4 * Copyright (c) 2003 Fabrice Bellard
6 * This library is free software; you can redistribute it and/or
7 * modify it under the terms of the GNU Lesser General Public
8 * License as published by the Free Software Foundation; either
9 * version 2 of the License, or (at your option) any later version.
11 * This library is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
14 * Lesser General Public License for more details.
16 * You should have received a copy of the GNU Lesser General Public
17 * License along with this library; if not, see <http://www.gnu.org/licenses/>.
19 #include "qemu/osdep.h"
21 #include "qemu/host-utils.h"
23 #include "disas/disas.h"
24 #include "exec/exec-all.h"
26 #include "exec/cpu_ldst.h"
28 #include "exec/helper-proto.h"
29 #include "exec/helper-gen.h"
31 #include "trace-tcg.h"
35 #define PREFIX_REPZ 0x01
36 #define PREFIX_REPNZ 0x02
37 #define PREFIX_LOCK 0x04
38 #define PREFIX_DATA 0x08
39 #define PREFIX_ADR 0x10
40 #define PREFIX_VEX 0x20
43 #define CODE64(s) ((s)->code64)
44 #define REX_X(s) ((s)->rex_x)
45 #define REX_B(s) ((s)->rex_b)
60 /* For a switch indexed by MODRM, match all memory operands for a given OP. */
61 #define CASE_MODRM_MEM_OP(OP) \
62 case (0 << 6) | (OP << 3) | 0 ... (0 << 6) | (OP << 3) | 7: \
63 case (1 << 6) | (OP << 3) | 0 ... (1 << 6) | (OP << 3) | 7: \
64 case (2 << 6) | (OP << 3) | 0 ... (2 << 6) | (OP << 3) | 7
66 #define CASE_MODRM_OP(OP) \
67 case (0 << 6) | (OP << 3) | 0 ... (0 << 6) | (OP << 3) | 7: \
68 case (1 << 6) | (OP << 3) | 0 ... (1 << 6) | (OP << 3) | 7: \
69 case (2 << 6) | (OP << 3) | 0 ... (2 << 6) | (OP << 3) | 7: \
70 case (3 << 6) | (OP << 3) | 0 ... (3 << 6) | (OP << 3) | 7
72 //#define MACRO_TEST 1
74 /* global register indexes */
75 static TCGv_env cpu_env;
77 static TCGv cpu_cc_dst, cpu_cc_src, cpu_cc_src2, cpu_cc_srcT;
78 static TCGv_i32 cpu_cc_op;
79 static TCGv cpu_regs[CPU_NB_REGS];
80 static TCGv cpu_seg_base[6];
81 static TCGv_i64 cpu_bndl[4];
82 static TCGv_i64 cpu_bndu[4];
84 static TCGv cpu_T0, cpu_T1;
85 /* local register indexes (only used inside old micro ops) */
86 static TCGv cpu_tmp0, cpu_tmp4;
87 static TCGv_ptr cpu_ptr0, cpu_ptr1;
88 static TCGv_i32 cpu_tmp2_i32, cpu_tmp3_i32;
89 static TCGv_i64 cpu_tmp1_i64;
91 #include "exec/gen-icount.h"
94 static int x86_64_hregs;
97 typedef struct DisasContext {
98 /* current insn context */
99 int override; /* -1 if no override */
103 target_ulong pc_start;
104 target_ulong pc; /* pc = eip + cs_base */
105 int is_jmp; /* 1 = means jump (stop translation), 2 means CPU
106 static state change (stop translation) */
107 /* current block context */
108 target_ulong cs_base; /* base of CS segment */
109 int pe; /* protected mode */
110 int code32; /* 32 bit code segment */
112 int lma; /* long mode active */
113 int code64; /* 64 bit code segment */
116 int vex_l; /* vex vector length */
117 int vex_v; /* vex vvvv register, without 1's compliment. */
118 int ss32; /* 32 bit stack segment */
119 CCOp cc_op; /* current CC operation */
121 int addseg; /* non zero if either DS/ES/SS have a non zero base */
122 int f_st; /* currently unused */
123 int vm86; /* vm86 mode */
126 int tf; /* TF cpu flag */
127 int singlestep_enabled; /* "hardware" single step enabled */
128 int jmp_opt; /* use direct block chaining for direct jumps */
129 int repz_opt; /* optimize jumps within repz instructions */
130 int mem_index; /* select memory access functions */
131 uint64_t flags; /* all execution flags */
132 struct TranslationBlock *tb;
133 int popl_esp_hack; /* for correct popl with esp base handling */
134 int rip_offset; /* only used in x86_64, but left for simplicity */
136 int cpuid_ext_features;
137 int cpuid_ext2_features;
138 int cpuid_ext3_features;
139 int cpuid_7_0_ebx_features;
140 int cpuid_xsave_features;
143 static void gen_eob(DisasContext *s);
144 static void gen_jmp(DisasContext *s, target_ulong eip);
145 static void gen_jmp_tb(DisasContext *s, target_ulong eip, int tb_num);
146 static void gen_op(DisasContext *s1, int op, TCGMemOp ot, int d);
148 /* i386 arith/logic operations */
168 OP_SHL1, /* undocumented */
184 /* I386 int registers */
185 OR_EAX, /* MUST be even numbered */
194 OR_TMP0 = 16, /* temporary operand register */
196 OR_A0, /* temporary register used when doing address evaluation */
206 /* Bit set if the global variable is live after setting CC_OP to X. */
207 static const uint8_t cc_op_live[CC_OP_NB] = {
208 [CC_OP_DYNAMIC] = USES_CC_DST | USES_CC_SRC | USES_CC_SRC2,
209 [CC_OP_EFLAGS] = USES_CC_SRC,
210 [CC_OP_MULB ... CC_OP_MULQ] = USES_CC_DST | USES_CC_SRC,
211 [CC_OP_ADDB ... CC_OP_ADDQ] = USES_CC_DST | USES_CC_SRC,
212 [CC_OP_ADCB ... CC_OP_ADCQ] = USES_CC_DST | USES_CC_SRC | USES_CC_SRC2,
213 [CC_OP_SUBB ... CC_OP_SUBQ] = USES_CC_DST | USES_CC_SRC | USES_CC_SRCT,
214 [CC_OP_SBBB ... CC_OP_SBBQ] = USES_CC_DST | USES_CC_SRC | USES_CC_SRC2,
215 [CC_OP_LOGICB ... CC_OP_LOGICQ] = USES_CC_DST,
216 [CC_OP_INCB ... CC_OP_INCQ] = USES_CC_DST | USES_CC_SRC,
217 [CC_OP_DECB ... CC_OP_DECQ] = USES_CC_DST | USES_CC_SRC,
218 [CC_OP_SHLB ... CC_OP_SHLQ] = USES_CC_DST | USES_CC_SRC,
219 [CC_OP_SARB ... CC_OP_SARQ] = USES_CC_DST | USES_CC_SRC,
220 [CC_OP_BMILGB ... CC_OP_BMILGQ] = USES_CC_DST | USES_CC_SRC,
221 [CC_OP_ADCX] = USES_CC_DST | USES_CC_SRC,
222 [CC_OP_ADOX] = USES_CC_SRC | USES_CC_SRC2,
223 [CC_OP_ADCOX] = USES_CC_DST | USES_CC_SRC | USES_CC_SRC2,
227 static void set_cc_op(DisasContext *s, CCOp op)
231 if (s->cc_op == op) {
235 /* Discard CC computation that will no longer be used. */
236 dead = cc_op_live[s->cc_op] & ~cc_op_live[op];
237 if (dead & USES_CC_DST) {
238 tcg_gen_discard_tl(cpu_cc_dst);
240 if (dead & USES_CC_SRC) {
241 tcg_gen_discard_tl(cpu_cc_src);
243 if (dead & USES_CC_SRC2) {
244 tcg_gen_discard_tl(cpu_cc_src2);
246 if (dead & USES_CC_SRCT) {
247 tcg_gen_discard_tl(cpu_cc_srcT);
250 if (op == CC_OP_DYNAMIC) {
251 /* The DYNAMIC setting is translator only, and should never be
252 stored. Thus we always consider it clean. */
253 s->cc_op_dirty = false;
255 /* Discard any computed CC_OP value (see shifts). */
256 if (s->cc_op == CC_OP_DYNAMIC) {
257 tcg_gen_discard_i32(cpu_cc_op);
259 s->cc_op_dirty = true;
264 static void gen_update_cc_op(DisasContext *s)
266 if (s->cc_op_dirty) {
267 tcg_gen_movi_i32(cpu_cc_op, s->cc_op);
268 s->cc_op_dirty = false;
274 #define NB_OP_SIZES 4
276 #else /* !TARGET_X86_64 */
278 #define NB_OP_SIZES 3
280 #endif /* !TARGET_X86_64 */
282 #if defined(HOST_WORDS_BIGENDIAN)
283 #define REG_B_OFFSET (sizeof(target_ulong) - 1)
284 #define REG_H_OFFSET (sizeof(target_ulong) - 2)
285 #define REG_W_OFFSET (sizeof(target_ulong) - 2)
286 #define REG_L_OFFSET (sizeof(target_ulong) - 4)
287 #define REG_LH_OFFSET (sizeof(target_ulong) - 8)
289 #define REG_B_OFFSET 0
290 #define REG_H_OFFSET 1
291 #define REG_W_OFFSET 0
292 #define REG_L_OFFSET 0
293 #define REG_LH_OFFSET 4
296 /* In instruction encodings for byte register accesses the
297 * register number usually indicates "low 8 bits of register N";
298 * however there are some special cases where N 4..7 indicates
299 * [AH, CH, DH, BH], ie "bits 15..8 of register N-4". Return
300 * true for this special case, false otherwise.
302 static inline bool byte_reg_is_xH(int reg)
308 if (reg >= 8 || x86_64_hregs) {
315 /* Select the size of a push/pop operation. */
316 static inline TCGMemOp mo_pushpop(DisasContext *s, TCGMemOp ot)
319 return ot == MO_16 ? MO_16 : MO_64;
325 /* Select the size of the stack pointer. */
326 static inline TCGMemOp mo_stacksize(DisasContext *s)
328 return CODE64(s) ? MO_64 : s->ss32 ? MO_32 : MO_16;
331 /* Select only size 64 else 32. Used for SSE operand sizes. */
332 static inline TCGMemOp mo_64_32(TCGMemOp ot)
335 return ot == MO_64 ? MO_64 : MO_32;
341 /* Select size 8 if lsb of B is clear, else OT. Used for decoding
342 byte vs word opcodes. */
343 static inline TCGMemOp mo_b_d(int b, TCGMemOp ot)
345 return b & 1 ? ot : MO_8;
348 /* Select size 8 if lsb of B is clear, else OT capped at 32.
349 Used for decoding operand size of port opcodes. */
350 static inline TCGMemOp mo_b_d32(int b, TCGMemOp ot)
352 return b & 1 ? (ot == MO_16 ? MO_16 : MO_32) : MO_8;
355 static void gen_op_mov_reg_v(TCGMemOp ot, int reg, TCGv t0)
359 if (!byte_reg_is_xH(reg)) {
360 tcg_gen_deposit_tl(cpu_regs[reg], cpu_regs[reg], t0, 0, 8);
362 tcg_gen_deposit_tl(cpu_regs[reg - 4], cpu_regs[reg - 4], t0, 8, 8);
366 tcg_gen_deposit_tl(cpu_regs[reg], cpu_regs[reg], t0, 0, 16);
369 /* For x86_64, this sets the higher half of register to zero.
370 For i386, this is equivalent to a mov. */
371 tcg_gen_ext32u_tl(cpu_regs[reg], t0);
375 tcg_gen_mov_tl(cpu_regs[reg], t0);
383 static inline void gen_op_mov_v_reg(TCGMemOp ot, TCGv t0, int reg)
385 if (ot == MO_8 && byte_reg_is_xH(reg)) {
386 tcg_gen_shri_tl(t0, cpu_regs[reg - 4], 8);
387 tcg_gen_ext8u_tl(t0, t0);
389 tcg_gen_mov_tl(t0, cpu_regs[reg]);
393 static void gen_add_A0_im(DisasContext *s, int val)
395 tcg_gen_addi_tl(cpu_A0, cpu_A0, val);
397 tcg_gen_ext32u_tl(cpu_A0, cpu_A0);
401 static inline void gen_op_jmp_v(TCGv dest)
403 tcg_gen_st_tl(dest, cpu_env, offsetof(CPUX86State, eip));
406 static inline void gen_op_add_reg_im(TCGMemOp size, int reg, int32_t val)
408 tcg_gen_addi_tl(cpu_tmp0, cpu_regs[reg], val);
409 gen_op_mov_reg_v(size, reg, cpu_tmp0);
412 static inline void gen_op_add_reg_T0(TCGMemOp size, int reg)
414 tcg_gen_add_tl(cpu_tmp0, cpu_regs[reg], cpu_T0);
415 gen_op_mov_reg_v(size, reg, cpu_tmp0);
418 static inline void gen_op_ld_v(DisasContext *s, int idx, TCGv t0, TCGv a0)
420 tcg_gen_qemu_ld_tl(t0, a0, s->mem_index, idx | MO_LE);
423 static inline void gen_op_st_v(DisasContext *s, int idx, TCGv t0, TCGv a0)
425 tcg_gen_qemu_st_tl(t0, a0, s->mem_index, idx | MO_LE);
428 static inline void gen_op_st_rm_T0_A0(DisasContext *s, int idx, int d)
431 gen_op_st_v(s, idx, cpu_T0, cpu_A0);
433 gen_op_mov_reg_v(idx, d, cpu_T0);
437 static inline void gen_jmp_im(target_ulong pc)
439 tcg_gen_movi_tl(cpu_tmp0, pc);
440 gen_op_jmp_v(cpu_tmp0);
443 /* Compute SEG:REG into A0. SEG is selected from the override segment
444 (OVR_SEG) and the default segment (DEF_SEG). OVR_SEG may be -1 to
445 indicate no override. */
446 static void gen_lea_v_seg(DisasContext *s, TCGMemOp aflag, TCGv a0,
447 int def_seg, int ovr_seg)
453 tcg_gen_mov_tl(cpu_A0, a0);
460 if (ovr_seg < 0 && s->addseg) {
464 tcg_gen_ext32u_tl(cpu_A0, a0);
470 tcg_gen_ext16u_tl(cpu_A0, a0);
485 TCGv seg = cpu_seg_base[ovr_seg];
487 if (aflag == MO_64) {
488 tcg_gen_add_tl(cpu_A0, a0, seg);
489 } else if (CODE64(s)) {
490 tcg_gen_ext32u_tl(cpu_A0, a0);
491 tcg_gen_add_tl(cpu_A0, cpu_A0, seg);
493 tcg_gen_add_tl(cpu_A0, a0, seg);
494 tcg_gen_ext32u_tl(cpu_A0, cpu_A0);
499 static inline void gen_string_movl_A0_ESI(DisasContext *s)
501 gen_lea_v_seg(s, s->aflag, cpu_regs[R_ESI], R_DS, s->override);
504 static inline void gen_string_movl_A0_EDI(DisasContext *s)
506 gen_lea_v_seg(s, s->aflag, cpu_regs[R_EDI], R_ES, -1);
509 static inline void gen_op_movl_T0_Dshift(TCGMemOp ot)
511 tcg_gen_ld32s_tl(cpu_T0, cpu_env, offsetof(CPUX86State, df));
512 tcg_gen_shli_tl(cpu_T0, cpu_T0, ot);
515 static TCGv gen_ext_tl(TCGv dst, TCGv src, TCGMemOp size, bool sign)
520 tcg_gen_ext8s_tl(dst, src);
522 tcg_gen_ext8u_tl(dst, src);
527 tcg_gen_ext16s_tl(dst, src);
529 tcg_gen_ext16u_tl(dst, src);
535 tcg_gen_ext32s_tl(dst, src);
537 tcg_gen_ext32u_tl(dst, src);
546 static void gen_extu(TCGMemOp ot, TCGv reg)
548 gen_ext_tl(reg, reg, ot, false);
551 static void gen_exts(TCGMemOp ot, TCGv reg)
553 gen_ext_tl(reg, reg, ot, true);
556 static inline void gen_op_jnz_ecx(TCGMemOp size, TCGLabel *label1)
558 tcg_gen_mov_tl(cpu_tmp0, cpu_regs[R_ECX]);
559 gen_extu(size, cpu_tmp0);
560 tcg_gen_brcondi_tl(TCG_COND_NE, cpu_tmp0, 0, label1);
563 static inline void gen_op_jz_ecx(TCGMemOp size, TCGLabel *label1)
565 tcg_gen_mov_tl(cpu_tmp0, cpu_regs[R_ECX]);
566 gen_extu(size, cpu_tmp0);
567 tcg_gen_brcondi_tl(TCG_COND_EQ, cpu_tmp0, 0, label1);
570 static void gen_helper_in_func(TCGMemOp ot, TCGv v, TCGv_i32 n)
574 gen_helper_inb(v, cpu_env, n);
577 gen_helper_inw(v, cpu_env, n);
580 gen_helper_inl(v, cpu_env, n);
587 static void gen_helper_out_func(TCGMemOp ot, TCGv_i32 v, TCGv_i32 n)
591 gen_helper_outb(cpu_env, v, n);
594 gen_helper_outw(cpu_env, v, n);
597 gen_helper_outl(cpu_env, v, n);
604 static void gen_check_io(DisasContext *s, TCGMemOp ot, target_ulong cur_eip,
607 target_ulong next_eip;
609 if (s->pe && (s->cpl > s->iopl || s->vm86)) {
610 tcg_gen_trunc_tl_i32(cpu_tmp2_i32, cpu_T0);
613 gen_helper_check_iob(cpu_env, cpu_tmp2_i32);
616 gen_helper_check_iow(cpu_env, cpu_tmp2_i32);
619 gen_helper_check_iol(cpu_env, cpu_tmp2_i32);
625 if(s->flags & HF_SVMI_MASK) {
628 svm_flags |= (1 << (4 + ot));
629 next_eip = s->pc - s->cs_base;
630 tcg_gen_trunc_tl_i32(cpu_tmp2_i32, cpu_T0);
631 gen_helper_svm_check_io(cpu_env, cpu_tmp2_i32,
632 tcg_const_i32(svm_flags),
633 tcg_const_i32(next_eip - cur_eip));
637 static inline void gen_movs(DisasContext *s, TCGMemOp ot)
639 gen_string_movl_A0_ESI(s);
640 gen_op_ld_v(s, ot, cpu_T0, cpu_A0);
641 gen_string_movl_A0_EDI(s);
642 gen_op_st_v(s, ot, cpu_T0, cpu_A0);
643 gen_op_movl_T0_Dshift(ot);
644 gen_op_add_reg_T0(s->aflag, R_ESI);
645 gen_op_add_reg_T0(s->aflag, R_EDI);
648 static void gen_op_update1_cc(void)
650 tcg_gen_mov_tl(cpu_cc_dst, cpu_T0);
653 static void gen_op_update2_cc(void)
655 tcg_gen_mov_tl(cpu_cc_src, cpu_T1);
656 tcg_gen_mov_tl(cpu_cc_dst, cpu_T0);
659 static void gen_op_update3_cc(TCGv reg)
661 tcg_gen_mov_tl(cpu_cc_src2, reg);
662 tcg_gen_mov_tl(cpu_cc_src, cpu_T1);
663 tcg_gen_mov_tl(cpu_cc_dst, cpu_T0);
666 static inline void gen_op_testl_T0_T1_cc(void)
668 tcg_gen_and_tl(cpu_cc_dst, cpu_T0, cpu_T1);
671 static void gen_op_update_neg_cc(void)
673 tcg_gen_mov_tl(cpu_cc_dst, cpu_T0);
674 tcg_gen_neg_tl(cpu_cc_src, cpu_T0);
675 tcg_gen_movi_tl(cpu_cc_srcT, 0);
678 /* compute all eflags to cc_src */
679 static void gen_compute_eflags(DisasContext *s)
681 TCGv zero, dst, src1, src2;
684 if (s->cc_op == CC_OP_EFLAGS) {
687 if (s->cc_op == CC_OP_CLR) {
688 tcg_gen_movi_tl(cpu_cc_src, CC_Z | CC_P);
689 set_cc_op(s, CC_OP_EFLAGS);
698 /* Take care to not read values that are not live. */
699 live = cc_op_live[s->cc_op] & ~USES_CC_SRCT;
700 dead = live ^ (USES_CC_DST | USES_CC_SRC | USES_CC_SRC2);
702 zero = tcg_const_tl(0);
703 if (dead & USES_CC_DST) {
706 if (dead & USES_CC_SRC) {
709 if (dead & USES_CC_SRC2) {
715 gen_helper_cc_compute_all(cpu_cc_src, dst, src1, src2, cpu_cc_op);
716 set_cc_op(s, CC_OP_EFLAGS);
723 typedef struct CCPrepare {
733 /* compute eflags.C to reg */
734 static CCPrepare gen_prepare_eflags_c(DisasContext *s, TCGv reg)
740 case CC_OP_SUBB ... CC_OP_SUBQ:
741 /* (DATA_TYPE)CC_SRCT < (DATA_TYPE)CC_SRC */
742 size = s->cc_op - CC_OP_SUBB;
743 t1 = gen_ext_tl(cpu_tmp0, cpu_cc_src, size, false);
744 /* If no temporary was used, be careful not to alias t1 and t0. */
745 t0 = TCGV_EQUAL(t1, cpu_cc_src) ? cpu_tmp0 : reg;
746 tcg_gen_mov_tl(t0, cpu_cc_srcT);
750 case CC_OP_ADDB ... CC_OP_ADDQ:
751 /* (DATA_TYPE)CC_DST < (DATA_TYPE)CC_SRC */
752 size = s->cc_op - CC_OP_ADDB;
753 t1 = gen_ext_tl(cpu_tmp0, cpu_cc_src, size, false);
754 t0 = gen_ext_tl(reg, cpu_cc_dst, size, false);
756 return (CCPrepare) { .cond = TCG_COND_LTU, .reg = t0,
757 .reg2 = t1, .mask = -1, .use_reg2 = true };
759 case CC_OP_LOGICB ... CC_OP_LOGICQ:
761 return (CCPrepare) { .cond = TCG_COND_NEVER, .mask = -1 };
763 case CC_OP_INCB ... CC_OP_INCQ:
764 case CC_OP_DECB ... CC_OP_DECQ:
765 return (CCPrepare) { .cond = TCG_COND_NE, .reg = cpu_cc_src,
766 .mask = -1, .no_setcond = true };
768 case CC_OP_SHLB ... CC_OP_SHLQ:
769 /* (CC_SRC >> (DATA_BITS - 1)) & 1 */
770 size = s->cc_op - CC_OP_SHLB;
771 shift = (8 << size) - 1;
772 return (CCPrepare) { .cond = TCG_COND_NE, .reg = cpu_cc_src,
773 .mask = (target_ulong)1 << shift };
775 case CC_OP_MULB ... CC_OP_MULQ:
776 return (CCPrepare) { .cond = TCG_COND_NE,
777 .reg = cpu_cc_src, .mask = -1 };
779 case CC_OP_BMILGB ... CC_OP_BMILGQ:
780 size = s->cc_op - CC_OP_BMILGB;
781 t0 = gen_ext_tl(reg, cpu_cc_src, size, false);
782 return (CCPrepare) { .cond = TCG_COND_EQ, .reg = t0, .mask = -1 };
786 return (CCPrepare) { .cond = TCG_COND_NE, .reg = cpu_cc_dst,
787 .mask = -1, .no_setcond = true };
790 case CC_OP_SARB ... CC_OP_SARQ:
792 return (CCPrepare) { .cond = TCG_COND_NE,
793 .reg = cpu_cc_src, .mask = CC_C };
796 /* The need to compute only C from CC_OP_DYNAMIC is important
797 in efficiently implementing e.g. INC at the start of a TB. */
799 gen_helper_cc_compute_c(reg, cpu_cc_dst, cpu_cc_src,
800 cpu_cc_src2, cpu_cc_op);
801 return (CCPrepare) { .cond = TCG_COND_NE, .reg = reg,
802 .mask = -1, .no_setcond = true };
806 /* compute eflags.P to reg */
807 static CCPrepare gen_prepare_eflags_p(DisasContext *s, TCGv reg)
809 gen_compute_eflags(s);
810 return (CCPrepare) { .cond = TCG_COND_NE, .reg = cpu_cc_src,
814 /* compute eflags.S to reg */
815 static CCPrepare gen_prepare_eflags_s(DisasContext *s, TCGv reg)
819 gen_compute_eflags(s);
825 return (CCPrepare) { .cond = TCG_COND_NE, .reg = cpu_cc_src,
828 return (CCPrepare) { .cond = TCG_COND_NEVER, .mask = -1 };
831 TCGMemOp size = (s->cc_op - CC_OP_ADDB) & 3;
832 TCGv t0 = gen_ext_tl(reg, cpu_cc_dst, size, true);
833 return (CCPrepare) { .cond = TCG_COND_LT, .reg = t0, .mask = -1 };
838 /* compute eflags.O to reg */
839 static CCPrepare gen_prepare_eflags_o(DisasContext *s, TCGv reg)
844 return (CCPrepare) { .cond = TCG_COND_NE, .reg = cpu_cc_src2,
845 .mask = -1, .no_setcond = true };
847 return (CCPrepare) { .cond = TCG_COND_NEVER, .mask = -1 };
849 gen_compute_eflags(s);
850 return (CCPrepare) { .cond = TCG_COND_NE, .reg = cpu_cc_src,
855 /* compute eflags.Z to reg */
856 static CCPrepare gen_prepare_eflags_z(DisasContext *s, TCGv reg)
860 gen_compute_eflags(s);
866 return (CCPrepare) { .cond = TCG_COND_NE, .reg = cpu_cc_src,
869 return (CCPrepare) { .cond = TCG_COND_ALWAYS, .mask = -1 };
872 TCGMemOp size = (s->cc_op - CC_OP_ADDB) & 3;
873 TCGv t0 = gen_ext_tl(reg, cpu_cc_dst, size, false);
874 return (CCPrepare) { .cond = TCG_COND_EQ, .reg = t0, .mask = -1 };
879 /* perform a conditional store into register 'reg' according to jump opcode
880 value 'b'. In the fast case, T0 is guaranted not to be used. */
881 static CCPrepare gen_prepare_cc(DisasContext *s, int b, TCGv reg)
883 int inv, jcc_op, cond;
889 jcc_op = (b >> 1) & 7;
892 case CC_OP_SUBB ... CC_OP_SUBQ:
893 /* We optimize relational operators for the cmp/jcc case. */
894 size = s->cc_op - CC_OP_SUBB;
897 tcg_gen_mov_tl(cpu_tmp4, cpu_cc_srcT);
898 gen_extu(size, cpu_tmp4);
899 t0 = gen_ext_tl(cpu_tmp0, cpu_cc_src, size, false);
900 cc = (CCPrepare) { .cond = TCG_COND_LEU, .reg = cpu_tmp4,
901 .reg2 = t0, .mask = -1, .use_reg2 = true };
910 tcg_gen_mov_tl(cpu_tmp4, cpu_cc_srcT);
911 gen_exts(size, cpu_tmp4);
912 t0 = gen_ext_tl(cpu_tmp0, cpu_cc_src, size, true);
913 cc = (CCPrepare) { .cond = cond, .reg = cpu_tmp4,
914 .reg2 = t0, .mask = -1, .use_reg2 = true };
924 /* This actually generates good code for JC, JZ and JS. */
927 cc = gen_prepare_eflags_o(s, reg);
930 cc = gen_prepare_eflags_c(s, reg);
933 cc = gen_prepare_eflags_z(s, reg);
936 gen_compute_eflags(s);
937 cc = (CCPrepare) { .cond = TCG_COND_NE, .reg = cpu_cc_src,
938 .mask = CC_Z | CC_C };
941 cc = gen_prepare_eflags_s(s, reg);
944 cc = gen_prepare_eflags_p(s, reg);
947 gen_compute_eflags(s);
948 if (TCGV_EQUAL(reg, cpu_cc_src)) {
951 tcg_gen_shri_tl(reg, cpu_cc_src, 4); /* CC_O -> CC_S */
952 tcg_gen_xor_tl(reg, reg, cpu_cc_src);
953 cc = (CCPrepare) { .cond = TCG_COND_NE, .reg = reg,
958 gen_compute_eflags(s);
959 if (TCGV_EQUAL(reg, cpu_cc_src)) {
962 tcg_gen_shri_tl(reg, cpu_cc_src, 4); /* CC_O -> CC_S */
963 tcg_gen_xor_tl(reg, reg, cpu_cc_src);
964 cc = (CCPrepare) { .cond = TCG_COND_NE, .reg = reg,
965 .mask = CC_S | CC_Z };
972 cc.cond = tcg_invert_cond(cc.cond);
977 static void gen_setcc1(DisasContext *s, int b, TCGv reg)
979 CCPrepare cc = gen_prepare_cc(s, b, reg);
982 if (cc.cond == TCG_COND_EQ) {
983 tcg_gen_xori_tl(reg, cc.reg, 1);
985 tcg_gen_mov_tl(reg, cc.reg);
990 if (cc.cond == TCG_COND_NE && !cc.use_reg2 && cc.imm == 0 &&
991 cc.mask != 0 && (cc.mask & (cc.mask - 1)) == 0) {
992 tcg_gen_shri_tl(reg, cc.reg, ctztl(cc.mask));
993 tcg_gen_andi_tl(reg, reg, 1);
997 tcg_gen_andi_tl(reg, cc.reg, cc.mask);
1001 tcg_gen_setcond_tl(cc.cond, reg, cc.reg, cc.reg2);
1003 tcg_gen_setcondi_tl(cc.cond, reg, cc.reg, cc.imm);
1007 static inline void gen_compute_eflags_c(DisasContext *s, TCGv reg)
1009 gen_setcc1(s, JCC_B << 1, reg);
1012 /* generate a conditional jump to label 'l1' according to jump opcode
1013 value 'b'. In the fast case, T0 is guaranted not to be used. */
1014 static inline void gen_jcc1_noeob(DisasContext *s, int b, TCGLabel *l1)
1016 CCPrepare cc = gen_prepare_cc(s, b, cpu_T0);
1018 if (cc.mask != -1) {
1019 tcg_gen_andi_tl(cpu_T0, cc.reg, cc.mask);
1023 tcg_gen_brcond_tl(cc.cond, cc.reg, cc.reg2, l1);
1025 tcg_gen_brcondi_tl(cc.cond, cc.reg, cc.imm, l1);
1029 /* Generate a conditional jump to label 'l1' according to jump opcode
1030 value 'b'. In the fast case, T0 is guaranted not to be used.
