmpv);
5259 }
5260 break;
5261 case 0x1c7: /* cmpxchg8b */
5262 modrm = cpu_ldub_code(env, s->pc++);
5263 mod = (modrm >> 6) & 3;
5264 if ((mod == 3) || ((modrm & 0x38) != 0x8))
5265 goto illegal_op;
5266 #ifdef TARGET_X86_64
5267 if (dflag == MO_64) {
5268 if (!(s->cpuid_ext_features & CPUID_EXT_CX16))
5269 goto illegal_op;
5270 gen_lea_modrm(env, s, modrm);
5271 if ((s->prefix & PREFIX_LOCK) && parallel_cpus) {
5272 gen_helper_cmpxchg16b(cpu_env, cpu_A0);
5273 } else {
5274 gen_helper_cmpxchg16b_unlocked(cpu_env, cpu_A0);
5275 }
5276 } else
5277 #endif
5278 {
5279 if (!(s->cpuid_features & CPUID_CX8))
5280 goto illegal_op;
5281 gen_lea_modrm(env, s, modrm);
5282 if ((s->prefix & PREFIX_LOCK) && parallel_cpus) {
5283 gen_helper_cmpxchg8b(cpu_env, cpu_A0);
5284 } else {
5285 gen_helper_cmpxchg8b_unlocked(cpu_env, cpu_A0);
5286 }
5287 }
5288 set_cc_op(s, CC_OP_EFLAGS);
5289 break;
5290
5291 /**************************/
5292 /* push/pop */
5293 case 0x50 ... 0x57: /* push */
5294 gen_op_mov_v_reg(MO_32, cpu_T0, (b & 7) | REX_B(s));
5295 gen_push_v(s, cpu_T0);
5296 break;
5297 case 0x58 ... 0x5f: /* pop */
5298 ot = gen_pop_T0(s);
5299 /* NOTE: order is important for pop %sp */
5300 gen_pop_update(s, ot);
5301 gen_op_mov_reg_v(ot, (b & 7) | REX_B(s), cpu_T0);
5302 break;
5303 case 0x60: /* pusha */
5304 if (CODE64(s))
5305 goto illegal_op;
5306 gen_pusha(s);
5307 break;
5308 case 0x61: /* popa */
5309 if (CODE64(s))
5310 goto illegal_op;
5311 gen_popa(s);
5312 break;
5313 case 0x68: /* push Iv */
5314 case 0x6a:
5315 ot = mo_pushpop(s, dflag);
5316 if (b == 0x68)
5317 val = insn_get(env, s, ot);
5318 else
5319 val = (int8_t)insn_get(env, s, MO_8);
5320 tcg_gen_movi_tl(cpu_T0, val);
5321 gen_push_v(s, cpu_T0);
5322 break;
5323 case 0x8f: /* pop Ev */
5324 modrm = cpu_ldub_code(env, s->pc++);
5325 mod = (modrm >> 6) & 3;
5326 ot = gen_pop_T0(s);
5327 if (mod == 3) {
5328 /* NOTE: order is important for pop %sp */
5329 gen_pop_update(s, ot);
5330 rm = (modrm & 7) | REX_B(s);
5331 gen_op_mov_reg_v(ot, rm, cpu_T0);
5332 } else {
5333 /* NOTE: order is important too for MMU exceptions */
5334 s->popl_esp_hack = 1 << ot;
5335 gen_ldst_modrm(env, s, modrm, ot, OR_TMP0, 1);
5336 s->popl_esp_hack = 0;
5337 gen_pop_update(s, ot);
5338 }
5339 break;
5340 case 0xc8: /* enter */
5341 {
5342 int level;
5343 val = cpu_lduw_code(env, s->pc);
5344 s->pc += 2;
5345 level = cpu_ldub_code(env, s->pc++);
5346 gen_enter(s, val, level);
5347 }
5348 break;
5349 case 0xc9: /* leave */
5350 gen_leave(s);
5351 break;
5352 case 0x06: /* push es */
5353 case 0x0e: /* push cs */
5354 case 0x16: /* push ss */
5355 case 0x1e: /* push ds */
5356 if (CODE64(s))
5357 goto illegal_op;
5358 gen_op_movl_T0_seg(b >> 3);
5359 gen_push_v(s, cpu_T0);
5360 break;
5361 case 0x1a0: /* push fs */
5362 case 0x1a8: /* push gs */
5363 gen_op_movl_T0_seg((b >> 3) & 7);
5364 gen_push_v(s, cpu_T0);
5365 break;
5366 case 0x07: /* pop es */
5367 case 0x17: /* pop ss */
5368 case 0x1f: /* pop ds */
5369 if (CODE64(s))
5370 goto illegal_op;
5371 reg = b >> 3;
5372 ot = gen_pop_T0(s);
5373 gen_movl_seg_T0(s, reg);
5374 gen_pop_update(s, ot);
5375 /* Note that reg == R_SS in gen_movl_seg_T0 always sets is_jmp. */
5376 if (s->is_jmp) {
5377 gen_jmp_im(s->pc - s->cs_base);
5378 if (reg == R_SS) {
5379 s->tf = 0;
5380 gen_eob_inhibit_irq(s, true);
5381 } else {
5382 gen_eob(s);
5383 }
5384 }
5385 break;
5386 case 0x1a1: /* pop fs */
5387 case 0x1a9: /* pop gs */
5388 ot = gen_pop_T0(s);
5389 gen_movl_seg_T0(s, (b >> 3) & 7);
5390 gen_pop_update(s, ot);
5391 if (s->is_jmp) {
5392 gen_jmp_im(s->pc - s->cs_base);
5393 gen_eob(s);
5394 }
5395 break;
5396
5397 /**************************/
5398 /* mov */
5399 case 0x88:
5400 case 0x89: /* mov Gv, Ev */
5401 ot = mo_b_d(b, dflag);
5402 modrm = cpu_ldub_code(env, s->pc++);
5403 reg = ((modrm >> 3) & 7) | rex_r;
5404
5405 /* generate a generic store */
5406 gen_ldst_modrm(env, s, modrm, ot, reg, 1);
5407 break;
5408 case 0xc6:
5409 case 0xc7: /* mov Ev, Iv */
5410 ot = mo_b_d(b, dflag);
5411 modrm = cpu_ldub_code(env, s->pc++);
5412 mod = (modrm >> 6) & 3;
5413 if (mod != 3) {
5414 s->rip_offset = insn_const_size(ot);
5415 gen_lea_modrm(env, s, modrm);
5416 }
5417 val = insn_get(env, s, ot);
5418 tcg_gen_movi_tl(cpu_T0, val);
5419 if (mod != 3) {
5420 gen_op_st_v(s, ot, cpu_T0, cpu_A0);
5421 } else {
5422 gen_op_mov_reg_v(ot, (modrm & 7) | REX_B(s), cpu_T0);
5423 }
5424 break;
5425 case 0x8a:
5426 case 0x8b: /* mov Ev, Gv */
5427 ot = mo_b_d(b, dflag);
5428 modrm = cpu_ldub_code(env, s->pc++);
5429 reg = ((modrm >> 3) & 7) | rex_r;
5430
5431 gen_ldst_modrm(env, s, modrm, ot, OR_TMP0, 0);
5432 gen_op_mov_reg_v(ot, reg, cpu_T0);
5433 break;
5434 case 0x8e: /* mov seg, Gv */
5435 modrm = cpu_ldub_code(env, s->pc++);
5436 reg = (modrm >> 3) & 7;
5437 if (reg >= 6 || reg == R_CS)
5438 goto illegal_op;
5439 gen_ldst_modrm(env, s, modrm, MO_16, OR_TMP0, 0);
5440 gen_movl_seg_T0(s, reg);
5441 /* Note that reg == R_SS in gen_movl_seg_T0 always sets is_jmp. */
5442 if (s->is_jmp) {
5443 gen_jmp_im(s->pc - s->cs_base);
5444 if (reg == R_SS) {
5445 s->tf = 0;
5446 gen_eob_inhibit_irq(s, true);
5447 } else {
5448 gen_eob(s);
5449 }
5450 }
5451 break;
5452 case 0x8c: /* mov Gv, seg */
5453 modrm = cpu_ldub_code(env, s->pc++);
5454 reg = (modrm >> 3) & 7;
5455 mod = (modrm >> 6) & 3;
5456 if (reg >= 6)
5457 goto illegal_op;
5458 gen_op_movl_T0_seg(reg);
5459 ot = mod == 3 ? dflag : MO_16;
5460 gen_ldst_modrm(env, s, modrm, ot, OR_TMP0, 1);
5461 break;
5462
5463 case 0x1b6: /* movzbS Gv, Eb */
5464 case 0x1b7: /* movzwS Gv, Eb */
5465 case 0x1be: /* movsbS Gv, Eb */
5466 case 0x1bf: /* movswS Gv, Eb */
5467 {
5468 TCGMemOp d_ot;
5469 TCGMemOp s_ot;
5470
5471 /* d_ot is the size of destination */
5472 d_ot = dflag;
5473 /* ot is the size of source */
5474 ot = (b & 1) + MO_8;
5475 /* s_ot is the sign+size of source */
5476 s_ot = b & 8 ? MO_SIGN | ot : ot;
5477
5478 modrm = cpu_ldub_code(env, s->pc++);
5479 reg = ((modrm >> 3) & 7) | rex_r;
5480 mod = (modrm >> 6) & 3;
5481 rm = (modrm & 7) | REX_B(s);
5482
5483 if (mod == 3) {
5484 if (s_ot == MO_SB && byte_reg_is_xH(rm)) {
5485 tcg_gen_sextract_tl(cpu_T0, cpu_regs[rm - 4], 8, 8);
5486 } else {
5487 gen_op_mov_v_reg(ot, cpu_T0, rm);
5488 switch (s_ot) {
5489 case MO_UB:
5490 tcg_gen_ext8u_tl(cpu_T0, cpu_T0);
5491 break;
5492 case MO_SB:
5493 tcg_gen_ext8s_tl(cpu_T0, cpu_T0);
5494 break;
5495 case MO_UW:
5496 tcg_gen_ext16u_tl(cpu_T0, cpu_T0);
5497 break;
5498 default:
5499 case MO_SW:
5500 tcg_gen_ext16s_tl(cpu_T0, cpu_T0);
5501 break;
5502 }
5503 }
5504 gen_op_mov_reg_v(d_ot, reg, cpu_T0);
5505 } else {
5506 gen_lea_modrm(env, s, modrm);
5507 gen_op_ld_v(s, s_ot, cpu_T0, cpu_A0);
5508 gen_op_mov_reg_v(d_ot, reg, cpu_T0);
5509 }
5510 }
5511 break;
5512
5513 case 0x8d: /* lea */
5514 modrm = cpu_ldub_code(env, s->pc++);
5515 mod = (modrm >> 6) & 3;
5516 if (mod == 3)
5517 goto illegal_op;
5518 reg = ((modrm >> 3) & 7) | rex_r;
5519 {
5520 AddressParts a = gen_lea_modrm_0(env, s, modrm);
5521 TCGv ea = gen_lea_modrm_1(a);
5522 gen_lea_v_seg(s, s->aflag, ea, -1, -1);
5523 gen_op_mov_reg_v(dflag, reg, cpu_A0);
5524 }
5525 break;
5526
5527 case 0xa0: /* mov EAX, Ov */
5528 case 0xa1:
5529 case 0xa2: /* mov Ov, EAX */
5530 case 0xa3:
5531 {
5532 target_ulong offset_addr;
5533
5534 ot = mo_b_d(b, dflag);
5535 switch (s->aflag) {
5536 #ifdef TARGET_X86_64
5537 case MO_64:
5538 offset_addr = cpu_ldq_code(env, s->pc);
5539 s->pc += 8;
5540 break;
5541 #endif
5542 default:
5543 offset_addr = insn_get(env, s, s->aflag);
5544 break;
5545 }
5546 tcg_gen_movi_tl(cpu_A0, offset_addr);
5547 gen_add_A0_ds_seg(s);
5548 if ((b & 2) == 0) {
5549 gen_op_ld_v(s, ot, cpu_T0, cpu_A0);
5550 gen_op_mov_reg_v(ot, R_EAX, cpu_T0);
5551 } else {
5552 gen_op_mov_v_reg(ot, cpu_T0, R_EAX);
5553 gen_op_st_v(s, ot, cpu_T0, cpu_A0);
5554 }
5555 }
5556 break;
5557 case 0xd7: /* xlat */
5558 tcg_gen_mov_tl(cpu_A0, cpu_regs[R_EBX]);
5559 tcg_gen_ext8u_tl(cpu_T0, cpu_regs[R_EAX]);
5560 tcg_gen_add_tl(cpu_A0, cpu_A0, cpu_T0);
5561 gen_extu(s->aflag, cpu_A0);
5562 gen_add_A0_ds_seg(s);
5563 gen_op_ld_v(s, MO_8, cpu_T0, cpu_A0);
5564 gen_op_mov_reg_v(MO_8, R_EAX, cpu_T0);
5565 break;
5566 case 0xb0 ... 0xb7: /* mov R, Ib */
5567 val = insn_get(env, s, MO_8);
5568 tcg_gen_movi_tl(cpu_T0, val);
5569 gen_op_mov_reg_v(MO_8, (b & 7) | REX_B(s), cpu_T0);
5570 break;
5571 case 0xb8 ... 0xbf: /* mov R, Iv */
5572 #ifdef TARGET_X86_64
5573 if (dflag == MO_64) {
5574 uint64_t tmp;
5575 /* 64 bit case */
5576 tmp = cpu_ldq_code(env, s->pc);
5577 s->pc += 8;
5578 reg = (b & 7) | REX_B(s);
5579 tcg_gen_movi_tl(cpu_T0, tmp);
5580 gen_op_mov_reg_v(MO_64, reg, cpu_T0);
5581 } else
5582 #endif
5583 {
5584 ot = dflag;
5585 val = insn_get(env, s, ot);
5586 reg = (b & 7) | REX_B(s);
5587 tcg_gen_movi_tl(cpu_T0, val);
5588 gen_op_mov_reg_v(ot, reg, cpu_T0);
5589 }
5590 break;
5591
5592 case 0x91 ... 0x97: /* xchg R, EAX */
5593 do_xchg_reg_eax:
5594 ot = dflag;
5595 reg = (b & 7) | REX_B(s);
5596 rm = R_EAX;
5597 goto do_xchg_reg;
5598 case 0x86:
5599 case 0x87: /* xchg Ev, Gv */
5600 ot = mo_b_d(b, dflag);
5601 modrm = cpu_ldub_code(env, s->pc++);
5602 reg = ((modrm >> 3) & 7) | rex_r;
5603 mod = (modrm >> 6) & 3;
5604 if (mod == 3) {
5605 rm = (modrm & 7) | REX_B(s);
5606 do_xchg_reg:
5607 gen_op_mov_v_reg(ot, cpu_T0, reg);
5608 gen_op_mov_v_reg(ot, cpu_T1, rm);
5609 gen_op_mov_reg_v(ot, rm, cpu_T0);
5610 gen_op_mov_reg_v(ot, reg, cpu_T1);
5611 } else {
5612 gen_lea_modrm(env, s, modrm);
5613 gen_op_mov_v_reg(ot, cpu_T0, reg);
5614 /* for xchg, lock is implicit */
5615 tcg_gen_atomic_xchg_tl(cpu_T1, cpu_A0, cpu_T0,
5616 s->mem_index, ot | MO_LE);
5617 gen_op_mov_reg_v(ot, reg, cpu_T1);
5618 }
5619 break;
5620 case 0xc4: /* les Gv */
5621 /* In CODE64 this is VEX3; see above. */
5622 op = R_ES;
5623 goto do_lxx;
5624 case 0xc5: /* lds Gv */
5625 /* In CODE64 this is VEX2; see above. */
5626 op = R_DS;
5627 goto do_lxx;
5628 case 0x1b2: /* lss Gv */
5629 op = R_SS;
5630 goto do_lxx;
5631 case 0x1b4: /* lfs Gv */
5632 op = R_FS;
5633 goto do_lxx;
5634 case 0x1b5: /* lgs Gv */
5635 op = R_GS;
5636 do_lxx:
5637 ot = dflag != MO_16 ? MO_32 : MO_16;
5638 modrm = cpu_ldub_code(env, s->pc++);
5639 reg = ((modrm >> 3) & 7) | rex_r;
5640 mod = (modrm >> 6) & 3;
5641 if (mod == 3)
5642 goto illegal_op;
5643 gen_lea_modrm(env, s, modrm);
5644 gen_op_ld_v(s, ot, cpu_T1, cpu_A0);
5645 gen_add_A0_im(s, 1 << ot);
5646 /* load the segment first to handle exceptions properly */
5647 gen_op_ld_v(s, MO_16, cpu_T0, cpu_A0);
5648 gen_movl_seg_T0(s, op);
5649 /* then put the data */
5650 gen_op_mov_reg_v(ot, reg, cpu_T1);
5651 if (s->is_jmp) {
5652 gen_jmp_im(s->pc - s->cs_base);
5653 gen_eob(s);
5654 }
5655 break;
5656
5657 /************************/
5658 /* shifts */
5659 case 0xc0:
5660 case 0xc1:
5661 /* shift Ev,Ib */
5662 shift = 2;
5663 grp2:
5664 {
5665 ot = mo_b_d(b, dflag);
5666 modrm = cpu_ldub_code(env, s->pc++);
5667 mod = (modrm >> 6) & 3;
5668 op = (modrm >> 3) & 7;
5669
5670 if (mod != 3) {
5671 if (shift == 2) {
5672 s->rip_offset = 1;
5673 }
5674 gen_lea_modrm(env, s, modrm);
5675 opreg = OR_TMP0;
5676 } else {
5677 opreg = (modrm & 7) | REX_B(s);
5678 }
5679
5680 /* simpler op */
5681 if (shift == 0) {
5682 gen_shift(s, op, ot, opreg, OR_ECX);
5683 } else {
5684 if (shift == 2) {
5685 shift = cpu_ldub_code(env, s->pc++);
5686 }
5687 gen_shifti(s, op, ot, opreg, shift);
5688 }
5689 }
5690 break;
5691 case 0xd0:
5692 case 0xd1:
5693 /* shift Ev,1 */
5694 shift = 1;
5695 goto grp2;
5696 case 0xd2:
5697 case 0xd3:
5698 /* shift Ev,cl */
5699 shift = 0;
5700 goto grp2;
5701
5702 case 0x1a4: /* shld imm */
5703 op = 0;
5704 shift = 1;
5705 goto do_shiftd;
5706 case 0x1a5: /* shld cl */
5707 op = 0;
5708 shift = 0;
5709 goto do_shiftd;
5710 case 0x1ac: /* shrd imm */