1031 A translation block must end soon. */
1032 static inline void gen_jcc1(DisasContext *s, int b, TCGLabel *l1)
1034 CCPrepare cc = gen_prepare_cc(s, b, cpu_T0);
1036 gen_update_cc_op(s);
1037 if (cc.mask != -1) {
1038 tcg_gen_andi_tl(cpu_T0, cc.reg, cc.mask);
1041 set_cc_op(s, CC_OP_DYNAMIC);
1043 tcg_gen_brcond_tl(cc.cond, cc.reg, cc.reg2, l1);
1045 tcg_gen_brcondi_tl(cc.cond, cc.reg, cc.imm, l1);
1049 /* XXX: does not work with gdbstub "ice" single step - not a
1051 static TCGLabel *gen_jz_ecx_string(DisasContext *s, target_ulong next_eip)
1053 TCGLabel *l1 = gen_new_label();
1054 TCGLabel *l2 = gen_new_label();
1055 gen_op_jnz_ecx(s->aflag, l1);
1057 gen_jmp_tb(s, next_eip, 1);
1062 static inline void gen_stos(DisasContext *s, TCGMemOp ot)
1064 gen_op_mov_v_reg(MO_32, cpu_T0, R_EAX);
1065 gen_string_movl_A0_EDI(s);
1066 gen_op_st_v(s, ot, cpu_T0, cpu_A0);
1067 gen_op_movl_T0_Dshift(ot);
1068 gen_op_add_reg_T0(s->aflag, R_EDI);
1071 static inline void gen_lods(DisasContext *s, TCGMemOp ot)
1073 gen_string_movl_A0_ESI(s);
1074 gen_op_ld_v(s, ot, cpu_T0, cpu_A0);
1075 gen_op_mov_reg_v(ot, R_EAX, cpu_T0);
1076 gen_op_movl_T0_Dshift(ot);
1077 gen_op_add_reg_T0(s->aflag, R_ESI);
1080 static inline void gen_scas(DisasContext *s, TCGMemOp ot)
1082 gen_string_movl_A0_EDI(s);
1083 gen_op_ld_v(s, ot, cpu_T1, cpu_A0);
1084 gen_op(s, OP_CMPL, ot, R_EAX);
1085 gen_op_movl_T0_Dshift(ot);
1086 gen_op_add_reg_T0(s->aflag, R_EDI);
1089 static inline void gen_cmps(DisasContext *s, TCGMemOp ot)
1091 gen_string_movl_A0_EDI(s);
1092 gen_op_ld_v(s, ot, cpu_T1, cpu_A0);
1093 gen_string_movl_A0_ESI(s);
1094 gen_op(s, OP_CMPL, ot, OR_TMP0);
1095 gen_op_movl_T0_Dshift(ot);
1096 gen_op_add_reg_T0(s->aflag, R_ESI);
1097 gen_op_add_reg_T0(s->aflag, R_EDI);
1100 static void gen_bpt_io(DisasContext *s, TCGv_i32 t_port, int ot)
1102 if (s->flags & HF_IOBPT_MASK) {
1103 TCGv_i32 t_size = tcg_const_i32(1 << ot);
1104 TCGv t_next = tcg_const_tl(s->pc - s->cs_base);
1106 gen_helper_bpt_io(cpu_env, t_port, t_size, t_next);
1107 tcg_temp_free_i32(t_size);
1108 tcg_temp_free(t_next);
1113 static inline void gen_ins(DisasContext *s, TCGMemOp ot)
1115 if (s->tb->cflags & CF_USE_ICOUNT) {
1118 gen_string_movl_A0_EDI(s);
1119 /* Note: we must do this dummy write first to be restartable in
1120 case of page fault. */
1121 tcg_gen_movi_tl(cpu_T0, 0);
1122 gen_op_st_v(s, ot, cpu_T0, cpu_A0);
1123 tcg_gen_trunc_tl_i32(cpu_tmp2_i32, cpu_regs[R_EDX]);
1124 tcg_gen_andi_i32(cpu_tmp2_i32, cpu_tmp2_i32, 0xffff);
1125 gen_helper_in_func(ot, cpu_T0, cpu_tmp2_i32);
1126 gen_op_st_v(s, ot, cpu_T0, cpu_A0);
1127 gen_op_movl_T0_Dshift(ot);
1128 gen_op_add_reg_T0(s->aflag, R_EDI);
1129 gen_bpt_io(s, cpu_tmp2_i32, ot);
1130 if (s->tb->cflags & CF_USE_ICOUNT) {
1135 static inline void gen_outs(DisasContext *s, TCGMemOp ot)
1137 if (s->tb->cflags & CF_USE_ICOUNT) {
1140 gen_string_movl_A0_ESI(s);
1141 gen_op_ld_v(s, ot, cpu_T0, cpu_A0);
1143 tcg_gen_trunc_tl_i32(cpu_tmp2_i32, cpu_regs[R_EDX]);
1144 tcg_gen_andi_i32(cpu_tmp2_i32, cpu_tmp2_i32, 0xffff);
1145 tcg_gen_trunc_tl_i32(cpu_tmp3_i32, cpu_T0);
1146 gen_helper_out_func(ot, cpu_tmp2_i32, cpu_tmp3_i32);
1147 gen_op_movl_T0_Dshift(ot);
1148 gen_op_add_reg_T0(s->aflag, R_ESI);
1149 gen_bpt_io(s, cpu_tmp2_i32, ot);
1150 if (s->tb->cflags & CF_USE_ICOUNT) {
1155 /* same method as Valgrind : we generate jumps to current or next
1157 #define GEN_REPZ(op) \
1158 static inline void gen_repz_ ## op(DisasContext *s, TCGMemOp ot, \
1159 target_ulong cur_eip, target_ulong next_eip) \
1162 gen_update_cc_op(s); \
1163 l2 = gen_jz_ecx_string(s, next_eip); \
1164 gen_ ## op(s, ot); \
1165 gen_op_add_reg_im(s->aflag, R_ECX, -1); \
1166 /* a loop would cause two single step exceptions if ECX = 1 \
1167 before rep string_insn */ \
1169 gen_op_jz_ecx(s->aflag, l2); \
1170 gen_jmp(s, cur_eip); \
1173 #define GEN_REPZ2(op) \
1174 static inline void gen_repz_ ## op(DisasContext *s, TCGMemOp ot, \
1175 target_ulong cur_eip, \
1176 target_ulong next_eip, \
1180 gen_update_cc_op(s); \
1181 l2 = gen_jz_ecx_string(s, next_eip); \
1182 gen_ ## op(s, ot); \
1183 gen_op_add_reg_im(s->aflag, R_ECX, -1); \
1184 gen_update_cc_op(s); \
1185 gen_jcc1(s, (JCC_Z << 1) | (nz ^ 1), l2); \
1187 gen_op_jz_ecx(s->aflag, l2); \
1188 gen_jmp(s, cur_eip); \
1199 static void gen_helper_fp_arith_ST0_FT0(int op)
1203 gen_helper_fadd_ST0_FT0(cpu_env);
1206 gen_helper_fmul_ST0_FT0(cpu_env);
1209 gen_helper_fcom_ST0_FT0(cpu_env);
1212 gen_helper_fcom_ST0_FT0(cpu_env);
1215 gen_helper_fsub_ST0_FT0(cpu_env);
1218 gen_helper_fsubr_ST0_FT0(cpu_env);
1221 gen_helper_fdiv_ST0_FT0(cpu_env);
1224 gen_helper_fdivr_ST0_FT0(cpu_env);
1229 /* NOTE the exception in "r" op ordering */
1230 static void gen_helper_fp_arith_STN_ST0(int op, int opreg)
1232 TCGv_i32 tmp = tcg_const_i32(opreg);
1235 gen_helper_fadd_STN_ST0(cpu_env, tmp);
1238 gen_helper_fmul_STN_ST0(cpu_env, tmp);
1241 gen_helper_fsubr_STN_ST0(cpu_env, tmp);
1244 gen_helper_fsub_STN_ST0(cpu_env, tmp);
1247 gen_helper_fdivr_STN_ST0(cpu_env, tmp);
1250 gen_helper_fdiv_STN_ST0(cpu_env, tmp);
1255 /* if d == OR_TMP0, it means memory operand (address in A0) */
1256 static void gen_op(DisasContext *s1, int op, TCGMemOp ot, int d)
1259 gen_op_mov_v_reg(ot, cpu_T0, d);
1260 } else if (!(s1->prefix & PREFIX_LOCK)) {
1261 gen_op_ld_v(s1, ot, cpu_T0, cpu_A0);
1265 gen_compute_eflags_c(s1, cpu_tmp4);
1266 if (s1->prefix & PREFIX_LOCK) {
1267 tcg_gen_add_tl(cpu_T0, cpu_tmp4, cpu_T1);
1268 tcg_gen_atomic_add_fetch_tl(cpu_T0, cpu_A0, cpu_T0,
1269 s1->mem_index, ot | MO_LE);
1271 tcg_gen_add_tl(cpu_T0, cpu_T0, cpu_T1);
1272 tcg_gen_add_tl(cpu_T0, cpu_T0, cpu_tmp4);
1273 gen_op_st_rm_T0_A0(s1, ot, d);
1275 gen_op_update3_cc(cpu_tmp4);
1276 set_cc_op(s1, CC_OP_ADCB + ot);
1279 gen_compute_eflags_c(s1, cpu_tmp4);
1280 if (s1->prefix & PREFIX_LOCK) {
1281 tcg_gen_add_tl(cpu_T0, cpu_T1, cpu_tmp4);
1282 tcg_gen_neg_tl(cpu_T0, cpu_T0);
1283 tcg_gen_atomic_add_fetch_tl(cpu_T0, cpu_A0, cpu_T0,
1284 s1->mem_index, ot | MO_LE);
1286 tcg_gen_sub_tl(cpu_T0, cpu_T0, cpu_T1);
1287 tcg_gen_sub_tl(cpu_T0, cpu_T0, cpu_tmp4);
1288 gen_op_st_rm_T0_A0(s1, ot, d);
1290 gen_op_update3_cc(cpu_tmp4);
1291 set_cc_op(s1, CC_OP_SBBB + ot);
1294 if (s1->prefix & PREFIX_LOCK) {
1295 tcg_gen_atomic_add_fetch_tl(cpu_T0, cpu_A0, cpu_T1,
1296 s1->mem_index, ot | MO_LE);
1298 tcg_gen_add_tl(cpu_T0, cpu_T0, cpu_T1);
1299 gen_op_st_rm_T0_A0(s1, ot, d);
1301 gen_op_update2_cc();
1302 set_cc_op(s1, CC_OP_ADDB + ot);
1305 if (s1->prefix & PREFIX_LOCK) {
1306 tcg_gen_neg_tl(cpu_T0, cpu_T1);
1307 tcg_gen_atomic_fetch_add_tl(cpu_cc_srcT, cpu_A0, cpu_T0,
1308 s1->mem_index, ot | MO_LE);
1309 tcg_gen_sub_tl(cpu_T0, cpu_cc_srcT, cpu_T1);
1311 tcg_gen_mov_tl(cpu_cc_srcT, cpu_T0);
1312 tcg_gen_sub_tl(cpu_T0, cpu_T0, cpu_T1);
1313 gen_op_st_rm_T0_A0(s1, ot, d);
1315 gen_op_update2_cc();
1316 set_cc_op(s1, CC_OP_SUBB + ot);
1320 if (s1->prefix & PREFIX_LOCK) {
1321 tcg_gen_atomic_and_fetch_tl(cpu_T0, cpu_A0, cpu_T1,
1322 s1->mem_index, ot | MO_LE);
1324 tcg_gen_and_tl(cpu_T0, cpu_T0, cpu_T1);
1325 gen_op_st_rm_T0_A0(s1, ot, d);
1327 gen_op_update1_cc();
1328 set_cc_op(s1, CC_OP_LOGICB + ot);
1331 if (s1->prefix & PREFIX_LOCK) {
1332 tcg_gen_atomic_or_fetch_tl(cpu_T0, cpu_A0, cpu_T1,
1333 s1->mem_index, ot | MO_LE);
1335 tcg_gen_or_tl(cpu_T0, cpu_T0, cpu_T1);
1336 gen_op_st_rm_T0_A0(s1, ot, d);
1338 gen_op_update1_cc();
1339 set_cc_op(s1, CC_OP_LOGICB + ot);
1342 if (s1->prefix & PREFIX_LOCK) {
1343 tcg_gen_atomic_xor_fetch_tl(cpu_T0, cpu_A0, cpu_T1,
1344 s1->mem_index, ot | MO_LE);
1346 tcg_gen_xor_tl(cpu_T0, cpu_T0, cpu_T1);
1347 gen_op_st_rm_T0_A0(s1, ot, d);
1349 gen_op_update1_cc();
1350 set_cc_op(s1, CC_OP_LOGICB + ot);
1353 tcg_gen_mov_tl(cpu_cc_src, cpu_T1);
1354 tcg_gen_mov_tl(cpu_cc_srcT, cpu_T0);
1355 tcg_gen_sub_tl(cpu_cc_dst, cpu_T0, cpu_T1);
1356 set_cc_op(s1, CC_OP_SUBB + ot);
1361 /* if d == OR_TMP0, it means memory operand (address in A0) */
1362 static void gen_inc(DisasContext *s1, TCGMemOp ot, int d, int c)
1364 if (s1->prefix & PREFIX_LOCK) {
1365 tcg_gen_movi_tl(cpu_T0, c > 0 ? 1 : -1);
1366 tcg_gen_atomic_add_fetch_tl(cpu_T0, cpu_A0, cpu_T0,
1367 s1->mem_index, ot | MO_LE);
1370 gen_op_mov_v_reg(ot, cpu_T0, d);
1372 gen_op_ld_v(s1, ot, cpu_T0, cpu_A0);
1374 tcg_gen_addi_tl(cpu_T0, cpu_T0, (c > 0 ? 1 : -1));
1375 gen_op_st_rm_T0_A0(s1, ot, d);
1378 gen_compute_eflags_c(s1, cpu_cc_src);
1379 tcg_gen_mov_tl(cpu_cc_dst, cpu_T0);
1380 set_cc_op(s1, (c > 0 ? CC_OP_INCB : CC_OP_DECB) + ot);
1383 static void gen_shift_flags(DisasContext *s, TCGMemOp ot, TCGv result,
1384 TCGv shm1, TCGv count, bool is_right)
1386 TCGv_i32 z32, s32, oldop;
1389 /* Store the results into the CC variables. If we know that the
1390 variable must be dead, store unconditionally. Otherwise we'll
1391 need to not disrupt the current contents. */
1392 z_tl = tcg_const_tl(0);
1393 if (cc_op_live[s->cc_op] & USES_CC_DST) {
1394 tcg_gen_movcond_tl(TCG_COND_NE, cpu_cc_dst, count, z_tl,
1395 result, cpu_cc_dst);
1397 tcg_gen_mov_tl(cpu_cc_dst, result);
1399 if (cc_op_live[s->cc_op] & USES_CC_SRC) {
1400 tcg_gen_movcond_tl(TCG_COND_NE, cpu_cc_src, count, z_tl,
1403 tcg_gen_mov_tl(cpu_cc_src, shm1);
1405 tcg_temp_free(z_tl);
1407 /* Get the two potential CC_OP values into temporaries. */
1408 tcg_gen_movi_i32(cpu_tmp2_i32, (is_right ? CC_OP_SARB : CC_OP_SHLB) + ot);
1409 if (s->cc_op == CC_OP_DYNAMIC) {
1412 tcg_gen_movi_i32(cpu_tmp3_i32, s->cc_op);
1413 oldop = cpu_tmp3_i32;
1416 /* Conditionally store the CC_OP value. */
1417 z32 = tcg_const_i32(0);
1418 s32 = tcg_temp_new_i32();
1419 tcg_gen_trunc_tl_i32(s32, count);
1420 tcg_gen_movcond_i32(TCG_COND_NE, cpu_cc_op, s32, z32, cpu_tmp2_i32, oldop);
1421 tcg_temp_free_i32(z32);
1422 tcg_temp_free_i32(s32);
1424 /* The CC_OP value is no longer predictable. */
1425 set_cc_op(s, CC_OP_DYNAMIC);
1428 static void gen_shift_rm_T1(DisasContext *s, TCGMemOp ot, int op1,
1429 int is_right, int is_arith)
1431 target_ulong mask = (ot == MO_64 ? 0x3f : 0x1f);
1434 if (op1 == OR_TMP0) {
1435 gen_op_ld_v(s, ot, cpu_T0, cpu_A0);
1437 gen_op_mov_v_reg(ot, cpu_T0, op1);
1440 tcg_gen_andi_tl(cpu_T1, cpu_T1, mask);
1441 tcg_gen_subi_tl(cpu_tmp0, cpu_T1, 1);
1445 gen_exts(ot, cpu_T0);
1446 tcg_gen_sar_tl(cpu_tmp0, cpu_T0, cpu_tmp0);
1447 tcg_gen_sar_tl(cpu_T0, cpu_T0, cpu_T1);
1449 gen_extu(ot, cpu_T0);
1450 tcg_gen_shr_tl(cpu_tmp0, cpu_T0, cpu_tmp0);
1451 tcg_gen_shr_tl(cpu_T0, cpu_T0, cpu_T1);
1454 tcg_gen_shl_tl(cpu_tmp0, cpu_T0, cpu_tmp0);
1455 tcg_gen_shl_tl(cpu_T0, cpu_T0, cpu_T1);
1459 gen_op_st_rm_T0_A0(s, ot, op1);
1461 gen_shift_flags(s, ot, cpu_T0, cpu_tmp0, cpu_T1, is_right);
1464 static void gen_shift_rm_im(DisasContext *s, TCGMemOp ot, int op1, int op2,
1465 int is_right, int is_arith)
1467 int mask = (ot == MO_64 ? 0x3f : 0x1f);
1471 gen_op_ld_v(s, ot, cpu_T0, cpu_A0);
1473 gen_op_mov_v_reg(ot, cpu_T0, op1);
1479 gen_exts(ot, cpu_T0);
1480 tcg_gen_sari_tl(cpu_tmp4, cpu_T0, op2 - 1);
1481 tcg_gen_sari_tl(cpu_T0, cpu_T0, op2);
1483 gen_extu(ot, cpu_T0);
1484 tcg_gen_shri_tl(cpu_tmp4, cpu_T0, op2 - 1);
1485 tcg_gen_shri_tl(cpu_T0, cpu_T0, op2);
1488 tcg_gen_shli_tl(cpu_tmp4, cpu_T0, op2 - 1);
1489 tcg_gen_shli_tl(cpu_T0, cpu_T0, op2);
1494 gen_op_st_rm_T0_A0(s, ot, op1);
1496 /* update eflags if non zero shift */
1498 tcg_gen_mov_tl(cpu_cc_src, cpu_tmp4);
1499 tcg_gen_mov_tl(cpu_cc_dst, cpu_T0);
1500 set_cc_op(s, (is_right ? CC_OP_SARB : CC_OP_SHLB) + ot);
1504 static void gen_rot_rm_T1(DisasContext *s, TCGMemOp ot, int op1, int is_right)
1506 target_ulong mask = (ot == MO_64 ? 0x3f : 0x1f);
1510 if (op1 == OR_TMP0) {
1511 gen_op_ld_v(s, ot, cpu_T0, cpu_A0);
1513 gen_op_mov_v_reg(ot, cpu_T0, op1);
1516 tcg_gen_andi_tl(cpu_T1, cpu_T1, mask);
1520 /* Replicate the 8-bit input so that a 32-bit rotate works. */
1521 tcg_gen_ext8u_tl(cpu_T0, cpu_T0);
1522 tcg_gen_muli_tl(cpu_T0, cpu_T0, 0x01010101);
1525 /* Replicate the 16-bit input so that a 32-bit rotate works. */
1526 tcg_gen_deposit_tl(cpu_T0, cpu_T0, cpu_T0, 16, 16);
1529 #ifdef TARGET_X86_64
1531 tcg_gen_trunc_tl_i32(cpu_tmp2_i32, cpu_T0);
1532 tcg_gen_trunc_tl_i32(cpu_tmp3_i32, cpu_T1);
1534 tcg_gen_rotr_i32(cpu_tmp2_i32, cpu_tmp2_i32, cpu_tmp3_i32);
1536 tcg_gen_rotl_i32(cpu_tmp2_i32, cpu_tmp2_i32, cpu_tmp3_i32);
1538 tcg_gen_extu_i32_tl(cpu_T0, cpu_tmp2_i32);
1543 tcg_gen_rotr_tl(cpu_T0, cpu_T0, cpu_T1);
1545 tcg_gen_rotl_tl(cpu_T0, cpu_T0, cpu_T1);
1551 gen_op_st_rm_T0_A0(s, ot, op1);
1553 /* We'll need the flags computed into CC_SRC. */
1554 gen_compute_eflags(s);
1556 /* The value that was "rotated out" is now present at the other end
1557 of the word. Compute C into CC_DST and O into CC_SRC2. Note that
1558 since we've computed the flags into CC_SRC, these variables are
1561 tcg_gen_shri_tl(cpu_cc_src2, cpu_T0, mask - 1);
1562 tcg_gen_shri_tl(cpu_cc_dst, cpu_T0, mask);
1563 tcg_gen_andi_tl(cpu_cc_dst, cpu_cc_dst, 1);
1565 tcg_gen_shri_tl(cpu_cc_src2, cpu_T0, mask);
1566 tcg_gen_andi_tl(cpu_cc_dst, cpu_T0, 1);
1568 tcg_gen_andi_tl(cpu_cc_src2, cpu_cc_src2, 1);
1569 tcg_gen_xor_tl(cpu_cc_src2, cpu_cc_src2, cpu_cc_dst);
1571 /* Now conditionally store the new CC_OP value. If the shift count
1572 is 0 we keep the CC_OP_EFLAGS setting so that only CC_SRC is live.
1573 Otherwise reuse CC_OP_ADCOX which have the C and O flags split out
1574 exactly as we computed above. */
1575 t0 = tcg_const_i32(0);
1576 t1 = tcg_temp_new_i32();
1577 tcg_gen_trunc_tl_i32(t1, cpu_T1);
1578 tcg_gen_movi_i32(cpu_tmp2_i32, CC_OP_ADCOX);
1579 tcg_gen_movi_i32(cpu_tmp3_i32, CC_OP_EFLAGS);
1580 tcg_gen_movcond_i32(TCG_COND_NE, cpu_cc_op, t1, t0,
1581 cpu_tmp2_i32, cpu_tmp3_i32);
1582 tcg_temp_free_i32(t0);
1583 tcg_temp_free_i32(t1);
1585 /* The CC_OP value is no longer predictable. */
1586 set_cc_op(s, CC_OP_DYNAMIC);
1589 static void gen_rot_rm_im(DisasContext *s, TCGMemOp ot, int op1, int op2,
1592 int mask = (ot == MO_64 ? 0x3f : 0x1f);
1596 if (op1 == OR_TMP0) {
1597 gen_op_ld_v(s, ot, cpu_T0, cpu_A0);
1599 gen_op_mov_v_reg(ot, cpu_T0, op1);
1605 #ifdef TARGET_X86_64
1607 tcg_gen_trunc_tl_i32(cpu_tmp2_i32, cpu_T0);
1609 tcg_gen_rotri_i32(cpu_tmp2_i32, cpu_tmp2_i32, op2);
1611 tcg_gen_rotli_i32(cpu_tmp2_i32, cpu_tmp2_i32, op2);
1613 tcg_gen_extu_i32_tl(cpu_T0, cpu_tmp2_i32);
1618 tcg_gen_rotri_tl(cpu_T0, cpu_T0, op2);
1620 tcg_gen_rotli_tl(cpu_T0, cpu_T0, op2);
1631 shift = mask + 1 - shift;
1633 gen_extu(ot, cpu_T0);
1634 tcg_gen_shli_tl(cpu_tmp0, cpu_T0, shift);
1635 tcg_gen_shri_tl(cpu_T0, cpu_T0, mask + 1 - shift);
1636 tcg_gen_or_tl(cpu_T0, cpu_T0, cpu_tmp0);
1642 gen_op_st_rm_T0_A0(s, ot, op1);
1645 /* Compute the flags into CC_SRC. */
1646 gen_compute_eflags(s);
1648 /* The value that was "rotated out" is now present at the other end
1649 of the word. Compute C into CC_DST and O into CC_SRC2. Note that
1650 since we've computed the flags into CC_SRC, these variables are
1653 tcg_gen_shri_tl(cpu_cc_src2, cpu_T0, mask - 1);
1654 tcg_gen_shri_tl(cpu_cc_dst, cpu_T0, mask);
1655 tcg_gen_andi_tl(cpu_cc_dst, cpu_cc_dst, 1);
1657 tcg_gen_shri_tl(cpu_cc_src2, cpu_T0, mask);
1658 tcg_gen_andi_tl(cpu_cc_dst, cpu_T0, 1);
1660 tcg_gen_andi_tl(cpu_cc_src2, cpu_cc_src2, 1);
1661 tcg_gen_xor_tl(cpu_cc_src2, cpu_cc_src2, cpu_cc_dst);
1662 set_cc_op(s, CC_OP_ADCOX);
1666 /* XXX: add faster immediate = 1 case */
1667 static void gen_rotc_rm_T1(DisasContext *s, TCGMemOp ot, int op1,
1670 gen_compute_eflags(s);
1671 assert(s->cc_op == CC_OP_EFLAGS);
1675 gen_op_ld_v(s, ot, cpu_T0, cpu_A0);
1677 gen_op_mov_v_reg(ot, cpu_T0, op1);
1682 gen_helper_rcrb(cpu_T0, cpu_env, cpu_T0, cpu_T1);
1685 gen_helper_rcrw(cpu_T0, cpu_env, cpu_T0, cpu_T1);
1688 gen_helper_rcrl(cpu_T0, cpu_env, cpu_T0, cpu_T1);
1690 #ifdef TARGET_X86_64
1692 gen_helper_rcrq(cpu_T0, cpu_env, cpu_T0, cpu_T1);
1701 gen_helper_rclb(cpu_T0, cpu_env, cpu_T0, cpu_T1);
1704 gen_helper_rclw(cpu_T0, cpu_env, cpu_T0, cpu_T1);
1707 gen_helper_rcll(cpu_T0, cpu_env, cpu_T0, cpu_T1);
1709 #ifdef TARGET_X86_64
1711 gen_helper_rclq(cpu_T0, cpu_env, cpu_T0, cpu_T1);
1719 gen_op_st_rm_T0_A0(s, ot, op1);
1722 /* XXX: add faster immediate case */
1723 static void gen_shiftd_rm_T1(DisasContext *s, TCGMemOp ot, int op1,
1724 bool is_right, TCGv count_in)
1726 target_ulong mask = (ot == MO_64 ? 63 : 31);
1730 if (op1 == OR_TMP0) {
1731 gen_op_ld_v(s, ot, cpu_T0, cpu_A0);
1733 gen_op_mov_v_reg(ot, cpu_T0, op1);
1736 count = tcg_temp_new();
1737 tcg_gen_andi_tl(count, count_in, mask);
1741 /* Note: we implement the Intel behaviour for shift count > 16.
1742 This means "shrdw C, B, A" shifts A:B:A >> C. Build the B:A
1743 portion by constructing it as a 32-bit value. */
1745 tcg_gen_deposit_tl(cpu_tmp0, cpu_T0, cpu_T1, 16, 16);
1746 tcg_gen_mov_tl(cpu_T1, cpu_T0);
1747 tcg_gen_mov_tl(cpu_T0, cpu_tmp0);
1749 tcg_gen_deposit_tl(cpu_T1, cpu_T0, cpu_T1, 16, 16);
1752 #ifdef TARGET_X86_64
1754 /* Concatenate the two 32-bit values and use a 64-bit shift. */
1755 tcg_gen_subi_tl(cpu_tmp0, count, 1);
1757 tcg_gen_concat_tl_i64(cpu_T0, cpu_T0, cpu_T1);
1758 tcg_gen_shr_i64(cpu_tmp0, cpu_T0, cpu_tmp0);
1759 tcg_gen_shr_i64(cpu_T0, cpu_T0, count);
1761 tcg_gen_concat_tl_i64(cpu_T0, cpu_T1, cpu_T0);
1762 tcg_gen_shl_i64(cpu_tmp0, cpu_T0, cpu_tmp0);
1763 tcg_gen_shl_i64(cpu_T0, cpu_T0, count);
1764 tcg_gen_shri_i64(cpu_tmp0, cpu_tmp0, 32);
1765 tcg_gen_shri_i64(cpu_T0, cpu_T0, 32);
1770 tcg_gen_subi_tl(cpu_tmp0, count, 1);
1772 tcg_gen_shr_tl(cpu_tmp0, cpu_T0, cpu_tmp0);
1774 tcg_gen_subfi_tl(cpu_tmp4, mask + 1, count);
1775 tcg_gen_shr_tl(cpu_T0, cpu_T0, count);
1776 tcg_gen_shl_tl(cpu_T1, cpu_T1, cpu_tmp4);
1778 tcg_gen_shl_tl(cpu_tmp0, cpu_T0, cpu_tmp0);
1780 /* Only needed if count > 16, for Intel behaviour. */
1781 tcg_gen_subfi_tl(cpu_tmp4, 33, count);
1782 tcg_gen_shr_tl(cpu_tmp4, cpu_T1, cpu_tmp4);
1783 tcg_gen_or_tl(cpu_tmp0, cpu_tmp0, cpu_tmp4);
1786 tcg_gen_subfi_tl(cpu_tmp4, mask + 1, count);
1787 tcg_gen_shl_tl(cpu_T0, cpu_T0, count);
1788 tcg_gen_shr_tl(cpu_T1, cpu_T1, cpu_tmp4);
1790 tcg_gen_movi_tl(cpu_tmp4, 0);
1791 tcg_gen_movcond_tl(TCG_COND_EQ, cpu_T1, count, cpu_tmp4,
1793 tcg_gen_or_tl(cpu_T0, cpu_T0, cpu_T1);
1798 gen_op_st_rm_T0_A0(s, ot, op1);
1800 gen_shift_flags(s, ot, cpu_T0, cpu_tmp0, count, is_right);
1801 tcg_temp_free(count);
1804 static void gen_shift(DisasContext *s1, int op, TCGMemOp ot, int d, int s)
1807 gen_op_mov_v_reg(ot, cpu_T1, s);
1810 gen_rot_rm_T1(s1, ot, d, 0);
1813 gen_rot_rm_T1(s1, ot, d, 1);
1817 gen_shift_rm_T1(s1, ot, d, 0, 0);
1820 gen_shift_rm_T1(s1, ot, d, 1, 0);
1823 gen_shift_rm_T1(s1, ot, d, 1, 1);
1826 gen_rotc_rm_T1(s1, ot, d, 0);
1829 gen_rotc_rm_T1(s1, ot, d, 1);
1834 static void gen_shifti(DisasContext *s1, int op, TCGMemOp ot, int d, int c)
1838 gen_rot_rm_im(s1, ot, d, c, 0);
1841 gen_rot_rm_im(s1, ot, d, c, 1);
1845 gen_shift_rm_im(s1, ot, d, c, 0, 0);
1848 gen_shift_rm_im(s1, ot, d, c, 1, 0);
1851 gen_shift_rm_im(s1, ot, d, c, 1, 1);
1854 /* currently not optimized */
1855 tcg_gen_movi_tl(cpu_T1, c);
1856 gen_shift(s1, op, ot, d, OR_TMP1);
1861 /* Decompose an address. */
1863 typedef struct AddressParts {
1871 static AddressParts gen_lea_modrm_0(CPUX86State *env, DisasContext *s,
1874 int def_seg, base, index, scale, mod, rm;
1883 mod = (modrm >> 6) & 3;
1885 base = rm | REX_B(s);
1888 /* Normally filtered out earlier, but including this path
1889 simplifies multi-byte nop, as well as bndcl, bndcu, bndcn. */
1898 int code = cpu_ldub_code(env, s->pc++);
1899 scale = (code >> 6) & 3;
1900 index = ((code >> 3) & 7) | REX_X(s);
1902 index = -1; /* no index */
1904 base = (code & 7) | REX_B(s);
1910 if ((base & 7) == 5) {
1912 disp = (int32_t)cpu_ldl_code(env, s->pc);
1914 if (CODE64(s) && !havesib) {
1916 disp += s->pc + s->rip_offset;
1921 disp = (int8_t)cpu_ldub_code(env, s->pc++);
1925 disp = (int32_t)cpu_ldl_code(env, s->pc);
1930 /* For correct popl handling with esp. */
1931 if (base == R_ESP && s->popl_esp_hack) {
1932 disp += s->popl_esp_hack;
1934 if (base == R_EBP || base == R_ESP) {
1943 disp = cpu_lduw_code(env, s->pc);
1947 } else if (mod == 1) {
1948 disp = (int8_t)cpu_ldub_code(env, s->pc++);
1950 disp = (int16_t)cpu_lduw_code(env, s->pc);
1995 return (AddressParts){ def_seg, base, index, scale, disp };
1998 /* Compute the address, with a minimum number of TCG ops. */
1999 static TCGv gen_lea_modrm_1(AddressParts a)
2006 ea = cpu_regs[a.index];
2008 tcg_gen_shli_tl(cpu_A0, cpu_regs[a.index], a.scale);
2012 tcg_gen_add_tl(cpu_A0, ea, cpu_regs[a.base]);
2015 } else if (a.base >= 0) {
2016 ea = cpu_regs[a.base];
2018 if (TCGV_IS_UNUSED(ea)) {
2019 tcg_gen_movi_tl(cpu_A0, a.disp);
2021 } else if (a.disp != 0) {
2022 tcg_gen_addi_tl(cpu_A0, ea, a.disp);
2029 static void gen_lea_modrm(CPUX86State *env, DisasContext *s, int modrm)
2031 AddressParts a = gen_lea_modrm_0(env, s, modrm);
2032 TCGv ea = gen_lea_modrm_1(a);
2033 gen_lea_v_seg(s, s->aflag, ea, a.def_seg, s->override);
2036 static void gen_nop_modrm(CPUX86State *env, DisasContext *s, int modrm)
2038 (void)gen_lea_modrm_0(env, s, modrm);
2041 /* Used for BNDCL, BNDCU, BNDCN. */
2042 static void gen_bndck(CPUX86State *env, DisasContext *s, int modrm,
2043 TCGCond cond, TCGv_i64 bndv)
2045 TCGv ea = gen_lea_modrm_1(gen_lea_modrm_0(env, s, modrm));
2047 tcg_gen_extu_tl_i64(cpu_tmp1_i64, ea);
2049 tcg_gen_ext32u_i64(cpu_tmp1_i64, cpu_tmp1_i64);
2051 tcg_gen_setcond_i64(cond, cpu_tmp1_i64, cpu_tmp1_i64, bndv);
2052 tcg_gen_extrl_i64_i32(cpu_tmp2_i32, cpu_tmp1_i64);
2053 gen_helper_bndck(cpu_env, cpu_tmp2_i32);
2056 /* used for LEA and MOV AX, mem */
2057 static void gen_add_A0_ds_seg(DisasContext *s)
2059 gen_lea_v_seg(s, s->aflag, cpu_A0, R_DS, s->override);
2062 /* generate modrm memory load or store of 'reg'. TMP0 is used if reg ==
2064 static void gen_ldst_modrm(CPUX86State *env, DisasContext *s, int modrm,
2065 TCGMemOp ot, int reg, int is_store)
2069 mod = (modrm >> 6) & 3;
2070 rm = (modrm & 7) | REX_B(s);
2074 gen_op_mov_v_reg(ot, cpu_T0, reg);
2075 gen_op_mov_reg_v(ot, rm, cpu_T0);
2077 gen_op_mov_v_reg(ot, cpu_T0, rm);
2079 gen_op_mov_reg_v(ot, reg, cpu_T0);
2082 gen_lea_modrm(env, s, modrm);
2085 gen_op_mov_v_reg(ot, cpu_T0, reg);
2086 gen_op_st_v(s, ot, cpu_T0, cpu_A0);
2088 gen_op_ld_v(s, ot, cpu_T0, cpu_A0);
2090 gen_op_mov_reg_v(ot, reg, cpu_T0);
2095 static inline uint32_t insn_get(CPUX86State *env, DisasContext *s, TCGMemOp ot)
2101 ret = cpu_ldub_code(env, s->pc);
2105 ret = cpu_lduw_code(env, s->pc);
2109 #ifdef TARGET_X86_64
2112 ret = cpu_ldl_code(env, s->pc);
2121 static inline int insn_const_size(TCGMemOp ot)
2130 static inline bool use_goto_tb(DisasContext *s, target_ulong pc)
2132 #ifndef CONFIG_USER_ONLY
2133 return (pc & TARGET_PAGE_MASK) == (s->tb->pc & TARGET_PAGE_MASK) ||
2134 (pc & TARGET_PAGE_MASK) == (s->pc_start & TARGET_PAGE_MASK);
2140 static inline void gen_goto_tb(DisasContext *s, int tb_num, target_ulong eip)
2142 target_ulong pc = s->cs_base + eip;
2144 if (use_goto_tb(s, pc)) {
2145 /* jump to same page: we can use a direct jump */
2146 tcg_gen_goto_tb(tb_num);
2148 tcg_gen_exit_tb((uintptr_t)s->tb + tb_num);
2150 /* jump to another page: currently not optimized */
2156 static inline void gen_jcc(DisasContext *s, int b,
2157 target_ulong val, target_ulong next_eip)
2162 l1 = gen_new_label();
2165 gen_goto_tb(s, 0, next_eip);
2168 gen_goto_tb(s, 1, val);
2169 s->is_jmp = DISAS_TB_JUMP;
2171 l1 = gen_new_label();
2172 l2 = gen_new_label();
2175 gen_jmp_im(next_eip);
2185 static void gen_cmovcc1(CPUX86State *env, DisasContext *s, TCGMemOp ot, int b,
2190 gen_ldst_modrm(env, s, modrm, ot, OR_TMP0, 0);
2192 cc = gen_prepare_cc(s, b, cpu_T1);
2193 if (cc.mask != -1) {
2194 TCGv t0 = tcg_temp_new();
2195 tcg_gen_andi_tl(t0, cc.reg, cc.mask);
2199 cc.reg2 = tcg_const_tl(cc.imm);
2202 tcg_gen_movcond_tl(cc.cond, cpu_T0, cc.reg, cc.reg2,
2203 cpu_T0, cpu_regs[reg]);
2204 gen_op_mov_reg_v(ot, reg, cpu_T0);
2206 if (cc.mask != -1) {
2207 tcg_temp_free(cc.reg);
2210 tcg_temp_free(cc.reg2);
2214 static inline void gen_op_movl_T0_seg(int seg_reg)
2216 tcg_gen_ld32u_tl(cpu_T0, cpu_env,
2217 offsetof(CPUX86State,segs[seg_reg].selector));
2220 static inline void gen_op_movl_seg_T0_vm(int seg_reg)
2222 tcg_gen_ext16u_tl(cpu_T0, cpu_T0);
2223 tcg_gen_st32_tl(cpu_T0, cpu_env,
2224 offsetof(CPUX86State,segs[seg_reg].selector));
2225 tcg_gen_shli_tl(cpu_seg_base[seg_reg], cpu_T0, 4);
2228 /* move T0 to seg_reg and compute if the CPU state may change. Never
2229 call this function with seg_reg == R_CS */
2230 static void gen_movl_seg_T0(DisasContext *s, int seg_reg)
2232 if (s->pe && !s->vm86) {
2233 tcg_gen_trunc_tl_i32(cpu_tmp2_i32, cpu_T0);
2234 gen_helper_load_seg(cpu_env, tcg_const_i32(seg_reg), cpu_tmp2_i32);
2235 /* abort translation because the addseg value may change or
2236 because ss32 may change. For R_SS, translation must always
2237 stop as a special handling must be done to disable hardware
2238 interrupts for the next instruction */
2239 if (seg_reg == R_SS || (s->code32 && seg_reg < R_FS))
2240 s->is_jmp = DISAS_TB_JUMP;
2242 gen_op_movl_seg_T0_vm(seg_reg);
2243 if (seg_reg == R_SS)
2244 s->is_jmp = DISAS_TB_JUMP;
2248 static inline int svm_is_rep(int prefixes)
2250 return ((prefixes & (PREFIX_REPZ | PREFIX_REPNZ)) ? 8 : 0);
2254 gen_svm_check_intercept_param(DisasContext *s, target_ulong pc_start,
2255 uint32_t type, uint64_t param)
2257 /* no SVM activated; fast case */
2258 if (likely(!(s->flags & HF_SVMI_MASK)))
2260 gen_update_cc_op(s);
2261 gen_jmp_im(pc_start - s->cs_base);
2262 gen_helper_svm_check_intercept_param(cpu_env, tcg_const_i32(type),
2263 tcg_const_i64(param));
2267 gen_svm_check_intercept(DisasContext *s, target_ulong pc_start, uint64_t type)
2269 gen_svm_check_intercept_param(s, pc_start, type, 0);
2272 static inline void gen_stack_update(DisasContext *s, int addend)
2274 gen_op_add_reg_im(mo_stacksize(s), R_ESP, addend);
2277 /* Generate a push. It depends on ss32, addseg and dflag. */
2278 static void gen_push_v(DisasContext *s, TCGv val)
2280 TCGMemOp d_ot = mo_pushpop(s, s->dflag);
2281 TCGMemOp a_ot = mo_stacksize(s);
2282 int size = 1 << d_ot;
2283 TCGv new_esp = cpu_A0;
2285 tcg_gen_subi_tl(cpu_A0, cpu_regs[R_ESP], size);
2290 tcg_gen_mov_tl(new_esp, cpu_A0);
2292 gen_lea_v_seg(s, a_ot, cpu_A0, R_SS, -1);
2295 gen_op_st_v(s, d_ot, val, cpu_A0);
2296 gen_op_mov_reg_v(a_ot, R_ESP, new_esp);
2299 /* two step pop is necessary for precise exceptions */
2300 static TCGMemOp gen_pop_T0(DisasContext *s)
2302 TCGMemOp d_ot = mo_pushpop(s, s->dflag);
2304 gen_lea_v_seg(s, mo_stacksize(s), cpu_regs[R_ESP], R_SS, -1);
2305 gen_op_ld_v(s, d_ot, cpu_T0, cpu_A0);
2310 static inline void gen_pop_update(DisasContext *s, TCGMemOp ot)
2312 gen_stack_update(s, 1 << ot);
2315 static inline void gen_stack_A0(DisasContext *s)
2317 gen_lea_v_seg(s, s->ss32 ? MO_32 : MO_16, cpu_regs[R_ESP], R_SS, -1);
2320 static void gen_pusha(DisasContext *s)
2322 TCGMemOp s_ot = s->ss32 ? MO_32 : MO_16;
2323 TCGMemOp d_ot = s->dflag;
2324 int size = 1 << d_ot;
2327 for (i = 0; i < 8; i++) {
2328 tcg_gen_addi_tl(cpu_A0, cpu_regs[R_ESP], (i - 8) * size);
2329 gen_lea_v_seg(s, s_ot, cpu_A0, R_SS, -1);
2330 gen_op_st_v(s, d_ot, cpu_regs[7 - i], cpu_A0);
2333 gen_stack_update(s, -8 * size);
2336 static void gen_popa(DisasContext *s)
2338 TCGMemOp s_ot = s->ss32 ? MO_32 : MO_16;
2339 TCGMemOp d_ot = s->dflag;
2340 int size = 1 << d_ot;
2343 for (i = 0; i < 8; i++) {
2344 /* ESP is not reloaded */
2345 if (7 - i == R_ESP) {
2348 tcg_gen_addi_tl(cpu_A0, cpu_regs[R_ESP], i * size);
2349 gen_lea_v_seg(s, s_ot, cpu_A0, R_SS, -1);
2350 gen_op_ld_v(s, d_ot, cpu_T0, cpu_A0);
2351 gen_op_mov_reg_v(d_ot, 7 - i, cpu_T0);
2354 gen_stack_update(s, 8 * size);
2357 static void gen_enter(DisasContext *s, int esp_addend, int level)
2359 TCGMemOp d_ot = mo_pushpop(s, s->dflag);
2360 TCGMemOp a_ot = CODE64(s) ? MO_64 : s->ss32 ? MO_32 : MO_16;
2361 int size = 1 << d_ot;
2363 /* Push BP; compute FrameTemp into T1. */
2364 tcg_gen_subi_tl(cpu_T1, cpu_regs[R_ESP], size);
2365 gen_lea_v_seg(s, a_ot, cpu_T1, R_SS, -1);
2366 gen_op_st_v(s, d_ot, cpu_regs[R_EBP], cpu_A0);
2372 /* Copy level-1 pointers from the previous frame. */
2373 for (i = 1; i < level; ++i) {
2374 tcg_gen_subi_tl(cpu_A0, cpu_regs[R_EBP], size * i);
2375 gen_lea_v_seg(s, a_ot, cpu_A0, R_SS, -1);
2376 gen_op_ld_v(s, d_ot, cpu_tmp0, cpu_A0);
2378 tcg_gen_subi_tl(cpu_A0, cpu_T1, size * i);
2379 gen_lea_v_seg(s, a_ot, cpu_A0, R_SS, -1);
2380 gen_op_st_v(s, d_ot, cpu_tmp0, cpu_A0);
2383 /* Push the current FrameTemp as the last level. */
2384 tcg_gen_subi_tl(cpu_A0, cpu_T1, size * level);
2385 gen_lea_v_seg(s, a_ot, cpu_A0, R_SS, -1);
2386 gen_op_st_v(s, d_ot, cpu_T1, cpu_A0);
2389 /* Copy the FrameTemp value to EBP. */
2390 gen_op_mov_reg_v(a_ot, R_EBP, cpu_T1);
2392 /* Compute the final value of ESP. */
2393 tcg_gen_subi_tl(cpu_T1, cpu_T1, esp_addend + size * level);
2394 gen_op_mov_reg_v(a_ot, R_ESP, cpu_T1);
2397 static void gen_leave(DisasContext *s)
2399 TCGMemOp d_ot = mo_pushpop(s, s->dflag);
2400 TCGMemOp a_ot = mo_stacksize(s);
2402 gen_lea_v_seg(s, a_ot, cpu_regs[R_EBP], R_SS, -1);
2403 gen_op_ld_v(s, d_ot, cpu_T0, cpu_A0);
2405 tcg_gen_addi_tl(cpu_T1, cpu_regs[R_EBP], 1 << d_ot);
2407 gen_op_mov_reg_v(d_ot, R_EBP, cpu_T0);
2408 gen_op_mov_reg_v(a_ot, R_ESP, cpu_T1);
2411 static void gen_exception(DisasContext *s, int trapno, target_ulong cur_eip)
2413 gen_update_cc_op(s);
2414 gen_jmp_im(cur_eip);
2415 gen_helper_raise_exception(cpu_env, tcg_const_i32(trapno));
2416 s->is_jmp = DISAS_TB_JUMP;
2419 /* Generate #UD for the current instruction. The assumption here is that
2420 the instruction is known, but it isn't allowed in the current cpu mode. */
2421 static void gen_illegal_opcode(DisasContext *s)
2423 gen_exception(s, EXCP06_ILLOP, s->pc_start - s->cs_base);
2426 /* Similarly, except that the assumption here is that we don't decode
2427 the instruction at all -- either a missing opcode, an unimplemented
2428 feature, or just a bogus instruction stream. */
2429 static void gen_unknown_opcode(CPUX86State *env, DisasContext *s)
2431 gen_illegal_opcode(s);
2433 if (qemu_loglevel_mask(LOG_UNIMP)) {
2434 target_ulong pc = s->pc_start, end = s->pc;
2436 qemu_log("ILLOPC: " TARGET_FMT_lx ":", pc);
2437 for (; pc < end; ++pc) {
2438 qemu_log(" %02x", cpu_ldub_code(env, pc));
2445 /* an interrupt is different from an exception because of the
2447 static void gen_interrupt(DisasContext *s, int intno,
2448 target_ulong cur_eip, target_ulong next_eip)
2450 gen_update_cc_op(s);
2451 gen_jmp_im(cur_eip);
2452 gen_helper_raise_interrupt(cpu_env, tcg_const_i32(intno),
2453 tcg_const_i32(next_eip - cur_eip));
2454 s->is_jmp = DISAS_TB_JUMP;
2457 static void gen_debug(DisasContext *s, target_ulong cur_eip)
2459 gen_update_cc_op(s);
2460 gen_jmp_im(cur_eip);
2461 gen_helper_debug(cpu_env);
2462 s->is_jmp = DISAS_TB_JUMP;
2465 static void gen_set_hflag(DisasContext *s, uint32_t mask)
2467 if ((s->flags & mask) == 0) {
2468 TCGv_i32 t = tcg_temp_new_i32();
2469 tcg_gen_ld_i32(t, cpu_env, offsetof(CPUX86State, hflags));
2470 tcg_gen_ori_i32(t, t, mask);
2471 tcg_gen_st_i32(t, cpu_env, offsetof(CPUX86State, hflags));
2472 tcg_temp_free_i32(t);
2477 static void gen_reset_hflag(DisasContext *s, uint32_t mask)
2479 if (s->flags & mask) {
2480 TCGv_i32 t = tcg_temp_new_i32();
2481 tcg_gen_ld_i32(t, cpu_env, offsetof(CPUX86State, hflags));
2482 tcg_gen_andi_i32(t, t, ~mask);
2483 tcg_gen_st_i32(t, cpu_env, offsetof(CPUX86State, hflags));
2484 tcg_temp_free_i32(t);
2489 /* Clear BND registers during legacy branches. */
2490 static void gen_bnd_jmp(DisasContext *s)
2492 /* Clear the registers only if BND prefix is missing, MPX is enabled,
2493 and if the BNDREGs are known to be in use (non-zero) already.
2494 The helper itself will check BNDPRESERVE at runtime. */
2495 if ((s->prefix & PREFIX_REPNZ) == 0
2496 && (s->flags & HF_MPX_EN_MASK) != 0
2497 && (s->flags & HF_MPX_IU_MASK) != 0) {
2498 gen_helper_bnd_jmp(cpu_env);
2502 /* Generate an end of block. Trace exception is also generated if needed.
2503 If IIM, set HF_INHIBIT_IRQ_MASK if it isn't already set. */
2504 static void gen_eob_inhibit_irq(DisasContext *s, bool inhibit)
2506 gen_update_cc_op(s);
2508 /* If several instructions disable interrupts, only the first does it. */
2509 if (inhibit && !(s->flags & HF_INHIBIT_IRQ_MASK)) {
2510 gen_set_hflag(s, HF_INHIBIT_IRQ_MASK);
2512 gen_reset_hflag(s, HF_INHIBIT_IRQ_MASK);
2515 if (s->tb->flags & HF_RF_MASK) {
2516 gen_helper_reset_rf(cpu_env);
2518 if (s->singlestep_enabled) {
2519 gen_helper_debug(cpu_env);
2521 gen_helper_single_step(cpu_env);
2525 s->is_jmp = DISAS_TB_JUMP;
2528 /* End of block, resetting the inhibit irq flag. */
2529 static void gen_eob(DisasContext *s)
2531 gen_eob_inhibit_irq(s, false);
2534 /* generate a jump to eip. No segment change must happen before as a
2535 direct call to the next block may occur */
2536 static void gen_jmp_tb(DisasContext *s, target_ulong eip, int tb_num)
2538 gen_update_cc_op(s);
2539 set_cc_op(s, CC_OP_DYNAMIC);
2541 gen_goto_tb(s, tb_num, eip);
2542 s->is_jmp = DISAS_TB_JUMP;
2549 static void gen_jmp(DisasContext *s, target_ulong eip)
2551 gen_jmp_tb(s, eip, 0);
2554 static inline void gen_ldq_env_A0(DisasContext *s, int offset)
2556 tcg_gen_qemu_ld_i64(cpu_tmp1_i64, cpu_A0, s->mem_index, MO_LEQ);
2557 tcg_gen_st_i64(cpu_tmp1_i64, cpu_env, offset);
2560 static inline void gen_stq_env_A0(DisasContext *s, int offset)
2562 tcg_gen_ld_i64(cpu_tmp1_i64, cpu_env, offset);
2563 tcg_gen_qemu_st_i64(cpu_tmp1_i64, cpu_A0, s->mem_index, MO_LEQ);
2566 static inline void gen_ldo_env_A0(DisasContext *s, int offset)
2568 int mem_index = s->mem_index;
2569 tcg_gen_qemu_ld_i64(cpu_tmp1_i64, cpu_A0, mem_index, MO_LEQ);
2570 tcg_gen_st_i64(cpu_tmp1_i64, cpu_env, offset + offsetof(ZMMReg, ZMM_Q(0)));
2571 tcg_gen_addi_tl(cpu_tmp0, cpu_A0, 8);
2572 tcg_gen_qemu_ld_i64(cpu_tmp1_i64, cpu_tmp0, mem_index, MO_LEQ);
2573 tcg_gen_st_i64(cpu_tmp1_i64, cpu_env, offset + offsetof(ZMMReg, ZMM_Q(1)));
2576 static inline void gen_sto_env_A0(DisasContext *s, int offset)
2578 int mem_index = s->mem_index;
2579 tcg_gen_ld_i64(cpu_tmp1_i64, cpu_env, offset + offsetof(ZMMReg, ZMM_Q(0)));
2580 tcg_gen_qemu_st_i64(cpu_tmp1_i64, cpu_A0, mem_index, MO_LEQ);
2581 tcg_gen_addi_tl(cpu_tmp0, cpu_A0, 8);
2582 tcg_gen_ld_i64(cpu_tmp1_i64, cpu_env, offset + offsetof(ZMMReg, ZMM_Q(1)));
2583 tcg_gen_qemu_st_i64(cpu_tmp1_i64, cpu_tmp0, mem_index, MO_LEQ);
2586 static inline void gen_op_movo(int d_offset, int s_offset)
2588 tcg_gen_ld_i64(cpu_tmp1_i64, cpu_env, s_offset + offsetof(ZMMReg, ZMM_Q(0)));
2589 tcg_gen_st_i64(cpu_tmp1_i64, cpu_env, d_offset + offsetof(ZMMReg, ZMM_Q(0)));
2590 tcg_gen_ld_i64(cpu_tmp1_i64, cpu_env, s_offset + offsetof(ZMMReg, ZMM_Q(1)));
2591 tcg_gen_st_i64(cpu_tmp1_i64, cpu_env, d_offset + offsetof(ZMMReg, ZMM_Q(1)));
2594 static inline void gen_op_movq(int d_offset, int s_offset)
2596 tcg_gen_ld_i64(cpu_tmp1_i64, cpu_env, s_offset);
2597 tcg_gen_st_i64(cpu_tmp1_i64, cpu_env, d_offset);
2600 static inline void gen_op_movl(int d_offset, int s_offset)
2602 tcg_gen_ld_i32(cpu_tmp2_i32, cpu_env, s_offset);
2603 tcg_gen_st_i32(cpu_tmp2_i32, cpu_env, d_offset);
2606 static inline void gen_op_movq_env_0(int d_offset)
2608 tcg_gen_movi_i64(cpu_tmp1_i64, 0);
2609 tcg_gen_st_i64(cpu_tmp1_i64, cpu_env, d_offset);
2612 typedef void (*SSEFunc_i_ep)(TCGv_i32 val, TCGv_ptr env, TCGv_ptr reg);
2613 typedef void (*SSEFunc_l_ep)(TCGv_i64 val, TCGv_ptr env, TCGv_ptr reg);
2614 typedef void (*SSEFunc_0_epi)(TCGv_ptr env, TCGv_ptr reg, TCGv_i32 val);
2615 typedef void (*SSEFunc_0_epl)(TCGv_ptr env, TCGv_ptr reg, TCGv_i64 val);
2616 typedef void (*SSEFunc_0_epp)(TCGv_ptr env, TCGv_ptr reg_a, TCGv_ptr reg_b);
2617 typedef void (*SSEFunc_0_eppi)(TCGv_ptr env, TCGv_ptr reg_a, TCGv_ptr reg_b,
2619 typedef void (*SSEFunc_0_ppi)(TCGv_ptr reg_a, TCGv_ptr reg_b, TCGv_i32 val);
2620 typedef void (*SSEFunc_0_eppt)(TCGv_ptr env, TCGv_ptr reg_a, TCGv_ptr reg_b,
2623 #define SSE_SPECIAL ((void *)1)
2624 #define SSE_DUMMY ((void *)2)
2626 #define MMX_OP2(x) { gen_helper_ ## x ## _mmx, gen_helper_ ## x ## _xmm }
2627 #define SSE_FOP(x) { gen_helper_ ## x ## ps, gen_helper_ ## x ## pd, \
2628 gen_helper_ ## x ## ss, gen_helper_ ## x ## sd, }
2630 static const SSEFunc_0_epp sse_op_table1[256][4] = {
2631 /* 3DNow! extensions */
2632 [0x0e] = { SSE_DUMMY }, /* femms */
2633 [0x0f] = { SSE_DUMMY }, /* pf... */
2634 /* pure SSE operations */
2635 [0x10] = { SSE_SPECIAL, SSE_SPECIAL, SSE_SPECIAL, SSE_SPECIAL }, /* movups, movupd, movss, movsd */
2636 [0x11] = { SSE_SPECIAL, SSE_SPECIAL, SSE_SPECIAL, SSE_SPECIAL }, /* movups, movupd, movss, movsd */
2637 [0x12] = { SSE_SPECIAL, SSE_SPECIAL, SSE_SPECIAL, SSE_SPECIAL }, /* movlps, movlpd, movsldup, movddup */
2638 [0x13] = { SSE_SPECIAL, SSE_SPECIAL }, /* movlps, movlpd */
2639 [0x14] = { gen_helper_punpckldq_xmm, gen_helper_punpcklqdq_xmm },
2640 [0x15] = { gen_helper_punpckhdq_xmm, gen_helper_punpckhqdq_xmm },
2641 [0x16] = { SSE_SPECIAL, SSE_SPECIAL, SSE_SPECIAL }, /* movhps, movhpd, movshdup */
2642 [0x17] = { SSE_SPECIAL, SSE_SPECIAL }, /* movhps, movhpd */
2644 [0x28] = { SSE_SPECIAL, SSE_SPECIAL }, /* movaps, movapd */
2645 [0x29] = { SSE_SPECIAL, SSE_SPECIAL }, /* movaps, movapd */
2646 [0x2a] = { SSE_SPECIAL, SSE_SPECIAL, SSE_SPECIAL, SSE_SPECIAL }, /* cvtpi2ps, cvtpi2pd, cvtsi2ss, cvtsi2sd */
2647 [0x2b] = { SSE_SPECIAL, SSE_SPECIAL, SSE_SPECIAL, SSE_SPECIAL }, /* movntps, movntpd, movntss, movntsd */
2648 [0x2c] = { SSE_SPECIAL, SSE_SPECIAL, SSE_SPECIAL, SSE_SPECIAL }, /* cvttps2pi, cvttpd2pi, cvttsd2si, cvttss2si */
2649 [0x2d] = { SSE_SPECIAL, SSE_SPECIAL, SSE_SPECIAL, SSE_SPECIAL }, /* cvtps2pi, cvtpd2pi, cvtsd2si, cvtss2si */
2650 [0x2e] = { gen_helper_ucomiss, gen_helper_ucomisd },
2651 [0x2f] = { gen_helper_comiss, gen_helper_comisd },
2652 [0x50] = { SSE_SPECIAL, SSE_SPECIAL }, /* movmskps, movmskpd */
2653 [0x51] = SSE_FOP(sqrt),
2654 [0x52] = { gen_helper_rsqrtps, NULL, gen_helper_rsqrtss, NULL },
2655 [0x53] = { gen_helper_rcpps, NULL, gen_helper_rcpss, NULL },
2656 [0x54] = { gen_helper_pand_xmm, gen_helper_pand_xmm }, /* andps, andpd */
2657 [0x55] = { gen_helper_pandn_xmm, gen_helper_pandn_xmm }, /* andnps, andnpd */
2658 [0x56] = { gen_helper_por_xmm, gen_helper_por_xmm }, /* orps, orpd */
2659 [0x57] = { gen_helper_pxor_xmm, gen_helper_pxor_xmm }, /* xorps, xorpd */
2660 [0x58] = SSE_FOP(add),
2661 [0x59] = SSE_FOP(mul),
2662 [0x5a] = { gen_helper_cvtps2pd, gen_helper_cvtpd2ps,
2663 gen_helper_cvtss2sd, gen_helper_cvtsd2ss },
2664 [0x5b] = { gen_helper_cvtdq2ps, gen_helper_cvtps2dq, gen_helper_cvttps2dq },
2665 [0x5c] = SSE_FOP(sub),
2666 [0x5d] = SSE_FOP(min),
2667 [0x5e] = SSE_FOP(div),
2668 [0x5f] = SSE_FOP(max),
2670 [0xc2] = SSE_FOP(cmpeq),
2671 [0xc6] = { (SSEFunc_0_epp)gen_helper_shufps,
2672 (SSEFunc_0_epp)gen_helper_shufpd }, /* XXX: casts */
2674 /* SSSE3, SSE4, MOVBE, CRC32, BMI1, BMI2, ADX. */
2675 [0x38] = { SSE_SPECIAL, SSE_SPECIAL, SSE_SPECIAL, SSE_SPECIAL },
2676 [0x3a] = { SSE_SPECIAL, SSE_SPECIAL, SSE_SPECIAL, SSE_SPECIAL },
2678 /* MMX ops and their SSE extensions */
2679 [0x60] = MMX_OP2(punpcklbw),
2680 [0x61] = MMX_OP2(punpcklwd),
2681 [0x62] = MMX_OP2(punpckldq),
2682 [0x63] = MMX_OP2(packsswb),
2683 [0x64] = MMX_OP2(pcmpgtb),
2684 [0x65] = MMX_OP2(pcmpgtw),
2685 [0x66] = MMX_OP2(pcmpgtl),
2686 [0x67] = MMX_OP2(packuswb),
2687 [0x68] = MMX_OP2(punpckhbw),
2688 [0x69] = MMX_OP2(punpckhwd),
2689 [0x6a] = MMX_OP2(punpckhdq),
2690 [0x6b] = MMX_OP2(packssdw),
2691 [0x6c] = { NULL, gen_helper_punpcklqdq_xmm },
2692 [0x6d] = { NULL, gen_helper_punpckhqdq_xmm },
2693 [0x6e] = { SSE_SPECIAL, SSE_SPECIAL }, /* movd mm, ea */
2694 [0x6f] = { SSE_SPECIAL, SSE_SPECIAL, SSE_SPECIAL }, /* movq, movdqa, , movqdu */
2695 [0x70] = { (SSEFunc_0_epp)gen_helper_pshufw_mmx,
2696 (SSEFunc_0_epp)gen_helper_pshufd_xmm,
2697 (SSEFunc_0_epp)gen_helper_pshufhw_xmm,
2698 (SSEFunc_0_epp)gen_helper_pshuflw_xmm }, /* XXX: casts */
2699 [0x71] = { SSE_SPECIAL, SSE_SPECIAL }, /* shiftw */
2700 [0x72] = { SSE_SPECIAL, SSE_SPECIAL }, /* shiftd */
2701 [0x73] = { SSE_SPECIAL, SSE_SPECIAL }, /* shiftq */
2702 [0x74] = MMX_OP2(pcmpeqb),
2703 [0x75] = MMX_OP2(pcmpeqw),
2704 [0x76] = MMX_OP2(pcmpeql),
2705 [0x77] = { SSE_DUMMY }, /* emms */
2706 [0x78] = { NULL, SSE_SPECIAL, NULL, SSE_SPECIAL }, /* extrq_i, insertq_i */
2707 [0x79] = { NULL, gen_helper_extrq_r, NULL, gen_helper_insertq_r },
2708 [0x7c] = { NULL, gen_helper_haddpd, NULL, gen_helper_haddps },
2709 [0x7d] = { NULL, gen_helper_hsubpd, NULL, gen_helper_hsubps },
2710 [0x7e] = { SSE_SPECIAL, SSE_SPECIAL, SSE_SPECIAL }, /* movd, movd, , movq */
2711 [0x7f] = { SSE_SPECIAL, SSE_SPECIAL, SSE_SPECIAL }, /* movq, movdqa, movdqu */
2712 [0xc4] = { SSE_SPECIAL, SSE_SPECIAL }, /* pinsrw */
2713 [0xc5] = { SSE_SPECIAL, SSE_SPECIAL }, /* pextrw */
2714 [0xd0] = { NULL, gen_helper_addsubpd, NULL, gen_helper_addsubps },
2715 [0xd1] = MMX_OP2(psrlw),
2716 [0xd2] = MMX_OP2(psrld),
2717 [0xd3] = MMX_OP2(psrlq),
2718 [0xd4] = MMX_OP2(paddq),
2719 [0xd5] = MMX_OP2(pmullw),
2720 [0xd6] = { NULL, SSE_SPECIAL, SSE_SPECIAL, SSE_SPECIAL },
2721 [0xd7] = { SSE_SPECIAL, SSE_SPECIAL }, /* pmovmskb */
2722 [0xd8] = MMX_OP2(psubusb),
2723 [0xd9] = MMX_OP2(psubusw),
2724 [0xda] = MMX_OP2(pminub),
2725 [0xdb] = MMX_OP2(pand),
2726 [0xdc] = MMX_OP2(paddusb),
2727 [0xdd] = MMX_OP2(paddusw),
2728 [0xde] = MMX_OP2(pmaxub),
2729 [0xdf] = MMX_OP2(pandn),
2730 [0xe0] = MMX_OP2(pavgb),
2731 [0xe1] = MMX_OP2(psraw),
2732 [0xe2] = MMX_OP2(psrad),
2733 [0xe3] = MMX_OP2(pavgw),
2734 [0xe4] = MMX_OP2(pmulhuw),
2735 [0xe5] = MMX_OP2(pmulhw),
2736 [0xe6] = { NULL, gen_helper_cvttpd2dq, gen_helper_cvtdq2pd, gen_helper_cvtpd2dq },
2737 [0xe7] = { SSE_SPECIAL , SSE_SPECIAL }, /* movntq, movntq */
2738 [0xe8] = MMX_OP2(psubsb),
2739 [0xe9] = MMX_OP2(psubsw),
2740 [0xea] = MMX_OP2(pminsw),
2741 [0xeb] = MMX_OP2(por),
2742 [0xec] = MMX_OP2(paddsb),
2743 [0xed] = MMX_OP2(paddsw),
2744 [0xee] = MMX_OP2(pmaxsw),
2745 [0xef] = MMX_OP2(pxor),
2746 [0xf0] = { NULL, NULL, NULL, SSE_SPECIAL }, /* lddqu */
2747 [0xf1] = MMX_OP2(psllw),
2748 [0xf2] = MMX_OP2(pslld),
2749 [0xf3] = MMX_OP2(psllq),
2750 [0xf4] = MMX_OP2(pmuludq),
2751 [0xf5] = MMX_OP2(pmaddwd),
2752 [0xf6] = MMX_OP2(psadbw),
2753 [0xf7] = { (SSEFunc_0_epp)gen_helper_maskmov_mmx,
2754 (SSEFunc_0_epp)gen_helper_maskmov_xmm }, /* XXX: casts */
2755 [0xf8] = MMX_OP2(psubb),
2756 [0xf9] = MMX_OP2(psubw),
2757 [0xfa] = MMX_OP2(psubl),
2758 [0xfb] = MMX_OP2(psubq),
2759 [0xfc] = MMX_OP2(paddb),
2760 [0xfd] = MMX_OP2(paddw),
2761 [0xfe] = MMX_OP2(paddl),
2764 static const SSEFunc_0_epp sse_op_table2[3 * 8][2] = {
2765 [0 + 2] = MMX_OP2(psrlw),
2766 [0 + 4] = MMX_OP2(psraw),
2767 [0 + 6] = MMX_OP2(psllw),
2768 [8 + 2] = MMX_OP2(psrld),
2769 [8 + 4] = MMX_OP2(psrad),
2770 [8 + 6] = MMX_OP2(pslld),
2771 [16 + 2] = MMX_OP2(psrlq),
2772 [16 + 3] = { NULL, gen_helper_psrldq_xmm },
2773 [16 + 6] = MMX_OP2(psllq),
2774 [16 + 7] = { NULL, gen_helper_pslldq_xmm },
2777 static const SSEFunc_0_epi sse_op_table3ai[] = {
2778 gen_helper_cvtsi2ss,
2782 #ifdef TARGET_X86_64
2783 static const SSEFunc_0_epl sse_op_table3aq[] = {
2784 gen_helper_cvtsq2ss,
2789 static const SSEFunc_i_ep sse_op_table3bi[] = {
2790 gen_helper_cvttss2si,
2791 gen_helper_cvtss2si,
2792 gen_helper_cvttsd2si,
2796 #ifdef TARGET_X86_64
2797 static const SSEFunc_l_ep sse_op_table3bq[] = {
2798 gen_helper_cvttss2sq,
2799 gen_helper_cvtss2sq,
2800 gen_helper_cvttsd2sq,
2805 static const SSEFunc_0_epp sse_op_table4[8][4] = {
2816 static const SSEFunc_0_epp sse_op_table5[256] = {
2817 [0x0c] = gen_helper_pi2fw,
2818 [0x0d] = gen_helper_pi2fd,
2819 [0x1c] = gen_helper_pf2iw,
2820 [0x1d] = gen_helper_pf2id,
2821 [0x8a] = gen_helper_pfnacc,
2822 [0x8e] = gen_helper_pfpnacc,
2823 [0x90] = gen_helper_pfcmpge,
2824 [0x94] = gen_helper_pfmin,
2825 [0x96] = gen_helper_pfrcp,
2826 [0x97] = gen_helper_pfrsqrt,
2827 [0x9a] = gen_helper_pfsub,
2828 [0x9e] = gen_helper_pfadd,
2829 [0xa0] = gen_helper_pfcmpgt,
2830 [0xa4] = gen_helper_pfmax,
2831 [0xa6] = gen_helper_movq, /* pfrcpit1; no need to actually increase precision */
2832 [0xa7] = gen_helper_movq, /* pfrsqit1 */
2833 [0xaa] = gen_helper_pfsubr,
2834 [0xae] = gen_helper_pfacc,
2835 [0xb0] = gen_helper_pfcmpeq,
2836 [0xb4] = gen_helper_pfmul,
2837 [0xb6] = gen_helper_movq, /* pfrcpit2 */
2838 [0xb7] = gen_helper_pmulhrw_mmx,
2839 [0xbb] = gen_helper_pswapd,
2840 [0xbf] = gen_helper_pavgb_mmx /* pavgusb */
2843 struct SSEOpHelper_epp {
2844 SSEFunc_0_epp op[2];
2848 struct SSEOpHelper_eppi {
2849 SSEFunc_0_eppi op[2];
2853 #define SSSE3_OP(x) { MMX_OP2(x), CPUID_EXT_SSSE3 }
2854 #define SSE41_OP(x) { { NULL, gen_helper_ ## x ## _xmm }, CPUID_EXT_SSE41 }
2855 #define SSE42_OP(x) { { NULL, gen_helper_ ## x ## _xmm }, CPUID_EXT_SSE42 }
2856 #define SSE41_SPECIAL { { NULL, SSE_SPECIAL }, CPUID_EXT_SSE41 }
2857 #define PCLMULQDQ_OP(x) { { NULL, gen_helper_ ## x ## _xmm }, \
2858 CPUID_EXT_PCLMULQDQ }
2859 #define AESNI_OP(x) { { NULL, gen_helper_ ## x ## _xmm }, CPUID_EXT_AES }
2861 static const struct SSEOpHelper_epp sse_op_table6[256] = {
2862 [0x00] = SSSE3_OP(pshufb),
2863 [0x01] = SSSE3_OP(phaddw),
2864 [0x02] = SSSE3_OP(phaddd),
2865 [0x03] = SSSE3_OP(phaddsw),
2866 [0x04] = SSSE3_OP(pmaddubsw),
2867 [0x05] = SSSE3_OP(phsubw),
2868 [0x06] = SSSE3_OP(phsubd),
2869 [0x07] = SSSE3_OP(phsubsw),
2870 [0x08] = SSSE3_OP(psignb),
2871 [0x09] = SSSE3_OP(psignw),
2872 [0x0a] = SSSE3_OP(psignd),
2873 [0x0b] = SSSE3_OP(pmulhrsw),
2874 [0x10] = SSE41_OP(pblendvb),
2875 [0x14] = SSE41_OP(blendvps),
2876 [0x15] = SSE41_OP(blendvpd),
2877 [0x17] = SSE41_OP(ptest),
2878 [0x1c] = SSSE3_OP(pabsb),
2879 [0x1d] = SSSE3_OP(pabsw),
2880 [0x1e] = SSSE3_OP(pabsd),
2881 [0x20] = SSE41_OP(pmovsxbw),
2882 [0x21] = SSE41_OP(pmovsxbd),
2883 [0x22] = SSE41_OP(pmovsxbq),
2884 [0x23] = SSE41_OP(pmovsxwd),
2885 [0x24] = SSE41_OP(pmovsxwq),
2886 [0x25] = SSE41_OP(pmovsxdq),
2887 [0x28] = SSE41_OP(pmuldq),
2888 [0x29] = SSE41_OP(pcmpeqq),
2889 [0x2a] = SSE41_SPECIAL, /* movntqda */
2890 [0x2b] = SSE41_OP(packusdw),
2891 [0x30] = SSE41_OP(pmovzxbw),
2892 [0x31] = SSE41_OP(pmovzxbd),
2893 [0x32] = SSE41_OP(pmovzxbq),
2894 [0x33] = SSE41_OP(pmovzxwd),
2895 [0x34] = SSE41_OP(pmovzxwq),
2896 [0x35] = SSE41_OP(pmovzxdq),
2897 [0x37] = SSE42_OP(pcmpgtq),
2898 [0x38] = SSE41_OP(pminsb),
2899 [0x39] = SSE41_OP(pminsd),
2900 [0x3a] = SSE41_OP(pminuw),
2901 [0x3b] = SSE41_OP(pminud),
2902 [0x3c] = SSE41_OP(pmaxsb),
2903 [0x3d] = SSE41_OP(pmaxsd),
2904 [0x3e] = SSE41_OP(pmaxuw),
2905 [0x3f] = SSE41_OP(pmaxud),
2906 [0x40] = SSE41_OP(pmulld),
2907 [0x41] = SSE41_OP(phminposuw),
2908 [0xdb] = AESNI_OP(aesimc),
2909 [0xdc] = AESNI_OP(aesenc),
2910 [0xdd] = AESNI_OP(aesenclast),
2911 [0xde] = AESNI_OP(aesdec),
2912 [0xdf] = AESNI_OP(aesdeclast),
2915 static const struct SSEOpHelper_eppi sse_op_table7[256] = {
2916 [0x08] = SSE41_OP(roundps),
2917 [0x09] = SSE41_OP(roundpd),
2918 [0x0a] = SSE41_OP(roundss),
2919 [0x0b] = SSE41_OP(roundsd),
2920 [0x0c] = SSE41_OP(blendps),
2921 [0x0d] = SSE41_OP(blendpd),
2922 [0x0e] = SSE41_OP(pblendw),
2923 [0x0f] = SSSE3_OP(palignr),
2924 [0x14] = SSE41_SPECIAL, /* pextrb */
2925 [0x15] = SSE41_SPECIAL, /* pextrw */
2926 [0x16] = SSE41_SPECIAL, /* pextrd/pextrq */
2927 [0x17] = SSE41_SPECIAL, /* extractps */
2928 [0x20] = SSE41_SPECIAL, /* pinsrb */
2929 [0x21] = SSE41_SPECIAL, /* insertps */
2930 [0x22] = SSE41_SPECIAL, /* pinsrd/pinsrq */
2931 [0x40] = SSE41_OP(dpps),
2932 [0x41] = SSE41_OP(dppd),
2933 [0x42] = SSE41_OP(mpsadbw),
2934 [0x44] = PCLMULQDQ_OP(pclmulqdq),
2935 [0x60] = SSE42_OP(pcmpestrm),
2936 [0x61] = SSE42_OP(pcmpestri),
2937 [0x62] = SSE42_OP(pcmpistrm),
2938 [0x63] = SSE42_OP(pcmpistri),
2939 [0xdf] = AESNI_OP(aeskeygenassist),
2942 static void gen_sse(CPUX86State *env, DisasContext *s, int b,
2943 target_ulong pc_start, int rex_r)
2945 int b1, op1_offset, op2_offset, is_xmm, val;
2946 int modrm, mod, rm, reg;
2947 SSEFunc_0_epp sse_fn_epp;
2948 SSEFunc_0_eppi sse_fn_eppi;
2949 SSEFunc_0_ppi sse_fn_ppi;
2950 SSEFunc_0_eppt sse_fn_eppt;
2954 if (s->prefix & PREFIX_DATA)
2956 else if (s->prefix & PREFIX_REPZ)
2958 else if (s->prefix & PREFIX_REPNZ)
2962 sse_fn_epp = sse_op_table1[b][b1];
2966 if ((b <= 0x5f && b >= 0x10) || b == 0xc6 || b == 0xc2) {
2976 /* simple MMX/SSE operation */
2977 if (s->flags & HF_TS_MASK) {
2978 gen_exception(s, EXCP07_PREX, pc_start - s->cs_base);
2981 if (s->flags & HF_EM_MASK) {
2983 gen_illegal_opcode(s);
2987 && !(s->flags & HF_OSFXSR_MASK)
2988 && ((b != 0x38 && b != 0x3a) || (s->prefix & PREFIX_DATA))) {
2992 if (!(s->cpuid_ext2_features & CPUID_EXT2_3DNOW)) {
2993 /* If we were fully decoding this we might use illegal_op. */
2997 gen_helper_emms(cpu_env);
3002 gen_helper_emms(cpu_env);
3005 /* prepare MMX state (XXX: optimize by storing fptt and fptags in
3006 the static cpu state) */
3008 gen_helper_enter_mmx(cpu_env);
3011 modrm = cpu_ldub_code(env, s->pc++);
3012 reg = ((modrm >> 3) & 7);
3015 mod = (modrm >> 6) & 3;
3016 if (sse_fn_epp == SSE_SPECIAL) {
3019 case 0x0e7: /* movntq */
3023 gen_lea_modrm(env, s, modrm);
3024 gen_stq_env_A0(s, offsetof(CPUX86State, fpregs[reg].mmx));
3026 case 0x1e7: /* movntdq */
3027 case 0x02b: /* movntps */
3028 case 0x12b: /* movntps */
3031 gen_lea_modrm(env, s, modrm);
3032 gen_sto_env_A0(s, offsetof(CPUX86State, xmm_regs[reg]));
3034 case 0x3f0: /* lddqu */
3037 gen_lea_modrm(env, s, modrm);
3038 gen_ldo_env_A0(s, offsetof(CPUX86State, xmm_regs[reg]));
3040 case 0x22b: /* movntss */
3041 case 0x32b: /* movntsd */
3044 gen_lea_modrm(env, s, modrm);
3046 gen_stq_env_A0(s, offsetof(CPUX86State,
3047 xmm_regs[reg].ZMM_Q(0)));
3049 tcg_gen_ld32u_tl(cpu_T0, cpu_env, offsetof(CPUX86State,
3050 xmm_regs[reg].ZMM_L(0)));
3051 gen_op_st_v(s, MO_32, cpu_T0, cpu_A0);
3054 case 0x6e: /* movd mm, ea */
3055 #ifdef TARGET_X86_64
3056 if (s->dflag == MO_64) {
3057 gen_ldst_modrm(env, s, modrm, MO_64, OR_TMP0, 0);
3058 tcg_gen_st_tl(cpu_T0, cpu_env, offsetof(CPUX86State,fpregs[reg].mmx));
3062 gen_ldst_modrm(env, s, modrm, MO_32, OR_TMP0, 0);
3063 tcg_gen_addi_ptr(cpu_ptr0, cpu_env,
3064 offsetof(CPUX86State,fpregs[reg].mmx));
3065 tcg_gen_trunc_tl_i32(cpu_tmp2_i32, cpu_T0);
3066 gen_helper_movl_mm_T0_mmx(cpu_ptr0, cpu_tmp2_i32);
3069 case 0x16e: /* movd xmm, ea */
3070 #ifdef TARGET_X86_64
3071 if (s->dflag == MO_64) {
3072 gen_ldst_modrm(env, s, modrm, MO_64, OR_TMP0, 0);
3073 tcg_gen_addi_ptr(cpu_ptr0, cpu_env,
3074 offsetof(CPUX86State,xmm_regs[reg]));
3075 gen_helper_movq_mm_T0_xmm(cpu_ptr0, cpu_T0);
3079 gen_ldst_modrm(env, s, modrm, MO_32, OR_TMP0, 0);
3080 tcg_gen_addi_ptr(cpu_ptr0, cpu_env,
3081 offsetof(CPUX86State,xmm_regs[reg]));
3082 tcg_gen_trunc_tl_i32(cpu_tmp2_i32, cpu_T0);
3083 gen_helper_movl_mm_T0_xmm(cpu_ptr0, cpu_tmp2_i32);
3086 case 0x6f: /* movq mm, ea */
3088 gen_lea_modrm(env, s, modrm);
3089 gen_ldq_env_A0(s, offsetof(CPUX86State, fpregs[reg].mmx));
3092 tcg_gen_ld_i64(cpu_tmp1_i64, cpu_env,
3093 offsetof(CPUX86State,fpregs[rm].mmx));
3094 tcg_gen_st_i64(cpu_tmp1_i64, cpu_env,
3095 offsetof(CPUX86State,fpregs[reg].mmx));
3098 case 0x010: /* movups */
3099 case 0x110: /* movupd */
3100 case 0x028: /* movaps */
3101 case 0x128: /* movapd */
3102 case 0x16f: /* movdqa xmm, ea */
3103 case 0x26f: /* movdqu xmm, ea */
3105 gen_lea_modrm(env, s, modrm);
3106 gen_ldo_env_A0(s, offsetof(CPUX86State, xmm_regs[reg]));
3108 rm = (modrm & 7) | REX_B(s);
3109 gen_op_movo(offsetof(CPUX86State,xmm_regs[reg]),
3110 offsetof(CPUX86State,xmm_regs[rm]));
3113 case 0x210: /* movss xmm, ea */
3115 gen_lea_modrm(env, s, modrm);
3116 gen_op_ld_v(s, MO_32, cpu_T0, cpu_A0);
3117 tcg_gen_st32_tl(cpu_T0, cpu_env, offsetof(CPUX86State,xmm_regs[reg].ZMM_L(0)));
3118 tcg_gen_movi_tl(cpu_T0, 0);
3119 tcg_gen_st32_tl(cpu_T0, cpu_env, offsetof(CPUX86State,xmm_regs[reg].ZMM_L(1)));
3120 tcg_gen_st32_tl(cpu_T0, cpu_env, offsetof(CPUX86State,xmm_regs[reg].ZMM_L(2)));
3121 tcg_gen_st32_tl(cpu_T0, cpu_env, offsetof(CPUX86State,xmm_regs[reg].ZMM_L(3)));
3123 rm = (modrm & 7) | REX_B(s);
3124 gen_op_movl(offsetof(CPUX86State,xmm_regs[reg].ZMM_L(0)),
3125 offsetof(CPUX86State,xmm_regs[rm].ZMM_L(0)));
3128 case 0x310: /* movsd xmm, ea */
3130 gen_lea_modrm(env, s, modrm);
3131 gen_ldq_env_A0(s, offsetof(CPUX86State,
3132 xmm_regs[reg].ZMM_Q(0)));
3133 tcg_gen_movi_tl(cpu_T0, 0);
3134 tcg_gen_st32_tl(cpu_T0, cpu_env, offsetof(CPUX86State,xmm_regs[reg].ZMM_L(2)));
3135 tcg_gen_st32_tl(cpu_T0, cpu_env, offsetof(CPUX86State,xmm_regs[reg].ZMM_L(3)));
3137 rm = (modrm & 7) | REX_B(s);
3138 gen_op_movq(offsetof(CPUX86State,xmm_regs[reg].ZMM_Q(0)),
3139 offsetof(CPUX86State,xmm_regs[rm].ZMM_Q(0)));
3142 case 0x012: /* movlps */
3143 case 0x112: /* movlpd */
3145 gen_lea_modrm(env, s, modrm);
3146 gen_ldq_env_A0(s, offsetof(CPUX86State,
3147 xmm_regs[reg].ZMM_Q(0)));
3150 rm = (modrm & 7) | REX_B(s);
3151 gen_op_movq(offsetof(CPUX86State,xmm_regs[reg].ZMM_Q(0)),
3152 offsetof(CPUX86State,xmm_regs[rm].ZMM_Q(1)));
3155 case 0x212: /* movsldup */
3157 gen_lea_modrm(env, s, modrm);
3158 gen_ldo_env_A0(s, offsetof(CPUX86State, xmm_regs[reg]));
3160 rm = (modrm & 7) | REX_B(s);
3161 gen_op_movl(offsetof(CPUX86State,xmm_regs[reg].ZMM_L(0)),
3162 offsetof(CPUX86State,xmm_regs[rm].ZMM_L(0)));
3163 gen_op_movl(offsetof(CPUX86State,xmm_regs[reg].ZMM_L(2)),
3164 offsetof(CPUX86State,xmm_regs[rm].ZMM_L(2)));
3166 gen_op_movl(offsetof(CPUX86State,xmm_regs[reg].ZMM_L(1)),
3167 offsetof(CPUX86State,xmm_regs[reg].ZMM_L(0)));
3168 gen_op_movl(offsetof(CPUX86State,xmm_regs[reg].ZMM_L(3)),
3169 offsetof(CPUX86State,xmm_regs[reg].ZMM_L(2)));
3171 case 0x312: /* movddup */
3173 gen_lea_modrm(env, s, modrm);
3174 gen_ldq_env_A0(s, offsetof(CPUX86State,
3175 xmm_regs[reg].ZMM_Q(0)));
3177 rm = (modrm & 7) | REX_B(s);
3178 gen_op_movq(offsetof(CPUX86State,xmm_regs[reg].ZMM_Q(0)),
3179 offsetof(CPUX86State,xmm_regs[rm].ZMM_Q(0)));
3181 gen_op_movq(offsetof(CPUX86State,xmm_regs[reg].ZMM_Q(1)),
3182 offsetof(CPUX86State,xmm_regs[reg].ZMM_Q(0)));
3184 case 0x016: /* movhps */
3185 case 0x116: /* movhpd */
3187 gen_lea_modrm(env, s, modrm);
3188 gen_ldq_env_A0(s, offsetof(CPUX86State,
3189 xmm_regs[reg].ZMM_Q(1)));
3192 rm = (modrm & 7) | REX_B(s);
3193 gen_op_movq(offsetof(CPUX86State,xmm_regs[reg].ZMM_Q(1)),
3194 offsetof(CPUX86State,xmm_regs[rm].ZMM_Q(0)));
3197 case 0x216: /* movshdup */
3199 gen_lea_modrm(env, s, modrm);
3200 gen_ldo_env_A0(s, offsetof(CPUX86State, xmm_regs[reg]));
3202 rm = (modrm & 7) | REX_B(s);
3203 gen_op_movl(offsetof(CPUX86State,xmm_regs[reg].ZMM_L(1)),
3204 offsetof(CPUX86State,xmm_regs[rm].ZMM_L(1)));
3205 gen_op_movl(offsetof(CPUX86State,xmm_regs[reg].ZMM_L(3)),
3206 offsetof(CPUX86State,xmm_regs[rm].ZMM_L(3)));
3208 gen_op_movl(offsetof(CPUX86State,xmm_regs[reg].ZMM_L(0)),
3209 offsetof(CPUX86State,xmm_regs[reg].ZMM_L(1)));
3210 gen_op_movl(offsetof(CPUX86State,xmm_regs[reg].ZMM_L(2)),
3211 offsetof(CPUX86State,xmm_regs[reg].ZMM_L(3)));
3216 int bit_index, field_length;
3218 if (b1 == 1 && reg != 0)
3220 field_length = cpu_ldub_code(env, s->pc++) & 0x3F;