5711 op = 1;
5712 shift = 1;
5713 goto do_shiftd;
5714 case 0x1ad: /* shrd cl */
5715 op = 1;
5716 shift = 0;
5717 do_shiftd:
5718 ot = dflag;
5719 modrm = cpu_ldub_code(env, s->pc++);
5720 mod = (modrm >> 6) & 3;
5721 rm = (modrm & 7) | REX_B(s);
5722 reg = ((modrm >> 3) & 7) | rex_r;
5723 if (mod != 3) {
5724 gen_lea_modrm(env, s, modrm);
5725 opreg = OR_TMP0;
5726 } else {
5727 opreg = rm;
5728 }
5729 gen_op_mov_v_reg(ot, cpu_T1, reg);
5730
5731 if (shift) {
5732 TCGv imm = tcg_const_tl(cpu_ldub_code(env, s->pc++));
5733 gen_shiftd_rm_T1(s, ot, opreg, op, imm);
5734 tcg_temp_free(imm);
5735 } else {
5736 gen_shiftd_rm_T1(s, ot, opreg, op, cpu_regs[R_ECX]);
5737 }
5738 break;
5739
5740 /************************/
5741 /* floats */
5742 case 0xd8 ... 0xdf:
5743 if (s->flags & (HF_EM_MASK | HF_TS_MASK)) {
5744 /* if CR0.EM or CR0.TS are set, generate an FPU exception */
5745 /* XXX: what to do if illegal op ? */
5746 gen_exception(s, EXCP07_PREX, pc_start - s->cs_base);
5747 break;
5748 }
5749 modrm = cpu_ldub_code(env, s->pc++);
5750 mod = (modrm >> 6) & 3;
5751 rm = modrm & 7;
5752 op = ((b & 7) << 3) | ((modrm >> 3) & 7);
5753 if (mod != 3) {
5754 /* memory op */
5755 gen_lea_modrm(env, s, modrm);
5756 switch(op) {
5757 case 0x00 ... 0x07: /* fxxxs */
5758 case 0x10 ... 0x17: /* fixxxl */
5759 case 0x20 ... 0x27: /* fxxxl */
5760 case 0x30 ... 0x37: /* fixxx */
5761 {
5762 int op1;
5763 op1 = op & 7;
5764
5765 switch(op >> 4) {
5766 case 0:
5767 tcg_gen_qemu_ld_i32(cpu_tmp2_i32, cpu_A0,
5768 s->mem_index, MO_LEUL);
5769 gen_helper_flds_FT0(cpu_env, cpu_tmp2_i32);
5770 break;
5771 case 1:
5772 tcg_gen_qemu_ld_i32(cpu_tmp2_i32, cpu_A0,
5773 s->mem_index, MO_LEUL);
5774 gen_helper_fildl_FT0(cpu_env, cpu_tmp2_i32);
5775 break;
5776 case 2:
5777 tcg_gen_qemu_ld_i64(cpu_tmp1_i64, cpu_A0,
5778 s->mem_index, MO_LEQ);
5779 gen_helper_fldl_FT0(cpu_env, cpu_tmp1_i64);
5780 break;
5781 case 3:
5782 default:
5783 tcg_gen_qemu_ld_i32(cpu_tmp2_i32, cpu_A0,
5784 s->mem_index, MO_LESW);
5785 gen_helper_fildl_FT0(cpu_env, cpu_tmp2_i32);
5786 break;
5787 }
5788
5789 gen_helper_fp_arith_ST0_FT0(op1);
5790 if (op1 == 3) {
5791 /* fcomp needs pop */
5792 gen_helper_fpop(cpu_env);
5793 }
5794 }
5795 break;
5796 case 0x08: /* flds */
5797 case 0x0a: /* fsts */
5798 case 0x0b: /* fstps */
5799 case 0x18 ... 0x1b: /* fildl, fisttpl, fistl, fistpl */
5800 case 0x28 ... 0x2b: /* fldl, fisttpll, fstl, fstpl */
5801 case 0x38 ... 0x3b: /* filds, fisttps, fists, fistps */
5802 switch(op & 7) {
5803 case 0:
5804 switch(op >> 4) {
5805 case 0:
5806 tcg_gen_qemu_ld_i32(cpu_tmp2_i32, cpu_A0,
5807 s->mem_index, MO_LEUL);
5808 gen_helper_flds_ST0(cpu_env, cpu_tmp2_i32);
5809 break;
5810 case 1:
5811 tcg_gen_qemu_ld_i32(cpu_tmp2_i32, cpu_A0,
5812 s->mem_index, MO_LEUL);
5813 gen_helper_fildl_ST0(cpu_env, cpu_tmp2_i32);
5814 break;
5815 case 2:
5816 tcg_gen_qemu_ld_i64(cpu_tmp1_i64, cpu_A0,
5817 s->mem_index, MO_LEQ);
5818 gen_helper_fldl_ST0(cpu_env, cpu_tmp1_i64);
5819 break;
5820 case 3:
5821 default:
5822 tcg_gen_qemu_ld_i32(cpu_tmp2_i32, cpu_A0,
5823 s->mem_index, MO_LESW);
5824 gen_helper_fildl_ST0(cpu_env, cpu_tmp2_i32);
5825 break;
5826 }
5827 break;
5828 case 1:
5829 /* XXX: the corresponding CPUID bit must be tested ! */
5830 switch(op >> 4) {
5831 case 1:
5832 gen_helper_fisttl_ST0(cpu_tmp2_i32, cpu_env);
5833 tcg_gen_qemu_st_i32(cpu_tmp2_i32, cpu_A0,
5834 s->mem_index, MO_LEUL);
5835 break;
5836 case 2:
5837 gen_helper_fisttll_ST0(cpu_tmp1_i64, cpu_env);
5838 tcg_gen_qemu_st_i64(cpu_tmp1_i64, cpu_A0,
5839 s->mem_index, MO_LEQ);
5840 break;
5841 case 3:
5842 default:
5843 gen_helper_fistt_ST0(cpu_tmp2_i32, cpu_env);
5844 tcg_gen_qemu_st_i32(cpu_tmp2_i32, cpu_A0,
5845 s->mem_index, MO_LEUW);
5846 break;
5847 }
5848 gen_helper_fpop(cpu_env);
5849 break;
5850 default:
5851 switch(op >> 4) {
5852 case 0:
5853 gen_helper_fsts_ST0(cpu_tmp2_i32, cpu_env);
5854 tcg_gen_qemu_st_i32(cpu_tmp2_i32, cpu_A0,
5855 s->mem_index, MO_LEUL);
5856 break;
5857 case 1:
5858 gen_helper_fistl_ST0(cpu_tmp2_i32, cpu_env);
5859 tcg_gen_qemu_st_i32(cpu_tmp2_i32, cpu_A0,
5860 s->mem_index, MO_LEUL);
5861 break;
5862 case 2:
5863 gen_helper_fstl_ST0(cpu_tmp1_i64, cpu_env);
5864 tcg_gen_qemu_st_i64(cpu_tmp1_i64, cpu_A0,
5865 s->mem_index, MO_LEQ);
5866 break;
5867 case 3:
5868 default:
5869 gen_helper_fist_ST0(cpu_tmp2_i32, cpu_env);
5870 tcg_gen_qemu_st_i32(cpu_tmp2_i32, cpu_A0,
5871 s->mem_index, MO_LEUW);
5872 break;
5873 }
5874 if ((op & 7) == 3)
5875 gen_helper_fpop(cpu_env);
5876 break;
5877 }
5878 break;
5879 case 0x0c: /* fldenv mem */
5880 gen_helper_fldenv(cpu_env, cpu_A0, tcg_const_i32(dflag - 1));
5881 break;
5882 case 0x0d: /* fldcw mem */
5883 tcg_gen_qemu_ld_i32(cpu_tmp2_i32, cpu_A0,
5884 s->mem_index, MO_LEUW);
5885 gen_helper_fldcw(cpu_env, cpu_tmp2_i32);
5886 break;
5887 case 0x0e: /* fnstenv mem */
5888 gen_helper_fstenv(cpu_env, cpu_A0, tcg_const_i32(dflag - 1));
5889 break;
5890 case 0x0f: /* fnstcw mem */
5891 gen_helper_fnstcw(cpu_tmp2_i32, cpu_env);
5892 tcg_gen_qemu_st_i32(cpu_tmp2_i32, cpu_A0,
5893 s->mem_index, MO_LEUW);
5894 break;
5895 case 0x1d: /* fldt mem */
5896 gen_helper_fldt_ST0(cpu_env, cpu_A0);
5897 break;
5898 case 0x1f: /* fstpt mem */
5899 gen_helper_fstt_ST0(cpu_env, cpu_A0);
5900 gen_helper_fpop(cpu_env);
5901 break;
5902 case 0x2c: /* frstor mem */
5903 gen_helper_frstor(cpu_env, cpu_A0, tcg_const_i32(dflag - 1));
5904 break;
5905 case 0x2e: /* fnsave mem */
5906 gen_helper_fsave(cpu_env, cpu_A0, tcg_const_i32(dflag - 1));
5907 break;
5908 case 0x2f: /* fnstsw mem */
5909 gen_helper_fnstsw(cpu_tmp2_i32, cpu_env);
5910 tcg_gen_qemu_st_i32(cpu_tmp2_i32, cpu_A0,
5911 s->mem_index, MO_LEUW);
5912 break;
5913 case 0x3c: /* fbld */
5914 gen_helper_fbld_ST0(cpu_env, cpu_A0);
5915 break;
5916 case 0x3e: /* fbstp */
5917 gen_helper_fbst_ST0(cpu_env, cpu_A0);
5918 gen_helper_fpop(cpu_env);
5919 break;
5920 case 0x3d: /* fildll */
5921 tcg_gen_qemu_ld_i64(cpu_tmp1_i64, cpu_A0, s->mem_index, MO_LEQ);
5922 gen_helper_fildll_ST0(cpu_env, cpu_tmp1_i64);
5923 break;
5924 case 0x3f: /* fistpll */
5925 gen_helper_fistll_ST0(cpu_tmp1_i64, cpu_env);
5926 tcg_gen_qemu_st_i64(cpu_tmp1_i64, cpu_A0, s->mem_index, MO_LEQ);
5927 gen_helper_fpop(cpu_env);
5928 break;
5929 default:
5930 goto unknown_op;
5931 }
5932 } else {
5933 /* register float ops */
5934 opreg = rm;
5935
5936 switch(op) {
5937 case 0x08: /* fld sti */
5938 gen_helper_fpush(cpu_env);
5939 gen_helper_fmov_ST0_STN(cpu_env,
5940 tcg_const_i32((opreg + 1) & 7));
5941 break;
5942 case 0x09: /* fxchg sti */
5943 case 0x29: /* fxchg4 sti, undocumented op */
5944 case 0x39: /* fxchg7 sti, undocumented op */
5945 gen_helper_fxchg_ST0_STN(cpu_env, tcg_const_i32(opreg));
5946 break;
5947 case 0x0a: /* grp d9/2 */
5948 switch(rm) {
5949 case 0: /* fnop */
5950 /* check exceptions (FreeBSD FPU probe) */
5951 gen_helper_fwait(cpu_env);
5952 break;
5953 default:
5954 goto unknown_op;
5955 }
5956 break;
5957 case 0x0c: /* grp d9/4 */
5958 switch(rm) {
5959 case 0: /* fchs */
5960 gen_helper_fchs_ST0(cpu_env);
5961 break;
5962 case 1: /* fabs */
5963 gen_helper_fabs_ST0(cpu_env);
5964 break;
5965 case 4: /* ftst */
5966 gen_helper_fldz_FT0(cpu_env);
5967 gen_helper_fcom_ST0_FT0(cpu_env);
5968 break;
5969 case 5: /* fxam */
5970 gen_helper_fxam_ST0(cpu_env);
5971 break;
5972 default:
5973 goto unknown_op;
5974 }
5975 break;
5976 case 0x0d: /* grp d9/5 */
5977 {
5978 switch(rm) {
5979 case 0:
5980 gen_helper_fpush(cpu_env);
5981 gen_helper_fld1_ST0(cpu_env);
5982 break;
5983 case 1:
5984 gen_helper_fpush(cpu_env);
5985 gen_helper_fldl2t_ST0(cpu_env);
5986 break;
5987 case 2:
5988 gen_helper_fpush(cpu_env);
5989 gen_helper_fldl2e_ST0(cpu_env);
5990 break;
5991 case 3:
5992 gen_helper_fpush(cpu_env);
5993 gen_helper_fldpi_ST0(cpu_env);
5994 break;
5995 case 4:
5996 gen_helper_fpush(cpu_env);
5997 gen_helper_fldlg2_ST0(cpu_env);
5998 break;
5999 case 5:
6000 gen_helper_fpush(cpu_env);
6001 gen_helper_fldln2_ST0(cpu_env);
6002 break;
6003 case 6:
6004 gen_helper_fpush(cpu_env);
6005 gen_helper_fldz_ST0(cpu_env);
6006 break;
6007 default:
6008 goto unknown_op;
6009 }
6010 }
6011 break;
6012 case 0x0e: /* grp d9/6 */
6013 switch(rm) {
6014 case 0: /* f2xm1 */
6015 gen_helper_f2xm1(cpu_env);
6016 break;
6017 case 1: /* fyl2x */
6018 gen_helper_fyl2x(cpu_env);
6019 break;
6020 case 2: /* fptan */
6021 gen_helper_fptan(cpu_env);
6022 break;
6023 case 3: /* fpatan */
6024 gen_helper_fpatan(cpu_env);
6025 break;
6026 case 4: /* fxtract */
6027 gen_helper_fxtract(cpu_env);
6028 break;
6029 case 5: /* fprem1 */
6030 gen_helper_fprem1(cpu_env);
6031 break;
6032 case 6: /* fdecstp */
6033 gen_helper_fdecstp(cpu_env);
6034 break;
6035 default:
6036 case 7: /* fincstp */
6037 gen_helper_fincstp(cpu_env);
6038 break;
6039 }
6040 break;
6041 case 0x0f: /* grp d9/7 */
6042 switch(rm) {
6043 case 0: /* fprem */
6044 gen_helper_fprem(cpu_env);
6045 break;
6046 case 1: /* fyl2xp1 */
6047 gen_helper_fyl2xp1(cpu_env);
6048 break;
6049 case 2: /* fsqrt */
6050 gen_helper_fsqrt(cpu_env);
6051 break;
6052 case 3: /* fsincos */
6053 gen_helper_fsincos(cpu_env);
6054 break;
6055 case 5: /* fscale */
6056 gen_helper_fscale(cpu_env);
6057 break;
6058 case 4: /* frndint */
6059 gen_helper_frndint(cpu_env);
6060 break;
6061 case 6: /* fsin */
6062 gen_helper_fsin(cpu_env);
6063 break;
6064 default:
6065 case 7: /* fcos */
6066 gen_helper_fcos(cpu_env);
6067 break;
6068 }
6069 break;
6070 case 0x00: case 0x01: case 0x04 ... 0x07: /* fxxx st, sti */
6071 case 0x20: case 0x21: case 0x24 ... 0x27: /* fxxx sti, st */
6072 case 0x30: case 0x31: case 0x34 ... 0x37: /* fxxxp sti, st */
6073 {
6074 int op1;
6075
6076 op1 = op & 7;
6077 if (op >= 0x20) {
6078 gen_helper_fp_arith_STN_ST0(op1, opreg);
6079 if (op >= 0x30)
6080 gen_helper_fpop(cpu_env);
6081 } else {
6082 gen_helper_fmov_FT0_STN(cpu_env, tcg_const_i32(opreg));
6083 gen_helper_fp_arith_ST0_FT0(op1);
6084 }
6085 }
6086 break;
6087 case 0x02: /* fcom */
6088 case 0x22: /* fcom2, undocumented op */
6089 gen_helper_fmov_FT0_STN(cpu_env, tcg_const_i32(opreg));
6090 gen_helper_fcom_ST0_FT0(cpu_env);
6091 break;
6092 case 0x03: /* fcomp */
6093 case 0x23: /* fcomp3, undocumented op */
6094 case 0x32: /* fcomp5, undocumented op */
6095 gen_helper_fmov_FT0_STN(cpu_env, tcg_const_i32(opreg));
6096 gen_helper_fcom_ST0_FT0(cpu_env);
6097 gen_helper_fpop(cpu_env);
6098 break;
6099 case 0x15: /* da/5 */
6100 switch(rm) {
6101 case 1: /* fucompp */
6102 gen_helper_fmov_FT0_STN(cpu_env, tcg_const_i32(1));
6103 gen_helper_fucom_ST0_FT0(cpu_env);
6104 gen_helper_fpop(cpu_env);
6105 gen_helper_fpop(cpu_env);
6106 break;
6107 default:
6108 goto unknown_op;
6109 }
6110 break;
6111 case 0x1c:
6112 switch(rm) {
6113 case 0: /* feni (287 only, just do nop here) */
6114 break;
6115 case 1: /* fdisi (287 only, just do nop here) */
6116 break;
6117 case 2: /* fclex */
6118 gen_helper_fclex(cpu_env);
6119 break;
6120 case 3: /* fninit */
6121 gen_helper_fninit(cpu_env);
6122 break;
6123 case 4: /* fsetpm (287 only, just do nop here) */
6124 break;
6125 default:
6126 goto unknown_op;
6127 }
6128 break;
6129 case 0x1d: /* fucomi */
6130 if (!(s->cpuid_features & CPUID_CMOV)) {
6131 goto illegal_op;
6132 }
6133 gen_update_cc_op(s);
6134 gen_helper_fmov_FT0_STN(cpu_env, tcg_const_i32(opreg));
6135 gen_helper_fucomi_ST0_FT0(cpu_env);
6136 set_cc_op(s, CC_OP_EFLAGS);
6137 break;
6138 case 0x1e: /* fcomi */
6139 if (!(s->cpuid_features & CPUID_CMOV)) {
6140 goto illegal_op;
6141 }
6142 gen_update_cc_op(s);
6143 gen_helper_fmov_FT0_STN(cpu_env, tcg_const_i32(opreg));
6144 gen_helper_fcomi_ST0_FT0(cpu_env);
6145 set_cc_op(s, CC_OP_EFLAGS);
6146 break;
6147 case 0x28: /* ffree sti */
6148 gen_helper_ffree_STN(cpu_env, tcg_const_i32(opreg));
6149 break;
6150 case 0x2a: /* fst sti */