3221 bit_index = cpu_ldub_code(env, s->pc++) & 0x3F;
3222 tcg_gen_addi_ptr(cpu_ptr0, cpu_env,
3223 offsetof(CPUX86State,xmm_regs[reg]));
3225 gen_helper_extrq_i(cpu_env, cpu_ptr0,
3226 tcg_const_i32(bit_index),
3227 tcg_const_i32(field_length));
3229 gen_helper_insertq_i(cpu_env, cpu_ptr0,
3230 tcg_const_i32(bit_index),
3231 tcg_const_i32(field_length));
3234 case 0x7e: /* movd ea, mm */
3235 #ifdef TARGET_X86_64
3236 if (s->dflag == MO_64) {
3237 tcg_gen_ld_i64(cpu_T0, cpu_env,
3238 offsetof(CPUX86State,fpregs[reg].mmx));
3239 gen_ldst_modrm(env, s, modrm, MO_64, OR_TMP0, 1);
3243 tcg_gen_ld32u_tl(cpu_T0, cpu_env,
3244 offsetof(CPUX86State,fpregs[reg].mmx.MMX_L(0)));
3245 gen_ldst_modrm(env, s, modrm, MO_32, OR_TMP0, 1);
3248 case 0x17e: /* movd ea, xmm */
3249 #ifdef TARGET_X86_64
3250 if (s->dflag == MO_64) {
3251 tcg_gen_ld_i64(cpu_T0, cpu_env,
3252 offsetof(CPUX86State,xmm_regs[reg].ZMM_Q(0)));
3253 gen_ldst_modrm(env, s, modrm, MO_64, OR_TMP0, 1);
3257 tcg_gen_ld32u_tl(cpu_T0, cpu_env,
3258 offsetof(CPUX86State,xmm_regs[reg].ZMM_L(0)));
3259 gen_ldst_modrm(env, s, modrm, MO_32, OR_TMP0, 1);
3262 case 0x27e: /* movq xmm, ea */
3264 gen_lea_modrm(env, s, modrm);
3265 gen_ldq_env_A0(s, offsetof(CPUX86State,
3266 xmm_regs[reg].ZMM_Q(0)));
3268 rm = (modrm & 7) | REX_B(s);
3269 gen_op_movq(offsetof(CPUX86State,xmm_regs[reg].ZMM_Q(0)),
3270 offsetof(CPUX86State,xmm_regs[rm].ZMM_Q(0)));
3272 gen_op_movq_env_0(offsetof(CPUX86State,xmm_regs[reg].ZMM_Q(1)));
3274 case 0x7f: /* movq ea, mm */
3276 gen_lea_modrm(env, s, modrm);
3277 gen_stq_env_A0(s, offsetof(CPUX86State, fpregs[reg].mmx));
3280 gen_op_movq(offsetof(CPUX86State,fpregs[rm].mmx),
3281 offsetof(CPUX86State,fpregs[reg].mmx));
3284 case 0x011: /* movups */
3285 case 0x111: /* movupd */
3286 case 0x029: /* movaps */
3287 case 0x129: /* movapd */
3288 case 0x17f: /* movdqa ea, xmm */
3289 case 0x27f: /* movdqu ea, xmm */
3291 gen_lea_modrm(env, s, modrm);
3292 gen_sto_env_A0(s, offsetof(CPUX86State, xmm_regs[reg]));
3294 rm = (modrm & 7) | REX_B(s);
3295 gen_op_movo(offsetof(CPUX86State,xmm_regs[rm]),
3296 offsetof(CPUX86State,xmm_regs[reg]));
3299 case 0x211: /* movss ea, xmm */
3301 gen_lea_modrm(env, s, modrm);
3302 tcg_gen_ld32u_tl(cpu_T0, cpu_env, offsetof(CPUX86State,xmm_regs[reg].ZMM_L(0)));
3303 gen_op_st_v(s, MO_32, cpu_T0, cpu_A0);
3305 rm = (modrm & 7) | REX_B(s);
3306 gen_op_movl(offsetof(CPUX86State,xmm_regs[rm].ZMM_L(0)),
3307 offsetof(CPUX86State,xmm_regs[reg].ZMM_L(0)));
3310 case 0x311: /* movsd ea, xmm */
3312 gen_lea_modrm(env, s, modrm);
3313 gen_stq_env_A0(s, offsetof(CPUX86State,
3314 xmm_regs[reg].ZMM_Q(0)));
3316 rm = (modrm & 7) | REX_B(s);
3317 gen_op_movq(offsetof(CPUX86State,xmm_regs[rm].ZMM_Q(0)),
3318 offsetof(CPUX86State,xmm_regs[reg].ZMM_Q(0)));
3321 case 0x013: /* movlps */
3322 case 0x113: /* movlpd */
3324 gen_lea_modrm(env, s, modrm);
3325 gen_stq_env_A0(s, offsetof(CPUX86State,
3326 xmm_regs[reg].ZMM_Q(0)));
3331 case 0x017: /* movhps */
3332 case 0x117: /* movhpd */
3334 gen_lea_modrm(env, s, modrm);
3335 gen_stq_env_A0(s, offsetof(CPUX86State,
3336 xmm_regs[reg].ZMM_Q(1)));
3341 case 0x71: /* shift mm, im */
3344 case 0x171: /* shift xmm, im */
3350 val = cpu_ldub_code(env, s->pc++);
3352 tcg_gen_movi_tl(cpu_T0, val);
3353 tcg_gen_st32_tl(cpu_T0, cpu_env, offsetof(CPUX86State,xmm_t0.ZMM_L(0)));
3354 tcg_gen_movi_tl(cpu_T0, 0);
3355 tcg_gen_st32_tl(cpu_T0, cpu_env, offsetof(CPUX86State,xmm_t0.ZMM_L(1)));
3356 op1_offset = offsetof(CPUX86State,xmm_t0);
3358 tcg_gen_movi_tl(cpu_T0, val);
3359 tcg_gen_st32_tl(cpu_T0, cpu_env, offsetof(CPUX86State,mmx_t0.MMX_L(0)));
3360 tcg_gen_movi_tl(cpu_T0, 0);
3361 tcg_gen_st32_tl(cpu_T0, cpu_env, offsetof(CPUX86State,mmx_t0.MMX_L(1)));
3362 op1_offset = offsetof(CPUX86State,mmx_t0);
3364 sse_fn_epp = sse_op_table2[((b - 1) & 3) * 8 +
3365 (((modrm >> 3)) & 7)][b1];
3370 rm = (modrm & 7) | REX_B(s);
3371 op2_offset = offsetof(CPUX86State,xmm_regs[rm]);
3374 op2_offset = offsetof(CPUX86State,fpregs[rm].mmx);
3376 tcg_gen_addi_ptr(cpu_ptr0, cpu_env, op2_offset);
3377 tcg_gen_addi_ptr(cpu_ptr1, cpu_env, op1_offset);
3378 sse_fn_epp(cpu_env, cpu_ptr0, cpu_ptr1);
3380 case 0x050: /* movmskps */
3381 rm = (modrm & 7) | REX_B(s);
3382 tcg_gen_addi_ptr(cpu_ptr0, cpu_env,
3383 offsetof(CPUX86State,xmm_regs[rm]));
3384 gen_helper_movmskps(cpu_tmp2_i32, cpu_env, cpu_ptr0);
3385 tcg_gen_extu_i32_tl(cpu_regs[reg], cpu_tmp2_i32);
3387 case 0x150: /* movmskpd */
3388 rm = (modrm & 7) | REX_B(s);
3389 tcg_gen_addi_ptr(cpu_ptr0, cpu_env,
3390 offsetof(CPUX86State,xmm_regs[rm]));
3391 gen_helper_movmskpd(cpu_tmp2_i32, cpu_env, cpu_ptr0);
3392 tcg_gen_extu_i32_tl(cpu_regs[reg], cpu_tmp2_i32);
3394 case 0x02a: /* cvtpi2ps */
3395 case 0x12a: /* cvtpi2pd */
3396 gen_helper_enter_mmx(cpu_env);
3398 gen_lea_modrm(env, s, modrm);
3399 op2_offset = offsetof(CPUX86State,mmx_t0);
3400 gen_ldq_env_A0(s, op2_offset);
3403 op2_offset = offsetof(CPUX86State,fpregs[rm].mmx);
3405 op1_offset = offsetof(CPUX86State,xmm_regs[reg]);
3406 tcg_gen_addi_ptr(cpu_ptr0, cpu_env, op1_offset);
3407 tcg_gen_addi_ptr(cpu_ptr1, cpu_env, op2_offset);
3410 gen_helper_cvtpi2ps(cpu_env, cpu_ptr0, cpu_ptr1);
3414 gen_helper_cvtpi2pd(cpu_env, cpu_ptr0, cpu_ptr1);
3418 case 0x22a: /* cvtsi2ss */
3419 case 0x32a: /* cvtsi2sd */
3420 ot = mo_64_32(s->dflag);
3421 gen_ldst_modrm(env, s, modrm, ot, OR_TMP0, 0);
3422 op1_offset = offsetof(CPUX86State,xmm_regs[reg]);
3423 tcg_gen_addi_ptr(cpu_ptr0, cpu_env, op1_offset);
3425 SSEFunc_0_epi sse_fn_epi = sse_op_table3ai[(b >> 8) & 1];
3426 tcg_gen_trunc_tl_i32(cpu_tmp2_i32, cpu_T0);
3427 sse_fn_epi(cpu_env, cpu_ptr0, cpu_tmp2_i32);
3429 #ifdef TARGET_X86_64
3430 SSEFunc_0_epl sse_fn_epl = sse_op_table3aq[(b >> 8) & 1];
3431 sse_fn_epl(cpu_env, cpu_ptr0, cpu_T0);
3437 case 0x02c: /* cvttps2pi */
3438 case 0x12c: /* cvttpd2pi */
3439 case 0x02d: /* cvtps2pi */
3440 case 0x12d: /* cvtpd2pi */
3441 gen_helper_enter_mmx(cpu_env);
3443 gen_lea_modrm(env, s, modrm);
3444 op2_offset = offsetof(CPUX86State,xmm_t0);
3445 gen_ldo_env_A0(s, op2_offset);
3447 rm = (modrm & 7) | REX_B(s);
3448 op2_offset = offsetof(CPUX86State,xmm_regs[rm]);
3450 op1_offset = offsetof(CPUX86State,fpregs[reg & 7].mmx);
3451 tcg_gen_addi_ptr(cpu_ptr0, cpu_env, op1_offset);
3452 tcg_gen_addi_ptr(cpu_ptr1, cpu_env, op2_offset);
3455 gen_helper_cvttps2pi(cpu_env, cpu_ptr0, cpu_ptr1);
3458 gen_helper_cvttpd2pi(cpu_env, cpu_ptr0, cpu_ptr1);
3461 gen_helper_cvtps2pi(cpu_env, cpu_ptr0, cpu_ptr1);
3464 gen_helper_cvtpd2pi(cpu_env, cpu_ptr0, cpu_ptr1);
3468 case 0x22c: /* cvttss2si */
3469 case 0x32c: /* cvttsd2si */
3470 case 0x22d: /* cvtss2si */
3471 case 0x32d: /* cvtsd2si */
3472 ot = mo_64_32(s->dflag);
3474 gen_lea_modrm(env, s, modrm);
3476 gen_ldq_env_A0(s, offsetof(CPUX86State, xmm_t0.ZMM_Q(0)));
3478 gen_op_ld_v(s, MO_32, cpu_T0, cpu_A0);
3479 tcg_gen_st32_tl(cpu_T0, cpu_env, offsetof(CPUX86State,xmm_t0.ZMM_L(0)));
3481 op2_offset = offsetof(CPUX86State,xmm_t0);
3483 rm = (modrm & 7) | REX_B(s);
3484 op2_offset = offsetof(CPUX86State,xmm_regs[rm]);
3486 tcg_gen_addi_ptr(cpu_ptr0, cpu_env, op2_offset);
3488 SSEFunc_i_ep sse_fn_i_ep =
3489 sse_op_table3bi[((b >> 7) & 2) | (b & 1)];
3490 sse_fn_i_ep(cpu_tmp2_i32, cpu_env, cpu_ptr0);
3491 tcg_gen_extu_i32_tl(cpu_T0, cpu_tmp2_i32);
3493 #ifdef TARGET_X86_64
3494 SSEFunc_l_ep sse_fn_l_ep =
3495 sse_op_table3bq[((b >> 7) & 2) | (b & 1)];
3496 sse_fn_l_ep(cpu_T0, cpu_env, cpu_ptr0);
3501 gen_op_mov_reg_v(ot, reg, cpu_T0);
3503 case 0xc4: /* pinsrw */
3506 gen_ldst_modrm(env, s, modrm, MO_16, OR_TMP0, 0);
3507 val = cpu_ldub_code(env, s->pc++);
3510 tcg_gen_st16_tl(cpu_T0, cpu_env,
3511 offsetof(CPUX86State,xmm_regs[reg].ZMM_W(val)));
3514 tcg_gen_st16_tl(cpu_T0, cpu_env,
3515 offsetof(CPUX86State,fpregs[reg].mmx.MMX_W(val)));
3518 case 0xc5: /* pextrw */
3522 ot = mo_64_32(s->dflag);
3523 val = cpu_ldub_code(env, s->pc++);
3526 rm = (modrm & 7) | REX_B(s);
3527 tcg_gen_ld16u_tl(cpu_T0, cpu_env,
3528 offsetof(CPUX86State,xmm_regs[rm].ZMM_W(val)));
3532 tcg_gen_ld16u_tl(cpu_T0, cpu_env,
3533 offsetof(CPUX86State,fpregs[rm].mmx.MMX_W(val)));
3535 reg = ((modrm >> 3) & 7) | rex_r;
3536 gen_op_mov_reg_v(ot, reg, cpu_T0);
3538 case 0x1d6: /* movq ea, xmm */
3540 gen_lea_modrm(env, s, modrm);
3541 gen_stq_env_A0(s, offsetof(CPUX86State,
3542 xmm_regs[reg].ZMM_Q(0)));
3544 rm = (modrm & 7) | REX_B(s);
3545 gen_op_movq(offsetof(CPUX86State,xmm_regs[rm].ZMM_Q(0)),
3546 offsetof(CPUX86State,xmm_regs[reg].ZMM_Q(0)));
3547 gen_op_movq_env_0(offsetof(CPUX86State,xmm_regs[rm].ZMM_Q(1)));
3550 case 0x2d6: /* movq2dq */
3551 gen_helper_enter_mmx(cpu_env);
3553 gen_op_movq(offsetof(CPUX86State,xmm_regs[reg].ZMM_Q(0)),
3554 offsetof(CPUX86State,fpregs[rm].mmx));
3555 gen_op_movq_env_0(offsetof(CPUX86State,xmm_regs[reg].ZMM_Q(1)));
3557 case 0x3d6: /* movdq2q */
3558 gen_helper_enter_mmx(cpu_env);
3559 rm = (modrm & 7) | REX_B(s);
3560 gen_op_movq(offsetof(CPUX86State,fpregs[reg & 7].mmx),
3561 offsetof(CPUX86State,xmm_regs[rm].ZMM_Q(0)));
3563 case 0xd7: /* pmovmskb */
3568 rm = (modrm & 7) | REX_B(s);
3569 tcg_gen_addi_ptr(cpu_ptr0, cpu_env, offsetof(CPUX86State,xmm_regs[rm]));
3570 gen_helper_pmovmskb_xmm(cpu_tmp2_i32, cpu_env, cpu_ptr0);
3573 tcg_gen_addi_ptr(cpu_ptr0, cpu_env, offsetof(CPUX86State,fpregs[rm].mmx));
3574 gen_helper_pmovmskb_mmx(cpu_tmp2_i32, cpu_env, cpu_ptr0);
3576 reg = ((modrm >> 3) & 7) | rex_r;
3577 tcg_gen_extu_i32_tl(cpu_regs[reg], cpu_tmp2_i32);
3583 if ((b & 0xf0) == 0xf0) {
3586 modrm = cpu_ldub_code(env, s->pc++);
3588 reg = ((modrm >> 3) & 7) | rex_r;
3589 mod = (modrm >> 6) & 3;
3594 sse_fn_epp = sse_op_table6[b].op[b1];
3598 if (!(s->cpuid_ext_features & sse_op_table6[b].ext_mask))
3602 op1_offset = offsetof(CPUX86State,xmm_regs[reg]);
3604 op2_offset = offsetof(CPUX86State,xmm_regs[rm | REX_B(s)]);
3606 op2_offset = offsetof(CPUX86State,xmm_t0);
3607 gen_lea_modrm(env, s, modrm);
3609 case 0x20: case 0x30: /* pmovsxbw, pmovzxbw */
3610 case 0x23: case 0x33: /* pmovsxwd, pmovzxwd */
3611 case 0x25: case 0x35: /* pmovsxdq, pmovzxdq */
3612 gen_ldq_env_A0(s, op2_offset +
3613 offsetof(ZMMReg, ZMM_Q(0)));
3615 case 0x21: case 0x31: /* pmovsxbd, pmovzxbd */
3616 case 0x24: case 0x34: /* pmovsxwq, pmovzxwq */
3617 tcg_gen_qemu_ld_i32(cpu_tmp2_i32, cpu_A0,
3618 s->mem_index, MO_LEUL);
3619 tcg_gen_st_i32(cpu_tmp2_i32, cpu_env, op2_offset +
3620 offsetof(ZMMReg, ZMM_L(0)));
3622 case 0x22: case 0x32: /* pmovsxbq, pmovzxbq */
3623 tcg_gen_qemu_ld_tl(cpu_tmp0, cpu_A0,
3624 s->mem_index, MO_LEUW);
3625 tcg_gen_st16_tl(cpu_tmp0, cpu_env, op2_offset +
3626 offsetof(ZMMReg, ZMM_W(0)));
3628 case 0x2a: /* movntqda */
3629 gen_ldo_env_A0(s, op1_offset);
3632 gen_ldo_env_A0(s, op2_offset);
3636 op1_offset = offsetof(CPUX86State,fpregs[reg].mmx);
3638 op2_offset = offsetof(CPUX86State,fpregs[rm].mmx);
3640 op2_offset = offsetof(CPUX86State,mmx_t0);
3641 gen_lea_modrm(env, s, modrm);
3642 gen_ldq_env_A0(s, op2_offset);
3645 if (sse_fn_epp == SSE_SPECIAL) {
3649 tcg_gen_addi_ptr(cpu_ptr0, cpu_env, op1_offset);
3650 tcg_gen_addi_ptr(cpu_ptr1, cpu_env, op2_offset);
3651 sse_fn_epp(cpu_env, cpu_ptr0, cpu_ptr1);
3654 set_cc_op(s, CC_OP_EFLAGS);
3661 /* Various integer extensions at 0f 38 f[0-f]. */
3662 b = modrm | (b1 << 8);
3663 modrm = cpu_ldub_code(env, s->pc++);
3664 reg = ((modrm >> 3) & 7) | rex_r;
3667 case 0x3f0: /* crc32 Gd,Eb */
3668 case 0x3f1: /* crc32 Gd,Ey */
3670 if (!(s->cpuid_ext_features & CPUID_EXT_SSE42)) {
3673 if ((b & 0xff) == 0xf0) {
3675 } else if (s->dflag != MO_64) {
3676 ot = (s->prefix & PREFIX_DATA ? MO_16 : MO_32);
3681 tcg_gen_trunc_tl_i32(cpu_tmp2_i32, cpu_regs[reg]);
3682 gen_ldst_modrm(env, s, modrm, ot, OR_TMP0, 0);
3683 gen_helper_crc32(cpu_T0, cpu_tmp2_i32,
3684 cpu_T0, tcg_const_i32(8 << ot));
3686 ot = mo_64_32(s->dflag);
3687 gen_op_mov_reg_v(ot, reg, cpu_T0);
3690 case 0x1f0: /* crc32 or movbe */
3692 /* For these insns, the f3 prefix is supposed to have priority
3693 over the 66 prefix, but that's not what we implement above
3695 if (s->prefix & PREFIX_REPNZ) {
3699 case 0x0f0: /* movbe Gy,My */
3700 case 0x0f1: /* movbe My,Gy */
3701 if (!(s->cpuid_ext_features & CPUID_EXT_MOVBE)) {
3704 if (s->dflag != MO_64) {
3705 ot = (s->prefix & PREFIX_DATA ? MO_16 : MO_32);
3710 gen_lea_modrm(env, s, modrm);
3712 tcg_gen_qemu_ld_tl(cpu_T0, cpu_A0,
3713 s->mem_index, ot | MO_BE);
3714 gen_op_mov_reg_v(ot, reg, cpu_T0);
3716 tcg_gen_qemu_st_tl(cpu_regs[reg], cpu_A0,
3717 s->mem_index, ot | MO_BE);
3721 case 0x0f2: /* andn Gy, By, Ey */
3722 if (!(s->cpuid_7_0_ebx_features & CPUID_7_0_EBX_BMI1)
3723 || !(s->prefix & PREFIX_VEX)
3727 ot = mo_64_32(s->dflag);
3728 gen_ldst_modrm(env, s, modrm, ot, OR_TMP0, 0);
3729 tcg_gen_andc_tl(cpu_T0, cpu_regs[s->vex_v], cpu_T0);
3730 gen_op_mov_reg_v(ot, reg, cpu_T0);
3731 gen_op_update1_cc();
3732 set_cc_op(s, CC_OP_LOGICB + ot);
3735 case 0x0f7: /* bextr Gy, Ey, By */
3736 if (!(s->cpuid_7_0_ebx_features & CPUID_7_0_EBX_BMI1)
3737 || !(s->prefix & PREFIX_VEX)
3741 ot = mo_64_32(s->dflag);
3745 gen_ldst_modrm(env, s, modrm, ot, OR_TMP0, 0);
3746 /* Extract START, and shift the operand.
3747 Shifts larger than operand size get zeros. */
3748 tcg_gen_ext8u_tl(cpu_A0, cpu_regs[s->vex_v]);
3749 tcg_gen_shr_tl(cpu_T0, cpu_T0, cpu_A0);
3751 bound = tcg_const_tl(ot == MO_64 ? 63 : 31);
3752 zero = tcg_const_tl(0);
3753 tcg_gen_movcond_tl(TCG_COND_LEU, cpu_T0, cpu_A0, bound,
3755 tcg_temp_free(zero);
3757 /* Extract the LEN into a mask. Lengths larger than
3758 operand size get all ones. */
3759 tcg_gen_shri_tl(cpu_A0, cpu_regs[s->vex_v], 8);
3760 tcg_gen_ext8u_tl(cpu_A0, cpu_A0);
3761 tcg_gen_movcond_tl(TCG_COND_LEU, cpu_A0, cpu_A0, bound,
3763 tcg_temp_free(bound);
3764 tcg_gen_movi_tl(cpu_T1, 1);
3765 tcg_gen_shl_tl(cpu_T1, cpu_T1, cpu_A0);
3766 tcg_gen_subi_tl(cpu_T1, cpu_T1, 1);
3767 tcg_gen_and_tl(cpu_T0, cpu_T0, cpu_T1);
3769 gen_op_mov_reg_v(ot, reg, cpu_T0);
3770 gen_op_update1_cc();
3771 set_cc_op(s, CC_OP_LOGICB + ot);
3775 case 0x0f5: /* bzhi Gy, Ey, By */
3776 if (!(s->cpuid_7_0_ebx_features & CPUID_7_0_EBX_BMI2)
3777 || !(s->prefix & PREFIX_VEX)
3781 ot = mo_64_32(s->dflag);
3782 gen_ldst_modrm(env, s, modrm, ot, OR_TMP0, 0);
3783 tcg_gen_ext8u_tl(cpu_T1, cpu_regs[s->vex_v]);
3785 TCGv bound = tcg_const_tl(ot == MO_64 ? 63 : 31);
3786 /* Note that since we're using BMILG (in order to get O
3787 cleared) we need to store the inverse into C. */
3788 tcg_gen_setcond_tl(TCG_COND_LT, cpu_cc_src,
3790 tcg_gen_movcond_tl(TCG_COND_GT, cpu_T1, cpu_T1,
3791 bound, bound, cpu_T1);
3792 tcg_temp_free(bound);
3794 tcg_gen_movi_tl(cpu_A0, -1);
3795 tcg_gen_shl_tl(cpu_A0, cpu_A0, cpu_T1);
3796 tcg_gen_andc_tl(cpu_T0, cpu_T0, cpu_A0);
3797 gen_op_mov_reg_v(ot, reg, cpu_T0);
3798 gen_op_update1_cc();
3799 set_cc_op(s, CC_OP_BMILGB + ot);
3802 case 0x3f6: /* mulx By, Gy, rdx, Ey */
3803 if (!(s->cpuid_7_0_ebx_features & CPUID_7_0_EBX_BMI2)
3804 || !(s->prefix & PREFIX_VEX)
3808 ot = mo_64_32(s->dflag);
3809 gen_ldst_modrm(env, s, modrm, ot, OR_TMP0, 0);
3812 tcg_gen_trunc_tl_i32(cpu_tmp2_i32, cpu_T0);
3813 tcg_gen_trunc_tl_i32(cpu_tmp3_i32, cpu_regs[R_EDX]);
3814 tcg_gen_mulu2_i32(cpu_tmp2_i32, cpu_tmp3_i32,
3815 cpu_tmp2_i32, cpu_tmp3_i32);
3816 tcg_gen_extu_i32_tl(cpu_regs[s->vex_v], cpu_tmp2_i32);
3817 tcg_gen_extu_i32_tl(cpu_regs[reg], cpu_tmp3_i32);
3819 #ifdef TARGET_X86_64
3821 tcg_gen_mulu2_i64(cpu_T0, cpu_T1,
3822 cpu_T0, cpu_regs[R_EDX]);
3823 tcg_gen_mov_i64(cpu_regs[s->vex_v], cpu_T0);
3824 tcg_gen_mov_i64(cpu_regs[reg], cpu_T1);
3830 case 0x3f5: /* pdep Gy, By, Ey */
3831 if (!(s->cpuid_7_0_ebx_features & CPUID_7_0_EBX_BMI2)
3832 || !(s->prefix & PREFIX_VEX)
3836 ot = mo_64_32(s->dflag);
3837 gen_ldst_modrm(env, s, modrm, ot, OR_TMP0, 0);
3838 /* Note that by zero-extending the mask operand, we
3839 automatically handle zero-extending the result. */
3841 tcg_gen_mov_tl(cpu_T1, cpu_regs[s->vex_v]);
3843 tcg_gen_ext32u_tl(cpu_T1, cpu_regs[s->vex_v]);
3845 gen_helper_pdep(cpu_regs[reg], cpu_T0, cpu_T1);
3848 case 0x2f5: /* pext Gy, By, Ey */
3849 if (!(s->cpuid_7_0_ebx_features & CPUID_7_0_EBX_BMI2)
3850 || !(s->prefix & PREFIX_VEX)
3854 ot = mo_64_32(s->dflag);
3855 gen_ldst_modrm(env, s, modrm, ot, OR_TMP0, 0);
3856 /* Note that by zero-extending the mask operand, we
3857 automatically handle zero-extending the result. */
3859 tcg_gen_mov_tl(cpu_T1, cpu_regs[s->vex_v]);
3861 tcg_gen_ext32u_tl(cpu_T1, cpu_regs[s->vex_v]);
3863 gen_helper_pext(cpu_regs[reg], cpu_T0, cpu_T1);
3866 case 0x1f6: /* adcx Gy, Ey */
3867 case 0x2f6: /* adox Gy, Ey */
3868 if (!(s->cpuid_7_0_ebx_features & CPUID_7_0_EBX_ADX)) {
3871 TCGv carry_in, carry_out, zero;
3874 ot = mo_64_32(s->dflag);
3875 gen_ldst_modrm(env, s, modrm, ot, OR_TMP0, 0);
3877 /* Re-use the carry-out from a previous round. */
3878 TCGV_UNUSED(carry_in);
3879 carry_out = (b == 0x1f6 ? cpu_cc_dst : cpu_cc_src2);
3883 carry_in = cpu_cc_dst;
3884 end_op = CC_OP_ADCX;
3886 end_op = CC_OP_ADCOX;
3891 end_op = CC_OP_ADCOX;
3893 carry_in = cpu_cc_src2;
3894 end_op = CC_OP_ADOX;
3898 end_op = CC_OP_ADCOX;
3899 carry_in = carry_out;
3902 end_op = (b == 0x1f6 ? CC_OP_ADCX : CC_OP_ADOX);
3905 /* If we can't reuse carry-out, get it out of EFLAGS. */
3906 if (TCGV_IS_UNUSED(carry_in)) {
3907 if (s->cc_op != CC_OP_ADCX && s->cc_op != CC_OP_ADOX) {
3908 gen_compute_eflags(s);
3910 carry_in = cpu_tmp0;
3911 tcg_gen_shri_tl(carry_in, cpu_cc_src,
3912 ctz32(b == 0x1f6 ? CC_C : CC_O));
3913 tcg_gen_andi_tl(carry_in, carry_in, 1);
3917 #ifdef TARGET_X86_64
3919 /* If we know TL is 64-bit, and we want a 32-bit
3920 result, just do everything in 64-bit arithmetic. */
3921 tcg_gen_ext32u_i64(cpu_regs[reg], cpu_regs[reg]);
3922 tcg_gen_ext32u_i64(cpu_T0, cpu_T0);
3923 tcg_gen_add_i64(cpu_T0, cpu_T0, cpu_regs[reg]);
3924 tcg_gen_add_i64(cpu_T0, cpu_T0, carry_in);
3925 tcg_gen_ext32u_i64(cpu_regs[reg], cpu_T0);
3926 tcg_gen_shri_i64(carry_out, cpu_T0, 32);
3930 /* Otherwise compute the carry-out in two steps. */
3931 zero = tcg_const_tl(0);
3932 tcg_gen_add2_tl(cpu_T0, carry_out,
3935 tcg_gen_add2_tl(cpu_regs[reg], carry_out,
3936 cpu_regs[reg], carry_out,
3938 tcg_temp_free(zero);
3941 set_cc_op(s, end_op);
3945 case 0x1f7: /* shlx Gy, Ey, By */
3946 case 0x2f7: /* sarx Gy, Ey, By */
3947 case 0x3f7: /* shrx Gy, Ey, By */
3948 if (!(s->cpuid_7_0_ebx_features & CPUID_7_0_EBX_BMI2)
3949 || !(s->prefix & PREFIX_VEX)
3953 ot = mo_64_32(s->dflag);
3954 gen_ldst_modrm(env, s, modrm, ot, OR_TMP0, 0);
3956 tcg_gen_andi_tl(cpu_T1, cpu_regs[s->vex_v], 63);
3958 tcg_gen_andi_tl(cpu_T1, cpu_regs[s->vex_v], 31);
3961 tcg_gen_shl_tl(cpu_T0, cpu_T0, cpu_T1);
3962 } else if (b == 0x2f7) {
3964 tcg_gen_ext32s_tl(cpu_T0, cpu_T0);
3966 tcg_gen_sar_tl(cpu_T0, cpu_T0, cpu_T1);
3969 tcg_gen_ext32u_tl(cpu_T0, cpu_T0);
3971 tcg_gen_shr_tl(cpu_T0, cpu_T0, cpu_T1);
3973 gen_op_mov_reg_v(ot, reg, cpu_T0);
3979 case 0x3f3: /* Group 17 */
3980 if (!(s->cpuid_7_0_ebx_features & CPUID_7_0_EBX_BMI1)
3981 || !(s->prefix & PREFIX_VEX)
3985 ot = mo_64_32(s->dflag);
3986 gen_ldst_modrm(env, s, modrm, ot, OR_TMP0, 0);
3989 case 1: /* blsr By,Ey */
3990 tcg_gen_neg_tl(cpu_T1, cpu_T0);
3991 tcg_gen_and_tl(cpu_T0, cpu_T0, cpu_T1);
3992 gen_op_mov_reg_v(ot, s->vex_v, cpu_T0);
3993 gen_op_update2_cc();
3994 set_cc_op(s, CC_OP_BMILGB + ot);
3997 case 2: /* blsmsk By,Ey */
3998 tcg_gen_mov_tl(cpu_cc_src, cpu_T0);
3999 tcg_gen_subi_tl(cpu_T0, cpu_T0, 1);
4000 tcg_gen_xor_tl(cpu_T0, cpu_T0, cpu_cc_src);
4001 tcg_gen_mov_tl(cpu_cc_dst, cpu_T0);
4002 set_cc_op(s, CC_OP_BMILGB + ot);
4005 case 3: /* blsi By, Ey */
4006 tcg_gen_mov_tl(cpu_cc_src, cpu_T0);
4007 tcg_gen_subi_tl(cpu_T0, cpu_T0, 1);
4008 tcg_gen_and_tl(cpu_T0, cpu_T0, cpu_cc_src);
4009 tcg_gen_mov_tl(cpu_cc_dst, cpu_T0);
4010 set_cc_op(s, CC_OP_BMILGB + ot);
4026 modrm = cpu_ldub_code(env, s->pc++);
4028 reg = ((modrm >> 3) & 7) | rex_r;
4029 mod = (modrm >> 6) & 3;
4034 sse_fn_eppi = sse_op_table7[b].op[b1];
4038 if (!(s->cpuid_ext_features & sse_op_table7[b].ext_mask))
4041 if (sse_fn_eppi == SSE_SPECIAL) {
4042 ot = mo_64_32(s->dflag);
4043 rm = (modrm & 7) | REX_B(s);
4045 gen_lea_modrm(env, s, modrm);
4046 reg = ((modrm >> 3) & 7) | rex_r;
4047 val = cpu_ldub_code(env, s->pc++);
4049 case 0x14: /* pextrb */
4050 tcg_gen_ld8u_tl(cpu_T0, cpu_env, offsetof(CPUX86State,
4051 xmm_regs[reg].ZMM_B(val & 15)));
4053 gen_op_mov_reg_v(ot, rm, cpu_T0);
4055 tcg_gen_qemu_st_tl(cpu_T0, cpu_A0,
4056 s->mem_index, MO_UB);
4059 case 0x15: /* pextrw */
4060 tcg_gen_ld16u_tl(cpu_T0, cpu_env, offsetof(CPUX86State,
4061 xmm_regs[reg].ZMM_W(val & 7)));
4063 gen_op_mov_reg_v(ot, rm, cpu_T0);
4065 tcg_gen_qemu_st_tl(cpu_T0, cpu_A0,
4066 s->mem_index, MO_LEUW);
4070 if (ot == MO_32) { /* pextrd */
4071 tcg_gen_ld_i32(cpu_tmp2_i32, cpu_env,
4072 offsetof(CPUX86State,
4073 xmm_regs[reg].ZMM_L(val & 3)));
4075 tcg_gen_extu_i32_tl(cpu_regs[rm], cpu_tmp2_i32);
4077 tcg_gen_qemu_st_i32(cpu_tmp2_i32, cpu_A0,
4078 s->mem_index, MO_LEUL);
4080 } else { /* pextrq */
4081 #ifdef TARGET_X86_64
4082 tcg_gen_ld_i64(cpu_tmp1_i64, cpu_env,
4083 offsetof(CPUX86State,
4084 xmm_regs[reg].ZMM_Q(val & 1)));
4086 tcg_gen_mov_i64(cpu_regs[rm], cpu_tmp1_i64);
4088 tcg_gen_qemu_st_i64(cpu_tmp1_i64, cpu_A0,
4089 s->mem_index, MO_LEQ);
4096 case 0x17: /* extractps */
4097 tcg_gen_ld32u_tl(cpu_T0, cpu_env, offsetof(CPUX86State,
4098 xmm_regs[reg].ZMM_L(val & 3)));
4100 gen_op_mov_reg_v(ot, rm, cpu_T0);
4102 tcg_gen_qemu_st_tl(cpu_T0, cpu_A0,
4103 s->mem_index, MO_LEUL);
4106 case 0x20: /* pinsrb */
4108 gen_op_mov_v_reg(MO_32, cpu_T0, rm);
4110 tcg_gen_qemu_ld_tl(cpu_T0, cpu_A0,
4111 s->mem_index, MO_UB);
4113 tcg_gen_st8_tl(cpu_T0, cpu_env, offsetof(CPUX86State,
4114 xmm_regs[reg].ZMM_B(val & 15)));
4116 case 0x21: /* insertps */
4118 tcg_gen_ld_i32(cpu_tmp2_i32, cpu_env,
4119 offsetof(CPUX86State,xmm_regs[rm]
4120 .ZMM_L((val >> 6) & 3)));
4122 tcg_gen_qemu_ld_i32(cpu_tmp2_i32, cpu_A0,
4123 s->mem_index, MO_LEUL);
4125 tcg_gen_st_i32(cpu_tmp2_i32, cpu_env,
4126 offsetof(CPUX86State,xmm_regs[reg]
4127 .ZMM_L((val >> 4) & 3)));
4129 tcg_gen_st_i32(tcg_const_i32(0 /*float32_zero*/),
4130 cpu_env, offsetof(CPUX86State,
4131 xmm_regs[reg].ZMM_L(0)));
4133 tcg_gen_st_i32(tcg_const_i32(0 /*float32_zero*/),
4134 cpu_env, offsetof(CPUX86State,
4135 xmm_regs[reg].ZMM_L(1)));
4137 tcg_gen_st_i32(tcg_const_i32(0 /*float32_zero*/),
4138 cpu_env, offsetof(CPUX86State,
4139 xmm_regs[reg].ZMM_L(2)));
4141 tcg_gen_st_i32(tcg_const_i32(0 /*float32_zero*/),
4142 cpu_env, offsetof(CPUX86State,
4143 xmm_regs[reg].ZMM_L(3)));
4146 if (ot == MO_32) { /* pinsrd */
4148 tcg_gen_trunc_tl_i32(cpu_tmp2_i32, cpu_regs[rm]);
4150 tcg_gen_qemu_ld_i32(cpu_tmp2_i32, cpu_A0,
4151 s->mem_index, MO_LEUL);
4153 tcg_gen_st_i32(cpu_tmp2_i32, cpu_env,
4154 offsetof(CPUX86State,
4155 xmm_regs[reg].ZMM_L(val & 3)));
4156 } else { /* pinsrq */
4157 #ifdef TARGET_X86_64
4159 gen_op_mov_v_reg(ot, cpu_tmp1_i64, rm);
4161 tcg_gen_qemu_ld_i64(cpu_tmp1_i64, cpu_A0,
4162 s->mem_index, MO_LEQ);
4164 tcg_gen_st_i64(cpu_tmp1_i64, cpu_env,
4165 offsetof(CPUX86State,
4166 xmm_regs[reg].ZMM_Q(val & 1)));
4177 op1_offset = offsetof(CPUX86State,xmm_regs[reg]);
4179 op2_offset = offsetof(CPUX86State,xmm_regs[rm | REX_B(s)]);
4181 op2_offset = offsetof(CPUX86State,xmm_t0);
4182 gen_lea_modrm(env, s, modrm);
4183 gen_ldo_env_A0(s, op2_offset);