6151 gen_helper_fmov_STN_ST0(cpu_env, tcg_const_i32(opreg));
6152 break;
6153 case 0x2b: /* fstp sti */
6154 case 0x0b: /* fstp1 sti, undocumented op */
6155 case 0x3a: /* fstp8 sti, undocumented op */
6156 case 0x3b: /* fstp9 sti, undocumented op */
6157 gen_helper_fmov_STN_ST0(cpu_env, tcg_const_i32(opreg));
6158 gen_helper_fpop(cpu_env);
6159 break;
6160 case 0x2c: /* fucom st(i) */
6161 gen_helper_fmov_FT0_STN(cpu_env, tcg_const_i32(opreg));
6162 gen_helper_fucom_ST0_FT0(cpu_env);
6163 break;
6164 case 0x2d: /* fucomp st(i) */
6165 gen_helper_fmov_FT0_STN(cpu_env, tcg_const_i32(opreg));
6166 gen_helper_fucom_ST0_FT0(cpu_env);
6167 gen_helper_fpop(cpu_env);
6168 break;
6169 case 0x33: /* de/3 */
6170 switch(rm) {
6171 case 1: /* fcompp */
6172 gen_helper_fmov_FT0_STN(cpu_env, tcg_const_i32(1));
6173 gen_helper_fcom_ST0_FT0(cpu_env);
6174 gen_helper_fpop(cpu_env);
6175 gen_helper_fpop(cpu_env);
6176 break;
6177 default:
6178 goto unknown_op;
6179 }
6180 break;
6181 case 0x38: /* ffreep sti, undocumented op */
6182 gen_helper_ffree_STN(cpu_env, tcg_const_i32(opreg));
6183 gen_helper_fpop(cpu_env);
6184 break;
6185 case 0x3c: /* df/4 */
6186 switch(rm) {
6187 case 0:
6188 gen_helper_fnstsw(cpu_tmp2_i32, cpu_env);
6189 tcg_gen_extu_i32_tl(cpu_T0, cpu_tmp2_i32);
6190 gen_op_mov_reg_v(MO_16, R_EAX, cpu_T0);
6191 break;
6192 default:
6193 goto unknown_op;
6194 }
6195 break;
6196 case 0x3d: /* fucomip */
6197 if (!(s->cpuid_features & CPUID_CMOV)) {
6198 goto illegal_op;
6199 }
6200 gen_update_cc_op(s);
6201 gen_helper_fmov_FT0_STN(cpu_env, tcg_const_i32(opreg));
6202 gen_helper_fucomi_ST0_FT0(cpu_env);
6203 gen_helper_fpop(cpu_env);
6204 set_cc_op(s, CC_OP_EFLAGS);
6205 break;
6206 case 0x3e: /* fcomip */
6207 if (!(s->cpuid_features & CPUID_CMOV)) {
6208 goto illegal_op;
6209 }
6210 gen_update_cc_op(s);
6211 gen_helper_fmov_FT0_STN(cpu_env, tcg_const_i32(opreg));
6212 gen_helper_fcomi_ST0_FT0(cpu_env);
6213 gen_helper_fpop(cpu_env);
6214 set_cc_op(s, CC_OP_EFLAGS);
6215 break;
6216 case 0x10 ... 0x13: /* fcmovxx */
6217 case 0x18 ... 0x1b:
6218 {
6219 int op1;
6220 TCGLabel *l1;
6221 static const uint8_t fcmov_cc[8] = {
6222 (JCC_B << 1),
6223 (JCC_Z << 1),
6224 (JCC_BE << 1),
6225 (JCC_P << 1),
6226 };
6227
6228 if (!(s->cpuid_features & CPUID_CMOV)) {
6229 goto illegal_op;
6230 }
6231 op1 = fcmov_cc[op & 3] | (((op >> 3) & 1) ^ 1);
6232 l1 = gen_new_label();
6233 gen_jcc1_noeob(s, op1, l1);
6234 gen_helper_fmov_ST0_STN(cpu_env, tcg_const_i32(opreg));
6235 gen_set_label(l1);
6236 }
6237 break;
6238 default:
6239 goto unknown_op;
6240 }
6241 }
6242 break;
6243 /************************/
6244 /* string ops */
6245
6246 case 0xa4: /* movsS */
6247 case 0xa5:
6248 ot = mo_b_d(b, dflag);
6249 if (prefixes & (PREFIX_REPZ | PREFIX_REPNZ)) {
6250 gen_repz_movs(s, ot, pc_start - s->cs_base, s->pc - s->cs_base);
6251 } else {
6252 gen_movs(s, ot);
6253 }
6254 break;
6255
6256 case 0xaa: /* stosS */
6257 case 0xab:
6258 ot = mo_b_d(b, dflag);
6259 if (prefixes & (PREFIX_REPZ | PREFIX_REPNZ)) {
6260 gen_repz_stos(s, ot, pc_start - s->cs_base, s->pc - s->cs_base);
6261 } else {
6262 gen_stos(s, ot);
6263 }
6264 break;
6265 case 0xac: /* lodsS */
6266 case 0xad:
6267 ot = mo_b_d(b, dflag);
6268 if (prefixes & (PREFIX_REPZ | PREFIX_REPNZ)) {
6269 gen_repz_lods(s, ot, pc_start - s->cs_base, s->pc - s->cs_base);
6270 } else {
6271 gen_lods(s, ot);
6272 }
6273 break;
6274 case 0xae: /* scasS */
6275 case 0xaf:
6276 ot = mo_b_d(b, dflag);
6277 if (prefixes & PREFIX_REPNZ) {
6278 gen_repz_scas(s, ot, pc_start - s->cs_base, s->pc - s->cs_base, 1);
6279 } else if (prefixes & PREFIX_REPZ) {
6280 gen_repz_scas(s, ot, pc_start - s->cs_base, s->pc - s->cs_base, 0);
6281 } else {
6282 gen_scas(s, ot);
6283 }
6284 break;
6285
6286 case 0xa6: /* cmpsS */
6287 case 0xa7:
6288 ot = mo_b_d(b, dflag);
6289 if (prefixes & PREFIX_REPNZ) {
6290 gen_repz_cmps(s, ot, pc_start - s->cs_base, s->pc - s->cs_base, 1);
6291 } else if (prefixes & PREFIX_REPZ) {
6292 gen_repz_cmps(s, ot, pc_start - s->cs_base, s->pc - s->cs_base, 0);
6293 } else {
6294 gen_cmps(s, ot);
6295 }
6296 break;
6297 case 0x6c: /* insS */
6298 case 0x6d:
6299 ot = mo_b_d32(b, dflag);
6300 tcg_gen_ext16u_tl(cpu_T0, cpu_regs[R_EDX]);
6301 gen_check_io(s, ot, pc_start - s->cs_base,
6302 SVM_IOIO_TYPE_MASK | svm_is_rep(prefixes) | 4);
6303 if (prefixes & (PREFIX_REPZ | PREFIX_REPNZ)) {
6304 gen_repz_ins(s, ot, pc_start - s->cs_base, s->pc - s->cs_base);
6305 } else {
6306 gen_ins(s, ot);
6307 if (s->tb->cflags & CF_USE_ICOUNT) {
6308 gen_jmp(s, s->pc - s->cs_base);
6309 }
6310 }
6311 break;
6312 case 0x6e: /* outsS */
6313 case 0x6f:
6314 ot = mo_b_d32(b, dflag);
6315 tcg_gen_ext16u_tl(cpu_T0, cpu_regs[R_EDX]);
6316 gen_check_io(s, ot, pc_start - s->cs_base,
6317 svm_is_rep(prefixes) | 4);
6318 if (prefixes & (PREFIX_REPZ | PREFIX_REPNZ)) {
6319 gen_repz_outs(s, ot, pc_start - s->cs_base, s->pc - s->cs_base);
6320 } else {
6321 gen_outs(s, ot);
6322 if (s->tb->cflags & CF_USE_ICOUNT) {
6323 gen_jmp(s, s->pc - s->cs_base);
6324 }
6325 }
6326 break;
6327
6328 /************************/
6329 /* port I/O */
6330
6331 case 0xe4:
6332 case 0xe5:
6333 ot = mo_b_d32(b, dflag);
6334 val = cpu_ldub_code(env, s->pc++);
6335 tcg_gen_movi_tl(cpu_T0, val);
6336 gen_check_io(s, ot, pc_start - s->cs_base,
6337 SVM_IOIO_TYPE_MASK | svm_is_rep(prefixes));
6338 if (s->tb->cflags & CF_USE_ICOUNT) {
6339 gen_io_start();
6340 }
6341 tcg_gen_movi_i32(cpu_tmp2_i32, val);
6342 gen_helper_in_func(ot, cpu_T1, cpu_tmp2_i32);
6343 gen_op_mov_reg_v(ot, R_EAX, cpu_T1);
6344 gen_bpt_io(s, cpu_tmp2_i32, ot);
6345 if (s->tb->cflags & CF_USE_ICOUNT) {
6346 gen_io_end();
6347 gen_jmp(s, s->pc - s->cs_base);
6348 }
6349 break;
6350 case 0xe6:
6351 case 0xe7:
6352 ot = mo_b_d32(b, dflag);
6353 val = cpu_ldub_code(env, s->pc++);
6354 tcg_gen_movi_tl(cpu_T0, val);
6355 gen_check_io(s, ot, pc_start - s->cs_base,
6356 svm_is_rep(prefixes));
6357 gen_op_mov_v_reg(ot, cpu_T1, R_EAX);
6358
6359 if (s->tb->cflags & CF_USE_ICOUNT) {
6360 gen_io_start();
6361 }
6362 tcg_gen_movi_i32(cpu_tmp2_i32, val);
6363 tcg_gen_trunc_tl_i32(cpu_tmp3_i32, cpu_T1);
6364 gen_helper_out_func(ot, cpu_tmp2_i32, cpu_tmp3_i32);
6365 gen_bpt_io(s, cpu_tmp2_i32, ot);
6366 if (s->tb->cflags & CF_USE_ICOUNT) {
6367 gen_io_end();
6368 gen_jmp(s, s->pc - s->cs_base);
6369 }
6370 break;
6371 case 0xec:
6372 case 0xed:
6373 ot = mo_b_d32(b, dflag);
6374 tcg_gen_ext16u_tl(cpu_T0, cpu_regs[R_EDX]);
6375 gen_check_io(s, ot, pc_start - s->cs_base,
6376 SVM_IOIO_TYPE_MASK | svm_is_rep(prefixes));
6377 if (s->tb->cflags & CF_USE_ICOUNT) {
6378 gen_io_start();
6379 }
6380 tcg_gen_trunc_tl_i32(cpu_tmp2_i32, cpu_T0);
6381 gen_helper_in_func(ot, cpu_T1, cpu_tmp2_i32);
6382 gen_op_mov_reg_v(ot, R_EAX, cpu_T1);
6383 gen_bpt_io(s, cpu_tmp2_i32, ot);
6384 if (s->tb->cflags & CF_USE_ICOUNT) {
6385 gen_io_end();
6386 gen_jmp(s, s->pc - s->cs_base);
6387 }
6388 break;
6389 case 0xee:
6390 case 0xef:
6391 ot = mo_b_d32(b, dflag);
6392 tcg_gen_ext16u_tl(cpu_T0, cpu_regs[R_EDX]);
6393 gen_check_io(s, ot, pc_start - s->cs_base,
6394 svm_is_rep(prefixes));
6395 gen_op_mov_v_reg(ot, cpu_T1, R_EAX);
6396
6397 if (s->tb->cflags & CF_USE_ICOUNT) {
6398 gen_io_start();
6399 }
6400 tcg_gen_trunc_tl_i32(cpu_tmp2_i32, cpu_T0);
6401 tcg_gen_trunc_tl_i32(cpu_tmp3_i32, cpu_T1);
6402 gen_helper_out_func(ot, cpu_tmp2_i32, cpu_tmp3_i32);
6403 gen_bpt_io(s, cpu_tmp2_i32, ot);
6404 if (s->tb->cflags & CF_USE_ICOUNT) {
6405 gen_io_end();
6406 gen_jmp(s, s->pc - s->cs_base);
6407 }
6408 break;
6409
6410 /************************/
6411 /* control */
6412 case 0xc2: /* ret im */
6413 val = cpu_ldsw_code(env, s->pc);
6414 s->pc += 2;
6415 ot = gen_pop_T0(s);
6416 gen_stack_update(s, val + (1 << ot));
6417 /* Note that gen_pop_T0 uses a zero-extending load. */
6418 gen_op_jmp_v(cpu_T0);
6419 gen_bnd_jmp(s);
6420 gen_eob(s);
6421 break;
6422 case 0xc3: /* ret */
6423 ot = gen_pop_T0(s);
6424 gen_pop_update(s, ot);
6425 /* Note that gen_pop_T0 uses a zero-extending load. */
6426 gen_op_jmp_v(cpu_T0);
6427 gen_bnd_jmp(s);
6428 gen_eob(s);
6429 break;
6430 case 0xca: /* lret im */
6431 val = cpu_ldsw_code(env, s->pc);
6432 s->pc += 2;
6433 do_lret:
6434 if (s->pe && !s->vm86) {
6435 gen_update_cc_op(s);
6436 gen_jmp_im(pc_start - s->cs_base);
6437 gen_helper_lret_protected(cpu_env, tcg_const_i32(dflag - 1),
6438 tcg_const_i32(val));
6439 } else {
6440 gen_stack_A0(s);
6441 /* pop offset */
6442 gen_op_ld_v(s, dflag, cpu_T0, cpu_A0);
6443 /* NOTE: keeping EIP updated is not a problem in case of
6444 exception */
6445 gen_op_jmp_v(cpu_T0);
6446 /* pop selector */
6447 gen_add_A0_im(s, 1 << dflag);
6448 gen_op_ld_v(s, dflag, cpu_T0, cpu_A0);
6449 gen_op_movl_seg_T0_vm(R_CS);
6450 /* add stack offset */
6451 gen_stack_update(s, val + (2 << dflag));
6452 }
6453 gen_eob(s);
6454 break;
6455 case 0xcb: /* lret */
6456 val = 0;
6457 goto do_lret;
6458 case 0xcf: /* iret */
6459 gen_svm_check_intercept(s, pc_start, SVM_EXIT_IRET);
6460 if (!s->pe) {
6461 /* real mode */
6462 gen_helper_iret_real(cpu_env, tcg_const_i32(dflag - 1));
6463 set_cc_op(s, CC_OP_EFLAGS);
6464 } else if (s->vm86) {
6465 if (s->iopl != 3) {
6466 gen_exception(s, EXCP0D_GPF, pc_start - s->cs_base);
6467 } else {
6468 gen_helper_iret_real(cpu_env, tcg_const_i32(dflag - 1));
6469 set_cc_op(s, CC_OP_EFLAGS);
6470 }
6471 } else {
6472 gen_helper_iret_protected(cpu_env, tcg_const_i32(dflag - 1),
6473 tcg_const_i32(s->pc - s->cs_base));
6474 set_cc_op(s, CC_OP_EFLAGS);
6475 }
6476 gen_eob(s);
6477 break;
6478 case 0xe8: /* call im */
6479 {
6480 if (dflag != MO_16) {
6481 tval = (int32_t)insn_get(env, s, MO_32);
6482 } else {
6483 tval = (int16_t)insn_get(env, s, MO_16);
6484 }
6485 next_eip = s->pc - s->cs_base;
6486 tval += next_eip;
6487 if (dflag == MO_16) {
6488 tval &= 0xffff;
6489 } else if (!CODE64(s)) {
6490 tval &= 0xffffffff;
6491 }
6492 tcg_gen_movi_tl(cpu_T0, next_eip);
6493 gen_push_v(s, cpu_T0);
6494 gen_bnd_jmp(s);
6495 gen_jmp(s, tval);
6496 }
6497 break;
6498 case 0x9a: /* lcall im */
6499 {
6500 unsigned int selector, offset;
6501
6502 if (CODE64(s))
6503 goto illegal_op;
6504 ot = dflag;
6505 offset = insn_get(env, s, ot);
6506 selector = insn_get(env, s, MO_16);
6507
6508 tcg_gen_movi_tl(cpu_T0, selector);
6509 tcg_gen_movi_tl(cpu_T1, offset);
6510 }
6511 goto do_lcall;
6512 case 0xe9: /* jmp im */
6513 if (dflag != MO_16) {
6514 tval = (int32_t)insn_get(env, s, MO_32);
6515 } else {
6516 tval = (int16_t)insn_get(env, s, MO_16);
6517 }
6518 tval += s->pc - s->cs_base;
6519 if (dflag == MO_16) {
6520 tval &= 0xffff;
6521 } else if (!CODE64(s)) {
6522 tval &= 0xffffffff;
6523 }
6524 gen_bnd_jmp(s);
6525 gen_jmp(s, tval);
6526 break;
6527 case 0xea: /* ljmp im */
6528 {
6529 unsigned int selector, offset;
6530
6531 if (CODE64(s))
6532 goto illegal_op;
6533 ot = dflag;
6534 offset = insn_get(env, s, ot);
6535 selector = insn_get(env, s, MO_16);
6536
6537 tcg_gen_movi_tl(cpu_T0, selector);
6538 tcg_gen_movi_tl(cpu_T1, offset);
6539 }
6540 goto do_ljmp;
6541 case 0xeb: /* jmp Jb */
6542 tval = (int8_t)insn_get(env, s, MO_8);
6543 tval += s->pc - s->cs_base;
6544 if (dflag == MO_16) {
6545 tval &= 0xffff;
6546 }
6547 gen_jmp(s, tval);
6548 break;
6549 case 0x70 ... 0x7f: /* jcc Jb */
6550 tval = (int8_t)insn_get(env, s, MO_8);
6551 goto do_jcc;
6552 case 0x180 ... 0x18f: /* jcc Jv */
6553 if (dflag != MO_16) {
6554 tval = (int32_t)insn_get(env, s, MO_32);
6555 } else {
6556 tval = (int16_t)insn_get(env, s, MO_16);
6557 }
6558 do_jcc:
6559 next_eip = s->pc - s->cs_base;
6560 tval += next_eip;
6561 if (dflag == MO_16) {
6562 tval &= 0xffff;
6563 }
6564 gen_bnd_jmp(s);
6565 gen_jcc(s, b, tval, next_eip);
6566 break;
6567
6568 case 0x190 ... 0x19f: /* setcc Gv */
6569 modrm = cpu_ldub_code(env, s->pc++);
6570 gen_setcc1(s, b, cpu_T0);
6571 gen_ldst_modrm(env, s, modrm, MO_8, OR_TMP0, 1);
6572 break;
6573 case 0x140 ... 0x14f: /* cmov Gv, Ev */
6574 if (!(s->cpuid_features & CPUID_CMOV)) {
6575 goto illegal_op;
6576 }
6577 ot = dflag;
6578 modrm = cpu_ldub_code(env, s->pc++);
6579 reg = ((modrm >> 3) & 7) | rex_r;
6580 gen_cmovcc1(env, s, ot, b, modrm, reg);
6581 break;
6582
6583 /************************/
6584 /* flags */
6585 case 0x9c: /* pushf */
6586 gen_svm_check_intercept(s, pc_start, SVM_EXIT_PUSHF);
6587 if (s->vm86 && s->iopl != 3) {
6588 gen_exception(s, EXCP0D_GPF, pc_start - s->cs_base);
6589 } else {
6590 gen_update_cc_op(s);
6591 gen_helper_read_eflags(cpu_T0, cpu_env);
6592 gen_push_v(s, cpu_T0);
6593 }
6594 break;
6595 case 0x9d: /* popf */
6596 gen_svm_check_intercept(s, pc_start, SVM_EXIT_POPF);
6597 if (s->vm86 && s->iopl != 3) {
6598 gen_exception(s, EXCP0D_GPF, pc_start - s->cs_base);
6599 } else {
6600 ot = gen_pop_T0(s);
6601 if (s->cpl == 0) {
6602 if (dflag != MO_16) {
6603 gen_helper_write_eflags(cpu_env, cpu_T0,
6604 tcg_const_i32((TF_MASK | AC_MASK |
6605 ID_MASK | NT_MASK |
6606 IF_MASK |
6607 IOPL_MASK)));
6608 } else {
6609 gen_helper_write_eflags(cpu_env, cpu_T0,
6610 tcg_const_i32((TF_MASK | AC_MASK |
6611 ID_MASK | NT_MASK |
6612 IF_MASK | IOPL_MASK)
6613 & 0xffff));
6614 }
6615 } else {
6616 if (s->cpl <= s->iopl) {
6617 if (dflag != MO_16) {
6618 gen_helper_write_eflags(cpu_env, cpu_T0,
6619 tcg_const_i32((TF_MASK |
6620 AC_MASK |
6621 ID_MASK |
6622 NT_MASK |
6623 IF_MASK)));
6624 } else {
6625 gen_helper_write_eflags(cpu_env, cpu_T0,
6626 tcg_const_i32((TF_MASK |
6627 AC_MASK |
6628 ID_MASK |
6629 NT_MASK |
6630 IF_MASK)
6631 & 0xffff));
6632 }
6633 } else {
6634 if (dflag != MO_16) {
6635 gen_helper_write_eflags(cpu_env, cpu_T0,
6636 tcg_const_i32((TF_MASK | AC_MASK |
6637 ID_MASK | NT_MASK)));
6638 } else {
6639 gen_helper_write_eflags(cpu_env, cpu_T0,
6640 tcg_const_i32((TF_MASK | AC_MASK |
6641 ID_MASK | NT_MASK)
6642 & 0xffff));
6643 }
6644 }
6645 }
6646 gen_pop_update(s, ot);
6647 set_cc_op(s, CC_OP_EFLAGS);
6648 /* abort translation because TF/AC flag may change */
6649 gen_jmp_im(s->pc - s->cs_base);
6650 gen_eob(s);
6651 }
6652 break;
6653 case 0x9e: /* sahf */
6654 if (CODE64(s) && !(s->cpuid_ext3_features & CPUID_EXT3_LAHF_LM))
6655 goto illegal_op;
6656 gen_op_mov_v_reg(MO_8, cpu_T0, R_AH);
6657 gen_compute_eflags(s);
6658 tcg_gen_andi_tl(cpu_cc_src, cpu_cc_src, CC_O);
6659 tcg_gen_andi_tl(cpu_T0, cpu_T0, CC_S | CC_Z | CC_A | CC_P | CC_C);
6660 tcg_gen_or_tl(cpu_cc_src, cpu_cc_src, cpu_T0);
6661 break;
6662 case 0x9f: /* lahf */
6663 if (CODE64(s) && !(s->cpuid_ext3_features & CPUID_EXT3_LAHF_LM))
6664 goto illegal_op;
6665 gen_compute_eflags(s);
6666 /* Note: gen_compute_eflags() only gives the condition codes */
6667 tcg_gen_ori_tl(cpu_T0, cpu_cc_src, 0x02);
6668 gen_op_mov_reg_v(MO_8, R_AH, cpu_T0);
6669 break;
6670 case 0xf5: /* cmc */
6671 gen_compute_eflags(s);
6672 tcg_gen_xori_tl(cpu_cc_src, cpu_cc_src, CC_C);
6673 break;
6674 case 0xf8: /* clc */
6675 gen_compute_eflags(s);
6676 tcg_gen_andi_tl(cpu_cc_src, cpu_cc_src, ~CC_C);
6677 break;
6678 case 0xf9: /* stc */
6679 gen_compute_eflags(s);
6680 tcg_gen_ori_tl(cpu_cc_src, cpu_cc_src, CC_C);
6681 break;
6682 case 0xfc: /* cld */
6683 tcg_gen_movi_i32(cpu_tmp2_i32, 1);
6684 tcg_gen_st_i32(cpu_tmp2_i32, cpu_env, offsetof(CPUX86State, df));
6685 break;
6686 case 0xfd: /* std */
6687 tcg_gen_movi_i32(cpu_tmp2_i32, -1);
6688 tcg_gen_st_i32(cpu_tmp2_i32, cpu_env, offsetof(CPUX86State, df));
6689 break;
6690
6691 /************************/
6692 /* bit operations */
6693 case 0x1ba: /* bt/bts/btr/btc Gv, im */
6694 ot = dflag;
6695 modrm = cpu_ldub_code(env, s->pc++);
6696 op = (modrm >> 3) & 7;
6697 mod = (modrm >> 6) & 3;
6698 rm = (modrm & 7) | REX_B(s);
6699 if (mod != 3) {
6700 s->rip_offset = 1;
6701 gen_lea_modrm(env, s, modrm);
6702 if (!(s->prefix & PREFIX_LOCK)) {
6703 gen_op_ld_v(s, ot, cpu_T0, cpu_A0);
6704 }
6705 } else {
6706 gen_op_mov_v_reg(ot, cpu_T0, rm);
6707 }
6708 /* load shift */
6709 val = cpu_ldub_code(env, s->pc++);
6710 tcg_gen_movi_tl(cpu_T1, val);
6711 if (op < 4)
6712 goto unknown_op;
6713 op -= 4;
6714 goto bt_op;
6715 case 0x1a3: /* bt Gv, Ev */
6716 op = 0;
6717 goto do_btx;
6718 case 0x1ab: /* bts */
6719 op = 1;
6720 goto do_btx;
6721 case 0x1b3: /* btr */
6722 op = 2;
6723 goto do_btx;
6724 case 0x1bb: /* btc */
6725 op = 3;
6726 do_btx:
6727 ot = dflag;
6728 modrm = cpu_ldub_code(env, s->pc++);
6729 reg = ((modrm >> 3) & 7) | rex_r;
6730 mod = (modrm >> 6) & 3;
6731 rm = (modrm & 7) | REX_B(s);
6732 gen_op_mov_v_reg(MO_32, cpu_T1, reg);
6733 if (mod != 3) {
6734 AddressParts a = gen_lea_modrm_0(env, s, modrm);
6735 /* specific case: we need to add a displacement */
6736 gen_exts(ot, cpu_T1);
6737 tcg_gen_sari_tl(cpu_tmp0, cpu_T1, 3 + ot);
6738 tcg_gen_shli_tl(cpu_tmp0, cpu_tmp0, ot);
6739 tcg_gen_add_tl(cpu_A0, gen_lea_modrm_1(a), cpu_tmp0);
6740 gen_lea_v_seg(s, s->aflag, cpu_A0, a.def_seg, s->override);
6741 if (!(s->prefix & PREFIX_LOCK)) {
6742 gen_op_ld_v(s, ot, cpu_T0, cpu_A0);
6743 }
6744 } else {
6745 gen_op_mov_v_reg(ot, cpu_T0, rm);
6746 }
6747 bt_op:
6748 tcg_gen_andi_tl(cpu_T1, cpu_T1, (1 << (3 + ot)) - 1);
6749 tcg_gen_movi_tl(cpu_tmp0, 1);
6750 tcg_gen_shl_tl(cpu_tmp0, cpu_tmp0, cpu_T1);
6751 if (s->prefix & PREFIX_LOCK) {
6752 switch (op) {
6753 case 0: /* bt */
6754 /* Needs no atomic ops; we surpressed the normal
6755 memory load for LOCK above so do it now. */
6756 gen_op_ld_v(s, ot, cpu_T0, cpu_A0);
6757 break;
6758 case 1: /* bts */
6759 tcg_gen_atomic_fetch_or_tl(cpu_T0, cpu_A0, cpu_tmp0,
6760 s->mem_index, ot | MO_LE);
6761 break;
6762 case 2: /* btr */
6763 tcg_gen_not_tl(cpu_tmp0, cpu_tmp0);
6764 tcg_gen_atomic_fetch_and_tl(cpu_T0, cpu_A0, cpu_tmp0,
6765 s->mem_index, ot | MO_LE);
6766 break;
6767 default:
6768 case 3: /* btc */
6769 tcg_gen_atomic_fetch_xor_tl(cpu_T0, cpu_A0, cpu_tmp0,
6770 s->mem_index, ot | MO_LE);
6771 break;
6772 }
6773 tcg_gen_shr_tl(cpu_tmp4, cpu_T0, cpu_T1);
6774 } else {
6775 tcg_gen_shr_tl(cpu_tmp4, cpu_T0, cpu_T1);
6776 switch (op) {
6777 case 0: /* bt */
6778 /* Data already loaded; nothing to do. */
6779 break;
6780 case 1: /* bts */
6781 tcg_gen_or_tl(cpu_T0, cpu_T0, cpu_tmp0);
6782 break;
6783 case 2: /* btr */
6784 tcg_gen_andc_tl(cpu_T0, cpu_T0, cpu_tmp0);
6785 break;
6786 default:
6787 case 3: /* btc */
6788 tcg_gen_xor_tl(cpu_T0, cpu_T0, cpu_tmp0);
6789 break;
6790 }
6791 if (op != 0) {
6792 if (mod != 3) {
6793 gen_op_st_v(s, ot, cpu_T0, cpu_A0);
6794 } else {
6795 gen_op_mov_reg_v(ot, rm, cpu_T0);
6796 }
6797 }
6798 }
6799
6800 /* Delay all CC updates until after the store above. Note that
6801 C is the result of the test, Z is unchanged, and the others
6802 are all undefined. */
6803 switch (s->cc_op) {
6804 case CC_OP_MULB ... CC_OP_MULQ:
6805 case CC_OP_ADDB ... CC_OP_ADDQ:
6806 case CC_OP_ADCB ... CC_OP_ADCQ:
6807 case CC_OP_SUBB ... CC_OP_SUBQ:
6808 case CC_OP_SBBB ... CC_OP_SBBQ:
6809 case CC_OP_LOGICB ... CC_OP_LOGICQ:
6810 case CC_OP_INCB ... CC_OP_INCQ:
6811 case CC_OP_DECB ... CC_OP_DECQ:
6812 case CC_OP_SHLB ... CC_OP_SHLQ:
6813 case CC_OP_SARB ... CC_OP_SARQ:
6814 case CC_OP_BMILGB ... CC_OP_BMILGQ:
6815 /* Z was going to be computed from the non-zero status of CC_DST.
6816 We can get that same Z value (and the new C value) by leaving
6817 CC_DST alone, setting CC_SRC, and using a CC_OP_SAR of the
6818 same width. */
6819 tcg_gen_mov_tl(cpu_cc_src, cpu_tmp4);
6820 set_cc_op(s, ((s->cc_op - CC_OP_MULB) & 3) + CC_OP_SARB);
6821 break;
6822 default:
6823 /* Otherwise, generate EFLAGS and replace the C bit. */
6824 gen_compute_eflags(s);
6825 tcg_gen_deposit_tl(cpu_cc_src, cpu_cc_src, cpu_tmp4,
6826 ctz32(CC_C), 1);
6827 break;
6828 }
6829 break;
6830 case 0x1bc: /* bsf / tzcnt */
6831 case 0x1bd: /* bsr / lzcnt */
6832 ot = dflag;
6833 modrm = cpu_ldub_code(env, s->pc++);
6834 reg = ((modrm >> 3) & 7) | rex_r;
6835 gen_ldst_modrm(env, s, modrm, ot, OR_TMP0, 0);
6836 gen_extu(ot, cpu_T0);
6837
6838 /* Note that lzcnt and tzcnt are in different extensions. */
6839 if ((prefixes & PREFIX_REPZ)
6840 && (b & 1
6841 ? s->cpuid_ext3_features & CPUID_EXT3_ABM
6842 : s->cpuid_7_0_ebx_features & CPUID_7_0_EBX_BMI1)) {
6843 int size = 8 << ot;
6844 /* For lzcnt/tzcnt, C bit is defined related to the input. */
6845 tcg_gen_mov_tl(cpu_cc_src, cpu_T0);
6846 if (b & 1) {
6847 /* For lzcnt, reduce the target_ulong result by the
6848 number of zeros that we expect to find at the top. */
6849 tcg_gen_clzi_tl(cpu_T0, cpu_T0, TARGET_LONG_BITS);
6850 tcg_gen_subi_tl(cpu_T0, cpu_T0, TARGET_LONG_BITS - size);
6851 } else {
6852 /* For tzcnt, a zero input must return the operand size. */
6853 tcg_gen_ctzi_tl(cpu_T0, cpu_T0, size);
6854 }
6855 /* For lzcnt/tzcnt, Z bit is defined related to the result. */
6856 gen_op_update1_cc();
6857 set_cc_op(s, CC_OP_BMILGB + ot);
6858 } else {
6859 /* For bsr/bsf, only the Z bit is defined and it is related
6860 to the input and not the result. */
6861 tcg_gen_mov_tl(cpu_cc_dst, cpu_T0);
6862 set_cc_op(s, CC_OP_LOGICB + ot);
6863
6864 /* ??? The manual says that the output is undefined when the
6865 input is zero, but real hardware leaves it unchanged, and
6866 real programs appear to depend on that. Accomplish this
6867 by passing the output as the value to return upon zero. */
6868 if (b & 1) {
6869 /* For bsr, return the bit index of the first 1 bit,
6870 not the count of leading zeros. */
6871 tcg_gen_xori_tl(cpu_T1, cpu_regs[reg], TARGET_LONG_BITS - 1);
6872 tcg_gen_clz_tl(cpu_T0, cpu_T0, cpu_T1);
6873 tcg_gen_xori_tl(cpu_T0, cpu_T0, TARGET_LONG_BITS - 1);
6874 } else {
6875 tcg_gen_ctz_tl(cpu_T0, cpu_T0, cpu_regs[reg]);
6876 }
6877 }
6878 gen_op_mov_reg_v(ot, reg, cpu_T0);
6879 break;
6880 /************************/
6881 /* bcd */
6882 case 0x27: /* daa */
6883 if (CODE64(s))
6884 goto illegal_op;
6885 gen_update_cc_op(s);
6886 gen_helper_daa(cpu_env);
6887 set_cc_op(s, CC_OP_EFLAGS);
6888 break;
6889 case 0x2f: /* das */
6890 if (CODE64(s))
6891 goto illegal_op;
6892 gen_update_cc_op(s);
6893 gen_helper_das(cpu_env);
6894 set_cc_op(s, CC_OP_EFLAGS);
6895 break;
6896 case 0x37: /* aaa */
6897 if (CODE64(s))
6898 goto illegal_op;
6899 gen_update_cc_op(s);
6900 gen_helper_aaa(cpu_env);
6901 set_cc_op(s, CC_OP_EFLAGS);
6902 break;
6903 case 0x3f: /* aas */
6904 if (CODE64(s))
6905 goto illegal_op;
6906 gen_update_cc_op(s);
6907 gen_helper_aas(cpu_env);
6908 set_cc_op(s, CC_OP_EFLAGS);
6909 break;
6910 case 0xd4: /* aam */
6911 if (CODE64(s))
6912 goto illegal_op;
6913 val = cpu_ldub_code(env, s->pc++);
6914 if (val == 0) {
6915 gen_exception(s, EXCP00_DIVZ, pc_start - s->cs_base);
6916 } else {
6917 gen_helper_aam(cpu_env, tcg_const_i32(val));
6918 set_cc_op(s, CC_OP_LOGICB);
6919 }
6920 break;
6921 case 0xd5: /* aad */
6922 if (CODE64(s))
6923 goto illegal_op;
6924 val = cpu_ldub_code(env, s->pc++);
6925 gen_helper_aad(cpu_env, tcg_const_i32(val));
6926 set_cc_op(s, CC_OP_LOGICB);
6927 break;
6928 /************************/
6929 /* misc */
6930 case 0x90: /* nop */
6931 /* XXX: correct lock test for all insn */
6932 if (prefixes & PREFIX_LOCK) {
6933 goto illegal_op;
6934 }
6935 /* If REX_B is set, then this is xchg eax, r8d, not a nop. */
6936 if (REX_B(s)) {
6937 goto do_xchg_reg_eax;
6938 }
6939 if (prefixes & PREFIX_REPZ) {
6940 gen_update_cc_op(s);
6941 gen_jmp_im(pc_start - s->cs_base);
6942 gen_helper_pause(cpu_env, tcg_const_i32(s->pc - pc_start));
6943 s->is_jmp = DISAS_TB_JUMP;
6944 }
6945 break;
6946 case 0x9b: /* fwait */
6947 if ((s->flags & (HF_MP_MASK | HF_TS_MASK)) ==
6948 (HF_MP_MASK | HF_TS_MASK)) {
6949 gen_exception(s, EXCP07_PREX, pc_start - s->cs_base);
6950 } else {
6951 gen_helper_fwait(cpu_env);
6952 }
6953 break;
6954 case 0xcc: /* int3 */
6955 gen_interrupt(s, EXCP03_INT3, pc_start - s->cs_base, s->pc - s->cs_base);