4186 op1_offset = offsetof(CPUX86State,fpregs[reg].mmx);
4188 op2_offset = offsetof(CPUX86State,fpregs[rm].mmx);
4190 op2_offset = offsetof(CPUX86State,mmx_t0);
4191 gen_lea_modrm(env, s, modrm);
4192 gen_ldq_env_A0(s, op2_offset);
4195 val = cpu_ldub_code(env, s->pc++);
4197 if ((b & 0xfc) == 0x60) { /* pcmpXstrX */
4198 set_cc_op(s, CC_OP_EFLAGS);
4200 if (s->dflag == MO_64) {
4201 /* The helper must use entire 64-bit gp registers */
4206 tcg_gen_addi_ptr(cpu_ptr0, cpu_env, op1_offset);
4207 tcg_gen_addi_ptr(cpu_ptr1, cpu_env, op2_offset);
4208 sse_fn_eppi(cpu_env, cpu_ptr0, cpu_ptr1, tcg_const_i32(val));
4212 /* Various integer extensions at 0f 3a f[0-f]. */
4213 b = modrm | (b1 << 8);
4214 modrm = cpu_ldub_code(env, s->pc++);
4215 reg = ((modrm >> 3) & 7) | rex_r;
4218 case 0x3f0: /* rorx Gy,Ey, Ib */
4219 if (!(s->cpuid_7_0_ebx_features & CPUID_7_0_EBX_BMI2)
4220 || !(s->prefix & PREFIX_VEX)
4224 ot = mo_64_32(s->dflag);
4225 gen_ldst_modrm(env, s, modrm, ot, OR_TMP0, 0);
4226 b = cpu_ldub_code(env, s->pc++);
4228 tcg_gen_rotri_tl(cpu_T0, cpu_T0, b & 63);
4230 tcg_gen_trunc_tl_i32(cpu_tmp2_i32, cpu_T0);
4231 tcg_gen_rotri_i32(cpu_tmp2_i32, cpu_tmp2_i32, b & 31);
4232 tcg_gen_extu_i32_tl(cpu_T0, cpu_tmp2_i32);
4234 gen_op_mov_reg_v(ot, reg, cpu_T0);
4244 gen_unknown_opcode(env, s);
4248 /* generic MMX or SSE operation */
4250 case 0x70: /* pshufx insn */
4251 case 0xc6: /* pshufx insn */
4252 case 0xc2: /* compare insns */
4259 op1_offset = offsetof(CPUX86State,xmm_regs[reg]);
4263 gen_lea_modrm(env, s, modrm);
4264 op2_offset = offsetof(CPUX86State,xmm_t0);
4270 /* Most sse scalar operations. */
4273 } else if (b1 == 3) {
4278 case 0x2e: /* ucomis[sd] */
4279 case 0x2f: /* comis[sd] */
4291 gen_op_ld_v(s, MO_32, cpu_T0, cpu_A0);
4292 tcg_gen_st32_tl(cpu_T0, cpu_env,
4293 offsetof(CPUX86State,xmm_t0.ZMM_L(0)));
4297 gen_ldq_env_A0(s, offsetof(CPUX86State, xmm_t0.ZMM_D(0)));
4300 /* 128 bit access */
4301 gen_ldo_env_A0(s, op2_offset);
4305 rm = (modrm & 7) | REX_B(s);
4306 op2_offset = offsetof(CPUX86State,xmm_regs[rm]);
4309 op1_offset = offsetof(CPUX86State,fpregs[reg].mmx);
4311 gen_lea_modrm(env, s, modrm);
4312 op2_offset = offsetof(CPUX86State,mmx_t0);
4313 gen_ldq_env_A0(s, op2_offset);
4316 op2_offset = offsetof(CPUX86State,fpregs[rm].mmx);
4320 case 0x0f: /* 3DNow! data insns */
4321 val = cpu_ldub_code(env, s->pc++);
4322 sse_fn_epp = sse_op_table5[val];
4326 if (!(s->cpuid_ext2_features & CPUID_EXT2_3DNOW)) {
4329 tcg_gen_addi_ptr(cpu_ptr0, cpu_env, op1_offset);
4330 tcg_gen_addi_ptr(cpu_ptr1, cpu_env, op2_offset);
4331 sse_fn_epp(cpu_env, cpu_ptr0, cpu_ptr1);
4333 case 0x70: /* pshufx insn */
4334 case 0xc6: /* pshufx insn */
4335 val = cpu_ldub_code(env, s->pc++);
4336 tcg_gen_addi_ptr(cpu_ptr0, cpu_env, op1_offset);
4337 tcg_gen_addi_ptr(cpu_ptr1, cpu_env, op2_offset);
4338 /* XXX: introduce a new table? */
4339 sse_fn_ppi = (SSEFunc_0_ppi)sse_fn_epp;
4340 sse_fn_ppi(cpu_ptr0, cpu_ptr1, tcg_const_i32(val));
4344 val = cpu_ldub_code(env, s->pc++);
4347 sse_fn_epp = sse_op_table4[val][b1];
4349 tcg_gen_addi_ptr(cpu_ptr0, cpu_env, op1_offset);
4350 tcg_gen_addi_ptr(cpu_ptr1, cpu_env, op2_offset);
4351 sse_fn_epp(cpu_env, cpu_ptr0, cpu_ptr1);
4354 /* maskmov : we must prepare A0 */
4357 tcg_gen_mov_tl(cpu_A0, cpu_regs[R_EDI]);
4358 gen_extu(s->aflag, cpu_A0);
4359 gen_add_A0_ds_seg(s);
4361 tcg_gen_addi_ptr(cpu_ptr0, cpu_env, op1_offset);
4362 tcg_gen_addi_ptr(cpu_ptr1, cpu_env, op2_offset);
4363 /* XXX: introduce a new table? */
4364 sse_fn_eppt = (SSEFunc_0_eppt)sse_fn_epp;
4365 sse_fn_eppt(cpu_env, cpu_ptr0, cpu_ptr1, cpu_A0);
4368 tcg_gen_addi_ptr(cpu_ptr0, cpu_env, op1_offset);
4369 tcg_gen_addi_ptr(cpu_ptr1, cpu_env, op2_offset);
4370 sse_fn_epp(cpu_env, cpu_ptr0, cpu_ptr1);
4373 if (b == 0x2e || b == 0x2f) {
4374 set_cc_op(s, CC_OP_EFLAGS);
4379 /* convert one instruction. s->is_jmp is set if the translation must
4380 be stopped. Return the next pc value */
4381 static target_ulong disas_insn(CPUX86State *env, DisasContext *s,
4382 target_ulong pc_start)
4386 TCGMemOp ot, aflag, dflag;
4387 int modrm, reg, rm, mod, op, opreg, val;
4388 target_ulong next_eip, tval;
4391 s->pc_start = s->pc = pc_start;
4396 #ifdef TARGET_X86_64
4401 s->rip_offset = 0; /* for relative ip address */
4405 b = cpu_ldub_code(env, s->pc);
4407 /* Collect prefixes. */
4410 prefixes |= PREFIX_REPZ;
4413 prefixes |= PREFIX_REPNZ;
4416 prefixes |= PREFIX_LOCK;
4437 prefixes |= PREFIX_DATA;
4440 prefixes |= PREFIX_ADR;
4442 #ifdef TARGET_X86_64
4446 rex_w = (b >> 3) & 1;
4447 rex_r = (b & 0x4) << 1;
4448 s->rex_x = (b & 0x2) << 2;
4449 REX_B(s) = (b & 0x1) << 3;
4450 x86_64_hregs = 1; /* select uniform byte register addressing */
4455 case 0xc5: /* 2-byte VEX */
4456 case 0xc4: /* 3-byte VEX */
4457 /* VEX prefixes cannot be used except in 32-bit mode.
4458 Otherwise the instruction is LES or LDS. */
4459 if (s->code32 && !s->vm86) {
4460 static const int pp_prefix[4] = {
4461 0, PREFIX_DATA, PREFIX_REPZ, PREFIX_REPNZ
4463 int vex3, vex2 = cpu_ldub_code(env, s->pc);
4465 if (!CODE64(s) && (vex2 & 0xc0) != 0xc0) {
4466 /* 4.1.4.6: In 32-bit mode, bits [7:6] must be 11b,
4467 otherwise the instruction is LES or LDS. */
4472 /* 4.1.1-4.1.3: No preceding lock, 66, f2, f3, or rex prefixes. */
4473 if (prefixes & (PREFIX_REPZ | PREFIX_REPNZ
4474 | PREFIX_LOCK | PREFIX_DATA)) {
4477 #ifdef TARGET_X86_64
4482 rex_r = (~vex2 >> 4) & 8;
4485 b = cpu_ldub_code(env, s->pc++);
4487 #ifdef TARGET_X86_64
4488 s->rex_x = (~vex2 >> 3) & 8;
4489 s->rex_b = (~vex2 >> 2) & 8;
4491 vex3 = cpu_ldub_code(env, s->pc++);
4492 rex_w = (vex3 >> 7) & 1;
4493 switch (vex2 & 0x1f) {
4494 case 0x01: /* Implied 0f leading opcode bytes. */
4495 b = cpu_ldub_code(env, s->pc++) | 0x100;
4497 case 0x02: /* Implied 0f 38 leading opcode bytes. */
4500 case 0x03: /* Implied 0f 3a leading opcode bytes. */
4503 default: /* Reserved for future use. */
4507 s->vex_v = (~vex3 >> 3) & 0xf;
4508 s->vex_l = (vex3 >> 2) & 1;
4509 prefixes |= pp_prefix[vex3 & 3] | PREFIX_VEX;
4514 /* Post-process prefixes. */
4516 /* In 64-bit mode, the default data size is 32-bit. Select 64-bit
4517 data with rex_w, and 16-bit data with 0x66; rex_w takes precedence
4518 over 0x66 if both are present. */
4519 dflag = (rex_w > 0 ? MO_64 : prefixes & PREFIX_DATA ? MO_16 : MO_32);
4520 /* In 64-bit mode, 0x67 selects 32-bit addressing. */
4521 aflag = (prefixes & PREFIX_ADR ? MO_32 : MO_64);
4523 /* In 16/32-bit mode, 0x66 selects the opposite data size. */
4524 if (s->code32 ^ ((prefixes & PREFIX_DATA) != 0)) {
4529 /* In 16/32-bit mode, 0x67 selects the opposite addressing. */
4530 if (s->code32 ^ ((prefixes & PREFIX_ADR) != 0)) {
4537 s->prefix = prefixes;
4541 /* now check op code */
4545 /**************************/
4546 /* extended op code */
4547 b = cpu_ldub_code(env, s->pc++) | 0x100;
4550 /**************************/
4565 ot = mo_b_d(b, dflag);
4568 case 0: /* OP Ev, Gv */
4569 modrm = cpu_ldub_code(env, s->pc++);
4570 reg = ((modrm >> 3) & 7) | rex_r;
4571 mod = (modrm >> 6) & 3;
4572 rm = (modrm & 7) | REX_B(s);
4574 gen_lea_modrm(env, s, modrm);
4576 } else if (op == OP_XORL && rm == reg) {
4578 /* xor reg, reg optimisation */
4579 set_cc_op(s, CC_OP_CLR);
4580 tcg_gen_movi_tl(cpu_T0, 0);
4581 gen_op_mov_reg_v(ot, reg, cpu_T0);
4586 gen_op_mov_v_reg(ot, cpu_T1, reg);
4587 gen_op(s, op, ot, opreg);
4589 case 1: /* OP Gv, Ev */
4590 modrm = cpu_ldub_code(env, s->pc++);
4591 mod = (modrm >> 6) & 3;
4592 reg = ((modrm >> 3) & 7) | rex_r;
4593 rm = (modrm & 7) | REX_B(s);
4595 gen_lea_modrm(env, s, modrm);
4596 gen_op_ld_v(s, ot, cpu_T1, cpu_A0);
4597 } else if (op == OP_XORL && rm == reg) {
4600 gen_op_mov_v_reg(ot, cpu_T1, rm);
4602 gen_op(s, op, ot, reg);
4604 case 2: /* OP A, Iv */
4605 val = insn_get(env, s, ot);
4606 tcg_gen_movi_tl(cpu_T1, val);
4607 gen_op(s, op, ot, OR_EAX);
4616 case 0x80: /* GRP1 */
4622 ot = mo_b_d(b, dflag);
4624 modrm = cpu_ldub_code(env, s->pc++);
4625 mod = (modrm >> 6) & 3;
4626 rm = (modrm & 7) | REX_B(s);
4627 op = (modrm >> 3) & 7;
4633 s->rip_offset = insn_const_size(ot);
4634 gen_lea_modrm(env, s, modrm);
4645 val = insn_get(env, s, ot);
4648 val = (int8_t)insn_get(env, s, MO_8);
4651 tcg_gen_movi_tl(cpu_T1, val);
4652 gen_op(s, op, ot, opreg);
4656 /**************************/
4657 /* inc, dec, and other misc arith */
4658 case 0x40 ... 0x47: /* inc Gv */
4660 gen_inc(s, ot, OR_EAX + (b & 7), 1);
4662 case 0x48 ... 0x4f: /* dec Gv */
4664 gen_inc(s, ot, OR_EAX + (b & 7), -1);
4666 case 0xf6: /* GRP3 */
4668 ot = mo_b_d(b, dflag);
4670 modrm = cpu_ldub_code(env, s->pc++);
4671 mod = (modrm >> 6) & 3;
4672 rm = (modrm & 7) | REX_B(s);
4673 op = (modrm >> 3) & 7;
4676 s->rip_offset = insn_const_size(ot);
4678 gen_lea_modrm(env, s, modrm);
4679 /* For those below that handle locked memory, don't load here. */
4680 if (!(s->prefix & PREFIX_LOCK)
4682 gen_op_ld_v(s, ot, cpu_T0, cpu_A0);
4685 gen_op_mov_v_reg(ot, cpu_T0, rm);
4690 val = insn_get(env, s, ot);
4691 tcg_gen_movi_tl(cpu_T1, val);
4692 gen_op_testl_T0_T1_cc();
4693 set_cc_op(s, CC_OP_LOGICB + ot);
4696 if (s->prefix & PREFIX_LOCK) {
4700 tcg_gen_movi_tl(cpu_T0, ~0);
4701 tcg_gen_atomic_xor_fetch_tl(cpu_T0, cpu_A0, cpu_T0,
4702 s->mem_index, ot | MO_LE);
4704 tcg_gen_not_tl(cpu_T0, cpu_T0);
4706 gen_op_st_v(s, ot, cpu_T0, cpu_A0);
4708 gen_op_mov_reg_v(ot, rm, cpu_T0);
4713 if (s->prefix & PREFIX_LOCK) {
4715 TCGv a0, t0, t1, t2;
4720 a0 = tcg_temp_local_new();
4721 t0 = tcg_temp_local_new();
4722 label1 = gen_new_label();
4724 tcg_gen_mov_tl(a0, cpu_A0);
4725 tcg_gen_mov_tl(t0, cpu_T0);
4727 gen_set_label(label1);
4728 t1 = tcg_temp_new();
4729 t2 = tcg_temp_new();
4730 tcg_gen_mov_tl(t2, t0);
4731 tcg_gen_neg_tl(t1, t0);
4732 tcg_gen_atomic_cmpxchg_tl(t0, a0, t0, t1,
4733 s->mem_index, ot | MO_LE);
4735 tcg_gen_brcond_tl(TCG_COND_NE, t0, t2, label1);
4739 tcg_gen_mov_tl(cpu_T0, t0);
4742 tcg_gen_neg_tl(cpu_T0, cpu_T0);
4744 gen_op_st_v(s, ot, cpu_T0, cpu_A0);
4746 gen_op_mov_reg_v(ot, rm, cpu_T0);
4749 gen_op_update_neg_cc();
4750 set_cc_op(s, CC_OP_SUBB + ot);
4755 gen_op_mov_v_reg(MO_8, cpu_T1, R_EAX);
4756 tcg_gen_ext8u_tl(cpu_T0, cpu_T0);
4757 tcg_gen_ext8u_tl(cpu_T1, cpu_T1);
4758 /* XXX: use 32 bit mul which could be faster */
4759 tcg_gen_mul_tl(cpu_T0, cpu_T0, cpu_T1);
4760 gen_op_mov_reg_v(MO_16, R_EAX, cpu_T0);
4761 tcg_gen_mov_tl(cpu_cc_dst, cpu_T0);
4762 tcg_gen_andi_tl(cpu_cc_src, cpu_T0, 0xff00);
4763 set_cc_op(s, CC_OP_MULB);
4766 gen_op_mov_v_reg(MO_16, cpu_T1, R_EAX);
4767 tcg_gen_ext16u_tl(cpu_T0, cpu_T0);
4768 tcg_gen_ext16u_tl(cpu_T1, cpu_T1);
4769 /* XXX: use 32 bit mul which could be faster */
4770 tcg_gen_mul_tl(cpu_T0, cpu_T0, cpu_T1);
4771 gen_op_mov_reg_v(MO_16, R_EAX, cpu_T0);
4772 tcg_gen_mov_tl(cpu_cc_dst, cpu_T0);
4773 tcg_gen_shri_tl(cpu_T0, cpu_T0, 16);
4774 gen_op_mov_reg_v(MO_16, R_EDX, cpu_T0);
4775 tcg_gen_mov_tl(cpu_cc_src, cpu_T0);
4776 set_cc_op(s, CC_OP_MULW);
4780 tcg_gen_trunc_tl_i32(cpu_tmp2_i32, cpu_T0);
4781 tcg_gen_trunc_tl_i32(cpu_tmp3_i32, cpu_regs[R_EAX]);
4782 tcg_gen_mulu2_i32(cpu_tmp2_i32, cpu_tmp3_i32,
4783 cpu_tmp2_i32, cpu_tmp3_i32);
4784 tcg_gen_extu_i32_tl(cpu_regs[R_EAX], cpu_tmp2_i32);
4785 tcg_gen_extu_i32_tl(cpu_regs[R_EDX], cpu_tmp3_i32);
4786 tcg_gen_mov_tl(cpu_cc_dst, cpu_regs[R_EAX]);
4787 tcg_gen_mov_tl(cpu_cc_src, cpu_regs[R_EDX]);
4788 set_cc_op(s, CC_OP_MULL);
4790 #ifdef TARGET_X86_64
4792 tcg_gen_mulu2_i64(cpu_regs[R_EAX], cpu_regs[R_EDX],
4793 cpu_T0, cpu_regs[R_EAX]);
4794 tcg_gen_mov_tl(cpu_cc_dst, cpu_regs[R_EAX]);
4795 tcg_gen_mov_tl(cpu_cc_src, cpu_regs[R_EDX]);
4796 set_cc_op(s, CC_OP_MULQ);
4804 gen_op_mov_v_reg(MO_8, cpu_T1, R_EAX);
4805 tcg_gen_ext8s_tl(cpu_T0, cpu_T0);
4806 tcg_gen_ext8s_tl(cpu_T1, cpu_T1);
4807 /* XXX: use 32 bit mul which could be faster */
4808 tcg_gen_mul_tl(cpu_T0, cpu_T0, cpu_T1);
4809 gen_op_mov_reg_v(MO_16, R_EAX, cpu_T0);
4810 tcg_gen_mov_tl(cpu_cc_dst, cpu_T0);
4811 tcg_gen_ext8s_tl(cpu_tmp0, cpu_T0);
4812 tcg_gen_sub_tl(cpu_cc_src, cpu_T0, cpu_tmp0);
4813 set_cc_op(s, CC_OP_MULB);
4816 gen_op_mov_v_reg(MO_16, cpu_T1, R_EAX);
4817 tcg_gen_ext16s_tl(cpu_T0, cpu_T0);
4818 tcg_gen_ext16s_tl(cpu_T1, cpu_T1);
4819 /* XXX: use 32 bit mul which could be faster */
4820 tcg_gen_mul_tl(cpu_T0, cpu_T0, cpu_T1);
4821 gen_op_mov_reg_v(MO_16, R_EAX, cpu_T0);
4822 tcg_gen_mov_tl(cpu_cc_dst, cpu_T0);
4823 tcg_gen_ext16s_tl(cpu_tmp0, cpu_T0);
4824 tcg_gen_sub_tl(cpu_cc_src, cpu_T0, cpu_tmp0);
4825 tcg_gen_shri_tl(cpu_T0, cpu_T0, 16);
4826 gen_op_mov_reg_v(MO_16, R_EDX, cpu_T0);
4827 set_cc_op(s, CC_OP_MULW);
4831 tcg_gen_trunc_tl_i32(cpu_tmp2_i32, cpu_T0);
4832 tcg_gen_trunc_tl_i32(cpu_tmp3_i32, cpu_regs[R_EAX]);
4833 tcg_gen_muls2_i32(cpu_tmp2_i32, cpu_tmp3_i32,
4834 cpu_tmp2_i32, cpu_tmp3_i32);
4835 tcg_gen_extu_i32_tl(cpu_regs[R_EAX], cpu_tmp2_i32);
4836 tcg_gen_extu_i32_tl(cpu_regs[R_EDX], cpu_tmp3_i32);
4837 tcg_gen_sari_i32(cpu_tmp2_i32, cpu_tmp2_i32, 31);
4838 tcg_gen_mov_tl(cpu_cc_dst, cpu_regs[R_EAX]);
4839 tcg_gen_sub_i32(cpu_tmp2_i32, cpu_tmp2_i32, cpu_tmp3_i32);
4840 tcg_gen_extu_i32_tl(cpu_cc_src, cpu_tmp2_i32);
4841 set_cc_op(s, CC_OP_MULL);
4843 #ifdef TARGET_X86_64
4845 tcg_gen_muls2_i64(cpu_regs[R_EAX], cpu_regs[R_EDX],
4846 cpu_T0, cpu_regs[R_EAX]);
4847 tcg_gen_mov_tl(cpu_cc_dst, cpu_regs[R_EAX]);
4848 tcg_gen_sari_tl(cpu_cc_src, cpu_regs[R_EAX], 63);
4849 tcg_gen_sub_tl(cpu_cc_src, cpu_cc_src, cpu_regs[R_EDX]);
4850 set_cc_op(s, CC_OP_MULQ);
4858 gen_helper_divb_AL(cpu_env, cpu_T0);
4861 gen_helper_divw_AX(cpu_env, cpu_T0);
4865 gen_helper_divl_EAX(cpu_env, cpu_T0);
4867 #ifdef TARGET_X86_64
4869 gen_helper_divq_EAX(cpu_env, cpu_T0);
4877 gen_helper_idivb_AL(cpu_env, cpu_T0);
4880 gen_helper_idivw_AX(cpu_env, cpu_T0);
4884 gen_helper_idivl_EAX(cpu_env, cpu_T0);
4886 #ifdef TARGET_X86_64
4888 gen_helper_idivq_EAX(cpu_env, cpu_T0);
4898 case 0xfe: /* GRP4 */
4899 case 0xff: /* GRP5 */
4900 ot = mo_b_d(b, dflag);
4902 modrm = cpu_ldub_code(env, s->pc++);
4903 mod = (modrm >> 6) & 3;
4904 rm = (modrm & 7) | REX_B(s);
4905 op = (modrm >> 3) & 7;
4906 if (op >= 2 && b == 0xfe) {
4910 if (op == 2 || op == 4) {
4911 /* operand size for jumps is 64 bit */
4913 } else if (op == 3 || op == 5) {
4914 ot = dflag != MO_16 ? MO_32 + (rex_w == 1) : MO_16;
4915 } else if (op == 6) {
4916 /* default push size is 64 bit */
4917 ot = mo_pushpop(s, dflag);
4921 gen_lea_modrm(env, s, modrm);
4922 if (op >= 2 && op != 3 && op != 5)
4923 gen_op_ld_v(s, ot, cpu_T0, cpu_A0);
4925 gen_op_mov_v_reg(ot, cpu_T0, rm);
4929 case 0: /* inc Ev */
4934 gen_inc(s, ot, opreg, 1);
4936 case 1: /* dec Ev */
4941 gen_inc(s, ot, opreg, -1);
4943 case 2: /* call Ev */
4944 /* XXX: optimize if memory (no 'and' is necessary) */
4945 if (dflag == MO_16) {
4946 tcg_gen_ext16u_tl(cpu_T0, cpu_T0);
4948 next_eip = s->pc - s->cs_base;
4949 tcg_gen_movi_tl(cpu_T1, next_eip);
4950 gen_push_v(s, cpu_T1);
4951 gen_op_jmp_v(cpu_T0);
4955 case 3: /* lcall Ev */
4956 gen_op_ld_v(s, ot, cpu_T1, cpu_A0);
4957 gen_add_A0_im(s, 1 << ot);
4958 gen_op_ld_v(s, MO_16, cpu_T0, cpu_A0);
4960 if (s->pe && !s->vm86) {
4961 tcg_gen_trunc_tl_i32(cpu_tmp2_i32, cpu_T0);
4962 gen_helper_lcall_protected(cpu_env, cpu_tmp2_i32, cpu_T1,
4963 tcg_const_i32(dflag - 1),
4964 tcg_const_tl(s->pc - s->cs_base));
4966 tcg_gen_trunc_tl_i32(cpu_tmp2_i32, cpu_T0);
4967 gen_helper_lcall_real(cpu_env, cpu_tmp2_i32, cpu_T1,
4968 tcg_const_i32(dflag - 1),
4969 tcg_const_i32(s->pc - s->cs_base));
4973 case 4: /* jmp Ev */
4974 if (dflag == MO_16) {
4975 tcg_gen_ext16u_tl(cpu_T0, cpu_T0);
4977 gen_op_jmp_v(cpu_T0);
4981 case 5: /* ljmp Ev */
4982 gen_op_ld_v(s, ot, cpu_T1, cpu_A0);
4983 gen_add_A0_im(s, 1 << ot);
4984 gen_op_ld_v(s, MO_16, cpu_T0, cpu_A0);
4986 if (s->pe && !s->vm86) {
4987 tcg_gen_trunc_tl_i32(cpu_tmp2_i32, cpu_T0);
4988 gen_helper_ljmp_protected(cpu_env, cpu_tmp2_i32, cpu_T1,
4989 tcg_const_tl(s->pc - s->cs_base));
4991 gen_op_movl_seg_T0_vm(R_CS);
4992 gen_op_jmp_v(cpu_T1);
4996 case 6: /* push Ev */
4997 gen_push_v(s, cpu_T0);
5004 case 0x84: /* test Ev, Gv */
5006 ot = mo_b_d(b, dflag);
5008 modrm = cpu_ldub_code(env, s->pc++);
5009 reg = ((modrm >> 3) & 7) | rex_r;
5011 gen_ldst_modrm(env, s, modrm, ot, OR_TMP0, 0);
5012 gen_op_mov_v_reg(ot, cpu_T1, reg);
5013 gen_op_testl_T0_T1_cc();
5014 set_cc_op(s, CC_OP_LOGICB + ot);
5017 case 0xa8: /* test eAX, Iv */
5019 ot = mo_b_d(b, dflag);
5020 val = insn_get(env, s, ot);
5022 gen_op_mov_v_reg(ot, cpu_T0, OR_EAX);
5023 tcg_gen_movi_tl(cpu_T1, val);
5024 gen_op_testl_T0_T1_cc();
5025 set_cc_op(s, CC_OP_LOGICB + ot);
5028 case 0x98: /* CWDE/CBW */
5030 #ifdef TARGET_X86_64
5032 gen_op_mov_v_reg(MO_32, cpu_T0, R_EAX);
5033 tcg_gen_ext32s_tl(cpu_T0, cpu_T0);
5034 gen_op_mov_reg_v(MO_64, R_EAX, cpu_T0);
5038 gen_op_mov_v_reg(MO_16, cpu_T0, R_EAX);
5039 tcg_gen_ext16s_tl(cpu_T0, cpu_T0);
5040 gen_op_mov_reg_v(MO_32, R_EAX, cpu_T0);
5043 gen_op_mov_v_reg(MO_8, cpu_T0, R_EAX);
5044 tcg_gen_ext8s_tl(cpu_T0, cpu_T0);
5045 gen_op_mov_reg_v(MO_16, R_EAX, cpu_T0);
5051 case 0x99: /* CDQ/CWD */
5053 #ifdef TARGET_X86_64
5055 gen_op_mov_v_reg(MO_64, cpu_T0, R_EAX);
5056 tcg_gen_sari_tl(cpu_T0, cpu_T0, 63);
5057 gen_op_mov_reg_v(MO_64, R_EDX, cpu_T0);
5061 gen_op_mov_v_reg(MO_32, cpu_T0, R_EAX);
5062 tcg_gen_ext32s_tl(cpu_T0, cpu_T0);
5063 tcg_gen_sari_tl(cpu_T0, cpu_T0, 31);
5064 gen_op_mov_reg_v(MO_32, R_EDX, cpu_T0);
5067 gen_op_mov_v_reg(MO_16, cpu_T0, R_EAX);
5068 tcg_gen_ext16s_tl(cpu_T0, cpu_T0);
5069 tcg_gen_sari_tl(cpu_T0, cpu_T0, 15);
5070 gen_op_mov_reg_v(MO_16, R_EDX, cpu_T0);
5076 case 0x1af: /* imul Gv, Ev */
5077 case 0x69: /* imul Gv, Ev, I */
5080 modrm = cpu_ldub_code(env, s->pc++);
5081 reg = ((modrm >> 3) & 7) | rex_r;
5083 s->rip_offset = insn_const_size(ot);
5086 gen_ldst_modrm(env, s, modrm, ot, OR_TMP0, 0);
5088 val = insn_get(env, s, ot);
5089 tcg_gen_movi_tl(cpu_T1, val);
5090 } else if (b == 0x6b) {
5091 val = (int8_t)insn_get(env, s, MO_8);
5092 tcg_gen_movi_tl(cpu_T1, val);
5094 gen_op_mov_v_reg(ot, cpu_T1, reg);
5097 #ifdef TARGET_X86_64
5099 tcg_gen_muls2_i64(cpu_regs[reg], cpu_T1, cpu_T0, cpu_T1);
5100 tcg_gen_mov_tl(cpu_cc_dst, cpu_regs[reg]);
5101 tcg_gen_sari_tl(cpu_cc_src, cpu_cc_dst, 63);
5102 tcg_gen_sub_tl(cpu_cc_src, cpu_cc_src, cpu_T1);
5106 tcg_gen_trunc_tl_i32(cpu_tmp2_i32, cpu_T0);
5107 tcg_gen_trunc_tl_i32(cpu_tmp3_i32, cpu_T1);
5108 tcg_gen_muls2_i32(cpu_tmp2_i32, cpu_tmp3_i32,
5109 cpu_tmp2_i32, cpu_tmp3_i32);
5110 tcg_gen_extu_i32_tl(cpu_regs[reg], cpu_tmp2_i32);
5111 tcg_gen_sari_i32(cpu_tmp2_i32, cpu_tmp2_i32, 31);
5112 tcg_gen_mov_tl(cpu_cc_dst, cpu_regs[reg]);
5113 tcg_gen_sub_i32(cpu_tmp2_i32, cpu_tmp2_i32, cpu_tmp3_i32);
5114 tcg_gen_extu_i32_tl(cpu_cc_src, cpu_tmp2_i32);
5117 tcg_gen_ext16s_tl(cpu_T0, cpu_T0);
5118 tcg_gen_ext16s_tl(cpu_T1, cpu_T1);
5119 /* XXX: use 32 bit mul which could be faster */
5120 tcg_gen_mul_tl(cpu_T0, cpu_T0, cpu_T1);
5121 tcg_gen_mov_tl(cpu_cc_dst, cpu_T0);
5122 tcg_gen_ext16s_tl(cpu_tmp0, cpu_T0);
5123 tcg_gen_sub_tl(cpu_cc_src, cpu_T0, cpu_tmp0);
5124 gen_op_mov_reg_v(ot, reg, cpu_T0);
5127 set_cc_op(s, CC_OP_MULB + ot);
5130 case 0x1c1: /* xadd Ev, Gv */
5131 ot = mo_b_d(b, dflag);
5132 modrm = cpu_ldub_code(env, s->pc++);
5133 reg = ((modrm >> 3) & 7) | rex_r;
5134 mod = (modrm >> 6) & 3;
5135 gen_op_mov_v_reg(ot, cpu_T0, reg);
5137 rm = (modrm & 7) | REX_B(s);
5138 gen_op_mov_v_reg(ot, cpu_T1, rm);
5139 tcg_gen_add_tl(cpu_T0, cpu_T0, cpu_T1);
5140 gen_op_mov_reg_v(ot, reg, cpu_T1);
5141 gen_op_mov_reg_v(ot, rm, cpu_T0);
5143 gen_lea_modrm(env, s, modrm);
5144 if (s->prefix & PREFIX_LOCK) {
5145 tcg_gen_atomic_fetch_add_tl(cpu_T1, cpu_A0, cpu_T0,
5146 s->mem_index, ot | MO_LE);
5147 tcg_gen_add_tl(cpu_T0, cpu_T0, cpu_T1);
5149 gen_op_ld_v(s, ot, cpu_T1, cpu_A0);
5150 tcg_gen_add_tl(cpu_T0, cpu_T0, cpu_T1);
5151 gen_op_st_v(s, ot, cpu_T0, cpu_A0);
5153 gen_op_mov_reg_v(ot, reg, cpu_T1);
5155 gen_op_update2_cc();
5156 set_cc_op(s, CC_OP_ADDB + ot);
5159 case 0x1b1: /* cmpxchg Ev, Gv */
5161 TCGv oldv, newv, cmpv;
5163 ot = mo_b_d(b, dflag);
5164 modrm = cpu_ldub_code(env, s->pc++);
5165 reg = ((modrm >> 3) & 7) | rex_r;
5166 mod = (modrm >> 6) & 3;
5167 oldv = tcg_temp_new();
5168 newv = tcg_temp_new();
5169 cmpv = tcg_temp_new();
5170 gen_op_mov_v_reg(ot, newv, reg);
5171 tcg_gen_mov_tl(cmpv, cpu_regs[R_EAX]);
5173 if (s->prefix & PREFIX_LOCK) {
5177 gen_lea_modrm(env, s, modrm);
5178 tcg_gen_atomic_cmpxchg_tl(oldv, cpu_A0, cmpv, newv,
5179 s->mem_index, ot | MO_LE);
5180 gen_op_mov_reg_v(ot, R_EAX, oldv);
5183 rm = (modrm & 7) | REX_B(s);
5184 gen_op_mov_v_reg(ot, oldv, rm);
5186 gen_lea_modrm(env, s, modrm);
5187 gen_op_ld_v(s, ot, oldv, cpu_A0);
5188 rm = 0; /* avoid warning */
5192 /* store value = (old == cmp ? new : old); */
5193 tcg_gen_movcond_tl(TCG_COND_EQ, newv, oldv, cmpv, newv, oldv);
5195 gen_op_mov_reg_v(ot, R_EAX, oldv);
5196 gen_op_mov_reg_v(ot, rm, newv);
5198 /* Perform an unconditional store cycle like physical cpu;
5199 must be before changing accumulator to ensure
5200 idempotency if the store faults and the instruction
5202 gen_op_st_v(s, ot, newv, cpu_A0);
5203 gen_op_mov_reg_v(ot, R_EAX, oldv);
5206 tcg_gen_mov_tl(cpu_cc_src, oldv);
5207 tcg_gen_mov_tl(cpu_cc_srcT, cmpv);
5208 tcg_gen_sub_tl(cpu_cc_dst, cmpv, oldv);
5209 set_cc_op(s, CC_OP_SUBB + ot);
5210 tcg_temp_free(oldv);
5211 tcg_temp_free(newv);
5212 tcg_temp_free(cmpv);
5215 case 0x1c7: /* cmpxchg8b */
5216 modrm = cpu_ldub_code(env, s->pc++);
5217 mod = (modrm >> 6) & 3;
5218 if ((mod == 3) || ((modrm & 0x38) != 0x8))
5220 #ifdef TARGET_X86_64
5221 if (dflag == MO_64) {
5222 if (!(s->cpuid_ext_features & CPUID_EXT_CX16))
5224 gen_lea_modrm(env, s, modrm);
5225 if ((s->prefix & PREFIX_LOCK) && parallel_cpus) {
5226 gen_helper_cmpxchg16b(cpu_env, cpu_A0);
5228 gen_helper_cmpxchg16b_unlocked(cpu_env, cpu_A0);
5233 if (!(s->cpuid_features & CPUID_CX8))
5235 gen_lea_modrm(env, s, modrm);
5236 if ((s->prefix & PREFIX_LOCK) && parallel_cpus) {
5237 gen_helper_cmpxchg8b(cpu_env, cpu_A0);
5239 gen_helper_cmpxchg8b_unlocked(cpu_env, cpu_A0);
5242 set_cc_op(s, CC_OP_EFLAGS);
5245 /**************************/
5247 case 0x50 ... 0x57: /* push */
5248 gen_op_mov_v_reg(MO_32, cpu_T0, (b & 7) | REX_B(s));
5249 gen_push_v(s, cpu_T0);
5251 case 0x58 ... 0x5f: /* pop */
5253 /* NOTE: order is important for pop %sp */
5254 gen_pop_update(s, ot);
5255 gen_op_mov_reg_v(ot, (b & 7) | REX_B(s), cpu_T0);
5257 case 0x60: /* pusha */
5262 case 0x61: /* popa */
5267 case 0x68: /* push Iv */
5269 ot = mo_pushpop(s, dflag);
5271 val = insn_get(env, s, ot);
5273 val = (int8_t)insn_get(env, s, MO_8);
5274 tcg_gen_movi_tl(cpu_T0, val);
5275 gen_push_v(s, cpu_T0);
5277 case 0x8f: /* pop Ev */
5278 modrm = cpu_ldub_code(env, s->pc++);
5279 mod = (modrm >> 6) & 3;
5282 /* NOTE: order is important for pop %sp */
5283 gen_pop_update(s, ot);
5284 rm = (modrm & 7) | REX_B(s);
5285 gen_op_mov_reg_v(ot, rm, cpu_T0);
5287 /* NOTE: order is important too for MMU exceptions */
5288 s->popl_esp_hack = 1 << ot;
5289 gen_ldst_modrm(env, s, modrm, ot, OR_TMP0, 1);
5290 s->popl_esp_hack = 0;
5291 gen_pop_update(s, ot);
5294 case 0xc8: /* enter */
5297 val = cpu_lduw_code(env, s->pc);
5299 level = cpu_ldub_code(env, s->pc++);
5300 gen_enter(s, val, level);
5303 case 0xc9: /* leave */
5306 case 0x06: /* push es */
5307 case 0x0e: /* push cs */
5308 case 0x16: /* push ss */