6956 break;
6957 case 0xcd: /* int N */
6958 val = cpu_ldub_code(env, s->pc++);
6959 if (s->vm86 && s->iopl != 3) {
6960 gen_exception(s, EXCP0D_GPF, pc_start - s->cs_base);
6961 } else {
6962 gen_interrupt(s, val, pc_start - s->cs_base, s->pc - s->cs_base);
6963 }
6964 break;
6965 case 0xce: /* into */
6966 if (CODE64(s))
6967 goto illegal_op;
6968 gen_update_cc_op(s);
6969 gen_jmp_im(pc_start - s->cs_base);
6970 gen_helper_into(cpu_env, tcg_const_i32(s->pc - pc_start));
6971 break;
6972 #ifdef WANT_ICEBP
6973 case 0xf1: /* icebp (undocumented, exits to external debugger) */
6974 gen_svm_check_intercept(s, pc_start, SVM_EXIT_ICEBP);
6975 #if 1
6976 gen_debug(s, pc_start - s->cs_base);
6977 #else
6978 /* start debug */
6979 tb_flush(CPU(x86_env_get_cpu(env)));
6980 qemu_set_log(CPU_LOG_INT | CPU_LOG_TB_IN_ASM);
6981 #endif
6982 break;
6983 #endif
6984 case 0xfa: /* cli */
6985 if (!s->vm86) {
6986 if (s->cpl <= s->iopl) {
6987 gen_helper_cli(cpu_env);
6988 } else {
6989 gen_exception(s, EXCP0D_GPF, pc_start - s->cs_base);
6990 }
6991 } else {
6992 if (s->iopl == 3) {
6993 gen_helper_cli(cpu_env);
6994 } else {
6995 gen_exception(s, EXCP0D_GPF, pc_start - s->cs_base);
6996 }
6997 }
6998 break;
6999 case 0xfb: /* sti */
7000 if (s->vm86 ? s->iopl == 3 : s->cpl <= s->iopl) {
7001 gen_helper_sti(cpu_env);
7002 /* interruptions are enabled only the first insn after sti */
7003 gen_jmp_im(s->pc - s->cs_base);
7004 gen_eob_inhibit_irq(s, true);
7005 } else {
7006 gen_exception(s, EXCP0D_GPF, pc_start - s->cs_base);
7007 }
7008 break;
7009 case 0x62: /* bound */
7010 if (CODE64(s))
7011 goto illegal_op;
7012 ot = dflag;
7013 modrm = cpu_ldub_code(env, s->pc++);
7014 reg = (modrm >> 3) & 7;
7015 mod = (modrm >> 6) & 3;
7016 if (mod == 3)
7017 goto illegal_op;
7018 gen_op_mov_v_reg(ot, cpu_T0, reg);
7019 gen_lea_modrm(env, s, modrm);
7020 tcg_gen_trunc_tl_i32(cpu_tmp2_i32, cpu_T0);
7021 if (ot == MO_16) {
7022 gen_helper_boundw(cpu_env, cpu_A0, cpu_tmp2_i32);
7023 } else {
7024 gen_helper_boundl(cpu_env, cpu_A0, cpu_tmp2_i32);
7025 }
7026 break;
7027 case 0x1c8 ... 0x1cf: /* bswap reg */
7028 reg = (b & 7) | REX_B(s);
7029 #ifdef TARGET_X86_64
7030 if (dflag == MO_64) {
7031 gen_op_mov_v_reg(MO_64, cpu_T0, reg);
7032 tcg_gen_bswap64_i64(cpu_T0, cpu_T0);
7033 gen_op_mov_reg_v(MO_64, reg, cpu_T0);
7034 } else
7035 #endif
7036 {
7037 gen_op_mov_v_reg(MO_32, cpu_T0, reg);
7038 tcg_gen_ext32u_tl(cpu_T0, cpu_T0);
7039 tcg_gen_bswap32_tl(cpu_T0, cpu_T0);
7040 gen_op_mov_reg_v(MO_32, reg, cpu_T0);
7041 }
7042 break;
7043 case 0xd6: /* salc */
7044 if (CODE64(s))
7045 goto illegal_op;
7046 gen_compute_eflags_c(s, cpu_T0);
7047 tcg_gen_neg_tl(cpu_T0, cpu_T0);
7048 gen_op_mov_reg_v(MO_8, R_EAX, cpu_T0);
7049 break;
7050 case 0xe0: /* loopnz */
7051 case 0xe1: /* loopz */
7052 case 0xe2: /* loop */
7053 case 0xe3: /* jecxz */
7054 {
7055 TCGLabel *l1, *l2, *l3;
7056
7057 tval = (int8_t)insn_get(env, s, MO_8);
7058 next_eip = s->pc - s->cs_base;
7059 tval += next_eip;
7060 if (dflag == MO_16) {
7061 tval &= 0xffff;
7062 }
7063
7064 l1 = gen_new_label();
7065 l2 = gen_new_label();
7066 l3 = gen_new_label();
7067 b &= 3;
7068 switch(b) {
7069 case 0: /* loopnz */
7070 case 1: /* loopz */
7071 gen_op_add_reg_im(s->aflag, R_ECX, -1);
7072 gen_op_jz_ecx(s->aflag, l3);
7073 gen_jcc1(s, (JCC_Z << 1) | (b ^ 1), l1);
7074 break;
7075 case 2: /* loop */
7076 gen_op_add_reg_im(s->aflag, R_ECX, -1);
7077 gen_op_jnz_ecx(s->aflag, l1);
7078 break;
7079 default:
7080 case 3: /* jcxz */
7081 gen_op_jz_ecx(s->aflag, l1);
7082 break;
7083 }
7084
7085 gen_set_label(l3);
7086 gen_jmp_im(next_eip);
7087 tcg_gen_br(l2);
7088
7089 gen_set_label(l1);
7090 gen_jmp_im(tval);
7091 gen_set_label(l2);
7092 gen_eob(s);
7093 }
7094 break;
7095 case 0x130: /* wrmsr */
7096 case 0x132: /* rdmsr */
7097 if (s->cpl != 0) {
7098 gen_exception(s, EXCP0D_GPF, pc_start - s->cs_base);
7099 } else {
7100 gen_update_cc_op(s);
7101 gen_jmp_im(pc_start - s->cs_base);
7102 if (b & 2) {
7103 gen_helper_rdmsr(cpu_env);
7104 } else {
7105 gen_helper_wrmsr(cpu_env);
7106 }
7107 }
7108 break;
7109 case 0x131: /* rdtsc */
7110 gen_update_cc_op(s);
7111 gen_jmp_im(pc_start - s->cs_base);
7112 if (s->tb->cflags & CF_USE_ICOUNT) {
7113 gen_io_start();
7114 }
7115 gen_helper_rdtsc(cpu_env);
7116 if (s->tb->cflags & CF_USE_ICOUNT) {
7117 gen_io_end();
7118 gen_jmp(s, s->pc - s->cs_base);
7119 }
7120 break;
7121 case 0x133: /* rdpmc */
7122 gen_update_cc_op(s);
7123 gen_jmp_im(pc_start - s->cs_base);
7124 gen_helper_rdpmc(cpu_env);
7125 break;
7126 case 0x134: /* sysenter */
7127 /* For Intel SYSENTER is valid on 64-bit */
7128 if (CODE64(s) && env->cpuid_vendor1 != CPUID_VENDOR_INTEL_1)
7129 goto illegal_op;
7130 if (!s->pe) {
7131 gen_exception(s, EXCP0D_GPF, pc_start - s->cs_base);
7132 } else {
7133 gen_helper_sysenter(cpu_env);
7134 gen_eob(s);
7135 }
7136 break;
7137 case 0x135: /* sysexit */
7138 /* For Intel SYSEXIT is valid on 64-bit */
7139 if (CODE64(s) && env->cpuid_vendor1 != CPUID_VENDOR_INTEL_1)
7140 goto illegal_op;
7141 if (!s->pe) {
7142 gen_exception(s, EXCP0D_GPF, pc_start - s->cs_base);
7143 } else {
7144 gen_helper_sysexit(cpu_env, tcg_const_i32(dflag - 1));
7145 gen_eob(s);
7146 }
7147 break;
7148 #ifdef TARGET_X86_64
7149 case 0x105: /* syscall */
7150 /* XXX: is it usable in real mode ? */
7151 gen_update_cc_op(s);
7152 gen_jmp_im(pc_start - s->cs_base);
7153 gen_helper_syscall(cpu_env, tcg_const_i32(s->pc - pc_start));
7154 /* TF handling for the syscall insn is different. The TF bit is checked
7155 after the syscall insn completes. This allows #DB to not be
7156 generated after one has entered CPL0 if TF is set in FMASK. */
7157 gen_eob_worker(s, false, true);
7158 break;
7159 case 0x107: /* sysret */
7160 if (!s->pe) {
7161 gen_exception(s, EXCP0D_GPF, pc_start - s->cs_base);
7162 } else {
7163 gen_helper_sysret(cpu_env, tcg_const_i32(dflag - 1));
7164 /* condition codes are modified only in long mode */
7165 if (s->lma) {
7166 set_cc_op(s, CC_OP_EFLAGS);
7167 }
7168 /* TF handling for the sysret insn is different. The TF bit is
7169 checked after the sysret insn completes. This allows #DB to be
7170 generated "as if" the syscall insn in userspace has just
7171 completed. */
7172 gen_eob_worker(s, false, true);
7173 }
7174 break;
7175 #endif
7176 case 0x1a2: /* cpuid */
7177 gen_update_cc_op(s);
7178 gen_jmp_im(pc_start - s->cs_base);
7179 gen_helper_cpuid(cpu_env);
7180 break;
7181 case 0xf4: /* hlt */
7182 if (s->cpl != 0) {
7183 gen_exception(s, EXCP0D_GPF, pc_start - s->cs_base);
7184 } else {
7185 gen_update_cc_op(s);
7186 gen_jmp_im(pc_start - s->cs_base);
7187 gen_helper_hlt(cpu_env, tcg_const_i32(s->pc - pc_start));
7188 s->is_jmp = DISAS_TB_JUMP;
7189 }
7190 break;
7191 case 0x100:
7192 modrm = cpu_ldub_code(env, s->pc++);
7193 mod = (modrm >> 6) & 3;
7194 op = (modrm >> 3) & 7;
7195 switch(op) {
7196 case 0: /* sldt */
7197 if (!s->pe || s->vm86)
7198 goto illegal_op;
7199 gen_svm_check_intercept(s, pc_start, SVM_EXIT_LDTR_READ);
7200 tcg_gen_ld32u_tl(cpu_T0, cpu_env,
7201 offsetof(CPUX86State, ldt.selector));
7202 ot = mod == 3 ? dflag : MO_16;
7203 gen_ldst_modrm(env, s, modrm, ot, OR_TMP0, 1);
7204 break;
7205 case 2: /* lldt */
7206 if (!s->pe || s->vm86)
7207 goto illegal_op;
7208 if (s->cpl != 0) {
7209 gen_exception(s, EXCP0D_GPF, pc_start - s->cs_base);
7210 } else {
7211 gen_svm_check_intercept(s, pc_start, SVM_EXIT_LDTR_WRITE);
7212 gen_ldst_modrm(env, s, modrm, MO_16, OR_TMP0, 0);
7213 tcg_gen_trunc_tl_i32(cpu_tmp2_i32, cpu_T0);
7214 gen_helper_lldt(cpu_env, cpu_tmp2_i32);
7215 }
7216 break;
7217 case 1: /* str */
7218 if (!s->pe || s->vm86)
7219 goto illegal_op;
7220 gen_svm_check_intercept(s, pc_start, SVM_EXIT_TR_READ);
7221 tcg_gen_ld32u_tl(cpu_T0, cpu_env,
7222 offsetof(CPUX86State, tr.selector));
7223 ot = mod == 3 ? dflag : MO_16;
7224 gen_ldst_modrm(env, s, modrm, ot, OR_TMP0, 1);
7225 break;
7226 case 3: /* ltr */
7227 if (!s->pe || s->vm86)
7228 goto illegal_op;
7229 if (s->cpl != 0) {
7230 gen_exception(s, EXCP0D_GPF, pc_start - s->cs_base);
7231 } else {
7232 gen_svm_check_intercept(s, pc_start, SVM_EXIT_TR_WRITE);
7233 gen_ldst_modrm(env, s, modrm, MO_16, OR_TMP0, 0);
7234 tcg_gen_trunc_tl_i32(cpu_tmp2_i32, cpu_T0);
7235 gen_helper_ltr(cpu_env, cpu_tmp2_i32);
7236 }
7237 break;
7238 case 4: /* verr */
7239 case 5: /* verw */
7240 if (!s->pe || s->vm86)
7241 goto illegal_op;
7242 gen_ldst_modrm(env, s, modrm, MO_16, OR_TMP0, 0);
7243 gen_update_cc_op(s);
7244 if (op == 4) {
7245 gen_helper_verr(cpu_env, cpu_T0);
7246 } else {
7247 gen_helper_verw(cpu_env, cpu_T0);
7248 }
7249 set_cc_op(s, CC_OP_EFLAGS);
7250 break;
7251 default:
7252 goto unknown_op;
7253 }
7254 break;
7255
7256 case 0x101:
7257 modrm = cpu_ldub_code(env, s->pc++);
7258 switch (modrm) {
7259 CASE_MODRM_MEM_OP(0): /* sgdt */
7260 gen_svm_check_intercept(s, pc_start, SVM_EXIT_GDTR_READ);
7261 gen_lea_modrm(env, s, modrm);
7262 tcg_gen_ld32u_tl(cpu_T0,
7263 cpu_env, offsetof(CPUX86State, gdt.limit));
7264 gen_op_st_v(s, MO_16, cpu_T0, cpu_A0);
7265 gen_add_A0_im(s, 2);
7266 tcg_gen_ld_tl(cpu_T0, cpu_env, offsetof(CPUX86State, gdt.base));
7267 if (dflag == MO_16) {
7268 tcg_gen_andi_tl(cpu_T0, cpu_T0, 0xffffff);
7269 }
7270 gen_op_st_v(s, CODE64(s) + MO_32, cpu_T0, cpu_A0);
7271 break;
7272
7273 case 0xc8: /* monitor */
7274 if (!(s->cpuid_ext_features & CPUID_EXT_MONITOR) || s->cpl != 0) {
7275 goto illegal_op;
7276 }
7277 gen_update_cc_op(s);
7278 gen_jmp_im(pc_start - s->cs_base);
7279 tcg_gen_mov_tl(cpu_A0, cpu_regs[R_EAX]);
7280 gen_extu(s->aflag, cpu_A0);
7281 gen_add_A0_ds_seg(s);
7282 gen_helper_monitor(cpu_env, cpu_A0);
7283 break;
7284
7285 case 0xc9: /* mwait */
7286 if (!(s->cpuid_ext_features & CPUID_EXT_MONITOR) || s->cpl != 0) {
7287 goto illegal_op;
7288 }
7289 gen_update_cc_op(s);
7290 gen_jmp_im(pc_start - s->cs_base);
7291 gen_helper_mwait(cpu_env, tcg_const_i32(s->pc - pc_start));
7292 gen_eob(s);
7293 break;
7294
7295 case 0xca: /* clac */
7296 if (!(s->cpuid_7_0_ebx_features & CPUID_7_0_EBX_SMAP)
7297 || s->cpl != 0) {
7298 goto illegal_op;
7299 }
7300 gen_helper_clac(cpu_env);
7301 gen_jmp_im(s->pc - s->cs_base);
7302 gen_eob(s);
7303 break;
7304
7305 case 0xcb: /* stac */
7306 if (!(s->cpuid_7_0_ebx_features & CPUID_7_0_EBX_SMAP)
7307 || s->cpl != 0) {
7308 goto illegal_op;
7309 }
7310 gen_helper_stac(cpu_env);
7311 gen_jmp_im(s->pc - s->cs_base);
7312 gen_eob(s);
7313 break;
7314
7315 CASE_MODRM_MEM_OP(1): /* sidt */
7316 gen_svm_check_intercept(s, pc_start, SVM_EXIT_IDTR_READ);
7317 gen_lea_modrm(env, s, modrm);
7318 tcg_gen_ld32u_tl(cpu_T0, cpu_env, offsetof(CPUX86State, idt.limit));
7319 gen_op_st_v(s, MO_16, cpu_T0, cpu_A0);
7320 gen_add_A0_im(s, 2);
7321 tcg_gen_ld_tl(cpu_T0, cpu_env, offsetof(CPUX86State, idt.base));
7322 if (dflag == MO_16) {
7323 tcg_gen_andi_tl(cpu_T0, cpu_T0, 0xffffff);
7324 }
7325 gen_op_st_v(s, CODE64(s) + MO_32, cpu_T0, cpu_A0);
7326 break;
7327
7328 case 0xd0: /* xgetbv */
7329 if ((s->cpuid_ext_features & CPUID_EXT_XSAVE) == 0
7330 || (s->prefix & (PREFIX_LOCK | PREFIX_DATA
7331 | PREFIX_REPZ | PREFIX_REPNZ))) {
7332 goto illegal_op;
7333 }
7334 tcg_gen_trunc_tl_i32(cpu_tmp2_i32, cpu_regs[R_ECX]);
7335 gen_helper_xgetbv(cpu_tmp1_i64, cpu_env, cpu_tmp2_i32);
7336 tcg_gen_extr_i64_tl(cpu_regs[R_EAX], cpu_regs[R_EDX], cpu_tmp1_i64);
7337 break;
7338
7339 case 0xd1: /* xsetbv */
7340 if ((s->cpuid_ext_features & CPUID_EXT_XSAVE) == 0
7341 || (s->prefix & (PREFIX_LOCK | PREFIX_DATA
7342 | PREFIX_REPZ | PREFIX_REPNZ))) {
7343 goto illegal_op;
7344 }
7345 if (s->cpl != 0) {
7346 gen_exception(s, EXCP0D_GPF, pc_start - s->cs_base);
7347 break;
7348 }
7349 tcg_gen_concat_tl_i64(cpu_tmp1_i64, cpu_regs[R_EAX],
7350 cpu_regs[R_EDX]);
7351 tcg_gen_trunc_tl_i32(cpu_tmp2_i32, cpu_regs[R_ECX]);