5309 case 0x1e: /* push ds */
5312 gen_op_movl_T0_seg(b >> 3);
5313 gen_push_v(s, cpu_T0);
5315 case 0x1a0: /* push fs */
5316 case 0x1a8: /* push gs */
5317 gen_op_movl_T0_seg((b >> 3) & 7);
5318 gen_push_v(s, cpu_T0);
5320 case 0x07: /* pop es */
5321 case 0x17: /* pop ss */
5322 case 0x1f: /* pop ds */
5327 gen_movl_seg_T0(s, reg);
5328 gen_pop_update(s, ot);
5329 /* Note that reg == R_SS in gen_movl_seg_T0 always sets is_jmp. */
5331 gen_jmp_im(s->pc - s->cs_base);
5334 gen_eob_inhibit_irq(s, true);
5340 case 0x1a1: /* pop fs */
5341 case 0x1a9: /* pop gs */
5343 gen_movl_seg_T0(s, (b >> 3) & 7);
5344 gen_pop_update(s, ot);
5346 gen_jmp_im(s->pc - s->cs_base);
5351 /**************************/
5354 case 0x89: /* mov Gv, Ev */
5355 ot = mo_b_d(b, dflag);
5356 modrm = cpu_ldub_code(env, s->pc++);
5357 reg = ((modrm >> 3) & 7) | rex_r;
5359 /* generate a generic store */
5360 gen_ldst_modrm(env, s, modrm, ot, reg, 1);
5363 case 0xc7: /* mov Ev, Iv */
5364 ot = mo_b_d(b, dflag);
5365 modrm = cpu_ldub_code(env, s->pc++);
5366 mod = (modrm >> 6) & 3;
5368 s->rip_offset = insn_const_size(ot);
5369 gen_lea_modrm(env, s, modrm);
5371 val = insn_get(env, s, ot);
5372 tcg_gen_movi_tl(cpu_T0, val);
5374 gen_op_st_v(s, ot, cpu_T0, cpu_A0);
5376 gen_op_mov_reg_v(ot, (modrm & 7) | REX_B(s), cpu_T0);
5380 case 0x8b: /* mov Ev, Gv */
5381 ot = mo_b_d(b, dflag);
5382 modrm = cpu_ldub_code(env, s->pc++);
5383 reg = ((modrm >> 3) & 7) | rex_r;
5385 gen_ldst_modrm(env, s, modrm, ot, OR_TMP0, 0);
5386 gen_op_mov_reg_v(ot, reg, cpu_T0);
5388 case 0x8e: /* mov seg, Gv */
5389 modrm = cpu_ldub_code(env, s->pc++);
5390 reg = (modrm >> 3) & 7;
5391 if (reg >= 6 || reg == R_CS)
5393 gen_ldst_modrm(env, s, modrm, MO_16, OR_TMP0, 0);
5394 gen_movl_seg_T0(s, reg);
5395 /* Note that reg == R_SS in gen_movl_seg_T0 always sets is_jmp. */
5397 gen_jmp_im(s->pc - s->cs_base);
5400 gen_eob_inhibit_irq(s, true);
5406 case 0x8c: /* mov Gv, seg */
5407 modrm = cpu_ldub_code(env, s->pc++);
5408 reg = (modrm >> 3) & 7;
5409 mod = (modrm >> 6) & 3;
5412 gen_op_movl_T0_seg(reg);
5413 ot = mod == 3 ? dflag : MO_16;
5414 gen_ldst_modrm(env, s, modrm, ot, OR_TMP0, 1);
5417 case 0x1b6: /* movzbS Gv, Eb */
5418 case 0x1b7: /* movzwS Gv, Eb */
5419 case 0x1be: /* movsbS Gv, Eb */
5420 case 0x1bf: /* movswS Gv, Eb */
5425 /* d_ot is the size of destination */
5427 /* ot is the size of source */
5428 ot = (b & 1) + MO_8;
5429 /* s_ot is the sign+size of source */
5430 s_ot = b & 8 ? MO_SIGN | ot : ot;
5432 modrm = cpu_ldub_code(env, s->pc++);
5433 reg = ((modrm >> 3) & 7) | rex_r;
5434 mod = (modrm >> 6) & 3;
5435 rm = (modrm & 7) | REX_B(s);
5438 gen_op_mov_v_reg(ot, cpu_T0, rm);
5441 tcg_gen_ext8u_tl(cpu_T0, cpu_T0);
5444 tcg_gen_ext8s_tl(cpu_T0, cpu_T0);
5447 tcg_gen_ext16u_tl(cpu_T0, cpu_T0);
5451 tcg_gen_ext16s_tl(cpu_T0, cpu_T0);
5454 gen_op_mov_reg_v(d_ot, reg, cpu_T0);
5456 gen_lea_modrm(env, s, modrm);
5457 gen_op_ld_v(s, s_ot, cpu_T0, cpu_A0);
5458 gen_op_mov_reg_v(d_ot, reg, cpu_T0);
5463 case 0x8d: /* lea */
5464 modrm = cpu_ldub_code(env, s->pc++);
5465 mod = (modrm >> 6) & 3;
5468 reg = ((modrm >> 3) & 7) | rex_r;
5470 AddressParts a = gen_lea_modrm_0(env, s, modrm);
5471 TCGv ea = gen_lea_modrm_1(a);
5472 gen_lea_v_seg(s, s->aflag, ea, -1, -1);
5473 gen_op_mov_reg_v(dflag, reg, cpu_A0);
5477 case 0xa0: /* mov EAX, Ov */
5479 case 0xa2: /* mov Ov, EAX */
5482 target_ulong offset_addr;
5484 ot = mo_b_d(b, dflag);
5486 #ifdef TARGET_X86_64
5488 offset_addr = cpu_ldq_code(env, s->pc);
5493 offset_addr = insn_get(env, s, s->aflag);
5496 tcg_gen_movi_tl(cpu_A0, offset_addr);
5497 gen_add_A0_ds_seg(s);
5499 gen_op_ld_v(s, ot, cpu_T0, cpu_A0);
5500 gen_op_mov_reg_v(ot, R_EAX, cpu_T0);
5502 gen_op_mov_v_reg(ot, cpu_T0, R_EAX);
5503 gen_op_st_v(s, ot, cpu_T0, cpu_A0);
5507 case 0xd7: /* xlat */
5508 tcg_gen_mov_tl(cpu_A0, cpu_regs[R_EBX]);
5509 tcg_gen_ext8u_tl(cpu_T0, cpu_regs[R_EAX]);
5510 tcg_gen_add_tl(cpu_A0, cpu_A0, cpu_T0);
5511 gen_extu(s->aflag, cpu_A0);
5512 gen_add_A0_ds_seg(s);
5513 gen_op_ld_v(s, MO_8, cpu_T0, cpu_A0);
5514 gen_op_mov_reg_v(MO_8, R_EAX, cpu_T0);
5516 case 0xb0 ... 0xb7: /* mov R, Ib */
5517 val = insn_get(env, s, MO_8);
5518 tcg_gen_movi_tl(cpu_T0, val);
5519 gen_op_mov_reg_v(MO_8, (b & 7) | REX_B(s), cpu_T0);
5521 case 0xb8 ... 0xbf: /* mov R, Iv */
5522 #ifdef TARGET_X86_64
5523 if (dflag == MO_64) {
5526 tmp = cpu_ldq_code(env, s->pc);
5528 reg = (b & 7) | REX_B(s);
5529 tcg_gen_movi_tl(cpu_T0, tmp);
5530 gen_op_mov_reg_v(MO_64, reg, cpu_T0);
5535 val = insn_get(env, s, ot);
5536 reg = (b & 7) | REX_B(s);
5537 tcg_gen_movi_tl(cpu_T0, val);
5538 gen_op_mov_reg_v(ot, reg, cpu_T0);
5542 case 0x91 ... 0x97: /* xchg R, EAX */
5545 reg = (b & 7) | REX_B(s);
5549 case 0x87: /* xchg Ev, Gv */
5550 ot = mo_b_d(b, dflag);
5551 modrm = cpu_ldub_code(env, s->pc++);
5552 reg = ((modrm >> 3) & 7) | rex_r;
5553 mod = (modrm >> 6) & 3;
5555 rm = (modrm & 7) | REX_B(s);
5557 gen_op_mov_v_reg(ot, cpu_T0, reg);
5558 gen_op_mov_v_reg(ot, cpu_T1, rm);
5559 gen_op_mov_reg_v(ot, rm, cpu_T0);
5560 gen_op_mov_reg_v(ot, reg, cpu_T1);
5562 gen_lea_modrm(env, s, modrm);
5563 gen_op_mov_v_reg(ot, cpu_T0, reg);
5564 /* for xchg, lock is implicit */
5565 tcg_gen_atomic_xchg_tl(cpu_T1, cpu_A0, cpu_T0,
5566 s->mem_index, ot | MO_LE);
5567 gen_op_mov_reg_v(ot, reg, cpu_T1);
5570 case 0xc4: /* les Gv */
5571 /* In CODE64 this is VEX3; see above. */
5574 case 0xc5: /* lds Gv */
5575 /* In CODE64 this is VEX2; see above. */
5578 case 0x1b2: /* lss Gv */
5581 case 0x1b4: /* lfs Gv */
5584 case 0x1b5: /* lgs Gv */
5587 ot = dflag != MO_16 ? MO_32 : MO_16;
5588 modrm = cpu_ldub_code(env, s->pc++);
5589 reg = ((modrm >> 3) & 7) | rex_r;
5590 mod = (modrm >> 6) & 3;
5593 gen_lea_modrm(env, s, modrm);
5594 gen_op_ld_v(s, ot, cpu_T1, cpu_A0);
5595 gen_add_A0_im(s, 1 << ot);
5596 /* load the segment first to handle exceptions properly */
5597 gen_op_ld_v(s, MO_16, cpu_T0, cpu_A0);
5598 gen_movl_seg_T0(s, op);
5599 /* then put the data */
5600 gen_op_mov_reg_v(ot, reg, cpu_T1);
5602 gen_jmp_im(s->pc - s->cs_base);
5607 /************************/
5615 ot = mo_b_d(b, dflag);
5616 modrm = cpu_ldub_code(env, s->pc++);
5617 mod = (modrm >> 6) & 3;
5618 op = (modrm >> 3) & 7;
5624 gen_lea_modrm(env, s, modrm);
5627 opreg = (modrm & 7) | REX_B(s);
5632 gen_shift(s, op, ot, opreg, OR_ECX);
5635 shift = cpu_ldub_code(env, s->pc++);
5637 gen_shifti(s, op, ot, opreg, shift);
5652 case 0x1a4: /* shld imm */
5656 case 0x1a5: /* shld cl */
5660 case 0x1ac: /* shrd imm */
5664 case 0x1ad: /* shrd cl */
5669 modrm = cpu_ldub_code(env, s->pc++);
5670 mod = (modrm >> 6) & 3;
5671 rm = (modrm & 7) | REX_B(s);
5672 reg = ((modrm >> 3) & 7) | rex_r;
5674 gen_lea_modrm(env, s, modrm);
5679 gen_op_mov_v_reg(ot, cpu_T1, reg);
5682 TCGv imm = tcg_const_tl(cpu_ldub_code(env, s->pc++));
5683 gen_shiftd_rm_T1(s, ot, opreg, op, imm);
5686 gen_shiftd_rm_T1(s, ot, opreg, op, cpu_regs[R_ECX]);
5690 /************************/
5693 if (s->flags & (HF_EM_MASK | HF_TS_MASK)) {
5694 /* if CR0.EM or CR0.TS are set, generate an FPU exception */
5695 /* XXX: what to do if illegal op ? */
5696 gen_exception(s, EXCP07_PREX, pc_start - s->cs_base);
5699 modrm = cpu_ldub_code(env, s->pc++);
5700 mod = (modrm >> 6) & 3;
5702 op = ((b & 7) << 3) | ((modrm >> 3) & 7);
5705 gen_lea_modrm(env, s, modrm);
5707 case 0x00 ... 0x07: /* fxxxs */
5708 case 0x10 ... 0x17: /* fixxxl */
5709 case 0x20 ... 0x27: /* fxxxl */
5710 case 0x30 ... 0x37: /* fixxx */
5717 tcg_gen_qemu_ld_i32(cpu_tmp2_i32, cpu_A0,
5718 s->mem_index, MO_LEUL);
5719 gen_helper_flds_FT0(cpu_env, cpu_tmp2_i32);
5722 tcg_gen_qemu_ld_i32(cpu_tmp2_i32, cpu_A0,
5723 s->mem_index, MO_LEUL);
5724 gen_helper_fildl_FT0(cpu_env, cpu_tmp2_i32);
5727 tcg_gen_qemu_ld_i64(cpu_tmp1_i64, cpu_A0,
5728 s->mem_index, MO_LEQ);
5729 gen_helper_fldl_FT0(cpu_env, cpu_tmp1_i64);
5733 tcg_gen_qemu_ld_i32(cpu_tmp2_i32, cpu_A0,
5734 s->mem_index, MO_LESW);
5735 gen_helper_fildl_FT0(cpu_env, cpu_tmp2_i32);
5739 gen_helper_fp_arith_ST0_FT0(op1);
5741 /* fcomp needs pop */
5742 gen_helper_fpop(cpu_env);
5746 case 0x08: /* flds */
5747 case 0x0a: /* fsts */
5748 case 0x0b: /* fstps */
5749 case 0x18 ... 0x1b: /* fildl, fisttpl, fistl, fistpl */
5750 case 0x28 ... 0x2b: /* fldl, fisttpll, fstl, fstpl */
5751 case 0x38 ... 0x3b: /* filds, fisttps, fists, fistps */
5756 tcg_gen_qemu_ld_i32(cpu_tmp2_i32, cpu_A0,
5757 s->mem_index, MO_LEUL);
5758 gen_helper_flds_ST0(cpu_env, cpu_tmp2_i32);
5761 tcg_gen_qemu_ld_i32(cpu_tmp2_i32, cpu_A0,
5762 s->mem_index, MO_LEUL);
5763 gen_helper_fildl_ST0(cpu_env, cpu_tmp2_i32);
5766 tcg_gen_qemu_ld_i64(cpu_tmp1_i64, cpu_A0,
5767 s->mem_index, MO_LEQ);
5768 gen_helper_fldl_ST0(cpu_env, cpu_tmp1_i64);
5772 tcg_gen_qemu_ld_i32(cpu_tmp2_i32, cpu_A0,
5773 s->mem_index, MO_LESW);
5774 gen_helper_fildl_ST0(cpu_env, cpu_tmp2_i32);
5779 /* XXX: the corresponding CPUID bit must be tested ! */
5782 gen_helper_fisttl_ST0(cpu_tmp2_i32, cpu_env);
5783 tcg_gen_qemu_st_i32(cpu_tmp2_i32, cpu_A0,
5784 s->mem_index, MO_LEUL);
5787 gen_helper_fisttll_ST0(cpu_tmp1_i64, cpu_env);
5788 tcg_gen_qemu_st_i64(cpu_tmp1_i64, cpu_A0,
5789 s->mem_index, MO_LEQ);
5793 gen_helper_fistt_ST0(cpu_tmp2_i32, cpu_env);
5794 tcg_gen_qemu_st_i32(cpu_tmp2_i32, cpu_A0,
5795 s->mem_index, MO_LEUW);
5798 gen_helper_fpop(cpu_env);
5803 gen_helper_fsts_ST0(cpu_tmp2_i32, cpu_env);
5804 tcg_gen_qemu_st_i32(cpu_tmp2_i32, cpu_A0,
5805 s->mem_index, MO_LEUL);
5808 gen_helper_fistl_ST0(cpu_tmp2_i32, cpu_env);
5809 tcg_gen_qemu_st_i32(cpu_tmp2_i32, cpu_A0,
5810 s->mem_index, MO_LEUL);
5813 gen_helper_fstl_ST0(cpu_tmp1_i64, cpu_env);
5814 tcg_gen_qemu_st_i64(cpu_tmp1_i64, cpu_A0,
5815 s->mem_index, MO_LEQ);
5819 gen_helper_fist_ST0(cpu_tmp2_i32, cpu_env);
5820 tcg_gen_qemu_st_i32(cpu_tmp2_i32, cpu_A0,
5821 s->mem_index, MO_LEUW);
5825 gen_helper_fpop(cpu_env);
5829 case 0x0c: /* fldenv mem */
5830 gen_helper_fldenv(cpu_env, cpu_A0, tcg_const_i32(dflag - 1));
5832 case 0x0d: /* fldcw mem */
5833 tcg_gen_qemu_ld_i32(cpu_tmp2_i32, cpu_A0,
5834 s->mem_index, MO_LEUW);
5835 gen_helper_fldcw(cpu_env, cpu_tmp2_i32);
5837 case 0x0e: /* fnstenv mem */
5838 gen_helper_fstenv(cpu_env, cpu_A0, tcg_const_i32(dflag - 1));
5840 case 0x0f: /* fnstcw mem */
5841 gen_helper_fnstcw(cpu_tmp2_i32, cpu_env);
5842 tcg_gen_qemu_st_i32(cpu_tmp2_i32, cpu_A0,
5843 s->mem_index, MO_LEUW);
5845 case 0x1d: /* fldt mem */
5846 gen_helper_fldt_ST0(cpu_env, cpu_A0);
5848 case 0x1f: /* fstpt mem */
5849 gen_helper_fstt_ST0(cpu_env, cpu_A0);
5850 gen_helper_fpop(cpu_env);
5852 case 0x2c: /* frstor mem */
5853 gen_helper_frstor(cpu_env, cpu_A0, tcg_const_i32(dflag - 1));
5855 case 0x2e: /* fnsave mem */
5856 gen_helper_fsave(cpu_env, cpu_A0, tcg_const_i32(dflag - 1));
5858 case 0x2f: /* fnstsw mem */
5859 gen_helper_fnstsw(cpu_tmp2_i32, cpu_env);
5860 tcg_gen_qemu_st_i32(cpu_tmp2_i32, cpu_A0,
5861 s->mem_index, MO_LEUW);
5863 case 0x3c: /* fbld */
5864 gen_helper_fbld_ST0(cpu_env, cpu_A0);
5866 case 0x3e: /* fbstp */
5867 gen_helper_fbst_ST0(cpu_env, cpu_A0);
5868 gen_helper_fpop(cpu_env);
5870 case 0x3d: /* fildll */
5871 tcg_gen_qemu_ld_i64(cpu_tmp1_i64, cpu_A0, s->mem_index, MO_LEQ);
5872 gen_helper_fildll_ST0(cpu_env, cpu_tmp1_i64);
5874 case 0x3f: /* fistpll */
5875 gen_helper_fistll_ST0(cpu_tmp1_i64, cpu_env);
5876 tcg_gen_qemu_st_i64(cpu_tmp1_i64, cpu_A0, s->mem_index, MO_LEQ);
5877 gen_helper_fpop(cpu_env);
5883 /* register float ops */
5887 case 0x08: /* fld sti */
5888 gen_helper_fpush(cpu_env);
5889 gen_helper_fmov_ST0_STN(cpu_env,
5890 tcg_const_i32((opreg + 1) & 7));
5892 case 0x09: /* fxchg sti */
5893 case 0x29: /* fxchg4 sti, undocumented op */
5894 case 0x39: /* fxchg7 sti, undocumented op */
5895 gen_helper_fxchg_ST0_STN(cpu_env, tcg_const_i32(opreg));
5897 case 0x0a: /* grp d9/2 */
5900 /* check exceptions (FreeBSD FPU probe) */
5901 gen_helper_fwait(cpu_env);
5907 case 0x0c: /* grp d9/4 */
5910 gen_helper_fchs_ST0(cpu_env);
5913 gen_helper_fabs_ST0(cpu_env);
5916 gen_helper_fldz_FT0(cpu_env);
5917 gen_helper_fcom_ST0_FT0(cpu_env);
5920 gen_helper_fxam_ST0(cpu_env);
5926 case 0x0d: /* grp d9/5 */
5930 gen_helper_fpush(cpu_env);
5931 gen_helper_fld1_ST0(cpu_env);
5934 gen_helper_fpush(cpu_env);
5935 gen_helper_fldl2t_ST0(cpu_env);
5938 gen_helper_fpush(cpu_env);
5939 gen_helper_fldl2e_ST0(cpu_env);
5942 gen_helper_fpush(cpu_env);
5943 gen_helper_fldpi_ST0(cpu_env);
5946 gen_helper_fpush(cpu_env);
5947 gen_helper_fldlg2_ST0(cpu_env);
5950 gen_helper_fpush(cpu_env);
5951 gen_helper_fldln2_ST0(cpu_env);
5954 gen_helper_fpush(cpu_env);
5955 gen_helper_fldz_ST0(cpu_env);
5962 case 0x0e: /* grp d9/6 */
5965 gen_helper_f2xm1(cpu_env);
5968 gen_helper_fyl2x(cpu_env);
5971 gen_helper_fptan(cpu_env);
5973 case 3: /* fpatan */
5974 gen_helper_fpatan(cpu_env);
5976 case 4: /* fxtract */
5977 gen_helper_fxtract(cpu_env);
5979 case 5: /* fprem1 */
5980 gen_helper_fprem1(cpu_env);
5982 case 6: /* fdecstp */
5983 gen_helper_fdecstp(cpu_env);
5986 case 7: /* fincstp */
5987 gen_helper_fincstp(cpu_env);
5991 case 0x0f: /* grp d9/7 */
5994 gen_helper_fprem(cpu_env);
5996 case 1: /* fyl2xp1 */
5997 gen_helper_fyl2xp1(cpu_env);
6000 gen_helper_fsqrt(cpu_env);
6002 case 3: /* fsincos */
6003 gen_helper_fsincos(cpu_env);
6005 case 5: /* fscale */
6006 gen_helper_fscale(cpu_env);
6008 case 4: /* frndint */
6009 gen_helper_frndint(cpu_env);
6012 gen_helper_fsin(cpu_env);
6016 gen_helper_fcos(cpu_env);
6020 case 0x00: case 0x01: case 0x04 ... 0x07: /* fxxx st, sti */
6021 case 0x20: case 0x21: case 0x24 ... 0x27: /* fxxx sti, st */
6022 case 0x30: case 0x31: case 0x34 ... 0x37: /* fxxxp sti, st */
6028 gen_helper_fp_arith_STN_ST0(op1, opreg);
6030 gen_helper_fpop(cpu_env);
6032 gen_helper_fmov_FT0_STN(cpu_env, tcg_const_i32(opreg));
6033 gen_helper_fp_arith_ST0_FT0(op1);
6037 case 0x02: /* fcom */
6038 case 0x22: /* fcom2, undocumented op */
6039 gen_helper_fmov_FT0_STN(cpu_env, tcg_const_i32(opreg));
6040 gen_helper_fcom_ST0_FT0(cpu_env);
6042 case 0x03: /* fcomp */
6043 case 0x23: /* fcomp3, undocumented op */
6044 case 0x32: /* fcomp5, undocumented op */
6045 gen_helper_fmov_FT0_STN(cpu_env, tcg_const_i32(opreg));
6046 gen_helper_fcom_ST0_FT0(cpu_env);
6047 gen_helper_fpop(cpu_env);
6049 case 0x15: /* da/5 */
6051 case 1: /* fucompp */
6052 gen_helper_fmov_FT0_STN(cpu_env, tcg_const_i32(1));
6053 gen_helper_fucom_ST0_FT0(cpu_env);
6054 gen_helper_fpop(cpu_env);
6055 gen_helper_fpop(cpu_env);
6063 case 0: /* feni (287 only, just do nop here) */
6065 case 1: /* fdisi (287 only, just do nop here) */
6068 gen_helper_fclex(cpu_env);
6070 case 3: /* fninit */
6071 gen_helper_fninit(cpu_env);
6073 case 4: /* fsetpm (287 only, just do nop here) */
6079 case 0x1d: /* fucomi */
6080 if (!(s->cpuid_features & CPUID_CMOV)) {
6083 gen_update_cc_op(s);
6084 gen_helper_fmov_FT0_STN(cpu_env, tcg_const_i32(opreg));
6085 gen_helper_fucomi_ST0_FT0(cpu_env);
6086 set_cc_op(s, CC_OP_EFLAGS);
6088 case 0x1e: /* fcomi */
6089 if (!(s->cpuid_features & CPUID_CMOV)) {
6092 gen_update_cc_op(s);
6093 gen_helper_fmov_FT0_STN(cpu_env, tcg_const_i32(opreg));
6094 gen_helper_fcomi_ST0_FT0(cpu_env);
6095 set_cc_op(s, CC_OP_EFLAGS);
6097 case 0x28: /* ffree sti */
6098 gen_helper_ffree_STN(cpu_env, tcg_const_i32(opreg));
6100 case 0x2a: /* fst sti */
6101 gen_helper_fmov_STN_ST0(cpu_env, tcg_const_i32(opreg));
6103 case 0x2b: /* fstp sti */
6104 case 0x0b: /* fstp1 sti, undocumented op */
6105 case 0x3a: /* fstp8 sti, undocumented op */
6106 case 0x3b: /* fstp9 sti, undocumented op */
6107 gen_helper_fmov_STN_ST0(cpu_env, tcg_const_i32(opreg));
6108 gen_helper_fpop(cpu_env);
6110 case 0x2c: /* fucom st(i) */
6111 gen_helper_fmov_FT0_STN(cpu_env, tcg_const_i32(opreg));
6112 gen_helper_fucom_ST0_FT0(cpu_env);
6114 case 0x2d: /* fucomp st(i) */
6115 gen_helper_fmov_FT0_STN(cpu_env, tcg_const_i32(opreg));
6116 gen_helper_fucom_ST0_FT0(cpu_env);
6117 gen_helper_fpop(cpu_env);
6119 case 0x33: /* de/3 */
6121 case 1: /* fcompp */
6122 gen_helper_fmov_FT0_STN(cpu_env, tcg_const_i32(1));
6123 gen_helper_fcom_ST0_FT0(cpu_env);
6124 gen_helper_fpop(cpu_env);
6125 gen_helper_fpop(cpu_env);
6131 case 0x38: /* ffreep sti, undocumented op */
6132 gen_helper_ffree_STN(cpu_env, tcg_const_i32(opreg));
6133 gen_helper_fpop(cpu_env);
6135 case 0x3c: /* df/4 */
6138 gen_helper_fnstsw(cpu_tmp2_i32, cpu_env);
6139 tcg_gen_extu_i32_tl(cpu_T0, cpu_tmp2_i32);
6140 gen_op_mov_reg_v(MO_16, R_EAX, cpu_T0);
6146 case 0x3d: /* fucomip */
6147 if (!(s->cpuid_features & CPUID_CMOV)) {
6150 gen_update_cc_op(s);
6151 gen_helper_fmov_FT0_STN(cpu_env, tcg_const_i32(opreg));
6152 gen_helper_fucomi_ST0_FT0(cpu_env);
6153 gen_helper_fpop(cpu_env);
6154 set_cc_op(s, CC_OP_EFLAGS);
6156 case 0x3e: /* fcomip */
6157 if (!(s->cpuid_features & CPUID_CMOV)) {
6160 gen_update_cc_op(s);
6161 gen_helper_fmov_FT0_STN(cpu_env, tcg_const_i32(opreg));
6162 gen_helper_fcomi_ST0_FT0(cpu_env);
6163 gen_helper_fpop(cpu_env);
6164 set_cc_op(s, CC_OP_EFLAGS);
6166 case 0x10 ... 0x13: /* fcmovxx */
6171 static const uint8_t fcmov_cc[8] = {
6178 if (!(s->cpuid_features & CPUID_CMOV)) {
6181 op1 = fcmov_cc[op & 3] | (((op >> 3) & 1) ^ 1);
6182 l1 = gen_new_label();
6183 gen_jcc1_noeob(s, op1, l1);
6184 gen_helper_fmov_ST0_STN(cpu_env, tcg_const_i32(opreg));
6193 /************************/
6196 case 0xa4: /* movsS */
6198 ot = mo_b_d(b, dflag);
6199 if (prefixes & (PREFIX_REPZ | PREFIX_REPNZ)) {
6200 gen_repz_movs(s, ot, pc_start - s->cs_base, s->pc - s->cs_base);
6206 case 0xaa: /* stosS */
6208 ot = mo_b_d(b, dflag);
6209 if (prefixes & (PREFIX_REPZ | PREFIX_REPNZ)) {
6210 gen_repz_stos(s, ot, pc_start - s->cs_base, s->pc - s->cs_base);
6215 case 0xac: /* lodsS */
6217 ot = mo_b_d(b, dflag);
6218 if (prefixes & (PREFIX_REPZ | PREFIX_REPNZ)) {
6219 gen_repz_lods(s, ot, pc_start - s->cs_base, s->pc - s->cs_base);
6224 case 0xae: /* scasS */
6226 ot = mo_b_d(b, dflag);
6227 if (prefixes & PREFIX_REPNZ) {
6228 gen_repz_scas(s, ot, pc_start - s->cs_base, s->pc - s->cs_base, 1);
6229 } else if (prefixes & PREFIX_REPZ) {
6230 gen_repz_scas(s, ot, pc_start - s->cs_base, s->pc - s->cs_base, 0);
6236 case 0xa6: /* cmpsS */
6238 ot = mo_b_d(b, dflag);
6239 if (prefixes & PREFIX_REPNZ) {
6240 gen_repz_cmps(s, ot, pc_start - s->cs_base, s->pc - s->cs_base, 1);
6241 } else if (prefixes & PREFIX_REPZ) {
6242 gen_repz_cmps(s, ot, pc_start - s->cs_base, s->pc - s->cs_base, 0);
6247 case 0x6c: /* insS */
6249 ot = mo_b_d32(b, dflag);
6250 tcg_gen_ext16u_tl(cpu_T0, cpu_regs[R_EDX]);
6251 gen_check_io(s, ot, pc_start - s->cs_base,
6252 SVM_IOIO_TYPE_MASK | svm_is_rep(prefixes) | 4);
6253 if (prefixes & (PREFIX_REPZ | PREFIX_REPNZ)) {
6254 gen_repz_ins(s, ot, pc_start - s->cs_base, s->pc - s->cs_base);
6257 if (s->tb->cflags & CF_USE_ICOUNT) {
6258 gen_jmp(s, s->pc - s->cs_base);
6262 case 0x6e: /* outsS */
6264 ot = mo_b_d32(b, dflag);
6265 tcg_gen_ext16u_tl(cpu_T0, cpu_regs[R_EDX]);
6266 gen_check_io(s, ot, pc_start - s->cs_base,
6267 svm_is_rep(prefixes) | 4);
6268 if (prefixes & (PREFIX_REPZ | PREFIX_REPNZ)) {
6269 gen_repz_outs(s, ot, pc_start - s->cs_base, s->pc - s->cs_base);
6272 if (s->tb->cflags & CF_USE_ICOUNT) {
6273 gen_jmp(s, s->pc - s->cs_base);
6278 /************************/
6283 ot = mo_b_d32(b, dflag);
6284 val = cpu_ldub_code(env, s->pc++);
6285 tcg_gen_movi_tl(cpu_T0, val);
6286 gen_check_io(s, ot, pc_start - s->cs_base,
6287 SVM_IOIO_TYPE_MASK | svm_is_rep(prefixes));
6288 if (s->tb->cflags & CF_USE_ICOUNT) {
6291 tcg_gen_movi_i32(cpu_tmp2_i32, val);
6292 gen_helper_in_func(ot, cpu_T1, cpu_tmp2_i32);
6293 gen_op_mov_reg_v(ot, R_EAX, cpu_T1);
6294 gen_bpt_io(s, cpu_tmp2_i32, ot);
6295 if (s->tb->cflags & CF_USE_ICOUNT) {
6297 gen_jmp(s, s->pc - s->cs_base);
6302 ot = mo_b_d32(b, dflag);
6303 val = cpu_ldub_code(env, s->pc++);
6304 tcg_gen_movi_tl(cpu_T0, val);
6305 gen_check_io(s, ot, pc_start - s->cs_base,
6306 svm_is_rep(prefixes));
6307 gen_op_mov_v_reg(ot, cpu_T1, R_EAX);
6309 if (s->tb->cflags & CF_USE_ICOUNT) {
6312 tcg_gen_movi_i32(cpu_tmp2_i32, val);
6313 tcg_gen_trunc_tl_i32(cpu_tmp3_i32, cpu_T1);
6314 gen_helper_out_func(ot, cpu_tmp2_i32, cpu_tmp3_i32);
6315 gen_bpt_io(s, cpu_tmp2_i32, ot);
6316 if (s->tb->cflags & CF_USE_ICOUNT) {
6318 gen_jmp(s, s->pc - s->cs_base);
6323 ot = mo_b_d32(b, dflag);
6324 tcg_gen_ext16u_tl(cpu_T0, cpu_regs[R_EDX]);
6325 gen_check_io(s, ot, pc_start - s->cs_base,
6326 SVM_IOIO_TYPE_MASK | svm_is_rep(prefixes));
6327 if (s->tb->cflags & CF_USE_ICOUNT) {
6330 tcg_gen_trunc_tl_i32(cpu_tmp2_i32, cpu_T0);
6331 gen_helper_in_func(ot, cpu_T1, cpu_tmp2_i32);
6332 gen_op_mov_reg_v(ot, R_EAX, cpu_T1);
6333 gen_bpt_io(s, cpu_tmp2_i32, ot);
6334 if (s->tb->cflags & CF_USE_ICOUNT) {
6336 gen_jmp(s, s->pc - s->cs_base);
6341 ot = mo_b_d32(b, dflag);
6342 tcg_gen_ext16u_tl(cpu_T0, cpu_regs[R_EDX]);
6343 gen_check_io(s, ot, pc_start - s->cs_base,
6344 svm_is_rep(prefixes));
6345 gen_op_mov_v_reg(ot, cpu_T1, R_EAX);
6347 if (s->tb->cflags & CF_USE_ICOUNT) {
6350 tcg_gen_trunc_tl_i32(cpu_tmp2_i32, cpu_T0);
6351 tcg_gen_trunc_tl_i32(cpu_tmp3_i32, cpu_T1);
6352 gen_helper_out_func(ot, cpu_tmp2_i32, cpu_tmp3_i32);
6353 gen_bpt_io(s, cpu_tmp2_i32, ot);
6354 if (s->tb->cflags & CF_USE_ICOUNT) {
6356 gen_jmp(s, s->pc - s->cs_base);
6360 /************************/
6362 case 0xc2: /* ret im */
6363 val = cpu_ldsw_code(env, s->pc);
6366 gen_stack_update(s, val + (1 << ot));
6367 /* Note that gen_pop_T0 uses a zero-extending load. */
6368 gen_op_jmp_v(cpu_T0);
6372 case 0xc3: /* ret */
6374 gen_pop_update(s, ot);
6375 /* Note that gen_pop_T0 uses a zero-extending load. */
6376 gen_op_jmp_v(cpu_T0);
6380 case 0xca: /* lret im */
6381 val = cpu_ldsw_code(env, s->pc);
6384 if (s->pe && !s->vm86) {
6385 gen_update_cc_op(s);
6386 gen_jmp_im(pc_start - s->cs_base);
6387 gen_helper_lret_protected(cpu_env, tcg_const_i32(dflag - 1),
6388 tcg_const_i32(val));
6392 gen_op_ld_v(s, dflag, cpu_T0, cpu_A0);
6393 /* NOTE: keeping EIP updated is not a problem in case of
6395 gen_op_jmp_v(cpu_T0);
6397 gen_add_A0_im(s, 1 << dflag);
6398 gen_op_ld_v(s, dflag, cpu_T0, cpu_A0);
6399 gen_op_movl_seg_T0_vm(R_CS);
6400 /* add stack offset */
6401 gen_stack_update(s, val + (2 << dflag));
6405 case 0xcb: /* lret */
6408 case 0xcf: /* iret */
6409 gen_svm_check_intercept(s, pc_start, SVM_EXIT_IRET);
6412 gen_helper_iret_real(cpu_env, tcg_const_i32(dflag - 1));
6413 set_cc_op(s, CC_OP_EFLAGS);
6414 } else if (s->vm86) {
6416 gen_exception(s, EXCP0D_GPF, pc_start - s->cs_base);
6418 gen_helper_iret_real(cpu_env, tcg_const_i32(dflag - 1));
6419 set_cc_op(s, CC_OP_EFLAGS);
6422 gen_helper_iret_protected(cpu_env, tcg_const_i32(dflag - 1),
6423 tcg_const_i32(s->pc - s->cs_base));
6424 set_cc_op(s, CC_OP_EFLAGS);
6428 case 0xe8: /* call im */
6430 if (dflag != MO_16) {
6431 tval = (int32_t)insn_get(env, s, MO_32);
6433 tval = (int16_t)insn_get(env, s, MO_16);
6435 next_eip = s->pc - s->cs_base;
6437 if (dflag == MO_16) {
6439 } else if (!CODE64(s)) {
6442 tcg_gen_movi_tl(cpu_T0, next_eip);
6443 gen_push_v(s, cpu_T0);
6448 case 0x9a: /* lcall im */
6450 unsigned int selector, offset;
6455 offset = insn_get(env, s, ot);
6456 selector = insn_get(env, s, MO_16);
6458 tcg_gen_movi_tl(cpu_T0, selector);
6459 tcg_gen_movi_tl(cpu_T1, offset);
6462 case 0xe9: /* jmp im */
6463 if (dflag != MO_16) {
6464 tval = (int32_t)insn_get(env, s, MO_32);