7352 gen_helper_xsetbv(cpu_env, cpu_tmp2_i32, cpu_tmp1_i64);
7353 /* End TB because translation flags may change. */
7354 gen_jmp_im(s->pc - s->cs_base);
7355 gen_eob(s);
7356 break;
7357
7358 case 0xd8: /* VMRUN */
7359 if (!(s->flags & HF_SVME_MASK) || !s->pe) {
7360 goto illegal_op;
7361 }
7362 if (s->cpl != 0) {
7363 gen_exception(s, EXCP0D_GPF, pc_start - s->cs_base);
7364 break;
7365 }
7366 gen_update_cc_op(s);
7367 gen_jmp_im(pc_start - s->cs_base);
7368 gen_helper_vmrun(cpu_env, tcg_const_i32(s->aflag - 1),
7369 tcg_const_i32(s->pc - pc_start));
7370 tcg_gen_exit_tb(0);
7371 s->is_jmp = DISAS_TB_JUMP;
7372 break;
7373
7374 case 0xd9: /* VMMCALL */
7375 if (!(s->flags & HF_SVME_MASK)) {
7376 goto illegal_op;
7377 }
7378 gen_update_cc_op(s);
7379 gen_jmp_im(pc_start - s->cs_base);
7380 gen_helper_vmmcall(cpu_env);
7381 break;
7382
7383 case 0xda: /* VMLOAD */
7384 if (!(s->flags & HF_SVME_MASK) || !s->pe) {
7385 goto illegal_op;
7386 }
7387 if (s->cpl != 0) {
7388 gen_exception(s, EXCP0D_GPF, pc_start - s->cs_base);
7389 break;
7390 }
7391 gen_update_cc_op(s);
7392 gen_jmp_im(pc_start - s->cs_base);
7393 gen_helper_vmload(cpu_env, tcg_const_i32(s->aflag - 1));
7394 break;
7395
7396 case 0xdb: /* VMSAVE */
7397 if (!(s->flags & HF_SVME_MASK) || !s->pe) {
7398 goto illegal_op;
7399 }
7400 if (s->cpl != 0) {
7401 gen_exception(s, EXCP0D_GPF, pc_start - s->cs_base);
7402 break;
7403 }
7404 gen_update_cc_op(s);
7405 gen_jmp_im(pc_start - s->cs_base);
7406 gen_helper_vmsave(cpu_env, tcg_const_i32(s->aflag - 1));
7407 break;
7408
7409 case 0xdc: /* STGI */
7410 if ((!(s->flags & HF_SVME_MASK)
7411 && !(s->cpuid_ext3_features & CPUID_EXT3_SKINIT))
7412 || !s->pe) {
7413 goto illegal_op;
7414 }
7415 if (s->cpl != 0) {
7416 gen_exception(s, EXCP0D_GPF, pc_start - s->cs_base);
7417 break;
7418 }
7419 gen_update_cc_op(s);
7420 gen_jmp_im(pc_start - s->cs_base);
7421 gen_helper_stgi(cpu_env);
7422 break;
7423
7424 case 0xdd: /* CLGI */
7425 if (!(s->flags & HF_SVME_MASK) || !s->pe) {
7426 goto illegal_op;
7427 }
7428 if (s->cpl != 0) {
7429 gen_exception(s, EXCP0D_GPF, pc_start - s->cs_base);
7430 break;
7431 }
7432 gen_update_cc_op(s);
7433 gen_jmp_im(pc_start - s->cs_base);
7434 gen_helper_clgi(cpu_env);
7435 break;
7436
7437 case 0xde: /* SKINIT */
7438 if ((!(s->flags & HF_SVME_MASK)
7439 && !(s->cpuid_ext3_features & CPUID_EXT3_SKINIT))
7440 || !s->pe) {
7441 goto illegal_op;
7442 }
7443 gen_update_cc_op(s);
7444 gen_jmp_im(pc_start - s->cs_base);
7445 gen_helper_skinit(cpu_env);
7446 break;
7447
7448 case 0xdf: /* INVLPGA */
7449 if (!(s->flags & HF_SVME_MASK) || !s->pe) {
7450 goto illegal_op;
7451 }
7452 if (s->cpl != 0) {
7453 gen_exception(s, EXCP0D_GPF, pc_start - s->cs_base);
7454 break;
7455 }
7456 gen_update_cc_op(s);
7457 gen_jmp_im(pc_start - s->cs_base);
7458 gen_helper_invlpga(cpu_env, tcg_const_i32(s->aflag - 1));
7459 break;
7460
7461 CASE_MODRM_MEM_OP(2): /* lgdt */
7462 if (s->cpl != 0) {
7463 gen_exception(s, EXCP0D_GPF, pc_start - s->cs_base);
7464 break;
7465 }
7466 gen_svm_check_intercept(s, pc_start, SVM_EXIT_GDTR_WRITE);
7467 gen_lea_modrm(env, s, modrm);
7468 gen_op_ld_v(s, MO_16, cpu_T1, cpu_A0);
7469 gen_add_A0_im(s, 2);
7470 gen_op_ld_v(s, CODE64(s) + MO_32, cpu_T0, cpu_A0);
7471 if (dflag == MO_16) {
7472 tcg_gen_andi_tl(cpu_T0, cpu_T0, 0xffffff);
7473 }
7474 tcg_gen_st_tl(cpu_T0, cpu_env, offsetof(CPUX86State, gdt.base));
7475 tcg_gen_st32_tl(cpu_T1, cpu_env, offsetof(CPUX86State, gdt.limit));
7476 break;
7477
7478 CASE_MODRM_MEM_OP(3): /* lidt */
7479 if (s->cpl != 0) {
7480 gen_exception(s, EXCP0D_GPF, pc_start - s->cs_base);
7481 break;
7482 }
7483 gen_svm_check_intercept(s, pc_start, SVM_EXIT_IDTR_WRITE);
7484 gen_lea_modrm(env, s, modrm);
7485 gen_op_ld_v(s, MO_16, cpu_T1, cpu_A0);
7486 gen_add_A0_im(s, 2);
7487 gen_op_ld_v(s, CODE64(s) + MO_32, cpu_T0, cpu_A0);
7488 if (dflag == MO_16) {
7489 tcg_gen_andi_tl(cpu_T0, cpu_T0, 0xffffff);
7490 }
7491 tcg_gen_st_tl(cpu_T0, cpu_env, offsetof(CPUX86State, idt.base));
7492 tcg_gen_st32_tl(cpu_T1, cpu_env, offsetof(CPUX86State, idt.limit));
7493 break;
7494
7495 CASE_MODRM_OP(4): /* smsw */
7496 gen_svm_check_intercept(s, pc_start, SVM_EXIT_READ_CR0);
7497 tcg_gen_ld_tl(cpu_T0, cpu_env, offsetof(CPUX86State, cr[0]));
7498 if (CODE64(s)) {
7499 mod = (modrm >> 6) & 3;
7500 ot = (mod != 3 ? MO_16 : s->dflag);
7501 } else {
7502 ot = MO_16;
7503 }
7504 gen_ldst_modrm(env, s, modrm, ot, OR_TMP0, 1);
7505 break;
7506 case 0xee: /* rdpkru */
7507 if (prefixes & PREFIX_LOCK) {
7508 goto illegal_op;
7509 }
7510 tcg_gen_trunc_tl_i32(cpu_tmp2_i32, cpu_regs[R_ECX]);
7511 gen_helper_rdpkru(cpu_tmp1_i64, cpu_env, cpu_tmp2_i32);
7512 tcg_gen_extr_i64_tl(cpu_regs[R_EAX], cpu_regs[R_EDX], cpu_tmp1_i64);
7513 break;
7514 case 0xef: /* wrpkru */
7515 if (prefixes & PREFIX_LOCK) {
7516 goto illegal_op;
7517 }
7518 tcg_gen_concat_tl_i64(cpu_tmp1_i64, cpu_regs[R_EAX],
7519 cpu_regs[R_EDX]);
7520 tcg_gen_trunc_tl_i32(cpu_tmp2_i32, cpu_regs[R_ECX]);
7521 gen_helper_wrpkru(cpu_env, cpu_tmp2_i32, cpu_tmp1_i64);
7522 break;
7523 CASE_MODRM_OP(6): /* lmsw */
7524 if (s->cpl != 0) {
7525 gen_exception(s, EXCP0D_GPF, pc_start - s->cs_base);
7526 break;
7527 }
7528 gen_svm_check_intercept(s, pc_start, SVM_EXIT_WRITE_CR0);
7529 gen_ldst_modrm(env, s, modrm, MO_16, OR_TMP0, 0);
7530 gen_helper_lmsw(cpu_env, cpu_T0);
7531 gen_jmp_im(s->pc - s->cs_base);
7532 gen_eob(s);
7533 break;
7534
7535 CASE_MODRM_MEM_OP(7): /* invlpg */
7536 if (s->cpl != 0) {
7537 gen_exception(s, EXCP0D_GPF, pc_start - s->cs_base);
7538 break;
7539 }
7540 gen_update_cc_op(s);
7541 gen_jmp_im(pc_start - s->cs_base);
7542 gen_lea_modrm(env, s, modrm);
7543 gen_helper_invlpg(cpu_env, cpu_A0);
7544 gen_jmp_im(s->pc - s->cs_base);
7545 gen_eob(s);
7546 break;
7547
7548 case 0xf8: /* swapgs */
7549 #ifdef TARGET_X86_64
7550 if (CODE64(s)) {
7551 if (s->cpl != 0) {
7552 gen_exception(s, EXCP0D_GPF, pc_start - s->cs_base);
7553 } else {
7554 tcg_gen_mov_tl(cpu_T0, cpu_seg_base[R_GS]);
7555 tcg_gen_ld_tl(cpu_seg_base[R_GS], cpu_env,
7556 offsetof(CPUX86State, kernelgsbase));
7557 tcg_gen_st_tl(cpu_T0, cpu_env,
7558 offsetof(CPUX86State, kernelgsbase));
7559 }
7560 break;
7561 }
7562 #endif
7563 goto illegal_op;
7564
7565 case 0xf9: /* rdtscp */
7566 if (!(s->cpuid_ext2_features & CPUID_EXT2_RDTSCP)) {
7567 goto illegal_op;
7568 }
7569 gen_update_cc_op(s);
7570 gen_jmp_im(pc_start - s->cs_base);
7571 if (s->tb->cflags & CF_USE_ICOUNT) {
7572 gen_io_start();
7573 }
7574 gen_helper_rdtscp(cpu_env);
7575 if (s->tb->cflags & CF_USE_ICOUNT) {
7576 gen_io_end();
7577 gen_jmp(s, s->pc - s->cs_base);
7578 }
7579 break;
7580
7581 default:
7582 goto unknown_op;
7583 }
7584 break;
7585
7586 case 0x108: /* invd */
7587 case 0x109: /* wbinvd */
7588 if (s->cpl != 0) {
7589 gen_exception(s, EXCP0D_GPF, pc_start - s->cs_base);
7590 } else {
7591 gen_svm_check_intercept(s, pc_start, (b & 2) ? SVM_EXIT_INVD : SVM_EXIT_WBINVD);
7592 /* nothing to do */
7593 }
7594 break;
7595 case 0x63: /* arpl or movslS (x86_64) */
7596 #ifdef TARGET_X86_64
7597 if (CODE64(s)) {
7598 int d_ot;
7599 /* d_ot is the size of destination */
7600 d_ot = dflag;
7601
7602 modrm = cpu_ldub_code(env, s->pc++);
7603 reg = ((modrm >> 3) & 7) | rex_r;
7604 mod = (modrm >> 6) & 3;
7605 rm = (modrm & 7) | REX_B(s);
7606
7607 if (mod == 3) {
7608 gen_op_mov_v_reg(MO_32, cpu_T0, rm);
7609 /* sign extend */
7610 if (d_ot == MO_64) {
7611 tcg_gen_ext32s_tl(cpu_T0, cpu_T0);
7612 }
7613 gen_op_mov_reg_v(d_ot, reg, cpu_T0);
7614 } else {
7615 gen_lea_modrm(env, s, modrm);
7616 gen_op_ld_v(s, MO_32 | MO_SIGN, cpu_T0, cpu_A0);
7617 gen_op_mov_reg_v(d_ot, reg, cpu_T0);
7618 }
7619 } else
7620 #endif
7621 {
7622 TCGLabel *label1;
7623 TCGv t0, t1, t2, a0;
7624
7625 if (!s->pe || s->vm86)
7626 goto illegal_op;
7627 t0 = tcg_temp_local_new();
7628 t1 = tcg_temp_local_new();
7629 t2 = tcg_temp_local_new();
7630 ot = MO_16;
7631 modrm = cpu_ldub_code(env, s->pc++);
7632 reg = (modrm >> 3) & 7;
7633 mod = (modrm >> 6) & 3;
7634 rm = modrm & 7;
7635 if (mod != 3) {
7636 gen_lea_modrm(env, s, modrm);
7637 gen_op_ld_v(s, ot, t0, cpu_A0);
7638 a0 = tcg_temp_local_new();
7639 tcg_gen_mov_tl(a0, cpu_A0);
7640 } else {
7641 gen_op_mov_v_reg(ot, t0, rm);
7642 TCGV_UNUSED(a0);
7643 }
7644 gen_op_mov_v_reg(ot, t1, reg);
7645 tcg_gen_andi_tl(cpu_tmp0, t0, 3);
7646 tcg_gen_andi_tl(t1, t1, 3);
7647 tcg_gen_movi_tl(t2, 0);
7648 label1 = gen_new_label();
7649 tcg_gen_brcond_tl(TCG_COND_GE, cpu_tmp0, t1, label1);
7650 tcg_gen_andi_tl(t0, t0, ~3);
7651 tcg_gen_or_tl(t0, t0, t1);
7652 tcg_gen_movi_tl(t2, CC_Z);
7653 gen_set_label(label1);
7654 if (mod != 3) {
7655 gen_op_st_v(s, ot, t0, a0);
7656 tcg_temp_free(a0);
7657 } else {
7658 gen_op_mov_reg_v(ot, rm, t0);
7659 }
7660 gen_compute_eflags(s);
7661 tcg_gen_andi_tl(cpu_cc_src, cpu_cc_src, ~CC_Z);
7662 tcg_gen_or_tl(cpu_cc_src, cpu_cc_src, t2);
7663 tcg_temp_free(t0);
7664 tcg_temp_free(t1);
7665 tcg_temp_free(t2);
7666 }
7667 break;
7668 case 0x102: /* lar */
7669 case 0x103: /* lsl */
7670 {
7671 TCGLabel *label1;
7672 TCGv t0;
7673 if (!s->pe || s->vm86)
7674 goto illegal_op;
7675 ot = dflag != MO_16 ? MO_32 : MO_16;
7676 modrm = cpu_ldub_code(env, s->pc++);
7677 reg = ((modrm >> 3) & 7) | rex_r;
7678 gen_ldst_modrm(env, s, modrm, MO_16, OR_TMP0, 0);
7679 t0 = tcg_temp_local_new();
7680 gen_update_cc_op(s);
7681 if (b == 0x102) {
7682 gen_helper_lar(t0, cpu_env, cpu_T0);
7683 } else {
7684 gen_helper_lsl(t0, cpu_env, cpu_T0);
7685 }
7686 tcg_gen_andi_tl(cpu_tmp0, cpu_cc_src, CC_Z);
7687 label1 = gen_new_label();
7688 tcg_gen_brcondi_tl(TCG_COND_EQ, cpu_tmp0, 0, label1);
7689 gen_op_mov_reg_v(ot, reg, t0);
7690 gen_set_label(label1);
7691 set_cc_op(s, CC_OP_EFLAGS);
7692 tcg_temp_free(t0);
7693 }
7694 break;
7695 case 0x118:
7696 modrm = cpu_ldub_code(env, s->pc++);
7697 mod = (modrm >> 6) & 3;
7698 op = (modrm >> 3) & 7;
7699 switch(op) {
7700 case 0: /* prefetchnta */
7701 case 1: /* prefetchnt0 */
7702 case 2: /* prefetchnt0 */
7703 case 3: /* prefetchnt0 */
7704 if (mod == 3)
7705 goto illegal_op;
7706 gen_nop_modrm(env, s, modrm);
7707 /* nothing more to do */
7708 break;
7709 default: /* nop (multi byte) */
7710 gen_nop_modrm(env, s, modrm);
7711 break;
7712 }
7713 break;
7714 case 0x11a:
7715 modrm = cpu_ldub_code(env, s->pc++);
7716 if (s->flags & HF_MPX_EN_MASK) {
7717 mod = (modrm >> 6) & 3;
7718 reg = ((modrm >> 3) & 7) | rex_r;
7719 if (prefixes & PREFIX_REPZ) {
7720 /* bndcl */
7721 if (reg >= 4
7722 || (prefixes & PREFIX_LOCK)
7723 || s->aflag == MO_16) {
7724 goto illegal_op;
7725 }
7726 gen_bndck(env, s, modrm, TCG_COND_LTU, cpu_bndl[reg]);
7727 } else if (prefixes & PREFIX_REPNZ) {
7728 /* bndcu */
7729 if (reg >= 4
7730 || (prefixes & PREFIX_LOCK)
7731 || s->aflag == MO_16) {
7732 goto illegal_op;
7733 }
7734 TCGv_i64 notu = tcg_temp_new_i64();
7735 tcg_gen_not_i64(notu, cpu_bndu[reg]);
7736 gen_bndck(env, s, modrm, TCG_COND_GTU, notu);
7737 tcg_temp_free_i64(notu);
7738 } else if (prefixes & PREFIX_DATA) {
7739 /* bndmov -- from reg/mem */
7740 if (reg >= 4 || s->aflag == MO_16) {
7741 goto illegal_op;
7742 }
7743 if (mod == 3) {
7744 int reg2 = (modrm & 7) | REX_B(s);
7745 if (reg2 >= 4 || (prefixes & PREFIX_LOCK)) {
7746 goto illegal_op;
7747 }
7748 if (s->flags & HF_MPX_IU_MASK) {
7749 tcg_gen_mov_i64(cpu_bndl[reg], cpu_bndl[reg2]);
7750 tcg_gen_mov_i64(cpu_bndu[reg], cpu_bndu[reg2]);
7751 }
7752 } else {
7753 gen_lea_modrm(env, s, modrm);
7754 if (CODE64(s)) {
7755 tcg_gen_qemu_ld_i64(cpu_bndl[reg], cpu_A0,
7756 s->mem_index, MO_LEQ);
7757 tcg_gen_addi_tl(cpu_A0, cpu_A0, 8);
7758 tcg_gen_qemu_ld_i64(cpu_bndu[reg], cpu_A0,
7759 s->mem_index, MO_LEQ);
7760 } else {
7761 tcg_gen_qemu_ld_i64(cpu_bndl[reg], cpu_A0,
7762 s->mem_index, MO_LEUL);
7763 tcg_gen_addi_tl(cpu_A0, cpu_A0, 4);
7764 tcg_gen_qemu_ld_i64(cpu_bndu[reg], cpu_A0,