6466 tval = (int16_t)insn_get(env, s, MO_16);
6468 tval += s->pc - s->cs_base;
6469 if (dflag == MO_16) {
6471 } else if (!CODE64(s)) {
6477 case 0xea: /* ljmp im */
6479 unsigned int selector, offset;
6484 offset = insn_get(env, s, ot);
6485 selector = insn_get(env, s, MO_16);
6487 tcg_gen_movi_tl(cpu_T0, selector);
6488 tcg_gen_movi_tl(cpu_T1, offset);
6491 case 0xeb: /* jmp Jb */
6492 tval = (int8_t)insn_get(env, s, MO_8);
6493 tval += s->pc - s->cs_base;
6494 if (dflag == MO_16) {
6499 case 0x70 ... 0x7f: /* jcc Jb */
6500 tval = (int8_t)insn_get(env, s, MO_8);
6502 case 0x180 ... 0x18f: /* jcc Jv */
6503 if (dflag != MO_16) {
6504 tval = (int32_t)insn_get(env, s, MO_32);
6506 tval = (int16_t)insn_get(env, s, MO_16);
6509 next_eip = s->pc - s->cs_base;
6511 if (dflag == MO_16) {
6515 gen_jcc(s, b, tval, next_eip);
6518 case 0x190 ... 0x19f: /* setcc Gv */
6519 modrm = cpu_ldub_code(env, s->pc++);
6520 gen_setcc1(s, b, cpu_T0);
6521 gen_ldst_modrm(env, s, modrm, MO_8, OR_TMP0, 1);
6523 case 0x140 ... 0x14f: /* cmov Gv, Ev */
6524 if (!(s->cpuid_features & CPUID_CMOV)) {
6528 modrm = cpu_ldub_code(env, s->pc++);
6529 reg = ((modrm >> 3) & 7) | rex_r;
6530 gen_cmovcc1(env, s, ot, b, modrm, reg);
6533 /************************/
6535 case 0x9c: /* pushf */
6536 gen_svm_check_intercept(s, pc_start, SVM_EXIT_PUSHF);
6537 if (s->vm86 && s->iopl != 3) {
6538 gen_exception(s, EXCP0D_GPF, pc_start - s->cs_base);
6540 gen_update_cc_op(s);
6541 gen_helper_read_eflags(cpu_T0, cpu_env);
6542 gen_push_v(s, cpu_T0);
6545 case 0x9d: /* popf */
6546 gen_svm_check_intercept(s, pc_start, SVM_EXIT_POPF);
6547 if (s->vm86 && s->iopl != 3) {
6548 gen_exception(s, EXCP0D_GPF, pc_start - s->cs_base);
6552 if (dflag != MO_16) {
6553 gen_helper_write_eflags(cpu_env, cpu_T0,
6554 tcg_const_i32((TF_MASK | AC_MASK |
6559 gen_helper_write_eflags(cpu_env, cpu_T0,
6560 tcg_const_i32((TF_MASK | AC_MASK |
6562 IF_MASK | IOPL_MASK)
6566 if (s->cpl <= s->iopl) {
6567 if (dflag != MO_16) {
6568 gen_helper_write_eflags(cpu_env, cpu_T0,
6569 tcg_const_i32((TF_MASK |
6575 gen_helper_write_eflags(cpu_env, cpu_T0,
6576 tcg_const_i32((TF_MASK |
6584 if (dflag != MO_16) {
6585 gen_helper_write_eflags(cpu_env, cpu_T0,
6586 tcg_const_i32((TF_MASK | AC_MASK |
6587 ID_MASK | NT_MASK)));
6589 gen_helper_write_eflags(cpu_env, cpu_T0,
6590 tcg_const_i32((TF_MASK | AC_MASK |
6596 gen_pop_update(s, ot);
6597 set_cc_op(s, CC_OP_EFLAGS);
6598 /* abort translation because TF/AC flag may change */
6599 gen_jmp_im(s->pc - s->cs_base);
6603 case 0x9e: /* sahf */
6604 if (CODE64(s) && !(s->cpuid_ext3_features & CPUID_EXT3_LAHF_LM))
6606 gen_op_mov_v_reg(MO_8, cpu_T0, R_AH);
6607 gen_compute_eflags(s);
6608 tcg_gen_andi_tl(cpu_cc_src, cpu_cc_src, CC_O);
6609 tcg_gen_andi_tl(cpu_T0, cpu_T0, CC_S | CC_Z | CC_A | CC_P | CC_C);
6610 tcg_gen_or_tl(cpu_cc_src, cpu_cc_src, cpu_T0);
6612 case 0x9f: /* lahf */
6613 if (CODE64(s) && !(s->cpuid_ext3_features & CPUID_EXT3_LAHF_LM))
6615 gen_compute_eflags(s);
6616 /* Note: gen_compute_eflags() only gives the condition codes */
6617 tcg_gen_ori_tl(cpu_T0, cpu_cc_src, 0x02);
6618 gen_op_mov_reg_v(MO_8, R_AH, cpu_T0);
6620 case 0xf5: /* cmc */
6621 gen_compute_eflags(s);
6622 tcg_gen_xori_tl(cpu_cc_src, cpu_cc_src, CC_C);
6624 case 0xf8: /* clc */
6625 gen_compute_eflags(s);
6626 tcg_gen_andi_tl(cpu_cc_src, cpu_cc_src, ~CC_C);
6628 case 0xf9: /* stc */
6629 gen_compute_eflags(s);
6630 tcg_gen_ori_tl(cpu_cc_src, cpu_cc_src, CC_C);
6632 case 0xfc: /* cld */
6633 tcg_gen_movi_i32(cpu_tmp2_i32, 1);
6634 tcg_gen_st_i32(cpu_tmp2_i32, cpu_env, offsetof(CPUX86State, df));
6636 case 0xfd: /* std */
6637 tcg_gen_movi_i32(cpu_tmp2_i32, -1);
6638 tcg_gen_st_i32(cpu_tmp2_i32, cpu_env, offsetof(CPUX86State, df));
6641 /************************/
6642 /* bit operations */
6643 case 0x1ba: /* bt/bts/btr/btc Gv, im */
6645 modrm = cpu_ldub_code(env, s->pc++);
6646 op = (modrm >> 3) & 7;
6647 mod = (modrm >> 6) & 3;
6648 rm = (modrm & 7) | REX_B(s);
6651 gen_lea_modrm(env, s, modrm);
6652 if (!(s->prefix & PREFIX_LOCK)) {
6653 gen_op_ld_v(s, ot, cpu_T0, cpu_A0);
6656 gen_op_mov_v_reg(ot, cpu_T0, rm);
6659 val = cpu_ldub_code(env, s->pc++);
6660 tcg_gen_movi_tl(cpu_T1, val);
6665 case 0x1a3: /* bt Gv, Ev */
6668 case 0x1ab: /* bts */
6671 case 0x1b3: /* btr */
6674 case 0x1bb: /* btc */
6678 modrm = cpu_ldub_code(env, s->pc++);
6679 reg = ((modrm >> 3) & 7) | rex_r;
6680 mod = (modrm >> 6) & 3;
6681 rm = (modrm & 7) | REX_B(s);
6682 gen_op_mov_v_reg(MO_32, cpu_T1, reg);
6684 AddressParts a = gen_lea_modrm_0(env, s, modrm);
6685 /* specific case: we need to add a displacement */
6686 gen_exts(ot, cpu_T1);
6687 tcg_gen_sari_tl(cpu_tmp0, cpu_T1, 3 + ot);
6688 tcg_gen_shli_tl(cpu_tmp0, cpu_tmp0, ot);
6689 tcg_gen_add_tl(cpu_A0, gen_lea_modrm_1(a), cpu_tmp0);
6690 gen_lea_v_seg(s, s->aflag, cpu_A0, a.def_seg, s->override);
6691 if (!(s->prefix & PREFIX_LOCK)) {
6692 gen_op_ld_v(s, ot, cpu_T0, cpu_A0);
6695 gen_op_mov_v_reg(ot, cpu_T0, rm);
6698 tcg_gen_andi_tl(cpu_T1, cpu_T1, (1 << (3 + ot)) - 1);
6699 tcg_gen_movi_tl(cpu_tmp0, 1);
6700 tcg_gen_shl_tl(cpu_tmp0, cpu_tmp0, cpu_T1);
6701 if (s->prefix & PREFIX_LOCK) {
6704 /* Needs no atomic ops; we surpressed the normal
6705 memory load for LOCK above so do it now. */
6706 gen_op_ld_v(s, ot, cpu_T0, cpu_A0);
6709 tcg_gen_atomic_fetch_or_tl(cpu_T0, cpu_A0, cpu_tmp0,
6710 s->mem_index, ot | MO_LE);
6713 tcg_gen_not_tl(cpu_tmp0, cpu_tmp0);
6714 tcg_gen_atomic_fetch_and_tl(cpu_T0, cpu_A0, cpu_tmp0,
6715 s->mem_index, ot | MO_LE);
6719 tcg_gen_atomic_fetch_xor_tl(cpu_T0, cpu_A0, cpu_tmp0,
6720 s->mem_index, ot | MO_LE);
6723 tcg_gen_shr_tl(cpu_tmp4, cpu_T0, cpu_T1);
6725 tcg_gen_shr_tl(cpu_tmp4, cpu_T0, cpu_T1);
6728 /* Data already loaded; nothing to do. */
6731 tcg_gen_or_tl(cpu_T0, cpu_T0, cpu_tmp0);
6734 tcg_gen_andc_tl(cpu_T0, cpu_T0, cpu_tmp0);
6738 tcg_gen_xor_tl(cpu_T0, cpu_T0, cpu_tmp0);
6743 gen_op_st_v(s, ot, cpu_T0, cpu_A0);
6745 gen_op_mov_reg_v(ot, rm, cpu_T0);
6750 /* Delay all CC updates until after the store above. Note that
6751 C is the result of the test, Z is unchanged, and the others
6752 are all undefined. */
6754 case CC_OP_MULB ... CC_OP_MULQ:
6755 case CC_OP_ADDB ... CC_OP_ADDQ:
6756 case CC_OP_ADCB ... CC_OP_ADCQ:
6757 case CC_OP_SUBB ... CC_OP_SUBQ:
6758 case CC_OP_SBBB ... CC_OP_SBBQ:
6759 case CC_OP_LOGICB ... CC_OP_LOGICQ:
6760 case CC_OP_INCB ... CC_OP_INCQ:
6761 case CC_OP_DECB ... CC_OP_DECQ:
6762 case CC_OP_SHLB ... CC_OP_SHLQ:
6763 case CC_OP_SARB ... CC_OP_SARQ:
6764 case CC_OP_BMILGB ... CC_OP_BMILGQ:
6765 /* Z was going to be computed from the non-zero status of CC_DST.
6766 We can get that same Z value (and the new C value) by leaving
6767 CC_DST alone, setting CC_SRC, and using a CC_OP_SAR of the
6769 tcg_gen_mov_tl(cpu_cc_src, cpu_tmp4);
6770 set_cc_op(s, ((s->cc_op - CC_OP_MULB) & 3) + CC_OP_SARB);
6773 /* Otherwise, generate EFLAGS and replace the C bit. */
6774 gen_compute_eflags(s);
6775 tcg_gen_deposit_tl(cpu_cc_src, cpu_cc_src, cpu_tmp4,
6780 case 0x1bc: /* bsf / tzcnt */
6781 case 0x1bd: /* bsr / lzcnt */
6783 modrm = cpu_ldub_code(env, s->pc++);
6784 reg = ((modrm >> 3) & 7) | rex_r;
6785 gen_ldst_modrm(env, s, modrm, ot, OR_TMP0, 0);
6786 gen_extu(ot, cpu_T0);
6788 /* Note that lzcnt and tzcnt are in different extensions. */
6789 if ((prefixes & PREFIX_REPZ)
6791 ? s->cpuid_ext3_features & CPUID_EXT3_ABM
6792 : s->cpuid_7_0_ebx_features & CPUID_7_0_EBX_BMI1)) {
6794 tcg_gen_mov_tl(cpu_cc_src, cpu_T0);
6796 /* For lzcnt, reduce the target_ulong result by the
6797 number of zeros that we expect to find at the top. */
6798 gen_helper_clz(cpu_T0, cpu_T0);
6799 tcg_gen_subi_tl(cpu_T0, cpu_T0, TARGET_LONG_BITS - size);
6801 /* For tzcnt, a zero input must return the operand size:
6802 force all bits outside the operand size to 1. */
6803 target_ulong mask = (target_ulong)-2 << (size - 1);
6804 tcg_gen_ori_tl(cpu_T0, cpu_T0, mask);
6805 gen_helper_ctz(cpu_T0, cpu_T0);
6807 /* For lzcnt/tzcnt, C and Z bits are defined and are
6808 related to the result. */
6809 gen_op_update1_cc();
6810 set_cc_op(s, CC_OP_BMILGB + ot);
6812 /* For bsr/bsf, only the Z bit is defined and it is related
6813 to the input and not the result. */
6814 tcg_gen_mov_tl(cpu_cc_dst, cpu_T0);
6815 set_cc_op(s, CC_OP_LOGICB + ot);
6817 /* For bsr, return the bit index of the first 1 bit,
6818 not the count of leading zeros. */
6819 gen_helper_clz(cpu_T0, cpu_T0);
6820 tcg_gen_xori_tl(cpu_T0, cpu_T0, TARGET_LONG_BITS - 1);
6822 gen_helper_ctz(cpu_T0, cpu_T0);
6824 /* ??? The manual says that the output is undefined when the
6825 input is zero, but real hardware leaves it unchanged, and
6826 real programs appear to depend on that. */
6827 tcg_gen_movi_tl(cpu_tmp0, 0);
6828 tcg_gen_movcond_tl(TCG_COND_EQ, cpu_T0, cpu_cc_dst, cpu_tmp0,
6829 cpu_regs[reg], cpu_T0);
6831 gen_op_mov_reg_v(ot, reg, cpu_T0);
6833 /************************/
6835 case 0x27: /* daa */
6838 gen_update_cc_op(s);
6839 gen_helper_daa(cpu_env);
6840 set_cc_op(s, CC_OP_EFLAGS);
6842 case 0x2f: /* das */
6845 gen_update_cc_op(s);
6846 gen_helper_das(cpu_env);
6847 set_cc_op(s, CC_OP_EFLAGS);
6849 case 0x37: /* aaa */
6852 gen_update_cc_op(s);
6853 gen_helper_aaa(cpu_env);
6854 set_cc_op(s, CC_OP_EFLAGS);
6856 case 0x3f: /* aas */
6859 gen_update_cc_op(s);
6860 gen_helper_aas(cpu_env);
6861 set_cc_op(s, CC_OP_EFLAGS);
6863 case 0xd4: /* aam */
6866 val = cpu_ldub_code(env, s->pc++);
6868 gen_exception(s, EXCP00_DIVZ, pc_start - s->cs_base);
6870 gen_helper_aam(cpu_env, tcg_const_i32(val));
6871 set_cc_op(s, CC_OP_LOGICB);
6874 case 0xd5: /* aad */
6877 val = cpu_ldub_code(env, s->pc++);
6878 gen_helper_aad(cpu_env, tcg_const_i32(val));
6879 set_cc_op(s, CC_OP_LOGICB);
6881 /************************/
6883 case 0x90: /* nop */
6884 /* XXX: correct lock test for all insn */
6885 if (prefixes & PREFIX_LOCK) {
6888 /* If REX_B is set, then this is xchg eax, r8d, not a nop. */
6890 goto do_xchg_reg_eax;
6892 if (prefixes & PREFIX_REPZ) {
6893 gen_update_cc_op(s);
6894 gen_jmp_im(pc_start - s->cs_base);
6895 gen_helper_pause(cpu_env, tcg_const_i32(s->pc - pc_start));
6896 s->is_jmp = DISAS_TB_JUMP;
6899 case 0x9b: /* fwait */
6900 if ((s->flags & (HF_MP_MASK | HF_TS_MASK)) ==
6901 (HF_MP_MASK | HF_TS_MASK)) {
6902 gen_exception(s, EXCP07_PREX, pc_start - s->cs_base);
6904 gen_helper_fwait(cpu_env);
6907 case 0xcc: /* int3 */
6908 gen_interrupt(s, EXCP03_INT3, pc_start - s->cs_base, s->pc - s->cs_base);
6910 case 0xcd: /* int N */
6911 val = cpu_ldub_code(env, s->pc++);
6912 if (s->vm86 && s->iopl != 3) {
6913 gen_exception(s, EXCP0D_GPF, pc_start - s->cs_base);
6915 gen_interrupt(s, val, pc_start - s->cs_base, s->pc - s->cs_base);
6918 case 0xce: /* into */
6921 gen_update_cc_op(s);
6922 gen_jmp_im(pc_start - s->cs_base);
6923 gen_helper_into(cpu_env, tcg_const_i32(s->pc - pc_start));
6926 case 0xf1: /* icebp (undocumented, exits to external debugger) */
6927 gen_svm_check_intercept(s, pc_start, SVM_EXIT_ICEBP);
6929 gen_debug(s, pc_start - s->cs_base);
6932 tb_flush(CPU(x86_env_get_cpu(env)));
6933 qemu_set_log(CPU_LOG_INT | CPU_LOG_TB_IN_ASM);
6937 case 0xfa: /* cli */
6939 if (s->cpl <= s->iopl) {
6940 gen_helper_cli(cpu_env);
6942 gen_exception(s, EXCP0D_GPF, pc_start - s->cs_base);
6946 gen_helper_cli(cpu_env);
6948 gen_exception(s, EXCP0D_GPF, pc_start - s->cs_base);
6952 case 0xfb: /* sti */
6953 if (s->vm86 ? s->iopl == 3 : s->cpl <= s->iopl) {
6954 gen_helper_sti(cpu_env);
6955 /* interruptions are enabled only the first insn after sti */
6956 gen_jmp_im(s->pc - s->cs_base);
6957 gen_eob_inhibit_irq(s, true);
6959 gen_exception(s, EXCP0D_GPF, pc_start - s->cs_base);
6962 case 0x62: /* bound */
6966 modrm = cpu_ldub_code(env, s->pc++);
6967 reg = (modrm >> 3) & 7;
6968 mod = (modrm >> 6) & 3;
6971 gen_op_mov_v_reg(ot, cpu_T0, reg);
6972 gen_lea_modrm(env, s, modrm);
6973 tcg_gen_trunc_tl_i32(cpu_tmp2_i32, cpu_T0);
6975 gen_helper_boundw(cpu_env, cpu_A0, cpu_tmp2_i32);
6977 gen_helper_boundl(cpu_env, cpu_A0, cpu_tmp2_i32);
6980 case 0x1c8 ... 0x1cf: /* bswap reg */
6981 reg = (b & 7) | REX_B(s);
6982 #ifdef TARGET_X86_64
6983 if (dflag == MO_64) {
6984 gen_op_mov_v_reg(MO_64, cpu_T0, reg);
6985 tcg_gen_bswap64_i64(cpu_T0, cpu_T0);
6986 gen_op_mov_reg_v(MO_64, reg, cpu_T0);
6990 gen_op_mov_v_reg(MO_32, cpu_T0, reg);
6991 tcg_gen_ext32u_tl(cpu_T0, cpu_T0);
6992 tcg_gen_bswap32_tl(cpu_T0, cpu_T0);
6993 gen_op_mov_reg_v(MO_32, reg, cpu_T0);
6996 case 0xd6: /* salc */
6999 gen_compute_eflags_c(s, cpu_T0);
7000 tcg_gen_neg_tl(cpu_T0, cpu_T0);
7001 gen_op_mov_reg_v(MO_8, R_EAX, cpu_T0);
7003 case 0xe0: /* loopnz */
7004 case 0xe1: /* loopz */
7005 case 0xe2: /* loop */
7006 case 0xe3: /* jecxz */
7008 TCGLabel *l1, *l2, *l3;
7010 tval = (int8_t)insn_get(env, s, MO_8);
7011 next_eip = s->pc - s->cs_base;
7013 if (dflag == MO_16) {
7017 l1 = gen_new_label();
7018 l2 = gen_new_label();
7019 l3 = gen_new_label();
7022 case 0: /* loopnz */
7024 gen_op_add_reg_im(s->aflag, R_ECX, -1);
7025 gen_op_jz_ecx(s->aflag, l3);
7026 gen_jcc1(s, (JCC_Z << 1) | (b ^ 1), l1);
7029 gen_op_add_reg_im(s->aflag, R_ECX, -1);
7030 gen_op_jnz_ecx(s->aflag, l1);
7034 gen_op_jz_ecx(s->aflag, l1);
7039 gen_jmp_im(next_eip);
7048 case 0x130: /* wrmsr */
7049 case 0x132: /* rdmsr */
7051 gen_exception(s, EXCP0D_GPF, pc_start - s->cs_base);
7053 gen_update_cc_op(s);
7054 gen_jmp_im(pc_start - s->cs_base);
7056 gen_helper_rdmsr(cpu_env);
7058 gen_helper_wrmsr(cpu_env);
7062 case 0x131: /* rdtsc */
7063 gen_update_cc_op(s);
7064 gen_jmp_im(pc_start - s->cs_base);
7065 if (s->tb->cflags & CF_USE_ICOUNT) {
7068 gen_helper_rdtsc(cpu_env);
7069 if (s->tb->cflags & CF_USE_ICOUNT) {
7071 gen_jmp(s, s->pc - s->cs_base);
7074 case 0x133: /* rdpmc */
7075 gen_update_cc_op(s);
7076 gen_jmp_im(pc_start - s->cs_base);
7077 gen_helper_rdpmc(cpu_env);
7079 case 0x134: /* sysenter */
7080 /* For Intel SYSENTER is valid on 64-bit */
7081 if (CODE64(s) && env->cpuid_vendor1 != CPUID_VENDOR_INTEL_1)
7084 gen_exception(s, EXCP0D_GPF, pc_start - s->cs_base);
7086 gen_helper_sysenter(cpu_env);
7090 case 0x135: /* sysexit */
7091 /* For Intel SYSEXIT is valid on 64-bit */
7092 if (CODE64(s) && env->cpuid_vendor1 != CPUID_VENDOR_INTEL_1)
7095 gen_exception(s, EXCP0D_GPF, pc_start - s->cs_base);
7097 gen_helper_sysexit(cpu_env, tcg_const_i32(dflag - 1));
7101 #ifdef TARGET_X86_64
7102 case 0x105: /* syscall */
7103 /* XXX: is it usable in real mode ? */
7104 gen_update_cc_op(s);
7105 gen_jmp_im(pc_start - s->cs_base);
7106 gen_helper_syscall(cpu_env, tcg_const_i32(s->pc - pc_start));
7109 case 0x107: /* sysret */
7111 gen_exception(s, EXCP0D_GPF, pc_start - s->cs_base);
7113 gen_helper_sysret(cpu_env, tcg_const_i32(dflag - 1));
7114 /* condition codes are modified only in long mode */
7116 set_cc_op(s, CC_OP_EFLAGS);
7122 case 0x1a2: /* cpuid */
7123 gen_update_cc_op(s);
7124 gen_jmp_im(pc_start - s->cs_base);
7125 gen_helper_cpuid(cpu_env);
7127 case 0xf4: /* hlt */
7129 gen_exception(s, EXCP0D_GPF, pc_start - s->cs_base);
7131 gen_update_cc_op(s);
7132 gen_jmp_im(pc_start - s->cs_base);
7133 gen_helper_hlt(cpu_env, tcg_const_i32(s->pc - pc_start));
7134 s->is_jmp = DISAS_TB_JUMP;
7138 modrm = cpu_ldub_code(env, s->pc++);
7139 mod = (modrm >> 6) & 3;
7140 op = (modrm >> 3) & 7;
7143 if (!s->pe || s->vm86)
7145 gen_svm_check_intercept(s, pc_start, SVM_EXIT_LDTR_READ);
7146 tcg_gen_ld32u_tl(cpu_T0, cpu_env,
7147 offsetof(CPUX86State, ldt.selector));
7148 ot = mod == 3 ? dflag : MO_16;
7149 gen_ldst_modrm(env, s, modrm, ot, OR_TMP0, 1);
7152 if (!s->pe || s->vm86)
7155 gen_exception(s, EXCP0D_GPF, pc_start - s->cs_base);
7157 gen_svm_check_intercept(s, pc_start, SVM_EXIT_LDTR_WRITE);
7158 gen_ldst_modrm(env, s, modrm, MO_16, OR_TMP0, 0);
7159 tcg_gen_trunc_tl_i32(cpu_tmp2_i32, cpu_T0);
7160 gen_helper_lldt(cpu_env, cpu_tmp2_i32);
7164 if (!s->pe || s->vm86)
7166 gen_svm_check_intercept(s, pc_start, SVM_EXIT_TR_READ);
7167 tcg_gen_ld32u_tl(cpu_T0, cpu_env,
7168 offsetof(CPUX86State, tr.selector));
7169 ot = mod == 3 ? dflag : MO_16;
7170 gen_ldst_modrm(env, s, modrm, ot, OR_TMP0, 1);
7173 if (!s->pe || s->vm86)
7176 gen_exception(s, EXCP0D_GPF, pc_start - s->cs_base);
7178 gen_svm_check_intercept(s, pc_start, SVM_EXIT_TR_WRITE);
7179 gen_ldst_modrm(env, s, modrm, MO_16, OR_TMP0, 0);
7180 tcg_gen_trunc_tl_i32(cpu_tmp2_i32, cpu_T0);
7181 gen_helper_ltr(cpu_env, cpu_tmp2_i32);
7186 if (!s->pe || s->vm86)
7188 gen_ldst_modrm(env, s, modrm, MO_16, OR_TMP0, 0);
7189 gen_update_cc_op(s);
7191 gen_helper_verr(cpu_env, cpu_T0);
7193 gen_helper_verw(cpu_env, cpu_T0);
7195 set_cc_op(s, CC_OP_EFLAGS);
7203 modrm = cpu_ldub_code(env, s->pc++);
7205 CASE_MODRM_MEM_OP(0): /* sgdt */
7206 gen_svm_check_intercept(s, pc_start, SVM_EXIT_GDTR_READ);
7207 gen_lea_modrm(env, s, modrm);
7208 tcg_gen_ld32u_tl(cpu_T0,
7209 cpu_env, offsetof(CPUX86State, gdt.limit));
7210 gen_op_st_v(s, MO_16, cpu_T0, cpu_A0);
7211 gen_add_A0_im(s, 2);
7212 tcg_gen_ld_tl(cpu_T0, cpu_env, offsetof(CPUX86State, gdt.base));
7213 if (dflag == MO_16) {
7214 tcg_gen_andi_tl(cpu_T0, cpu_T0, 0xffffff);
7216 gen_op_st_v(s, CODE64(s) + MO_32, cpu_T0, cpu_A0);
7219 case 0xc8: /* monitor */
7220 if (!(s->cpuid_ext_features & CPUID_EXT_MONITOR) || s->cpl != 0) {
7223 gen_update_cc_op(s);
7224 gen_jmp_im(pc_start - s->cs_base);
7225 tcg_gen_mov_tl(cpu_A0, cpu_regs[R_EAX]);
7226 gen_extu(s->aflag, cpu_A0);
7227 gen_add_A0_ds_seg(s);
7228 gen_helper_monitor(cpu_env, cpu_A0);
7231 case 0xc9: /* mwait */
7232 if (!(s->cpuid_ext_features & CPUID_EXT_MONITOR) || s->cpl != 0) {
7235 gen_update_cc_op(s);
7236 gen_jmp_im(pc_start - s->cs_base);
7237 gen_helper_mwait(cpu_env, tcg_const_i32(s->pc - pc_start));
7241 case 0xca: /* clac */
7242 if (!(s->cpuid_7_0_ebx_features & CPUID_7_0_EBX_SMAP)
7246 gen_helper_clac(cpu_env);
7247 gen_jmp_im(s->pc - s->cs_base);
7251 case 0xcb: /* stac */
7252 if (!(s->cpuid_7_0_ebx_features & CPUID_7_0_EBX_SMAP)
7256 gen_helper_stac(cpu_env);
7257 gen_jmp_im(s->pc - s->cs_base);
7261 CASE_MODRM_MEM_OP(1): /* sidt */
7262 gen_svm_check_intercept(s, pc_start, SVM_EXIT_IDTR_READ);
7263 gen_lea_modrm(env, s, modrm);
7264 tcg_gen_ld32u_tl(cpu_T0, cpu_env, offsetof(CPUX86State, idt.limit));
7265 gen_op_st_v(s, MO_16, cpu_T0, cpu_A0);
7266 gen_add_A0_im(s, 2);
7267 tcg_gen_ld_tl(cpu_T0, cpu_env, offsetof(CPUX86State, idt.base));
7268 if (dflag == MO_16) {
7269 tcg_gen_andi_tl(cpu_T0, cpu_T0, 0xffffff);
7271 gen_op_st_v(s, CODE64(s) + MO_32, cpu_T0, cpu_A0);
7274 case 0xd0: /* xgetbv */
7275 if ((s->cpuid_ext_features & CPUID_EXT_XSAVE) == 0
7276 || (s->prefix & (PREFIX_LOCK | PREFIX_DATA
7277 | PREFIX_REPZ | PREFIX_REPNZ))) {
7280 tcg_gen_trunc_tl_i32(cpu_tmp2_i32, cpu_regs[R_ECX]);
7281 gen_helper_xgetbv(cpu_tmp1_i64, cpu_env, cpu_tmp2_i32);
7282 tcg_gen_extr_i64_tl(cpu_regs[R_EAX], cpu_regs[R_EDX], cpu_tmp1_i64);
7285 case 0xd1: /* xsetbv */
7286 if ((s->cpuid_ext_features & CPUID_EXT_XSAVE) == 0
7287 || (s->prefix & (PREFIX_LOCK | PREFIX_DATA
7288 | PREFIX_REPZ | PREFIX_REPNZ))) {
7292 gen_exception(s, EXCP0D_GPF, pc_start - s->cs_base);
7295 tcg_gen_concat_tl_i64(cpu_tmp1_i64, cpu_regs[R_EAX],
7297 tcg_gen_trunc_tl_i32(cpu_tmp2_i32, cpu_regs[R_ECX]);
7298 gen_helper_xsetbv(cpu_env, cpu_tmp2_i32, cpu_tmp1_i64);
7299 /* End TB because translation flags may change. */
7300 gen_jmp_im(s->pc - s->cs_base);
7304 case 0xd8: /* VMRUN */
7305 if (!(s->flags & HF_SVME_MASK) || !s->pe) {
7309 gen_exception(s, EXCP0D_GPF, pc_start - s->cs_base);
7312 gen_update_cc_op(s);
7313 gen_jmp_im(pc_start - s->cs_base);
7314 gen_helper_vmrun(cpu_env, tcg_const_i32(s->aflag - 1),
7315 tcg_const_i32(s->pc - pc_start));
7317 s->is_jmp = DISAS_TB_JUMP;
7320 case 0xd9: /* VMMCALL */
7321 if (!(s->flags & HF_SVME_MASK)) {
7324 gen_update_cc_op(s);
7325 gen_jmp_im(pc_start - s->cs_base);
7326 gen_helper_vmmcall(cpu_env);
7329 case 0xda: /* VMLOAD */
7330 if (!(s->flags & HF_SVME_MASK) || !s->pe) {
7334 gen_exception(s, EXCP0D_GPF, pc_start - s->cs_base);
7337 gen_update_cc_op(s);
7338 gen_jmp_im(pc_start - s->cs_base);
7339 gen_helper_vmload(cpu_env, tcg_const_i32(s->aflag - 1));
7342 case 0xdb: /* VMSAVE */
7343 if (!(s->flags & HF_SVME_MASK) || !s->pe) {
7347 gen_exception(s, EXCP0D_GPF, pc_start - s->cs_base);
7350 gen_update_cc_op(s);
7351 gen_jmp_im(pc_start - s->cs_base);
7352 gen_helper_vmsave(cpu_env, tcg_const_i32(s->aflag - 1));
7355 case 0xdc: /* STGI */
7356 if ((!(s->flags & HF_SVME_MASK)
7357 && !(s->cpuid_ext3_features & CPUID_EXT3_SKINIT))
7362 gen_exception(s, EXCP0D_GPF, pc_start - s->cs_base);
7365 gen_update_cc_op(s);
7366 gen_jmp_im(pc_start - s->cs_base);
7367 gen_helper_stgi(cpu_env);
7370 case 0xdd: /* CLGI */
7371 if (!(s->flags & HF_SVME_MASK) || !s->pe) {
7375 gen_exception(s, EXCP0D_GPF, pc_start - s->cs_base);
7378 gen_update_cc_op(s);
7379 gen_jmp_im(pc_start - s->cs_base);
7380 gen_helper_clgi(cpu_env);
7383 case 0xde: /* SKINIT */
7384 if ((!(s->flags & HF_SVME_MASK)
7385 && !(s->cpuid_ext3_features & CPUID_EXT3_SKINIT))
7389 gen_update_cc_op(s);
7390 gen_jmp_im(pc_start - s->cs_base);
7391 gen_helper_skinit(cpu_env);
7394 case 0xdf: /* INVLPGA */
7395 if (!(s->flags & HF_SVME_MASK) || !s->pe) {
7399 gen_exception(s, EXCP0D_GPF, pc_start - s->cs_base);
7402 gen_update_cc_op(s);
7403 gen_jmp_im(pc_start - s->cs_base);
7404 gen_helper_invlpga(cpu_env, tcg_const_i32(s->aflag - 1));
7407 CASE_MODRM_MEM_OP(2): /* lgdt */
7409 gen_exception(s, EXCP0D_GPF, pc_start - s->cs_base);
7412 gen_svm_check_intercept(s, pc_start, SVM_EXIT_GDTR_WRITE);
7413 gen_lea_modrm(env, s, modrm);
7414 gen_op_ld_v(s, MO_16, cpu_T1, cpu_A0);
7415 gen_add_A0_im(s, 2);
7416 gen_op_ld_v(s, CODE64(s) + MO_32, cpu_T0, cpu_A0);
7417 if (dflag == MO_16) {
7418 tcg_gen_andi_tl(cpu_T0, cpu_T0, 0xffffff);
7420 tcg_gen_st_tl(cpu_T0, cpu_env, offsetof(CPUX86State, gdt.base));
7421 tcg_gen_st32_tl(cpu_T1, cpu_env, offsetof(CPUX86State, gdt.limit));
7424 CASE_MODRM_MEM_OP(3): /* lidt */
7426 gen_exception(s, EXCP0D_GPF, pc_start - s->cs_base);
7429 gen_svm_check_intercept(s, pc_start, SVM_EXIT_IDTR_WRITE);
7430 gen_lea_modrm(env, s, modrm);
7431 gen_op_ld_v(s, MO_16, cpu_T1, cpu_A0);
7432 gen_add_A0_im(s, 2);
7433 gen_op_ld_v(s, CODE64(s) + MO_32, cpu_T0, cpu_A0);
7434 if (dflag == MO_16) {
7435 tcg_gen_andi_tl(cpu_T0, cpu_T0, 0xffffff);
7437 tcg_gen_st_tl(cpu_T0, cpu_env, offsetof(CPUX86State, idt.base));
7438 tcg_gen_st32_tl(cpu_T1, cpu_env, offsetof(CPUX86State, idt.limit));
7441 CASE_MODRM_OP(4): /* smsw */
7442 gen_svm_check_intercept(s, pc_start, SVM_EXIT_READ_CR0);
7443 tcg_gen_ld_tl(cpu_T0, cpu_env, offsetof(CPUX86State, cr[0]));
7445 mod = (modrm >> 6) & 3;
7446 ot = (mod != 3 ? MO_16 : s->dflag);
7450 gen_ldst_modrm(env, s, modrm, ot, OR_TMP0, 1);
7452 case 0xee: /* rdpkru */
7453 if (prefixes & PREFIX_LOCK) {
7456 tcg_gen_trunc_tl_i32(cpu_tmp2_i32, cpu_regs[R_ECX]);
7457 gen_helper_rdpkru(cpu_tmp1_i64, cpu_env, cpu_tmp2_i32);
7458 tcg_gen_extr_i64_tl(cpu_regs[R_EAX], cpu_regs[R_EDX], cpu_tmp1_i64);
7460 case 0xef: /* wrpkru */
7461 if (prefixes & PREFIX_LOCK) {
7464 tcg_gen_concat_tl_i64(cpu_tmp1_i64, cpu_regs[R_EAX],
7466 tcg_gen_trunc_tl_i32(cpu_tmp2_i32, cpu_regs[R_ECX]);
7467 gen_helper_wrpkru(cpu_env, cpu_tmp2_i32, cpu_tmp1_i64);
7469 CASE_MODRM_OP(6): /* lmsw */
7471 gen_exception(s, EXCP0D_GPF, pc_start - s->cs_base);