7765 s->mem_index, MO_LEUL);
7766 }
7767 /* bnd registers are now in-use */
7768 gen_set_hflag(s, HF_MPX_IU_MASK);
7769 }
7770 } else if (mod != 3) {
7771 /* bndldx */
7772 AddressParts a = gen_lea_modrm_0(env, s, modrm);
7773 if (reg >= 4
7774 || (prefixes & PREFIX_LOCK)
7775 || s->aflag == MO_16
7776 || a.base < -1) {
7777 goto illegal_op;
7778 }
7779 if (a.base >= 0) {
7780 tcg_gen_addi_tl(cpu_A0, cpu_regs[a.base], a.disp);
7781 } else {
7782 tcg_gen_movi_tl(cpu_A0, 0);
7783 }
7784 gen_lea_v_seg(s, s->aflag, cpu_A0, a.def_seg, s->override);
7785 if (a.index >= 0) {
7786 tcg_gen_mov_tl(cpu_T0, cpu_regs[a.index]);
7787 } else {
7788 tcg_gen_movi_tl(cpu_T0, 0);
7789 }
7790 if (CODE64(s)) {
7791 gen_helper_bndldx64(cpu_bndl[reg], cpu_env, cpu_A0, cpu_T0);
7792 tcg_gen_ld_i64(cpu_bndu[reg], cpu_env,
7793 offsetof(CPUX86State, mmx_t0.MMX_Q(0)));
7794 } else {
7795 gen_helper_bndldx32(cpu_bndu[reg], cpu_env, cpu_A0, cpu_T0);
7796 tcg_gen_ext32u_i64(cpu_bndl[reg], cpu_bndu[reg]);
7797 tcg_gen_shri_i64(cpu_bndu[reg], cpu_bndu[reg], 32);
7798 }
7799 gen_set_hflag(s, HF_MPX_IU_MASK);
7800 }
7801 }
7802 gen_nop_modrm(env, s, modrm);
7803 break;
7804 case 0x11b:
7805 modrm = cpu_ldub_code(env, s->pc++);
7806 if (s->flags & HF_MPX_EN_MASK) {
7807 mod = (modrm >> 6) & 3;
7808 reg = ((modrm >> 3) & 7) | rex_r;
7809 if (mod != 3 && (prefixes & PREFIX_REPZ)) {
7810 /* bndmk */
7811 if (reg >= 4
7812 || (prefixes & PREFIX_LOCK)
7813 || s->aflag == MO_16) {
7814 goto illegal_op;
7815 }
7816 AddressParts a = gen_lea_modrm_0(env, s, modrm);
7817 if (a.base >= 0) {
7818 tcg_gen_extu_tl_i64(cpu_bndl[reg], cpu_regs[a.base]);
7819 if (!CODE64(s)) {
7820 tcg_gen_ext32u_i64(cpu_bndl[reg], cpu_bndl[reg]);
7821 }
7822 } else if (a.base == -1) {
7823 /* no base register has lower bound of 0 */
7824 tcg_gen_movi_i64(cpu_bndl[reg], 0);
7825 } else {
7826 /* rip-relative generates #ud */
7827 goto illegal_op;
7828 }
7829 tcg_gen_not_tl(cpu_A0, gen_lea_modrm_1(a));
7830 if (!CODE64(s)) {
7831 tcg_gen_ext32u_tl(cpu_A0, cpu_A0);
7832 }
7833 tcg_gen_extu_tl_i64(cpu_bndu[reg], cpu_A0);
7834 /* bnd registers are now in-use */
7835 gen_set_hflag(s, HF_MPX_IU_MASK);
7836 break;
7837 } else if (prefixes & PREFIX_REPNZ) {
7838 /* bndcn */
7839 if (reg >= 4
7840 || (prefixes & PREFIX_LOCK)
7841 || s->aflag == MO_16) {
7842 goto illegal_op;
7843 }
7844 gen_bndck(env, s, modrm, TCG_COND_GTU, cpu_bndu[reg]);
7845 } else if (prefixes & PREFIX_DATA) {
7846 /* bndmov -- to reg/mem */
7847 if (reg >= 4 || s->aflag == MO_16) {
7848 goto illegal_op;
7849 }
7850 if (mod == 3) {
7851 int reg2 = (modrm & 7) | REX_B(s);
7852 if (reg2 >= 4 || (prefixes & PREFIX_LOCK)) {
7853 goto illegal_op;
7854 }
7855 if (s->flags & HF_MPX_IU_MASK) {
7856 tcg_gen_mov_i64(cpu_bndl[reg2], cpu_bndl[reg]);
7857 tcg_gen_mov_i64(cpu_bndu[reg2], cpu_bndu[reg]);
7858 }
7859 } else {
7860 gen_lea_modrm(env, s, modrm);
7861 if (CODE64(s)) {
7862 tcg_gen_qemu_st_i64(cpu_bndl[reg], cpu_A0,
7863 s->mem_index, MO_LEQ);
7864 tcg_gen_addi_tl(cpu_A0, cpu_A0, 8);
7865 tcg_gen_qemu_st_i64(cpu_bndu[reg], cpu_A0,
7866 s->mem_index, MO_LEQ);
7867 } else {
7868 tcg_gen_qemu_st_i64(cpu_bndl[reg], cpu_A0,
7869 s->mem_index, MO_LEUL);
7870 tcg_gen_addi_tl(cpu_A0, cpu_A0, 4);
7871 tcg_gen_qemu_st_i64(cpu_bndu[reg], cpu_A0,
7872 s->mem_index, MO_LEUL);
7873 }
7874 }
7875 } else if (mod != 3) {
7876 /* bndstx */
7877 AddressParts a = gen_lea_modrm_0(env, s, modrm);
7878 if (reg >= 4
7879 || (prefixes & PREFIX_LOCK)
7880 || s->aflag == MO_16
7881 || a.base < -1) {
7882 goto illegal_op;
7883 }
7884 if (a.base >= 0) {
7885 tcg_gen_addi_tl(cpu_A0, cpu_regs[a.base], a.disp);
7886 } else {
7887 tcg_gen_movi_tl(cpu_A0, 0);
7888 }
7889 gen_lea_v_seg(s, s->aflag, cpu_A0, a.def_seg, s->override);
7890 if (a.index >= 0) {
7891 tcg_gen_mov_tl(cpu_T0, cpu_regs[a.index]);
7892 } else {
7893 tcg_gen_movi_tl(cpu_T0, 0);
7894 }
7895 if (CODE64(s)) {
7896 gen_helper_bndstx64(cpu_env, cpu_A0, cpu_T0,
7897 cpu_bndl[reg], cpu_bndu[reg]);
7898 } else {
7899 gen_helper_bndstx32(cpu_env, cpu_A0, cpu_T0,
7900 cpu_bndl[reg], cpu_bndu[reg]);
7901 }
7902 }
7903 }
7904 gen_nop_modrm(env, s, modrm);
7905 break;
7906 case 0x119: case 0x11c ... 0x11f: /* nop (multi byte) */
7907 modrm = cpu_ldub_code(env, s->pc++);
7908 gen_nop_modrm(env, s, modrm);
7909 break;
7910 case 0x120: /* mov reg, crN */
7911 case 0x122: /* mov crN, reg */
7912 if (s->cpl != 0) {
7913 gen_exception(s, EXCP0D_GPF, pc_start - s->cs_base);
7914 } else {
7915 modrm = cpu_ldub_code(env, s->pc++);
7916 /* Ignore the mod bits (assume (modrm&0xc0)==0xc0).
7917 * AMD documentation (24594.pdf) and testing of
7918 * intel 386 and 486 processors all show that the mod bits
7919 * are assumed to be 1's, regardless of actual values.
7920 */
7921 rm = (modrm & 7) | REX_B(s);
7922 reg = ((modrm >> 3) & 7) | rex_r;
7923 if (CODE64(s))
7924 ot = MO_64;
7925 else
7926 ot = MO_32;
7927 if ((prefixes & PREFIX_LOCK) && (reg == 0) &&
7928 (s->cpuid_ext3_features & CPUID_EXT3_CR8LEG)) {
7929 reg = 8;
7930 }
7931 switch(reg) {
7932 case 0:
7933 case 2:
7934 case 3:
7935 case 4:
7936 case 8:
7937 gen_update_cc_op(s);
7938 gen_jmp_im(pc_start - s->cs_base);
7939 if (b & 2) {
7940 gen_op_mov_v_reg(ot, cpu_T0, rm);
7941 gen_helper_write_crN(cpu_env, tcg_const_i32(reg),
7942 cpu_T0);
7943 gen_jmp_im(s->pc - s->cs_base);
7944 gen_eob(s);
7945 } else {
7946 gen_helper_read_crN(cpu_T0, cpu_env, tcg_const_i32(reg));
7947 gen_op_mov_reg_v(ot, rm, cpu_T0);
7948 }
7949 break;
7950 default:
7951 goto unknown_op;
7952 }
7953 }
7954 break;
7955 case 0x121: /* mov reg, drN */
7956 case 0x123: /* mov drN, reg */
7957 if (s->cpl != 0) {
7958 gen_exception(s, EXCP0D_GPF, pc_start - s->cs_base);
7959 } else {
7960 modrm = cpu_ldub_code(env, s->pc++);
7961 /* Ignore the mod bits (assume (modrm&0xc0)==0xc0).
7962 * AMD documentation (24594.pdf) and testing of
7963 * intel 386 and 486 processors all show that the mod bits
7964 * are assumed to be 1's, regardless of actual values.
7965 */
7966 rm = (modrm & 7) | REX_B(s);
7967 reg = ((modrm >> 3) & 7) | rex_r;
7968 if (CODE64(s))
7969 ot = MO_64;
7970 else
7971 ot = MO_32;
7972 if (reg >= 8) {
7973 goto illegal_op;
7974 }
7975 if (b & 2) {
7976 gen_svm_check_intercept(s, pc_start, SVM_EXIT_WRITE_DR0 + reg);
7977 gen_op_mov_v_reg(ot, cpu_T0, rm);
7978 tcg_gen_movi_i32(cpu_tmp2_i32, reg);
7979 gen_helper_set_dr(cpu_env, cpu_tmp2_i32, cpu_T0);
7980 gen_jmp_im(s->pc - s->cs_base);
7981 gen_eob(s);
7982 } else {
7983 gen_svm_check_intercept(s, pc_start, SVM_EXIT_READ_DR0 + reg);
7984 tcg_gen_movi_i32(cpu_tmp2_i32, reg);
7985 gen_helper_get_dr(cpu_T0, cpu_env, cpu_tmp2_i32);
7986 gen_op_mov_reg_v(ot, rm, cpu_T0);
7987 }
7988 }
7989 break;
7990 case 0x106: /* clts */
7991 if (s->cpl != 0) {
7992 gen_exception(s, EXCP0D_GPF, pc_start - s->cs_base);
7993 } else {
7994 gen_svm_check_intercept(s, pc_start, SVM_EXIT_WRITE_CR0);
7995 gen_helper_clts(cpu_env);
7996 /* abort block because static cpu state changed */
7997 gen_jmp_im(s->pc - s->cs_base);
7998 gen_eob(s);
7999 }
8000 break;
8001 /* MMX/3DNow!/SSE/SSE2/SSE3/SSSE3/SSE4 support */
8002 case 0x1c3: /* MOVNTI reg, mem */
8003 if (!(s->cpuid_features & CPUID_SSE2))
8004 goto illegal_op;
8005 ot = mo_64_32(dflag);
8006 modrm = cpu_ldub_code(env, s->pc++);
8007 mod = (modrm >> 6) & 3;
8008 if (mod == 3)
8009 goto illegal_op;
8010 reg = ((modrm >> 3) & 7) | rex_r;
8011 /* generate a generic store */
8012 gen_ldst_modrm(env, s, modrm, ot, reg, 1);
8013 break;
8014 case 0x1ae:
8015 modrm = cpu_ldub_code(env, s->pc++);
8016 switch (modrm) {
8017 CASE_MODRM_MEM_OP(0): /* fxsave */
8018 if (!(s->cpuid_features & CPUID_FXSR)
8019 || (prefixes & PREFIX_LOCK)) {
8020 goto illegal_op;
8021 }
8022 if ((s->flags & HF_EM_MASK) || (s->flags & HF_TS_MASK)) {
8023 gen_exception(s, EXCP07_PREX, pc_start - s->cs_base);
8024 break;
8025 }
8026 gen_lea_modrm(env, s, modrm);
8027 gen_helper_fxsave(cpu_env, cpu_A0);
8028 break;
8029
8030 CASE_MODRM_MEM_OP(1): /* fxrstor */
8031 if (!(s->cpuid_features & CPUID_FXSR)
8032 || (prefixes & PREFIX_LOCK)) {
8033 goto illegal_op;
8034 }
8035 if ((s->flags & HF_EM_MASK) || (s->flags & HF_TS_MASK)) {
8036 gen_exception(s, EXCP07_PREX, pc_start - s->cs_base);
8037 break;
8038 }
8039 gen_lea_modrm(env, s, modrm);
8040 gen_helper_fxrstor(cpu_env, cpu_A0);
8041 break;
8042
8043 CASE_MODRM_MEM_OP(2): /* ldmxcsr */
8044 if ((s->flags & HF_EM_MASK) || !(s->flags & HF_OSFXSR_MASK)) {
8045 goto illegal_op;
8046 }
8047 if (s->flags & HF_TS_MASK) {
8048 gen_exception(s, EXCP07_PREX, pc_start - s->cs_base);
8049 break;
8050 }
8051 gen_lea_modrm(env, s, modrm);
8052 tcg_gen_qemu_ld_i32(cpu_tmp2_i32, cpu_A0, s->mem_index, MO_LEUL);
8053 gen_helper_ldmxcsr(cpu_env, cpu_tmp2_i32);
8054 break;
8055
8056 CASE_MODRM_MEM_OP(3): /* stmxcsr */
8057 if ((s->flags & HF_EM_MASK) || !(s->flags & HF_OSFXSR_MASK)) {
8058 goto illegal_op;
8059 }
8060 if (s->flags & HF_TS_MASK) {
8061 gen_exception(s, EXCP07_PREX, pc_start - s->cs_base);
8062 break;
8063 }
8064 gen_lea_modrm(env, s, modrm);
8065 tcg_gen_ld32u_tl(cpu_T0, cpu_env, offsetof(CPUX86State, mxcsr));
8066 gen_op_st_v(s, MO_32, cpu_T0, cpu_A0);
8067 break;
8068
8069 CASE_MODRM_MEM_OP(4): /* xsave */
8070 if ((s->cpuid_ext_features & CPUID_EXT_XSAVE) == 0
8071 || (prefixes & (PREFIX_LOCK | PREFIX_DATA
8072 | PREFIX_REPZ | PREFIX_REPNZ))) {
8073 goto illegal_op;
8074 }
8075 gen_lea_modrm(env, s, modrm);
8076 tcg_gen_concat_tl_i64(cpu_tmp1_i64, cpu_regs[R_EAX],
8077 cpu_regs[R_EDX]);
8078 gen_helper_xsave(cpu_env, cpu_A0, cpu_tmp1_i64);
8079 break;
8080
8081 CASE_MODRM_MEM_OP(5): /* xrstor */
8082 if ((s->cpuid_ext_features & CPUID_EXT_XSAVE) == 0
8083 || (prefixes & (PREFIX_LOCK | PREFIX_DATA
8084 | PREFIX_REPZ | PREFIX_REPNZ))) {
8085 goto illegal_op;
8086 }
8087 gen_lea_modrm(env, s, modrm);
8088 tcg_gen_concat_tl_i64(cpu_tmp1_i64, cpu_regs[R_EAX],
8089 cpu_regs[R_EDX]);
8090 gen_helper_xrstor(cpu_env, cpu_A0, cpu_tmp1_i64);
8091 /* XRSTOR is how MPX is enabled, which changes how
8092 we translate. Thus we need to end the TB. */
8093 gen_update_cc_op(s);
8094 gen_jmp_im(s->pc - s->cs_base);
8095 gen_eob(s);
8096 break;
8097
8098 CASE_MODRM_MEM_OP(6): /* xsaveopt / clwb */
8099 if (prefixes & PREFIX_LOCK) {
8100 goto illegal_op;
8101 }
8102 if (prefixes & PREFIX_DATA) {
8103 /* clwb */
8104 if (!(s->cpuid_7_0_ebx_features & CPUID_7_0_EBX_CLWB)) {
8105 goto illegal_op;
8106 }
8107 gen_nop_modrm(env, s, modrm);
8108 } else {
8109 /* xsaveopt */
8110 if ((s->cpuid_ext_features & CPUID_EXT_XSAVE) == 0
8111 || (s->cpuid_xsave_features & CPUID_XSAVE_XSAVEOPT) == 0
8112 || (prefixes & (PREFIX_REPZ | PREFIX_REPNZ))) {
8113 goto illegal_op;
8114 }
8115 gen_lea_modrm(env, s, modrm);
8116 tcg_gen_concat_tl_i64(cpu_tmp1_i64, cpu_regs[R_EAX],
8117 cpu_regs[R_EDX]);
8118 gen_helper_xsaveopt(cpu_env, cpu_A0, cpu_tmp1_i64);
8119 }
8120 break;
8121
8122 CASE_MODRM_MEM_OP(7): /* clflush / clflushopt */
8123 if (prefixes & PREFIX_LOCK) {
8124 goto illegal_op;
8125 }
8126 if (prefixes & PREFIX_DATA) {
8127 /* clflushopt */
8128 if (!(s->cpuid_7_0_ebx_features & CPUID_7_0_EBX_CLFLUSHOPT)) {
8129 goto illegal_op;
8130 }
8131 } else {
8132 /* clflush */
8133 if ((s->prefix & (PREFIX_REPZ | PREFIX_REPNZ))
8134 || !(s->cpuid_features & CPUID_CLFLUSH)) {
8135 goto illegal_op;
8136 }
8137 }
8138 gen_nop_modrm(env, s, modrm);
8139 break;
8140
8141 case 0xc0 ... 0xc7: /* rdfsbase (f3 0f ae /0) */
8142 case 0xc8 ... 0xc8: /* rdgsbase (f3 0f ae /1) */
8143 case 0xd0 ... 0xd7: /* wrfsbase (f3 0f ae /2) */
8144 case 0xd8 ... 0xd8: /* wrgsbase (f3 0f ae /3) */
8145 if (CODE64(s)
8146 && (prefixes & PREFIX_REPZ)
8147 && !(prefixes & PREFIX_LOCK)
8148 && (s->cpuid_7_0_ebx_features & CPUID_7_0_EBX_FSGSBASE)) {
8149 TCGv base, treg, src, dst;
8150
8151 /* Preserve hflags bits by testing CR4 at runtime. */