7474 gen_svm_check_intercept(s, pc_start, SVM_EXIT_WRITE_CR0);
7475 gen_ldst_modrm(env, s, modrm, MO_16, OR_TMP0, 0);
7476 gen_helper_lmsw(cpu_env, cpu_T0);
7477 gen_jmp_im(s->pc - s->cs_base);
7481 CASE_MODRM_MEM_OP(7): /* invlpg */
7483 gen_exception(s, EXCP0D_GPF, pc_start - s->cs_base);
7486 gen_update_cc_op(s);
7487 gen_jmp_im(pc_start - s->cs_base);
7488 gen_lea_modrm(env, s, modrm);
7489 gen_helper_invlpg(cpu_env, cpu_A0);
7490 gen_jmp_im(s->pc - s->cs_base);
7494 case 0xf8: /* swapgs */
7495 #ifdef TARGET_X86_64
7498 gen_exception(s, EXCP0D_GPF, pc_start - s->cs_base);
7500 tcg_gen_mov_tl(cpu_T0, cpu_seg_base[R_GS]);
7501 tcg_gen_ld_tl(cpu_seg_base[R_GS], cpu_env,
7502 offsetof(CPUX86State, kernelgsbase));
7503 tcg_gen_st_tl(cpu_T0, cpu_env,
7504 offsetof(CPUX86State, kernelgsbase));
7511 case 0xf9: /* rdtscp */
7512 if (!(s->cpuid_ext2_features & CPUID_EXT2_RDTSCP)) {
7515 gen_update_cc_op(s);
7516 gen_jmp_im(pc_start - s->cs_base);
7517 if (s->tb->cflags & CF_USE_ICOUNT) {
7520 gen_helper_rdtscp(cpu_env);
7521 if (s->tb->cflags & CF_USE_ICOUNT) {
7523 gen_jmp(s, s->pc - s->cs_base);
7532 case 0x108: /* invd */
7533 case 0x109: /* wbinvd */
7535 gen_exception(s, EXCP0D_GPF, pc_start - s->cs_base);
7537 gen_svm_check_intercept(s, pc_start, (b & 2) ? SVM_EXIT_INVD : SVM_EXIT_WBINVD);
7541 case 0x63: /* arpl or movslS (x86_64) */
7542 #ifdef TARGET_X86_64
7545 /* d_ot is the size of destination */
7548 modrm = cpu_ldub_code(env, s->pc++);
7549 reg = ((modrm >> 3) & 7) | rex_r;
7550 mod = (modrm >> 6) & 3;
7551 rm = (modrm & 7) | REX_B(s);
7554 gen_op_mov_v_reg(MO_32, cpu_T0, rm);
7556 if (d_ot == MO_64) {
7557 tcg_gen_ext32s_tl(cpu_T0, cpu_T0);
7559 gen_op_mov_reg_v(d_ot, reg, cpu_T0);
7561 gen_lea_modrm(env, s, modrm);
7562 gen_op_ld_v(s, MO_32 | MO_SIGN, cpu_T0, cpu_A0);
7563 gen_op_mov_reg_v(d_ot, reg, cpu_T0);
7569 TCGv t0, t1, t2, a0;
7571 if (!s->pe || s->vm86)
7573 t0 = tcg_temp_local_new();
7574 t1 = tcg_temp_local_new();
7575 t2 = tcg_temp_local_new();
7577 modrm = cpu_ldub_code(env, s->pc++);
7578 reg = (modrm >> 3) & 7;
7579 mod = (modrm >> 6) & 3;
7582 gen_lea_modrm(env, s, modrm);
7583 gen_op_ld_v(s, ot, t0, cpu_A0);
7584 a0 = tcg_temp_local_new();
7585 tcg_gen_mov_tl(a0, cpu_A0);
7587 gen_op_mov_v_reg(ot, t0, rm);
7590 gen_op_mov_v_reg(ot, t1, reg);
7591 tcg_gen_andi_tl(cpu_tmp0, t0, 3);
7592 tcg_gen_andi_tl(t1, t1, 3);
7593 tcg_gen_movi_tl(t2, 0);
7594 label1 = gen_new_label();
7595 tcg_gen_brcond_tl(TCG_COND_GE, cpu_tmp0, t1, label1);
7596 tcg_gen_andi_tl(t0, t0, ~3);
7597 tcg_gen_or_tl(t0, t0, t1);
7598 tcg_gen_movi_tl(t2, CC_Z);
7599 gen_set_label(label1);
7601 gen_op_st_v(s, ot, t0, a0);
7604 gen_op_mov_reg_v(ot, rm, t0);
7606 gen_compute_eflags(s);
7607 tcg_gen_andi_tl(cpu_cc_src, cpu_cc_src, ~CC_Z);
7608 tcg_gen_or_tl(cpu_cc_src, cpu_cc_src, t2);
7614 case 0x102: /* lar */
7615 case 0x103: /* lsl */
7619 if (!s->pe || s->vm86)
7621 ot = dflag != MO_16 ? MO_32 : MO_16;
7622 modrm = cpu_ldub_code(env, s->pc++);
7623 reg = ((modrm >> 3) & 7) | rex_r;
7624 gen_ldst_modrm(env, s, modrm, MO_16, OR_TMP0, 0);
7625 t0 = tcg_temp_local_new();
7626 gen_update_cc_op(s);
7628 gen_helper_lar(t0, cpu_env, cpu_T0);
7630 gen_helper_lsl(t0, cpu_env, cpu_T0);
7632 tcg_gen_andi_tl(cpu_tmp0, cpu_cc_src, CC_Z);
7633 label1 = gen_new_label();
7634 tcg_gen_brcondi_tl(TCG_COND_EQ, cpu_tmp0, 0, label1);
7635 gen_op_mov_reg_v(ot, reg, t0);
7636 gen_set_label(label1);
7637 set_cc_op(s, CC_OP_EFLAGS);
7642 modrm = cpu_ldub_code(env, s->pc++);
7643 mod = (modrm >> 6) & 3;
7644 op = (modrm >> 3) & 7;
7646 case 0: /* prefetchnta */
7647 case 1: /* prefetchnt0 */
7648 case 2: /* prefetchnt0 */
7649 case 3: /* prefetchnt0 */
7652 gen_nop_modrm(env, s, modrm);
7653 /* nothing more to do */
7655 default: /* nop (multi byte) */
7656 gen_nop_modrm(env, s, modrm);
7661 modrm = cpu_ldub_code(env, s->pc++);
7662 if (s->flags & HF_MPX_EN_MASK) {
7663 mod = (modrm >> 6) & 3;
7664 reg = ((modrm >> 3) & 7) | rex_r;
7665 if (prefixes & PREFIX_REPZ) {
7668 || (prefixes & PREFIX_LOCK)
7669 || s->aflag == MO_16) {
7672 gen_bndck(env, s, modrm, TCG_COND_LTU, cpu_bndl[reg]);
7673 } else if (prefixes & PREFIX_REPNZ) {
7676 || (prefixes & PREFIX_LOCK)
7677 || s->aflag == MO_16) {
7680 TCGv_i64 notu = tcg_temp_new_i64();
7681 tcg_gen_not_i64(notu, cpu_bndu[reg]);
7682 gen_bndck(env, s, modrm, TCG_COND_GTU, notu);
7683 tcg_temp_free_i64(notu);
7684 } else if (prefixes & PREFIX_DATA) {
7685 /* bndmov -- from reg/mem */
7686 if (reg >= 4 || s->aflag == MO_16) {
7690 int reg2 = (modrm & 7) | REX_B(s);
7691 if (reg2 >= 4 || (prefixes & PREFIX_LOCK)) {
7694 if (s->flags & HF_MPX_IU_MASK) {
7695 tcg_gen_mov_i64(cpu_bndl[reg], cpu_bndl[reg2]);
7696 tcg_gen_mov_i64(cpu_bndu[reg], cpu_bndu[reg2]);
7699 gen_lea_modrm(env, s, modrm);
7701 tcg_gen_qemu_ld_i64(cpu_bndl[reg], cpu_A0,
7702 s->mem_index, MO_LEQ);
7703 tcg_gen_addi_tl(cpu_A0, cpu_A0, 8);
7704 tcg_gen_qemu_ld_i64(cpu_bndu[reg], cpu_A0,
7705 s->mem_index, MO_LEQ);
7707 tcg_gen_qemu_ld_i64(cpu_bndl[reg], cpu_A0,
7708 s->mem_index, MO_LEUL);
7709 tcg_gen_addi_tl(cpu_A0, cpu_A0, 4);
7710 tcg_gen_qemu_ld_i64(cpu_bndu[reg], cpu_A0,
7711 s->mem_index, MO_LEUL);
7713 /* bnd registers are now in-use */
7714 gen_set_hflag(s, HF_MPX_IU_MASK);
7716 } else if (mod != 3) {
7718 AddressParts a = gen_lea_modrm_0(env, s, modrm);
7720 || (prefixes & PREFIX_LOCK)
7721 || s->aflag == MO_16
7726 tcg_gen_addi_tl(cpu_A0, cpu_regs[a.base], a.disp);
7728 tcg_gen_movi_tl(cpu_A0, 0);
7730 gen_lea_v_seg(s, s->aflag, cpu_A0, a.def_seg, s->override);
7732 tcg_gen_mov_tl(cpu_T0, cpu_regs[a.index]);
7734 tcg_gen_movi_tl(cpu_T0, 0);
7737 gen_helper_bndldx64(cpu_bndl[reg], cpu_env, cpu_A0, cpu_T0);
7738 tcg_gen_ld_i64(cpu_bndu[reg], cpu_env,
7739 offsetof(CPUX86State, mmx_t0.MMX_Q(0)));
7741 gen_helper_bndldx32(cpu_bndu[reg], cpu_env, cpu_A0, cpu_T0);
7742 tcg_gen_ext32u_i64(cpu_bndl[reg], cpu_bndu[reg]);
7743 tcg_gen_shri_i64(cpu_bndu[reg], cpu_bndu[reg], 32);
7745 gen_set_hflag(s, HF_MPX_IU_MASK);
7748 gen_nop_modrm(env, s, modrm);
7751 modrm = cpu_ldub_code(env, s->pc++);
7752 if (s->flags & HF_MPX_EN_MASK) {
7753 mod = (modrm >> 6) & 3;
7754 reg = ((modrm >> 3) & 7) | rex_r;
7755 if (mod != 3 && (prefixes & PREFIX_REPZ)) {
7758 || (prefixes & PREFIX_LOCK)
7759 || s->aflag == MO_16) {
7762 AddressParts a = gen_lea_modrm_0(env, s, modrm);
7764 tcg_gen_extu_tl_i64(cpu_bndl[reg], cpu_regs[a.base]);
7766 tcg_gen_ext32u_i64(cpu_bndl[reg], cpu_bndl[reg]);
7768 } else if (a.base == -1) {
7769 /* no base register has lower bound of 0 */
7770 tcg_gen_movi_i64(cpu_bndl[reg], 0);
7772 /* rip-relative generates #ud */
7775 tcg_gen_not_tl(cpu_A0, gen_lea_modrm_1(a));
7777 tcg_gen_ext32u_tl(cpu_A0, cpu_A0);
7779 tcg_gen_extu_tl_i64(cpu_bndu[reg], cpu_A0);
7780 /* bnd registers are now in-use */
7781 gen_set_hflag(s, HF_MPX_IU_MASK);
7783 } else if (prefixes & PREFIX_REPNZ) {
7786 || (prefixes & PREFIX_LOCK)
7787 || s->aflag == MO_16) {
7790 gen_bndck(env, s, modrm, TCG_COND_GTU, cpu_bndu[reg]);
7791 } else if (prefixes & PREFIX_DATA) {
7792 /* bndmov -- to reg/mem */
7793 if (reg >= 4 || s->aflag == MO_16) {
7797 int reg2 = (modrm & 7) | REX_B(s);
7798 if (reg2 >= 4 || (prefixes & PREFIX_LOCK)) {
7801 if (s->flags & HF_MPX_IU_MASK) {
7802 tcg_gen_mov_i64(cpu_bndl[reg2], cpu_bndl[reg]);
7803 tcg_gen_mov_i64(cpu_bndu[reg2], cpu_bndu[reg]);
7806 gen_lea_modrm(env, s, modrm);
7808 tcg_gen_qemu_st_i64(cpu_bndl[reg], cpu_A0,
7809 s->mem_index, MO_LEQ);
7810 tcg_gen_addi_tl(cpu_A0, cpu_A0, 8);
7811 tcg_gen_qemu_st_i64(cpu_bndu[reg], cpu_A0,
7812 s->mem_index, MO_LEQ);
7814 tcg_gen_qemu_st_i64(cpu_bndl[reg], cpu_A0,
7815 s->mem_index, MO_LEUL);
7816 tcg_gen_addi_tl(cpu_A0, cpu_A0, 4);
7817 tcg_gen_qemu_st_i64(cpu_bndu[reg], cpu_A0,
7818 s->mem_index, MO_LEUL);
7821 } else if (mod != 3) {
7823 AddressParts a = gen_lea_modrm_0(env, s, modrm);
7825 || (prefixes & PREFIX_LOCK)
7826 || s->aflag == MO_16
7831 tcg_gen_addi_tl(cpu_A0, cpu_regs[a.base], a.disp);
7833 tcg_gen_movi_tl(cpu_A0, 0);
7835 gen_lea_v_seg(s, s->aflag, cpu_A0, a.def_seg, s->override);
7837 tcg_gen_mov_tl(cpu_T0, cpu_regs[a.index]);
7839 tcg_gen_movi_tl(cpu_T0, 0);
7842 gen_helper_bndstx64(cpu_env, cpu_A0, cpu_T0,
7843 cpu_bndl[reg], cpu_bndu[reg]);
7845 gen_helper_bndstx32(cpu_env, cpu_A0, cpu_T0,
7846 cpu_bndl[reg], cpu_bndu[reg]);
7850 gen_nop_modrm(env, s, modrm);
7852 case 0x119: case 0x11c ... 0x11f: /* nop (multi byte) */
7853 modrm = cpu_ldub_code(env, s->pc++);
7854 gen_nop_modrm(env, s, modrm);
7856 case 0x120: /* mov reg, crN */
7857 case 0x122: /* mov crN, reg */
7859 gen_exception(s, EXCP0D_GPF, pc_start - s->cs_base);
7861 modrm = cpu_ldub_code(env, s->pc++);
7862 /* Ignore the mod bits (assume (modrm&0xc0)==0xc0).
7863 * AMD documentation (24594.pdf) and testing of
7864 * intel 386 and 486 processors all show that the mod bits
7865 * are assumed to be 1's, regardless of actual values.
7867 rm = (modrm & 7) | REX_B(s);
7868 reg = ((modrm >> 3) & 7) | rex_r;
7873 if ((prefixes & PREFIX_LOCK) && (reg == 0) &&
7874 (s->cpuid_ext3_features & CPUID_EXT3_CR8LEG)) {
7883 gen_update_cc_op(s);
7884 gen_jmp_im(pc_start - s->cs_base);
7886 gen_op_mov_v_reg(ot, cpu_T0, rm);
7887 gen_helper_write_crN(cpu_env, tcg_const_i32(reg),
7889 gen_jmp_im(s->pc - s->cs_base);
7892 gen_helper_read_crN(cpu_T0, cpu_env, tcg_const_i32(reg));
7893 gen_op_mov_reg_v(ot, rm, cpu_T0);
7901 case 0x121: /* mov reg, drN */
7902 case 0x123: /* mov drN, reg */
7904 gen_exception(s, EXCP0D_GPF, pc_start - s->cs_base);
7906 modrm = cpu_ldub_code(env, s->pc++);
7907 /* Ignore the mod bits (assume (modrm&0xc0)==0xc0).
7908 * AMD documentation (24594.pdf) and testing of
7909 * intel 386 and 486 processors all show that the mod bits
7910 * are assumed to be 1's, regardless of actual values.
7912 rm = (modrm & 7) | REX_B(s);
7913 reg = ((modrm >> 3) & 7) | rex_r;
7922 gen_svm_check_intercept(s, pc_start, SVM_EXIT_WRITE_DR0 + reg);
7923 gen_op_mov_v_reg(ot, cpu_T0, rm);
7924 tcg_gen_movi_i32(cpu_tmp2_i32, reg);
7925 gen_helper_set_dr(cpu_env, cpu_tmp2_i32, cpu_T0);
7926 gen_jmp_im(s->pc - s->cs_base);
7929 gen_svm_check_intercept(s, pc_start, SVM_EXIT_READ_DR0 + reg);
7930 tcg_gen_movi_i32(cpu_tmp2_i32, reg);
7931 gen_helper_get_dr(cpu_T0, cpu_env, cpu_tmp2_i32);
7932 gen_op_mov_reg_v(ot, rm, cpu_T0);
7936 case 0x106: /* clts */
7938 gen_exception(s, EXCP0D_GPF, pc_start - s->cs_base);
7940 gen_svm_check_intercept(s, pc_start, SVM_EXIT_WRITE_CR0);
7941 gen_helper_clts(cpu_env);
7942 /* abort block because static cpu state changed */
7943 gen_jmp_im(s->pc - s->cs_base);
7947 /* MMX/3DNow!/SSE/SSE2/SSE3/SSSE3/SSE4 support */
7948 case 0x1c3: /* MOVNTI reg, mem */
7949 if (!(s->cpuid_features & CPUID_SSE2))
7951 ot = mo_64_32(dflag);
7952 modrm = cpu_ldub_code(env, s->pc++);
7953 mod = (modrm >> 6) & 3;
7956 reg = ((modrm >> 3) & 7) | rex_r;
7957 /* generate a generic store */
7958 gen_ldst_modrm(env, s, modrm, ot, reg, 1);
7961 modrm = cpu_ldub_code(env, s->pc++);
7963 CASE_MODRM_MEM_OP(0): /* fxsave */
7964 if (!(s->cpuid_features & CPUID_FXSR)
7965 || (prefixes & PREFIX_LOCK)) {
7968 if ((s->flags & HF_EM_MASK) || (s->flags & HF_TS_MASK)) {
7969 gen_exception(s, EXCP07_PREX, pc_start - s->cs_base);
7972 gen_lea_modrm(env, s, modrm);
7973 gen_helper_fxsave(cpu_env, cpu_A0);
7976 CASE_MODRM_MEM_OP(1): /* fxrstor */
7977 if (!(s->cpuid_features & CPUID_FXSR)
7978 || (prefixes & PREFIX_LOCK)) {
7981 if ((s->flags & HF_EM_MASK) || (s->flags & HF_TS_MASK)) {
7982 gen_exception(s, EXCP07_PREX, pc_start - s->cs_base);
7985 gen_lea_modrm(env, s, modrm);
7986 gen_helper_fxrstor(cpu_env, cpu_A0);
7989 CASE_MODRM_MEM_OP(2): /* ldmxcsr */
7990 if ((s->flags & HF_EM_MASK) || !(s->flags & HF_OSFXSR_MASK)) {
7993 if (s->flags & HF_TS_MASK) {
7994 gen_exception(s, EXCP07_PREX, pc_start - s->cs_base);
7997 gen_lea_modrm(env, s, modrm);
7998 tcg_gen_qemu_ld_i32(cpu_tmp2_i32, cpu_A0, s->mem_index, MO_LEUL);
7999 gen_helper_ldmxcsr(cpu_env, cpu_tmp2_i32);
8002 CASE_MODRM_MEM_OP(3): /* stmxcsr */
8003 if ((s->flags & HF_EM_MASK) || !(s->flags & HF_OSFXSR_MASK)) {
8006 if (s->flags & HF_TS_MASK) {
8007 gen_exception(s, EXCP07_PREX, pc_start - s->cs_base);
8010 gen_lea_modrm(env, s, modrm);
8011 tcg_gen_ld32u_tl(cpu_T0, cpu_env, offsetof(CPUX86State, mxcsr));
8012 gen_op_st_v(s, MO_32, cpu_T0, cpu_A0);
8015 CASE_MODRM_MEM_OP(4): /* xsave */
8016 if ((s->cpuid_ext_features & CPUID_EXT_XSAVE) == 0
8017 || (prefixes & (PREFIX_LOCK | PREFIX_DATA
8018 | PREFIX_REPZ | PREFIX_REPNZ))) {
8021 gen_lea_modrm(env, s, modrm);
8022 tcg_gen_concat_tl_i64(cpu_tmp1_i64, cpu_regs[R_EAX],
8024 gen_helper_xsave(cpu_env, cpu_A0, cpu_tmp1_i64);
8027 CASE_MODRM_MEM_OP(5): /* xrstor */
8028 if ((s->cpuid_ext_features & CPUID_EXT_XSAVE) == 0
8029 || (prefixes & (PREFIX_LOCK | PREFIX_DATA
8030 | PREFIX_REPZ | PREFIX_REPNZ))) {
8033 gen_lea_modrm(env, s, modrm);
8034 tcg_gen_concat_tl_i64(cpu_tmp1_i64, cpu_regs[R_EAX],
8036 gen_helper_xrstor(cpu_env, cpu_A0, cpu_tmp1_i64);
8037 /* XRSTOR is how MPX is enabled, which changes how
8038 we translate. Thus we need to end the TB. */
8039 gen_update_cc_op(s);
8040 gen_jmp_im(s->pc - s->cs_base);
8044 CASE_MODRM_MEM_OP(6): /* xsaveopt / clwb */
8045 if (prefixes & PREFIX_LOCK) {
8048 if (prefixes & PREFIX_DATA) {
8050 if (!(s->cpuid_7_0_ebx_features & CPUID_7_0_EBX_CLWB)) {
8053 gen_nop_modrm(env, s, modrm);
8056 if ((s->cpuid_ext_features & CPUID_EXT_XSAVE) == 0
8057 || (s->cpuid_xsave_features & CPUID_XSAVE_XSAVEOPT) == 0
8058 || (prefixes & (PREFIX_REPZ | PREFIX_REPNZ))) {
8061 gen_lea_modrm(env, s, modrm);
8062 tcg_gen_concat_tl_i64(cpu_tmp1_i64, cpu_regs[R_EAX],
8064 gen_helper_xsaveopt(cpu_env, cpu_A0, cpu_tmp1_i64);
8068 CASE_MODRM_MEM_OP(7): /* clflush / clflushopt */
8069 if (prefixes & PREFIX_LOCK) {
8072 if (prefixes & PREFIX_DATA) {
8074 if (!(s->cpuid_7_0_ebx_features & CPUID_7_0_EBX_CLFLUSHOPT)) {
8079 if ((s->prefix & (PREFIX_REPZ | PREFIX_REPNZ))
8080 || !(s->cpuid_features & CPUID_CLFLUSH)) {
8084 gen_nop_modrm(env, s, modrm);
8087 case 0xc0 ... 0xc7: /* rdfsbase (f3 0f ae /0) */
8088 case 0xc8 ... 0xc8: /* rdgsbase (f3 0f ae /1) */
8089 case 0xd0 ... 0xd7: /* wrfsbase (f3 0f ae /2) */
8090 case 0xd8 ... 0xd8: /* wrgsbase (f3 0f ae /3) */
8092 && (prefixes & PREFIX_REPZ)
8093 && !(prefixes & PREFIX_LOCK)
8094 && (s->cpuid_7_0_ebx_features & CPUID_7_0_EBX_FSGSBASE)) {
8095 TCGv base, treg, src, dst;
8097 /* Preserve hflags bits by testing CR4 at runtime. */
8098 tcg_gen_movi_i32(cpu_tmp2_i32, CR4_FSGSBASE_MASK);
8099 gen_helper_cr4_testbit(cpu_env, cpu_tmp2_i32);
8101 base = cpu_seg_base[modrm & 8 ? R_GS : R_FS];
8102 treg = cpu_regs[(modrm & 7) | REX_B(s)];
8106 dst = base, src = treg;
8109 dst = treg, src = base;
8112 if (s->dflag == MO_32) {
8113 tcg_gen_ext32u_tl(dst, src);
8115 tcg_gen_mov_tl(dst, src);
8121 case 0xf8: /* sfence / pcommit */
8122 if (prefixes & PREFIX_DATA) {
8124 if (!(s->cpuid_7_0_ebx_features & CPUID_7_0_EBX_PCOMMIT)
8125 || (prefixes & PREFIX_LOCK)) {
8131 case 0xf9 ... 0xff: /* sfence */
8132 if (!(s->cpuid_features & CPUID_SSE)
8133 || (prefixes & PREFIX_LOCK)) {
8136 tcg_gen_mb(TCG_MO_ST_ST | TCG_BAR_SC);
8138 case 0xe8 ... 0xef: /* lfence */
8139 if (!(s->cpuid_features & CPUID_SSE)
8140 || (prefixes & PREFIX_LOCK)) {
8143 tcg_gen_mb(TCG_MO_LD_LD | TCG_BAR_SC);
8145 case 0xf0 ... 0xf7: /* mfence */
8146 if (!(s->cpuid_features & CPUID_SSE2)
8147 || (prefixes & PREFIX_LOCK)) {
8150 tcg_gen_mb(TCG_MO_ALL | TCG_BAR_SC);
8158 case 0x10d: /* 3DNow! prefetch(w) */
8159 modrm = cpu_ldub_code(env, s->pc++);
8160 mod = (modrm >> 6) & 3;
8163 gen_nop_modrm(env, s, modrm);
8165 case 0x1aa: /* rsm */
8166 gen_svm_check_intercept(s, pc_start, SVM_EXIT_RSM);
8167 if (!(s->flags & HF_SMM_MASK))
8169 gen_update_cc_op(s);
8170 gen_jmp_im(s->pc - s->cs_base);
8171 gen_helper_rsm(cpu_env);
8174 case 0x1b8: /* SSE4.2 popcnt */
8175 if ((prefixes & (PREFIX_REPZ | PREFIX_LOCK | PREFIX_REPNZ)) !=
8178 if (!(s->cpuid_ext_features & CPUID_EXT_POPCNT))
8181 modrm = cpu_ldub_code(env, s->pc++);
8182 reg = ((modrm >> 3) & 7) | rex_r;
8184 if (s->prefix & PREFIX_DATA) {
8187 ot = mo_64_32(dflag);
8190 gen_ldst_modrm(env, s, modrm, ot, OR_TMP0, 0);
8191 gen_helper_popcnt(cpu_T0, cpu_env, cpu_T0, tcg_const_i32(ot));
8192 gen_op_mov_reg_v(ot, reg, cpu_T0);
8194 set_cc_op(s, CC_OP_EFLAGS);
8196 case 0x10e ... 0x10f:
8197 /* 3DNow! instructions, ignore prefixes */
8198 s->prefix &= ~(PREFIX_REPZ | PREFIX_REPNZ | PREFIX_DATA);
8199 case 0x110 ... 0x117:
8200 case 0x128 ... 0x12f:
8201 case 0x138 ... 0x13a:
8202 case 0x150 ... 0x179:
8203 case 0x17c ... 0x17f:
8205 case 0x1c4 ... 0x1c6:
8206 case 0x1d0 ... 0x1fe:
8207 gen_sse(env, s, b, pc_start, rex_r);
8214 gen_illegal_opcode(s);
8217 gen_unknown_opcode(env, s);
8221 void tcg_x86_init(void)
8223 static const char reg_names[CPU_NB_REGS][4] = {
8224 #ifdef TARGET_X86_64
8252 static const char seg_base_names[6][8] = {
8260 static const char bnd_regl_names[4][8] = {
8261 "bnd0_lb", "bnd1_lb", "bnd2_lb", "bnd3_lb"
8263 static const char bnd_regu_names[4][8] = {
8264 "bnd0_ub", "bnd1_ub", "bnd2_ub", "bnd3_ub"
8267 static bool initialized;
8274 cpu_env = tcg_global_reg_new_ptr(TCG_AREG0, "env");
8275 tcg_ctx.tcg_env = cpu_env;
8276 cpu_cc_op = tcg_global_mem_new_i32(cpu_env,
8277 offsetof(CPUX86State, cc_op), "cc_op");
8278 cpu_cc_dst = tcg_global_mem_new(cpu_env, offsetof(CPUX86State, cc_dst),
8280 cpu_cc_src = tcg_global_mem_new(cpu_env, offsetof(CPUX86State, cc_src),
8282 cpu_cc_src2 = tcg_global_mem_new(cpu_env, offsetof(CPUX86State, cc_src2),
8285 for (i = 0; i < CPU_NB_REGS; ++i) {
8286 cpu_regs[i] = tcg_global_mem_new(cpu_env,
8287 offsetof(CPUX86State, regs[i]),
8291 for (i = 0; i < 6; ++i) {
8293 = tcg_global_mem_new(cpu_env,
8294 offsetof(CPUX86State, segs[i].base),
8298 for (i = 0; i < 4; ++i) {
8300 = tcg_global_mem_new_i64(cpu_env,
8301 offsetof(CPUX86State, bnd_regs[i].lb),
8304 = tcg_global_mem_new_i64(cpu_env,
8305 offsetof(CPUX86State, bnd_regs[i].ub),
8310 /* generate intermediate code for basic block 'tb'. */
8311 void gen_intermediate_code(CPUX86State *env, TranslationBlock *tb)
8313 X86CPU *cpu = x86_env_get_cpu(env);
8314 CPUState *cs = CPU(cpu);
8315 DisasContext dc1, *dc = &dc1;
8316 target_ulong pc_ptr;
8318 target_ulong pc_start;
8319 target_ulong cs_base;
8323 /* generate intermediate code */
8325 cs_base = tb->cs_base;
8328 dc->pe = (flags >> HF_PE_SHIFT) & 1;
8329 dc->code32 = (flags >> HF_CS32_SHIFT) & 1;
8330 dc->ss32 = (flags >> HF_SS32_SHIFT) & 1;
8331 dc->addseg = (flags >> HF_ADDSEG_SHIFT) & 1;
8333 dc->vm86 = (flags >> VM_SHIFT) & 1;
8334 dc->cpl = (flags >> HF_CPL_SHIFT) & 3;
8335 dc->iopl = (flags >> IOPL_SHIFT) & 3;
8336 dc->tf = (flags >> TF_SHIFT) & 1;
8337 dc->singlestep_enabled = cs->singlestep_enabled;
8338 dc->cc_op = CC_OP_DYNAMIC;
8339 dc->cc_op_dirty = false;
8340 dc->cs_base = cs_base;
8342 dc->popl_esp_hack = 0;
8343 /* select memory access functions */
8345 #ifdef CONFIG_SOFTMMU
8346 dc->mem_index = cpu_mmu_index(env, false);
8348 dc->cpuid_features = env->features[FEAT_1_EDX];
8349 dc->cpuid_ext_features = env->features[FEAT_1_ECX];
8350 dc->cpuid_ext2_features = env->features[FEAT_8000_0001_EDX];
8351 dc->cpuid_ext3_features = env->features[FEAT_8000_0001_ECX];
8352 dc->cpuid_7_0_ebx_features = env->features[FEAT_7_0_EBX];
8353 dc->cpuid_xsave_features = env->features[FEAT_XSAVE];
8354 #ifdef TARGET_X86_64
8355 dc->lma = (flags >> HF_LMA_SHIFT) & 1;
8356 dc->code64 = (flags >> HF_CS64_SHIFT) & 1;
8359 dc->jmp_opt = !(dc->tf || cs->singlestep_enabled ||
8360 (flags & HF_INHIBIT_IRQ_MASK));
8361 /* Do not optimize repz jumps at all in icount mode, because
8362 rep movsS instructions are execured with different paths
8363 in !repz_opt and repz_opt modes. The first one was used
8364 always except single step mode. And this setting
8365 disables jumps optimization and control paths become
8366 equivalent in run and single step modes.
8367 Now there will be no jump optimization for repz in
8368 record/replay modes and there will always be an
8369 additional step for ecx=0 when icount is enabled.
8371 dc->repz_opt = !dc->jmp_opt && !(tb->cflags & CF_USE_ICOUNT);
8373 /* check addseg logic */
8374 if (!dc->addseg && (dc->vm86 || !dc->pe || !dc->code32))
8375 printf("ERROR addseg\n");
8378 cpu_T0 = tcg_temp_new();
8379 cpu_T1 = tcg_temp_new();
8380 cpu_A0 = tcg_temp_new();
8382 cpu_tmp0 = tcg_temp_new();
8383 cpu_tmp1_i64 = tcg_temp_new_i64();
8384 cpu_tmp2_i32 = tcg_temp_new_i32();
8385 cpu_tmp3_i32 = tcg_temp_new_i32();
8386 cpu_tmp4 = tcg_temp_new();
8387 cpu_ptr0 = tcg_temp_new_ptr();
8388 cpu_ptr1 = tcg_temp_new_ptr();
8389 cpu_cc_srcT = tcg_temp_local_new();
8391 dc->is_jmp = DISAS_NEXT;
8394 max_insns = tb->cflags & CF_COUNT_MASK;
8395 if (max_insns == 0) {
8396 max_insns = CF_COUNT_MASK;
8398 if (max_insns > TCG_MAX_INSNS) {
8399 max_insns = TCG_MAX_INSNS;
8404 tcg_gen_insn_start(pc_ptr, dc->cc_op);
8407 /* If RF is set, suppress an internally generated breakpoint. */
8408 if (unlikely(cpu_breakpoint_test(cs, pc_ptr,
8409 tb->flags & HF_RF_MASK
8410 ? BP_GDB : BP_ANY))) {
8411 gen_debug(dc, pc_ptr - dc->cs_base);
8412 /* The address covered by the breakpoint must be included in
8413 [tb->pc, tb->pc + tb->size) in order to for it to be
8414 properly cleared -- thus we increment the PC here so that
8415 the logic setting tb->size below does the right thing. */
8417 goto done_generating;
8419 if (num_insns == max_insns && (tb->cflags & CF_LAST_IO)) {
8423 pc_ptr = disas_insn(env, dc, pc_ptr);
8424 /* stop translation if indicated */
8427 /* if single step mode, we generate only one instruction and
8428 generate an exception */
8429 /* if irq were inhibited with HF_INHIBIT_IRQ_MASK, we clear
8430 the flag and abort the translation to give the irqs a
8431 change to be happen */
8432 if (dc->tf || dc->singlestep_enabled ||
8433 (flags & HF_INHIBIT_IRQ_MASK)) {
8434 gen_jmp_im(pc_ptr - dc->cs_base);
8438 /* Do not cross the boundary of the pages in icount mode,
8439 it can cause an exception. Do it only when boundary is
8440 crossed by the first instruction in the block.
8441 If current instruction already crossed the bound - it's ok,
8442 because an exception hasn't stopped this code.
8444 if ((tb->cflags & CF_USE_ICOUNT)
8445 && ((pc_ptr & TARGET_PAGE_MASK)
8446 != ((pc_ptr + TARGET_MAX_INSN_SIZE - 1) & TARGET_PAGE_MASK)
8447 || (pc_ptr & ~TARGET_PAGE_MASK) == 0)) {
8448 gen_jmp_im(pc_ptr - dc->cs_base);
8452 /* if too long translation, stop generation too */
8453 if (tcg_op_buf_full() ||
8454 (pc_ptr - pc_start) >= (TARGET_PAGE_SIZE - 32) ||
8455 num_insns >= max_insns) {
8456 gen_jmp_im(pc_ptr - dc->cs_base);
8461 gen_jmp_im(pc_ptr - dc->cs_base);
8466 if (tb->cflags & CF_LAST_IO)
8469 gen_tb_end(tb, num_insns);
8472 if (qemu_loglevel_mask(CPU_LOG_TB_IN_ASM)
8473 && qemu_log_in_addr_range(pc_start)) {
8476 qemu_log("----------------\n");
8477 qemu_log("IN: %s\n", lookup_symbol(pc_start));
8478 #ifdef TARGET_X86_64
8483 disas_flags = !dc->code32;
8484 log_target_disas(cs, pc_start, pc_ptr - pc_start, disas_flags);
8490 tb->size = pc_ptr - pc_start;
8491 tb->icount = num_insns;
8494 void restore_state_to_opc(CPUX86State *env, TranslationBlock *tb,
8497 int cc_op = data[1];
8498 env->eip = data[0] - tb->cs_base;
8499 if (cc_op != CC_OP_DYNAMIC) {
projects / qemu.git / blob