8152 tcg_gen_movi_i32(cpu_tmp2_i32, CR4_FSGSBASE_MASK);
8153 gen_helper_cr4_testbit(cpu_env, cpu_tmp2_i32);
8154
8155 base = cpu_seg_base[modrm & 8 ? R_GS : R_FS];
8156 treg = cpu_regs[(modrm & 7) | REX_B(s)];
8157
8158 if (modrm & 0x10) {
8159 /* wr*base */
8160 dst = base, src = treg;
8161 } else {
8162 /* rd*base */
8163 dst = treg, src = base;
8164 }
8165
8166 if (s->dflag == MO_32) {
8167 tcg_gen_ext32u_tl(dst, src);
8168 } else {
8169 tcg_gen_mov_tl(dst, src);
8170 }
8171 break;
8172 }
8173 goto unknown_op;
8174
8175 case 0xf8: /* sfence / pcommit */
8176 if (prefixes & PREFIX_DATA) {
8177 /* pcommit */
8178 if (!(s->cpuid_7_0_ebx_features & CPUID_7_0_EBX_PCOMMIT)
8179 || (prefixes & PREFIX_LOCK)) {
8180 goto illegal_op;
8181 }
8182 break;
8183 }
8184 /* fallthru */
8185 case 0xf9 ... 0xff: /* sfence */
8186 if (!(s->cpuid_features & CPUID_SSE)
8187 || (prefixes & PREFIX_LOCK)) {
8188 goto illegal_op;
8189 }
8190 tcg_gen_mb(TCG_MO_ST_ST | TCG_BAR_SC);
8191 break;
8192 case 0xe8 ... 0xef: /* lfence */
8193 if (!(s->cpuid_features & CPUID_SSE)
8194 || (prefixes & PREFIX_LOCK)) {
8195 goto illegal_op;
8196 }
8197 tcg_gen_mb(TCG_MO_LD_LD | TCG_BAR_SC);
8198 break;
8199 case 0xf0 ... 0xf7: /* mfence */
8200 if (!(s->cpuid_features & CPUID_SSE2)
8201 || (prefixes & PREFIX_LOCK)) {
8202 goto illegal_op;
8203 }
8204 tcg_gen_mb(TCG_MO_ALL | TCG_BAR_SC);
8205 break;
8206
8207 default:
8208 goto unknown_op;
8209 }
8210 break;
8211
8212 case 0x10d: /* 3DNow! prefetch(w) */
8213 modrm = cpu_ldub_code(env, s->pc++);
8214 mod = (modrm >> 6) & 3;
8215 if (mod == 3)
8216 goto illegal_op;
8217 gen_nop_modrm(env, s, modrm);
8218 break;
8219 case 0x1aa: /* rsm */
8220 gen_svm_check_intercept(s, pc_start, SVM_EXIT_RSM);
8221 if (!(s->flags & HF_SMM_MASK))
8222 goto illegal_op;
8223 gen_update_cc_op(s);
8224 gen_jmp_im(s->pc - s->cs_base);
8225 gen_helper_rsm(cpu_env);
8226 gen_eob(s);
8227 break;
8228 case 0x1b8: /* SSE4.2 popcnt */
8229 if ((prefixes & (PREFIX_REPZ | PREFIX_LOCK | PREFIX_REPNZ)) !=
8230 PREFIX_REPZ)
8231 goto illegal_op;
8232 if (!(s->cpuid_ext_features & CPUID_EXT_POPCNT))
8233 goto illegal_op;
8234
8235 modrm = cpu_ldub_code(env, s->pc++);
8236 reg = ((modrm >> 3) & 7) | rex_r;
8237
8238 if (s->prefix & PREFIX_DATA) {
8239 ot = MO_16;
8240 } else {
8241 ot = mo_64_32(dflag);
8242 }
8243
8244 gen_ldst_modrm(env, s, modrm, ot, OR_TMP0, 0);
8245 gen_extu(ot, cpu_T0);
8246 tcg_gen_mov_tl(cpu_cc_src, cpu_T0);
8247 tcg_gen_ctpop_tl(cpu_T0, cpu_T0);
8248 gen_op_mov_reg_v(ot, reg, cpu_T0);
8249
8250 set_cc_op(s, CC_OP_POPCNT);
8251 break;
8252 case 0x10e ... 0x10f:
8253 /* 3DNow! instructions, ignore prefixes */
8254 s->prefix &= ~(PREFIX_REPZ | PREFIX_REPNZ | PREFIX_DATA);
8255 case 0x110 ... 0x117:
8256 case 0x128 ... 0x12f:
8257 case 0x138 ... 0x13a:
8258 case 0x150 ... 0x179:
8259 case 0x17c ... 0x17f:
8260 case 0x1c2:
8261 case 0x1c4 ... 0x1c6:
8262 case 0x1d0 ... 0x1fe:
8263 gen_sse(env, s, b, pc_start, rex_r);
8264 break;
8265 default:
8266 goto unknown_op;
8267 }
8268 return s->pc;
8269 illegal_op:
8270 gen_illegal_opcode(s);
8271 return s->pc;
8272 unknown_op:
8273 gen_unknown_opcode(env, s);
8274 return s->pc;
8275 }
8276
8277 void tcg_x86_init(void)
8278 {
8279 static const char reg_names[CPU_NB_REGS][4] = {
8280 #ifdef TARGET_X86_64
8281 [R_EAX] = "rax",
8282 [R_EBX] = "rbx",
8283 [R_ECX] = "rcx",
8284 [R_EDX] = "rdx",
8285 [R_ESI] = "rsi",
8286 [R_EDI] = "rdi",
8287 [R_EBP] = "rbp",
8288 [R_ESP] = "rsp",
8289 [8] = "r8",
8290 [9] = "r9",
8291 [10] = "r10",
8292 [11] = "r11",
8293 [12] = "r12",
8294 [13] = "r13",
8295 [14] = "r14",
8296 [15] = "r15",
8297 #else
8298 [R_EAX] = "eax",
8299 [R_EBX] = "ebx",
8300 [R_ECX] = "ecx",
8301 [R_EDX] = "edx",
8302 [R_ESI] = "esi",
8303 [R_EDI] = "edi",
8304 [R_EBP] = "ebp",
8305 [R_ESP] = "esp",
8306 #endif
8307 };
8308 static const char seg_base_names[6][8] = {
8309 [R_CS] = "cs_base",
8310 [R_DS] = "ds_base",
8311 [R_ES] = "es_base",
8312 [R_FS] = "fs_base",
8313 [R_GS] = "gs_base",
8314 [R_SS] = "ss_base",
8315 };
8316 static const char bnd_regl_names[4][8] = {
8317 "bnd0_lb", "bnd1_lb", "bnd2_lb", "bnd3_lb"
8318 };
8319 static const char bnd_regu_names[4][8] = {
8320 "bnd0_ub", "bnd1_ub", "bnd2_ub", "bnd3_ub"
8321 };
8322 int i;
8323 static bool initialized;
8324
8325 if (initialized) {
8326 return;
8327 }
8328 initialized = true;
8329
8330 cpu_env = tcg_global_reg_new_ptr(TCG_AREG0, "env");
8331 tcg_ctx.tcg_env = cpu_env;
8332 cpu_cc_op = tcg_global_mem_new_i32(cpu_env,
8333 offsetof(CPUX86State, cc_op), "cc_op");
8334 cpu_cc_dst = tcg_global_mem_new(cpu_env, offsetof(CPUX86State, cc_dst),
8335 "cc_dst");
8336 cpu_cc_src = tcg_global_mem_new(cpu_env, offsetof(CPUX86State, cc_src),
8337 "cc_src");
8338 cpu_cc_src2 = tcg_global_mem_new(cpu_env, offsetof(CPUX86State, cc_src2),
8339 "cc_src2");
8340
8341 for (i = 0; i < CPU_NB_REGS; ++i) {
8342 cpu_regs[i] = tcg_global_mem_new(cpu_env,
8343 offsetof(CPUX86State, regs[i]),
8344 reg_names[i]);
8345 }
8346
8347 for (i = 0; i < 6; ++i) {
8348 cpu_seg_base[i]
8349 = tcg_global_mem_new(cpu_env,
8350 offsetof(CPUX86State, segs[i].base),
8351 seg_base_names[i]);
8352 }
8353
8354 for (i = 0; i < 4; ++i) {
8355 cpu_bndl[i]
8356 = tcg_global_mem_new_i64(cpu_env,
8357 offsetof(CPUX86State, bnd_regs[i].lb),
8358 bnd_regl_names[i]);
8359 cpu_bndu[i]
8360 = tcg_global_mem_new_i64(cpu_env,
8361 offsetof(CPUX86State, bnd_regs[i].ub),
8362 bnd_regu_names[i]);
8363 }
8364 }
8365
8366 /* generate intermediate code for basic block 'tb'. */
8367 void gen_intermediate_code(CPUX86State *env, TranslationBlock *tb)
8368 {
8369 X86CPU *cpu = x86_env_get_cpu(env);
8370 CPUState *cs = CPU(cpu);
8371 DisasContext dc1, *dc = &dc1;
8372 target_ulong pc_ptr;
8373 uint32_t flags;
8374 target_ulong pc_start;
8375 target_ulong cs_base;
8376 int num_insns;
8377 int max_insns;
8378
8379 /* generate intermediate code */
8380 pc_start = tb->pc;
8381 cs_base = tb->cs_base;
8382 flags = tb->flags;
8383
8384 dc->pe = (flags >> HF_PE_SHIFT) & 1;
8385 dc->code32 = (flags >> HF_CS32_SHIFT) & 1;
8386 dc->ss32 = (flags >> HF_SS32_SHIFT) & 1;
8387 dc->addseg = (flags >> HF_ADDSEG_SHIFT) & 1;
8388 dc->f_st = 0;
8389 dc->vm86 = (flags >> VM_SHIFT) & 1;
8390 dc->cpl = (flags >> HF_CPL_SHIFT) & 3;
8391 dc->iopl = (flags >> IOPL_SHIFT) & 3;
8392 dc->tf = (flags >> TF_SHIFT) & 1;
8393 dc->singlestep_enabled = cs->singlestep_enabled;
8394 dc->cc_op = CC_OP_DYNAMIC;
8395 dc->cc_op_dirty = false;
8396 dc->cs_base = cs_base;
8397 dc->tb = tb;
8398 dc->popl_esp_hack = 0;
8399 /* select memory access functions */
8400 dc->mem_index = 0;
8401 #ifdef CONFIG_SOFTMMU
8402 dc->mem_index = cpu_mmu_index(env, false);
8403 #endif
8404 dc->cpuid_features = env->features[FEAT_1_EDX];
8405 dc->cpuid_ext_features = env->features[FEAT_1_ECX];
8406 dc->cpuid_ext2_features = env->features[FEAT_8000_0001_EDX];
8407 dc->cpuid_ext3_features = env->features[FEAT_8000_0001_ECX];
8408 dc->cpuid_7_0_ebx_features = env->features[FEAT_7_0_EBX];
8409 dc->cpuid_xsave_features = env->features[FEAT_XSAVE];
8410 #ifdef TARGET_X86_64
8411 dc->lma = (flags >> HF_LMA_SHIFT) & 1;
8412 dc->code64 = (flags >> HF_CS64_SHIFT) & 1;
8413 #endif
8414 dc->flags = flags;
8415 dc->jmp_opt = !(dc->tf || cs->singlestep_enabled ||
8416 (flags & HF_INHIBIT_IRQ_MASK));
8417 /* Do not optimize repz jumps at all in icount mode, because
8418 rep movsS instructions are execured with different paths
8419 in !repz_opt and repz_opt modes. The first one was used
8420 always except single step mode. And this setting
8421 disables jumps optimization and control paths become
8422 equivalent in run and single step modes.
8423 Now there will be no jump optimization for repz in
8424 record/replay modes and there will always be an
8425 additional step for ecx=0 when icount is enabled.
8426 */
8427 dc->repz_opt = !dc->jmp_opt && !(tb->cflags & CF_USE_ICOUNT);
8428 #if 0
8429 /* check addseg logic */
8430 if (!dc->addseg && (dc->vm86 || !dc->pe || !dc->code32))
8431 printf("ERROR addseg\n");
8432 #endif
8433
8434 cpu_T0 = tcg_temp_new();
8435 cpu_T1 = tcg_temp_new();
8436 cpu_A0 = tcg_temp_new();
8437
8438 cpu_tmp0 = tcg_temp_new();
8439 cpu_tmp1_i64 = tcg_temp_new_i64();
8440 cpu_tmp2_i32 = tcg_temp_new_i32();
8441 cpu_tmp3_i32 = tcg_temp_new_i32();
8442 cpu_tmp4 = tcg_temp_new();
8443 cpu_ptr0 = tcg_temp_new_ptr();
8444 cpu_ptr1 = tcg_temp_new_ptr();
8445 cpu_cc_srcT = tcg_temp_local_new();
8446
8447 dc->is_jmp = DISAS_NEXT;
8448 pc_ptr = pc_start;
8449 num_insns = 0;
8450 max_insns = tb->cflags & CF_COUNT_MASK;
8451 if (max_insns == 0) {
8452 max_insns = CF_COUNT_MASK;
8453 }
8454 if (max_insns > TCG_MAX_INSNS) {
8455 max_insns = TCG_MAX_INSNS;
8456 }
8457
8458 gen_tb_start(tb);
8459 for(;;) {
8460 tcg_gen_insn_start(pc_ptr, dc->cc_op);
8461 num_insns++;
8462
8463 /* If RF is set, suppress an internally generated breakpoint. */
8464 if (unlikely(cpu_breakpoint_test(cs, pc_ptr,
8465 tb->flags & HF_RF_MASK
8466 ? BP_GDB : BP_ANY))) {
8467 gen_debug(dc, pc_ptr - dc->cs_base);
8468 /* The address covered by the breakpoint must be included in
8469 [tb->pc, tb->pc + tb->size) in order to for it to be
8470 properly cleared -- thus we increment the PC here so that
8471 the logic setting tb->size below does the right thing. */
8472 pc_ptr += 1;
8473 goto done_generating;
8474 }
8475 if (num_insns == max_insns && (tb->cflags & CF_LAST_IO)) {
8476 gen_io_start();
8477 }
8478
8479 pc_ptr = disas_insn(env, dc, pc_ptr);
8480 /* stop translation if indicated */
8481 if (dc->is_jmp)
8482 break;
8483 /* if single step mode, we generate only one instruction and
8484 generate an exception */
8485 /* if irq were inhibited with HF_INHIBIT_IRQ_MASK, we clear
8486 the flag and abort the translation to give the irqs a
8487 change to be happen */
8488 if (dc->tf || dc->singlestep_enabled ||
8489 (flags & HF_INHIBIT_IRQ_MASK)) {
8490 gen_jmp_im(pc_ptr - dc->cs_base);
8491 gen_eob(dc);
8492 break;
8493 }
8494 /* Do not cross the boundary of the pages in icount mode,
8495 it can cause an exception. Do it only when boundary is
8496 crossed by the first instruction in the block.
8497 If current instruction already crossed the bound - it's ok,
8498 because an exception hasn't stopped this code.
8499 */
8500 if ((tb->cflags & CF_USE_ICOUNT)
8501 && ((pc_ptr & TARGET_PAGE_MASK)
8502 != ((pc_ptr + TARGET_MAX_INSN_SIZE - 1) & TARGET_PAGE_MASK)
8503 || (pc_ptr & ~TARGET_PAGE_MASK) == 0)) {
8504 gen_jmp_im(pc_ptr - dc->cs_base);
8505 gen_eob(dc);
8506 break;
8507 }
8508 /* if too long translation, stop generation too */
8509 if (tcg_op_buf_full() ||
8510 (pc_ptr - pc_start) >= (TARGET_PAGE_SIZE - 32) ||
8511 num_insns >= max_insns) {
8512 gen_jmp_im(pc_ptr - dc->cs_base);
8513 gen_eob(dc);
8514 break;
8515 }
8516 if (singlestep) {
8517 gen_jmp_im(pc_ptr - dc->cs_base);
8518 gen_eob(dc);
8519 break;
8520 }
8521 }
8522 if (tb->cflags & CF_LAST_IO)
8523 gen_io_end();
8524 done_generating:
8525 gen_tb_end(tb, num_insns);
8526
8527 #ifdef DEBUG_DISAS
8528 if (qemu_loglevel_mask(CPU_LOG_TB_IN_ASM)
8529 && qemu_log_in_addr_range(pc_start)) {
8530 int disas_flags;
8531 qemu_log_lock();
8532 qemu_log("----------------\n");
8533 qemu_log("IN: %s\n", lookup_symbol(pc_start));
8534 #ifdef TARGET_X86_64
8535 if (dc->code64)
8536 disas_flags = 2;
8537 else
8538 #endif
8539 disas_flags = !dc->code32;
8540 log_target_disas(cs, pc_start, pc_ptr - pc_start, disas_flags);
8541 qemu_log("\n");
8542 qemu_log_unlock();
8543 }
8544 #endif
8545
8546 tb->size = pc_ptr - pc_start;
8547 tb->icount = num_insns;
8548 }
8549
8550 void restore_state_to_opc(CPUX86State *env, TranslationBlock *tb,
8551 target_ulong *data)
8552 {
8553 int cc_op = data[1];
8554 env->eip = data[0] - tb->cs_base;
8555 if (cc_op != CC_OP_DYNAMIC) {
8556 env->cc_op = cc_op;
8557 }
8558 }
AR7 emulation for QEMU